Customize SAML v2.0
AM includes several customization points that let you extend SAML v2.0 functionality. AM provides some default implementation for these extension points, but you can also configure your own custom implementation per entity provider.
You can implement a custom SAML v2.0 customization in Java, or for the extension points described in this section, using a script.
Configure AM to use your custom implementation in the entity provider settings. For information about configuration settings, refer to the Reference section.
|
If configured, a scripted implementation takes precedence over any Java
class that is specified. To make sure the Java class is used, clear any |
The following table provides an overview of the SAML v2.0 extension points that you can implement in Java or with a script.
| Extension point | Description |
|---|---|
Customize the default IdP attribute mapper to specify which user attributes are included in an assertion. |
|
Customize SAML responses and browser redirects. |
|
Customize configuration in the hosted SP adapter environment. |
|
Customize the value of the NameID attribute in the SAML assertion. |
Java implementation
The plugin interfaces and default Java implementation can be found in the openam-federation-library.
To view the supported plugin interfaces, refer to these packages:
Scripted implementation
AM provides a scripting engine and template scripts for you to extend SAML v2.0 behavior by running scripts stored as configuration, rather than by updating code. Creating and modifying plugin scripts enables rapid development without the need to change or recompile core AM.
-
To explore the default scripts in the AM admin UI, including the available script properties, go to Realms > Realm Name > Scripts and select the script you want to examine.
-
For all available sample scripts, refer to Sample scripts.
-
To view the available bindings for SAML scripts, refer to SAML v2.0 scripting API.