Creating a Custom Assertion
Pre-requisites:
You must have the API Gateway's manage security configurations functional privilege assigned to add a custom assertion.
You might want to create a custom assertion when you want to:
Enforce symmetric binding with an authentication mechanism that is not available by default in
API Gateway.
Support signing and encryption at the desired level.
Modify the predefined encryption algorithm and security layout properties.
Enforce custom authentication tokens that are not available by default in
API Gateway.
Important: When creating a custom assertion, make sure that both the syntax and the semantics of the assertion element are valid and in compliance with the Web Services Security Policy specification.
To create a custom assertion
1. Select Username > Administration.
2. Select Security > Custom assertions.
API Gateway displays a list of all the currently defined policy assertions.
3. Click Add assertion.
4. Select the assertion type. The available options are:
Binding Token Policy 5. Provide the following information:
Field | Description |
Name | Name of the custom assertion. For a binding or token assertion type, this is the display name of the assertion in the Binding Assertion field or Custom Token Assertion of the Inbound Authentication - Message policy. For a policy assertion type, this is the display name of the assertion in the Issuer Policy field of the Add SAML Issuer configuration page. |
Select file | Click Browse and select the policy assertion file to be uploaded. The Assertion element text box displays the data from the assertion file. If you have uploaded the policy assertion file and want to replace it, click the Delete icon. |
Assertion element | If you have not uploaded the policy assertion file, provide the XML representation of assertion. |
6. Click Add.
The custom assertion is added. You can create as many custom assertions you require.
Post-requisites:
To enforce the custom binding or token assertion in an API, select the assertion in the appropriate fields of the Inbound Authentication - Message policy:
Binding Assertion Custom Token Assertion To enforce the custom policy assertion in an API, select the assertion and the corresponding SAML issuer in the appropriate fields:
Issuer Policy field of the
Add SAML Issuer configuration page.
Authentication scheme field of the
Outbound Authentication - Message policy.