Creating a Custom Assertion

Before you begin

Pre-requisites:

You must have the webMethods API Gateway's manage security configurations functional privilege assigned to add a custom assertion.

About this task

You might want to create a custom assertion when you want to:

Enforce symmetric binding with an authentication mechanism that is not available by default in webMethods API Gateway.
Support signing and encryption at the desired level.
Modify the predefined encryption algorithm and security layout properties.
Enforce custom authentication tokens that are not available by default in webMethods API Gateway.

Important: When creating a custom assertion, make sure that both the syntax and the semantics of the assertion element are valid and in compliance with the Web Services Security Policy specification.

To create a custom assertion

Procedure

Expand the menu options icon , in the title bar, and select Administration.
Select Security > Custom assertions.
webMethods API Gateway displays a list of all the currently defined policy assertions.
Click Add assertion.
Select the assertion type. The available options are:
- Binding
- Token
- Policy

Provide the following information:

Field	Description
Name	Name of the custom assertion. For a binding or token assertion type, this is the display name of the assertion in the Binding Assertion field or Custom Token Assertion of the Inbound Auth - Message policy. For a policy assertion type, this is the display name of the assertion in the Issuer Policy field of the Add SAML Issuer configuration page.
Select file	Click Browse and select the policy assertion file to be uploaded. The Assertion element text box displays the data from the assertion file. If you have uploaded the policy assertion file and want to replace it, click the Delete icon.
Assertion element	If you have not uploaded the policy assertion file, provide the XML representation of assertion.

Field

Description

Name

Name of the custom assertion.

For a binding or token assertion type, this is the display name of the assertion in the Binding Assertion field or Custom Token Assertion of the Inbound Auth - Message policy.

For a policy assertion type, this is the display name of the assertion in the Issuer Policy field of the Add SAML Issuer configuration page.

Select file

Click Browse and select the policy assertion file to be uploaded.

The Assertion element text box displays the data from the assertion file.

If you have uploaded the policy assertion file and want to replace it, click the Delete icon.

Assertion element

If you have not uploaded the policy assertion file, provide the XML representation of assertion.

Click Add.
The custom assertion is added. You can create as many custom assertions you require.

What to do next

Post-requisites:

To enforce the custom binding or token assertion in an API, select the assertion in the appropriate fields of the Inbound Auth - Message policy:

Binding Assertion
Custom Token Assertion

To enforce the custom policy assertion in an API, select the assertion and the corresponding SAML issuer in the appropriate fields:

Issuer Policy field of the Add SAML Issuer configuration page.
Authentication scheme field of the Outbound Auth - Message policy.