In SiteMinder 12.8.X Federation OIDC option it is possible to implement custom claims by creating a class that will implement the IClaimsPlugin class. For instance if dynamic claims must be used

It would be reasonable to assume that in SiteMinder version 12.9 the same compiled plugin class work seamlessly with the new Federation OIDC option. Nonetheless this is not happening: the compiled plugin which works properly with SiteMinder 12.8 Federation OIDC option or the equivalent Federation Legacy OIDC in version 12.9, does not work when used with the new Federation OIDC option for 12.9

In this case errors about failing to implement IClaimsPlugin are thrown. For instance, if the SampleClaimsPlugin class is developed as a proof of concept, using the working one in SiteMinder 12.8 with Federation OIDC in SiteMinder 12.9 will result in the following errors:

[04/14/2025][17:23:52.589][17:23:52][2482893][140509041387072][CommonUtil.java][processOAuth2ClaimsPlugin][194eb271-f0055dcc-0e151c3d-d7f94315-64816946-476][][][][][][][][][][][][][][][][][][][][Loading claims plugin. PluginClass: com.ca.sdk.oidc.plugin.SampleClaimsPlugin, PluginParams
: null]
[04/14/2025][17:23:52.589][17:23:52][2482893][140509041387072][PluginCache.java][getObject][194eb271-f0055dcc-0e151c3d-d7f94315-64816946-476][][][][][][][][][][][][][][][][][][][][Created new instance of com.ca.sdk.oidc.plugin.SampleClaimsPlugin]
[04/14/2025][17:23:52.590][17:23:52][2482893][140509041387072][CommonUtil.java][logAndThrowPluginException][194eb271-f0055dcc-0e151c3d-d7f94315-64816946-476][][][][][][][][][][][][][][][][][][][][com.ca.policyserver.smapi.oidc.PluginException: Plugin class 'com.ca.sdk.oidc.plugin.Sampl
eClaimsPlugin' did not implement IClaimsPlugin
        at com.ca.fedserver.common.util.CommonUtil.logAndThrowPluginException(CommonUtil.java:1081)
        at com.ca.fedserver.common.util.CommonUtil.processOAuth2ClaimsPlugin(CommonUtil.java:885)

This is due to the new Federation OIDC option in version 12.9 being much more server-centric. As such it is based on OAuth2. In Federation OIDC under version 12.8 there was oidcclaimsplugin and the custom claims required the implementation of the IClaimsPlugin

In version 12.9 the new Federation OIDC has oauth2claimsplugin and the inteface to implement it,  IOauth2ClaimsPlugin 

If Federation OIDC is to be implemented with custom claims, please make sure to implement IOauth2ClaimsPlugin. As a possible proof of concept one can use the sample in  <sdk_installation_path>/sdk/samples64/oauth2claimsplugin 

(1) Configure SiteMinder as an OAuth provider

(2) Generate Custom Claims

(3) Configure an OIDC Provider Using the Federation, Legacy OpenID Connect (formerly OpenID Connect) Section