Blog Viewer

Tech Tip : CA Single Sign-On :Policy Server:How to decrypt Federation Open Format Cookie (Java)

By Ujwol posted 10-04-2016 02:33 AM

  

Summary:

In this guide we will discuss how to consume (decrypt) Federation OFC cookie generated by Policy server

Environment:

  • Policy Server : R12.52+,
  • OS : ANY

Pre-requisite:

Policy Server is already configured to generate OFC cookie for partnership federation 

 

Instructions:

 

1. Compile attached SampleFedOFCConsumer.java

2. Put the jars from the attached jars.zip in the classpath.

 

The primary decryption logic at the relying party is following:

 

  1. The Java Application creates an implementation class of the IFederationOpenIdentity interface 

    IFederationOpenIdentity fedOpenIdentity = new FederationOpenIdentityImpl(cookieZone,encryptionPassword.toCharArray(),cookieDomain, encryptionTransformation, false);
  2. The Java application can also call the processCookie() method to extract all the attributes from a cookie object and set them in the Storage Map.

    //Decrypt OFC cookie
    fedOpenIdentity.processCookie(myOFCCOokieVale);
  3. The Java application can get values for all the attributes that are put in the Storage Map using the getAttributes(), getAttribute(), getAuthnContext(), getSessionID(), getNameID(), getNameIDFormat(), and getUserConsent() methods.

     

    //Read Attributes
    Map map = fedOpenIdentity.getAttributes();

 

 

Attachment:

  • SampleFedOFCConsumer.java (Test class to decrypt Federation OFC cookie)
  • jars.zip (required jars from CA SiteMinder Federation SDK)

Testing:

 

Additional Information:

2 comments
1 view