ValueOps ConnectALL Product Community

Summary:

In this guide we will discuss how to consume (decrypt) Federation OFC cookie generated by Policy server

Environment:

• Policy Server : R12.52+,
• OS : ANY

Pre-requisite:

Policy Server is already configured to generate OFC cookie for partnership federation 

Instructions:

1. Compile attached SampleFedOFCConsumer.java

2. Put the jars from the attached jars.zip in the classpath.

The primary decryption logic at the relying party is following:

1. The Java Application creates an implementation class of the IFederationOpenIdentity interface 

   IFederationOpenIdentity fedOpenIdentity = new FederationOpenIdentityImpl(cookieZone,encryptionPassword.toCharArray(),cookieDomain, encryptionTransformation, false);

2. The Java application can also call the processCookie() method to extract all the attributes from a cookie object and set them in the Storage Map.

   //Decrypt OFC cookie
   fedOpenIdentity.processCookie(myOFCCOokieVale);

3. The Java application can get values for all the attributes that are put in the Storage Map using the getAttributes(), getAttribute(), getAuthnContext(), getSessionID(), getNameID(), getNameIDFormat(), and getUserConsent() methods.

    

   //Read Attributes
   Map map = fedOpenIdentity.getAttributes();

Attachment:

• SampleFedOFCConsumer.java (Test class to decrypt Federation OFC cookie)
• jars.zip (required jars from CA SiteMinder Federation SDK)

Testing:

Additional Information:

• Federation Java SDK Programming Interfaces - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 
• Application Integration (Relying Party) - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation 
• Installation of the Java SDK - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation