Summary:
In this guide we will discuss how to consume (decrypt) Federation OFC cookie generated by Policy server
Environment:
- Policy Server : R12.52+,
- OS : ANY
Pre-requisite:
Policy Server is already configured to generate OFC cookie for partnership federation
Instructions:
1. Compile attached SampleFedOFCConsumer.java
2. Put the jars from the attached jars.zip in the classpath.
The primary decryption logic at the relying party is following:
The Java Application creates an implementation class of the IFederationOpenIdentity interface
IFederationOpenIdentity fedOpenIdentity = new FederationOpenIdentityImpl(cookieZone,encryptionPassword.toCharArray(),cookieDomain, encryptionTransformation, false);The Java application can also call the processCookie() method to extract all the attributes from a cookie object and set them in the Storage Map.
//Decrypt OFC cookie
fedOpenIdentity.processCookie(myOFCCOokieVale);The Java application can get values for all the attributes that are put in the Storage Map using the getAttributes(), getAttribute(), getAuthnContext(), getSessionID(), getNameID(), getNameIDFormat(), and getUserConsent() methods.
//Read Attributes
Map map = fedOpenIdentity.getAttributes();
Attachment:
- SampleFedOFCConsumer.java (Test class to decrypt Federation OFC cookie)
- jars.zip (required jars from CA SiteMinder Federation SDK)
Testing:
Additional Information: