Tech Tip : How to decrypt Federation Open Format Cookie (OFC)

Summary:

In this guide we will discuss how to consume (decrypt) Federation OFC cookie generated by Policy server

Environment:
  • Policy Server : R12.52+,
  • OS : ANY
Pre-requisite:

Policy Server is already configured to generate OFC cookie for partnership federation

Instructions:

 1. Compile attached SampleFedOFCConsumer.java

2. Put the jars from the attached jars.zip in the classpath.

The primary decryption logic at the relying party is following:

  1. The Java Application creates an implementation class of the IFederationOpenIdentity interface

    IFederationOpenIdentity fedOpenIdentity = new FederationOpenIdentityImpl(cookieZone,encryptionPassword.toCharArray(),cookieDomain, encryptionTransformation, false);

  2. The Java application can also call the processCookie() method to extract all the attributes from a cookie object and set them in the Storage Map.

    //Decrypt OFC cookie
    fedOpenIdentity.processCookie(myOFCCOokieVale);

  3. The Java application can get values for all the attributes that are put in the Storage Map using the getAttributes(), getAttribute(), getAuthnContext(), getSessionID(), getNameID(), getNameIDFormat(), and getUserConsent() methods.

    //Read Attributes
    Map map = fedOpenIdentity.getAttributes();

Attachment:
  • SampleFedOFCConsumer.java (Test class to decrypt Federation OFC cookie)  SampleFedOFCConsumer.java
  • jars.zip (required jars from CA SiteMinder Federation SDK) jars
Testing:

 

Additional Information:

Tech Tip – How to configure Open Format Cookie and consume it

 

Leave a Reply