Summary:
In this guide we will discuss how to consume (decrypt) Federation OFC cookie generated by Policy server
Environment:
- Policy Server : R12.52+,
- OS : ANY
Pre-requisite:
Policy Server is already configured to generate OFC cookie for partnership federation
Instructions:
1. Compile attached SampleFedOFCConsumer.java
2. Put the jars from the attached jars.zip in the classpath.
The primary decryption logic at the relying party is following:
-
The Java Application creates an implementation class of the IFederationOpenIdentity interface
IFederationOpenIdentity fedOpenIdentity = new FederationOpenIdentityImpl(cookieZone,encryptionPassword.toCharArray(),cookieDomain, encryptionTransformation, false);
-
The Java application can also call the processCookie() method to extract all the attributes from a cookie object and set them in the Storage Map.
//Decrypt OFC cookie
fedOpenIdentity.processCookie(myOFCCOokieVale); -
The Java application can get values for all the attributes that are put in the Storage Map using the getAttributes(), getAttribute(), getAuthnContext(), getSessionID(), getNameID(), getNameIDFormat(), and getUserConsent() methods.
//Read Attributes
Map map = fedOpenIdentity.getAttributes();
Attachment:
- SampleFedOFCConsumer.java (Test class to decrypt Federation OFC cookie) SampleFedOFCConsumer.java
- jars.zip (required jars from CA SiteMinder Federation SDK) jars
Testing:
Additional Information:
http://box5324.temp.domains/~iamtecht/steps-to-configure-open-format-cookie-and-consume-it/