Tech Tip : How to decrypt Federation Open Format Cookie (OFC)


In this guide we will discuss how to consume (decrypt) Federation OFC cookie generated by Policy server

  • Policy Server : R12.52+,
  • OS : ANY

Policy Server is already configured to generate OFC cookie for partnership federation


 1. Compile attached

2. Put the jars from the attached in the classpath.

The primary decryption logic at the relying party is following:

  1. The Java Application creates an implementation class of the IFederationOpenIdentity interface

    IFederationOpenIdentity fedOpenIdentity = new FederationOpenIdentityImpl(cookieZone,encryptionPassword.toCharArray(),cookieDomain, encryptionTransformation, false);

  2. The Java application can also call the processCookie() method to extract all the attributes from a cookie object and set them in the Storage Map.

    //Decrypt OFC cookie

  3. The Java application can get values for all the attributes that are put in the Storage Map using the getAttributes(), getAttribute(), getAuthnContext(), getSessionID(), getNameID(), getNameIDFormat(), and getUserConsent() methods.

    //Read Attributes
    Map map = fedOpenIdentity.getAttributes();

  • (Test class to decrypt Federation OFC cookie)
  • (required jars from CA SiteMinder Federation SDK) jars


Additional Information:

Tech Tip – How to configure Open Format Cookie and consume it


Leave a Reply