How to decrypt Federation Open Format Cookie (Java)

Document ID : KB000047172
Last Modified Date : 14/02/2018
Show Technical Document Details


In this guide we will discuss how to consume (decrypt) Federation OFC cookie generated by Policy server



  • Policy Server : R12.52+,
  • OS : ANY



Policy Server is already configured to generate OFC cookie for partnership federation 




1. Compile attached

2. Put the jars from the attached in the classpath.


The primary decryption logic at the relying party is following:


  1. The Java Application creates an implementation class of the IFederationOpenIdentity interface 

    IFederationOpenIdentity fedOpenIdentity = new FederationOpenIdentityImpl(cookieZone,encryptionPassword.toCharArray(),cookieDomain, encryptionTransformation, false);
  2. The Java application can also call the processCookie() method to extract all the attributes from a cookie object and set them in the Storage Map.

    //Decrypt OFC cookie
  3. The Java application can get values for all the attributes that are put in the Storage Map using the getAttributes(), getAttribute(), getAuthnContext(), getSessionID(), getNameID(), getNameIDFormat(), and getUserConsent() methods. 

    //Read Attributes 
    Map map = fedOpenIdentity.getAttributes();








Additional Information:

File Attachments: