How to validate SSO token

Document ID : KB000046896
Last Modified Date : 14/02/2018
Show Technical Document Details


In this guide we will discuss how to write a sample java SDK agent to validate existing SSO token(SMSESSION cookie )


  • Policy Server : R12.0+,
  • OS : ANY


  • SDK Agent installed and configured.




Validating the SSO token is a two step process as outlined below :


Step 1. Call AgentAPI.decodeSSOToken() and retreive "Session Spec" and "Session ID"

  • This will always return 0/success, as long as the SDK agent can decrypt the Session Token (even for the expired SSO token)
  • The SDK agent can decrypt the Session token as long as the Agent Keys have not changed. i.e the Agent keys used to create the SSO token (AgentAPI.createSSOToken()) and decode are same.


Step 2. Call AgentAPI.login() setting the "spec" and "id" field of the SessionDef to valid values retrieved from decodeSSOToken() call in step1.


The AgentAPI.login() will return 1/success only if login is successful.


Code changes:

a) Invoke decdoeSSOToken passing the existing SSO Token


retcode =agentapi.decodeSSOToken(expiredSSOToken,tokendesc,ssoRespAttrs,updateToken,updatedSSOToken);


b) Parse the "ssoResAttrs" returned from decodeSSOToken() as a HashMap()

ssoRespAttrMap =  testclient.displayAttributes(ssoRespAttrs);


private Map<Integer,String>
displayAttributes(AttributeList attributeList)
boolean isFirstElem = true;
Enumeration enumer = attributeList.attributes();
Map<Integer,String> attributesMap = new HashMap<Integer,String>();

if (!enumer.hasMoreElements())

while (enumer.hasMoreElements())
Attribute attr = (Attribute) enumer.nextElement();

if (!isFirstElem)
Log(CRLF + "\t\t\t\t\t");

attributesMap.put(, new String(attr.value));
Log( + "\t" + new String(attr.value));
isFirstElem = false;
return attributesMap;


c) Set "spec" and "ID' field of Session Def and invoke login to validate the session 

//UserCredentials usercreds = new UserCredentials(USER_NAME, USER_PWD);
UserCredentials usercreds = new UserCredentials();
SessionDef sessionDef = new SessionDef();
sessionDef.spec = ssoRespAttrMap.get(209); //set Session Spec = ssoRespAttrMap.get(205); // set Session ID
attrList = new AttributeList();

retcode = agentapi.login(agentIP,




Additional Info :

  • SDK Java Doc :
File Attachments: