Symantec SiteMinder

  • Private Community
 View Only

Tech Tip : CA Single Sign-On :SDK:How to validate SSO token

By Ujwol posted Sep 26, 2016 08:26 PM

  

Summary:

In this guide we will discuss how to write a sample java SDK agent to validate existing SSO token(SMSESSION cookie )

Environment:

  • Policy Server : R12.0+,
  • OS : ANY

Pre-requsite:

  • SDK Agent installed and configured.

Instructions:

 

Overview:

Validating the SSO token is a two step process as outlined below :

 

Step 1. Call AgentAPI.decodeSSOToken() and retreive "Session Spec" and "Session ID"

  • This will always return 0/success, as long as the SDK agent can decrypt the Session Token (even for the expired SSO token)
  • The SDK agent can decrypt the Session token as long as the Agent Keys have not changed. i.e the Agent keys used to create the SSO token (AgentAPI.createSSOToken()) and decode are same.

 

Step 2. Call AgentAPI.login() setting the "spec" and "id" field of the SessionDef to valid values retrieved from decodeSSOToken() call in step1.

 

The AgentAPI.login() will return 1/success only if login is successful.

 

Code changes:

a) Invoke decdoeSSOToken passing the existing SSO Token

 

retcode = agentapi.decodeSSOToken(expiredSSOToken,tokendesc,ssoRespAttrs,updateToken,updatedSSOToken);

 

b) Parse the "ssoResAttrs" returned from decodeSSOToken() as a HashMap()

ssoRespAttrMap =  testclient.displayAttributes(ssoRespAttrs);

 

private Map<Integer,String>
displayAttributes(AttributeList attributeList)
{
boolean isFirstElem = true;
Enumeration enumer = attributeList.attributes();
Map<Integer,String> attributesMap = new HashMap<Integer,String>();

if (!enumer.hasMoreElements())
{
Log(bundle.getString("AGENTAPI_NONE"));
}

while (enumer.hasMoreElements())
{
Attribute attr = (Attribute) enumer.nextElement();

if (!isFirstElem)
{
Log(CRLF + "\t\t\t\t\t");
}

attributesMap.put(attr.id, new String(attr.value));
Log(attr.id + "\t" + new String(attr.value));
isFirstElem = false;
}
return attributesMap;
}

 

c) Set "spec" and "ID' field of Session Def and invoke login to validate the session 

//UserCredentials usercreds = new UserCredentials(USER_NAME, USER_PWD);
UserCredentials usercreds = new UserCredentials();
SessionDef sessionDef = new SessionDef();
sessionDef.spec = ssoRespAttrMap.get(209); //set Session Spec
sessionDef.id = ssoRespAttrMap.get(205); // set Session ID
attrList = new AttributeList();

retcode = agentapi.login(agentIP,
resctxdef,
realmdef,
usercreds,
sessionDef,
attrList);

 

Attachment:

  • ValidateSSOToken.java
  • smjsdksample.properties

 

Additional Info :

1 comment
15 views