Java SDK Guide › Federation Manager Java SDK Programming Interfaces › IFederationOpenIdentity Interface

IFederationOpenIdentity Interface

The IFederationOpenIdentity interface defines methods for manipulating the federation open format cookie. The interface supports the following tasks:

• Initialize the SDK logger specific to an application.
• Extract user identity information from the cookie in an HTTP request, in a Java Cookie object, or in String format.
• Initialize values for the cookie name, domain, and security zone.
• Set a shared secret used to derive a key for cookie encryption and decryption.
• Create the open format cookie.
• Pass identity attributes to an application.

To obtain an implementation of the IFederationOpenIdentity interface, call one of the implementation methods defined in the IdentityFactory. These methods require specifying a string for the cryptographic transformation of the cookie.

The following password-based encryption combinations are available for standard installations:

• PBE/SHA1/AES/CBC/PKCS12PBE-1000-128
• PBE/SHA1/AES/CBC/PKCS12PBE-1000-192
• PBE/SHA1/AES/CBC/PKCS12PBE-1000-256
• PBE/SHA256/AES/CBC/PKCS12PBE-1000-128
• PBE/SHA256/AES/CBC/PKCS12PBE-1000-192
• PBE/SHA256/AES/CBC/PKCS12PBE-1000-256
• PBE/SHA1/3DES_EDE/CBC/PKCS12PBE-1000-3
• PBE/SHA256/3DES_EDE/CBC/PKCS12PBE-1000-3

Password-based encryption (PBE) combinations are not FIPS-compatible. Any of the FIPS-mode encryption combinations listed following requires using the Java SDK to operate properly.

The following encryption combinations are available for FIPS-compliant installations:

• AES128/CBC/PKCS5Padding
• AES192/CBC/PKCS5Padding
• AES256/CBC/PKCS5Padding
• 3DESEDE/CBC/PKCS5Padding

Note: All cryptographic strings and their corresponding constant names are listed in IdentityCrypto.java.