.NET SDK Components

This section contains the following topics:

Open Format Cookie

The federation open format cookie lets applications assert user attributes to CA SiteMinder® Federation Standalone and consume user attributes encapsulated by CA SiteMinder® Federation Standalone. The open format cookie has the following general characteristics:

The cookie is accessible by applications written in any programming language.
The cookie content consists of a string of UTF-8 bytes, which supports international character sets.
The combined size in UTF-8 bytes of each name/value pair precedes the name/value pair.
Space characters are added for legibility.
The cookie is simple to parse and easily extensible.

Important! If the cookie contains any unsafe characters such as '=', enclose the value in double quotes. You can specify this option through the user interface, or through the SDK.

The open format cookie contains the following property information:

Cookie Version
Name ID
Name ID Format
Session ID
AuthnContext
UserDN (same as User ID)
UserConsent
Login ID
ExpiresON (expiration time)

The following diagram shows the open format:

Illustration showsing which properties and attributes of open cookies are used.

Key:

Ver — the cookie format version. This value is 1.
Sp — an ASCII space character, used only to improve readability
Properties — information about the principal
Attributes — SAML attributes from the Assertion
Cnt — the number of name value pairs that follow, represented in ASCII
Sz — the length of the name or value that follows
ValCnt — the number of attribute values

The Backus-Naur Form (BNF) for this format is following (0* means 0 or more; 1* means at least 1).

DIGIT = ASCII digit (0 through 9)
CHAR = UTF-8 character
Sp = ASCII space (character 32)
Token = 1*CHAR
Cookie = Version Sp Properties Attributes
Version = 1*DIGIT
Cnt = 1*DIGIT
Properties = Cnt 1*PPair
Attributes = Cnt 0*APair
ValCnt = 1*DIGIT
PPair = Sz Sp Name Sp Sz Sp Value
APair = Sz Sp Name Sp ValCnt Sp Sz Sp Value
Sz = 1*DIGIT
Name = Token
Value = Token

IFederationOpenIdentity Interface

The IFederationOpenIdentity interface defines methods for manipulating the open format cookie. The classes exposed by .NET SDK are available under the namespace CA.Federation.FedIdentitySdk. You implement the IFederationOpenIdentity interface by calling one of the methods from the IdentityFactory class.

See the Doxygen-generated reference for detailed information about this interface.

Identity Factory

The IdentityFactory class provides methods for obtaining an implementation of the IFederationOpentIdentity interface.

Note: The only supported cryptographic transformation is "AES128/CBC/PKCS5Padding". You can also use NULL to get the default.

The IdentityFactory class includes the following methods:

static IFederationOpenIdentity GetInstance (string cryptoInstance): Generates an implementation object of the IFederationOpenIdentity interface.
static IFederationOpenIdentity GetInstance (string cryptoInstance, bool bUseHmac): Generates an implementation object of the IFederationOpenIdentity interface.
static IFederationOpenIdentity GetInstance (string zoneName, char[] password, string domain, string cryptoInstance): Generates an implementation object of the IFederationOpenIdentity interface.
static IFederationOpenIdentity GetInstance (string zoneName, char[] password, string domain, string cryptoInstance, bool bUseHmac): Generates an implementation object of the IFederationOpenIdentity interface.

IFedIdentitySDKLogger Interface

The IFedIdentitySDKLogger interface provides the following methods for specifying custom logging messages

void LogTrace (string fileName, string methodName, string message): Logs a trace message.
void LogError (string fileName, string methodName, string message): Logs an error message.