000020529 - Understanding the format of RSA cookies

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020529
Applies ToRSA ACE/Agent 5.2 for Web
RSA Authentication Agent 5.3 for Web
RSA Cookie
Cookie Format
IssueUnderstanding the format of RSA cookies
CauseTo best understand the format of the RSA cookie, refer the example scripts in the directory samples\web\asp; this example code shows examples of how to parse the cookie data
ResolutionThe sample code also lists what the RSA cookie names are, including the domain cookie.

NOTE: Since the release of RSA ACE/Agent 4.4, the documented structure and naming of the cookies has changed

For version 4.3 and earlier, cookie names are as follows:

        local = webid2
        domain = webid2_dom

For RSA ACE/Agent 4.4 and later, the cookie has variable length fields; therefore, the different fields are delimited, with the names as follows.

        local = rsa-local
        domain = webid2_dom

Additionally, the data in the cookie is URL encoded and are designed to conform to RFC 2965.

The cookie is made of a number of fields, where the variable length fields are delimited (with a Z00' sequence) and the order of the fields is as follows:

        delimiter
        username
        shell
        auth type
        create time
        sd time
        3rd party data
        RSA Reserved Data

so, given the following cookie:

rsa-local=TestTechZ00Z002Z003D8749DAZ003D8749DAZ00Z00Z9AZ0DXZ3DZC7Z19Z0
FLZECccZD1ZBDZ95fZAA9ZC3FycZFFZ16Z5AZE9Z26NZA3n0Z80ZD4

The data is broken down into the following items:

delimiter =                         Z00
username =                         TestTech
shell =                                 <blank>
auth type =                         2
create time =                         3D8749DA
sd time (same as create) =         3D8749DA
3rd party data =                        <blank>   
Use double null to delimit reserved data
RSA Reserved Data =
9AZ0DXZ3DZC7Z19Z0FLZECccZD1ZBDZ95fZAA9ZC3FycZFFZ16Z5AZE9Z26NZA3n0Z80ZD4

The current version of web agent is RSA ACE/Agent 5.2 for Web and support for versions 4.4 and earlier has now ceased.
Legacy Article IDa17316

Attachments

    Outcomes