000019951 - Token decrypt failure in API-based applications in ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019951
Applies ToRSA ClearTrust 5.5 Runtime Java API
RSA ClearTrust 5.0.1 Runtime Java API
RSA ClearTrust 5.5.2 Runtime Java API
IssueToken decrypt failure in API-based applications in ClearTrust
A J2EE application that parses a request and submits a token for validation experiences token decryption failures from the Auth server. The results of these token validation attempts are inconsistent - some succeed, while some fail decryption.
CauseIf the character set of a token contains characters (e.g. " ", "/") that are not URL encoded, they cannot be transmitted via HTTP. If a token contains such a special character and is not URL decoded, it will fail decryption during token validation. Because a token is a hashed value, this may appear as a random occurrence.
ResolutionUpon extracting the value of the CTSESSION token, it must be URL decoded (java.net.URLDecoder) prior to use in an RTAPI call. Similarly, if a token is modified by an application, it must be URL encoded prior to responding to the client browser.
Legacy Article IDa19704

Attachments

    Outcomes