[Openid-specs-ab] Generating salt value in OpenID Connect Session Mangement

Hasanthi Purnima Dissanayake hasanthi at wso2.com
Tue May 26 03:24:52 UTC 2015

Hi team,
I'm working with spec [1] and according to the it the OP iframe is
generating a salt value by splitting the session_state value that sent by
the RP iframe. So we should send a salt value from RP to OP. So what I'm
going to do is sending the mes variable from RP to OP with following format
as ;

var mes = CryptoJS.SHA256(client_id + origin + opss + salt) + "." + salt;

instead of
var mes = client_id + " " + session_state; which is mentioned in the spec.

Please advice me on this.

 Thanks and Regards,

Hasanthi Dissanayake

Software Engineer | WSO2

E: hasanthi at wso2.com <niroshika at wso2.com>
M :0718407133| http://wso2.com <http://wso2.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150526/d3e25b37/attachment.html>

More information about the Openid-specs-ab mailing list