[Openid-specs-ab] Generating salt value in OpenID Connect Session Mangement
Hasanthi Purnima Dissanayake
hasanthi at wso2.com
Tue May 26 03:24:52 UTC 2015
Hi team,
I'm working with spec [1] and according to the it the OP iframe is
generating a salt value by splitting the session_state value that sent by
the RP iframe. So we should send a salt value from RP to OP. So what I'm
going to do is sending the mes variable from RP to OP with following format
as ;
var mes = CryptoJS.SHA256(client_id + origin + opss + salt) + "." + salt;
instead of
var mes = client_id + " " + session_state; which is mentioned in the spec.
Please advice me on this.
Thanks and Regards,
Hasanthi Dissanayake
Software Engineer | WSO2
E: hasanthi at wso2.com <niroshika at wso2.com>
M :0718407133| http://wso2.com <http://wso2.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150526/d3e25b37/attachment.html>
More information about the Openid-specs-ab
mailing list