What Happens If The Obssocookie Is Tampered?

1.	What Happens If The Obssocookie Is Tampered?
Answer» When access system GENERATES ObSSOCookie, MD-5 HASH is taken from session token. So when the user is authenticated again using the cookie, the MD5 hash is compared with ORIGINAL cookie contents. MD-5 hash is a one-way hash, hence it cant be unencrypted. Access server compares the cookie contents with hash. If both are not same, then cookie is tampered in the interim. This cookie does not contain USERNAME and PASSWORD. When access system generates ObSSOCookie, MD-5 hash is taken from session token. So when the user is authenticated again using the cookie, the MD5 hash is compared with original cookie contents. MD-5 hash is a one-way hash, hence it cant be unencrypted. Access server compares the cookie contents with hash. If both are not same, then cookie is tampered in the interim. This cookie does not contain username and password.

Answer»

When access system GENERATES ObSSOCookie, MD-5 HASH is taken from session token. So when the user is authenticated again using the cookie, the MD5 hash is compared with ORIGINAL cookie contents. MD-5 hash is a one-way hash, hence it cant be unencrypted. Access server compares the cookie contents with hash. If both are not same, then cookie is tampered in the interim. This cookie does not contain USERNAME and PASSWORD.

When access system generates ObSSOCookie, MD-5 hash is taken from session token. So when the user is authenticated again using the cookie, the MD5 hash is compared with original cookie contents. MD-5 hash is a one-way hash, hence it cant be unencrypted. Access server compares the cookie contents with hash. If both are not same, then cookie is tampered in the interim. This cookie does not contain username and password.

Discussion

No Comment Found

Related InterviewSolutions

Explain How Form Login Works If The Form Login Page Is Present In Different Domain From Oam?
Explain The Flow When A User Makes A Request Protected By An Access Gate (not Webgate)?
When Do You Need An Access Gate?
What Is Policy Manager Api?
Explain Various Major Params Defined In Webgate Instance Profile?
Explain Iwa Mechanism In Oracle Access Manager?
Explain The Integration And Architecture Of Oam-oaam Integration?
What Is An Sspi Connector And Its Role In Oracle Access Manager Integrations?
What Is An Identity Xml?
What Is An Access Server Sdk?