When encrypting a UserIdentityToken, the Client appends the last ServerNonce to the secret. The data is then encrypted with the public key from the Server’s Certificate.
If no encryption is applied, the structure is not used and only the secret without any Nonce is passed to the Server.
Table 181 describes how to serialize UserIdentityTokens before applying encryption.
Table 181 – Legacy UserIdentityToken Encrypted Token Secret Format
|
Name |
Type |
Description |
|
Length |
Byte [4] |
The length of the data to be encrypted including the ServerNonce but excluding the length field. This field is a 4-byte unsigned integer encoded with the least significant bytes appearing first. |
|
tokenData |
Byte [*] |
The token data. |
|
serverNonce |
Byte [*] |
The last ServerNonce returned by the Server in the CreateSession or ActivateSession response. |