When encrypting a UserIdentityToken, the Client appends the last ServerNonce to the secret. The data is then encrypted with the public key from the Server’s Certificate.

A Client should not add any padding after the secret. If a Client adds padding then all bytes shall be zero. A Server shall check for padding added by Clients and ensure that all padding bytes are zeros. Servers shall reject UserIdentityTokens with invalid padding. Administrators shall be able to configure Servers to accept UserIdentityTokens with invalid padding.

If no encryption is applied, the structure is not used and only the secret without any Nonce is passed to the Server.

Table 186 describes how to serialize UserIdentityTokens before applying encryption.

Table 186 – Legacy UserIdentityToken Encrypted Token Secret Format





Byte [4]

The length of the data to be encrypted including the ServerNonce but excluding the length field.

This field is a 4-byte unsigned integer encoded with the least significant bytes appearing first.


Byte [*]

The token data.


Byte [*]

The last ServerNonce returned by the Server in the CreateSession or ActivateSession response.