First name/last name sharing

A very simple solution is in place for providing the website with the last name/first name of the contact if they are logged in: the identity provider (IDP) creates a domain cookie with the last name/first name of the contact; this cookie makes this information available for the website if it is deployed in the same domain.

The data is in globally encoded JSON url format.

This way, the website may display in javascript (therefore maintaining the ability to cache the page and assure a good performance) "Welcome Vincent Larchet".

The domain to which this cookie is attached is the domain common to the organisation's website and the purchase funnel, and its name follows the following schema:

stx_contact_{Institution code}_{Sales channel code}_v1

Parameter Contents
individualTitle User title
individualFirstname User first name
individualLastname User last name
nickname User nickname
lang User language
timestamp Login date, not used
expires Session expiration date, in ISO 8601 format.
a. contactNumber
b. email
Additional Data They are encrypted and are not used as part of the SSO.

The data in additionalData are encrypted as follows:

  • be K a randomly selected unique encryption key
  • be M the JSON object containing contactNumber and email, in UTF-8 coding
  • the K key is encrypted with the RSA algorithm with the website public key. This makes up the "key" data
  • the M message is encrypted by the AES algorithm using the K key. This makes up the "data" information
  • the M message is transformed by a hash function using the SHA-1 algorithm. This result is signed (encrypted) with the S-360 private key. This makes up the "digest" data which will be used for verifying that the cookie has been correctly generated by S-360
  • Finally, the additionalData field contains the JSON object that includes the data "key", "digest" and "data", each of them with Base64 encoding.


  • RSA algorithm: ECB mode, PKCS1 padding.
  • AES algorithm: ECB mode, PKCS5 padding.