Test Info

Issuerhttps://oidc-conformance.ping-eng.com:9031
Profile[]
Test IDOP-Req-acr_values
Test descriptionProviding acr_values
Timestamp2018-09-21T17:41:15Z

Conditions


used-acr-value: status=OK [The acr value in the ID Token]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK

Trace Output

0.0phase<--<-- 0 --- Webfinger -->-->
0.0not expected to doWebFinger
0.0phase<--<-- 1 --- Discovery -->-->
0.0not expected to doDynamic discovery
0.0phase<--<-- 2 --- Registration -->-->
0.0register
kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61401/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61401/logout'], 'url': 'https://oidc-conformance.ping-eng.com:9031/as/clients.oauth2', 'jwks_uri': 'https://op.certification.openid.net:61401/static/jwks_61401.json'}
0.001RegistrationRequest
{
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit",
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61401/static/jwks_61401.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61401/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61401/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61401/requests/876669ef2b3891075309a06e00b98e6ace4cfca108af01becb9a804fff95d8c4#aBGUdKme9vvM6rtM"
    ],
    "response_types": [
        "code id_token token"
    ]
}
0.329http response
url:https://oidc-conformance.ping-eng.com:9031/as/clients.oauth2 status_code:201
0.33RegistrationResponse
{
    "client_id": "dc-pnPWyhiViHY0ME17L8u29o",
    "client_name": "dc-pnPWyhiViHY0ME17L8u29o",
    "client_secret": "Sy84v1uYXODq70mIFW0oSK",
    "client_secret_expires_at": 0,
    "grant_access_session_revocation_api": false,
    "grant_types": [
        "implicit",
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61401/static/jwks_61401.json",
    "persistent_grant_expiration_type": "server_default",
    "pingaccess_logout_capable": false,
    "redirect_uris": [
        "https://op.certification.openid.net:61401/authz_cb"
    ],
    "refresh_token_rolling_policy": "server_default",
    "response_types": [
        "code id_token token"
    ],
    "scope": "address phone edit openid profile admin email",
    "token_endpoint_auth_method": "client_secret_basic",
    "validate_using_all_eligible_atms": false
}
0.33phase<--<-- 3 --- AsyncAuthn -->-->
0.331AuthorizationRequest
{
    "acr_values": "1 2",
    "client_id": "dc-pnPWyhiViHY0ME17L8u29o",
    "nonce": "Vp3FKVurWdNqo5qj",
    "redirect_uri": "https://op.certification.openid.net:61401/authz_cb",
    "response_type": "code id_token token",
    "scope": "openid",
    "state": "2O7n3UH2hUkLzdIJ"
}
0.331redirect urlhttps://oidc-conformance.ping-eng.com:9031/as/authorization.oauth2?state=2O7n3UH2hUkLzdIJ&nonce=Vp3FKVurWdNqo5qj&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61401%2Fauthz_cb&acr_values=1+2&client_id=dc-pnPWyhiViHY0ME17L8u29o
0.331redirecthttps://oidc-conformance.ping-eng.com:9031/as/authorization.oauth2?state=2O7n3UH2hUkLzdIJ&nonce=Vp3FKVurWdNqo5qj&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61401%2Fauthz_cb&acr_values=1+2&client_id=dc-pnPWyhiViHY0ME17L8u29o
1.944http args{}
2.245responseURL with fragment
2.246responseaccess_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsxIn0.eyJzY29wZSI6WyJvcGVuaWQiXSwiY2xpZW50X2lkX25hbWUiOiJkYy1wblBXeWhpVmlIWTBNRTE3TDh1MjlvIiwiYWdpZCI6IlE5OXA2cnNxM3c1TnJmTUI0bURhT0ZHRzE4UGNCNkw5IiwiVXNlcm5hbWUiOiJqb2UiLCJPcmdOYW1lIjoiUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbiIsImV4cCI6MTUzNzU1ODg3NH0.fz8HXoOePZLdNukzwskyg-C5rZ3lYwJKYKJHSNJjbDEkthrcDJP-MQ95HaRSpVve-gjKOUHWojDyyOGKTmWg_lcn9H0f_BC2cXUEseQcuZNJdMEEpcheen6-gsSY021zVGm0K-Bj8LnY8yyzkpPXyCLqS_flugbsgKX7dX-q4sA5lwfm6cmj_YGzF24pUtHCpn-p2HsDK9dhBfum0oQY7jIHmPaKnXt93cPWRXQ4AyR8CGFWlIFwyrTjP6jj3UrTbF6G_E-MjLZNAoeMQURgINReYa2K6_XNj_tlSLW3ZBwTSFmCOYoVvkyNcFFvG0RP9Adfdr1VKdgACYUkDJo5mw&code=f3U_X9X__W3yf4zxRIVc7gWA8JBQWVEx4z5Qafbu&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InExa19WZW9TcXRKX0Y1Y2ZlRXRRRkJHcW1LOCJ9.eyJzdWIiOiJqb2UiLCJhdWQiOiJkYy1wblBXeWhpVmlIWTBNRTE3TDh1MjlvIiwianRpIjoia1VLSllZRHRIcHdDemczeDF3Mk14RiIsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMSIsImlhdCI6MTUzNzU1MTY3NCwiZXhwIjoxNTM3NTUxOTc0LCJwaS5zcmkiOiJOVDFYQk5fRHNkMTRZWVg3NVliOHBKWU5RZEEiLCJub25jZSI6IlZwM0ZLVnVyV2ROcW81cWoiLCJhY3IiOiIyIiwiYXV0aF90aW1lIjoxNTM3NTUxNjY4LCJjX2hhc2giOiJKckM2TGxiNlpQTEVrcmJXRWdfZ0t3IiwiYXRfaGFzaCI6ImpDVEw1SEo1ZXpxZGVQRVRUOFN4QUEiLCJzX2hhc2giOiJndUZKbDAwQS1YLWFibE1uV0pxS1lRIn0.n_1bEgtSrVhJvd6QjORhbpjaVw4LW-qyN0mFyGlsKyRF-etTBfIOoafIodFcfUQ-6CURiJiG1v7dMHcYPwHntnHhXvvh6xDfCr-0Iu2X4n2x3hklqxCc94NRhdfvfzFBSo5aUCKj2wfe7DPTeRogA7GCU6Y-r5HUBLL21V9j41lddg_K9lF5CnXgBn7J8Oxhfdu43mytbO0hylnzf0j5pDQqytEEheN9-w6QbZ1_-9B15XLqN0jkjkztujeZagqkJsckTrIgOItEEi1WenMj16bmxmZiDh0xY-SkhLChJDLogBHDPSeP6g4BK7y3biWpePfTg_7pHiZmOkz9N0NjZg&state=2O7n3UH2hUkLzdIJ&token_type=Bearer&expires_in=7199
2.246response{'access_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImsxIn0.eyJzY29wZSI6WyJvcGVuaWQiXSwiY2xpZW50X2lkX25hbWUiOiJkYy1wblBXeWhpVmlIWTBNRTE3TDh1MjlvIiwiYWdpZCI6IlE5OXA2cnNxM3c1TnJmTUI0bURhT0ZHRzE4UGNCNkw5IiwiVXNlcm5hbWUiOiJqb2UiLCJPcmdOYW1lIjoiUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbiIsImV4cCI6MTUzNzU1ODg3NH0.fz8HXoOePZLdNukzwskyg-C5rZ3lYwJKYKJHSNJjbDEkthrcDJP-MQ95HaRSpVve-gjKOUHWojDyyOGKTmWg_lcn9H0f_BC2cXUEseQcuZNJdMEEpcheen6-gsSY021zVGm0K-Bj8LnY8yyzkpPXyCLqS_flugbsgKX7dX-q4sA5lwfm6cmj_YGzF24pUtHCpn-p2HsDK9dhBfum0oQY7jIHmPaKnXt93cPWRXQ4AyR8CGFWlIFwyrTjP6jj3UrTbF6G_E-MjLZNAoeMQURgINReYa2K6_XNj_tlSLW3ZBwTSFmCOYoVvkyNcFFvG0RP9Adfdr1VKdgACYUkDJo5mw', 'code': 'f3U_X9X__W3yf4zxRIVc7gWA8JBQWVEx4z5Qafbu', 'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InExa19WZW9TcXRKX0Y1Y2ZlRXRRRkJHcW1LOCJ9.eyJzdWIiOiJqb2UiLCJhdWQiOiJkYy1wblBXeWhpVmlIWTBNRTE3TDh1MjlvIiwianRpIjoia1VLSllZRHRIcHdDemczeDF3Mk14RiIsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMSIsImlhdCI6MTUzNzU1MTY3NCwiZXhwIjoxNTM3NTUxOTc0LCJwaS5zcmkiOiJOVDFYQk5fRHNkMTRZWVg3NVliOHBKWU5RZEEiLCJub25jZSI6IlZwM0ZLVnVyV2ROcW81cWoiLCJhY3IiOiIyIiwiYXV0aF90aW1lIjoxNTM3NTUxNjY4LCJjX2hhc2giOiJKckM2TGxiNlpQTEVrcmJXRWdfZ0t3IiwiYXRfaGFzaCI6ImpDVEw1SEo1ZXpxZGVQRVRUOFN4QUEiLCJzX2hhc2giOiJndUZKbDAwQS1YLWFibE1uV0pxS1lRIn0.n_1bEgtSrVhJvd6QjORhbpjaVw4LW-qyN0mFyGlsKyRF-etTBfIOoafIodFcfUQ-6CURiJiG1v7dMHcYPwHntnHhXvvh6xDfCr-0Iu2X4n2x3hklqxCc94NRhdfvfzFBSo5aUCKj2wfe7DPTeRogA7GCU6Y-r5HUBLL21V9j41lddg_K9lF5CnXgBn7J8Oxhfdu43mytbO0hylnzf0j5pDQqytEEheN9-w6QbZ1_-9B15XLqN0jkjkztujeZagqkJsckTrIgOItEEi1WenMj16bmxmZiDh0xY-SkhLChJDLogBHDPSeP6g4BK7y3biWpePfTg_7pHiZmOkz9N0NjZg', 'state': '2O7n3UH2hUkLzdIJ', 'token_type': 'Bearer', 'expires_in': 7199}
2.554AuthorizationResponse
{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImsxIn0.eyJzY29wZSI6WyJvcGVuaWQiXSwiY2xpZW50X2lkX25hbWUiOiJkYy1wblBXeWhpVmlIWTBNRTE3TDh1MjlvIiwiYWdpZCI6IlE5OXA2cnNxM3c1TnJmTUI0bURhT0ZHRzE4UGNCNkw5IiwiVXNlcm5hbWUiOiJqb2UiLCJPcmdOYW1lIjoiUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbiIsImV4cCI6MTUzNzU1ODg3NH0.fz8HXoOePZLdNukzwskyg-C5rZ3lYwJKYKJHSNJjbDEkthrcDJP-MQ95HaRSpVve-gjKOUHWojDyyOGKTmWg_lcn9H0f_BC2cXUEseQcuZNJdMEEpcheen6-gsSY021zVGm0K-Bj8LnY8yyzkpPXyCLqS_flugbsgKX7dX-q4sA5lwfm6cmj_YGzF24pUtHCpn-p2HsDK9dhBfum0oQY7jIHmPaKnXt93cPWRXQ4AyR8CGFWlIFwyrTjP6jj3UrTbF6G_E-MjLZNAoeMQURgINReYa2K6_XNj_tlSLW3ZBwTSFmCOYoVvkyNcFFvG0RP9Adfdr1VKdgACYUkDJo5mw",
    "code": "f3U_X9X__W3yf4zxRIVc7gWA8JBQWVEx4z5Qafbu",
    "expires_in": 7199,
    "id_token": {
        "acr": "2",
        "at_hash": "jCTL5HJ5ezqdePETT8SxAA",
        "aud": [
            "dc-pnPWyhiViHY0ME17L8u29o"
        ],
        "auth_time": 1537551668,
        "c_hash": "JrC6Llb6ZPLEkrbWEg_gKw",
        "exp": 1537551974,
        "iat": 1537551674,
        "iss": "https://oidc-conformance.ping-eng.com:9031",
        "jti": "kUKJYYDtHpwCzg3x1w2MxF",
        "nonce": "Vp3FKVurWdNqo5qj",
        "pi.sri": "NT1XBN_Dsd14YYX75Yb8pJYNQdA",
        "s_hash": "guFJl00A-X-ablMnWJqKYQ",
        "sub": "joe"
    },
    "state": "2O7n3UH2hUkLzdIJ",
    "token_type": "Bearer"
}
2.554phase<--<-- 4 --- AccessToken -->-->
2.554requestop_args: {'state': '2O7n3UH2hUkLzdIJ'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61401/authz_cb'}
2.554do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61401/authz_cb', 'code': 'f3U_X9X__W3yf4zxRIVc7gWA8JBQWVEx4z5Qafbu', 'state': '2O7n3UH2hUkLzdIJ', 'grant_type': 'authorization_code', 'client_id': 'dc-pnPWyhiViHY0ME17L8u29o'}, 'state': '2O7n3UH2hUkLzdIJ'}
2.554AccessTokenRequest
{
    "code": "f3U_X9X__W3yf4zxRIVc7gWA8JBQWVEx4z5Qafbu",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61401/authz_cb",
    "state": "2O7n3UH2hUkLzdIJ"
}
2.554request_urlhttps://oidc-conformance.ping-eng.com:9031/as/token.oauth2
2.554request_http_args{'headers': {'Authorization': 'Basic ZGMtcG5QV3loaVZpSFkwTUUxN0w4dTI5bzpTeTg0djF1WVhPRHE3MG1JRlcwb1NL', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.554requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61401%2Fauthz_cb&code=f3U_X9X__W3yf4zxRIVc7gWA8JBQWVEx4z5Qafbu&state=2O7n3UH2hUkLzdIJ
2.929http response
url:https://oidc-conformance.ping-eng.com:9031/as/token.oauth2 status_code:200
2.93response{'access_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImsxIn0.eyJzY29wZSI6WyJvcGVuaWQiXSwiY2xpZW50X2lkX25hbWUiOiJkYy1wblBXeWhpVmlIWTBNRTE3TDh1MjlvIiwiVXNlcm5hbWUiOiJqb2UiLCJPcmdOYW1lIjoiUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbiIsImV4cCI6MTUzNzU1ODg3NX0.jGyVg8aVBVe-xp8Hgdik3xbJRjw0qv1bDMtbIUDJm5_3Uz3rsZPOYpdaFVUjO8kQkuyTxgHeWymNhJajaOCS3lnKsOjp0MkytwcBatpqLpWjLoiV39IFjAYePAfV8rsJGYdYpY1cJXJ0JClup_T6_70TM1rvrbgksNorouNNo1sm3VNypVxKbABsZM9HdJGpOQWkvyBQsElXUCXeJ1TKvr3rSBtKh3q5gsy5JuFqcfkY1yD_5-P9-cTaFExcTjFROTHV1i7Q29LrqkoGrX7XMbU3oRAxvq7_mECSIxXg_nlRPE8FTE9QbcT1u6xZRrPuyYOCrl6Da0sjEsZqui_Xew', 'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InExa19WZW9TcXRKX0Y1Y2ZlRXRRRkJHcW1LOCJ9.eyJzdWIiOiJqb2UiLCJhdWQiOiJkYy1wblBXeWhpVmlIWTBNRTE3TDh1MjlvIiwianRpIjoia1VLSllZRHRIcHdDemczeDF3Mk14RiIsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMSIsImlhdCI6MTUzNzU1MTY3NCwiZXhwIjoxNTM3NTUxOTc0LCJwaS5zcmkiOiJOVDFYQk5fRHNkMTRZWVg3NVliOHBKWU5RZEEiLCJub25jZSI6IlZwM0ZLVnVyV2ROcW81cWoiLCJhY3IiOiIyIiwiYXV0aF90aW1lIjoxNTM3NTUxNjY4LCJjX2hhc2giOiJKckM2TGxiNlpQTEVrcmJXRWdfZ0t3IiwiYXRfaGFzaCI6ImpDVEw1SEo1ZXpxZGVQRVRUOFN4QUEiLCJzX2hhc2giOiJndUZKbDAwQS1YLWFibE1uV0pxS1lRIn0.n_1bEgtSrVhJvd6QjORhbpjaVw4LW-qyN0mFyGlsKyRF-etTBfIOoafIodFcfUQ-6CURiJiG1v7dMHcYPwHntnHhXvvh6xDfCr-0Iu2X4n2x3hklqxCc94NRhdfvfzFBSo5aUCKj2wfe7DPTeRogA7GCU6Y-r5HUBLL21V9j41lddg_K9lF5CnXgBn7J8Oxhfdu43mytbO0hylnzf0j5pDQqytEEheN9-w6QbZ1_-9B15XLqN0jkjkztujeZagqkJsckTrIgOItEEi1WenMj16bmxmZiDh0xY-SkhLChJDLogBHDPSeP6g4BK7y3biWpePfTg_7pHiZmOkz9N0NjZg', 'token_type': 'Bearer', 'expires_in': 7199}
2.932AccessTokenResponse
{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImsxIn0.eyJzY29wZSI6WyJvcGVuaWQiXSwiY2xpZW50X2lkX25hbWUiOiJkYy1wblBXeWhpVmlIWTBNRTE3TDh1MjlvIiwiVXNlcm5hbWUiOiJqb2UiLCJPcmdOYW1lIjoiUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbiIsImV4cCI6MTUzNzU1ODg3NX0.jGyVg8aVBVe-xp8Hgdik3xbJRjw0qv1bDMtbIUDJm5_3Uz3rsZPOYpdaFVUjO8kQkuyTxgHeWymNhJajaOCS3lnKsOjp0MkytwcBatpqLpWjLoiV39IFjAYePAfV8rsJGYdYpY1cJXJ0JClup_T6_70TM1rvrbgksNorouNNo1sm3VNypVxKbABsZM9HdJGpOQWkvyBQsElXUCXeJ1TKvr3rSBtKh3q5gsy5JuFqcfkY1yD_5-P9-cTaFExcTjFROTHV1i7Q29LrqkoGrX7XMbU3oRAxvq7_mECSIxXg_nlRPE8FTE9QbcT1u6xZRrPuyYOCrl6Da0sjEsZqui_Xew",
    "expires_in": 7199,
    "id_token": {
        "acr": "2",
        "at_hash": "jCTL5HJ5ezqdePETT8SxAA",
        "aud": [
            "dc-pnPWyhiViHY0ME17L8u29o"
        ],
        "auth_time": 1537551668,
        "c_hash": "JrC6Llb6ZPLEkrbWEg_gKw",
        "exp": 1537551974,
        "iat": 1537551674,
        "iss": "https://oidc-conformance.ping-eng.com:9031",
        "jti": "kUKJYYDtHpwCzg3x1w2MxF",
        "nonce": "Vp3FKVurWdNqo5qj",
        "pi.sri": "NT1XBN_Dsd14YYX75Yb8pJYNQdA",
        "s_hash": "guFJl00A-X-ablMnWJqKYQ",
        "sub": "joe"
    },
    "token_type": "Bearer"
}
2.932phase<--<-- 5 --- Done -->-->
2.932end
2.933assertionUsedAcrValue
2.933conditionused-acr-value: status=OK [The acr value in the ID Token]
2.933assertionVerifyResponse
2.933conditionverify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.933conditionDone: status=OK

Result

PASSED