Test Info

Issuerhttps://isamfed.com:30443/test
Profile[]
Test IDOP-Req-id_token_hint
Test descriptionUsing prompt=none with user hint through id_token_hint
Timestamp2019-06-17T07:58:59Z

Conditions


Done: status=OK

Trace Output

0phase<--<-- 0 --- Webfinger -->-->
0not expected to doWebFinger
0phase<--<-- 1 --- Discovery -->-->
0provider_config
kwargs:{'issuer': 'https://isamfed.com:30443/test'}
0http response
url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
0ProviderConfigurationResponse
{
    "authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
    "claims_parameter_supported": false,
    "claims_supported": [
        "realmName",
        "preferred_username",
        "given_name",
        "uid",
        "upn",
        "groupIds",
        "employee_id",
        "name",
        "tenantId",
        "mobile_number",
        "department",
        "job_title",
        "family_name",
        "email"
    ],
    "device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
    "grant_types_supported": [
        "urn:ietf:params:oauth:grant-type:jwt-bearer",
        "implicit",
        "urn:ietf:params:oauth:grant-type:saml2-bearer",
        "urn:ietf:params:oauth:grant-type:device_code",
        "client_credentials",
        "password",
        "authorization_code",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
    "issuer": "https://isamfed.com:30443/test",
    "jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
    "name": "OIDCDefinition",
    "poc": "https://isamfed.com:30443/mga/",
    "registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": false,
    "response_modes_supported": [
        "fragment",
        "form_post"
    ],
    "response_types_supported": [
        "token",
        "id_token",
        "token id_token",
        "code",
        "code id_token",
        "code token id_token",
        "code token",
        "none"
    ],
    "revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
    "token_endpoint_auth_methods_supported": [
        "private_key_jwt",
        "client_secret_post",
        "client_secret_basic"
    ],
    "user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
    "userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
    "userinfo_signing_alg_values_supported": [
        "RS256"
    ],
    "version": "3.0"
}
0phase<--<-- 2 --- Registration -->-->
0not expected to doDynamic registration
0phase<--<-- 3 --- AsyncAuthn -->-->
0AuthorizationRequest
{
    "client_id": "clientID",
    "nonce": "40Q24FtjqHUVltsq",
    "redirect_uri": "https://op.certification.openid.net:61375/authz_cb",
    "response_type": "code",
    "scope": "openid",
    "state": "0ZBKNjIWnu4QNIMC"
}
0redirect urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=0ZBKNjIWnu4QNIMC&nonce=40Q24FtjqHUVltsq&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61375%2Fauthz_cb&client_id=clientID
0redirecthttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=0ZBKNjIWnu4QNIMC&nonce=40Q24FtjqHUVltsq&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61375%2Fauthz_cb&client_id=clientID
1responseResponse URL with query part
1response{'state': '0ZBKNjIWnu4QNIMC', 'code': 'c1LTBQoUHPKqSitnIXA5hEHk0eL2QY'}
1response{'state': '0ZBKNjIWnu4QNIMC', 'code': 'c1LTBQoUHPKqSitnIXA5hEHk0eL2QY'}
1AuthorizationResponse
{
    "code": "c1LTBQoUHPKqSitnIXA5hEHk0eL2QY",
    "state": "0ZBKNjIWnu4QNIMC"
}
1phase<--<-- 4 --- AccessToken -->-->
1requestop_args: {'state': '0ZBKNjIWnu4QNIMC'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61375/authz_cb'}
1do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61375/authz_cb', 'code': 'c1LTBQoUHPKqSitnIXA5hEHk0eL2QY', 'state': '0ZBKNjIWnu4QNIMC', 'grant_type': 'authorization_code', 'client_id': 'clientID'}, 'state': '0ZBKNjIWnu4QNIMC', 'authn_method': 'client_secret_basic'}
1AccessTokenRequest
{
    "code": "c1LTBQoUHPKqSitnIXA5hEHk0eL2QY",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61375/authz_cb",
    "state": "0ZBKNjIWnu4QNIMC"
}
1request_urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/token
1request_http_args{'headers': {'Authorization': 'Basic Y2xpZW50SUQ6Y2xpZW50U2VjcmV0', 'Content-Type': 'application/x-www-form-urlencoded'}}
1requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61375%2Fauthz_cb&code=c1LTBQoUHPKqSitnIXA5hEHk0eL2QY&state=0ZBKNjIWnu4QNIMC
2http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
2response{'access_token': 'hyEVHNQSe3FPy13Kztox', 'refresh_token': 'sGIAQJbPIgbfsFpy0liXQEi2lqnZYdHTq6oxuNIv', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoiZFZXZWdiLTdBZzJWSWNXRk5QdzNCQSIsIm5vbmNlIjoiNDBRMjRGdGpxSFVWbHRzcSIsImlhdCI6MTU2MDc1ODMzNywiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6Im5qbmdpRVhUY0dxNnRNTDRkUHlRdFEiLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc2MTc1NywiYXVkIjoiY2xpZW50SUQifQ.Lo2E-wFPMnCqq8X1u5ptAV_Ns39lOJzzwn_vYmVAtXyESaZPgtXT-zyhqdmZwVd55f2kU8wztisDMEbH33pb4uFscmllaVEL_cGo2qHK9Dh6tEzJoYPNr9d0KwE4HpaUnsSmujOA8gZ1daDJS4DeTk_jG71owjtWj4ZhJLFaogZLhH4ZW2F8UyAAvKidX7vv0eBrsiF-lv_GIEdJgSnAUBYDvAVCUdc7EZ9nZD0-Bub8i63iAz42SzX8VaFe2ENhH4uNU8zg40te6O-m3SZ8JxQeM2vuSjQftfd2v5TS0KGyHMuQ4IeMc00SiQRgUIXjvEPjb8jUVvV0g1nilwMYWg', 'token_type': 'bearer', 'expires_in': 3599}
2AccessTokenResponse
{
    "access_token": "hyEVHNQSe3FPy13Kztox",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "njngiEXTcGq6tML4dPyQtQ",
        "aud": [
            "clientID"
        ],
        "exp": 1560761757,
        "iat": 1560758337,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "40Q24FtjqHUVltsq",
        "rt_hash": "dVWegb-7Ag2VIcWFNPw3BA",
        "sub": "testuser"
    },
    "refresh_token": "sGIAQJbPIgbfsFpy0liXQEi2lqnZYdHTq6oxuNIv",
    "scope": "openid",
    "token_type": "bearer"
}
2jws header{'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'}
2phase<--<-- 5 --- AsyncAuthn -->-->
2AuthorizationRequest
{
    "client_id": "clientID",
    "id_token_hint": "eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoiZFZXZWdiLTdBZzJWSWNXRk5QdzNCQSIsIm5vbmNlIjoiNDBRMjRGdGpxSFVWbHRzcSIsImlhdCI6MTU2MDc1ODMzNywiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6Im5qbmdpRVhUY0dxNnRNTDRkUHlRdFEiLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc2MTc1NywiYXVkIjoiY2xpZW50SUQifQ.Lo2E-wFPMnCqq8X1u5ptAV_Ns39lOJzzwn_vYmVAtXyESaZPgtXT-zyhqdmZwVd55f2kU8wztisDMEbH33pb4uFscmllaVEL_cGo2qHK9Dh6tEzJoYPNr9d0KwE4HpaUnsSmujOA8gZ1daDJS4DeTk_jG71owjtWj4ZhJLFaogZLhH4ZW2F8UyAAvKidX7vv0eBrsiF-lv_GIEdJgSnAUBYDvAVCUdc7EZ9nZD0-Bub8i63iAz42SzX8VaFe2ENhH4uNU8zg40te6O-m3SZ8JxQeM2vuSjQftfd2v5TS0KGyHMuQ4IeMc00SiQRgUIXjvEPjb8jUVvV0g1nilwMYWg",
    "nonce": "fBf9Q1ovgMK36i1y",
    "prompt": [
        "none"
    ],
    "redirect_uri": "https://op.certification.openid.net:61375/authz_cb",
    "response_type": "code",
    "scope": "openid",
    "state": "LnktQEvSfPaKkDyc"
}
2redirect urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=LnktQEvSfPaKkDyc&nonce=fBf9Q1ovgMK36i1y&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61375%2Fauthz_cb&prompt=none&id_token_hint=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoiZFZXZWdiLTdBZzJWSWNXRk5QdzNCQSIsIm5vbmNlIjoiNDBRMjRGdGpxSFVWbHRzcSIsImlhdCI6MTU2MDc1ODMzNywiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6Im5qbmdpRVhUY0dxNnRNTDRkUHlRdFEiLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc2MTc1NywiYXVkIjoiY2xpZW50SUQifQ.Lo2E-wFPMnCqq8X1u5ptAV_Ns39lOJzzwn_vYmVAtXyESaZPgtXT-zyhqdmZwVd55f2kU8wztisDMEbH33pb4uFscmllaVEL_cGo2qHK9Dh6tEzJoYPNr9d0KwE4HpaUnsSmujOA8gZ1daDJS4DeTk_jG71owjtWj4ZhJLFaogZLhH4ZW2F8UyAAvKidX7vv0eBrsiF-lv_GIEdJgSnAUBYDvAVCUdc7EZ9nZD0-Bub8i63iAz42SzX8VaFe2ENhH4uNU8zg40te6O-m3SZ8JxQeM2vuSjQftfd2v5TS0KGyHMuQ4IeMc00SiQRgUIXjvEPjb8jUVvV0g1nilwMYWg&client_id=clientID
2redirecthttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=LnktQEvSfPaKkDyc&nonce=fBf9Q1ovgMK36i1y&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61375%2Fauthz_cb&prompt=none&id_token_hint=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoiZFZXZWdiLTdBZzJWSWNXRk5QdzNCQSIsIm5vbmNlIjoiNDBRMjRGdGpxSFVWbHRzcSIsImlhdCI6MTU2MDc1ODMzNywiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6Im5qbmdpRVhUY0dxNnRNTDRkUHlRdFEiLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc2MTc1NywiYXVkIjoiY2xpZW50SUQifQ.Lo2E-wFPMnCqq8X1u5ptAV_Ns39lOJzzwn_vYmVAtXyESaZPgtXT-zyhqdmZwVd55f2kU8wztisDMEbH33pb4uFscmllaVEL_cGo2qHK9Dh6tEzJoYPNr9d0KwE4HpaUnsSmujOA8gZ1daDJS4DeTk_jG71owjtWj4ZhJLFaogZLhH4ZW2F8UyAAvKidX7vv0eBrsiF-lv_GIEdJgSnAUBYDvAVCUdc7EZ9nZD0-Bub8i63iAz42SzX8VaFe2ENhH4uNU8zg40te6O-m3SZ8JxQeM2vuSjQftfd2v5TS0KGyHMuQ4IeMc00SiQRgUIXjvEPjb8jUVvV0g1nilwMYWg&client_id=clientID
3responseResponse URL with query part
3response{'state': 'LnktQEvSfPaKkDyc', 'code': 'Obk1skSTI35zb6PxprdAxlyflJCUYU'}
3response{'state': 'LnktQEvSfPaKkDyc', 'code': 'Obk1skSTI35zb6PxprdAxlyflJCUYU'}
3AuthorizationResponse
{
    "code": "Obk1skSTI35zb6PxprdAxlyflJCUYU",
    "state": "LnktQEvSfPaKkDyc"
}
3phase<--<-- 6 --- AccessToken -->-->
3requestop_args: {'state': 'LnktQEvSfPaKkDyc'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61375/authz_cb'}
3do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61375/authz_cb', 'code': 'Obk1skSTI35zb6PxprdAxlyflJCUYU', 'state': 'LnktQEvSfPaKkDyc', 'grant_type': 'authorization_code', 'client_id': 'clientID'}, 'state': 'LnktQEvSfPaKkDyc', 'authn_method': 'client_secret_basic'}
3AccessTokenRequest
{
    "code": "Obk1skSTI35zb6PxprdAxlyflJCUYU",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61375/authz_cb",
    "state": "LnktQEvSfPaKkDyc"
}
3request_urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/token
3request_http_args{'headers': {'Authorization': 'Basic Y2xpZW50SUQ6Y2xpZW50U2VjcmV0', 'Content-Type': 'application/x-www-form-urlencoded'}}
3requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61375%2Fauthz_cb&code=Obk1skSTI35zb6PxprdAxlyflJCUYU&state=LnktQEvSfPaKkDyc
3http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
3response{'access_token': 'wLrUdiUdHrpLm1iPvA65', 'refresh_token': 'WNBQ64XP7IgKxVPjHrEfSzuDnnM3Tw8OAZsSEtN7', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoieHMzMnFxeDA2NjVBRnduT0QzUFo1ZyIsIm5vbmNlIjoiZkJmOVExb3ZnTUszNmkxeSIsImlhdCI6MTU2MDc1ODMzOSwiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6InItb0RHMUpGMk1KdkRVMVBDb2t6U2ciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc2MTc1OSwiYXVkIjoiY2xpZW50SUQifQ.2zw1dy06C0pwPr5tX6b5HnVp7uxeNcr1qZwZ20F7v--6JaIzIloMKfQJ9UfPF5-4AmYc7QZi8cMVxnUOngM8rJkpGfXqlEi23R_RAYdFC-n3cewgnVnAJlfLIt4_gQFW7h9Ms1JI6ugPOjQ11vWs4WUgapZjA10dUuZ_hqN9fr-a5jvBQI-5qWQ1P1rH1EQfgDXeyCH8Nt_yr8_p9MTOTgag8ey4Rbx_Ofy-nU5Fd0sVtaTlo9QdU7_SlxxhAkWPLKVkaG4wh4ELlNgSswj_zktQkFAXyVZb3HiH1pKdWRoXpDbHtjWrXLGKXpcAEA3l4JjdvmyBPo1VRTuzuOctvg', 'token_type': 'bearer', 'expires_in': 3599}
3AccessTokenResponse
{
    "access_token": "wLrUdiUdHrpLm1iPvA65",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "r-oDG1JF2MJvDU1PCokzSg",
        "aud": [
            "clientID"
        ],
        "exp": 1560761759,
        "iat": 1560758339,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "fBf9Q1ovgMK36i1y",
        "rt_hash": "xs32qqx0665AFwnOD3PZ5g",
        "sub": "testuser"
    },
    "refresh_token": "WNBQ64XP7IgKxVPjHrEfSzuDnnM3Tw8OAZsSEtN7",
    "scope": "openid",
    "token_type": "bearer"
}
3jws header{'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'}
3phase<--<-- 7 --- Done -->-->
3end
3assertionSameAuthn
3conditionDone: status=OK

Result

PASSED