Test Info

Issuerhttps://isamfed.com:30443/test
Profile[]
Test IDOP-Req-max_age=1
Test descriptionRequesting ID Token with max_age=1 seconds restriction
Timestamp2019-06-17T07:09:37Z

Conditions


claims-check: status=OK [Checks if specific claims is present or not]
auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK

Trace Output

0phase<--<-- 0 --- Webfinger -->-->
0not expected to doWebFinger
0phase<--<-- 1 --- Discovery -->-->
0provider_config
kwargs:{'issuer': 'https://isamfed.com:30443/test'}
0http response
url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
0ProviderConfigurationResponse
{
    "authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
    "claims_parameter_supported": false,
    "claims_supported": [
        "realmName",
        "preferred_username",
        "given_name",
        "uid",
        "upn",
        "groupIds",
        "employee_id",
        "name",
        "tenantId",
        "mobile_number",
        "department",
        "job_title",
        "family_name",
        "email"
    ],
    "device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
    "grant_types_supported": [
        "urn:ietf:params:oauth:grant-type:jwt-bearer",
        "implicit",
        "urn:ietf:params:oauth:grant-type:saml2-bearer",
        "urn:ietf:params:oauth:grant-type:device_code",
        "client_credentials",
        "password",
        "authorization_code",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
    "issuer": "https://isamfed.com:30443/test",
    "jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
    "name": "OIDCDefinition",
    "poc": "https://isamfed.com:30443/mga/",
    "registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": false,
    "response_modes_supported": [
        "fragment",
        "form_post"
    ],
    "response_types_supported": [
        "token",
        "id_token",
        "token id_token",
        "code",
        "code id_token",
        "code token id_token",
        "code token",
        "none"
    ],
    "revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
    "token_endpoint_auth_methods_supported": [
        "private_key_jwt",
        "client_secret_post",
        "client_secret_basic"
    ],
    "user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
    "userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
    "userinfo_signing_alg_values_supported": [
        "RS256"
    ],
    "version": "3.0"
}
0phase<--<-- 2 --- Registration -->-->
0register
kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61367/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61367/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61367/static/jwks_61367.json', 'token_endpoint_auth_method': 'private_key_jwt'}
0RegistrationRequest
{
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit",
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61367/static/jwks_61367.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61367/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61367/authz_cb"
    ],
    "response_types": [
        "code id_token token"
    ],
    "token_endpoint_auth_method": "private_key_jwt"
}
1http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
1RegistrationResponse
{
    "application_type": "web",
    "client_id": "qNLYIv4oACMyRVnl4JTh",
    "client_id_issued_at": 1560755370,
    "client_secret": "tvIpyrw41HTkjBrXcEO4",
    "client_secret_expires_at": 0,
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit",
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61367/static/jwks_61367.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61367/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61367/authz_cb"
    ],
    "registration_access_token": "2vl0n2lbBaJsXctfBK3t",
    "registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=qNLYIv4oACMyRVnl4JTh",
    "response_types": [
        "code",
        "id_token",
        "token"
    ],
    "token_endpoint_auth_method": "private_key_jwt"
}
1phase<--<-- 3 --- AsyncAuthn -->-->
1AuthorizationRequest
{
    "client_id": "qNLYIv4oACMyRVnl4JTh",
    "nonce": "0Pfg0fN3hGriQU7P",
    "redirect_uri": "https://op.certification.openid.net:61367/authz_cb",
    "response_type": "code id_token token",
    "scope": "openid",
    "state": "MUrOD8KNO13PWVgb"
}
1redirect urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=MUrOD8KNO13PWVgb&nonce=0Pfg0fN3hGriQU7P&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&client_id=qNLYIv4oACMyRVnl4JTh
1redirecthttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=MUrOD8KNO13PWVgb&nonce=0Pfg0fN3hGriQU7P&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&client_id=qNLYIv4oACMyRVnl4JTh
2http args{}
2responseURL with fragment
2responseaccess_token=R9fqtnf0Emahbx9sPEeW&state=MUrOD8KNO13PWVgb&expires_in=3599&token_type=bearer&code=KJf43fppBSr0F06o1cK1b4hl7TBDjq&scope=openid&id_token=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjBQZmcwZk4zaEdyaVFVN1AiLCJpYXQiOjE1NjA3NTUzNzEsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsImF0X2hhc2giOiIxQUV5WHE5amRHX2t5U3hqa1lkMDVBIiwic3ViIjoidGVzdHVzZXIiLCJleHAiOjE1NjA3NTg3OTEsImNfaGFzaCI6ImxpOEM1dFlUTHVZb3E1cmtRb21Gc0EiLCJhdWQiOiJxTkxZSXY0b0FDTXlSVm5sNEpUaCJ9.E5nK0G7cb63931WcjW1yXOwVoOflljOi_1qr5c7WSCVdQnS1TeexyKDyOqV7eTivejRJd2qCyF9Uh-2klP2jGbpkarpP3ODVUjK7qKiIDgfu_N-DyVciyIfQgnHlvy_OMtLJXF3IUtAHeWA1ggCBwseYYEuEIH-nSqEaBSnFhgUZdiLf4RLGLkwdjhdM3WcDQ9sdEHt5XghXpco7hR7sUYZdEg30HA1Rd8TXfo_5s7e-9LjCE8TLlefEnhOH4d20yu7SH8afTEHyYg-nrvIitgDrskSx_xeL1pmAw6hnpGozJcMV3gcMv05oN34tZ546gpgGl1-xU_m5sC_mEcwVfQ
2response{'access_token': 'R9fqtnf0Emahbx9sPEeW', 'state': 'MUrOD8KNO13PWVgb', 'expires_in': 3599, 'token_type': 'bearer', 'code': 'KJf43fppBSr0F06o1cK1b4hl7TBDjq', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjBQZmcwZk4zaEdyaVFVN1AiLCJpYXQiOjE1NjA3NTUzNzEsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsImF0X2hhc2giOiIxQUV5WHE5amRHX2t5U3hqa1lkMDVBIiwic3ViIjoidGVzdHVzZXIiLCJleHAiOjE1NjA3NTg3OTEsImNfaGFzaCI6ImxpOEM1dFlUTHVZb3E1cmtRb21Gc0EiLCJhdWQiOiJxTkxZSXY0b0FDTXlSVm5sNEpUaCJ9.E5nK0G7cb63931WcjW1yXOwVoOflljOi_1qr5c7WSCVdQnS1TeexyKDyOqV7eTivejRJd2qCyF9Uh-2klP2jGbpkarpP3ODVUjK7qKiIDgfu_N-DyVciyIfQgnHlvy_OMtLJXF3IUtAHeWA1ggCBwseYYEuEIH-nSqEaBSnFhgUZdiLf4RLGLkwdjhdM3WcDQ9sdEHt5XghXpco7hR7sUYZdEg30HA1Rd8TXfo_5s7e-9LjCE8TLlefEnhOH4d20yu7SH8afTEHyYg-nrvIitgDrskSx_xeL1pmAw6hnpGozJcMV3gcMv05oN34tZ546gpgGl1-xU_m5sC_mEcwVfQ'}
2AuthorizationResponse
{
    "access_token": "R9fqtnf0Emahbx9sPEeW",
    "code": "KJf43fppBSr0F06o1cK1b4hl7TBDjq",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "1AEyXq9jdG_kySxjkYd05A",
        "aud": [
            "qNLYIv4oACMyRVnl4JTh"
        ],
        "c_hash": "li8C5tYTLuYoq5rkQomFsA",
        "exp": 1560758791,
        "iat": 1560755371,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "0Pfg0fN3hGriQU7P",
        "sub": "testuser"
    },
    "scope": "openid",
    "state": "MUrOD8KNO13PWVgb",
    "token_type": "bearer"
}
2phase<--<-- 4 --- AccessToken -->-->
2requestop_args: {'state': 'MUrOD8KNO13PWVgb'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61367/authz_cb'}
2do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61367/authz_cb', 'code': 'KJf43fppBSr0F06o1cK1b4hl7TBDjq', 'state': 'MUrOD8KNO13PWVgb', 'grant_type': 'authorization_code', 'client_id': 'qNLYIv4oACMyRVnl4JTh'}, 'state': 'MUrOD8KNO13PWVgb', 'authn_method': 'private_key_jwt'}
2AccessTokenRequest
{
    "client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAicU5MWUl2NG9BQ015UlZubDRKVGgiLCAic3ViIjogInFOTFlJdjRvQUNNeVJWbmw0SlRoIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJsR3lCN2J1eUJ3VzJrYVExUnBEU1QwcHFJTE1GbDNERCIsICJleHAiOiAxNTYwNzU1OTcyLCAiaWF0IjogMTU2MDc1NTM3Mn0.JSBnTiNrKkxKnkaFqiqOVVjD-flBufhFe6hMmlzUXKdtFqn5wG2BAKcyxhDKwj1lTXfLMZ3awxUXj3azhhI-CTsNt0DduG7Hmx3t8dot40XDurnH0pNJysR5Usp5fwMgRuto3xVr2FDlI1agsCRVzV8P4sKdqtfHqOzFwF_WPjP1rFdCLu7Tia0KReBRwqc2sSSJUjgXaHPgv5jJWbfHPc229XxuBBoyN0NKbvDAjvurSQc06xTClbT2MLemiPSef4K0hoOlIeYJUtCbBdeX014NMg85VPQL93DegSIP4Bmif7XOl5iN3E60PqiL3blKlC5W4rOxLWxZQzM0gu_U1Q",
    "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
    "code": "KJf43fppBSr0F06o1cK1b4hl7TBDjq",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61367/authz_cb",
    "state": "MUrOD8KNO13PWVgb"
}
2request_urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/token
2request_http_args{'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
2requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&code=KJf43fppBSr0F06o1cK1b4hl7TBDjq&state=MUrOD8KNO13PWVgb&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAicU5MWUl2NG9BQ015UlZubDRKVGgiLCAic3ViIjogInFOTFlJdjRvQUNNeVJWbmw0SlRoIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJsR3lCN2J1eUJ3VzJrYVExUnBEU1QwcHFJTE1GbDNERCIsICJleHAiOiAxNTYwNzU1OTcyLCAiaWF0IjogMTU2MDc1NTM3Mn0.JSBnTiNrKkxKnkaFqiqOVVjD-flBufhFe6hMmlzUXKdtFqn5wG2BAKcyxhDKwj1lTXfLMZ3awxUXj3azhhI-CTsNt0DduG7Hmx3t8dot40XDurnH0pNJysR5Usp5fwMgRuto3xVr2FDlI1agsCRVzV8P4sKdqtfHqOzFwF_WPjP1rFdCLu7Tia0KReBRwqc2sSSJUjgXaHPgv5jJWbfHPc229XxuBBoyN0NKbvDAjvurSQc06xTClbT2MLemiPSef4K0hoOlIeYJUtCbBdeX014NMg85VPQL93DegSIP4Bmif7XOl5iN3E60PqiL3blKlC5W4rOxLWxZQzM0gu_U1Q&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
2response{'access_token': 'of7i2ca7QlKCfmZz2Xrg', 'refresh_token': 'VaEN7iWg7dFD4pvwhJWnZLOrLIeZhWIigDOdqdNq', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoidHpxT2VfX2tPXzVGaGNlbzRQZTVlZyIsIm5vbmNlIjoiMFBmZzBmTjNoR3JpUVU3UCIsImlhdCI6MTU2MDc1NTM3MiwiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6IkhBOFRHMlplM1VmOHplazg0VjZldWciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc1ODc5MiwiYXVkIjoicU5MWUl2NG9BQ015UlZubDRKVGgifQ.VRQOkDSz5XwNn8BFHtrPawndFV62LiT750gCQbXhagcXmREAsnhll5wppdTmr72KPL4swbvNiJHScla7AyiwTTrkdBmN9LphKGGxiIYdz9SVT5fJcbUk1udAsNNPx_N1ZrnTk66MRn2EaHWPBtqib-Vu2Gs5n7byjclVKCE7P1o9sqvZlYf7k8PuC3JBF3Tg0ydXXC1XgXxqUICnK6IHfba-oNGhGa2p8SVOj0TpQT16qnlBQix2eimN6yXqUVO6kZdJgOOSK38wmnvdHEcMeYsGBIYvpLWv-gYc-S3OE_ZwC990v8sBcXr45MdXguCkvL-j1gcueakj_5TUeXR6Jg', 'token_type': 'bearer', 'expires_in': 3599}
2AccessTokenResponse
{
    "access_token": "of7i2ca7QlKCfmZz2Xrg",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "HA8TG2Ze3Uf8zek84V6eug",
        "aud": [
            "qNLYIv4oACMyRVnl4JTh"
        ],
        "exp": 1560758792,
        "iat": 1560755372,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "0Pfg0fN3hGriQU7P",
        "rt_hash": "tzqOe__kO_5Fhceo4Pe5eg",
        "sub": "testuser"
    },
    "refresh_token": "VaEN7iWg7dFD4pvwhJWnZLOrLIeZhWIigDOdqdNq",
    "scope": "openid",
    "token_type": "bearer"
}
2jws header{'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'}
2phase<--<-- 5 --- Note -->-->
3phase<--<-- 6 --- Webfinger -->-->
3not expected to doWebFinger
3phase<--<-- 7 --- Discovery -->-->
3provider_config
kwargs:{'issuer': 'https://isamfed.com:30443/test'}
3http response
url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
3ProviderConfigurationResponse
{
    "authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
    "claims_parameter_supported": false,
    "claims_supported": [
        "realmName",
        "preferred_username",
        "given_name",
        "uid",
        "upn",
        "groupIds",
        "employee_id",
        "name",
        "tenantId",
        "mobile_number",
        "department",
        "job_title",
        "family_name",
        "email"
    ],
    "device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
    "grant_types_supported": [
        "urn:ietf:params:oauth:grant-type:jwt-bearer",
        "implicit",
        "urn:ietf:params:oauth:grant-type:saml2-bearer",
        "urn:ietf:params:oauth:grant-type:device_code",
        "client_credentials",
        "password",
        "authorization_code",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
    "issuer": "https://isamfed.com:30443/test",
    "jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
    "name": "OIDCDefinition",
    "poc": "https://isamfed.com:30443/mga/",
    "registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": false,
    "response_modes_supported": [
        "fragment",
        "form_post"
    ],
    "response_types_supported": [
        "token",
        "id_token",
        "token id_token",
        "code",
        "code id_token",
        "code token id_token",
        "code token",
        "none"
    ],
    "revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
    "token_endpoint_auth_methods_supported": [
        "private_key_jwt",
        "client_secret_post",
        "client_secret_basic"
    ],
    "user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
    "userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
    "userinfo_signing_alg_values_supported": [
        "RS256"
    ],
    "version": "3.0"
}
3phase<--<-- 8 --- Registration -->-->
3register
kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61367/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61367/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61367/static/jwks_61367.json', 'token_endpoint_auth_method': 'private_key_jwt'}
3RegistrationRequest
{
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit",
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61367/static/jwks_61367.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61367/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61367/authz_cb"
    ],
    "response_types": [
        "code id_token token"
    ],
    "token_endpoint_auth_method": "private_key_jwt"
}
3http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
3RegistrationResponse
{
    "application_type": "web",
    "client_id": "9ceq4zMyo17sKPgTKIgH",
    "client_id_issued_at": 1560755373,
    "client_secret": "tOtelxiYx7Pd92G1z1Vu",
    "client_secret_expires_at": 0,
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit",
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61367/static/jwks_61367.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61367/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61367/authz_cb"
    ],
    "registration_access_token": "NB1MCyPH6g81KgnLIJvG",
    "registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=9ceq4zMyo17sKPgTKIgH",
    "response_types": [
        "code",
        "id_token",
        "token"
    ],
    "token_endpoint_auth_method": "private_key_jwt"
}
3phase<--<-- 9 --- AsyncAuthn -->-->
3AuthorizationRequest
{
    "client_id": "9ceq4zMyo17sKPgTKIgH",
    "max_age": 1,
    "nonce": "Wenxqx1GCQIzzGwI",
    "redirect_uri": "https://op.certification.openid.net:61367/authz_cb",
    "response_type": "code id_token token",
    "scope": "openid",
    "state": "SfE6tVe4jfTuub6S"
}
3redirect urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=SfE6tVe4jfTuub6S&nonce=Wenxqx1GCQIzzGwI&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&max_age=1&client_id=9ceq4zMyo17sKPgTKIgH
3redirecthttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=SfE6tVe4jfTuub6S&nonce=Wenxqx1GCQIzzGwI&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&max_age=1&client_id=9ceq4zMyo17sKPgTKIgH
6http args{}
7responseURL with fragment
7responseaccess_token=S3UdZQPWr4ZI5cqqaHbs&state=SfE6tVe4jfTuub6S&expires_in=3599&token_type=bearer&code=SEhGPthwr1z8VfzW3hXQ234MrohfoN&scope=openid&id_token=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJhdXRoX3RpbWUiOjE1NjA3NTUzNzYsIm5vbmNlIjoiV2VueHF4MUdDUUl6ekd3SSIsImlhdCI6MTU2MDc1NTM3NiwiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6Ikh3b25tMEQ1SDAyckFsRFU1c1dfS3ciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc1ODc5NiwiY19oYXNoIjoiek5MaExEZzZfeXpTLV9MOGppRWRvdyIsImF1ZCI6IjljZXE0ek15bzE3c0tQZ1RLSWdIIn0.TJKM_32ef6hsST_biRXAVTZupae65EeBlcCyi7XSr3eS9WWQBLFKAHrB82vzpItAyZARpRgKvKXBfB4xjPo1u_7uONTCRYHP8LEr-nKPQ1P99trRw1ShXcF2ivSwS_xVFf_ABy7SMJUWIYkQ-w5AYGj5QTeKQa41EZPYMjp2Jl42N1SevUIB5nRanzpRErt3PnLL10KH87OGg9pyEtOQEmUvRBKgjhapdba9gr-sCkbUiL0ggIAoISZk0BBZ7YuemVm9rY5mlBiR_Ye_bCrGieMk2sd3tdUht3c9Eksk4Gz6SaCOzHu9RC96NdH6PpbRGCrJ13rRoSr2twoCiLlHBA
7response{'access_token': 'S3UdZQPWr4ZI5cqqaHbs', 'state': 'SfE6tVe4jfTuub6S', 'expires_in': 3599, 'token_type': 'bearer', 'code': 'SEhGPthwr1z8VfzW3hXQ234MrohfoN', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJhdXRoX3RpbWUiOjE1NjA3NTUzNzYsIm5vbmNlIjoiV2VueHF4MUdDUUl6ekd3SSIsImlhdCI6MTU2MDc1NTM3NiwiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6Ikh3b25tMEQ1SDAyckFsRFU1c1dfS3ciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc1ODc5NiwiY19oYXNoIjoiek5MaExEZzZfeXpTLV9MOGppRWRvdyIsImF1ZCI6IjljZXE0ek15bzE3c0tQZ1RLSWdIIn0.TJKM_32ef6hsST_biRXAVTZupae65EeBlcCyi7XSr3eS9WWQBLFKAHrB82vzpItAyZARpRgKvKXBfB4xjPo1u_7uONTCRYHP8LEr-nKPQ1P99trRw1ShXcF2ivSwS_xVFf_ABy7SMJUWIYkQ-w5AYGj5QTeKQa41EZPYMjp2Jl42N1SevUIB5nRanzpRErt3PnLL10KH87OGg9pyEtOQEmUvRBKgjhapdba9gr-sCkbUiL0ggIAoISZk0BBZ7YuemVm9rY5mlBiR_Ye_bCrGieMk2sd3tdUht3c9Eksk4Gz6SaCOzHu9RC96NdH6PpbRGCrJ13rRoSr2twoCiLlHBA'}
7AuthorizationResponse
{
    "access_token": "S3UdZQPWr4ZI5cqqaHbs",
    "code": "SEhGPthwr1z8VfzW3hXQ234MrohfoN",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "Hwonm0D5H02rAlDU5sW_Kw",
        "aud": [
            "9ceq4zMyo17sKPgTKIgH"
        ],
        "auth_time": 1560755376,
        "c_hash": "zNLhLDg6_yzS-_L8jiEdow",
        "exp": 1560758796,
        "iat": 1560755376,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "Wenxqx1GCQIzzGwI",
        "sub": "testuser"
    },
    "scope": "openid",
    "state": "SfE6tVe4jfTuub6S",
    "token_type": "bearer"
}
7phase<--<-- 10 --- AccessToken -->-->
7requestop_args: {'state': 'SfE6tVe4jfTuub6S'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61367/authz_cb'}
7do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61367/authz_cb', 'code': 'SEhGPthwr1z8VfzW3hXQ234MrohfoN', 'state': 'SfE6tVe4jfTuub6S', 'grant_type': 'authorization_code', 'client_id': '9ceq4zMyo17sKPgTKIgH'}, 'state': 'SfE6tVe4jfTuub6S', 'authn_method': 'private_key_jwt'}
7AccessTokenRequest
{
    "client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiOWNlcTR6TXlvMTdzS1BnVEtJZ0giLCAic3ViIjogIjljZXE0ek15bzE3c0tQZ1RLSWdIIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJLMUpCS2N2eGJJT1NoWDhJeUZXQ25UbjUyVjkxeW1YQiIsICJleHAiOiAxNTYwNzU1OTc3LCAiaWF0IjogMTU2MDc1NTM3N30.HPSnSdVOMtC66ugm3fdOiek9sjhX77qm-B9cObyXcEHXWHFitAqaNEIhQIiFbC9BpCIoc-6kpxn1Dx2CTDUFWrU0tYQwY592vlCIXAK4gO6596L1TNQyoMjS1kCI0P6NWURGlu6h9jUQiMMaM_8M6plNwET4DTEccIT0fRpj9_NPPgkTlYd1C1P41cJQiKxrPeZDaX_S8U44MBK5f2DMcJ_onSl_MIPEohgPM8dE1cdedHSEH8-k9oOdDcthyTyRSdOPpNsEo1gqljNnrE9_pkvaxebcU_pM8jvc-490xZwxd0OQ6HXFCMTuUECwn-wVWIU0jVqzLUIKmDmBd5uOYg",
    "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
    "code": "SEhGPthwr1z8VfzW3hXQ234MrohfoN",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61367/authz_cb",
    "state": "SfE6tVe4jfTuub6S"
}
7request_urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/token
7request_http_args{'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
7requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&code=SEhGPthwr1z8VfzW3hXQ234MrohfoN&state=SfE6tVe4jfTuub6S&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiOWNlcTR6TXlvMTdzS1BnVEtJZ0giLCAic3ViIjogIjljZXE0ek15bzE3c0tQZ1RLSWdIIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJLMUpCS2N2eGJJT1NoWDhJeUZXQ25UbjUyVjkxeW1YQiIsICJleHAiOiAxNTYwNzU1OTc3LCAiaWF0IjogMTU2MDc1NTM3N30.HPSnSdVOMtC66ugm3fdOiek9sjhX77qm-B9cObyXcEHXWHFitAqaNEIhQIiFbC9BpCIoc-6kpxn1Dx2CTDUFWrU0tYQwY592vlCIXAK4gO6596L1TNQyoMjS1kCI0P6NWURGlu6h9jUQiMMaM_8M6plNwET4DTEccIT0fRpj9_NPPgkTlYd1C1P41cJQiKxrPeZDaX_S8U44MBK5f2DMcJ_onSl_MIPEohgPM8dE1cdedHSEH8-k9oOdDcthyTyRSdOPpNsEo1gqljNnrE9_pkvaxebcU_pM8jvc-490xZwxd0OQ6HXFCMTuUECwn-wVWIU0jVqzLUIKmDmBd5uOYg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
7http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
7response{'access_token': '376KtX3LHx2JqrnD4mMn', 'refresh_token': 'bN7a0lxtfbsJEJ9gapWgQZbxOv7bTncsdF3J4HFp', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJhdXRoX3RpbWUiOjE1NjA3NTUzNzgsInJ0X2hhc2giOiJybFNDYk9jV1RMSTQxMGFLMTY3VmN3Iiwibm9uY2UiOiJXZW54cXgxR0NRSXp6R3dJIiwiaWF0IjoxNTYwNzU1Mzc3LCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjMwNDQzL3Rlc3QiLCJhdF9oYXNoIjoielJKWFF1YU5OQWtfWVJQRVFmU1liQSIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU4Nzk3LCJhdWQiOiI5Y2VxNHpNeW8xN3NLUGdUS0lnSCJ9.RCw2IU6iYKMTp5cX6nWC8Sf4J2LqyWishE3wx1k35Jh-iE330E7H-umzDog-soUEye-8bw8LFFfsauf8QLk3L-ZpZtGxOD65UO9fCdMM60gJF3r2liqviNOSrx5EGDMefadsGLsvzKjJk_InOhcbvAQxwGDOzPXGpHiPK6_c1lQIAkCcmYU64LmUcf8WsBx5RK_n55PyE9xIOxvlg1Lo_OEw1l1nhYheQIZOgiGD980z1IxgZBpNK7ht-NHzhVX2JW1sMZLWVEg74lO571Q2DYWE8Aoo_hz6fuZA_Vg9YO8wXgB8Hsmd9xekcU1Kbwqd5VTJfd9OufD2pLukNI8ewg', 'token_type': 'bearer', 'expires_in': 3599}
7AccessTokenResponse
{
    "access_token": "376KtX3LHx2JqrnD4mMn",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "zRJXQuaNNAk_YRPEQfSYbA",
        "aud": [
            "9ceq4zMyo17sKPgTKIgH"
        ],
        "auth_time": 1560755378,
        "exp": 1560758797,
        "iat": 1560755377,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "Wenxqx1GCQIzzGwI",
        "rt_hash": "rlSCbOcWTLI410aK167Vcw",
        "sub": "testuser"
    },
    "refresh_token": "bN7a0lxtfbsJEJ9gapWgQZbxOv7bTncsdF3J4HFp",
    "scope": "openid",
    "token_type": "bearer"
}
7jws header{'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'}
7phase<--<-- 11 --- Done -->-->
7end
7assertionClaimsCheck
7conditionclaims-check: status=OK [Checks if specific claims is present or not]
7assertionAuthTimeCheck
7conditionauth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
7assertionMultipleSignOn
7conditionmultiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
7assertionVerifyResponse
7conditionverify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
7conditionDone: status=OK

Result

PASSED