Test Info

Issuerhttps://isamfed.com:30443/test
Profile[]
Test IDOP-Req-max_age=10000
Test descriptionRequesting ID Token with max_age=10000 seconds restriction
Timestamp2019-06-17T15:16:48Z

Conditions


claims-check: status=OK [Checks if specific claims is present or not]
Done: status=OK

Trace Output

0phase<--<-- 0 --- Webfinger -->-->
0not expected to doWebFinger
0phase<--<-- 1 --- Discovery -->-->
0provider_config
kwargs:{'issuer': 'https://isamfed.com:30443/test'}
0http response
url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
0ProviderConfigurationResponse
{
    "authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
    "claims_parameter_supported": false,
    "claims_supported": [
        "realmName",
        "preferred_username",
        "given_name",
        "uid",
        "upn",
        "groupIds",
        "employee_id",
        "name",
        "tenantId",
        "mobile_number",
        "department",
        "job_title",
        "family_name",
        "email"
    ],
    "device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
    "grant_types_supported": [
        "urn:ietf:params:oauth:grant-type:jwt-bearer",
        "implicit",
        "urn:ietf:params:oauth:grant-type:saml2-bearer",
        "urn:ietf:params:oauth:grant-type:device_code",
        "client_credentials",
        "password",
        "authorization_code",
        "refresh_token"
    ],
    "id_token_encryption_alg_values_supported": [
        "RSA-OAEP-256"
    ],
    "id_token_encryption_enc_values_supported": [
        "A128CBC-HS256"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
    "issuer": "https://isamfed.com:30443/test",
    "jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
    "name": "OIDCDefinition",
    "poc": "https://isamfed.com:30443/mga/",
    "registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": false,
    "response_modes_supported": [
        "fragment",
        "form_post"
    ],
    "response_types_supported": [
        "token",
        "id_token",
        "token id_token",
        "code",
        "code id_token",
        "code token id_token",
        "code token",
        "none"
    ],
    "revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
    "token_endpoint_auth_methods_supported": [
        "private_key_jwt",
        "client_secret_post",
        "client_secret_basic"
    ],
    "user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
    "userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
    "userinfo_signing_alg_values_supported": [
        "RS256"
    ],
    "version": "3.0"
}
0phase<--<-- 2 --- Registration -->-->
0register
kwargs:{'response_types': ['id_token token'], 'grant_types': ['implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61585/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61585/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61585/static/jwks_61585.json', 'token_endpoint_auth_method': 'private_key_jwt'}
0RegistrationRequest
{
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit"
    ],
    "jwks_uri": "https://op.certification.openid.net:61585/static/jwks_61585.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61585/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61585/authz_cb"
    ],
    "response_types": [
        "id_token token"
    ],
    "token_endpoint_auth_method": "private_key_jwt"
}
1http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
1RegistrationResponse
{
    "application_type": "web",
    "client_id": "rWTUZPKrcK5zX2xiX7FX",
    "client_id_issued_at": 1560784605,
    "client_secret": "qL3kYMm0NFNmlLnKtiKx",
    "client_secret_expires_at": 0,
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit"
    ],
    "jwks_uri": "https://op.certification.openid.net:61585/static/jwks_61585.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61585/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61585/authz_cb"
    ],
    "registration_access_token": "enULV9XjFijpW4Ijk6dW",
    "registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=rWTUZPKrcK5zX2xiX7FX",
    "response_types": [
        "id_token",
        "token"
    ],
    "token_endpoint_auth_method": "private_key_jwt"
}
1phase<--<-- 3 --- AsyncAuthn -->-->
1AuthorizationRequest
{
    "client_id": "rWTUZPKrcK5zX2xiX7FX",
    "nonce": "Y3u3rhUCagcxvy53",
    "redirect_uri": "https://op.certification.openid.net:61585/authz_cb",
    "response_type": "id_token token",
    "scope": "openid",
    "state": "G5TIjdGh6sOAE8jc"
}
1redirect urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=G5TIjdGh6sOAE8jc&nonce=Y3u3rhUCagcxvy53&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61585%2Fauthz_cb&client_id=rWTUZPKrcK5zX2xiX7FX
1redirecthttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=G5TIjdGh6sOAE8jc&nonce=Y3u3rhUCagcxvy53&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61585%2Fauthz_cb&client_id=rWTUZPKrcK5zX2xiX7FX
2http args{}
2responseURL with fragment
2responseaccess_token=TQOe8Kk49UTLBQ5gmWTI&state=G5TIjdGh6sOAE8jc&expires_in=3599&token_type=bearer&scope=openid&id_token=eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.Kybd9_YTClnPxdpXdTG2QnLnrRC60S7weCoMuzsptEupTznjgU78agQpRcbmjSG2q3iZwFFgeL_8oYk6HGK5rEVmUWN69GRQS35jEUBwjQZ2UFqtxkaX362koTnLruL_LaidYL6MOMGOQ-R9a1cK4Auw18VZMQ1C64qB-MNAtRhI_a5Ss1TsyzMwMu3jQIffe64_ajjxAKKqwvTlRoky6nHJ68JWwwqPf2Oq_MGjkQPx_qdSAmexMffiESqwdgU9jeGWpoi3w1l4vhBE6_eeGF4UVG0p_Y96gnySIaTs1mYpXaPVqUSXHPoebKQV0mZ4RjCPUnI7ND_vUDy0JvXXHw.-phcMlAEFG2N3Tg_Y-AcdA.Zs3npGfzxRGABx_RAIkaBYDKV-yEOdNJF-SO8hLl7qvaGW5M7SbyxuxSqqs3xGG6iwcadv1p2u8LZoKOk-vmebBjz8sAEOMrcCgP98fYRUGC9ZmBEuoPfnyTr_MIasiDd59P8Rqp463GWVmKSDudQDfqYSRzOVCg8tHNWsoay9sGZqnwBXXmw-Yk_Wh7RLKRcmgKpaVDPpC3tgOTTg33AQXVSN6ZJCfXaF3yHL0Oe50W5wfw6go4u-NJYIX2E2kKGeboUDXNVQ4TyHOZR5QMcLYlhjiqa_674RFcnCyXG6V5VhjqRm6ER1Gbn5Sb5DT0IPVU1RUmBmwl9DcYHQLDbuUq1vAK2CBDWpIcjOppFgmrYwMqwPnWoHrQ-vUHo2HpkbzmppSSVtd84cd5vmRHX1oLMpw5JmDWeGmraMpS3EgWa_2PkN5JobFip7fYP5xuxr3iwaBvcPpzl296gty_Sh9qSwawmtwOPEuM5r-Vs799EYskxZJufE-N6cNu5N5ijkwuvV-LAXK1HuVmU7dOCCoXz6LWmFtSH0-fYRahuucmiJAk8gMRmgP1aCYvGwRJrL9k1DZy3sDVdLglAMFh4tcOCPJmX7dwM2PVKOdgTrH-Y1xrZlUCKRY1FJxyewNrwEUZd49QsMggvgvX84jSFQO061w-ElKSpUHi1nqY_br3DMdHjNbZtFVdNgzI7zna1D9Z6ulADhXVLgCIZlDO5QtIWTqiqJkOYUK2FsMHPyV7a0gN1xfrfQtNumLR37no46F3Mcll1SyYzE6UP1uKsv5HzPfprjinignPV6TaK_cwDHA9fApy3zj1_Pp3an4KTXyxXpc4IZ5xzJ6yI3XsRK2NPHcJrf_HfEPnTFL1hVC3E2fwdhDqouXCaR3uEOrdaY016rxVXmh7YKvJIRBDCg.dsp7ekB4g5q2-vTtbH50gg
2response{'access_token': 'TQOe8Kk49UTLBQ5gmWTI', 'state': 'G5TIjdGh6sOAE8jc', 'expires_in': 3599, 'token_type': 'bearer', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.Kybd9_YTClnPxdpXdTG2QnLnrRC60S7weCoMuzsptEupTznjgU78agQpRcbmjSG2q3iZwFFgeL_8oYk6HGK5rEVmUWN69GRQS35jEUBwjQZ2UFqtxkaX362koTnLruL_LaidYL6MOMGOQ-R9a1cK4Auw18VZMQ1C64qB-MNAtRhI_a5Ss1TsyzMwMu3jQIffe64_ajjxAKKqwvTlRoky6nHJ68JWwwqPf2Oq_MGjkQPx_qdSAmexMffiESqwdgU9jeGWpoi3w1l4vhBE6_eeGF4UVG0p_Y96gnySIaTs1mYpXaPVqUSXHPoebKQV0mZ4RjCPUnI7ND_vUDy0JvXXHw.-phcMlAEFG2N3Tg_Y-AcdA.Zs3npGfzxRGABx_RAIkaBYDKV-yEOdNJF-SO8hLl7qvaGW5M7SbyxuxSqqs3xGG6iwcadv1p2u8LZoKOk-vmebBjz8sAEOMrcCgP98fYRUGC9ZmBEuoPfnyTr_MIasiDd59P8Rqp463GWVmKSDudQDfqYSRzOVCg8tHNWsoay9sGZqnwBXXmw-Yk_Wh7RLKRcmgKpaVDPpC3tgOTTg33AQXVSN6ZJCfXaF3yHL0Oe50W5wfw6go4u-NJYIX2E2kKGeboUDXNVQ4TyHOZR5QMcLYlhjiqa_674RFcnCyXG6V5VhjqRm6ER1Gbn5Sb5DT0IPVU1RUmBmwl9DcYHQLDbuUq1vAK2CBDWpIcjOppFgmrYwMqwPnWoHrQ-vUHo2HpkbzmppSSVtd84cd5vmRHX1oLMpw5JmDWeGmraMpS3EgWa_2PkN5JobFip7fYP5xuxr3iwaBvcPpzl296gty_Sh9qSwawmtwOPEuM5r-Vs799EYskxZJufE-N6cNu5N5ijkwuvV-LAXK1HuVmU7dOCCoXz6LWmFtSH0-fYRahuucmiJAk8gMRmgP1aCYvGwRJrL9k1DZy3sDVdLglAMFh4tcOCPJmX7dwM2PVKOdgTrH-Y1xrZlUCKRY1FJxyewNrwEUZd49QsMggvgvX84jSFQO061w-ElKSpUHi1nqY_br3DMdHjNbZtFVdNgzI7zna1D9Z6ulADhXVLgCIZlDO5QtIWTqiqJkOYUK2FsMHPyV7a0gN1xfrfQtNumLR37no46F3Mcll1SyYzE6UP1uKsv5HzPfprjinignPV6TaK_cwDHA9fApy3zj1_Pp3an4KTXyxXpc4IZ5xzJ6yI3XsRK2NPHcJrf_HfEPnTFL1hVC3E2fwdhDqouXCaR3uEOrdaY016rxVXmh7YKvJIRBDCg.dsp7ekB4g5q2-vTtbH50gg'}
2AuthorizationResponse
{
    "access_token": "TQOe8Kk49UTLBQ5gmWTI",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "-LYupKsp83DiZ66aZP_N2g",
        "aud": [
            "rWTUZPKrcK5zX2xiX7FX"
        ],
        "exp": 1560788025,
        "iat": 1560784605,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "Y3u3rhUCagcxvy53",
        "sub": "testuser"
    },
    "scope": "openid",
    "state": "G5TIjdGh6sOAE8jc",
    "token_type": "bearer"
}
2phase<--<-- 4 --- AccessToken -->-->
2phase<--<-- 5 --- AsyncAuthn -->-->
2AuthorizationRequest
{
    "client_id": "rWTUZPKrcK5zX2xiX7FX",
    "max_age": 10000,
    "nonce": "rhFStj0lltGPCLwu",
    "redirect_uri": "https://op.certification.openid.net:61585/authz_cb",
    "response_type": "id_token token",
    "scope": "openid",
    "state": "P3iDbQDrb6HyejsT"
}
2redirect urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=P3iDbQDrb6HyejsT&nonce=rhFStj0lltGPCLwu&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61585%2Fauthz_cb&max_age=10000&client_id=rWTUZPKrcK5zX2xiX7FX
2redirecthttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=P3iDbQDrb6HyejsT&nonce=rhFStj0lltGPCLwu&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61585%2Fauthz_cb&max_age=10000&client_id=rWTUZPKrcK5zX2xiX7FX
3http args{}
4responseURL with fragment
4responseaccess_token=2Brui4KEyf7HLcBppHqg&state=P3iDbQDrb6HyejsT&expires_in=3599&token_type=bearer&scope=openid&id_token=eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.FHkLiUuNJ2iOUfeIz72ma_gSMZUg3OFlF3scu8eagvRgFm7SA2rrULq1YG-U4u2r9zSyfNIqVcgf1D5xSnP6aDu9JhYLzNNCf4CAPQJAxyUJV9B4SMfyRE4hBSPyyR7xwLMEJw47z8I32zZ5I92priZKFzUB0NGlPD8X8DDGcfLW6rWHriOoWll-269xzSx_x5f2KNi5EubBFZHACs6g_p3C1Wkm_wiMqzZ2zr6Pv-pFxC02AGdYR9uneMxyvxF4IJxymLJpFVALYC88UbwD2eOGPGw0qT98YiuyU27Jxf5089Vj_TWJ-mdh-3afjKUmzjOscZvJ2bL5VhynNP11Ng.6YagOSDZPYl-v-AgL0iGkQ.erEbbM_UldzFMtTTFADisPoQnpvP2_Licr8jLsxcxeJ3M_S7M7nGw-11FBqc_2AkzqQqwVB5mI18eGR_6N-TlTXV6TscomffpNWGP50G8Jo7Crz5RZqBEPxMUnM4XFyoGAQESxbk_TCTbFzHiF9U3s6NG0RTY8i5i9gTT-dBOFIvSMRxpIe4ZmFq7JoaDOWruruoCJ-2vam78upa3abJODZEUJ1mJLRLvLtKYXwQNK3WKYZc0x3xynHAR-ZX3aSjNZjugCo8Hc0Fo7gbOyC1aphjczH_jepL24t9H1_66kiQqx86lfGWDFNC0DVtNLFHQeJaIOtWnEadhBT502f9MDwuR5gu3DkBB0ggTSzIIXQxTF1iyhrcImCjNOAjFja-NVuHDEbROSk4xefP7eoztV71DcqQ1gjuHjqFsIEplfkg39djsX4TBw0zeoq7nzsoP3eIQ_GMZj-NlqtV8MFJoYBnIdtMIgxhXagbk82pJcghgDg0Zj9j9xb92s2bnp9OFCIFHdSU5A_NRQky0Y6oceLzReilzqEGdGRyTwZcvvogfUs-Q7NKuBeV7cq6NZlqXfymQ_QTVofpbxCMwD3bVC9cMK4CjockpIZQWgklDZ2Hlw1HpVgPrW7bTbnYHqW0XJYDb7CADprkBd3mgmUwp1QUK43eyBHCeMwpEQQ1KOab7XgR4XeS2zg63hqDcum9kHvi7CgeLX5m4XW8sjsmv09z3oe68EjzrHRJhRkL8zHAbv4aFLVlVxYsRpcm8Re35f2HVE6JyK0Nzt2isd2Mh2p33Qiwy1pXqSEdG5BqWGw41AzC6dKpDtUg4fZA0IvggY8_ljeNraJYGl06oZ0xdL1MpNpxtmuhH21xuVtI_EqIvHrQzZrD_YTdYe6T4wJvLzDI2jdXgotvWC3qa2RON1_P0o12ZOtoETt_LUfgw9gTFYTO_kFixhIHBSLXT97k.xw6pyQor55-vqqFKiBLGKQ
4response{'access_token': '2Brui4KEyf7HLcBppHqg', 'state': 'P3iDbQDrb6HyejsT', 'expires_in': 3599, 'token_type': 'bearer', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.FHkLiUuNJ2iOUfeIz72ma_gSMZUg3OFlF3scu8eagvRgFm7SA2rrULq1YG-U4u2r9zSyfNIqVcgf1D5xSnP6aDu9JhYLzNNCf4CAPQJAxyUJV9B4SMfyRE4hBSPyyR7xwLMEJw47z8I32zZ5I92priZKFzUB0NGlPD8X8DDGcfLW6rWHriOoWll-269xzSx_x5f2KNi5EubBFZHACs6g_p3C1Wkm_wiMqzZ2zr6Pv-pFxC02AGdYR9uneMxyvxF4IJxymLJpFVALYC88UbwD2eOGPGw0qT98YiuyU27Jxf5089Vj_TWJ-mdh-3afjKUmzjOscZvJ2bL5VhynNP11Ng.6YagOSDZPYl-v-AgL0iGkQ.erEbbM_UldzFMtTTFADisPoQnpvP2_Licr8jLsxcxeJ3M_S7M7nGw-11FBqc_2AkzqQqwVB5mI18eGR_6N-TlTXV6TscomffpNWGP50G8Jo7Crz5RZqBEPxMUnM4XFyoGAQESxbk_TCTbFzHiF9U3s6NG0RTY8i5i9gTT-dBOFIvSMRxpIe4ZmFq7JoaDOWruruoCJ-2vam78upa3abJODZEUJ1mJLRLvLtKYXwQNK3WKYZc0x3xynHAR-ZX3aSjNZjugCo8Hc0Fo7gbOyC1aphjczH_jepL24t9H1_66kiQqx86lfGWDFNC0DVtNLFHQeJaIOtWnEadhBT502f9MDwuR5gu3DkBB0ggTSzIIXQxTF1iyhrcImCjNOAjFja-NVuHDEbROSk4xefP7eoztV71DcqQ1gjuHjqFsIEplfkg39djsX4TBw0zeoq7nzsoP3eIQ_GMZj-NlqtV8MFJoYBnIdtMIgxhXagbk82pJcghgDg0Zj9j9xb92s2bnp9OFCIFHdSU5A_NRQky0Y6oceLzReilzqEGdGRyTwZcvvogfUs-Q7NKuBeV7cq6NZlqXfymQ_QTVofpbxCMwD3bVC9cMK4CjockpIZQWgklDZ2Hlw1HpVgPrW7bTbnYHqW0XJYDb7CADprkBd3mgmUwp1QUK43eyBHCeMwpEQQ1KOab7XgR4XeS2zg63hqDcum9kHvi7CgeLX5m4XW8sjsmv09z3oe68EjzrHRJhRkL8zHAbv4aFLVlVxYsRpcm8Re35f2HVE6JyK0Nzt2isd2Mh2p33Qiwy1pXqSEdG5BqWGw41AzC6dKpDtUg4fZA0IvggY8_ljeNraJYGl06oZ0xdL1MpNpxtmuhH21xuVtI_EqIvHrQzZrD_YTdYe6T4wJvLzDI2jdXgotvWC3qa2RON1_P0o12ZOtoETt_LUfgw9gTFYTO_kFixhIHBSLXT97k.xw6pyQor55-vqqFKiBLGKQ'}
4AuthorizationResponse
{
    "access_token": "2Brui4KEyf7HLcBppHqg",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "yY6FF7b5F38q5-nAChyqbg",
        "aud": [
            "rWTUZPKrcK5zX2xiX7FX"
        ],
        "auth_time": 1560784607,
        "exp": 1560788027,
        "iat": 1560784607,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "rhFStj0lltGPCLwu",
        "sub": "testuser"
    },
    "scope": "openid",
    "state": "P3iDbQDrb6HyejsT",
    "token_type": "bearer"
}
4phase<--<-- 6 --- AccessToken -->-->
4phase<--<-- 7 --- Done -->-->
4end
4assertionClaimsCheck
4conditionclaims-check: status=OK [Checks if specific claims is present or not]
4assertionSameAuthn
4conditionDone: status=OK

Result

PASSED