Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-02-09 17:10:36 INFO
TEST-RUNNER
Test instance Q1BNkC4cWJc5ecr created
baseUrl
https://www.certification.openid.net/test/a/robotto-internal-2
variant
{
  "client_auth_type": "private_key_jwt",
  "ciba_mode": "poll",
  "fapi_profile": "plain_fapi",
  "client_registration": "static_client"
}
alias
robotto-internal-2
description
Initial test
planId
MgCT3PUAqtbME
config
{
  "alias": "robotto-internal-2",
  "description": "Initial test",
  "server": {
    "discoveryUrl": "https://emea-conformance.ping-eng.com:9031/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "conformance3",
    "scope": "openid test",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "d": "QPg1PBy12DhqqGeiuWBoIdhrfbOutP8nfSND46mdTgU",
          "use": "sig",
          "crv": "P-256",
          "kid": "2HKyz2Uc4F8hRcwyuPgA5Eg_salnEe7pfujUkvj2yew",
          "x": "NK3-2enqupOW-PGDSp2X2vrtqFIVnsVMciZdVwa7p8Q",
          "y": "Yrp1yMUYXZcWbHRzsXlH94v2SJZs0lxRbbCpvo1kcUw",
          "alg": "ES256"
        }
      ]
    },
    "hint_type": "login_hint",
    "hint_value": "patrick"
  },
  "mtls": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIDlTCCAn2gAwIBAgIJAKRJoaX7BlZbMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMR0wGwYDVQQKDBRBdXRobGV0ZSBU\nZXN0IENsaWVudDEdMBsGA1UEAwwUQXV0aGxldGUgVGVzdCBDbGllbnQwIBcNMTgw\nNTI1MjA1NzU0WhgPMjEwNjAxMDQyMDU3NTRaMGAxCzAJBgNVBAYTAlVTMRMwEQYD\nVQQIDApTb21lLVN0YXRlMR0wGwYDVQQKDBRBdXRobGV0ZSBUZXN0IENsaWVudDEd\nMBsGA1UEAwwUQXV0aGxldGUgVGVzdCBDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDEWwl/Q+nuL8KXbObpVzww1VkHwLF4W9QxrPI1V0Uh6V9r\nxUjrfSbtWNEQVDwQmoW8M1XjnRnGvdNRd0m6gNEQLKsqRN2xIvPdR0IO+2b+y7WJ\n9XlwdqHAFSWQJtoHzBAmkRirRMJrQSW5sB/NIBmyVqUdTV/FghNjc+IiPF4X1kxw\nwOzm7y2zlHZUpiPQknwPbWNeyunj/XQRrqWPg+RXzAKIjbVprxGaT8CexKu6oEae\nd8BCTO0rJIOkmjXZMl+SDhXQn9GHKFh60UlJddxVngxhX63MAQ1GsO8HsjrLgO3q\n4LmTDVHkprLy/wgBRDfo0IHb3gWhbOuRGMLLMKKvAgMBAAGjUDBOMB0GA1UdDgQW\nBBRuwpA4lqWaOkwmPcTQR8CH0Iv3vjAfBgNVHSMEGDAWgBRuwpA4lqWaOkwmPcTQ\nR8CH0Iv3vjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBiCmvQmmKq\nI/8sB312HTEFlvtpbYp429eNCGXWloOOqVQkJaBnvy9YUS/wCgusyKeMBgbgpV0s\n8bp/gEW2/MnlWW9+fbFuhzRRwvuV/7je1Avv9Y06RH8GKJYwk2j6qcO7Mn9kVhln\nlKxGdFxm/i0OBuZnUe/KDxKPjVEdUJbxAFfxdq4cUjfewMuoxsYruIDnLXjTBcj2\nPbJ6vcPzq/6TYwxRmnrXIAO6Nxe8ZNXn2x2+njwrUKW4WPQ7u3dyHlD+M3iTpm3T\nwSgg0FSYiBcXhWJLQCJVEb0kbKJ/PDmcvomusQWTL/0epS62azWG8PUUs4v9Xeae\nmAbHqPGh+5Bo\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEWwl/Q+nuL8KX\nbObpVzww1VkHwLF4W9QxrPI1V0Uh6V9rxUjrfSbtWNEQVDwQmoW8M1XjnRnGvdNR\nd0m6gNEQLKsqRN2xIvPdR0IO+2b+y7WJ9XlwdqHAFSWQJtoHzBAmkRirRMJrQSW5\nsB/NIBmyVqUdTV/FghNjc+IiPF4X1kxwwOzm7y2zlHZUpiPQknwPbWNeyunj/XQR\nrqWPg+RXzAKIjbVprxGaT8CexKu6oEaed8BCTO0rJIOkmjXZMl+SDhXQn9GHKFh6\n0UlJddxVngxhX63MAQ1GsO8HsjrLgO3q4LmTDVHkprLy/wgBRDfo0IHb3gWhbOuR\nGMLLMKKvAgMBAAECggEAJ3uOy1JipYxg+oXhYKYz6jXcMxziEquUXXDDO0qTEiCV\nGVyQLxn5S9yCHWByu3v2zEMeUCh02GuvJEBySNhCMZhpypQSZ935X1NGyzBuI2ne\n1SDRDHYuTCt0ZCoLyWmVDcw7Q6UN2vc8mLv7iQmdYSjfBqdaTKK9N1BD9lJhMTWB\njxQDaF1yEZQfR1HOVVddJXt8ILOOltuxhu4EuBKsT8ZlCAN5kGx6+FzXlGlSYjWn\nGoYbERESeDim3JDwGOGX2msPGOmSzF24LnXrPg8IcrwEbzlFRIEzd8yUVA6VNca7\n1uzv/MaOX5+cTtDiAoVdfrk1Ykt1SNNccGKnC7L3MQKBgQD29FIhT21DkUnXlABK\nj0N9dBSQyQ1HzILmY/YSg7aeBAlatEzCDxHtFaS89wXxosz2vNd1QKIrLrAgSzTL\nyemi2KVcvsHyo0g0drSq3NlOw5Rz4WRAZNgBcuhFJ8ZD1BJCisdQxQyCRJ3I0pf/\nD7mGkmovII1WSk/MIEWWvd3P6wKBgQDLjEEOaTeopbnqkJrcL4UbV2GmVAIa9EXS\nqzRTrPlxVA62n8EEX5YLXTx6yrvWHWtlA4VgRmUGuu1km5DqlnVdVz/l8fSk2HFc\ndycJgKd189v/tQ+BLu50+1+uaHiWLXo3VEXgv5QKSgPxWEnNPRVbgqOhav2MaACK\no9sl3h4LTQKBgQCjyIxD7VKREmW/5TeAO53OMVOGZuE48ikKtdc4lkRibljp4FRc\nC/SeodEdRlOZ25hGOB5JdHFZZGCJOneshKBAUaDybs1gp+w2Z1gRTeGNvGbTp/N+\nRaOA6n2jh+qVh6wIl9Py/Iz8RJfE3e7SydIIr0hfMx6p0SU1Q14DyK64uwKBgQCi\nqM5ESejkqKtNu4lFc+QW2Vl7pZ6ZE6PImnASfiRIYDfx0PBaIlixdCyko+Y/UPtF\nme635QlOu4qB35+LF/lqQhMaGqS6Jw1QKxfTDDDGnb2tNm/ReEOu0ELCCVJ0EJue\nI4ZD+FTBdCx6bWdsz+eFXXyNvgYoceQc5px2Qm4X8QKBgHwpmIeHCvU9Erb9X5pY\n5JR609Ei+a9jksoe0ch7ocZi2NoE3vwjUSZFe/hTkvpf0gUhw1Zmekqhm78Qb4H7\nAq7RDbpyCvoRXGS4GulFXM9Tkfe5FejhawT6fG12KLHOSAkJNgdFCPvFOaHlxPoA\naBcf1sY/flehjWEwkVDSh0Js\n-----END PRIVATE KEY-----\n"
  },
  "client2": {
    "client_id": "conformance4",
    "scope": "openid test",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "d": "MTbmR5F_tN0zlvVrwESkMNHB-ZLoRpk3dlxHYged3Ik",
          "use": "sig",
          "crv": "P-256",
          "kid": "6waBCAJKuKMvSU3k540XHPx_4gJx01tmQh8giaYjj1k",
          "x": "XW7xFTCnyPLhhWb_dE0fIIavYTbilf3HDsUELAC5SwI",
          "y": "sm9SrdwPWJ_oQ5tbsDMi6xnsaoLWZLTFyy0L2q5vURE",
          "alg": "ES256"
        }
      ]
    },
    "acr_value": "high"
  },
  "mtls2": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIDhTCCAm2gAwIBAgIJAKAe4HusBvwoMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQxETAPBgNVBAMMCGNsaWVudF8yMCAXDTE4MDcwMjE2MzUy\nOFoYDzIxMDYwMjExMTYzNTI4WjBYMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU29t\nZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMREwDwYD\nVQQDDAhjbGllbnRfMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMy\n1QohUbUoyte8cYCCO1+vJ/GImvVkrb79HUTSzL3G46lDC0JYZGMpMvX9NncadCYL\nQV8fmofOouNs4AWJgf0skH5sAJcZMgj3GVqqLsx2iDye3cgqsCCzTf5gzhOVtpXg\nNoBMFckVGxI+dG9h06n71mH9dtGoD/BoWOB4FLae0Ec4olot5eROeJ3Z0J15aXPW\noQrn3J5Eoz0/c7D7+byb+XGjF/r+uJVrKqOLtnO69Ro99fowwVtVQAPHmxLQ9VvF\niLONwbOfELtBvX4MlxHDOuynDsDw/mHxkzMSxPXAd9QfIU05ySZ9eVR3UfNUeCk8\na63NSO8MZdfHFnUsEO8CAwEAAaNQME4wHQYDVR0OBBYEFFEdch1XYRpO5JXxPkBx\ndAoAt6IiMB8GA1UdIwQYMBaAFFEdch1XYRpO5JXxPkBxdAoAt6IiMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBABTTN0up/ndWCNamqrV8ik1XwUqPCAO7\nTYKmZrRilo3STxyp2aUiFf1uPSkU6WU4Eu0JoDKU46axIFzZO3Ckoq17JMde2OzE\nSlAF+hQyvg/3l+6mbBK/OuzOiC+yfU9roD6vmjsBlH0My1+CnqkZLr6YQSaCHffl\nb6zqA7+aLUEWjyVneD6jQ6CCFwCs6eDorY1eKFM7lCQ5OdJFBc2LOOXuSGRXLZDK\nF3X2SfKCld0VWIOknJk8drfrCc1ylWa7wIuXU/kTyX8Z68a8w1/6ZkGxN9tsHWVt\nSe6ggOD1AFI5OQ3c8lCUzgGeFl69hz2UduHOyWs1KXUhgSy7fViAP90\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTMtUKIVG1KMrX\nvHGAgjtfryfxiJr1ZK2+/R1E0sy9xuOpQwtCWGRjKTL1/TZ3GnQmC0FfH5qHzqLj\nbOAFiYH9LJB+bACXGTII9xlaqi7Mdog8nt3IKrAgs03+YM4TlbaV4DaATBXJFRsS\nPnRvYdOp+9Zh/XbRqA/waFjgeBS2ntBHOKJaLeXkTnid2dCdeWlz1qEK59yeRKM9\nP3Ow+/m8m/lxoxf6/riVayqji7ZzuvUaPfX6MMFbVUADx5sS0PVbxYizjcGznxC7\nQb1+DJcRwzrspw7A8P5h8ZMzEsT1wHfUHyFNOckmfXlUd1HzVHgpPGutzUjvDGXX\nxxZ1LBDvAgMBAAECggEBAJzGiiB39VheTJzy1OqJQhvYQPVp62Wn89XnvLdfJ/7k\nShFWpF/+j56QcbTq32hwabHn/wHmyuZvPLlIE8/ocGcIksZV0+ZWHK9NBjQoSo8a\nmi0t3QJ+tbnAgHAJWlBtfVkqVCrO0AkxsqPLWtFntCDlwhGBfpdJg3N5cihG21Fn\nnqUNxj2lVp1jxCAAcBHwCMfODFi0Kke/FLS3u9vHSRybUAbNid1adNJ6g3f3jKXh\nX5HPR2KYqDIyCQrqs9IAx7mM/T2W75NpZC1rW5GAWyw7sR71YDFI/Mronrdh0ZiH\nOpllwgM4bBD7ipNH3jNRgsAUr5nyTIJAii9z8XxGubkCgYEA+e88Kt3uZbFfcqTv\nb2ZTCUd3fyC0FcZ+/iHhKp2fmwsSIWB7k6++q8Vn/YHdew7KS+i4dvap30+k8Jf0\nu8p1NY82qHb5b/8igj6z015O+q1XE+hNoPUeIlX7JBVf0y3NIiiOTxvcWoIGKpth\nEVvlVk27PfYUEsnefFnKTQ7kNI0CgYEA2FLxXKrDQQRwtmC0My4LuAwhkGqxCwk1\nV8vD0k+J1JqVI3qQPxt5H241KtWwdb6QxAjuBe0i1Yx6vW1qC60NaZpM7RLFOEKy\nfwLuk19S9BKs1q0BRqcPpIP0PIZ+GgpKs7fIWcn19IFI/1KlSVYYV7qDgDmzMG13\nOPeJuAclAmsCgYBIyIdgAGMlUCL4ktl7OnQh9qLw7Ygj8zsWLK2SqHZLQ00TVTKH\njp1bDlC7PW9PH75/npThZ/GOK3Zf7hCCA3Jgl4UWSBdZqxXUkgfyHLupOoNqM7Mv\nlVIiM6HAH01ZhTQAp4jRts5TuRusmrUIxhciK97EK34q/oiA8/D6wcRpHQKBgBWb\nY0RQQiRyXxe4XQdnqAAAJjIYlgp2Jv/X+H0/OJMlxZO/oDzNb7G1/lWC9pcsK6WJ\nBs1MvFf8Kh5VmWwFIvvTT6+2WkCeWNna3x2VPeHnI6Bls2TtNuDF1VVeUaYkNQXy\na26cf5amezYVeTD0CoZouM3L9Zv2sxvbjcP14rp1AoGADoxlSjWxXOxZAr835wFl\nD3EMU5nhUGA0BdCfGgKqMaZmCr/ssfQDARgCKG/zLfmUBBBHbjZcHMXw6SW+E3CT\nN/q7iddT3FOgVder4GWTA+wFYdAywCT5At8wm7zeM2d/4cWlBaKew/u+A0ycUsD6\nbd3gRXjBZpD8Eep8ltVGLHw\u003d\n-----END PRIVATE KEY-----\n"
  },
  "resource": {
    "resourceUrl": "https://emea-conformance.ping-eng.com:3000/get"
  }
}
testName
fapi-ciba-id1-ensure-mtls-holder-of-key-required
2021-02-09 17:10:36 SUCCESS
CreateCIBANotificationEndpointUri
Created ciba notification endpoint URI
notification_uri
https://www.certification.openid.net/test/a/robotto-internal-2/ciba-notification-endpoint
2021-02-09 17:10:36
GetDynamicServerConfiguration
HTTP request
request_uri
https://emea-conformance.ping-eng.com:9031/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-02-09 17:10:38 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 09 Feb 2021 17:10:37 GMT",
  "x-frame-options": "SAMEORIGIN",
  "referrer-policy": "origin",
  "cache-control": "no-cache, no-store",
  "pragma": "no-cache",
  "expires": "Thu, 01 Jan 1970 00:00:00 GMT",
  "content-type": "application/json;charset\u003dutf-8",
  "set-cookie": "PF\u003dDGPHHhGw9pLiLqFDmuhKuE;Path\u003d/;Secure;HttpOnly;SameSite\u003dNone",
  "content-length": "3631"
}
response_body
{
  "issuer": "https://emea-conformance.ping-eng.com:9031",
  "authorization_endpoint": "https://emea-conformance.ping-eng.com:9031/as/authorization.oauth2",
  "token_endpoint": "https://emea-conformance.ping-eng.com:9032/as/token.oauth2",
  "revocation_endpoint": "https://emea-conformance.ping-eng.com:9031/as/revoke_token.oauth2",
  "userinfo_endpoint": "https://emea-conformance.ping-eng.com:9031/idp/userinfo.openid",
  "introspection_endpoint": "https://emea-conformance.ping-eng.com:9031/as/introspect.oauth2",
  "jwks_uri": "https://emea-conformance.ping-eng.com:9031/pf/JWKS",
  "registration_endpoint": "https://emea-conformance.ping-eng.com:9031/as/clients.oauth2",
  "ping_revoked_sris_endpoint": "https://emea-conformance.ping-eng.com:9031/pf-ws/rest/sessionMgmt/revokedSris",
  "ping_session_management_sris_endpoint": "https://emea-conformance.ping-eng.com:9031/pf-ws/rest/sessionMgmt/sessions",
  "ping_end_session_endpoint": "https://emea-conformance.ping-eng.com:9031/idp/startSLO.ping",
  "device_authorization_endpoint": "https://emea-conformance.ping-eng.com:9031/as/device_authz.oauth2",
  "scopes_supported": [ "test", "openid" ],
  "claims_supported": [ "sub" ],
  "response_types_supported": [ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ],
  "response_modes_supported": [ "fragment", "query", "form_post" ],
  "grant_types_supported": [ "implicit", "authorization_code", "refresh_token", "password", "client_credentials", "urn:pingidentity.com:oauth2:grant_type:validate_bearer", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:openid:params:grant-type:ciba" ],
  "subject_types_supported": [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
    "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "private_key_jwt" , "tls_client_auth"],
  "token_endpoint_auth_signing_alg_values_supported":  [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "claim_types_supported": [ "normal" ],
  "claims_parameter_supported": false,
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false,
  "request_object_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "id_token_encryption_alg_values_supported": [ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP" ],
  "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ],
  "backchannel_authentication_endpoint": "https://emea-conformance.ping-eng.com:9031/as/bc-auth.ciba",
  "backchannel_token_delivery_modes_supported": [ "poll", "ping" ],
  "backchannel_authentication_request_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "backchannel_user_code_parameter_supported": false,
  "code_challenge_methods_supported": [ "plain", "S256" ],
  "tls_client_certificate_bound_access_tokens": true,
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://emea-conformance.ping-eng.com:9032/as/token.oauth2",
  "backchannel_authentication_endpoint": "https://emea-conformance.ping-eng.com:9032/as/bc-auth.ciba"}
}
2021-02-09 17:10:38
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{
  "issuer": "https://emea-conformance.ping-eng.com:9031",
  "authorization_endpoint": "https://emea-conformance.ping-eng.com:9031/as/authorization.oauth2",
  "token_endpoint": "https://emea-conformance.ping-eng.com:9032/as/token.oauth2",
  "revocation_endpoint": "https://emea-conformance.ping-eng.com:9031/as/revoke_token.oauth2",
  "userinfo_endpoint": "https://emea-conformance.ping-eng.com:9031/idp/userinfo.openid",
  "introspection_endpoint": "https://emea-conformance.ping-eng.com:9031/as/introspect.oauth2",
  "jwks_uri": "https://emea-conformance.ping-eng.com:9031/pf/JWKS",
  "registration_endpoint": "https://emea-conformance.ping-eng.com:9031/as/clients.oauth2",
  "ping_revoked_sris_endpoint": "https://emea-conformance.ping-eng.com:9031/pf-ws/rest/sessionMgmt/revokedSris",
  "ping_session_management_sris_endpoint": "https://emea-conformance.ping-eng.com:9031/pf-ws/rest/sessionMgmt/sessions",
  "ping_end_session_endpoint": "https://emea-conformance.ping-eng.com:9031/idp/startSLO.ping",
  "device_authorization_endpoint": "https://emea-conformance.ping-eng.com:9031/as/device_authz.oauth2",
  "scopes_supported": [ "test", "openid" ],
  "claims_supported": [ "sub" ],
  "response_types_supported": [ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ],
  "response_modes_supported": [ "fragment", "query", "form_post" ],
  "grant_types_supported": [ "implicit", "authorization_code", "refresh_token", "password", "client_credentials", "urn:pingidentity.com:oauth2:grant_type:validate_bearer", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:openid:params:grant-type:ciba" ],
  "subject_types_supported": [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
    "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "private_key_jwt" , "tls_client_auth"],
  "token_endpoint_auth_signing_alg_values_supported":  [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "claim_types_supported": [ "normal" ],
  "claims_parameter_supported": false,
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false,
  "request_object_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "id_token_encryption_alg_values_supported": [ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP" ],
  "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ],
  "backchannel_authentication_endpoint": "https://emea-conformance.ping-eng.com:9031/as/bc-auth.ciba",
  "backchannel_token_delivery_modes_supported": [ "poll", "ping" ],
  "backchannel_authentication_request_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "backchannel_user_code_parameter_supported": false,
  "code_challenge_methods_supported": [ "plain", "S256" ],
  "tls_client_certificate_bound_access_tokens": true,
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://emea-conformance.ping-eng.com:9032/as/token.oauth2",
  "backchannel_authentication_endpoint": "https://emea-conformance.ping-eng.com:9032/as/bc-auth.ciba"}
}
2021-02-09 17:10:38 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
issuer
https://emea-conformance.ping-eng.com:9031
authorization_endpoint
https://emea-conformance.ping-eng.com:9031/as/authorization.oauth2
token_endpoint
https://emea-conformance.ping-eng.com:9032/as/token.oauth2
revocation_endpoint
https://emea-conformance.ping-eng.com:9031/as/revoke_token.oauth2
userinfo_endpoint
https://emea-conformance.ping-eng.com:9031/idp/userinfo.openid
introspection_endpoint
https://emea-conformance.ping-eng.com:9031/as/introspect.oauth2
jwks_uri
https://emea-conformance.ping-eng.com:9031/pf/JWKS
registration_endpoint
https://emea-conformance.ping-eng.com:9031/as/clients.oauth2
ping_revoked_sris_endpoint
https://emea-conformance.ping-eng.com:9031/pf-ws/rest/sessionMgmt/revokedSris
ping_session_management_sris_endpoint
https://emea-conformance.ping-eng.com:9031/pf-ws/rest/sessionMgmt/sessions
ping_end_session_endpoint
https://emea-conformance.ping-eng.com:9031/idp/startSLO.ping
device_authorization_endpoint
https://emea-conformance.ping-eng.com:9031/as/device_authz.oauth2
scopes_supported
[
  "test",
  "openid"
]
claims_supported
[
  "sub"
]
response_types_supported
[
  "code",
  "token",
  "id_token",
  "code token",
  "code id_token",
  "token id_token",
  "code token id_token"
]
response_modes_supported
[
  "fragment",
  "query",
  "form_post"
]
grant_types_supported
[
  "implicit",
  "authorization_code",
  "refresh_token",
  "password",
  "client_credentials",
  "urn:pingidentity.com:oauth2:grant_type:validate_bearer",
  "urn:ietf:params:oauth:grant-type:jwt-bearer",
  "urn:ietf:params:oauth:grant-type:saml2-bearer",
  "urn:ietf:params:oauth:grant-type:device_code",
  "urn:ietf:params:oauth:grant-type:token-exchange",
  "urn:openid:params:grant-type:ciba"
]
subject_types_supported
[
  "public",
  "pairwise"
]
id_token_signing_alg_values_supported
[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES384",
  "ES512",
  "PS256",
  "PS384",
  "PS512"
]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "client_secret_post",
  "private_key_jwt",
  "tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES384",
  "ES512",
  "PS256",
  "PS384",
  "PS512"
]
claim_types_supported
[
  "normal"
]
claims_parameter_supported
false
request_parameter_supported
true
request_uri_parameter_supported
false
request_object_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES384",
  "ES512",
  "PS256",
  "PS384",
  "PS512"
]
id_token_encryption_alg_values_supported
[
  "dir",
  "A128KW",
  "A192KW",
  "A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW",
  "RSA-OAEP"
]
id_token_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A192CBC-HS384",
  "A256CBC-HS512",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
backchannel_authentication_endpoint
https://emea-conformance.ping-eng.com:9031/as/bc-auth.ciba
backchannel_token_delivery_modes_supported
[
  "poll",
  "ping"
]
backchannel_authentication_request_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES384",
  "ES512",
  "PS256",
  "PS384",
  "PS512"
]
backchannel_user_code_parameter_supported
false
code_challenge_methods_supported
[
  "plain",
  "S256"
]
tls_client_certificate_bound_access_tokens
true
mtls_endpoint_aliases
{
  "token_endpoint": "https://emea-conformance.ping-eng.com:9032/as/token.oauth2",
  "backchannel_authentication_endpoint": "https://emea-conformance.ping-eng.com:9032/as/bc-auth.ciba"
}
2021-02-09 17:10:38 SUCCESS
CheckCIBAServerConfiguration
Found required server configuration keys
required
[
  "backchannel_authentication_endpoint",
  "token_endpoint",
  "issuer"
]
2021-02-09 17:10:38 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "emea-conformance.ping-eng.com",
  "testPort": 9031
}
authorization_endpoint
{
  "testHost": "emea-conformance.ping-eng.com",
  "testPort": 9031
}
token_endpoint
{
  "testHost": "emea-conformance.ping-eng.com",
  "testPort": 9032
}
userinfo_endpoint
{
  "testHost": "emea-conformance.ping-eng.com",
  "testPort": 9031
}
2021-02-09 17:10:38
FetchServerKeys
Fetching server key
jwks_uri
https://emea-conformance.ping-eng.com:9031/pf/JWKS
2021-02-09 17:10:38
FetchServerKeys
HTTP request
request_uri
https://emea-conformance.ping-eng.com:9031/pf/JWKS
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-02-09 17:10:38 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 09 Feb 2021 17:10:38 GMT",
  "x-frame-options": "SAMEORIGIN",
  "referrer-policy": "origin",
  "cache-control": "no-cache, no-store",
  "pragma": "no-cache",
  "expires": "Thu, 01 Jan 1970 00:00:00 GMT",
  "content-type": "application/json;charset\u003dutf-8",
  "set-cookie": "PF\u003dSrTAbDD4warW1YWul6MiLN;Path\u003d/;Secure;HttpOnly;SameSite\u003dNone",
  "transfer-encoding": "chunked"
}
response_body
{"keys":[{"kty":"EC","kid":"6yY2TlBV8jQQofSfyb5XOB4Jb6M","use":"sig","x":"AORGZoxt8oDD_RV2W1-4Ne1RDGjQhZj1BvBXpmY1QpKdrabD7-Wfofo7HU2NbH-q2pHqjQEa2xnmOnKINuQkdtYL","y":"ACC6hcSGMpuj0ZapUKgnvfye4bRKQOBhVgdMA_YWV_8TgU36igiRHeH2N8PGiOsRH3Htk16TfoHyt7hkaCeANik9","crv":"P-521"},{"kty":"EC","kid":"HGp1IEQM1voQSq46IAvk_1YRqaE","use":"sig","x":"lDl885FnLKaM-5F97Kjqo-Lo6R4buuYnhTyiQ-AA8pw","y":"l699BrNxVkOsb7nrap4hgnc5FMzGqEGBCcKIpnoCzW4","crv":"P-256"},{"kty":"RSA","kid":"OoaNeMIHyh-Y_nCgZt8P7S4WRHQ","use":"sig","n":"pwT1pxBXBTVtIXWjM-1eK5o8mYwrVjg0-tH3rVayjWjqDcFdudpZrmfW5DJX_tk8Nmxw05aK9WVV35gX3Z9hNopSDzv25aup_BSjwtMhzjDDZKqH0vZQOxwFg8mj_bKqNh5fLvSyPtonXgVzfSpuXbpsGWY_iKURqQlDB4GoI_fH0e0LCkQv5KdaUa_u46VAopeExNJxZ1sAszIpauhAVaRta7ClANvVoQiWr1yvrMLkwRe-RLK4RkTexFQWDG6-hT6casxmug8NuLP9u7iLDCIUhAppHTcQierZDjTiFdRXcPmMEbVxHTWqDOF06RnNQvKJ-KDfgVxsQ2lh3SlKXQ","e":"AQAB"},{"kty":"EC","kid":"jMHpWAXB63I1bbOLTb8BruHgSAM","use":"sig","x":"CO7-lbGTCdMBCE47l6HYdiy_ZAuXwrsdkhfUk3VoExI3w3G4m-TOZlVPVcSdRicm","y":"Qy3Tuaw1vPHuGO4WP8-g4rIiD4qOtwCqIy1aMEPH0MLfP2cbgT_8lXORDe9Pklbu","crv":"P-384"},{"kty":"EC","kid":"idZdEltozJCPsw9C_4X1oJunzbI","use":"sig","x":"QQmn2hcLohFA4m9yitWE3-RrdbZpyf5mJxhTm3vHSqw","y":"xUu6I85Juq1_kUhAjHz4IEzJ2KK7rpE4x1tJneDdCVA","crv":"P-256"},{"kty":"RSA","kid":"ii3sMTEFa9asTWi9I2oBzP7cxG4","use":"sig","n":"lK95ORbuwmjuFETa4Z_73zlAjGfq7vBVRosZfvEVarce85t7Y9wuVVYSRckg2VijZHwj44ibdTc15l6veStrVLLm7CPySSERpXcLEAdyfftwsn41h9RlHXn8zIgDkR7caHNgvDFLTml6TY89G3iJeZNwe_5-n5WMyfT4zfSNLAaXzPOeFCUbdLuJmm9OzcKTQsm7inYAPEaPb0LnuZB5MKa97s19ZSHP9n_2LImnbl1M3nUFmTyj6cidTB_zfCgBsDf5JEDMP7QYAbkyjbU_yUY3X36z-dBqMYXHdkpRGuSN6tJ-yzvCDR7DRffpb9ld49GQ3gjMilYDFpvAazhlWw","e":"AQAB"},{"kty":"EC","kid":"oMfG-1rmk0z5YYO6yQKVXQs14RU","use":"sig","x":"AF5sVn2wVq0DCho_zfl1Tb9G_684ENBGRuyY5g6cwYvPeQslw0jplPzpfb56OqvNZYrIhtZ9drC8P5SrJ1gsP0FA","y":"AbSw-emm5IeIE-zlRCIa9VaiXXLH6EKqStmjzKPcZZoDVnRVzd9ucWfkGlypaUEChY31DvSWkBBZMVXONa7YQ22a","crv":"P-521"},{"kty":"EC","kid":"yxn8wvV8bguIMfKup61EritQX4s","use":"sig","x":"xg37IIpYhU99yDi4eDujpPx-LdcDXONudlGAzz3Q0j-Z3xTN-1OjoI5wmSqCtWDq","y":"stP9A4-EwbILPpTqvmBaQUYLQU_vRim_oQfxPIp2nf7-Jb9BI_8ALkNALCWGRZRA","crv":"P-384"},{"kty":"EC","kid":"99TcWwdPzvuw5eTNBK2tT_GWnzs","use":"enc","x":"8YQDCE9KsfbnukafgrduZ6iJ_ZhnXpY-7R5-ES9wefJbaOaDJba2iXn0G8xMlkWl","y":"xnNJhNdtNCv5E_jZMjFqEPE8VuljmkFBpm7G0daUofiFms6hZZPLH6H4SMSbiYLJ","crv":"P-384"},{"kty":"EC","kid":"Se72CO7YxDAP6-8PYKUFnV4DMHI","use":"enc","x":"-9cCPd_oBcWzKRgVcVlS2MrGEPKGgHAZdMtxV_9bk5k","y":"JJ8V7OCK3bgchRPs6Jb9UGsNGCBIMkqrX7IGgqh-bQ8","crv":"P-256"},{"kty":"RSA","kid":"XR7OzZkm2xwfVmXepHM7dAplp8w","use":"enc","n":"_hV0ERWd02q9uqyGOk0bwKFmGLcegk7s9aRvAWX6Y2xNSBcjUTUOZqr6-HPQy5XK0ZTmyO2RZCaFrHOjTfwdX9se5ahIAsdFF1G556sWX3KPCK49Gfv6SYeY8i8AtE6xN0oOa_G4K5wO-ZiGH0kyL_FrZox9p9ea5Jl4c5McfO7by94jdIDKOgyL_BKv9Rr_XgjF5ZdVXl9TeyXlQ1JFPFyi3VWFgZ2S5hfxUOmTjkOgRmcDoAUiosRfzJeUAMsP6DbiKluBkgpn6-H3DPKODgAPUtKPDC_w54YgUHBMOWL3qlT8iyos5qfrb_AfGvXSgv7omq7vEL-uzytt9rr35Q","e":"AQAB"},{"kty":"EC","kid":"sqUazYYadprpeT-cU-qzEaiGgXM","use":"enc","x":"AfecqsfKl6YlwiJALueP_QJQ9hAGh9ecXUg8VAzuNE3jRwyaiPkiSk5ZoAmuQZkzAUoKOxPcJWn00aT0FBmT2peA","y":"AZqn9TvHoFJ1Vf6L8ifcR-MsTOr369ygMs4q95VoPbrj484Eje9O6NlP9T8PF98n4-WCspU4BnzLPdktDHfRM7V5","crv":"P-521"}]}
2021-02-09 17:10:38
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"EC","kid":"6yY2TlBV8jQQofSfyb5XOB4Jb6M","use":"sig","x":"AORGZoxt8oDD_RV2W1-4Ne1RDGjQhZj1BvBXpmY1QpKdrabD7-Wfofo7HU2NbH-q2pHqjQEa2xnmOnKINuQkdtYL","y":"ACC6hcSGMpuj0ZapUKgnvfye4bRKQOBhVgdMA_YWV_8TgU36igiRHeH2N8PGiOsRH3Htk16TfoHyt7hkaCeANik9","crv":"P-521"},{"kty":"EC","kid":"HGp1IEQM1voQSq46IAvk_1YRqaE","use":"sig","x":"lDl885FnLKaM-5F97Kjqo-Lo6R4buuYnhTyiQ-AA8pw","y":"l699BrNxVkOsb7nrap4hgnc5FMzGqEGBCcKIpnoCzW4","crv":"P-256"},{"kty":"RSA","kid":"OoaNeMIHyh-Y_nCgZt8P7S4WRHQ","use":"sig","n":"pwT1pxBXBTVtIXWjM-1eK5o8mYwrVjg0-tH3rVayjWjqDcFdudpZrmfW5DJX_tk8Nmxw05aK9WVV35gX3Z9hNopSDzv25aup_BSjwtMhzjDDZKqH0vZQOxwFg8mj_bKqNh5fLvSyPtonXgVzfSpuXbpsGWY_iKURqQlDB4GoI_fH0e0LCkQv5KdaUa_u46VAopeExNJxZ1sAszIpauhAVaRta7ClANvVoQiWr1yvrMLkwRe-RLK4RkTexFQWDG6-hT6casxmug8NuLP9u7iLDCIUhAppHTcQierZDjTiFdRXcPmMEbVxHTWqDOF06RnNQvKJ-KDfgVxsQ2lh3SlKXQ","e":"AQAB"},{"kty":"EC","kid":"jMHpWAXB63I1bbOLTb8BruHgSAM","use":"sig","x":"CO7-lbGTCdMBCE47l6HYdiy_ZAuXwrsdkhfUk3VoExI3w3G4m-TOZlVPVcSdRicm","y":"Qy3Tuaw1vPHuGO4WP8-g4rIiD4qOtwCqIy1aMEPH0MLfP2cbgT_8lXORDe9Pklbu","crv":"P-384"},{"kty":"EC","kid":"idZdEltozJCPsw9C_4X1oJunzbI","use":"sig","x":"QQmn2hcLohFA4m9yitWE3-RrdbZpyf5mJxhTm3vHSqw","y":"xUu6I85Juq1_kUhAjHz4IEzJ2KK7rpE4x1tJneDdCVA","crv":"P-256"},{"kty":"RSA","kid":"ii3sMTEFa9asTWi9I2oBzP7cxG4","use":"sig","n":"lK95ORbuwmjuFETa4Z_73zlAjGfq7vBVRosZfvEVarce85t7Y9wuVVYSRckg2VijZHwj44ibdTc15l6veStrVLLm7CPySSERpXcLEAdyfftwsn41h9RlHXn8zIgDkR7caHNgvDFLTml6TY89G3iJeZNwe_5-n5WMyfT4zfSNLAaXzPOeFCUbdLuJmm9OzcKTQsm7inYAPEaPb0LnuZB5MKa97s19ZSHP9n_2LImnbl1M3nUFmTyj6cidTB_zfCgBsDf5JEDMP7QYAbkyjbU_yUY3X36z-dBqMYXHdkpRGuSN6tJ-yzvCDR7DRffpb9ld49GQ3gjMilYDFpvAazhlWw","e":"AQAB"},{"kty":"EC","kid":"oMfG-1rmk0z5YYO6yQKVXQs14RU","use":"sig","x":"AF5sVn2wVq0DCho_zfl1Tb9G_684ENBGRuyY5g6cwYvPeQslw0jplPzpfb56OqvNZYrIhtZ9drC8P5SrJ1gsP0FA","y":"AbSw-emm5IeIE-zlRCIa9VaiXXLH6EKqStmjzKPcZZoDVnRVzd9ucWfkGlypaUEChY31DvSWkBBZMVXONa7YQ22a","crv":"P-521"},{"kty":"EC","kid":"yxn8wvV8bguIMfKup61EritQX4s","use":"sig","x":"xg37IIpYhU99yDi4eDujpPx-LdcDXONudlGAzz3Q0j-Z3xTN-1OjoI5wmSqCtWDq","y":"stP9A4-EwbILPpTqvmBaQUYLQU_vRim_oQfxPIp2nf7-Jb9BI_8ALkNALCWGRZRA","crv":"P-384"},{"kty":"EC","kid":"99TcWwdPzvuw5eTNBK2tT_GWnzs","use":"enc","x":"8YQDCE9KsfbnukafgrduZ6iJ_ZhnXpY-7R5-ES9wefJbaOaDJba2iXn0G8xMlkWl","y":"xnNJhNdtNCv5E_jZMjFqEPE8VuljmkFBpm7G0daUofiFms6hZZPLH6H4SMSbiYLJ","crv":"P-384"},{"kty":"EC","kid":"Se72CO7YxDAP6-8PYKUFnV4DMHI","use":"enc","x":"-9cCPd_oBcWzKRgVcVlS2MrGEPKGgHAZdMtxV_9bk5k","y":"JJ8V7OCK3bgchRPs6Jb9UGsNGCBIMkqrX7IGgqh-bQ8","crv":"P-256"},{"kty":"RSA","kid":"XR7OzZkm2xwfVmXepHM7dAplp8w","use":"enc","n":"_hV0ERWd02q9uqyGOk0bwKFmGLcegk7s9aRvAWX6Y2xNSBcjUTUOZqr6-HPQy5XK0ZTmyO2RZCaFrHOjTfwdX9se5ahIAsdFF1G556sWX3KPCK49Gfv6SYeY8i8AtE6xN0oOa_G4K5wO-ZiGH0kyL_FrZox9p9ea5Jl4c5McfO7by94jdIDKOgyL_BKv9Rr_XgjF5ZdVXl9TeyXlQ1JFPFyi3VWFgZ2S5hfxUOmTjkOgRmcDoAUiosRfzJeUAMsP6DbiKluBkgpn6-H3DPKODgAPUtKPDC_w54YgUHBMOWL3qlT8iyos5qfrb_AfGvXSgv7omq7vEL-uzytt9rr35Q","e":"AQAB"},{"kty":"EC","kid":"sqUazYYadprpeT-cU-qzEaiGgXM","use":"enc","x":"AfecqsfKl6YlwiJALueP_QJQ9hAGh9ecXUg8VAzuNE3jRwyaiPkiSk5ZoAmuQZkzAUoKOxPcJWn00aT0FBmT2peA","y":"AZqn9TvHoFJ1Vf6L8ifcR-MsTOr369ygMs4q95VoPbrj484Eje9O6NlP9T8PF98n4-WCspU4BnzLPdktDHfRM7V5","crv":"P-521"}]}
2021-02-09 17:10:38 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "kid": "6yY2TlBV8jQQofSfyb5XOB4Jb6M",
      "use": "sig",
      "x": "AORGZoxt8oDD_RV2W1-4Ne1RDGjQhZj1BvBXpmY1QpKdrabD7-Wfofo7HU2NbH-q2pHqjQEa2xnmOnKINuQkdtYL",
      "y": "ACC6hcSGMpuj0ZapUKgnvfye4bRKQOBhVgdMA_YWV_8TgU36igiRHeH2N8PGiOsRH3Htk16TfoHyt7hkaCeANik9",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "HGp1IEQM1voQSq46IAvk_1YRqaE",
      "use": "sig",
      "x": "lDl885FnLKaM-5F97Kjqo-Lo6R4buuYnhTyiQ-AA8pw",
      "y": "l699BrNxVkOsb7nrap4hgnc5FMzGqEGBCcKIpnoCzW4",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "OoaNeMIHyh-Y_nCgZt8P7S4WRHQ",
      "use": "sig",
      "n": "pwT1pxBXBTVtIXWjM-1eK5o8mYwrVjg0-tH3rVayjWjqDcFdudpZrmfW5DJX_tk8Nmxw05aK9WVV35gX3Z9hNopSDzv25aup_BSjwtMhzjDDZKqH0vZQOxwFg8mj_bKqNh5fLvSyPtonXgVzfSpuXbpsGWY_iKURqQlDB4GoI_fH0e0LCkQv5KdaUa_u46VAopeExNJxZ1sAszIpauhAVaRta7ClANvVoQiWr1yvrMLkwRe-RLK4RkTexFQWDG6-hT6casxmug8NuLP9u7iLDCIUhAppHTcQierZDjTiFdRXcPmMEbVxHTWqDOF06RnNQvKJ-KDfgVxsQ2lh3SlKXQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "jMHpWAXB63I1bbOLTb8BruHgSAM",
      "use": "sig",
      "x": "CO7-lbGTCdMBCE47l6HYdiy_ZAuXwrsdkhfUk3VoExI3w3G4m-TOZlVPVcSdRicm",
      "y": "Qy3Tuaw1vPHuGO4WP8-g4rIiD4qOtwCqIy1aMEPH0MLfP2cbgT_8lXORDe9Pklbu",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "idZdEltozJCPsw9C_4X1oJunzbI",
      "use": "sig",
      "x": "QQmn2hcLohFA4m9yitWE3-RrdbZpyf5mJxhTm3vHSqw",
      "y": "xUu6I85Juq1_kUhAjHz4IEzJ2KK7rpE4x1tJneDdCVA",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "ii3sMTEFa9asTWi9I2oBzP7cxG4",
      "use": "sig",
      "n": "lK95ORbuwmjuFETa4Z_73zlAjGfq7vBVRosZfvEVarce85t7Y9wuVVYSRckg2VijZHwj44ibdTc15l6veStrVLLm7CPySSERpXcLEAdyfftwsn41h9RlHXn8zIgDkR7caHNgvDFLTml6TY89G3iJeZNwe_5-n5WMyfT4zfSNLAaXzPOeFCUbdLuJmm9OzcKTQsm7inYAPEaPb0LnuZB5MKa97s19ZSHP9n_2LImnbl1M3nUFmTyj6cidTB_zfCgBsDf5JEDMP7QYAbkyjbU_yUY3X36z-dBqMYXHdkpRGuSN6tJ-yzvCDR7DRffpb9ld49GQ3gjMilYDFpvAazhlWw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "oMfG-1rmk0z5YYO6yQKVXQs14RU",
      "use": "sig",
      "x": "AF5sVn2wVq0DCho_zfl1Tb9G_684ENBGRuyY5g6cwYvPeQslw0jplPzpfb56OqvNZYrIhtZ9drC8P5SrJ1gsP0FA",
      "y": "AbSw-emm5IeIE-zlRCIa9VaiXXLH6EKqStmjzKPcZZoDVnRVzd9ucWfkGlypaUEChY31DvSWkBBZMVXONa7YQ22a",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "yxn8wvV8bguIMfKup61EritQX4s",
      "use": "sig",
      "x": "xg37IIpYhU99yDi4eDujpPx-LdcDXONudlGAzz3Q0j-Z3xTN-1OjoI5wmSqCtWDq",
      "y": "stP9A4-EwbILPpTqvmBaQUYLQU_vRim_oQfxPIp2nf7-Jb9BI_8ALkNALCWGRZRA",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "99TcWwdPzvuw5eTNBK2tT_GWnzs",
      "use": "enc",
      "x": "8YQDCE9KsfbnukafgrduZ6iJ_ZhnXpY-7R5-ES9wefJbaOaDJba2iXn0G8xMlkWl",
      "y": "xnNJhNdtNCv5E_jZMjFqEPE8VuljmkFBpm7G0daUofiFms6hZZPLH6H4SMSbiYLJ",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "Se72CO7YxDAP6-8PYKUFnV4DMHI",
      "use": "enc",
      "x": "-9cCPd_oBcWzKRgVcVlS2MrGEPKGgHAZdMtxV_9bk5k",
      "y": "JJ8V7OCK3bgchRPs6Jb9UGsNGCBIMkqrX7IGgqh-bQ8",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "XR7OzZkm2xwfVmXepHM7dAplp8w",
      "use": "enc",
      "n": "_hV0ERWd02q9uqyGOk0bwKFmGLcegk7s9aRvAWX6Y2xNSBcjUTUOZqr6-HPQy5XK0ZTmyO2RZCaFrHOjTfwdX9se5ahIAsdFF1G556sWX3KPCK49Gfv6SYeY8i8AtE6xN0oOa_G4K5wO-ZiGH0kyL_FrZox9p9ea5Jl4c5McfO7by94jdIDKOgyL_BKv9Rr_XgjF5ZdVXl9TeyXlQ1JFPFyi3VWFgZ2S5hfxUOmTjkOgRmcDoAUiosRfzJeUAMsP6DbiKluBkgpn6-H3DPKODgAPUtKPDC_w54YgUHBMOWL3qlT8iyos5qfrb_AfGvXSgv7omq7vEL-uzytt9rr35Q",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "sqUazYYadprpeT-cU-qzEaiGgXM",
      "use": "enc",
      "x": "AfecqsfKl6YlwiJALueP_QJQ9hAGh9ecXUg8VAzuNE3jRwyaiPkiSk5ZoAmuQZkzAUoKOxPcJWn00aT0FBmT2peA",
      "y": "AZqn9TvHoFJ1Vf6L8ifcR-MsTOr369ygMs4q95VoPbrj484Eje9O6NlP9T8PF98n4-WCspU4BnzLPdktDHfRM7V5",
      "crv": "P-521"
    }
  ]
}
2021-02-09 17:10:38 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "kid": "6yY2TlBV8jQQofSfyb5XOB4Jb6M",
      "use": "sig",
      "x": "AORGZoxt8oDD_RV2W1-4Ne1RDGjQhZj1BvBXpmY1QpKdrabD7-Wfofo7HU2NbH-q2pHqjQEa2xnmOnKINuQkdtYL",
      "y": "ACC6hcSGMpuj0ZapUKgnvfye4bRKQOBhVgdMA_YWV_8TgU36igiRHeH2N8PGiOsRH3Htk16TfoHyt7hkaCeANik9",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "HGp1IEQM1voQSq46IAvk_1YRqaE",
      "use": "sig",
      "x": "lDl885FnLKaM-5F97Kjqo-Lo6R4buuYnhTyiQ-AA8pw",
      "y": "l699BrNxVkOsb7nrap4hgnc5FMzGqEGBCcKIpnoCzW4",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "OoaNeMIHyh-Y_nCgZt8P7S4WRHQ",
      "use": "sig",
      "n": "pwT1pxBXBTVtIXWjM-1eK5o8mYwrVjg0-tH3rVayjWjqDcFdudpZrmfW5DJX_tk8Nmxw05aK9WVV35gX3Z9hNopSDzv25aup_BSjwtMhzjDDZKqH0vZQOxwFg8mj_bKqNh5fLvSyPtonXgVzfSpuXbpsGWY_iKURqQlDB4GoI_fH0e0LCkQv5KdaUa_u46VAopeExNJxZ1sAszIpauhAVaRta7ClANvVoQiWr1yvrMLkwRe-RLK4RkTexFQWDG6-hT6casxmug8NuLP9u7iLDCIUhAppHTcQierZDjTiFdRXcPmMEbVxHTWqDOF06RnNQvKJ-KDfgVxsQ2lh3SlKXQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "jMHpWAXB63I1bbOLTb8BruHgSAM",
      "use": "sig",
      "x": "CO7-lbGTCdMBCE47l6HYdiy_ZAuXwrsdkhfUk3VoExI3w3G4m-TOZlVPVcSdRicm",
      "y": "Qy3Tuaw1vPHuGO4WP8-g4rIiD4qOtwCqIy1aMEPH0MLfP2cbgT_8lXORDe9Pklbu",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "idZdEltozJCPsw9C_4X1oJunzbI",
      "use": "sig",
      "x": "QQmn2hcLohFA4m9yitWE3-RrdbZpyf5mJxhTm3vHSqw",
      "y": "xUu6I85Juq1_kUhAjHz4IEzJ2KK7rpE4x1tJneDdCVA",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "ii3sMTEFa9asTWi9I2oBzP7cxG4",
      "use": "sig",
      "n": "lK95ORbuwmjuFETa4Z_73zlAjGfq7vBVRosZfvEVarce85t7Y9wuVVYSRckg2VijZHwj44ibdTc15l6veStrVLLm7CPySSERpXcLEAdyfftwsn41h9RlHXn8zIgDkR7caHNgvDFLTml6TY89G3iJeZNwe_5-n5WMyfT4zfSNLAaXzPOeFCUbdLuJmm9OzcKTQsm7inYAPEaPb0LnuZB5MKa97s19ZSHP9n_2LImnbl1M3nUFmTyj6cidTB_zfCgBsDf5JEDMP7QYAbkyjbU_yUY3X36z-dBqMYXHdkpRGuSN6tJ-yzvCDR7DRffpb9ld49GQ3gjMilYDFpvAazhlWw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "oMfG-1rmk0z5YYO6yQKVXQs14RU",
      "use": "sig",
      "x": "AF5sVn2wVq0DCho_zfl1Tb9G_684ENBGRuyY5g6cwYvPeQslw0jplPzpfb56OqvNZYrIhtZ9drC8P5SrJ1gsP0FA",
      "y": "AbSw-emm5IeIE-zlRCIa9VaiXXLH6EKqStmjzKPcZZoDVnRVzd9ucWfkGlypaUEChY31DvSWkBBZMVXONa7YQ22a",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "yxn8wvV8bguIMfKup61EritQX4s",
      "use": "sig",
      "x": "xg37IIpYhU99yDi4eDujpPx-LdcDXONudlGAzz3Q0j-Z3xTN-1OjoI5wmSqCtWDq",
      "y": "stP9A4-EwbILPpTqvmBaQUYLQU_vRim_oQfxPIp2nf7-Jb9BI_8ALkNALCWGRZRA",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "99TcWwdPzvuw5eTNBK2tT_GWnzs",
      "use": "enc",
      "x": "8YQDCE9KsfbnukafgrduZ6iJ_ZhnXpY-7R5-ES9wefJbaOaDJba2iXn0G8xMlkWl",
      "y": "xnNJhNdtNCv5E_jZMjFqEPE8VuljmkFBpm7G0daUofiFms6hZZPLH6H4SMSbiYLJ",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "Se72CO7YxDAP6-8PYKUFnV4DMHI",
      "use": "enc",
      "x": "-9cCPd_oBcWzKRgVcVlS2MrGEPKGgHAZdMtxV_9bk5k",
      "y": "JJ8V7OCK3bgchRPs6Jb9UGsNGCBIMkqrX7IGgqh-bQ8",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "XR7OzZkm2xwfVmXepHM7dAplp8w",
      "use": "enc",
      "n": "_hV0ERWd02q9uqyGOk0bwKFmGLcegk7s9aRvAWX6Y2xNSBcjUTUOZqr6-HPQy5XK0ZTmyO2RZCaFrHOjTfwdX9se5ahIAsdFF1G556sWX3KPCK49Gfv6SYeY8i8AtE6xN0oOa_G4K5wO-ZiGH0kyL_FrZox9p9ea5Jl4c5McfO7by94jdIDKOgyL_BKv9Rr_XgjF5ZdVXl9TeyXlQ1JFPFyi3VWFgZ2S5hfxUOmTjkOgRmcDoAUiosRfzJeUAMsP6DbiKluBkgpn6-H3DPKODgAPUtKPDC_w54YgUHBMOWL3qlT8iyos5qfrb_AfGvXSgv7omq7vEL-uzytt9rr35Q",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "sqUazYYadprpeT-cU-qzEaiGgXM",
      "use": "enc",
      "x": "AfecqsfKl6YlwiJALueP_QJQ9hAGh9ecXUg8VAzuNE3jRwyaiPkiSk5ZoAmuQZkzAUoKOxPcJWn00aT0FBmT2peA",
      "y": "AZqn9TvHoFJ1Vf6L8ifcR-MsTOr369ygMs4q95VoPbrj484Eje9O6NlP9T8PF98n4-WCspU4BnzLPdktDHfRM7V5",
      "crv": "P-521"
    }
  ]
}
2021-02-09 17:10:38 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-02-09 17:10:38 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-02-09 17:10:38 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-02-09 17:10:38 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "kid": "6yY2TlBV8jQQofSfyb5XOB4Jb6M",
      "use": "sig",
      "x": "AORGZoxt8oDD_RV2W1-4Ne1RDGjQhZj1BvBXpmY1QpKdrabD7-Wfofo7HU2NbH-q2pHqjQEa2xnmOnKINuQkdtYL",
      "y": "ACC6hcSGMpuj0ZapUKgnvfye4bRKQOBhVgdMA_YWV_8TgU36igiRHeH2N8PGiOsRH3Htk16TfoHyt7hkaCeANik9",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "HGp1IEQM1voQSq46IAvk_1YRqaE",
      "use": "sig",
      "x": "lDl885FnLKaM-5F97Kjqo-Lo6R4buuYnhTyiQ-AA8pw",
      "y": "l699BrNxVkOsb7nrap4hgnc5FMzGqEGBCcKIpnoCzW4",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "OoaNeMIHyh-Y_nCgZt8P7S4WRHQ",
      "use": "sig",
      "n": "pwT1pxBXBTVtIXWjM-1eK5o8mYwrVjg0-tH3rVayjWjqDcFdudpZrmfW5DJX_tk8Nmxw05aK9WVV35gX3Z9hNopSDzv25aup_BSjwtMhzjDDZKqH0vZQOxwFg8mj_bKqNh5fLvSyPtonXgVzfSpuXbpsGWY_iKURqQlDB4GoI_fH0e0LCkQv5KdaUa_u46VAopeExNJxZ1sAszIpauhAVaRta7ClANvVoQiWr1yvrMLkwRe-RLK4RkTexFQWDG6-hT6casxmug8NuLP9u7iLDCIUhAppHTcQierZDjTiFdRXcPmMEbVxHTWqDOF06RnNQvKJ-KDfgVxsQ2lh3SlKXQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "jMHpWAXB63I1bbOLTb8BruHgSAM",
      "use": "sig",
      "x": "CO7-lbGTCdMBCE47l6HYdiy_ZAuXwrsdkhfUk3VoExI3w3G4m-TOZlVPVcSdRicm",
      "y": "Qy3Tuaw1vPHuGO4WP8-g4rIiD4qOtwCqIy1aMEPH0MLfP2cbgT_8lXORDe9Pklbu",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "idZdEltozJCPsw9C_4X1oJunzbI",
      "use": "sig",
      "x": "QQmn2hcLohFA4m9yitWE3-RrdbZpyf5mJxhTm3vHSqw",
      "y": "xUu6I85Juq1_kUhAjHz4IEzJ2KK7rpE4x1tJneDdCVA",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "ii3sMTEFa9asTWi9I2oBzP7cxG4",
      "use": "sig",
      "n": "lK95ORbuwmjuFETa4Z_73zlAjGfq7vBVRosZfvEVarce85t7Y9wuVVYSRckg2VijZHwj44ibdTc15l6veStrVLLm7CPySSERpXcLEAdyfftwsn41h9RlHXn8zIgDkR7caHNgvDFLTml6TY89G3iJeZNwe_5-n5WMyfT4zfSNLAaXzPOeFCUbdLuJmm9OzcKTQsm7inYAPEaPb0LnuZB5MKa97s19ZSHP9n_2LImnbl1M3nUFmTyj6cidTB_zfCgBsDf5JEDMP7QYAbkyjbU_yUY3X36z-dBqMYXHdkpRGuSN6tJ-yzvCDR7DRffpb9ld49GQ3gjMilYDFpvAazhlWw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "oMfG-1rmk0z5YYO6yQKVXQs14RU",
      "use": "sig",
      "x": "AF5sVn2wVq0DCho_zfl1Tb9G_684ENBGRuyY5g6cwYvPeQslw0jplPzpfb56OqvNZYrIhtZ9drC8P5SrJ1gsP0FA",
      "y": "AbSw-emm5IeIE-zlRCIa9VaiXXLH6EKqStmjzKPcZZoDVnRVzd9ucWfkGlypaUEChY31DvSWkBBZMVXONa7YQ22a",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "yxn8wvV8bguIMfKup61EritQX4s",
      "use": "sig",
      "x": "xg37IIpYhU99yDi4eDujpPx-LdcDXONudlGAzz3Q0j-Z3xTN-1OjoI5wmSqCtWDq",
      "y": "stP9A4-EwbILPpTqvmBaQUYLQU_vRim_oQfxPIp2nf7-Jb9BI_8ALkNALCWGRZRA",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "99TcWwdPzvuw5eTNBK2tT_GWnzs",
      "use": "enc",
      "x": "8YQDCE9KsfbnukafgrduZ6iJ_ZhnXpY-7R5-ES9wefJbaOaDJba2iXn0G8xMlkWl",
      "y": "xnNJhNdtNCv5E_jZMjFqEPE8VuljmkFBpm7G0daUofiFms6hZZPLH6H4SMSbiYLJ",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "Se72CO7YxDAP6-8PYKUFnV4DMHI",
      "use": "enc",
      "x": "-9cCPd_oBcWzKRgVcVlS2MrGEPKGgHAZdMtxV_9bk5k",
      "y": "JJ8V7OCK3bgchRPs6Jb9UGsNGCBIMkqrX7IGgqh-bQ8",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "XR7OzZkm2xwfVmXepHM7dAplp8w",
      "use": "enc",
      "n": "_hV0ERWd02q9uqyGOk0bwKFmGLcegk7s9aRvAWX6Y2xNSBcjUTUOZqr6-HPQy5XK0ZTmyO2RZCaFrHOjTfwdX9se5ahIAsdFF1G556sWX3KPCK49Gfv6SYeY8i8AtE6xN0oOa_G4K5wO-ZiGH0kyL_FrZox9p9ea5Jl4c5McfO7by94jdIDKOgyL_BKv9Rr_XgjF5ZdVXl9TeyXlQ1JFPFyi3VWFgZ2S5hfxUOmTjkOgRmcDoAUiosRfzJeUAMsP6DbiKluBkgpn6-H3DPKODgAPUtKPDC_w54YgUHBMOWL3qlT8iyos5qfrb_AfGvXSgv7omq7vEL-uzytt9rr35Q",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "sqUazYYadprpeT-cU-qzEaiGgXM",
      "use": "enc",
      "x": "AfecqsfKl6YlwiJALueP_QJQ9hAGh9ecXUg8VAzuNE3jRwyaiPkiSk5ZoAmuQZkzAUoKOxPcJWn00aT0FBmT2peA",
      "y": "AZqn9TvHoFJ1Vf6L8ifcR-MsTOr369ygMs4q95VoPbrj484Eje9O6NlP9T8PF98n4-WCspU4BnzLPdktDHfRM7V5",
      "crv": "P-521"
    }
  ]
}
Verify First client: static client configuration
2021-02-09 17:10:38 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
conformance3
scope
openid test
jwks
{
  "keys": [
    {
      "kty": "EC",
      "d": "QPg1PBy12DhqqGeiuWBoIdhrfbOutP8nfSND46mdTgU",
      "use": "sig",
      "crv": "P-256",
      "kid": "2HKyz2Uc4F8hRcwyuPgA5Eg_salnEe7pfujUkvj2yew",
      "x": "NK3-2enqupOW-PGDSp2X2vrtqFIVnsVMciZdVwa7p8Q",
      "y": "Yrp1yMUYXZcWbHRzsXlH94v2SJZs0lxRbbCpvo1kcUw",
      "alg": "ES256"
    }
  ]
}
hint_type
login_hint
hint_value
patrick
2021-02-09 17:10:38 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-02-09 17:10:38 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "d": "QPg1PBy12DhqqGeiuWBoIdhrfbOutP8nfSND46mdTgU",
      "use": "sig",
      "crv": "P-256",
      "kid": "2HKyz2Uc4F8hRcwyuPgA5Eg_salnEe7pfujUkvj2yew",
      "x": "NK3-2enqupOW-PGDSp2X2vrtqFIVnsVMciZdVwa7p8Q",
      "y": "Yrp1yMUYXZcWbHRzsXlH94v2SJZs0lxRbbCpvo1kcUw",
      "alg": "ES256"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "2HKyz2Uc4F8hRcwyuPgA5Eg_salnEe7pfujUkvj2yew",
      "x": "NK3-2enqupOW-PGDSp2X2vrtqFIVnsVMciZdVwa7p8Q",
      "y": "Yrp1yMUYXZcWbHRzsXlH94v2SJZs0lxRbbCpvo1kcUw",
      "alg": "ES256"
    }
  ]
}
2021-02-09 17:10:38
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2021-02-09 17:10:38 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2021-02-09 17:10:38
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2021-02-09 17:10:38 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIDlTCCAn2gAwIBAgIJAKRJoaX7BlZbMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMR0wGwYDVQQKDBRBdXRobGV0ZSBUZXN0IENsaWVudDEdMBsGA1UEAwwUQXV0aGxldGUgVGVzdCBDbGllbnQwIBcNMTgwNTI1MjA1NzU0WhgPMjEwNjAxMDQyMDU3NTRaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMR0wGwYDVQQKDBRBdXRobGV0ZSBUZXN0IENsaWVudDEdMBsGA1UEAwwUQXV0aGxldGUgVGVzdCBDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWwl/Q+nuL8KXbObpVzww1VkHwLF4W9QxrPI1V0Uh6V9rxUjrfSbtWNEQVDwQmoW8M1XjnRnGvdNRd0m6gNEQLKsqRN2xIvPdR0IO+2b+y7WJ9XlwdqHAFSWQJtoHzBAmkRirRMJrQSW5sB/NIBmyVqUdTV/FghNjc+IiPF4X1kxwwOzm7y2zlHZUpiPQknwPbWNeyunj/XQRrqWPg+RXzAKIjbVprxGaT8CexKu6oEaed8BCTO0rJIOkmjXZMl+SDhXQn9GHKFh60UlJddxVngxhX63MAQ1GsO8HsjrLgO3q4LmTDVHkprLy/wgBRDfo0IHb3gWhbOuRGMLLMKKvAgMBAAGjUDBOMB0GA1UdDgQWBBRuwpA4lqWaOkwmPcTQR8CH0Iv3vjAfBgNVHSMEGDAWgBRuwpA4lqWaOkwmPcTQR8CH0Iv3vjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBiCmvQmmKqI/8sB312HTEFlvtpbYp429eNCGXWloOOqVQkJaBnvy9YUS/wCgusyKeMBgbgpV0s8bp/gEW2/MnlWW9+fbFuhzRRwvuV/7je1Avv9Y06RH8GKJYwk2j6qcO7Mn9kVhlnlKxGdFxm/i0OBuZnUe/KDxKPjVEdUJbxAFfxdq4cUjfewMuoxsYruIDnLXjTBcj2PbJ6vcPzq/6TYwxRmnrXIAO6Nxe8ZNXn2x2+njwrUKW4WPQ7u3dyHlD+M3iTpm3TwSgg0FSYiBcXhWJLQCJVEb0kbKJ/PDmcvomusQWTL/0epS62azWG8PUUs4v9XeaemAbHqPGh+5Bo
key
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEWwl/Q+nuL8KXbObpVzww1VkHwLF4W9QxrPI1V0Uh6V9rxUjrfSbtWNEQVDwQmoW8M1XjnRnGvdNRd0m6gNEQLKsqRN2xIvPdR0IO+2b+y7WJ9XlwdqHAFSWQJtoHzBAmkRirRMJrQSW5sB/NIBmyVqUdTV/FghNjc+IiPF4X1kxwwOzm7y2zlHZUpiPQknwPbWNeyunj/XQRrqWPg+RXzAKIjbVprxGaT8CexKu6oEaed8BCTO0rJIOkmjXZMl+SDhXQn9GHKFh60UlJddxVngxhX63MAQ1GsO8HsjrLgO3q4LmTDVHkprLy/wgBRDfo0IHb3gWhbOuRGMLLMKKvAgMBAAECggEAJ3uOy1JipYxg+oXhYKYz6jXcMxziEquUXXDDO0qTEiCVGVyQLxn5S9yCHWByu3v2zEMeUCh02GuvJEBySNhCMZhpypQSZ935X1NGyzBuI2ne1SDRDHYuTCt0ZCoLyWmVDcw7Q6UN2vc8mLv7iQmdYSjfBqdaTKK9N1BD9lJhMTWBjxQDaF1yEZQfR1HOVVddJXt8ILOOltuxhu4EuBKsT8ZlCAN5kGx6+FzXlGlSYjWnGoYbERESeDim3JDwGOGX2msPGOmSzF24LnXrPg8IcrwEbzlFRIEzd8yUVA6VNca71uzv/MaOX5+cTtDiAoVdfrk1Ykt1SNNccGKnC7L3MQKBgQD29FIhT21DkUnXlABKj0N9dBSQyQ1HzILmY/YSg7aeBAlatEzCDxHtFaS89wXxosz2vNd1QKIrLrAgSzTLyemi2KVcvsHyo0g0drSq3NlOw5Rz4WRAZNgBcuhFJ8ZD1BJCisdQxQyCRJ3I0pf/D7mGkmovII1WSk/MIEWWvd3P6wKBgQDLjEEOaTeopbnqkJrcL4UbV2GmVAIa9EXSqzRTrPlxVA62n8EEX5YLXTx6yrvWHWtlA4VgRmUGuu1km5DqlnVdVz/l8fSk2HFcdycJgKd189v/tQ+BLu50+1+uaHiWLXo3VEXgv5QKSgPxWEnNPRVbgqOhav2MaACKo9sl3h4LTQKBgQCjyIxD7VKREmW/5TeAO53OMVOGZuE48ikKtdc4lkRibljp4FRcC/SeodEdRlOZ25hGOB5JdHFZZGCJOneshKBAUaDybs1gp+w2Z1gRTeGNvGbTp/N+RaOA6n2jh+qVh6wIl9Py/Iz8RJfE3e7SydIIr0hfMx6p0SU1Q14DyK64uwKBgQCiqM5ESejkqKtNu4lFc+QW2Vl7pZ6ZE6PImnASfiRIYDfx0PBaIlixdCyko+Y/UPtFme635QlOu4qB35+LF/lqQhMaGqS6Jw1QKxfTDDDGnb2tNm/ReEOu0ELCCVJ0EJueI4ZD+FTBdCx6bWdsz+eFXXyNvgYoceQc5px2Qm4X8QKBgHwpmIeHCvU9Erb9X5pY5JR609Ei+a9jksoe0ch7ocZi2NoE3vwjUSZFe/hTkvpf0gUhw1Zmekqhm78Qb4H7Aq7RDbpyCvoRXGS4GulFXM9Tkfe5FejhawT6fG12KLHOSAkJNgdFCPvFOaHlxPoAaBcf1sY/flehjWEwkVDSh0Js
2021-02-09 17:10:38 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-02-09 17:10:38 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-02-09 17:10:38 SUCCESS
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
2021-02-09 17:10:38 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "d": "QPg1PBy12DhqqGeiuWBoIdhrfbOutP8nfSND46mdTgU",
      "use": "sig",
      "crv": "P-256",
      "kid": "2HKyz2Uc4F8hRcwyuPgA5Eg_salnEe7pfujUkvj2yew",
      "x": "NK3-2enqupOW-PGDSp2X2vrtqFIVnsVMciZdVwa7p8Q",
      "y": "Yrp1yMUYXZcWbHRzsXlH94v2SJZs0lxRbbCpvo1kcUw",
      "alg": "ES256"
    }
  ]
}
2021-02-09 17:10:38 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2021-02-09 17:10:38 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://emea-conformance.ping-eng.com:3000/get
2021-02-09 17:10:38 SUCCESS
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
protected_resource_url
https://emea-conformance.ping-eng.com:3000/get
2021-02-09 17:10:38 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "emea-conformance.ping-eng.com",
  "testPort": 3000
}
2021-02-09 17:10:38 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "emea-conformance.ping-eng.com",
  "testPort": 3000
}
accounts_request_endpoint
{
  "testHost": "emea-conformance.ping-eng.com",
  "testPort": 3000
}
2021-02-09 17:10:38
fapi-ciba-id1-ensure-mtls-holder-of-key-required
Setup Done
Authorization endpoint TLS test
2021-02-09 17:10:38 SUCCESS
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:39 SUCCESS
DisallowTLS10
Server refused TLS 1.0 handshake
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:39 SUCCESS
DisallowTLS11
Server refused TLS 1.1 handshake
port
9031
host
emea-conformance.ping-eng.com
Token Endpoint TLS test
2021-02-09 17:10:39 SUCCESS
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
port
9032
host
emea-conformance.ping-eng.com
2021-02-09 17:10:39 SUCCESS
DisallowTLS10
Server refused TLS 1.0 handshake
port
9032
host
emea-conformance.ping-eng.com
2021-02-09 17:10:39 SUCCESS
DisallowTLS11
Server refused TLS 1.1 handshake
port
9032
host
emea-conformance.ping-eng.com
2021-02-09 17:10:39
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
port
9032
host
emea-conformance.ping-eng.com
2021-02-09 17:10:40 SUCCESS
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
port
9032
host
emea-conformance.ping-eng.com
Userinfo Endpoint TLS test
2021-02-09 17:10:40 SUCCESS
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:40 SUCCESS
DisallowTLS10
Server refused TLS 1.0 handshake
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:40 SUCCESS
DisallowTLS11
Server refused TLS 1.1 handshake
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:40
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:40 SUCCESS
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
port
9031
host
emea-conformance.ping-eng.com
Registration Endpoint TLS test
2021-02-09 17:10:41 SUCCESS
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:41 SUCCESS
DisallowTLS10
Server refused TLS 1.0 handshake
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:41 SUCCESS
DisallowTLS11
Server refused TLS 1.1 handshake
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:41
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
port
9031
host
emea-conformance.ping-eng.com
2021-02-09 17:10:41 SUCCESS
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
port
9031
host
emea-conformance.ping-eng.com
Call backchannel authentication endpoint
2021-02-09 17:10:41 SUCCESS
CreateEmptyAuthorizationEndpointRequest
Created empty authorization endpoint request
2021-02-09 17:10:41 SUCCESS
AddScopeToAuthorizationEndpointRequest
Added scope of 'openid test' to authorization endpoint request
scope
openid test
2021-02-09 17:10:41 SUCCESS
AddHintToAuthorizationEndpointRequest
Added hint to authorization endpoint request
login_hint
patrick
2021-02-09 17:10:41 SUCCESS
AddBindingMessageToAuthorizationEndpointRequest
Added binding message to authorization endpoint request
binding_message
1234
2021-02-09 17:10:41 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "scope": "openid test",
  "login_hint": "patrick",
  "binding_message": "1234"
}
2021-02-09 17:10:41 SUCCESS
AddIatToRequestObject
Added iat to request object claims
iat
1.612890641E9
2021-02-09 17:10:41 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.612890941E9
2021-02-09 17:10:41 SUCCESS
AddNbfToRequestObject
Added nbf to request object claims
nbf
1.612890641E9
2021-02-09 17:10:41 SUCCESS
AddJtiToRequestObject
Added jti to request object claims
jti
zYAvBfjd1BqT7J7rBqf8
2021-02-09 17:10:41 SUCCESS
AddAudToRequestObject
Added aud to request object claims
aud
https://emea-conformance.ping-eng.com:9031
2021-02-09 17:10:41 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
conformance3
2021-02-09 17:10:41 SUCCESS
SignRequestObject
Signed the request object
claims
{"aud":"https:\/\/emea-conformance.ping-eng.com:9031","login_hint":"patrick","nbf":1612890641,"scope":"openid test","iss":"conformance3","binding_message":"1234","exp":1612890941,"iat":1612890641,"jti":"zYAvBfjd1BqT7J7rBqf8"}
header
{"kid":"2HKyz2Uc4F8hRcwyuPgA5Eg_salnEe7pfujUkvj2yew","alg":"ES256"}
request_object
eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMSIsImxvZ2luX2hpbnQiOiJwYXRyaWNrIiwibmJmIjoxNjEyODkwNjQxLCJzY29wZSI6Im9wZW5pZCB0ZXN0IiwiaXNzIjoiY29uZm9ybWFuY2UzIiwiYmluZGluZ19tZXNzYWdlIjoiMTIzNCIsImV4cCI6MTYxMjg5MDk0MSwiaWF0IjoxNjEyODkwNjQxLCJqdGkiOiJ6WUF2QmZqZDFCcVQ3SjdyQnFmOCJ9.H4xh8Q5sGrainKX1DOvF-WJxLjG0Cr1giuWDqCcrBugxG8FtFH7u6NxP5U_AtH_6t_3HnYEkqTDfDhOVwFRztg
key
{"kty":"EC","d":"QPg1PBy12DhqqGeiuWBoIdhrfbOutP8nfSND46mdTgU","use":"sig","crv":"P-256","kid":"2HKyz2Uc4F8hRcwyuPgA5Eg_salnEe7pfujUkvj2yew","x":"NK3-2enqupOW-PGDSp2X2vrtqFIVnsVMciZdVwa7p8Q","y":"Yrp1yMUYXZcWbHRzsXlH94v2SJZs0lxRbbCpvo1kcUw","alg":"ES256"}
2021-02-09 17:10:41 SUCCESS
CreateBackchannelAuthenticationEndpointRequest
Created backchannel authentication endpoint request
2021-02-09 17:10:41
AddRequestToBackchannelAuthenticationEndpointRequest
request
eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMSIsImxvZ2luX2hpbnQiOiJwYXRyaWNrIiwibmJmIjoxNjEyODkwNjQxLCJzY29wZSI6Im9wZW5pZCB0ZXN0IiwiaXNzIjoiY29uZm9ybWFuY2UzIiwiYmluZGluZ19tZXNzYWdlIjoiMTIzNCIsImV4cCI6MTYxMjg5MDk0MSwiaWF0IjoxNjEyODkwNjQxLCJqdGkiOiJ6WUF2QmZqZDFCcVQ3SjdyQnFmOCJ9.H4xh8Q5sGrainKX1DOvF-WJxLjG0Cr1giuWDqCcrBugxG8FtFH7u6NxP5U_AtH_6t_3HnYEkqTDfDhOVwFRztg
2021-02-09 17:10:41 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
conformance3
sub
conformance3
aud
https://emea-conformance.ping-eng.com:9032/as/token.oauth2
jti
eCD0UBYNOhkKLxCQ0a0d
iat
1612890641
exp
1612890701
2021-02-09 17:10:41 SUCCESS
SetClientAuthenticationAudToBackchannelAuthenticationEndpoint
Add backchannel_authentication_endpoint as aud value to client_assertion_claims
iss
conformance3
sub
conformance3
aud
https://emea-conformance.ping-eng.com:9031/as/bc-auth.ciba
jti
eCD0UBYNOhkKLxCQ0a0d
iat
1612890641
exp
1612890701
2021-02-09 17:10:41 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJjb25mb3JtYW5jZTMiLCJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMVwvYXNcL2JjLWF1dGguY2liYSIsImlzcyI6ImNvbmZvcm1hbmNlMyIsImV4cCI6MTYxMjg5MDcwMSwiaWF0IjoxNjEyODkwNjQxLCJqdGkiOiJlQ0QwVUJZTk9oa0tMeENRMGEwZCJ9.2fFeIzN-1OsTBw9KKCVjnxnvEhjX_XHtxi3m4EY0zB5YWDkPddlddCJQZhdszFwaLF4cAnlMV2kQipikFihUMA
2021-02-09 17:10:41
AddClientAssertionToBackchannelAuthenticationEndpoint
Added client assertion
request
eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMSIsImxvZ2luX2hpbnQiOiJwYXRyaWNrIiwibmJmIjoxNjEyODkwNjQxLCJzY29wZSI6Im9wZW5pZCB0ZXN0IiwiaXNzIjoiY29uZm9ybWFuY2UzIiwiYmluZGluZ19tZXNzYWdlIjoiMTIzNCIsImV4cCI6MTYxMjg5MDk0MSwiaWF0IjoxNjEyODkwNjQxLCJqdGkiOiJ6WUF2QmZqZDFCcVQ3SjdyQnFmOCJ9.H4xh8Q5sGrainKX1DOvF-WJxLjG0Cr1giuWDqCcrBugxG8FtFH7u6NxP5U_AtH_6t_3HnYEkqTDfDhOVwFRztg
client_assertion
eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJjb25mb3JtYW5jZTMiLCJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMVwvYXNcL2JjLWF1dGguY2liYSIsImlzcyI6ImNvbmZvcm1hbmNlMyIsImV4cCI6MTYxMjg5MDcwMSwiaWF0IjoxNjEyODkwNjQxLCJqdGkiOiJlQ0QwVUJZTk9oa0tMeENRMGEwZCJ9.2fFeIzN-1OsTBw9KKCVjnxnvEhjX_XHtxi3m4EY0zB5YWDkPddlddCJQZhdszFwaLF4cAnlMV2kQipikFihUMA
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-02-09 17:10:41
CallBackchannelAuthenticationEndpoint
HTTP request
request_uri
https://emea-conformance.ping-eng.com:9031/as/bc-auth.ciba
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "1005"
}
request_body
request=eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMSIsImxvZ2luX2hpbnQiOiJwYXRyaWNrIiwibmJmIjoxNjEyODkwNjQxLCJzY29wZSI6Im9wZW5pZCB0ZXN0IiwiaXNzIjoiY29uZm9ybWFuY2UzIiwiYmluZGluZ19tZXNzYWdlIjoiMTIzNCIsImV4cCI6MTYxMjg5MDk0MSwiaWF0IjoxNjEyODkwNjQxLCJqdGkiOiJ6WUF2QmZqZDFCcVQ3SjdyQnFmOCJ9.H4xh8Q5sGrainKX1DOvF-WJxLjG0Cr1giuWDqCcrBugxG8FtFH7u6NxP5U_AtH_6t_3HnYEkqTDfDhOVwFRztg&client_assertion=eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJjb25mb3JtYW5jZTMiLCJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMVwvYXNcL2JjLWF1dGguY2liYSIsImlzcyI6ImNvbmZvcm1hbmNlMyIsImV4cCI6MTYxMjg5MDcwMSwiaWF0IjoxNjEyODkwNjQxLCJqdGkiOiJlQ0QwVUJZTk9oa0tMeENRMGEwZCJ9.2fFeIzN-1OsTBw9KKCVjnxnvEhjX_XHtxi3m4EY0zB5YWDkPddlddCJQZhdszFwaLF4cAnlMV2kQipikFihUMA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
request_mutual_tls
{
  "cert": "MIIDlTCCAn2gAwIBAgIJAKRJoaX7BlZbMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMR0wGwYDVQQKDBRBdXRobGV0ZSBUZXN0IENsaWVudDEdMBsGA1UEAwwUQXV0aGxldGUgVGVzdCBDbGllbnQwIBcNMTgwNTI1MjA1NzU0WhgPMjEwNjAxMDQyMDU3NTRaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMR0wGwYDVQQKDBRBdXRobGV0ZSBUZXN0IENsaWVudDEdMBsGA1UEAwwUQXV0aGxldGUgVGVzdCBDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWwl/Q+nuL8KXbObpVzww1VkHwLF4W9QxrPI1V0Uh6V9rxUjrfSbtWNEQVDwQmoW8M1XjnRnGvdNRd0m6gNEQLKsqRN2xIvPdR0IO+2b+y7WJ9XlwdqHAFSWQJtoHzBAmkRirRMJrQSW5sB/NIBmyVqUdTV/FghNjc+IiPF4X1kxwwOzm7y2zlHZUpiPQknwPbWNeyunj/XQRrqWPg+RXzAKIjbVprxGaT8CexKu6oEaed8BCTO0rJIOkmjXZMl+SDhXQn9GHKFh60UlJddxVngxhX63MAQ1GsO8HsjrLgO3q4LmTDVHkprLy/wgBRDfo0IHb3gWhbOuRGMLLMKKvAgMBAAGjUDBOMB0GA1UdDgQWBBRuwpA4lqWaOkwmPcTQR8CH0Iv3vjAfBgNVHSMEGDAWgBRuwpA4lqWaOkwmPcTQR8CH0Iv3vjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBiCmvQmmKqI/8sB312HTEFlvtpbYp429eNCGXWloOOqVQkJaBnvy9YUS/wCgusyKeMBgbgpV0s8bp/gEW2/MnlWW9+fbFuhzRRwvuV/7je1Avv9Y06RH8GKJYwk2j6qcO7Mn9kVhlnlKxGdFxm/i0OBuZnUe/KDxKPjVEdUJbxAFfxdq4cUjfewMuoxsYruIDnLXjTBcj2PbJ6vcPzq/6TYwxRmnrXIAO6Nxe8ZNXn2x2+njwrUKW4WPQ7u3dyHlD+M3iTpm3TwSgg0FSYiBcXhWJLQCJVEb0kbKJ/PDmcvomusQWTL/0epS62azWG8PUUs4v9XeaemAbHqPGh+5Bo",
  "key": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEWwl/Q+nuL8KXbObpVzww1VkHwLF4W9QxrPI1V0Uh6V9rxUjrfSbtWNEQVDwQmoW8M1XjnRnGvdNRd0m6gNEQLKsqRN2xIvPdR0IO+2b+y7WJ9XlwdqHAFSWQJtoHzBAmkRirRMJrQSW5sB/NIBmyVqUdTV/FghNjc+IiPF4X1kxwwOzm7y2zlHZUpiPQknwPbWNeyunj/XQRrqWPg+RXzAKIjbVprxGaT8CexKu6oEaed8BCTO0rJIOkmjXZMl+SDhXQn9GHKFh60UlJddxVngxhX63MAQ1GsO8HsjrLgO3q4LmTDVHkprLy/wgBRDfo0IHb3gWhbOuRGMLLMKKvAgMBAAECggEAJ3uOy1JipYxg+oXhYKYz6jXcMxziEquUXXDDO0qTEiCVGVyQLxn5S9yCHWByu3v2zEMeUCh02GuvJEBySNhCMZhpypQSZ935X1NGyzBuI2ne1SDRDHYuTCt0ZCoLyWmVDcw7Q6UN2vc8mLv7iQmdYSjfBqdaTKK9N1BD9lJhMTWBjxQDaF1yEZQfR1HOVVddJXt8ILOOltuxhu4EuBKsT8ZlCAN5kGx6+FzXlGlSYjWnGoYbERESeDim3JDwGOGX2msPGOmSzF24LnXrPg8IcrwEbzlFRIEzd8yUVA6VNca71uzv/MaOX5+cTtDiAoVdfrk1Ykt1SNNccGKnC7L3MQKBgQD29FIhT21DkUnXlABKj0N9dBSQyQ1HzILmY/YSg7aeBAlatEzCDxHtFaS89wXxosz2vNd1QKIrLrAgSzTLyemi2KVcvsHyo0g0drSq3NlOw5Rz4WRAZNgBcuhFJ8ZD1BJCisdQxQyCRJ3I0pf/D7mGkmovII1WSk/MIEWWvd3P6wKBgQDLjEEOaTeopbnqkJrcL4UbV2GmVAIa9EXSqzRTrPlxVA62n8EEX5YLXTx6yrvWHWtlA4VgRmUGuu1km5DqlnVdVz/l8fSk2HFcdycJgKd189v/tQ+BLu50+1+uaHiWLXo3VEXgv5QKSgPxWEnNPRVbgqOhav2MaACKo9sl3h4LTQKBgQCjyIxD7VKREmW/5TeAO53OMVOGZuE48ikKtdc4lkRibljp4FRcC/SeodEdRlOZ25hGOB5JdHFZZGCJOneshKBAUaDybs1gp+w2Z1gRTeGNvGbTp/N+RaOA6n2jh+qVh6wIl9Py/Iz8RJfE3e7SydIIr0hfMx6p0SU1Q14DyK64uwKBgQCiqM5ESejkqKtNu4lFc+QW2Vl7pZ6ZE6PImnASfiRIYDfx0PBaIlixdCyko+Y/UPtFme635QlOu4qB35+LF/lqQhMaGqS6Jw1QKxfTDDDGnb2tNm/ReEOu0ELCCVJ0EJueI4ZD+FTBdCx6bWdsz+eFXXyNvgYoceQc5px2Qm4X8QKBgHwpmIeHCvU9Erb9X5pY5JR609Ei+a9jksoe0ch7ocZi2NoE3vwjUSZFe/hTkvpf0gUhw1Zmekqhm78Qb4H7Aq7RDbpyCvoRXGS4GulFXM9Tkfe5FejhawT6fG12KLHOSAkJNgdFCPvFOaHlxPoAaBcf1sY/flehjWEwkVDSh0Js"
}
2021-02-09 17:10:42 RESPONSE
CallBackchannelAuthenticationEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 09 Feb 2021 17:10:42 GMT",
  "x-frame-options": "SAMEORIGIN",
  "referrer-policy": "origin",
  "cache-control": "no-cache, no-store",
  "pragma": "no-cache",
  "expires": "Thu, 01 Jan 1970 00:00:00 GMT",
  "content-type": "application/json;charset\u003dutf-8",
  "set-cookie": "PF\u003dyl0e3JFCXuWsveWekl7dLn;Path\u003d/;Secure;HttpOnly;SameSite\u003dNone",
  "transfer-encoding": "chunked"
}
response_body
{"auth_req_id":"PKr3vJ_K8DYI4l_hoE0S_Mo-BZxymABgIsKKY8Wqa4iQC8NhA8aLVRQQ8w","interval":3,"expires_in":120}
2021-02-09 17:10:42
CallBackchannelAuthenticationEndpoint
Backchannel Authentication endpoint response
backchannel_authentication_endpoint_response
{"auth_req_id":"PKr3vJ_K8DYI4l_hoE0S_Mo-BZxymABgIsKKY8Wqa4iQC8NhA8aLVRQQ8w","interval":3,"expires_in":120}
2021-02-09 17:10:42 SUCCESS
CallBackchannelAuthenticationEndpoint
Parsed backchannel authentication endpoint response
auth_req_id
PKr3vJ_K8DYI4l_hoE0S_Mo-BZxymABgIsKKY8Wqa4iQC8NhA8aLVRQQ8w
interval
3
expires_in
120
2021-02-09 17:10:42 SUCCESS
CheckBackchannelAuthenticationEndpointHttpStatus200
Backchannel authentication endpoint http status code was 200
2021-02-09 17:10:42 SUCCESS
CheckBackchannelAuthenticationEndpointContentType
Backchannel authentication endpoint Content-Type: header is application/json
2021-02-09 17:10:42 SUCCESS
CheckIfBackchannelAuthenticationEndpointResponseError
No error from Backchannel authentication endpoint
2021-02-09 17:10:42 SUCCESS
ValidateAuthenticationRequestId
auth_req_id passed all validation checks
2021-02-09 17:10:42 SUCCESS
EnsureMinimumAuthenticationRequestIdLength
auth_req_id is of sufficient length
actual
464
required
128
2021-02-09 17:10:42 SUCCESS
EnsureMinimumAuthenticationRequestIdEntropy
Calculated shannon entropy seems sufficient
actual
294.64348223863544
expected
96.0
2021-02-09 17:10:42 SUCCESS
EnsureRecommendedAuthenticationRequestIdEntropy
Calculated entropy
actual
294.64348223863544
recommended
160.0
2021-02-09 17:10:42 SUCCESS
ValidateAuthenticationRequestIdExpiresIn
expires_in passed all validation checks
expires_in
120
2021-02-09 17:10:42 SUCCESS
ValidateAuthenticationRequestIdInterval
interval passed all validation checks
interval
3
2021-02-09 17:10:42 SUCCESS
RemoveMTLSCertificates
Removed mutual TLS authentication credentials
2021-02-09 17:10:42 SUCCESS
CreateTokenEndpointRequestForCIBAGrant
grant_type
urn:openid:params:grant-type:ciba
2021-02-09 17:10:42
AddAuthReqIdToTokenEndpointRequest
grant_type
urn:openid:params:grant-type:ciba
auth_req_id
PKr3vJ_K8DYI4l_hoE0S_Mo-BZxymABgIsKKY8Wqa4iQC8NhA8aLVRQQ8w
2021-02-09 17:10:42 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
conformance3
sub
conformance3
aud
https://emea-conformance.ping-eng.com:9032/as/token.oauth2
jti
l2dSSDAK6J2cXGUDBzJz
iat
1612890642
exp
1612890702
2021-02-09 17:10:42 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJjb25mb3JtYW5jZTMiLCJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMlwvYXNcL3Rva2VuLm9hdXRoMiIsImlzcyI6ImNvbmZvcm1hbmNlMyIsImV4cCI6MTYxMjg5MDcwMiwiaWF0IjoxNjEyODkwNjQyLCJqdGkiOiJsMmRTU0RBSzZKMmNYR1VEQnpKeiJ9.r9bovDhU6i1AWCzyUcBp6yR4OmtS8rG9zrnXcTwwyabAnOjOXtGgmMS_SZwKraw7BXD-ffH1wEWoqNxpY1ztfg
2021-02-09 17:10:42
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
urn:openid:params:grant-type:ciba
auth_req_id
PKr3vJ_K8DYI4l_hoE0S_Mo-BZxymABgIsKKY8Wqa4iQC8NhA8aLVRQQ8w
client_assertion
eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJjb25mb3JtYW5jZTMiLCJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMlwvYXNcL3Rva2VuLm9hdXRoMiIsImlzcyI6ImNvbmZvcm1hbmNlMyIsImV4cCI6MTYxMjg5MDcwMiwiaWF0IjoxNjEyODkwNjQyLCJqdGkiOiJsMmRTU0RBSzZKMmNYR1VEQnpKeiJ9.r9bovDhU6i1AWCzyUcBp6yR4OmtS8rG9zrnXcTwwyabAnOjOXtGgmMS_SZwKraw7BXD-ffH1wEWoqNxpY1ztfg
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-02-09 17:10:42
CallTokenEndpointAllowingTLSFailure
HTTP request
request_uri
https://emea-conformance.ping-eng.com:9032/as/token.oauth2
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "642"
}
request_body
grant_type=urn%3Aopenid%3Aparams%3Agrant-type%3Aciba&auth_req_id=PKr3vJ_K8DYI4l_hoE0S_Mo-BZxymABgIsKKY8Wqa4iQC8NhA8aLVRQQ8w&client_assertion=eyJraWQiOiIySEt5ejJVYzRGOGhSY3d5dVBnQTVFZ19zYWxuRWU3cGZ1alVrdmoyeWV3IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJjb25mb3JtYW5jZTMiLCJhdWQiOiJodHRwczpcL1wvZW1lYS1jb25mb3JtYW5jZS5waW5nLWVuZy5jb206OTAzMlwvYXNcL3Rva2VuLm9hdXRoMiIsImlzcyI6ImNvbmZvcm1hbmNlMyIsImV4cCI6MTYxMjg5MDcwMiwiaWF0IjoxNjEyODkwNjQyLCJqdGkiOiJsMmRTU0RBSzZKMmNYR1VEQnpKeiJ9.r9bovDhU6i1AWCzyUcBp6yR4OmtS8rG9zrnXcTwwyabAnOjOXtGgmMS_SZwKraw7BXD-ffH1wEWoqNxpY1ztfg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-02-09 17:10:42 SUCCESS
CallTokenEndpointAllowingTLSFailure
Call to token_endpoint failed due to a TLS issue
Stacktrace
  • org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:751)
  • org.springframework.web.client.RestTemplate.execute(RestTemplate.java:677)
  • org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:586)
  • net.openid.conformance.condition.client.CallTokenEndpointAndReturnFullResponse.evaluate(CallTokenEndpointAndReturnFullResponse.java:87)
  • net.openid.conformance.condition.client.CallTokenEndpointAllowingTLSFailure.evaluate(CallTokenEndpointAllowingTLSFailure.java:18)
  • net.openid.conformance.condition.AbstractCondition.execute(AbstractCondition.java:117)
  • net.openid.conformance.testmodule.AbstractTestModule.call(AbstractTestModule.java:331)
  • net.openid.conformance.testmodule.AbstractTestModule.callAndContinueOnFailure(AbstractTestModule.java:156)
  • net.openid.conformance.fapiciba.FAPICIBAID1EnsureMTLSHolderOfKeyRequired.performPostAuthorizationResponse(FAPICIBAID1EnsureMTLSHolderOfKeyRequired.java:109)
  • net.openid.conformance.fapiciba.AbstractFAPICIBAID1.performAuthorizationFlow(AbstractFAPICIBAID1.java:675)
  • net.openid.conformance.fapiciba.FAPICIBAID1EnsureMTLSHolderOfKeyRequired.start(FAPICIBAID1EnsureMTLSHolderOfKeyRequired.java:96)
  • net.openid.conformance.runner.TestRunner.lambda$createTest$1(TestRunner.java:350)
  • net.openid.conformance.runner.TestExecutionManager$BackgroundTask.call(TestExecutionManager.java:41)
  • java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
  • java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
  • java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
  • java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
  • java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
  • java.base/java.lang.Thread.run(Thread.java:834)
Caused by:
  • java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
  • java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
  • java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
  • java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
  • java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
  • java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
  • java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1408)
  • java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1314)
  • java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
  • java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
  • org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
  • org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
  • org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
  • org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:325)
  • org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
  • org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
  • org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
  • org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
  • org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
  • org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
  • org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
  • org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
  • org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87)
  • org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
  • org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
  • org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
  • net.openid.conformance.logging.LoggingRequestInterceptor.intercept(LoggingRequestInterceptor.java:33)
  • org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
  • org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
  • org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
  • org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
  • org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:742)
  • org.springframework.web.client.RestTemplate.execute(RestTemplate.java:677)
  • org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:586)
  • net.openid.conformance.condition.client.CallTokenEndpointAndReturnFullResponse.evaluate(CallTokenEndpointAndReturnFullResponse.java:87)
  • net.openid.conformance.condition.client.CallTokenEndpointAllowingTLSFailure.evaluate(CallTokenEndpointAllowingTLSFailure.java:18)
  • net.openid.conformance.condition.AbstractCondition.execute(AbstractCondition.java:117)
  • net.openid.conformance.testmodule.AbstractTestModule.call(AbstractTestModule.java:331)
  • net.openid.conformance.testmodule.AbstractTestModule.callAndContinueOnFailure(AbstractTestModule.java:156)
  • net.openid.conformance.fapiciba.FAPICIBAID1EnsureMTLSHolderOfKeyRequired.performPostAuthorizationResponse(FAPICIBAID1EnsureMTLSHolderOfKeyRequired.java:109)
  • net.openid.conformance.fapiciba.AbstractFAPICIBAID1.performAuthorizationFlow(AbstractFAPICIBAID1.java:675)
  • net.openid.conformance.fapiciba.FAPICIBAID1EnsureMTLSHolderOfKeyRequired.start(FAPICIBAID1EnsureMTLSHolderOfKeyRequired.java:96)
  • net.openid.conformance.runner.TestRunner.lambda$createTest$1(TestRunner.java:350)
  • net.openid.conformance.runner.TestExecutionManager$BackgroundTask.call(TestExecutionManager.java:41)
  • java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
  • java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
  • java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
  • java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
  • java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
  • java.base/java.lang.Thread.run(Thread.java:834)
error_class
org.springframework.web.client.ResourceAccessException
cause_class
javax.net.ssl.SSLHandshakeException
cause
Received fatal alert: bad_certificate
error
I/O error on POST request for "https://emea-conformance.ping-eng.com:9032/as/token.oauth2": Received fatal alert: bad_certificate; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
2021-02-09 17:10:42 FINISHED
fapi-ciba-id1-ensure-mtls-holder-of-key-required
Test has run to completion
testmodule_result
PASSED
Unregister dynamically registered client
2021-02-09 17:10:42 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
Test Results