Test Name | fapi1-advanced-final-user-rejects-authentication |
---|---|
Variant | client_auth_type=mtls, fapi_auth_request_method=pushed, fapi_profile=openbanking_brazil, fapi_response_mode=jarm |
Test ID | lnPfd9DS0x8qgag https://www.certification.openid.net/log-detail.html?public=true&log=lnPfd9DS0x8qgag |
Created | 2021-07-02T10:55:30.552047Z |
Description | Authlete Brazil Test (mtls + jarm) |
Test Version | 4.1.17 |
Test Owner | 101874133976679916132 https://accounts.google.com |
Plan ID | ZWM83lhteUHYJ https://www.certification.openid.net/plan-detail.html?public=true&plan=ZWM83lhteUHYJ |
Exported From | https://www.certification.openid.net |
Exported By | 101874133976679916132 https://accounts.google.com |
Suite Version | 4.1.19 |
Exported | 2021-07-14 17:33:53 (UTC) |
Status: FINISHED Result: PASSED |
SUCCESS 142 FAILURE 0 WARNING 0 REVIEW 0 INFO 13 |
2021-07-02 10:55:30 |
INFO
|
TEST-RUNNER
Test instance lnPfd9DS0x8qgag created
|
||||||||||||||
|
2021-07-02 10:55:30 |
SUCCESS
|
CreateRedirectUri
Created redirect URI
|
||
|
2021-07-02 10:55:30 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2021-07-02 10:55:31 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2021-07-02 10:55:31 |
|
GetDynamicServerConfiguration
Downloaded server configuration
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2021-07-02 10:55:31 | SUCCESS |
AddMTLSEndpointAliasesToEnvironment
Added mtls_endpoint_aliases to environment
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2021-07-02 10:55:31 |
|
FetchServerKeys
Fetching server key
|
||
|
2021-07-02 10:55:31 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2021-07-02 10:55:31 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2021-07-02 10:55:31 |
|
FetchServerKeys
Found JWK set string
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2021-07-02 10:55:31 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2021-07-02 10:55:31 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2021-07-02 10:55:31 | SUCCESS |
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2021-07-02 10:55:31 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||
|
2021-07-02 10:55:31 |
|
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
|
|
2021-07-02 10:55:31 |
SUCCESS
|
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
|
|
2021-07-02 10:55:31 |
|
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
|
|
2021-07-02 10:55:31 |
SUCCESS
|
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
|
||||
|
2021-07-02 10:55:31 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2021-07-02 10:55:31 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2021-07-02 10:55:31 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2021-07-02 10:55:31 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2021-07-02 10:55:31 | SUCCESS |
FAPIBrazilCheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
|
||
|
2021-07-02 10:55:31 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
Verify configuration of second client |
2021-07-02 10:55:31 |
SUCCESS
|
GetStaticClient2Configuration
Found a static second client object
|
||||||
|
2021-07-02 10:55:31 |
|
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
|
|
2021-07-02 10:55:31 |
SUCCESS
|
ValidateMTLSCertificates2Header
MTLS certificates header is valid
|
|
2021-07-02 10:55:31 |
|
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
|
|
2021-07-02 10:55:31 |
SUCCESS
|
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
|
||||
|
2021-07-02 10:55:31 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2021-07-02 10:55:31 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2021-07-02 10:55:31 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2021-07-02 10:55:31 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2021-07-02 10:55:31 | SUCCESS |
FAPIBrazilCheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
|
||
|
2021-07-02 10:55:31 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
2021-07-02 10:55:31 |
SUCCESS
|
GetResourceEndpointConfiguration
Found a resource endpoint object
|
||||||
|
2021-07-02 10:55:31 |
SUCCESS
|
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
|
||||
|
2021-07-02 10:55:31 |
|
fapi1-advanced-final-user-rejects-authentication
Setup Done
|
|
Use client_credentials grant to obtain Brazil consent |
2021-07-02 10:55:31 |
SUCCESS
|
CreateTokenEndpointRequestForClientCredentialsGrant
|
||||
|
2021-07-02 10:55:31 |
SUCCESS
|
SetConsentsScopeOnTokenEndpointRequest
Set scope parameter to 'consents'
|
||||
|
2021-07-02 10:55:31 |
SUCCESS
|
AddClientIdToTokenEndpointRequest
|
||||||
|
2021-07-02 10:55:31 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2021-07-02 10:55:31 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2021-07-02 10:55:31 |
|
CallTokenEndpoint
Token endpoint response
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
2021-07-02 10:55:31 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2021-07-02 10:55:31 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2021-07-02 10:55:31 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2021-07-02 10:55:31 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2021-07-02 10:55:31 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
FAPIBrazilCreateConsentRequest
|
||
|
2021-07-02 10:55:31 |
SUCCESS
|
FAPIBrazilAddExpirationToConsentRequest
Added expiration time to consent request
|
||
|
2021-07-02 10:55:31 |
|
CallConsentEndpointWithBearerToken
HTTP request
|
||||||||||
|
2021-07-02 10:55:32 |
RESPONSE
|
CallConsentEndpointWithBearerToken
HTTP response
|
||||||||
|
2021-07-02 10:55:32 |
|
CallConsentEndpointWithBearerToken
Consent endpoint response
|
||
|
2021-07-02 10:55:32 |
SUCCESS
|
CallConsentEndpointWithBearerToken
Parsed consent endpoint response
|
||||
|
2021-07-02 10:55:32 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2021-07-02 10:55:32 |
SUCCESS
|
ExtractConsentIdFromConsentEndpointResponse
Extracted the consent id
|
||
|
2021-07-02 10:55:32 |
SUCCESS
|
FAPIBrazilAddConsentIdToClientScope
Added scope of 'openid accounts consent:urn:example:1389e49b-9554-4200-9668-7bcbc19eb1f2' to client's scope
|
||||||
|
Make request to authorization endpoint |
2021-07-02 10:55:32 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2021-07-02 10:55:32 |
|
CreateRandomStateValue
Created state value
|
||||
|
2021-07-02 10:55:32 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||
|
2021-07-02 10:55:32 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2021-07-02 10:55:32 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||
|
2021-07-02 10:55:32 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
|
||||||||||||
|
2021-07-02 10:55:32 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
|
||||||||||||||
|
2021-07-02 10:55:32 |
|
CreateRandomCodeVerifier
Created code_verifier value
|
||
|
2021-07-02 10:55:32 |
|
CreateS256CodeChallenge
Created code_challenge value
|
||
|
2021-07-02 10:55:32 | SUCCESS |
AddCodeChallengeToAuthorizationEndpointRequest
Added code_challenge and code_challenge_method parameters to request
|
||||||||||||||||||
|
2021-07-02 10:55:32 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2021-07-02 10:55:32 | SUCCESS |
AddNbfToRequestObject
Added nbf to request object claims
|
||
|
2021-07-02 10:55:32 | SUCCESS |
AddExpToRequestObject
Added exp to request object claims
|
||
|
2021-07-02 10:55:32 | SUCCESS |
AddAudToRequestObject
Added aud to request object claims
|
||
|
2021-07-02 10:55:32 | SUCCESS |
AddIssToRequestObject
Added iss to request object claims
|
||
|
2021-07-02 10:55:32 | SUCCESS |
AddClientIdToRequestObject
Added client_id to request object claims
|
||
|
2021-07-02 10:55:32 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2021-07-02 10:55:32 |
SUCCESS
|
BuildRequestObjectPostToPAREndpoint
|
||
|
2021-07-02 10:55:32 |
SUCCESS
|
AddClientIdToPAREndpointRequest
|
||||
|
2021-07-02 10:55:32 |
|
CallPAREndpoint
HTTP request
|
||||||||||
|
2021-07-02 10:55:32 |
RESPONSE
|
CallPAREndpoint
HTTP response
|
||||||||
|
2021-07-02 10:55:32 | SUCCESS |
CallPAREndpoint
Storing pushed_authorization_endpoint_response_http_status 201
|
|
2021-07-02 10:55:32 | SUCCESS |
CallPAREndpoint
Parsed pushed authorization request endpoint response
|
||||
|
2021-07-02 10:55:32 | SUCCESS |
CheckIfPAREndpointResponseError
pushed authorization request endpoint correct response.
|
|
2021-07-02 10:55:32 | SUCCESS |
CheckForRequestUriValue
Found valid request_uri
|
||
|
2021-07-02 10:55:32 | SUCCESS |
CheckForPARResponseExpiresIn
Found expires_in
|
||
|
2021-07-02 10:55:32 |
SUCCESS
|
ExtractRequestUriFromPARResponse
Extracted the request_uri: urn:ietf:params:oauth:request_uri:GA9k84vni2kNqtBhAeSYgggdSztNnZgWjGfG5r86TFY
|
|
2021-07-02 10:55:32 | SUCCESS |
EnsureMinimumRequestUriEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2021-07-02 10:55:32 | SUCCESS |
BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2021-07-02 10:55:32 |
REDIRECT
|
fapi1-advanced-final-user-rejects-authentication
Redirecting to authorization endpoint
|
||
|
2021-07-02 10:55:32 |
|
WebRunner
Scripted browser HTTP request
|
||||||
|
2021-07-02 10:55:32 |
RESPONSE
|
WebRunner
Scripted browser HTTP response
|
||||||||
|
2021-07-02 10:55:32 |
INFO
|
WebRunner
Entering text
|
||||||||||||
|
2021-07-02 10:55:32 |
INFO
|
WebRunner
Entering text
|
||||||||||||
|
2021-07-02 10:55:32 |
INFO
|
WebRunner
Clicking an element
|
||||||||||
|
2021-07-02 10:55:33 |
INCOMING
|
fapi1-advanced-final-user-rejects-authentication
Incoming HTTP request to test instance lnPfd9DS0x8qgag
|
||||||||||||||
|
2021-07-02 10:55:33 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2021-07-02 10:55:33 |
OUTGOING
|
fapi1-advanced-final-user-rejects-authentication
Response to HTTP request to test instance lnPfd9DS0x8qgag
|
||||
|
2021-07-02 10:55:33 |
INFO
|
WebRunner
Completed processing of webpage
|
||||||||||||
|
2021-07-02 10:55:33 |
INFO
|
WebRunner
Waiting
|
||||||||||||||||
|
2021-07-02 10:55:33 |
INCOMING
|
fapi1-advanced-final-user-rejects-authentication
Incoming HTTP request to test instance lnPfd9DS0x8qgag
|
||||||||||||||
|
2021-07-02 10:55:33 |
OUTGOING
|
fapi1-advanced-final-user-rejects-authentication
Response to HTTP request to test instance lnPfd9DS0x8qgag
|
||||||||
|
2021-07-02 10:55:33 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
|
|
2021-07-02 10:55:33 |
REDIRECT-IN
|
fapi1-advanced-final-user-rejects-authentication
Authorization endpoint response captured
|
||||||||||
|
Verify authorization endpoint response |
2021-07-02 10:55:33 | SUCCESS |
ExtractJARMFromURLQuery
Found and parsed the jarm_response from callback_query_params
|
||||||
|
2021-07-02 10:55:33 | SUCCESS |
RejectNonJarmResponsesInUrlQuery
Authorization endpoint response only includes the JARM JWT.
|
|
2021-07-02 10:55:33 |
SUCCESS
|
ExtractAuthorizationEndpointResponseFromJARMResponse
Extracted the authorization response
|
||||||||
|
2021-07-02 10:55:33 | SUCCESS |
ValidateJARMResponse
JARM response standard JWT claims are valid
|
|
2021-07-02 10:55:33 | SUCCESS |
ValidateJARMExpRecommendations
JARM response 'exp' is less than 10 minutes
|
||||
|
2021-07-02 10:55:33 | SUCCESS |
ValidateJARMSignatureUsingKid
jarm_response signature validated
|
||
|
2021-07-02 10:55:33 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2021-07-02 10:55:33 |
SUCCESS
|
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2021-07-02 10:55:33 | SUCCESS |
EnsureErrorFromAuthorizationEndpointResponse
Authorization endpoint returned an error
|
||||||||
|
2021-07-02 10:55:33 | SUCCESS |
CheckForUnexpectedParametersInErrorResponseFromAuthorizationEndpoint
error response includes only expected parameters
|
||||||||
|
2021-07-02 10:55:33 | SUCCESS |
ExpectAccessDeniedErrorFromAuthorizationEndpointDueToUserRejectingRequest
error parameter is correctly 'access_denied'
|
|
Second client: Setup |
2021-07-02 10:55:33 | SUCCESS |
AddRedirectUriQuerySuffix
Created redirect URI query suffix to test that query sections in the registered redirect url are handled correctly. The redirect url, including this suffix, must be registered for the client as per http://openid.net/certification/fapi_op_testing/
|
||
|
2021-07-02 10:55:33 |
|
CreateRedirectUri
Appending suffix to redirect URI
|
||
|
2021-07-02 10:55:33 | SUCCESS |
CreateRedirectUri
Created redirect URI
|
||
|
Second client: Use client_credentials grant to obtain Brazil consent |
2021-07-02 10:55:33 |
SUCCESS
|
CreateTokenEndpointRequestForClientCredentialsGrant
|
||||
|
2021-07-02 10:55:33 |
SUCCESS
|
SetConsentsScopeOnTokenEndpointRequest
Set scope parameter to 'consents'
|
||||
|
2021-07-02 10:55:33 |
SUCCESS
|
AddClientIdToTokenEndpointRequest
|
||||||
|
2021-07-02 10:55:33 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2021-07-02 10:55:33 |
INFO
|
WebRunner
Completed processing of webpage
|
||||||||||||
|
2021-07-02 10:55:33 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2021-07-02 10:55:33 |
|
CallTokenEndpoint
Token endpoint response
|
||
|
2021-07-02 10:55:33 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
2021-07-02 10:55:33 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2021-07-02 10:55:33 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2021-07-02 10:55:33 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2021-07-02 10:55:33 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2021-07-02 10:55:33 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2021-07-02 10:55:33 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2021-07-02 10:55:33 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2021-07-02 10:55:33 |
SUCCESS
|
FAPIBrazilCreateConsentRequest
|
||
|
2021-07-02 10:55:33 |
SUCCESS
|
FAPIBrazilAddExpirationToConsentRequest
Added expiration time to consent request
|
||
|
2021-07-02 10:55:33 |
|
CallConsentEndpointWithBearerToken
HTTP request
|
||||||||||
|
2021-07-02 10:55:34 |
RESPONSE
|
CallConsentEndpointWithBearerToken
HTTP response
|
||||||||
|
2021-07-02 10:55:34 |
|
CallConsentEndpointWithBearerToken
Consent endpoint response
|
||
|
2021-07-02 10:55:34 |
SUCCESS
|
CallConsentEndpointWithBearerToken
Parsed consent endpoint response
|
||||
|
2021-07-02 10:55:34 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2021-07-02 10:55:34 |
SUCCESS
|
ExtractConsentIdFromConsentEndpointResponse
Extracted the consent id
|
||
|
2021-07-02 10:55:34 |
SUCCESS
|
FAPIBrazilAddConsentIdToClientScope
Added scope of 'openid accounts consent:urn:example:cc25ce35-99e5-4fcd-bce8-d126a5b8f379' to client's scope
|
||||||
|
Second client: Make request to authorization endpoint |
2021-07-02 10:55:34 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2021-07-02 10:55:34 |
|
CreateRandomStateValue
Created state value
|
||||
|
2021-07-02 10:55:34 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||
|
2021-07-02 10:55:34 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2021-07-02 10:55:34 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||
|
2021-07-02 10:55:34 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
|
||||||||||||
|
2021-07-02 10:55:34 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
|
||||||||||||||
|
2021-07-02 10:55:34 |
|
CreateRandomCodeVerifier
Created code_verifier value
|
||
|
2021-07-02 10:55:34 |
|
CreateS256CodeChallenge
Created code_challenge value
|
||
|
2021-07-02 10:55:34 | SUCCESS |
AddCodeChallengeToAuthorizationEndpointRequest
Added code_challenge and code_challenge_method parameters to request
|
||||||||||||||||||
|
2021-07-02 10:55:34 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2021-07-02 10:55:34 |
SUCCESS
|
AddIatToRequestObject
Added iat to request object claims
|
||
|
2021-07-02 10:55:34 | SUCCESS |
AddNbfToRequestObject
Added nbf to request object claims
|
||
|
2021-07-02 10:55:34 | SUCCESS |
AddExpToRequestObject
Added exp to request object claims
|
||
|
2021-07-02 10:55:34 | SUCCESS |
AddAudToRequestObject
Added aud to request object claims
|
||
|
2021-07-02 10:55:34 | SUCCESS |
AddIssToRequestObject
Added iss to request object claims
|
||
|
2021-07-02 10:55:34 | SUCCESS |
AddClientIdToRequestObject
Added client_id to request object claims
|
||
|
2021-07-02 10:55:34 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2021-07-02 10:55:34 |
SUCCESS
|
BuildRequestObjectPostToPAREndpoint
|
||
|
2021-07-02 10:55:34 |
SUCCESS
|
AddClientIdToPAREndpointRequest
|
||||
|
2021-07-02 10:55:34 |
|
CallPAREndpoint
HTTP request
|
||||||||||
|
2021-07-02 10:55:34 |
RESPONSE
|
CallPAREndpoint
HTTP response
|
||||||||
|
2021-07-02 10:55:34 | SUCCESS |
CallPAREndpoint
Storing pushed_authorization_endpoint_response_http_status 201
|
|
2021-07-02 10:55:34 | SUCCESS |
CallPAREndpoint
Parsed pushed authorization request endpoint response
|
||||
|
2021-07-02 10:55:34 | SUCCESS |
CheckIfPAREndpointResponseError
pushed authorization request endpoint correct response.
|
|
2021-07-02 10:55:34 | SUCCESS |
CheckForRequestUriValue
Found valid request_uri
|
||
|
2021-07-02 10:55:34 | SUCCESS |
CheckForPARResponseExpiresIn
Found expires_in
|
||
|
2021-07-02 10:55:34 |
SUCCESS
|
ExtractRequestUriFromPARResponse
Extracted the request_uri: urn:ietf:params:oauth:request_uri:x7pjEw1RRuOJHDIG88GotW8J-3Q5cfKA_kWjfOt1-io
|
|
2021-07-02 10:55:34 | SUCCESS |
EnsureMinimumRequestUriEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2021-07-02 10:55:34 | SUCCESS |
BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2021-07-02 10:55:34 |
REDIRECT
|
fapi1-advanced-final-user-rejects-authentication
Redirecting to authorization endpoint
|
||
|
2021-07-02 10:55:34 |
|
WebRunner
Scripted browser HTTP request
|
||||||
|
2021-07-02 10:55:35 |
RESPONSE
|
WebRunner
Scripted browser HTTP response
|
||||||||
|
2021-07-02 10:55:35 |
INFO
|
WebRunner
Entering text
|
||||||||||||
|
2021-07-02 10:55:35 |
INFO
|
WebRunner
Entering text
|
||||||||||||
|
2021-07-02 10:55:35 |
INFO
|
WebRunner
Clicking an element
|
||||||||||
|
2021-07-02 10:55:35 |
INCOMING
|
fapi1-advanced-final-user-rejects-authentication
Incoming HTTP request to test instance lnPfd9DS0x8qgag
|
||||||||||||||
|
2021-07-02 10:55:35 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2021-07-02 10:55:35 |
OUTGOING
|
fapi1-advanced-final-user-rejects-authentication
Response to HTTP request to test instance lnPfd9DS0x8qgag
|
||||
|
2021-07-02 10:55:35 |
INFO
|
WebRunner
Completed processing of webpage
|
||||||||||||
|
2021-07-02 10:55:35 |
INFO
|
WebRunner
Waiting
|
||||||||||||||||
|
2021-07-02 10:55:35 |
INCOMING
|
fapi1-advanced-final-user-rejects-authentication
Incoming HTTP request to test instance lnPfd9DS0x8qgag
|
||||||||||||||
|
2021-07-02 10:55:35 |
OUTGOING
|
fapi1-advanced-final-user-rejects-authentication
Response to HTTP request to test instance lnPfd9DS0x8qgag
|
||||||||
|
2021-07-02 10:55:35 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
|
|
2021-07-02 10:55:35 |
REDIRECT-IN
|
fapi1-advanced-final-user-rejects-authentication
Authorization endpoint response captured
|
||||||||||
|
Second client: Verify authorization endpoint response |
2021-07-02 10:55:35 | SUCCESS |
ExtractJARMFromURLQuery
Found and parsed the jarm_response from callback_query_params
|
||||||
|
2021-07-02 10:55:35 | SUCCESS |
RejectNonJarmResponsesInUrlQuery
Authorization endpoint response only includes the JARM JWT.
|
|
2021-07-02 10:55:35 |
SUCCESS
|
ExtractAuthorizationEndpointResponseFromJARMResponse
Extracted the authorization response
|
||||||||
|
2021-07-02 10:55:35 | SUCCESS |
ValidateJARMResponse
JARM response standard JWT claims are valid
|
|
2021-07-02 10:55:35 | SUCCESS |
ValidateJARMExpRecommendations
JARM response 'exp' is less than 10 minutes
|
||||
|
2021-07-02 10:55:35 | SUCCESS |
ValidateJARMSignatureUsingKid
jarm_response signature validated
|
||
|
2021-07-02 10:55:35 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2021-07-02 10:55:35 |
SUCCESS
|
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2021-07-02 10:55:35 | SUCCESS |
EnsureErrorFromAuthorizationEndpointResponse
Authorization endpoint returned an error
|
||||||||
|
2021-07-02 10:55:35 | SUCCESS |
CheckForUnexpectedParametersInErrorResponseFromAuthorizationEndpoint
error response includes only expected parameters
|
||||||||
|
2021-07-02 10:55:35 | SUCCESS |
ExpectAccessDeniedErrorFromAuthorizationEndpointDueToUserRejectingRequest
error parameter is correctly 'access_denied'
|
|
2021-07-02 10:55:35 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
||||
|
2021-07-02 10:55:35 |
INFO
|
WebRunner
Completed processing of webpage
|
||||||||||||
|
2021-07-02 10:55:35 |
FINISHED
|
fapi1-advanced-final-user-rejects-authentication
Test has run to completion
|
||
|
2021-07-02 10:55:36 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|