Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-07-01 15:55:19 INFO
TEST-RUNNER
Test instance sTV3wMwFqKpm4dr created
baseUrl
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "pushed",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
oidc-provider-pushed-mtls-plain_fapi-jarm
description
planId
Sc1jBPZ4oxNFo
config
{
  "alias": "oidc-provider-pushed-mtls-plain_fapi-jarm",
  "automated_ciba_approval_url": "https://fapi.panva.cz/ciba-sim?authReqId\u003d{auth_req_id}\u0026action\u003d{action}",
  "server": {
    "discoveryUrl": "https://fapi.panva.cz/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "mtls-one",
    "client_name": "mtls-one",
    "scope": "openid offline_access",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "xBJ1vPOR6ftkO5figrSjzsHzyFTiyrIYMoFiAFwvM-UypwNTfamwdgb6Q6VlCnV62Lgc1nDR_zx8Kyb1-NgBxnlwmSQ0l87kR_d-P34zEB0xSarqD-K84lJUSX0_qcCXLr4MYBiyOcYMzag-4GWaf_S1ZuTnV1NaaEL4lHpfocFeXok9a9XznuSzol5C8Kd5AS5ahq7UTxSCGvttKpL5xYeWXJ0Zjpptr3AJyOzmjXNq0ix1W75BbmPJjBMfK7bYatHUMsstVHLnYt3CwiNsfD8dKkBVKlh-C4DWo-1WY5VNTTxPC47Ejy2rGbDLJ9MLdtn6Pr-WyW2mdzd0EKjNFQ",
          "d": "quAXoet3373KFbGBoz2AgOFA7vcji1j4g5OEcCHmtUhrA2h_q8Vl1wavtqJ-00WdISAbabt7GACDiivzM8I0kd8mBSCrgR26jwmfCgCWydVXLgd44w1MZcUwVbeE8xC38PGJ4XnEYVs7r0OQQInrwtXl_d1BzDYFVVYAQ43-p_1SGASfHv052IJjPKgePFoeheT1xVNS1fCZTSWmFEVPXhbY_LQpnm8DwkR5-hmX-oSjjaJHQoHh4OP8uJ25YAwoMs3-7QOardbEu_DsseeWoQ1MRjnovDWxsxCWa-XTMIPrwF4zP4y-WbtVFILFH7e5fo2WLd5vYSxjOJkiW3TSJQ",
          "p": "4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT-O64yHJzc17e9lt-p89GasTtkgeEH_lr-XxScVBYndi_8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI_KPGfoZC1etR102-dS1ZufxzwSo64drw-HPuwaIkXvmpK4MBI9jEYoOHh9KR8",
          "q": "3oRU_iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI-wTL7-ikx040lL9IRRtgub47-9IvxxaGaIRzsFwa-15D7TCE7K8BydH0s",
          "dp": "ivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX_RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm-wTEILcaqT6uLf7HK8",
          "dq": "TpZaFi6YTiNKuOeKCHrUzTKDTvc2hU4W92VsNHDgi25V_Od8ZdaHPa6Xngs4CZ56TseRrOVxjQBDDKagwLq-GgNWaJ-irGQvDISFj2Y8zWAcnntMLLzKvTAvYdTC64r1gnRBD5RmCDetqu-RdhfQRaf4zoEqMmRlz-dUER1p-KU",
          "qi": "ITLsaxLewCPcaJOYKRW9HeApKVIqYlQuYj7wShPq3NiEy_KqgIc-2WXYMfMF6oDoiXYMrP6AVsqWfb4us9StvauAr17yp1kf1ffpazy71gD9VqwZBFQUgBwVw1agEFfv2cFD_z3Os-5to3ZGH0Eq5QQYsoDMN_UkjOx5SvyN2_A",
          "kty": "RSA",
          "kid": "rxZogVFbs1tz36D4tmlW0yEHUTfD_mxyF3RSWBe5eHI",
          "alg": "PS256",
          "use": "sig",
          "x5c": [
            "MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc\u003d"
          ],
          "x5t#S256": "E-TFTHXRZVsBSvZ5p5mc7ZZMle2Urpv9yr9PdGcOqXQ"
        }
      ]
    },
    "hint_type": "login_hint",
    "hint_value": "panva"
  },
  "mtls": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD\nWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4\nMTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwG\nUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9\nqbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP\n4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r\n1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVb\nvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8L\njsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQAD\nggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjS\nozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZ\nybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3\n+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4K\nnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2h\nTfkwHHtW2BegWR/q3+q9gs7uehc\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEEnW885Hp+2Q7\nl+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwr\nJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzN\nqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa\n+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi\n3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3\nN3QQqM0VAgMBAAECggEBAKrgF6Hrd9+9yhWxgaM9gIDhQO73I4tY+IOThHAh5rVI\nawNof6vFZdcGr7aiftNFnSEgG2m7exgAg4or8zPCNJHfJgUgq4Eduo8JnwoAlsnV\nVy4HeOMNTGXFMFW3hPMQt/DxieF5xGFbO69DkECJ68LV5f3dQcw2BVVWAEON/qf9\nUhgEnx79OdiCYzyoHjxaHoXk9cVTUtXwmU0lphRFT14W2Py0KZ5vA8JEefoZl/qE\no42iR0KB4eDj/LiduWAMKDLN/u0Dmq3WxLvw7LHnlqENTEY56Lw1sbMQlmvl0zCD\n68BeMz+Mvlm7VRSCxR+3uX6Nli3eb2EsYziZIlt00iUCgYEA4ZNvp0u6vXQAf7IG\nESuhu3u4cD6K8iJ6BT+O64yHJzc17e9lt+p89GasTtkgeEH/lr+XxScVBYndi/8v\naqsA47bkIoWVvcXq7C4jkv0bPelpaI/KPGfoZC1etR102+dS1ZufxzwSo64drw+H\nPuwaIkXvmpK4MBI9jEYoOHh9KR8CgYEA3oRU/iCWvKOGHlR9BmcBysVGmkvBwj8X\nLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7\nyczWFLPXbUNVqC5OLI+wTL7+ikx040lL9IRRtgub47+9IvxxaGaIRzsFwa+15D7T\nCE7K8BydH0sCgYEAivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX/RloFfHGPEaB8q7\nl5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdsl\nFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm+wTEILcaqT6uLf7HK8CgYBO\nlloWLphOI0q454oIetTNMoNO9zaFThb3ZWw0cOCLblX853xl1oc9rpeeCzgJnnpO\nx5Gs5XGNAEMMpqDAur4aA1Zon6KsZC8MhIWPZjzNYByee0wsvMq9MC9h1MLrivWC\ndEEPlGYIN62q75F2F9BFp/jOgSoyZGXP51QRHWn4pQKBgCEy7GsS3sAj3GiTmCkV\nvR3gKSlSKmJULmI+8EoT6tzYhMvyqoCHPtll2DHzBeqA6Il2DKz+gFbKln2+LrPU\nrb2rgK9e8qdZH9X36Ws8u9YA/VasGQRUFIAcFcNWoBBX79nBQ/89zrPubaN2Rh9B\nKuUEGLKAzDf1JIzseUr8jdvw\n-----END PRIVATE KEY-----\n"
  },
  "client2": {
    "client_id": "mtls-two",
    "client_name": "mtls-two",
    "scope": "openid offline_access",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "4alQGjLL5whE8w7SsHysWQtY8CDoSMlKfMaftqDfqScLaj9FKZC5U1ezA_eB2Ui9593_YbBumqaUUBhgCdk4TsNTfc5QK-0pPWB-hrbt22Eg70usGio1aMRq65i38rqBG79zw6jFrjoxNzE_xtZ8FAYCBCmAK_IYs2PHVBNGdqlryhWSY-nrYwlxKaY17sJUrrB1sP7Y_3jzDMTACTDz4cyXoegC-4lCgYrCcrD7mlq0vZ7XT8b_T0uNLL-nGU-MKMZhOraUwpAMWm16gNuUoCTsijo574PgTzZa7nC6h8NxK1q8WEy_fXB6oXsTuiuBWrKVt_tZLlnd32OApvs5Ew",
          "d": "SlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F_T6qKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK-yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2CTrAbUUcD7q18FnxoYuCB9HTcmd82tgve-DIVstYlaqcL9PkCifcloblFB_GNbToEdiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv-kR5u3AWGGGtlhZ3dvU7-i0P7n4dKseQyyd9v_QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul_RYnlFGuiKUXSV_r_t_dEppsKM4moJ8n6qzsoZf6czR5NwQ",
          "p": "_supybPbDRLiAWtiYxGSGIVV41UTvV5LrKjd2qCslOPF_iYOP1wyTFOjUWjBHWqaaPCYMpK4NIdnDUuCQ5K8Nz8FaIWkdUksDXJYO3FZR-dBzulkyKwNZQE-1VwT7MYlIih695zaYdtnIRw0cN6oYW5bheDYdE13SzcLK3XGMqE",
          "q": "4rpkthJwjk-brxKVuDIxUVXiwbArdbQLn1UXBdl54Mn4C5ntMy50BofGaqxx6WZoGUATNwD5w7Sf1KsxCMIObLr6xNVNpUnI766VaV69WYiFdB3N8BBi3L4Jmb1hLXIyX2WITTHY2w5UKOYwD6pKCa5FldqArm5slJCpmtffQzM",
          "dp": "ApnXoNx6JvcDYZpUBcjfIeryhoCO1AcLZLbQlPPA70An_EEtMg5h4Q-VgjY8im1VKC8Ujqeaw8aCEcush74Ot82n43pBxIS7s2NwbSLqE2bT8CXHxpijBl3t40WuWmNna6LYJoDuZcNUmSztiB1twJjczFAQRZeo2Ra1wXrRTCE",
          "dq": "jpFaZsrtj-8rHEl5b9vP-y8gaV7X1Smj7UraMUlxRBJ8MP9Xkklxl_GkqMtKzdMhPk92Ra4NYCyiHF6RdMphu6lPqpneO0NMYLrNJPb35ebc1Akxx_Tl1ZyB-PSGuMcIOchkjvX7QLOf5B_qtM8Fw1ScWQCOziCNklXs8Hsx3tU",
          "qi": "Z_CBJI5NGWkGZjkLM4fqq8U2hFM9Y5IHsn9Y8vvst3-mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q-AWluiUxB-b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7_PeUpB63LmMjtyLdMlGAIorVbtD1xAn2WaYuEb5Q",
          "kty": "RSA",
          "kid": "LJuZnTrnhtSbpcjnu4pq3Xvrmzy6sI_fUOd7L7Bh9to",
          "alg": "PS256",
          "use": "sig",
          "x5c": [
            "MIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4MTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyWS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XBKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbTLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0aDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgnAWzRJlZD89KZAQgjj4Z215QeLxA\u003d"
          ],
          "x5t#S256": "B_QzvtQ9biL043xj_ADE7e9MUdWwbdAr3W3W7JHbK9c"
        }
      ]
    },
    "acr_value": "urn:mace:incommon:iap:silver"
  },
  "mtls2": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD\nWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4\nMTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwG\nUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0Up\nkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6wa\nKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj\n6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdP\nxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxY\nTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQAD\nggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyW\nS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XB\nKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbT\nLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0a\nDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgn\nAWzRJlZD89KZAQgjj4Z215QeLxA\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhqVAaMsvnCETz\nDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQ\nGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3\nMT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMM\nxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxa\nbXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3f\nY4Cm+zkTAgMBAAECggEASlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F/T6q\nKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK+yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2C\nTrAbUUcD7q18FnxoYuCB9HTcmd82tgve+DIVstYlaqcL9PkCifcloblFB/GNbToE\ndiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv+kR5u3AWGGGtlhZ3dvU7+i0P7n4\ndKseQyyd9v/QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul/RYnl\nFGuiKUXSV/r/t/dEppsKM4moJ8n6qzsoZf6czR5NwQKBgQD+y6nJs9sNEuIBa2Jj\nEZIYhVXjVRO9XkusqN3aoKyU48X+Jg4/XDJMU6NRaMEdappo8Jgykrg0h2cNS4JD\nkrw3PwVohaR1SSwNclg7cVlH50HO6WTIrA1lAT7VXBPsxiUiKHr3nNph22chHDRw\n3qhhbluF4Nh0TXdLNwsrdcYyoQKBgQDiumS2EnCOT5uvEpW4MjFRVeLBsCt1tAuf\nVRcF2XngyfgLme0zLnQGh8ZqrHHpZmgZQBM3APnDtJ/UqzEIwg5suvrE1U2lScjv\nrpVpXr1ZiIV0Hc3wEGLcvgmZvWEtcjJfZYhNMdjbDlQo5jAPqkoJrkWV2oCubmyU\nkKma199DMwKBgAKZ16Dceib3A2GaVAXI3yHq8oaAjtQHC2S20JTzwO9AJ/xBLTIO\nYeEPlYI2PIptVSgvFI6nmsPGghHLrIe+DrfNp+N6QcSEu7NjcG0i6hNm0/Alx8aY\nowZd7eNFrlpjZ2ui2CaA7mXDVJks7YgdbcCY3MxQEEWXqNkWtcF60UwhAoGBAI6R\nWmbK7Y/vKxxJeW/bz/svIGle19Upo+1K2jFJcUQSfDD/V5JJcZfxpKjLSs3TIT5P\ndkWuDWAsohxekXTKYbupT6qZ3jtDTGC6zST29+Xm3NQJMcf05dWcgfj0hrjHCDnI\nZI71+0Czn+Qf6rTPBcNUnFkAjs4gjZJV7PB7Md7VAoGAZ/CBJI5NGWkGZjkLM4fq\nq8U2hFM9Y5IHsn9Y8vvst3+mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q+AWlui\nUxB+b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7/PeUpB63LmMjtyLdM\nlGAIorVbtD1xAn2WaYuEb5Q\u003d\n-----END PRIVATE KEY-----\n  \n"
  },
  "resource": {
    "resourceUrl": "https://mtls.fapi.panva.cz/accounts",
    "institution_id": "xxxxx"
  },
  "browser": [
    {
      "match": "https://fapi.panva.cz/auth*",
      "tasks": [
        {
          "task": "Login",
          "optional": true,
          "match": "https://fapi.panva.cz/interaction*",
          "commands": [
            [
              "text",
              "name",
              "login",
              "foo",
              "optional"
            ],
            [
              "text",
              "name",
              "password",
              "bar",
              "optional"
            ],
            [
              "click",
              "class",
              "login-submit"
            ]
          ]
        },
        {
          "task": "Consent",
          "optional": true,
          "match": "https://fapi.panva.cz/interaction*",
          "commands": [
            [
              "click",
              "class",
              "login-submit"
            ]
          ]
        },
        {
          "task": "Verify Complete",
          "match": "https://*/test/a/*/callback*",
          "commands": [
            [
              "wait",
              "id",
              "submission_complete",
              10
            ]
          ]
        }
      ]
    }
  ]
}
testName
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
2021-07-01 15:55:19 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback
2021-07-01 15:55:19
GetDynamicServerConfiguration
HTTP request
request_uri
https://fapi.panva.cz/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-07-01 15:55:20 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "1786",
  "content-security-policy": "default-src \u0027self\u0027;base-uri \u0027self\u0027;block-all-mixed-content;font-src \u0027self\u0027 https: data:;frame-ancestors \u0027self\u0027;img-src \u0027self\u0027 data:;object-src \u0027none\u0027;script-src \u0027self\u0027;script-src-attr \u0027none\u0027;style-src \u0027self\u0027 https: \u0027unsafe-inline\u0027;upgrade-insecure-requests",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Thu, 01 Jul 2021 15:55:20 GMT",
  "expect-ct": "max-age\u003d0",
  "referrer-policy": "no-referrer",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-permitted-cross-domain-policies": "none",
  "x-xss-protection": "0"
}
response_body
{"acr_values_supported":["urn:mace:incommon:iap:silver"],"authorization_endpoint":"https://fapi.panva.cz/auth","claims_parameter_supported":false,"claims_supported":["sub","acr","sid","auth_time","iss"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://fapi.panva.cz/session/end","grant_types_supported":["implicit","authorization_code","refresh_token","urn:openid:params:grant-type:ciba"],"id_token_signing_alg_values_supported":["PS256"],"issuer":"https://fapi.panva.cz","jwks_uri":"https://fapi.panva.cz/jwks","registration_endpoint":"https://fapi.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token","code"],"scopes_supported":["openid","offline_access"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":["private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["PS256"],"token_endpoint":"https://mtls.fapi.panva.cz/token","pushed_authorization_request_endpoint":"https://mtls.fapi.panva.cz/request","request_object_signing_alg_values_supported":["PS256"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"require_signed_request_object":true,"userinfo_endpoint":"https://mtls.fapi.panva.cz/accounts","authorization_signing_alg_values_supported":["PS256"],"tls_client_certificate_bound_access_tokens":true,"backchannel_authentication_endpoint":"https://mtls.fapi.panva.cz/backchannel","backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_user_code_parameter_supported":true,"backchannel_authentication_request_signing_alg_values_supported":["PS256"],"claim_types_supported":["normal"]}
2021-07-01 15:55:20
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"acr_values_supported":["urn:mace:incommon:iap:silver"],"authorization_endpoint":"https://fapi.panva.cz/auth","claims_parameter_supported":false,"claims_supported":["sub","acr","sid","auth_time","iss"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://fapi.panva.cz/session/end","grant_types_supported":["implicit","authorization_code","refresh_token","urn:openid:params:grant-type:ciba"],"id_token_signing_alg_values_supported":["PS256"],"issuer":"https://fapi.panva.cz","jwks_uri":"https://fapi.panva.cz/jwks","registration_endpoint":"https://fapi.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token","code"],"scopes_supported":["openid","offline_access"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":["private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["PS256"],"token_endpoint":"https://mtls.fapi.panva.cz/token","pushed_authorization_request_endpoint":"https://mtls.fapi.panva.cz/request","request_object_signing_alg_values_supported":["PS256"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"require_signed_request_object":true,"userinfo_endpoint":"https://mtls.fapi.panva.cz/accounts","authorization_signing_alg_values_supported":["PS256"],"tls_client_certificate_bound_access_tokens":true,"backchannel_authentication_endpoint":"https://mtls.fapi.panva.cz/backchannel","backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_user_code_parameter_supported":true,"backchannel_authentication_request_signing_alg_values_supported":["PS256"],"claim_types_supported":["normal"]}
2021-07-01 15:55:20 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
acr_values_supported
[
  "urn:mace:incommon:iap:silver"
]
authorization_endpoint
https://fapi.panva.cz/auth
claims_parameter_supported
false
claims_supported
[
  "sub",
  "acr",
  "sid",
  "auth_time",
  "iss"
]
code_challenge_methods_supported
[
  "S256"
]
end_session_endpoint
https://fapi.panva.cz/session/end
grant_types_supported
[
  "implicit",
  "authorization_code",
  "refresh_token",
  "urn:openid:params:grant-type:ciba"
]
id_token_signing_alg_values_supported
[
  "PS256"
]
issuer
https://fapi.panva.cz
jwks_uri
https://fapi.panva.cz/jwks
registration_endpoint
https://fapi.panva.cz/reg
response_modes_supported
[
  "form_post",
  "fragment",
  "query",
  "jwt",
  "query.jwt",
  "fragment.jwt",
  "form_post.jwt"
]
response_types_supported
[
  "code id_token",
  "code"
]
scopes_supported
[
  "openid",
  "offline_access"
]
subject_types_supported
[
  "public"
]
token_endpoint_auth_methods_supported
[
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "PS256"
]
token_endpoint
https://mtls.fapi.panva.cz/token
pushed_authorization_request_endpoint
https://mtls.fapi.panva.cz/request
request_object_signing_alg_values_supported
[
  "PS256"
]
request_parameter_supported
true
request_uri_parameter_supported
true
require_request_uri_registration
true
require_signed_request_object
true
userinfo_endpoint
https://mtls.fapi.panva.cz/accounts
authorization_signing_alg_values_supported
[
  "PS256"
]
tls_client_certificate_bound_access_tokens
true
backchannel_authentication_endpoint
https://mtls.fapi.panva.cz/backchannel
backchannel_token_delivery_modes_supported
[
  "poll",
  "ping"
]
backchannel_user_code_parameter_supported
true
backchannel_authentication_request_signing_alg_values_supported
[
  "PS256"
]
claim_types_supported
[
  "normal"
]
2021-07-01 15:55:20
AddMTLSEndpointAliasesToEnvironment
mtls_endpoint_aliases is not present in the server configuration
2021-07-01 15:55:20 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-07-01 15:55:20
FetchServerKeys
Fetching server key
jwks_uri
https://fapi.panva.cz/jwks
2021-07-01 15:55:20
FetchServerKeys
HTTP request
request_uri
https://fapi.panva.cz/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-07-01 15:55:20 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "462",
  "content-security-policy": "default-src \u0027self\u0027;base-uri \u0027self\u0027;block-all-mixed-content;font-src \u0027self\u0027 https: data:;frame-ancestors \u0027self\u0027;img-src \u0027self\u0027 data:;object-src \u0027none\u0027;script-src \u0027self\u0027;script-src-attr \u0027none\u0027;style-src \u0027self\u0027 https: \u0027unsafe-inline\u0027;upgrade-insecure-requests",
  "content-type": "application/jwk-set+json; charset\u003dutf-8",
  "date": "Thu, 01 Jul 2021 15:55:20 GMT",
  "expect-ct": "max-age\u003d0",
  "referrer-policy": "no-referrer",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-permitted-cross-domain-policies": "none",
  "x-xss-protection": "0"
}
response_body
{"keys":[{"kty":"RSA","use":"sig","kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","alg":"PS256","e":"AQAB","n":"sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"}]}
2021-07-01 15:55:20
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","use":"sig","kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","alg":"PS256","e":"AQAB","n":"sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"}]}
2021-07-01 15:55:20 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-07-01 15:55:20 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-07-01 15:55:20 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-07-01 15:55:20 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-07-01 15:55:20 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-07-01 15:55:20 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-07-01 15:55:20 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
mtls-one
client_name
mtls-one
scope
openid offline_access
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "xBJ1vPOR6ftkO5figrSjzsHzyFTiyrIYMoFiAFwvM-UypwNTfamwdgb6Q6VlCnV62Lgc1nDR_zx8Kyb1-NgBxnlwmSQ0l87kR_d-P34zEB0xSarqD-K84lJUSX0_qcCXLr4MYBiyOcYMzag-4GWaf_S1ZuTnV1NaaEL4lHpfocFeXok9a9XznuSzol5C8Kd5AS5ahq7UTxSCGvttKpL5xYeWXJ0Zjpptr3AJyOzmjXNq0ix1W75BbmPJjBMfK7bYatHUMsstVHLnYt3CwiNsfD8dKkBVKlh-C4DWo-1WY5VNTTxPC47Ejy2rGbDLJ9MLdtn6Pr-WyW2mdzd0EKjNFQ",
      "d": "quAXoet3373KFbGBoz2AgOFA7vcji1j4g5OEcCHmtUhrA2h_q8Vl1wavtqJ-00WdISAbabt7GACDiivzM8I0kd8mBSCrgR26jwmfCgCWydVXLgd44w1MZcUwVbeE8xC38PGJ4XnEYVs7r0OQQInrwtXl_d1BzDYFVVYAQ43-p_1SGASfHv052IJjPKgePFoeheT1xVNS1fCZTSWmFEVPXhbY_LQpnm8DwkR5-hmX-oSjjaJHQoHh4OP8uJ25YAwoMs3-7QOardbEu_DsseeWoQ1MRjnovDWxsxCWa-XTMIPrwF4zP4y-WbtVFILFH7e5fo2WLd5vYSxjOJkiW3TSJQ",
      "p": "4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT-O64yHJzc17e9lt-p89GasTtkgeEH_lr-XxScVBYndi_8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI_KPGfoZC1etR102-dS1ZufxzwSo64drw-HPuwaIkXvmpK4MBI9jEYoOHh9KR8",
      "q": "3oRU_iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI-wTL7-ikx040lL9IRRtgub47-9IvxxaGaIRzsFwa-15D7TCE7K8BydH0s",
      "dp": "ivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX_RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm-wTEILcaqT6uLf7HK8",
      "dq": "TpZaFi6YTiNKuOeKCHrUzTKDTvc2hU4W92VsNHDgi25V_Od8ZdaHPa6Xngs4CZ56TseRrOVxjQBDDKagwLq-GgNWaJ-irGQvDISFj2Y8zWAcnntMLLzKvTAvYdTC64r1gnRBD5RmCDetqu-RdhfQRaf4zoEqMmRlz-dUER1p-KU",
      "qi": "ITLsaxLewCPcaJOYKRW9HeApKVIqYlQuYj7wShPq3NiEy_KqgIc-2WXYMfMF6oDoiXYMrP6AVsqWfb4us9StvauAr17yp1kf1ffpazy71gD9VqwZBFQUgBwVw1agEFfv2cFD_z3Os-5to3ZGH0Eq5QQYsoDMN_UkjOx5SvyN2_A",
      "kty": "RSA",
      "kid": "rxZogVFbs1tz36D4tmlW0yEHUTfD_mxyF3RSWBe5eHI",
      "alg": "PS256",
      "use": "sig",
      "x5c": [
        "MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc\u003d"
      ],
      "x5t#S256": "E-TFTHXRZVsBSvZ5p5mc7ZZMle2Urpv9yr9PdGcOqXQ"
    }
  ]
}
hint_type
login_hint
hint_value
panva
2021-07-01 15:55:20
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2021-07-01 15:55:20 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2021-07-01 15:55:20
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2021-07-01 15:55:20 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc=
key
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAECggEBAKrgF6Hrd9+9yhWxgaM9gIDhQO73I4tY+IOThHAh5rVIawNof6vFZdcGr7aiftNFnSEgG2m7exgAg4or8zPCNJHfJgUgq4Eduo8JnwoAlsnVVy4HeOMNTGXFMFW3hPMQt/DxieF5xGFbO69DkECJ68LV5f3dQcw2BVVWAEON/qf9UhgEnx79OdiCYzyoHjxaHoXk9cVTUtXwmU0lphRFT14W2Py0KZ5vA8JEefoZl/qEo42iR0KB4eDj/LiduWAMKDLN/u0Dmq3WxLvw7LHnlqENTEY56Lw1sbMQlmvl0zCD68BeMz+Mvlm7VRSCxR+3uX6Nli3eb2EsYziZIlt00iUCgYEA4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT+O64yHJzc17e9lt+p89GasTtkgeEH/lr+XxScVBYndi/8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI/KPGfoZC1etR102+dS1ZufxzwSo64drw+HPuwaIkXvmpK4MBI9jEYoOHh9KR8CgYEA3oRU/iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI+wTL7+ikx040lL9IRRtgub47+9IvxxaGaIRzsFwa+15D7TCE7K8BydH0sCgYEAivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX/RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm+wTEILcaqT6uLf7HK8CgYBOlloWLphOI0q454oIetTNMoNO9zaFThb3ZWw0cOCLblX853xl1oc9rpeeCzgJnnpOx5Gs5XGNAEMMpqDAur4aA1Zon6KsZC8MhIWPZjzNYByee0wsvMq9MC9h1MLrivWCdEEPlGYIN62q75F2F9BFp/jOgSoyZGXP51QRHWn4pQKBgCEy7GsS3sAj3GiTmCkVvR3gKSlSKmJULmI+8EoT6tzYhMvyqoCHPtll2DHzBeqA6Il2DKz+gFbKln2+LrPUrb2rgK9e8qdZH9X36Ws8u9YA/VasGQRUFIAcFcNWoBBX79nBQ/89zrPubaN2Rh9BKuUEGLKAzDf1JIzseUr8jdvw
2021-07-01 15:55:20 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-07-01 15:55:20 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "xBJ1vPOR6ftkO5figrSjzsHzyFTiyrIYMoFiAFwvM-UypwNTfamwdgb6Q6VlCnV62Lgc1nDR_zx8Kyb1-NgBxnlwmSQ0l87kR_d-P34zEB0xSarqD-K84lJUSX0_qcCXLr4MYBiyOcYMzag-4GWaf_S1ZuTnV1NaaEL4lHpfocFeXok9a9XznuSzol5C8Kd5AS5ahq7UTxSCGvttKpL5xYeWXJ0Zjpptr3AJyOzmjXNq0ix1W75BbmPJjBMfK7bYatHUMsstVHLnYt3CwiNsfD8dKkBVKlh-C4DWo-1WY5VNTTxPC47Ejy2rGbDLJ9MLdtn6Pr-WyW2mdzd0EKjNFQ",
      "d": "quAXoet3373KFbGBoz2AgOFA7vcji1j4g5OEcCHmtUhrA2h_q8Vl1wavtqJ-00WdISAbabt7GACDiivzM8I0kd8mBSCrgR26jwmfCgCWydVXLgd44w1MZcUwVbeE8xC38PGJ4XnEYVs7r0OQQInrwtXl_d1BzDYFVVYAQ43-p_1SGASfHv052IJjPKgePFoeheT1xVNS1fCZTSWmFEVPXhbY_LQpnm8DwkR5-hmX-oSjjaJHQoHh4OP8uJ25YAwoMs3-7QOardbEu_DsseeWoQ1MRjnovDWxsxCWa-XTMIPrwF4zP4y-WbtVFILFH7e5fo2WLd5vYSxjOJkiW3TSJQ",
      "p": "4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT-O64yHJzc17e9lt-p89GasTtkgeEH_lr-XxScVBYndi_8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI_KPGfoZC1etR102-dS1ZufxzwSo64drw-HPuwaIkXvmpK4MBI9jEYoOHh9KR8",
      "q": "3oRU_iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI-wTL7-ikx040lL9IRRtgub47-9IvxxaGaIRzsFwa-15D7TCE7K8BydH0s",
      "dp": "ivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX_RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm-wTEILcaqT6uLf7HK8",
      "dq": "TpZaFi6YTiNKuOeKCHrUzTKDTvc2hU4W92VsNHDgi25V_Od8ZdaHPa6Xngs4CZ56TseRrOVxjQBDDKagwLq-GgNWaJ-irGQvDISFj2Y8zWAcnntMLLzKvTAvYdTC64r1gnRBD5RmCDetqu-RdhfQRaf4zoEqMmRlz-dUER1p-KU",
      "qi": "ITLsaxLewCPcaJOYKRW9HeApKVIqYlQuYj7wShPq3NiEy_KqgIc-2WXYMfMF6oDoiXYMrP6AVsqWfb4us9StvauAr17yp1kf1ffpazy71gD9VqwZBFQUgBwVw1agEFfv2cFD_z3Os-5to3ZGH0Eq5QQYsoDMN_UkjOx5SvyN2_A",
      "kty": "RSA",
      "kid": "rxZogVFbs1tz36D4tmlW0yEHUTfD_mxyF3RSWBe5eHI",
      "alg": "PS256",
      "use": "sig",
      "x5c": [
        "MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc\u003d"
      ],
      "x5t#S256": "E-TFTHXRZVsBSvZ5p5mc7ZZMle2Urpv9yr9PdGcOqXQ"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "E-TFTHXRZVsBSvZ5p5mc7ZZMle2Urpv9yr9PdGcOqXQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "rxZogVFbs1tz36D4tmlW0yEHUTfD_mxyF3RSWBe5eHI",
      "x5c": [
        "MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc\u003d"
      ],
      "alg": "PS256",
      "n": "xBJ1vPOR6ftkO5figrSjzsHzyFTiyrIYMoFiAFwvM-UypwNTfamwdgb6Q6VlCnV62Lgc1nDR_zx8Kyb1-NgBxnlwmSQ0l87kR_d-P34zEB0xSarqD-K84lJUSX0_qcCXLr4MYBiyOcYMzag-4GWaf_S1ZuTnV1NaaEL4lHpfocFeXok9a9XznuSzol5C8Kd5AS5ahq7UTxSCGvttKpL5xYeWXJ0Zjpptr3AJyOzmjXNq0ix1W75BbmPJjBMfK7bYatHUMsstVHLnYt3CwiNsfD8dKkBVKlh-C4DWo-1WY5VNTTxPC47Ejy2rGbDLJ9MLdtn6Pr-WyW2mdzd0EKjNFQ"
    }
  ]
}
2021-07-01 15:55:20 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-07-01 15:55:20 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-07-01 15:55:20 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "ES256",
  "PS256"
]
2021-07-01 15:55:20 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "xBJ1vPOR6ftkO5figrSjzsHzyFTiyrIYMoFiAFwvM-UypwNTfamwdgb6Q6VlCnV62Lgc1nDR_zx8Kyb1-NgBxnlwmSQ0l87kR_d-P34zEB0xSarqD-K84lJUSX0_qcCXLr4MYBiyOcYMzag-4GWaf_S1ZuTnV1NaaEL4lHpfocFeXok9a9XznuSzol5C8Kd5AS5ahq7UTxSCGvttKpL5xYeWXJ0Zjpptr3AJyOzmjXNq0ix1W75BbmPJjBMfK7bYatHUMsstVHLnYt3CwiNsfD8dKkBVKlh-C4DWo-1WY5VNTTxPC47Ejy2rGbDLJ9MLdtn6Pr-WyW2mdzd0EKjNFQ",
      "d": "quAXoet3373KFbGBoz2AgOFA7vcji1j4g5OEcCHmtUhrA2h_q8Vl1wavtqJ-00WdISAbabt7GACDiivzM8I0kd8mBSCrgR26jwmfCgCWydVXLgd44w1MZcUwVbeE8xC38PGJ4XnEYVs7r0OQQInrwtXl_d1BzDYFVVYAQ43-p_1SGASfHv052IJjPKgePFoeheT1xVNS1fCZTSWmFEVPXhbY_LQpnm8DwkR5-hmX-oSjjaJHQoHh4OP8uJ25YAwoMs3-7QOardbEu_DsseeWoQ1MRjnovDWxsxCWa-XTMIPrwF4zP4y-WbtVFILFH7e5fo2WLd5vYSxjOJkiW3TSJQ",
      "p": "4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT-O64yHJzc17e9lt-p89GasTtkgeEH_lr-XxScVBYndi_8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI_KPGfoZC1etR102-dS1ZufxzwSo64drw-HPuwaIkXvmpK4MBI9jEYoOHh9KR8",
      "q": "3oRU_iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI-wTL7-ikx040lL9IRRtgub47-9IvxxaGaIRzsFwa-15D7TCE7K8BydH0s",
      "dp": "ivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX_RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm-wTEILcaqT6uLf7HK8",
      "dq": "TpZaFi6YTiNKuOeKCHrUzTKDTvc2hU4W92VsNHDgi25V_Od8ZdaHPa6Xngs4CZ56TseRrOVxjQBDDKagwLq-GgNWaJ-irGQvDISFj2Y8zWAcnntMLLzKvTAvYdTC64r1gnRBD5RmCDetqu-RdhfQRaf4zoEqMmRlz-dUER1p-KU",
      "qi": "ITLsaxLewCPcaJOYKRW9HeApKVIqYlQuYj7wShPq3NiEy_KqgIc-2WXYMfMF6oDoiXYMrP6AVsqWfb4us9StvauAr17yp1kf1ffpazy71gD9VqwZBFQUgBwVw1agEFfv2cFD_z3Os-5to3ZGH0Eq5QQYsoDMN_UkjOx5SvyN2_A",
      "kty": "RSA",
      "kid": "rxZogVFbs1tz36D4tmlW0yEHUTfD_mxyF3RSWBe5eHI",
      "alg": "PS256",
      "use": "sig",
      "x5c": [
        "MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc\u003d"
      ],
      "x5t#S256": "E-TFTHXRZVsBSvZ5p5mc7ZZMle2Urpv9yr9PdGcOqXQ"
    }
  ]
}
2021-07-01 15:55:20 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
Verify configuration of second client
2021-07-01 15:55:20 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
mtls-two
client_name
mtls-two
scope
openid offline_access
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "4alQGjLL5whE8w7SsHysWQtY8CDoSMlKfMaftqDfqScLaj9FKZC5U1ezA_eB2Ui9593_YbBumqaUUBhgCdk4TsNTfc5QK-0pPWB-hrbt22Eg70usGio1aMRq65i38rqBG79zw6jFrjoxNzE_xtZ8FAYCBCmAK_IYs2PHVBNGdqlryhWSY-nrYwlxKaY17sJUrrB1sP7Y_3jzDMTACTDz4cyXoegC-4lCgYrCcrD7mlq0vZ7XT8b_T0uNLL-nGU-MKMZhOraUwpAMWm16gNuUoCTsijo574PgTzZa7nC6h8NxK1q8WEy_fXB6oXsTuiuBWrKVt_tZLlnd32OApvs5Ew",
      "d": "SlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F_T6qKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK-yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2CTrAbUUcD7q18FnxoYuCB9HTcmd82tgve-DIVstYlaqcL9PkCifcloblFB_GNbToEdiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv-kR5u3AWGGGtlhZ3dvU7-i0P7n4dKseQyyd9v_QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul_RYnlFGuiKUXSV_r_t_dEppsKM4moJ8n6qzsoZf6czR5NwQ",
      "p": "_supybPbDRLiAWtiYxGSGIVV41UTvV5LrKjd2qCslOPF_iYOP1wyTFOjUWjBHWqaaPCYMpK4NIdnDUuCQ5K8Nz8FaIWkdUksDXJYO3FZR-dBzulkyKwNZQE-1VwT7MYlIih695zaYdtnIRw0cN6oYW5bheDYdE13SzcLK3XGMqE",
      "q": "4rpkthJwjk-brxKVuDIxUVXiwbArdbQLn1UXBdl54Mn4C5ntMy50BofGaqxx6WZoGUATNwD5w7Sf1KsxCMIObLr6xNVNpUnI766VaV69WYiFdB3N8BBi3L4Jmb1hLXIyX2WITTHY2w5UKOYwD6pKCa5FldqArm5slJCpmtffQzM",
      "dp": "ApnXoNx6JvcDYZpUBcjfIeryhoCO1AcLZLbQlPPA70An_EEtMg5h4Q-VgjY8im1VKC8Ujqeaw8aCEcush74Ot82n43pBxIS7s2NwbSLqE2bT8CXHxpijBl3t40WuWmNna6LYJoDuZcNUmSztiB1twJjczFAQRZeo2Ra1wXrRTCE",
      "dq": "jpFaZsrtj-8rHEl5b9vP-y8gaV7X1Smj7UraMUlxRBJ8MP9Xkklxl_GkqMtKzdMhPk92Ra4NYCyiHF6RdMphu6lPqpneO0NMYLrNJPb35ebc1Akxx_Tl1ZyB-PSGuMcIOchkjvX7QLOf5B_qtM8Fw1ScWQCOziCNklXs8Hsx3tU",
      "qi": "Z_CBJI5NGWkGZjkLM4fqq8U2hFM9Y5IHsn9Y8vvst3-mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q-AWluiUxB-b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7_PeUpB63LmMjtyLdMlGAIorVbtD1xAn2WaYuEb5Q",
      "kty": "RSA",
      "kid": "LJuZnTrnhtSbpcjnu4pq3Xvrmzy6sI_fUOd7L7Bh9to",
      "alg": "PS256",
      "use": "sig",
      "x5c": [
        "MIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4MTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyWS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XBKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbTLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0aDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgnAWzRJlZD89KZAQgjj4Z215QeLxA\u003d"
      ],
      "x5t#S256": "B_QzvtQ9biL043xj_ADE7e9MUdWwbdAr3W3W7JHbK9c"
    }
  ]
}
acr_value
urn:mace:incommon:iap:silver
2021-07-01 15:55:20
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
2021-07-01 15:55:20 SUCCESS
ValidateMTLSCertificates2Header
MTLS certificates header is valid
2021-07-01 15:55:20
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
2021-07-01 15:55:20 SUCCESS
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4MTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyWS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XBKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbTLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0aDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgnAWzRJlZD89KZAQgjj4Z215QeLxA=
key
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAECggEASlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F/T6qKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK+yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2CTrAbUUcD7q18FnxoYuCB9HTcmd82tgve+DIVstYlaqcL9PkCifcloblFB/GNbToEdiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv+kR5u3AWGGGtlhZ3dvU7+i0P7n4dKseQyyd9v/QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul/RYnlFGuiKUXSV/r/t/dEppsKM4moJ8n6qzsoZf6czR5NwQKBgQD+y6nJs9sNEuIBa2JjEZIYhVXjVRO9XkusqN3aoKyU48X+Jg4/XDJMU6NRaMEdappo8Jgykrg0h2cNS4JDkrw3PwVohaR1SSwNclg7cVlH50HO6WTIrA1lAT7VXBPsxiUiKHr3nNph22chHDRw3qhhbluF4Nh0TXdLNwsrdcYyoQKBgQDiumS2EnCOT5uvEpW4MjFRVeLBsCt1tAufVRcF2XngyfgLme0zLnQGh8ZqrHHpZmgZQBM3APnDtJ/UqzEIwg5suvrE1U2lScjvrpVpXr1ZiIV0Hc3wEGLcvgmZvWEtcjJfZYhNMdjbDlQo5jAPqkoJrkWV2oCubmyUkKma199DMwKBgAKZ16Dceib3A2GaVAXI3yHq8oaAjtQHC2S20JTzwO9AJ/xBLTIOYeEPlYI2PIptVSgvFI6nmsPGghHLrIe+DrfNp+N6QcSEu7NjcG0i6hNm0/Alx8aYowZd7eNFrlpjZ2ui2CaA7mXDVJks7YgdbcCY3MxQEEWXqNkWtcF60UwhAoGBAI6RWmbK7Y/vKxxJeW/bz/svIGle19Upo+1K2jFJcUQSfDD/V5JJcZfxpKjLSs3TIT5PdkWuDWAsohxekXTKYbupT6qZ3jtDTGC6zST29+Xm3NQJMcf05dWcgfj0hrjHCDnIZI71+0Czn+Qf6rTPBcNUnFkAjs4gjZJV7PB7Md7VAoGAZ/CBJI5NGWkGZjkLM4fqq8U2hFM9Y5IHsn9Y8vvst3+mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q+AWluiUxB+b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7/PeUpB63LmMjtyLdMlGAIorVbtD1xAn2WaYuEb5Q=
2021-07-01 15:55:20 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-07-01 15:55:20 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "4alQGjLL5whE8w7SsHysWQtY8CDoSMlKfMaftqDfqScLaj9FKZC5U1ezA_eB2Ui9593_YbBumqaUUBhgCdk4TsNTfc5QK-0pPWB-hrbt22Eg70usGio1aMRq65i38rqBG79zw6jFrjoxNzE_xtZ8FAYCBCmAK_IYs2PHVBNGdqlryhWSY-nrYwlxKaY17sJUrrB1sP7Y_3jzDMTACTDz4cyXoegC-4lCgYrCcrD7mlq0vZ7XT8b_T0uNLL-nGU-MKMZhOraUwpAMWm16gNuUoCTsijo574PgTzZa7nC6h8NxK1q8WEy_fXB6oXsTuiuBWrKVt_tZLlnd32OApvs5Ew",
      "d": "SlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F_T6qKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK-yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2CTrAbUUcD7q18FnxoYuCB9HTcmd82tgve-DIVstYlaqcL9PkCifcloblFB_GNbToEdiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv-kR5u3AWGGGtlhZ3dvU7-i0P7n4dKseQyyd9v_QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul_RYnlFGuiKUXSV_r_t_dEppsKM4moJ8n6qzsoZf6czR5NwQ",
      "p": "_supybPbDRLiAWtiYxGSGIVV41UTvV5LrKjd2qCslOPF_iYOP1wyTFOjUWjBHWqaaPCYMpK4NIdnDUuCQ5K8Nz8FaIWkdUksDXJYO3FZR-dBzulkyKwNZQE-1VwT7MYlIih695zaYdtnIRw0cN6oYW5bheDYdE13SzcLK3XGMqE",
      "q": "4rpkthJwjk-brxKVuDIxUVXiwbArdbQLn1UXBdl54Mn4C5ntMy50BofGaqxx6WZoGUATNwD5w7Sf1KsxCMIObLr6xNVNpUnI766VaV69WYiFdB3N8BBi3L4Jmb1hLXIyX2WITTHY2w5UKOYwD6pKCa5FldqArm5slJCpmtffQzM",
      "dp": "ApnXoNx6JvcDYZpUBcjfIeryhoCO1AcLZLbQlPPA70An_EEtMg5h4Q-VgjY8im1VKC8Ujqeaw8aCEcush74Ot82n43pBxIS7s2NwbSLqE2bT8CXHxpijBl3t40WuWmNna6LYJoDuZcNUmSztiB1twJjczFAQRZeo2Ra1wXrRTCE",
      "dq": "jpFaZsrtj-8rHEl5b9vP-y8gaV7X1Smj7UraMUlxRBJ8MP9Xkklxl_GkqMtKzdMhPk92Ra4NYCyiHF6RdMphu6lPqpneO0NMYLrNJPb35ebc1Akxx_Tl1ZyB-PSGuMcIOchkjvX7QLOf5B_qtM8Fw1ScWQCOziCNklXs8Hsx3tU",
      "qi": "Z_CBJI5NGWkGZjkLM4fqq8U2hFM9Y5IHsn9Y8vvst3-mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q-AWluiUxB-b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7_PeUpB63LmMjtyLdMlGAIorVbtD1xAn2WaYuEb5Q",
      "kty": "RSA",
      "kid": "LJuZnTrnhtSbpcjnu4pq3Xvrmzy6sI_fUOd7L7Bh9to",
      "alg": "PS256",
      "use": "sig",
      "x5c": [
        "MIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4MTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyWS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XBKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbTLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0aDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgnAWzRJlZD89KZAQgjj4Z215QeLxA\u003d"
      ],
      "x5t#S256": "B_QzvtQ9biL043xj_ADE7e9MUdWwbdAr3W3W7JHbK9c"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "B_QzvtQ9biL043xj_ADE7e9MUdWwbdAr3W3W7JHbK9c",
      "e": "AQAB",
      "use": "sig",
      "kid": "LJuZnTrnhtSbpcjnu4pq3Xvrmzy6sI_fUOd7L7Bh9to",
      "x5c": [
        "MIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4MTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyWS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XBKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbTLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0aDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgnAWzRJlZD89KZAQgjj4Z215QeLxA\u003d"
      ],
      "alg": "PS256",
      "n": "4alQGjLL5whE8w7SsHysWQtY8CDoSMlKfMaftqDfqScLaj9FKZC5U1ezA_eB2Ui9593_YbBumqaUUBhgCdk4TsNTfc5QK-0pPWB-hrbt22Eg70usGio1aMRq65i38rqBG79zw6jFrjoxNzE_xtZ8FAYCBCmAK_IYs2PHVBNGdqlryhWSY-nrYwlxKaY17sJUrrB1sP7Y_3jzDMTACTDz4cyXoegC-4lCgYrCcrD7mlq0vZ7XT8b_T0uNLL-nGU-MKMZhOraUwpAMWm16gNuUoCTsijo574PgTzZa7nC6h8NxK1q8WEy_fXB6oXsTuiuBWrKVt_tZLlnd32OApvs5Ew"
    }
  ]
}
2021-07-01 15:55:20 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-07-01 15:55:20 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-07-01 15:55:20 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "ES256",
  "PS256"
]
2021-07-01 15:55:20 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "4alQGjLL5whE8w7SsHysWQtY8CDoSMlKfMaftqDfqScLaj9FKZC5U1ezA_eB2Ui9593_YbBumqaUUBhgCdk4TsNTfc5QK-0pPWB-hrbt22Eg70usGio1aMRq65i38rqBG79zw6jFrjoxNzE_xtZ8FAYCBCmAK_IYs2PHVBNGdqlryhWSY-nrYwlxKaY17sJUrrB1sP7Y_3jzDMTACTDz4cyXoegC-4lCgYrCcrD7mlq0vZ7XT8b_T0uNLL-nGU-MKMZhOraUwpAMWm16gNuUoCTsijo574PgTzZa7nC6h8NxK1q8WEy_fXB6oXsTuiuBWrKVt_tZLlnd32OApvs5Ew",
      "d": "SlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F_T6qKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK-yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2CTrAbUUcD7q18FnxoYuCB9HTcmd82tgve-DIVstYlaqcL9PkCifcloblFB_GNbToEdiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv-kR5u3AWGGGtlhZ3dvU7-i0P7n4dKseQyyd9v_QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul_RYnlFGuiKUXSV_r_t_dEppsKM4moJ8n6qzsoZf6czR5NwQ",
      "p": "_supybPbDRLiAWtiYxGSGIVV41UTvV5LrKjd2qCslOPF_iYOP1wyTFOjUWjBHWqaaPCYMpK4NIdnDUuCQ5K8Nz8FaIWkdUksDXJYO3FZR-dBzulkyKwNZQE-1VwT7MYlIih695zaYdtnIRw0cN6oYW5bheDYdE13SzcLK3XGMqE",
      "q": "4rpkthJwjk-brxKVuDIxUVXiwbArdbQLn1UXBdl54Mn4C5ntMy50BofGaqxx6WZoGUATNwD5w7Sf1KsxCMIObLr6xNVNpUnI766VaV69WYiFdB3N8BBi3L4Jmb1hLXIyX2WITTHY2w5UKOYwD6pKCa5FldqArm5slJCpmtffQzM",
      "dp": "ApnXoNx6JvcDYZpUBcjfIeryhoCO1AcLZLbQlPPA70An_EEtMg5h4Q-VgjY8im1VKC8Ujqeaw8aCEcush74Ot82n43pBxIS7s2NwbSLqE2bT8CXHxpijBl3t40WuWmNna6LYJoDuZcNUmSztiB1twJjczFAQRZeo2Ra1wXrRTCE",
      "dq": "jpFaZsrtj-8rHEl5b9vP-y8gaV7X1Smj7UraMUlxRBJ8MP9Xkklxl_GkqMtKzdMhPk92Ra4NYCyiHF6RdMphu6lPqpneO0NMYLrNJPb35ebc1Akxx_Tl1ZyB-PSGuMcIOchkjvX7QLOf5B_qtM8Fw1ScWQCOziCNklXs8Hsx3tU",
      "qi": "Z_CBJI5NGWkGZjkLM4fqq8U2hFM9Y5IHsn9Y8vvst3-mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q-AWluiUxB-b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7_PeUpB63LmMjtyLdMlGAIorVbtD1xAn2WaYuEb5Q",
      "kty": "RSA",
      "kid": "LJuZnTrnhtSbpcjnu4pq3Xvrmzy6sI_fUOd7L7Bh9to",
      "alg": "PS256",
      "use": "sig",
      "x5c": [
        "MIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4MTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyWS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XBKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbTLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0aDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgnAWzRJlZD89KZAQgjj4Z215QeLxA\u003d"
      ],
      "x5t#S256": "B_QzvtQ9biL043xj_ADE7e9MUdWwbdAr3W3W7JHbK9c"
    }
  ]
}
2021-07-01 15:55:20 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2021-07-01 15:55:20 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://mtls.fapi.panva.cz/accounts
institution_id
xxxxx
2021-07-01 15:55:20 SUCCESS
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
protected_resource_url
https://mtls.fapi.panva.cz/accounts
2021-07-01 15:55:20 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
2021-07-01 15:55:20 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
accounts_request_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
2021-07-01 15:55:20
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
Setup Done
Make request to authorization endpoint
2021-07-01 15:55:20 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
mtls-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback
scope
openid offline_access
2021-07-01 15:55:20 SUCCESS
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
authorization_endpoint_request
{
  "client_id": "mtls-one",
  "redirect_uri": "https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback",
  "scope": "openid offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}
2021-07-01 15:55:20
CreateRandomStateValue
Created state value
requested_state_length
10
state
wMRdQ4Du18
2021-07-01 15:55:20 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
mtls-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
wMRdQ4Du18
2021-07-01 15:55:20
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
s6NFq5Ijq8
2021-07-01 15:55:20 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
mtls-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
wMRdQ4Du18
nonce
s6NFq5Ijq8
2021-07-01 15:55:20 SUCCESS
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
client_id
mtls-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
wMRdQ4Du18
nonce
s6NFq5Ijq8
response_type
code
2021-07-01 15:55:20 SUCCESS
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
client_id
mtls-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
wMRdQ4Du18
nonce
s6NFq5Ijq8
response_type
code
response_mode
jwt
2021-07-01 15:55:20
CreateRandomCodeVerifier
Created code_verifier value
code_verifier
~3KJqxj.hUeFBNbNu_n4vzOtTPJUJTre5.6RqxsvEsc6W5y2pRKWrU~2oFDx0KSP0S6CBwZvSBoXyCERfM2l5QJSZ1sn5GMB38Ha_8q2HOelIHuA7yCKPyfzbzteEu5-
2021-07-01 15:55:20
CreateS256CodeChallenge
Created code_challenge value
code_challenge
zIPXNdwX5qrsTob_XP8QK89HvUa1lQqTZj4ho_2dpi8
2021-07-01 15:55:20 SUCCESS
AddCodeChallengeToAuthorizationEndpointRequest
Added code_challenge and code_challenge_method parameters to request
client_id
mtls-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
wMRdQ4Du18
nonce
s6NFq5Ijq8
response_type
code
response_mode
jwt
code_challenge
zIPXNdwX5qrsTob_XP8QK89HvUa1lQqTZj4ho_2dpi8
code_challenge_method
S256
2021-07-01 15:55:20 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "client_id": "mtls-one",
  "redirect_uri": "https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback",
  "scope": "openid offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "wMRdQ4Du18",
  "nonce": "s6NFq5Ijq8",
  "response_type": "code",
  "response_mode": "jwt",
  "code_challenge": "zIPXNdwX5qrsTob_XP8QK89HvUa1lQqTZj4ho_2dpi8",
  "code_challenge_method": "S256"
}
2021-07-01 15:55:20 SUCCESS
AddNbfToRequestObject
Added nbf to request object claims
nbf
1.62515492E9
2021-07-01 15:55:20 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.62515522E9
2021-07-01 15:55:20 SUCCESS
AddAudToRequestObject
Added aud to request object claims
aud
https://fapi.panva.cz
2021-07-01 15:55:20 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
mtls-one
2021-07-01 15:55:20 SUCCESS
AddClientIdToRequestObject
Added client_id to request object claims
client_id
mtls-one
2021-07-01 15:55:20 SUCCESS
SignRequestObject
Signed the request object
claims
{"iss":"mtls-one","response_type":"code","code_challenge_method":"S256","nonce":"s6NFq5Ijq8","client_id":"mtls-one","response_mode":"jwt","aud":"https:\/\/fapi.panva.cz","nbf":1625154920,"scope":"openid offline_access","claims":{"id_token":{"acr":{"value":"urn:mace:incommon:iap:silver","essential":true}}},"redirect_uri":"https:\/\/www.certification.openid.net\/test\/a\/oidc-provider-pushed-mtls-plain_fapi-jarm\/callback","state":"wMRdQ4Du18","exp":1625155220,"code_challenge":"zIPXNdwX5qrsTob_XP8QK89HvUa1lQqTZj4ho_2dpi8"}
header
{"kid":"rxZogVFbs1tz36D4tmlW0yEHUTfD_mxyF3RSWBe5eHI","alg":"PS256"}
request_object
eyJraWQiOiJyeFpvZ1ZGYnMxdHozNkQ0dG1sVzB5RUhVVGZEX214eUYzUlNXQmU1ZUhJIiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJtdGxzLW9uZSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsIm5vbmNlIjoiczZORnE1SWpxOCIsImNsaWVudF9pZCI6Im10bHMtb25lIiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9mYXBpLnBhbnZhLmN6IiwibmJmIjoxNjI1MTU0OTIwLCJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb2lkYy1wcm92aWRlci1wdXNoZWQtbXRscy1wbGFpbl9mYXBpLWphcm1cL2NhbGxiYWNrIiwic3RhdGUiOiJ3TVJkUTREdTE4IiwiZXhwIjoxNjI1MTU1MjIwLCJjb2RlX2NoYWxsZW5nZSI6InpJUFhOZHdYNXFyc1RvYl9YUDhRSzg5SHZVYTFsUXFUWmo0aG9fMmRwaTgifQ.sdPitmlgThEEGLRS3aEz7Q4ODxVH6bl91HhgGo-hxbPzlzU6R4Kwuys-U54X2OR0hijAZqz_faYuk1-7GnsWLOmiiwu5FTiQccCvDccjthy_Oa1XYemPBguPDziwIhkoPD8IFSVPwSIMGaaH7EVNMb4xlpVP7D4_MtdKpa0zHmWhuzviFbafy_NKIUB2RZugN2HqnsU0XhdLe6JvY_kdPdN_O2W8yDKxgSWQVaAQka2T0NIIFVdTMmdzj5F6lzPEzc1C-9V4y4w2cDE2gvdEp2i2E3sT86VEuJ9GnCEg46uZlK-VYeH2C5sHXgfYoKJauIQtjP2-WbGTlaHQDg8zPg
key
{"d":"quAXoet3373KFbGBoz2AgOFA7vcji1j4g5OEcCHmtUhrA2h_q8Vl1wavtqJ-00WdISAbabt7GACDiivzM8I0kd8mBSCrgR26jwmfCgCWydVXLgd44w1MZcUwVbeE8xC38PGJ4XnEYVs7r0OQQInrwtXl_d1BzDYFVVYAQ43-p_1SGASfHv052IJjPKgePFoeheT1xVNS1fCZTSWmFEVPXhbY_LQpnm8DwkR5-hmX-oSjjaJHQoHh4OP8uJ25YAwoMs3-7QOardbEu_DsseeWoQ1MRjnovDWxsxCWa-XTMIPrwF4zP4y-WbtVFILFH7e5fo2WLd5vYSxjOJkiW3TSJQ","e":"AQAB","use":"sig","kid":"rxZogVFbs1tz36D4tmlW0yEHUTfD_mxyF3RSWBe5eHI","x5c":["MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH\/PHwrJvX42AHGeXCZJDSXzuRH934\/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp\/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk\/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW\/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR\/q3+q9gs7uehc="],"dp":"ivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX_RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm-wTEILcaqT6uLf7HK8","dq":"TpZaFi6YTiNKuOeKCHrUzTKDTvc2hU4W92VsNHDgi25V_Od8ZdaHPa6Xngs4CZ56TseRrOVxjQBDDKagwLq-GgNWaJ-irGQvDISFj2Y8zWAcnntMLLzKvTAvYdTC64r1gnRBD5RmCDetqu-RdhfQRaf4zoEqMmRlz-dUER1p-KU","n":"xBJ1vPOR6ftkO5figrSjzsHzyFTiyrIYMoFiAFwvM-UypwNTfamwdgb6Q6VlCnV62Lgc1nDR_zx8Kyb1-NgBxnlwmSQ0l87kR_d-P34zEB0xSarqD-K84lJUSX0_qcCXLr4MYBiyOcYMzag-4GWaf_S1ZuTnV1NaaEL4lHpfocFeXok9a9XznuSzol5C8Kd5AS5ahq7UTxSCGvttKpL5xYeWXJ0Zjpptr3AJyOzmjXNq0ix1W75BbmPJjBMfK7bYatHUMsstVHLnYt3CwiNsfD8dKkBVKlh-C4DWo-1WY5VNTTxPC47Ejy2rGbDLJ9MLdtn6Pr-WyW2mdzd0EKjNFQ","p":"4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT-O64yHJzc17e9lt-p89GasTtkgeEH_lr-XxScVBYndi_8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI_KPGfoZC1etR102-dS1ZufxzwSo64drw-HPuwaIkXvmpK4MBI9jEYoOHh9KR8","kty":"RSA","x5t#S256":"E-TFTHXRZVsBSvZ5p5mc7ZZMle2Urpv9yr9PdGcOqXQ","q":"3oRU_iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI-wTL7-ikx040lL9IRRtgub47-9IvxxaGaIRzsFwa-15D7TCE7K8BydH0s","qi":"ITLsaxLewCPcaJOYKRW9HeApKVIqYlQuYj7wShPq3NiEy_KqgIc-2WXYMfMF6oDoiXYMrP6AVsqWfb4us9StvauAr17yp1kf1ffpazy71gD9VqwZBFQUgBwVw1agEFfv2cFD_z3Os-5to3ZGH0Eq5QQYsoDMN_UkjOx5SvyN2_A","alg":"PS256"}
2021-07-01 15:55:20 SUCCESS
BuildRequestObjectPostToPAREndpoint
request
eyJraWQiOiJyeFpvZ1ZGYnMxdHozNkQ0dG1sVzB5RUhVVGZEX214eUYzUlNXQmU1ZUhJIiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJtdGxzLW9uZSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsIm5vbmNlIjoiczZORnE1SWpxOCIsImNsaWVudF9pZCI6Im10bHMtb25lIiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9mYXBpLnBhbnZhLmN6IiwibmJmIjoxNjI1MTU0OTIwLCJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb2lkYy1wcm92aWRlci1wdXNoZWQtbXRscy1wbGFpbl9mYXBpLWphcm1cL2NhbGxiYWNrIiwic3RhdGUiOiJ3TVJkUTREdTE4IiwiZXhwIjoxNjI1MTU1MjIwLCJjb2RlX2NoYWxsZW5nZSI6InpJUFhOZHdYNXFyc1RvYl9YUDhRSzg5SHZVYTFsUXFUWmo0aG9fMmRwaTgifQ.sdPitmlgThEEGLRS3aEz7Q4ODxVH6bl91HhgGo-hxbPzlzU6R4Kwuys-U54X2OR0hijAZqz_faYuk1-7GnsWLOmiiwu5FTiQccCvDccjthy_Oa1XYemPBguPDziwIhkoPD8IFSVPwSIMGaaH7EVNMb4xlpVP7D4_MtdKpa0zHmWhuzviFbafy_NKIUB2RZugN2HqnsU0XhdLe6JvY_kdPdN_O2W8yDKxgSWQVaAQka2T0NIIFVdTMmdzj5F6lzPEzc1C-9V4y4w2cDE2gvdEp2i2E3sT86VEuJ9GnCEg46uZlK-VYeH2C5sHXgfYoKJauIQtjP2-WbGTlaHQDg8zPg
2021-07-01 15:55:20 SUCCESS
AddClientIdToPAREndpointRequest
request
eyJraWQiOiJyeFpvZ1ZGYnMxdHozNkQ0dG1sVzB5RUhVVGZEX214eUYzUlNXQmU1ZUhJIiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJtdGxzLW9uZSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsIm5vbmNlIjoiczZORnE1SWpxOCIsImNsaWVudF9pZCI6Im10bHMtb25lIiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9mYXBpLnBhbnZhLmN6IiwibmJmIjoxNjI1MTU0OTIwLCJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb2lkYy1wcm92aWRlci1wdXNoZWQtbXRscy1wbGFpbl9mYXBpLWphcm1cL2NhbGxiYWNrIiwic3RhdGUiOiJ3TVJkUTREdTE4IiwiZXhwIjoxNjI1MTU1MjIwLCJjb2RlX2NoYWxsZW5nZSI6InpJUFhOZHdYNXFyc1RvYl9YUDhRSzg5SHZVYTFsUXFUWmo0aG9fMmRwaTgifQ.sdPitmlgThEEGLRS3aEz7Q4ODxVH6bl91HhgGo-hxbPzlzU6R4Kwuys-U54X2OR0hijAZqz_faYuk1-7GnsWLOmiiwu5FTiQccCvDccjthy_Oa1XYemPBguPDziwIhkoPD8IFSVPwSIMGaaH7EVNMb4xlpVP7D4_MtdKpa0zHmWhuzviFbafy_NKIUB2RZugN2HqnsU0XhdLe6JvY_kdPdN_O2W8yDKxgSWQVaAQka2T0NIIFVdTMmdzj5F6lzPEzc1C-9V4y4w2cDE2gvdEp2i2E3sT86VEuJ9GnCEg46uZlK-VYeH2C5sHXgfYoKJauIQtjP2-WbGTlaHQDg8zPg
client_id
mtls-one
2021-07-01 15:55:20
CallPAREndpoint
HTTP request
request_uri
https://mtls.fapi.panva.cz/request
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-length": "1163"
}
request_body
request=eyJraWQiOiJyeFpvZ1ZGYnMxdHozNkQ0dG1sVzB5RUhVVGZEX214eUYzUlNXQmU1ZUhJIiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJtdGxzLW9uZSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsIm5vbmNlIjoiczZORnE1SWpxOCIsImNsaWVudF9pZCI6Im10bHMtb25lIiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9mYXBpLnBhbnZhLmN6IiwibmJmIjoxNjI1MTU0OTIwLCJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb2lkYy1wcm92aWRlci1wdXNoZWQtbXRscy1wbGFpbl9mYXBpLWphcm1cL2NhbGxiYWNrIiwic3RhdGUiOiJ3TVJkUTREdTE4IiwiZXhwIjoxNjI1MTU1MjIwLCJjb2RlX2NoYWxsZW5nZSI6InpJUFhOZHdYNXFyc1RvYl9YUDhRSzg5SHZVYTFsUXFUWmo0aG9fMmRwaTgifQ.sdPitmlgThEEGLRS3aEz7Q4ODxVH6bl91HhgGo-hxbPzlzU6R4Kwuys-U54X2OR0hijAZqz_faYuk1-7GnsWLOmiiwu5FTiQccCvDccjthy_Oa1XYemPBguPDziwIhkoPD8IFSVPwSIMGaaH7EVNMb4xlpVP7D4_MtdKpa0zHmWhuzviFbafy_NKIUB2RZugN2HqnsU0XhdLe6JvY_kdPdN_O2W8yDKxgSWQVaAQka2T0NIIFVdTMmdzj5F6lzPEzc1C-9V4y4w2cDE2gvdEp2i2E3sT86VEuJ9GnCEg46uZlK-VYeH2C5sHXgfYoKJauIQtjP2-WbGTlaHQDg8zPg&client_id=mtls-one
request_mutual_tls
{
  "cert": "MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc\u003d",
  "key": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAECggEBAKrgF6Hrd9+9yhWxgaM9gIDhQO73I4tY+IOThHAh5rVIawNof6vFZdcGr7aiftNFnSEgG2m7exgAg4or8zPCNJHfJgUgq4Eduo8JnwoAlsnVVy4HeOMNTGXFMFW3hPMQt/DxieF5xGFbO69DkECJ68LV5f3dQcw2BVVWAEON/qf9UhgEnx79OdiCYzyoHjxaHoXk9cVTUtXwmU0lphRFT14W2Py0KZ5vA8JEefoZl/qEo42iR0KB4eDj/LiduWAMKDLN/u0Dmq3WxLvw7LHnlqENTEY56Lw1sbMQlmvl0zCD68BeMz+Mvlm7VRSCxR+3uX6Nli3eb2EsYziZIlt00iUCgYEA4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT+O64yHJzc17e9lt+p89GasTtkgeEH/lr+XxScVBYndi/8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI/KPGfoZC1etR102+dS1ZufxzwSo64drw+HPuwaIkXvmpK4MBI9jEYoOHh9KR8CgYEA3oRU/iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI+wTL7+ikx040lL9IRRtgub47+9IvxxaGaIRzsFwa+15D7TCE7K8BydH0sCgYEAivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX/RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm+wTEILcaqT6uLf7HK8CgYBOlloWLphOI0q454oIetTNMoNO9zaFThb3ZWw0cOCLblX853xl1oc9rpeeCzgJnnpOx5Gs5XGNAEMMpqDAur4aA1Zon6KsZC8MhIWPZjzNYByee0wsvMq9MC9h1MLrivWCdEEPlGYIN62q75F2F9BFp/jOgSoyZGXP51QRHWn4pQKBgCEy7GsS3sAj3GiTmCkVvR3gKSlSKmJULmI+8EoT6tzYhMvyqoCHPtll2DHzBeqA6Il2DKz+gFbKln2+LrPUrb2rgK9e8qdZH9X36Ws8u9YA/VasGQRUFIAcFcNWoBBX79nBQ/89zrPubaN2Rh9BKuUEGLKAzDf1JIzseUr8jdvw"
}
2021-07-01 15:55:21 RESPONSE
CallPAREndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "cache-control": "no-cache, no-store",
  "content-length": "89",
  "content-security-policy": "default-src \u0027self\u0027;base-uri \u0027self\u0027;block-all-mixed-content;font-src \u0027self\u0027 https: data:;frame-ancestors \u0027self\u0027;img-src \u0027self\u0027 data:;object-src \u0027none\u0027;script-src \u0027self\u0027;script-src-attr \u0027none\u0027;style-src \u0027self\u0027 https: \u0027unsafe-inline\u0027;upgrade-insecure-requests",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Thu, 01 Jul 2021 15:55:21 GMT",
  "expect-ct": "max-age\u003d0",
  "pragma": "no-cache",
  "referrer-policy": "no-referrer",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-permitted-cross-domain-policies": "none",
  "x-xss-protection": "0"
}
response_body
{"expires_in":60,"request_uri":"urn:ietf:params:oauth:request_uri:c7QsDqxutndsFkhsnj0vt"}
2021-07-01 15:55:21 SUCCESS
CallPAREndpoint
Storing pushed_authorization_endpoint_response_http_status 201
2021-07-01 15:55:21 SUCCESS
CallPAREndpoint
Parsed pushed authorization request endpoint response
expires_in
60
request_uri
urn:ietf:params:oauth:request_uri:c7QsDqxutndsFkhsnj0vt
2021-07-01 15:55:21 SUCCESS
CheckIfPAREndpointResponseError
pushed authorization request endpoint correct response.
2021-07-01 15:55:21 SUCCESS
CheckForRequestUriValue
Found valid request_uri
request_uri
urn:ietf:params:oauth:request_uri:c7QsDqxutndsFkhsnj0vt
2021-07-01 15:55:21 SUCCESS
CheckForPARResponseExpiresIn
Found expires_in
expires_in
60
2021-07-01 15:55:21 SUCCESS
ExtractRequestUriFromPARResponse
Extracted the request_uri: urn:ietf:params:oauth:request_uri:c7QsDqxutndsFkhsnj0vt
2021-07-01 15:55:21 SUCCESS
EnsureMinimumRequestUriEntropy
Calculated shannon entropy seems sufficient
actual
243.2715598396186
expected
128.0
Attempting use of request_uri after expiry and testing if Authorization server returns error in callback
2021-07-01 15:55:21 SUCCESS
WaitForExpiry
Pausing for 60 seconds
2021-07-01 15:56:21 SUCCESS
WaitForExpiry
Woke up after 60 seconds sleep
2021-07-01 15:56:21 SUCCESS
BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://fapi.panva.cz/auth?request_uri=urn:ietf:params:oauth:request_uri:c7QsDqxutndsFkhsnj0vt&client_id=mtls-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback&scope=openid%20offline_access&response_type=code
2021-07-01 15:56:21 REDIRECT
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
Redirecting to authorization endpoint
redirect_to
https://fapi.panva.cz/auth?request_uri=urn:ietf:params:oauth:request_uri:c7QsDqxutndsFkhsnj0vt&client_id=mtls-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback&scope=openid%20offline_access&response_type=code
2021-07-01 15:56:21 REVIEW
ExpectInvalidRequestUriErrorPage
If the server does not return an error back to the client, It must show an error page that the request_uri is invalid - upload a screenshot of the error page.
image_no_longer_required
true
2021-07-01 15:56:21
WebRunner
Scripted browser HTTP request
browser
goToUrl
request_method
GET
request_uri
https://fapi.panva.cz/auth?request_uri=urn:ietf:params:oauth:request_uri:c7QsDqxutndsFkhsnj0vt&client_id=mtls-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback&scope=openid%20offline_access&response_type=code
2021-07-01 15:56:22 INCOMING
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
Incoming HTTP request to test instance sTV3wMwFqKpm4dr
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "error": "invalid_request_uri",
  "error_description": "request_uri is invalid or expired"
}
incoming_body
2021-07-01 15:56:22 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/4yBXylUdvyZEiKwUYM1W",
  "fullUrl": "https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/implicit/4yBXylUdvyZEiKwUYM1W"
}
2021-07-01 15:56:22 OUTGOING
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
Response to HTTP request to test instance sTV3wMwFqKpm4dr
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/implicit/4yBXylUdvyZEiKwUYM1W, returnUrl=/log-detail.html?log=sTV3wMwFqKpm4dr}]
outgoing_path
callback
2021-07-01 15:56:22 RESPONSE
WebRunner
Scripted browser HTTP response
response_content
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta charset="UTF-8">
    <title>OIDF Conformance: Processing Implicit Callback</title>

    <!-- Latest compiled and minified CSS -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">

    <!-- Optional theme -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=PT+Sans">
    <link rel="stylesheet" type="text/css" href="/css/layout.css">



</head>
<body>
    <div class="pageHeader container-fluid">
        <div class="row-fluid">
            <div class="col-md-8">
                <a href="index.html"><img src="/images/openid.png"></a>
            </div>
        </div>
    </div>
    <div class="clearfix"></div>

    <div class="container-fluid">
        <div class="row">
            <div class="col-xs-12 col-md-6 col-md-offset-3 center-block center-text">
                <h1 class="text-center">Please wait...</h1>
                <h2 class="text-center">Processing response from authorization server<sup><span class="glyphicon glyphicon-question-sign" data-toggle="tooltip" title="The server should have returned its results as part of a URI fragment. This data normally stays in the browser and needs to be explicitly sent to the test framework for further processing." data-placement="right"></span></sup></h2>
                <p id="complete" class="bg-info collapse">The response has been sent to the server for processing. You may return to <a href="">the test results page.</a></p>
            </div>
        </div>
    </div>
    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>

    <footer class="pageFooter">
        <span class="muted">OpenID Foundation conformance suite</span>
    </footer>

    <script type="text/javascript">
        var submitComplete = false;
        function assumeComplete() {
            if (submitComplete) {
                return;
            }
            console.log("assumeComplete workaround for https://gitlab.com/openid/conformance-suite/-/issues/766 activated - assuming post has completed as 5 seconds have elapsed")
            // add a hidden tag so that Selenium can detect we're done processing
            $('#complete').append('<span id="submission_complete" class="hidden"></span>');
        }

        $(function() {

            var hash = window.location.hash;

            var returnUrl = "\/log-detail.html?log=sTV3wMwFqKpm4dr";

            // workaround https://gitlab.com/openid/conformance-suite/-/issues/766 by assuming that the post completes
            // after 5 seconds
            setTimeout(function(){ assumeComplete(); }, 5000);

            $.post({
                url: "https:\/\/www.certification.openid.net\/test\/a\/oidc-provider-pushed-mtls-plain_fapi-jarm\/implicit\/4yBXylUdvyZEiKwUYM1W",
                data: hash,
                contentType: "text/plain", // this will be parsed on the server side, no need to wrap it
            }).always(function () {
                console.log("implicit submit complete")
                $('#complete a').attr('href', returnUrl); // provide the link only after the page is rendered.
                $('#complete').show();
                submitComplete = true;
                // add a hidden tag so that Selenium can detect we're done processing
                $('#complete').append('<span id="submission_complete" class="hidden"></span>');
            });


        });
    </script>


</body>
</html>
response_content_type
text/html
response_status_text
200-
response_status_code
200
2021-07-01 15:56:22
WebRunner
Skipping optional task due to URL mismatch
task
Login
browser
skip
match
https://fapi.panva.cz/interaction*
url
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback?error=invalid_request_uri&error_description=request_uri%20is%20invalid%20or%20expired
commands
[
  [
    "text",
    "name",
    "login",
    "foo",
    "optional"
  ],
  [
    "text",
    "name",
    "password",
    "bar",
    "optional"
  ],
  [
    "click",
    "class",
    "login-submit"
  ]
]
2021-07-01 15:56:22
WebRunner
Skipping optional task due to URL mismatch
task
Consent
browser
skip
match
https://fapi.panva.cz/interaction*
url
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback?error=invalid_request_uri&error_description=request_uri%20is%20invalid%20or%20expired
commands
[
  [
    "click",
    "class",
    "login-submit"
  ]
]
2021-07-01 15:56:22 INFO
WebRunner
Waiting
regexp
seconds
10
task
Verify Complete
browser
wait
action
element_type
id
url
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback?error=invalid_request_uri&error_description=request_uri%20is%20invalid%20or%20expired
target
submission_complete
2021-07-01 15:56:22 INCOMING
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
Incoming HTTP request to test instance sTV3wMwFqKpm4dr
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36",
  "accept": "*/*",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback?error\u003dinvalid_request_uri\u0026error_description\u003drequest_uri%20is%20invalid%20or%20expired",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "cookie": "JSESSIONID\u003dD5FBC40004FF59C340E79335100453F7",
  "x-requested-with": "XMLHttpRequest",
  "content-type": "text/plain",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/4yBXylUdvyZEiKwUYM1W
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-07-01 15:56:22 OUTGOING
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
Response to HTTP request to test instance sTV3wMwFqKpm4dr
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/4yBXylUdvyZEiKwUYM1W
2021-07-01 15:56:22 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2021-07-01 15:56:22 REDIRECT-IN
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
Authorization endpoint response captured
url_query
{
  "error": "invalid_request_uri",
  "error_description": "request_uri is invalid or expired"
}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Verify authorization endpoint response
2021-07-01 15:56:22 SUCCESS
AddPlainErrorResponseAsAuthorizationEndpointResponseForJARM
The server returned a plain error response instead of a JARM response
error
invalid_request_uri
error_description
request_uri is invalid or expired
2021-07-01 15:56:22 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2021-07-01 15:56:22 SUCCESS
EnsureInvalidRequestUriError
Authorization endpoint returned expected 'error' of 'invalid_request_uri'
error
invalid_request_uri
2021-07-01 15:56:22 INFO
WebRunner
Completed processing of webpage
task
Verify Complete
browser
complete
response_status_text
200-
match
https://*/test/a/*/callback*
url
https://www.certification.openid.net/test/a/oidc-provider-pushed-mtls-plain_fapi-jarm/callback?error=invalid_request_uri&error_description=request_uri%20is%20invalid%20or%20expired
response_status_code
200
2021-07-01 15:56:22 FINISHED
fapi1-advanced-final-par-attempt-to-use-expired-request_uri
Test has run to completion
testmodule_result
PASSED
2021-07-01 15:56:24
TEST-RUNNER
Alias has now been claimed by another test
alias
oidc-provider-pushed-mtls-plain_fapi-jarm
new_test_id
dhxH2RcJTmQwxEC
Test Results