Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-07-01 15:29:29 INFO
TEST-RUNNER
Test instance remustubkQqQtvi created
baseUrl
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm
variant
{
  "client_auth_type": "private_key_jwt",
  "fapi_auth_request_method": "by_value",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
oidc-provider-by_value-private_key_jwt-plain_fapi-jarm
description
planId
H1KCalhYHLIZI
config
{
  "alias": "oidc-provider-by_value-private_key_jwt-plain_fapi-jarm",
  "automated_ciba_approval_url": "https://fapi.panva.cz/ciba-sim?authReqId\u003d{auth_req_id}\u0026action\u003d{action}",
  "server": {
    "discoveryUrl": "https://fapi.panva.cz/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "pkjwt-one",
    "client_name": "pkjwt-one",
    "scope": "openid offline_access",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw",
          "d": "dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ",
          "p": "5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk",
          "q": "xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc",
          "dp": "tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk",
          "dq": "FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80",
          "qi": "nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE",
          "kty": "RSA",
          "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    },
    "hint_type": "login_hint",
    "hint_value": "panva"
  },
  "mtls": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD\nWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4\nMTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwG\nUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9\nqbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP\n4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r\n1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVb\nvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8L\njsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQAD\nggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjS\nozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZ\nybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3\n+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4K\nnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2h\nTfkwHHtW2BegWR/q3+q9gs7uehc\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEEnW885Hp+2Q7\nl+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwr\nJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzN\nqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa\n+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi\n3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3\nN3QQqM0VAgMBAAECggEBAKrgF6Hrd9+9yhWxgaM9gIDhQO73I4tY+IOThHAh5rVI\nawNof6vFZdcGr7aiftNFnSEgG2m7exgAg4or8zPCNJHfJgUgq4Eduo8JnwoAlsnV\nVy4HeOMNTGXFMFW3hPMQt/DxieF5xGFbO69DkECJ68LV5f3dQcw2BVVWAEON/qf9\nUhgEnx79OdiCYzyoHjxaHoXk9cVTUtXwmU0lphRFT14W2Py0KZ5vA8JEefoZl/qE\no42iR0KB4eDj/LiduWAMKDLN/u0Dmq3WxLvw7LHnlqENTEY56Lw1sbMQlmvl0zCD\n68BeMz+Mvlm7VRSCxR+3uX6Nli3eb2EsYziZIlt00iUCgYEA4ZNvp0u6vXQAf7IG\nESuhu3u4cD6K8iJ6BT+O64yHJzc17e9lt+p89GasTtkgeEH/lr+XxScVBYndi/8v\naqsA47bkIoWVvcXq7C4jkv0bPelpaI/KPGfoZC1etR102+dS1ZufxzwSo64drw+H\nPuwaIkXvmpK4MBI9jEYoOHh9KR8CgYEA3oRU/iCWvKOGHlR9BmcBysVGmkvBwj8X\nLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7\nyczWFLPXbUNVqC5OLI+wTL7+ikx040lL9IRRtgub47+9IvxxaGaIRzsFwa+15D7T\nCE7K8BydH0sCgYEAivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX/RloFfHGPEaB8q7\nl5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdsl\nFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm+wTEILcaqT6uLf7HK8CgYBO\nlloWLphOI0q454oIetTNMoNO9zaFThb3ZWw0cOCLblX853xl1oc9rpeeCzgJnnpO\nx5Gs5XGNAEMMpqDAur4aA1Zon6KsZC8MhIWPZjzNYByee0wsvMq9MC9h1MLrivWC\ndEEPlGYIN62q75F2F9BFp/jOgSoyZGXP51QRHWn4pQKBgCEy7GsS3sAj3GiTmCkV\nvR3gKSlSKmJULmI+8EoT6tzYhMvyqoCHPtll2DHzBeqA6Il2DKz+gFbKln2+LrPU\nrb2rgK9e8qdZH9X36Ws8u9YA/VasGQRUFIAcFcNWoBBX79nBQ/89zrPubaN2Rh9B\nKuUEGLKAzDf1JIzseUr8jdvw\n-----END PRIVATE KEY-----\n"
  },
  "client2": {
    "client_id": "pkjwt-two",
    "client_name": "pkjwt-two",
    "scope": "openid offline_access",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw",
          "d": "ttJDnX4Z7Q3DORORHU31H74wbmidC2_tzoEwBWkeUZ6cEediQKmy1v_kcGQ4cpRXXINmhuKdaNTqSzhZlk45w6MOJ2TOtBXgPVwPiYDvThWGFuvjfDeX3FAaxZrJ5a9Jn-w4Db3L2sQT-5NBvjViU5RG54Ze4PB_m_wOiUGXEfgonv64APPBkodIz_26lJ-r4447tcdMkDw4p6xTP-y33sPB4ZOhQ5ezE4FzQlpq0K98ysKLwo8wvhQ8stxqL46avBnflgDhTsb-1I54aU3ROjThU5tkeAkudzg4lFKdd4WmVneVMD-FJ2wrkjwztqHSBCP8G9IAXBdXRxRzdJIOAQ",
          "p": "_WOUrDYt1uay8XtnaNgutctzdI6XJaf5XrGv6wE_ZoVbqEKWTnBbVfqbwkWf58CeH32tt3hUjBFicG-XAlYI8TW5Lf6H78Fmt2y3fdowLzzWLwNDoLWo1_rOGxneL-vYM1MekZyUN-uDARdEeOL9yRPFKOZm7eWSUc_Sdlu9yuc",
          "q": "6XitRdF0tFu7O7S1rQZZjqhrza53f-Ox1vCYY_Hy4Tm_1fMc7GV0VCHoQwO3ZJPlPEE0JahnfpQkhHGj67GGO40lZYEXdBwNxtktp1zdmEokbsWmacz57SVPg4pzgS9kketf-wdUbT5VgBmNWS9MPt7rKiyFbmuPcHU99fWEsaE",
          "dp": "e_5s1FC24cCGtFCU6-NOCDwExXa5U_38s2_0C-XSZpK_pXjgIIYuy8YUzl5Pv5KsTfCsP2msxdYD-80_ci8ztQV7FpzFXHehkgSrTfSlO5hjnyHTyCLc-sOKdAyWg5C_fW4hOVQL28ltk-0U3qsFUY5RHpCQsb1zeoFeFfkSyOU",
          "dq": "2tyhsh2UBa8oaeQRm02kjrMbvAidRWoxwIhykt6xDKmSSAJLTuAcmPHgRVIqjUKHVmDZfaPMwUAmq3HMdJpKd3DtaaYGUnYqBAp7XbUUljqKxLzML8pTUBf13h3gAW5oHNJFe5F3d6FDjX5mnwBTvWxDj5mEy-pQ4N9HYlbyOYE",
          "qi": "rbxxLBMPxBVpoyNfpjYtXEuem0HHvemHiGklhCbJO_N3vRu8lEarlZ_IPLrRmq7he0cNHcd4j_yhge1-0RR0LzJ4l_Wg-B1Jc0fKJrSItp8pmjmaVHbp_ToYqVlJh_AfU5tru86zSCvVycV79BvkvLl6IusDAuRK8eD1h7dU59g",
          "kty": "RSA",
          "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    },
    "acr_value": "urn:mace:incommon:iap:silver"
  },
  "mtls2": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD\nWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4\nMTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwG\nUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0Up\nkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6wa\nKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj\n6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdP\nxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxY\nTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQAD\nggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyW\nS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XB\nKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbT\nLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0a\nDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgn\nAWzRJlZD89KZAQgjj4Z215QeLxA\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhqVAaMsvnCETz\nDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQ\nGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3\nMT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMM\nxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxa\nbXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3f\nY4Cm+zkTAgMBAAECggEASlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F/T6q\nKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK+yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2C\nTrAbUUcD7q18FnxoYuCB9HTcmd82tgve+DIVstYlaqcL9PkCifcloblFB/GNbToE\ndiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv+kR5u3AWGGGtlhZ3dvU7+i0P7n4\ndKseQyyd9v/QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul/RYnl\nFGuiKUXSV/r/t/dEppsKM4moJ8n6qzsoZf6czR5NwQKBgQD+y6nJs9sNEuIBa2Jj\nEZIYhVXjVRO9XkusqN3aoKyU48X+Jg4/XDJMU6NRaMEdappo8Jgykrg0h2cNS4JD\nkrw3PwVohaR1SSwNclg7cVlH50HO6WTIrA1lAT7VXBPsxiUiKHr3nNph22chHDRw\n3qhhbluF4Nh0TXdLNwsrdcYyoQKBgQDiumS2EnCOT5uvEpW4MjFRVeLBsCt1tAuf\nVRcF2XngyfgLme0zLnQGh8ZqrHHpZmgZQBM3APnDtJ/UqzEIwg5suvrE1U2lScjv\nrpVpXr1ZiIV0Hc3wEGLcvgmZvWEtcjJfZYhNMdjbDlQo5jAPqkoJrkWV2oCubmyU\nkKma199DMwKBgAKZ16Dceib3A2GaVAXI3yHq8oaAjtQHC2S20JTzwO9AJ/xBLTIO\nYeEPlYI2PIptVSgvFI6nmsPGghHLrIe+DrfNp+N6QcSEu7NjcG0i6hNm0/Alx8aY\nowZd7eNFrlpjZ2ui2CaA7mXDVJks7YgdbcCY3MxQEEWXqNkWtcF60UwhAoGBAI6R\nWmbK7Y/vKxxJeW/bz/svIGle19Upo+1K2jFJcUQSfDD/V5JJcZfxpKjLSs3TIT5P\ndkWuDWAsohxekXTKYbupT6qZ3jtDTGC6zST29+Xm3NQJMcf05dWcgfj0hrjHCDnI\nZI71+0Czn+Qf6rTPBcNUnFkAjs4gjZJV7PB7Md7VAoGAZ/CBJI5NGWkGZjkLM4fq\nq8U2hFM9Y5IHsn9Y8vvst3+mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q+AWlui\nUxB+b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7/PeUpB63LmMjtyLdM\nlGAIorVbtD1xAn2WaYuEb5Q\u003d\n-----END PRIVATE KEY-----\n  \n"
  },
  "resource": {
    "resourceUrl": "https://mtls.fapi.panva.cz/accounts",
    "institution_id": "xxxxx"
  },
  "browser": [
    {
      "match": "https://fapi.panva.cz/auth*",
      "tasks": [
        {
          "task": "Login",
          "optional": true,
          "match": "https://fapi.panva.cz/interaction*",
          "commands": [
            [
              "text",
              "name",
              "login",
              "foo",
              "optional"
            ],
            [
              "text",
              "name",
              "password",
              "bar",
              "optional"
            ],
            [
              "click",
              "class",
              "login-submit"
            ]
          ]
        },
        {
          "task": "Consent",
          "optional": true,
          "match": "https://fapi.panva.cz/interaction*",
          "commands": [
            [
              "click",
              "class",
              "login-submit"
            ]
          ]
        },
        {
          "task": "Verify Complete",
          "match": "https://*/test/a/*/callback*",
          "commands": [
            [
              "wait",
              "id",
              "submission_complete",
              10
            ]
          ]
        }
      ]
    }
  ]
}
testName
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
2021-07-01 15:29:29 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback
2021-07-01 15:29:30
GetDynamicServerConfiguration
HTTP request
request_uri
https://fapi.panva.cz/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-07-01 15:29:30 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "1747",
  "content-security-policy": "default-src \u0027self\u0027;base-uri \u0027self\u0027;block-all-mixed-content;font-src \u0027self\u0027 https: data:;frame-ancestors \u0027self\u0027;img-src \u0027self\u0027 data:;object-src \u0027none\u0027;script-src \u0027self\u0027;script-src-attr \u0027none\u0027;style-src \u0027self\u0027 https: \u0027unsafe-inline\u0027;upgrade-insecure-requests",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Thu, 01 Jul 2021 15:29:30 GMT",
  "expect-ct": "max-age\u003d0",
  "referrer-policy": "no-referrer",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-permitted-cross-domain-policies": "none",
  "x-xss-protection": "0"
}
response_body
{"acr_values_supported":["urn:mace:incommon:iap:silver"],"authorization_endpoint":"https://fapi.panva.cz/auth","claims_parameter_supported":false,"claims_supported":["sub","acr","sid","auth_time","iss"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://fapi.panva.cz/session/end","grant_types_supported":["implicit","authorization_code","refresh_token","urn:openid:params:grant-type:ciba"],"id_token_signing_alg_values_supported":["PS256"],"issuer":"https://fapi.panva.cz","jwks_uri":"https://fapi.panva.cz/jwks","registration_endpoint":"https://fapi.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token","code"],"scopes_supported":["openid","offline_access"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":["private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["PS256"],"token_endpoint":"https://mtls.fapi.panva.cz/token","pushed_authorization_request_endpoint":"https://mtls.fapi.panva.cz/request","request_object_signing_alg_values_supported":["PS256"],"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_signed_request_object":true,"userinfo_endpoint":"https://mtls.fapi.panva.cz/accounts","authorization_signing_alg_values_supported":["PS256"],"tls_client_certificate_bound_access_tokens":true,"backchannel_authentication_endpoint":"https://mtls.fapi.panva.cz/backchannel","backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_user_code_parameter_supported":true,"backchannel_authentication_request_signing_alg_values_supported":["PS256"],"claim_types_supported":["normal"]}
2021-07-01 15:29:30
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"acr_values_supported":["urn:mace:incommon:iap:silver"],"authorization_endpoint":"https://fapi.panva.cz/auth","claims_parameter_supported":false,"claims_supported":["sub","acr","sid","auth_time","iss"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://fapi.panva.cz/session/end","grant_types_supported":["implicit","authorization_code","refresh_token","urn:openid:params:grant-type:ciba"],"id_token_signing_alg_values_supported":["PS256"],"issuer":"https://fapi.panva.cz","jwks_uri":"https://fapi.panva.cz/jwks","registration_endpoint":"https://fapi.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token","code"],"scopes_supported":["openid","offline_access"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":["private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["PS256"],"token_endpoint":"https://mtls.fapi.panva.cz/token","pushed_authorization_request_endpoint":"https://mtls.fapi.panva.cz/request","request_object_signing_alg_values_supported":["PS256"],"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_signed_request_object":true,"userinfo_endpoint":"https://mtls.fapi.panva.cz/accounts","authorization_signing_alg_values_supported":["PS256"],"tls_client_certificate_bound_access_tokens":true,"backchannel_authentication_endpoint":"https://mtls.fapi.panva.cz/backchannel","backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_user_code_parameter_supported":true,"backchannel_authentication_request_signing_alg_values_supported":["PS256"],"claim_types_supported":["normal"]}
2021-07-01 15:29:30 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
acr_values_supported
[
  "urn:mace:incommon:iap:silver"
]
authorization_endpoint
https://fapi.panva.cz/auth
claims_parameter_supported
false
claims_supported
[
  "sub",
  "acr",
  "sid",
  "auth_time",
  "iss"
]
code_challenge_methods_supported
[
  "S256"
]
end_session_endpoint
https://fapi.panva.cz/session/end
grant_types_supported
[
  "implicit",
  "authorization_code",
  "refresh_token",
  "urn:openid:params:grant-type:ciba"
]
id_token_signing_alg_values_supported
[
  "PS256"
]
issuer
https://fapi.panva.cz
jwks_uri
https://fapi.panva.cz/jwks
registration_endpoint
https://fapi.panva.cz/reg
response_modes_supported
[
  "form_post",
  "fragment",
  "query",
  "jwt",
  "query.jwt",
  "fragment.jwt",
  "form_post.jwt"
]
response_types_supported
[
  "code id_token",
  "code"
]
scopes_supported
[
  "openid",
  "offline_access"
]
subject_types_supported
[
  "public"
]
token_endpoint_auth_methods_supported
[
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "PS256"
]
token_endpoint
https://mtls.fapi.panva.cz/token
pushed_authorization_request_endpoint
https://mtls.fapi.panva.cz/request
request_object_signing_alg_values_supported
[
  "PS256"
]
request_parameter_supported
true
request_uri_parameter_supported
false
require_signed_request_object
true
userinfo_endpoint
https://mtls.fapi.panva.cz/accounts
authorization_signing_alg_values_supported
[
  "PS256"
]
tls_client_certificate_bound_access_tokens
true
backchannel_authentication_endpoint
https://mtls.fapi.panva.cz/backchannel
backchannel_token_delivery_modes_supported
[
  "poll",
  "ping"
]
backchannel_user_code_parameter_supported
true
backchannel_authentication_request_signing_alg_values_supported
[
  "PS256"
]
claim_types_supported
[
  "normal"
]
2021-07-01 15:29:30
AddMTLSEndpointAliasesToEnvironment
mtls_endpoint_aliases is not present in the server configuration
2021-07-01 15:29:30 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-07-01 15:29:30
FetchServerKeys
Fetching server key
jwks_uri
https://fapi.panva.cz/jwks
2021-07-01 15:29:30
FetchServerKeys
HTTP request
request_uri
https://fapi.panva.cz/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-07-01 15:29:31 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "462",
  "content-security-policy": "default-src \u0027self\u0027;base-uri \u0027self\u0027;block-all-mixed-content;font-src \u0027self\u0027 https: data:;frame-ancestors \u0027self\u0027;img-src \u0027self\u0027 data:;object-src \u0027none\u0027;script-src \u0027self\u0027;script-src-attr \u0027none\u0027;style-src \u0027self\u0027 https: \u0027unsafe-inline\u0027;upgrade-insecure-requests",
  "content-type": "application/jwk-set+json; charset\u003dutf-8",
  "date": "Thu, 01 Jul 2021 15:29:30 GMT",
  "expect-ct": "max-age\u003d0",
  "referrer-policy": "no-referrer",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-permitted-cross-domain-policies": "none",
  "x-xss-protection": "0"
}
response_body
{"keys":[{"kty":"RSA","use":"sig","kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","alg":"PS256","e":"AQAB","n":"sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"}]}
2021-07-01 15:29:31
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","use":"sig","kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","alg":"PS256","e":"AQAB","n":"sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"}]}
2021-07-01 15:29:31 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-07-01 15:29:31 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-07-01 15:29:31 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-07-01 15:29:31 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-07-01 15:29:31 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-07-01 15:29:31 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-07-01 15:29:31 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
pkjwt-one
client_name
pkjwt-one
scope
openid offline_access
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw",
      "d": "dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ",
      "p": "5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk",
      "q": "xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc",
      "dp": "tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk",
      "dq": "FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80",
      "qi": "nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE",
      "kty": "RSA",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
hint_type
login_hint
hint_value
panva
2021-07-01 15:29:31
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2021-07-01 15:29:31 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2021-07-01 15:29:31
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2021-07-01 15:29:31 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc=
key
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAECggEBAKrgF6Hrd9+9yhWxgaM9gIDhQO73I4tY+IOThHAh5rVIawNof6vFZdcGr7aiftNFnSEgG2m7exgAg4or8zPCNJHfJgUgq4Eduo8JnwoAlsnVVy4HeOMNTGXFMFW3hPMQt/DxieF5xGFbO69DkECJ68LV5f3dQcw2BVVWAEON/qf9UhgEnx79OdiCYzyoHjxaHoXk9cVTUtXwmU0lphRFT14W2Py0KZ5vA8JEefoZl/qEo42iR0KB4eDj/LiduWAMKDLN/u0Dmq3WxLvw7LHnlqENTEY56Lw1sbMQlmvl0zCD68BeMz+Mvlm7VRSCxR+3uX6Nli3eb2EsYziZIlt00iUCgYEA4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT+O64yHJzc17e9lt+p89GasTtkgeEH/lr+XxScVBYndi/8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI/KPGfoZC1etR102+dS1ZufxzwSo64drw+HPuwaIkXvmpK4MBI9jEYoOHh9KR8CgYEA3oRU/iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI+wTL7+ikx040lL9IRRtgub47+9IvxxaGaIRzsFwa+15D7TCE7K8BydH0sCgYEAivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX/RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm+wTEILcaqT6uLf7HK8CgYBOlloWLphOI0q454oIetTNMoNO9zaFThb3ZWw0cOCLblX853xl1oc9rpeeCzgJnnpOx5Gs5XGNAEMMpqDAur4aA1Zon6KsZC8MhIWPZjzNYByee0wsvMq9MC9h1MLrivWCdEEPlGYIN62q75F2F9BFp/jOgSoyZGXP51QRHWn4pQKBgCEy7GsS3sAj3GiTmCkVvR3gKSlSKmJULmI+8EoT6tzYhMvyqoCHPtll2DHzBeqA6Il2DKz+gFbKln2+LrPUrb2rgK9e8qdZH9X36Ws8u9YA/VasGQRUFIAcFcNWoBBX79nBQ/89zrPubaN2Rh9BKuUEGLKAzDf1JIzseUr8jdvw
2021-07-01 15:29:31 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-07-01 15:29:31 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw",
      "d": "dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ",
      "p": "5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk",
      "q": "xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc",
      "dp": "tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk",
      "dq": "FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80",
      "qi": "nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE",
      "kty": "RSA",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-07-01 15:29:31 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-07-01 15:29:31 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-07-01 15:29:31 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "ES256",
  "PS256"
]
2021-07-01 15:29:31 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw",
      "d": "dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ",
      "p": "5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk",
      "q": "xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc",
      "dp": "tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk",
      "dq": "FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80",
      "qi": "nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE",
      "kty": "RSA",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
2021-07-01 15:29:31 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
Verify configuration of second client
2021-07-01 15:29:31 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
pkjwt-two
client_name
pkjwt-two
scope
openid offline_access
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw",
      "d": "ttJDnX4Z7Q3DORORHU31H74wbmidC2_tzoEwBWkeUZ6cEediQKmy1v_kcGQ4cpRXXINmhuKdaNTqSzhZlk45w6MOJ2TOtBXgPVwPiYDvThWGFuvjfDeX3FAaxZrJ5a9Jn-w4Db3L2sQT-5NBvjViU5RG54Ze4PB_m_wOiUGXEfgonv64APPBkodIz_26lJ-r4447tcdMkDw4p6xTP-y33sPB4ZOhQ5ezE4FzQlpq0K98ysKLwo8wvhQ8stxqL46avBnflgDhTsb-1I54aU3ROjThU5tkeAkudzg4lFKdd4WmVneVMD-FJ2wrkjwztqHSBCP8G9IAXBdXRxRzdJIOAQ",
      "p": "_WOUrDYt1uay8XtnaNgutctzdI6XJaf5XrGv6wE_ZoVbqEKWTnBbVfqbwkWf58CeH32tt3hUjBFicG-XAlYI8TW5Lf6H78Fmt2y3fdowLzzWLwNDoLWo1_rOGxneL-vYM1MekZyUN-uDARdEeOL9yRPFKOZm7eWSUc_Sdlu9yuc",
      "q": "6XitRdF0tFu7O7S1rQZZjqhrza53f-Ox1vCYY_Hy4Tm_1fMc7GV0VCHoQwO3ZJPlPEE0JahnfpQkhHGj67GGO40lZYEXdBwNxtktp1zdmEokbsWmacz57SVPg4pzgS9kketf-wdUbT5VgBmNWS9MPt7rKiyFbmuPcHU99fWEsaE",
      "dp": "e_5s1FC24cCGtFCU6-NOCDwExXa5U_38s2_0C-XSZpK_pXjgIIYuy8YUzl5Pv5KsTfCsP2msxdYD-80_ci8ztQV7FpzFXHehkgSrTfSlO5hjnyHTyCLc-sOKdAyWg5C_fW4hOVQL28ltk-0U3qsFUY5RHpCQsb1zeoFeFfkSyOU",
      "dq": "2tyhsh2UBa8oaeQRm02kjrMbvAidRWoxwIhykt6xDKmSSAJLTuAcmPHgRVIqjUKHVmDZfaPMwUAmq3HMdJpKd3DtaaYGUnYqBAp7XbUUljqKxLzML8pTUBf13h3gAW5oHNJFe5F3d6FDjX5mnwBTvWxDj5mEy-pQ4N9HYlbyOYE",
      "qi": "rbxxLBMPxBVpoyNfpjYtXEuem0HHvemHiGklhCbJO_N3vRu8lEarlZ_IPLrRmq7he0cNHcd4j_yhge1-0RR0LzJ4l_Wg-B1Jc0fKJrSItp8pmjmaVHbp_ToYqVlJh_AfU5tru86zSCvVycV79BvkvLl6IusDAuRK8eD1h7dU59g",
      "kty": "RSA",
      "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
acr_value
urn:mace:incommon:iap:silver
2021-07-01 15:29:31
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
2021-07-01 15:29:31 SUCCESS
ValidateMTLSCertificates2Header
MTLS certificates header is valid
2021-07-01 15:29:31
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
2021-07-01 15:29:31 SUCCESS
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4MTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyWS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XBKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbTLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0aDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgnAWzRJlZD89KZAQgjj4Z215QeLxA=
key
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAECggEASlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F/T6qKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK+yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2CTrAbUUcD7q18FnxoYuCB9HTcmd82tgve+DIVstYlaqcL9PkCifcloblFB/GNbToEdiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv+kR5u3AWGGGtlhZ3dvU7+i0P7n4dKseQyyd9v/QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul/RYnlFGuiKUXSV/r/t/dEppsKM4moJ8n6qzsoZf6czR5NwQKBgQD+y6nJs9sNEuIBa2JjEZIYhVXjVRO9XkusqN3aoKyU48X+Jg4/XDJMU6NRaMEdappo8Jgykrg0h2cNS4JDkrw3PwVohaR1SSwNclg7cVlH50HO6WTIrA1lAT7VXBPsxiUiKHr3nNph22chHDRw3qhhbluF4Nh0TXdLNwsrdcYyoQKBgQDiumS2EnCOT5uvEpW4MjFRVeLBsCt1tAufVRcF2XngyfgLme0zLnQGh8ZqrHHpZmgZQBM3APnDtJ/UqzEIwg5suvrE1U2lScjvrpVpXr1ZiIV0Hc3wEGLcvgmZvWEtcjJfZYhNMdjbDlQo5jAPqkoJrkWV2oCubmyUkKma199DMwKBgAKZ16Dceib3A2GaVAXI3yHq8oaAjtQHC2S20JTzwO9AJ/xBLTIOYeEPlYI2PIptVSgvFI6nmsPGghHLrIe+DrfNp+N6QcSEu7NjcG0i6hNm0/Alx8aYowZd7eNFrlpjZ2ui2CaA7mXDVJks7YgdbcCY3MxQEEWXqNkWtcF60UwhAoGBAI6RWmbK7Y/vKxxJeW/bz/svIGle19Upo+1K2jFJcUQSfDD/V5JJcZfxpKjLSs3TIT5PdkWuDWAsohxekXTKYbupT6qZ3jtDTGC6zST29+Xm3NQJMcf05dWcgfj0hrjHCDnIZI71+0Czn+Qf6rTPBcNUnFkAjs4gjZJV7PB7Md7VAoGAZ/CBJI5NGWkGZjkLM4fqq8U2hFM9Y5IHsn9Y8vvst3+mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q+AWluiUxB+b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7/PeUpB63LmMjtyLdMlGAIorVbtD1xAn2WaYuEb5Q=
2021-07-01 15:29:31 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-07-01 15:29:31 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw",
      "d": "ttJDnX4Z7Q3DORORHU31H74wbmidC2_tzoEwBWkeUZ6cEediQKmy1v_kcGQ4cpRXXINmhuKdaNTqSzhZlk45w6MOJ2TOtBXgPVwPiYDvThWGFuvjfDeX3FAaxZrJ5a9Jn-w4Db3L2sQT-5NBvjViU5RG54Ze4PB_m_wOiUGXEfgonv64APPBkodIz_26lJ-r4447tcdMkDw4p6xTP-y33sPB4ZOhQ5ezE4FzQlpq0K98ysKLwo8wvhQ8stxqL46avBnflgDhTsb-1I54aU3ROjThU5tkeAkudzg4lFKdd4WmVneVMD-FJ2wrkjwztqHSBCP8G9IAXBdXRxRzdJIOAQ",
      "p": "_WOUrDYt1uay8XtnaNgutctzdI6XJaf5XrGv6wE_ZoVbqEKWTnBbVfqbwkWf58CeH32tt3hUjBFicG-XAlYI8TW5Lf6H78Fmt2y3fdowLzzWLwNDoLWo1_rOGxneL-vYM1MekZyUN-uDARdEeOL9yRPFKOZm7eWSUc_Sdlu9yuc",
      "q": "6XitRdF0tFu7O7S1rQZZjqhrza53f-Ox1vCYY_Hy4Tm_1fMc7GV0VCHoQwO3ZJPlPEE0JahnfpQkhHGj67GGO40lZYEXdBwNxtktp1zdmEokbsWmacz57SVPg4pzgS9kketf-wdUbT5VgBmNWS9MPt7rKiyFbmuPcHU99fWEsaE",
      "dp": "e_5s1FC24cCGtFCU6-NOCDwExXa5U_38s2_0C-XSZpK_pXjgIIYuy8YUzl5Pv5KsTfCsP2msxdYD-80_ci8ztQV7FpzFXHehkgSrTfSlO5hjnyHTyCLc-sOKdAyWg5C_fW4hOVQL28ltk-0U3qsFUY5RHpCQsb1zeoFeFfkSyOU",
      "dq": "2tyhsh2UBa8oaeQRm02kjrMbvAidRWoxwIhykt6xDKmSSAJLTuAcmPHgRVIqjUKHVmDZfaPMwUAmq3HMdJpKd3DtaaYGUnYqBAp7XbUUljqKxLzML8pTUBf13h3gAW5oHNJFe5F3d6FDjX5mnwBTvWxDj5mEy-pQ4N9HYlbyOYE",
      "qi": "rbxxLBMPxBVpoyNfpjYtXEuem0HHvemHiGklhCbJO_N3vRu8lEarlZ_IPLrRmq7he0cNHcd4j_yhge1-0RR0LzJ4l_Wg-B1Jc0fKJrSItp8pmjmaVHbp_ToYqVlJh_AfU5tru86zSCvVycV79BvkvLl6IusDAuRK8eD1h7dU59g",
      "kty": "RSA",
      "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
      "alg": "PS256",
      "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw"
    }
  ]
}
2021-07-01 15:29:31 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-07-01 15:29:31 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-07-01 15:29:31 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "ES256",
  "PS256"
]
2021-07-01 15:29:31 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw",
      "d": "ttJDnX4Z7Q3DORORHU31H74wbmidC2_tzoEwBWkeUZ6cEediQKmy1v_kcGQ4cpRXXINmhuKdaNTqSzhZlk45w6MOJ2TOtBXgPVwPiYDvThWGFuvjfDeX3FAaxZrJ5a9Jn-w4Db3L2sQT-5NBvjViU5RG54Ze4PB_m_wOiUGXEfgonv64APPBkodIz_26lJ-r4447tcdMkDw4p6xTP-y33sPB4ZOhQ5ezE4FzQlpq0K98ysKLwo8wvhQ8stxqL46avBnflgDhTsb-1I54aU3ROjThU5tkeAkudzg4lFKdd4WmVneVMD-FJ2wrkjwztqHSBCP8G9IAXBdXRxRzdJIOAQ",
      "p": "_WOUrDYt1uay8XtnaNgutctzdI6XJaf5XrGv6wE_ZoVbqEKWTnBbVfqbwkWf58CeH32tt3hUjBFicG-XAlYI8TW5Lf6H78Fmt2y3fdowLzzWLwNDoLWo1_rOGxneL-vYM1MekZyUN-uDARdEeOL9yRPFKOZm7eWSUc_Sdlu9yuc",
      "q": "6XitRdF0tFu7O7S1rQZZjqhrza53f-Ox1vCYY_Hy4Tm_1fMc7GV0VCHoQwO3ZJPlPEE0JahnfpQkhHGj67GGO40lZYEXdBwNxtktp1zdmEokbsWmacz57SVPg4pzgS9kketf-wdUbT5VgBmNWS9MPt7rKiyFbmuPcHU99fWEsaE",
      "dp": "e_5s1FC24cCGtFCU6-NOCDwExXa5U_38s2_0C-XSZpK_pXjgIIYuy8YUzl5Pv5KsTfCsP2msxdYD-80_ci8ztQV7FpzFXHehkgSrTfSlO5hjnyHTyCLc-sOKdAyWg5C_fW4hOVQL28ltk-0U3qsFUY5RHpCQsb1zeoFeFfkSyOU",
      "dq": "2tyhsh2UBa8oaeQRm02kjrMbvAidRWoxwIhykt6xDKmSSAJLTuAcmPHgRVIqjUKHVmDZfaPMwUAmq3HMdJpKd3DtaaYGUnYqBAp7XbUUljqKxLzML8pTUBf13h3gAW5oHNJFe5F3d6FDjX5mnwBTvWxDj5mEy-pQ4N9HYlbyOYE",
      "qi": "rbxxLBMPxBVpoyNfpjYtXEuem0HHvemHiGklhCbJO_N3vRu8lEarlZ_IPLrRmq7he0cNHcd4j_yhge1-0RR0LzJ4l_Wg-B1Jc0fKJrSItp8pmjmaVHbp_ToYqVlJh_AfU5tru86zSCvVycV79BvkvLl6IusDAuRK8eD1h7dU59g",
      "kty": "RSA",
      "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
2021-07-01 15:29:31 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2021-07-01 15:29:31 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://mtls.fapi.panva.cz/accounts
institution_id
xxxxx
2021-07-01 15:29:31 SUCCESS
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
protected_resource_url
https://mtls.fapi.panva.cz/accounts
2021-07-01 15:29:31 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
2021-07-01 15:29:31 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
accounts_request_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
2021-07-01 15:29:31
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
Setup Done
Make request to authorization endpoint
2021-07-01 15:29:31 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback
scope
openid offline_access
2021-07-01 15:29:31 SUCCESS
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
authorization_endpoint_request
{
  "client_id": "pkjwt-one",
  "redirect_uri": "https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback",
  "scope": "openid offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}
2021-07-01 15:29:31
CreateRandomStateValue
Created state value
requested_state_length
10
state
o7ChovwDEM
2021-07-01 15:29:31 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
o7ChovwDEM
2021-07-01 15:29:31
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
vBxLbuE7JM
2021-07-01 15:29:31 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
o7ChovwDEM
nonce
vBxLbuE7JM
2021-07-01 15:29:31 SUCCESS
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
o7ChovwDEM
nonce
vBxLbuE7JM
response_type
code
2021-07-01 15:29:31 SUCCESS
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
o7ChovwDEM
nonce
vBxLbuE7JM
response_type
code
response_mode
jwt
2021-07-01 15:29:31 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "client_id": "pkjwt-one",
  "redirect_uri": "https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback",
  "scope": "openid offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "o7ChovwDEM",
  "nonce": "vBxLbuE7JM",
  "response_type": "code",
  "response_mode": "jwt"
}
2021-07-01 15:29:31 SUCCESS
AddNbfToRequestObject
Added nbf to request object claims
nbf
1.625153371E9
2021-07-01 15:29:31 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.625153671E9
2021-07-01 15:29:31 SUCCESS
AddBadAudToRequestObject
Added bad aud to request object claims
aud
https://www.other1.example.com/
2021-07-01 15:29:31 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
pkjwt-one
2021-07-01 15:29:31 SUCCESS
AddClientIdToRequestObject
Added client_id to request object claims
client_id
pkjwt-one
2021-07-01 15:29:31 SUCCESS
SignRequestObject
Signed the request object
claims
{"aud":"https:\/\/www.other1.example.com\/","nbf":1625153371,"scope":"openid offline_access","claims":{"id_token":{"acr":{"value":"urn:mace:incommon:iap:silver","essential":true}}},"iss":"pkjwt-one","response_type":"code","redirect_uri":"https:\/\/www.certification.openid.net\/test\/a\/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm\/callback","state":"o7ChovwDEM","exp":1625153671,"nonce":"vBxLbuE7JM","client_id":"pkjwt-one","response_mode":"jwt"}
header
{"kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","alg":"PS256"}
request_object
eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvd3d3Lm90aGVyMS5leGFtcGxlLmNvbVwvIiwibmJmIjoxNjI1MTUzMzcxLCJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJwa2p3dC1vbmUiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9vaWRjLXByb3ZpZGVyLWJ5X3ZhbHVlLXByaXZhdGVfa2V5X2p3dC1wbGFpbl9mYXBpLWphcm1cL2NhbGxiYWNrIiwic3RhdGUiOiJvN0Nob3Z3REVNIiwiZXhwIjoxNjI1MTUzNjcxLCJub25jZSI6InZCeExidUU3Sk0iLCJjbGllbnRfaWQiOiJwa2p3dC1vbmUiLCJyZXNwb25zZV9tb2RlIjoiand0In0.S_9CVT2pG1z7yL3BPurSCdfnN6VYdVFPswZZJuPBxxnAw7eoZJUZ5zkjam0iI1q_Io6Jd5L9AxwiCNTUHz3TQwqZWxk3tJA84ixoFUT50wW-navzzWR2Zm15cLBXDCFEfBvhzSvU_lz-PghOKPcvdBHvL0T0R9J-qeZSE1ygvU7-ykG_EXrxVQ111tQs53xFCfqU8nYvwjXXe4VxAxn6Ud5QemD4W_25PD7Gy8cVljTV0fOiPKjhxUcbA7NO_kutVZDy8yCf9emSM3ys33jDuIaF7IvHV-1-vGI-7Na0oFVZJUVatxxqFH8wNyXbFXqlEuvrfC29TwnUr6893e5gDQ
key
{"p":"5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk","kty":"RSA","q":"xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc","d":"dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ","e":"AQAB","use":"sig","kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","qi":"nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE","dp":"tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk","alg":"PS256","dq":"FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80","n":"sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"}
2021-07-01 15:29:31 SUCCESS
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://fapi.panva.cz/auth?request=eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvd3d3Lm90aGVyMS5leGFtcGxlLmNvbVwvIiwibmJmIjoxNjI1MTUzMzcxLCJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJwa2p3dC1vbmUiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9vaWRjLXByb3ZpZGVyLWJ5X3ZhbHVlLXByaXZhdGVfa2V5X2p3dC1wbGFpbl9mYXBpLWphcm1cL2NhbGxiYWNrIiwic3RhdGUiOiJvN0Nob3Z3REVNIiwiZXhwIjoxNjI1MTUzNjcxLCJub25jZSI6InZCeExidUU3Sk0iLCJjbGllbnRfaWQiOiJwa2p3dC1vbmUiLCJyZXNwb25zZV9tb2RlIjoiand0In0.S_9CVT2pG1z7yL3BPurSCdfnN6VYdVFPswZZJuPBxxnAw7eoZJUZ5zkjam0iI1q_Io6Jd5L9AxwiCNTUHz3TQwqZWxk3tJA84ixoFUT50wW-navzzWR2Zm15cLBXDCFEfBvhzSvU_lz-PghOKPcvdBHvL0T0R9J-qeZSE1ygvU7-ykG_EXrxVQ111tQs53xFCfqU8nYvwjXXe4VxAxn6Ud5QemD4W_25PD7Gy8cVljTV0fOiPKjhxUcbA7NO_kutVZDy8yCf9emSM3ys33jDuIaF7IvHV-1-vGI-7Na0oFVZJUVatxxqFH8wNyXbFXqlEuvrfC29TwnUr6893e5gDQ&client_id=pkjwt-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback&scope=openid%20offline_access&response_type=code
2021-07-01 15:29:31 REDIRECT
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
Redirecting to authorization endpoint
redirect_to
https://fapi.panva.cz/auth?request=eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvd3d3Lm90aGVyMS5leGFtcGxlLmNvbVwvIiwibmJmIjoxNjI1MTUzMzcxLCJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJwa2p3dC1vbmUiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9vaWRjLXByb3ZpZGVyLWJ5X3ZhbHVlLXByaXZhdGVfa2V5X2p3dC1wbGFpbl9mYXBpLWphcm1cL2NhbGxiYWNrIiwic3RhdGUiOiJvN0Nob3Z3REVNIiwiZXhwIjoxNjI1MTUzNjcxLCJub25jZSI6InZCeExidUU3Sk0iLCJjbGllbnRfaWQiOiJwa2p3dC1vbmUiLCJyZXNwb25zZV9tb2RlIjoiand0In0.S_9CVT2pG1z7yL3BPurSCdfnN6VYdVFPswZZJuPBxxnAw7eoZJUZ5zkjam0iI1q_Io6Jd5L9AxwiCNTUHz3TQwqZWxk3tJA84ixoFUT50wW-navzzWR2Zm15cLBXDCFEfBvhzSvU_lz-PghOKPcvdBHvL0T0R9J-qeZSE1ygvU7-ykG_EXrxVQ111tQs53xFCfqU8nYvwjXXe4VxAxn6Ud5QemD4W_25PD7Gy8cVljTV0fOiPKjhxUcbA7NO_kutVZDy8yCf9emSM3ys33jDuIaF7IvHV-1-vGI-7Na0oFVZJUVatxxqFH8wNyXbFXqlEuvrfC29TwnUr6893e5gDQ&client_id=pkjwt-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback&scope=openid%20offline_access&response_type=code
2021-07-01 15:29:31 REVIEW
ExpectRequestObjectWithBadAudClaimErrorPage
If the server does not return an invalid_request_object error back to the client, it must show an error page saying the request object is invalid as it is using bad aud value in signed request object - upload a screenshot of the error page.
image_no_longer_required
true
2021-07-01 15:29:31
WebRunner
Scripted browser HTTP request
browser
goToUrl
request_method
GET
request_uri
https://fapi.panva.cz/auth?request=eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvd3d3Lm90aGVyMS5leGFtcGxlLmNvbVwvIiwibmJmIjoxNjI1MTUzMzcxLCJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJwa2p3dC1vbmUiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9vaWRjLXByb3ZpZGVyLWJ5X3ZhbHVlLXByaXZhdGVfa2V5X2p3dC1wbGFpbl9mYXBpLWphcm1cL2NhbGxiYWNrIiwic3RhdGUiOiJvN0Nob3Z3REVNIiwiZXhwIjoxNjI1MTUzNjcxLCJub25jZSI6InZCeExidUU3Sk0iLCJjbGllbnRfaWQiOiJwa2p3dC1vbmUiLCJyZXNwb25zZV9tb2RlIjoiand0In0.S_9CVT2pG1z7yL3BPurSCdfnN6VYdVFPswZZJuPBxxnAw7eoZJUZ5zkjam0iI1q_Io6Jd5L9AxwiCNTUHz3TQwqZWxk3tJA84ixoFUT50wW-navzzWR2Zm15cLBXDCFEfBvhzSvU_lz-PghOKPcvdBHvL0T0R9J-qeZSE1ygvU7-ykG_EXrxVQ111tQs53xFCfqU8nYvwjXXe4VxAxn6Ud5QemD4W_25PD7Gy8cVljTV0fOiPKjhxUcbA7NO_kutVZDy8yCf9emSM3ys33jDuIaF7IvHV-1-vGI-7Na0oFVZJUVatxxqFH8wNyXbFXqlEuvrfC29TwnUr6893e5gDQ&client_id=pkjwt-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback&scope=openid%20offline_access&response_type=code
2021-07-01 15:29:31 INCOMING
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
Incoming HTTP request to test instance remustubkQqQtvi
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "response": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug"
}
incoming_body
2021-07-01 15:29:31 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/yTAKRVfaXaIvC55m2h9P",
  "fullUrl": "https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/implicit/yTAKRVfaXaIvC55m2h9P"
}
2021-07-01 15:29:31 OUTGOING
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
Response to HTTP request to test instance remustubkQqQtvi
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/implicit/yTAKRVfaXaIvC55m2h9P, returnUrl=/log-detail.html?log=remustubkQqQtvi}]
outgoing_path
callback
2021-07-01 15:29:32 RESPONSE
WebRunner
Scripted browser HTTP response
response_content
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta charset="UTF-8">
    <title>OIDF Conformance: Processing Implicit Callback</title>

    <!-- Latest compiled and minified CSS -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">

    <!-- Optional theme -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=PT+Sans">
    <link rel="stylesheet" type="text/css" href="/css/layout.css">



</head>
<body>
    <div class="pageHeader container-fluid">
        <div class="row-fluid">
            <div class="col-md-8">
                <a href="index.html"><img src="/images/openid.png"></a>
            </div>
        </div>
    </div>
    <div class="clearfix"></div>

    <div class="container-fluid">
        <div class="row">
            <div class="col-xs-12 col-md-6 col-md-offset-3 center-block center-text">
                <h1 class="text-center">Please wait...</h1>
                <h2 class="text-center">Processing response from authorization server<sup><span class="glyphicon glyphicon-question-sign" data-toggle="tooltip" title="The server should have returned its results as part of a URI fragment. This data normally stays in the browser and needs to be explicitly sent to the test framework for further processing." data-placement="right"></span></sup></h2>
                <p id="complete" class="bg-info collapse">The response has been sent to the server for processing. You may return to <a href="">the test results page.</a></p>
            </div>
        </div>
    </div>
    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>

    <footer class="pageFooter">
        <span class="muted">OpenID Foundation conformance suite</span>
    </footer>

    <script type="text/javascript">
        var submitComplete = false;
        function assumeComplete() {
            if (submitComplete) {
                return;
            }
            console.log("assumeComplete workaround for https://gitlab.com/openid/conformance-suite/-/issues/766 activated - assuming post has completed as 5 seconds have elapsed")
            // add a hidden tag so that Selenium can detect we're done processing
            $('#complete').append('<span id="submission_complete" class="hidden"></span>');
        }

        $(function() {

            var hash = window.location.hash;

            var returnUrl = "\/log-detail.html?log=remustubkQqQtvi";

            // workaround https://gitlab.com/openid/conformance-suite/-/issues/766 by assuming that the post completes
            // after 5 seconds
            setTimeout(function(){ assumeComplete(); }, 5000);

            $.post({
                url: "https:\/\/www.certification.openid.net\/test\/a\/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm\/implicit\/yTAKRVfaXaIvC55m2h9P",
                data: hash,
                contentType: "text/plain", // this will be parsed on the server side, no need to wrap it
            }).always(function () {
                console.log("implicit submit complete")
                $('#complete a').attr('href', returnUrl); // provide the link only after the page is rendered.
                $('#complete').show();
                submitComplete = true;
                // add a hidden tag so that Selenium can detect we're done processing
                $('#complete').append('<span id="submission_complete" class="hidden"></span>');
            });


        });
    </script>


</body>
</html>
response_content_type
text/html
response_status_text
200-
response_status_code
200
2021-07-01 15:29:32
WebRunner
Skipping optional task due to URL mismatch
task
Login
browser
skip
match
https://fapi.panva.cz/interaction*
url
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback?response=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug
commands
[
  [
    "text",
    "name",
    "login",
    "foo",
    "optional"
  ],
  [
    "text",
    "name",
    "password",
    "bar",
    "optional"
  ],
  [
    "click",
    "class",
    "login-submit"
  ]
]
2021-07-01 15:29:32
WebRunner
Skipping optional task due to URL mismatch
task
Consent
browser
skip
match
https://fapi.panva.cz/interaction*
url
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback?response=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug
commands
[
  [
    "click",
    "class",
    "login-submit"
  ]
]
2021-07-01 15:29:32 INFO
WebRunner
Waiting
regexp
seconds
10
task
Verify Complete
browser
wait
action
element_type
id
url
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback?response=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug
target
submission_complete
2021-07-01 15:29:32 INCOMING
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
Incoming HTTP request to test instance remustubkQqQtvi
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36",
  "accept": "*/*",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback?response\u003deyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "cookie": "JSESSIONID\u003dB966C94A984C6F0BE6C8C81CB76DDC7E",
  "x-requested-with": "XMLHttpRequest",
  "content-type": "text/plain",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/yTAKRVfaXaIvC55m2h9P
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-07-01 15:29:32 OUTGOING
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
Response to HTTP request to test instance remustubkQqQtvi
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/yTAKRVfaXaIvC55m2h9P
2021-07-01 15:29:32 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2021-07-01 15:29:32 REDIRECT-IN
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
Authorization endpoint response captured
url_query
{
  "response": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug"
}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Verify authorization endpoint response
2021-07-01 15:29:32 SUCCESS
ExtractJARMFromURLQuery
Found and parsed the jarm_response from callback_query_params
value
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug
header
{
  "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
  "typ": "JWT",
  "alg": "PS256"
}
claims
{
  "aud": "pkjwt-one",
  "error_description": "Request Object claims are invalid",
  "iss": "https://fapi.panva.cz",
  "state": "o7ChovwDEM",
  "error": "invalid_request_object",
  "exp": 1625153491
}
2021-07-01 15:29:32 SUCCESS
RejectNonJarmResponsesInUrlQuery
Authorization endpoint response only includes the JARM JWT.
2021-07-01 15:29:32 SUCCESS
ExtractAuthorizationEndpointResponseFromJARMResponse
Extracted the authorization response
error_description
Request Object claims are invalid
state
o7ChovwDEM
error
invalid_request_object
2021-07-01 15:29:32 SUCCESS
ValidateJARMResponse
JARM response standard JWT claims are valid
2021-07-01 15:29:32 SUCCESS
ValidateJARMExpRecommendations
JARM response 'exp' is less than 10 minutes
now
"Jul 1, 2021, 3:29:32 PM"
expiration
"Jul 1, 2021, 3:31:31 PM"
2021-07-01 15:29:32 SUCCESS
ValidateJARMSignatureUsingKid
jarm_response signature validated
jarm_response
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug
2021-07-01 15:29:32 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2021-07-01 15:29:32 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
o7ChovwDEM
2021-07-01 15:29:32 SUCCESS
EnsureErrorFromAuthorizationEndpointResponse
Authorization endpoint returned an error
error_description
Request Object claims are invalid
state
o7ChovwDEM
error
invalid_request_object
2021-07-01 15:29:32 SUCCESS
CheckForUnexpectedParametersInErrorResponseFromAuthorizationEndpoint
error response includes only expected parameters
error_description
Request Object claims are invalid
state
o7ChovwDEM
error
invalid_request_object
2021-07-01 15:29:32 SUCCESS
EnsureInvalidRequestObjectError
Authorization endpoint returned expected 'error' of 'invalid_request_object'
error
invalid_request_object
2021-07-01 15:29:32 INFO
WebRunner
Completed processing of webpage
task
Verify Complete
browser
complete
response_status_text
200-
match
https://*/test/a/*/callback*
url
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-jarm/callback?response=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJlcnJvciI6ImludmFsaWRfcmVxdWVzdF9vYmplY3QiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IlJlcXVlc3QgT2JqZWN0IGNsYWltcyBhcmUgaW52YWxpZCIsInN0YXRlIjoibzdDaG92d0RFTSIsImF1ZCI6InBrand0LW9uZSIsImV4cCI6MTYyNTE1MzQ5MSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.JqEPQrcGZmpbLjPQ-TuOi9ALrwoOYQ7UxZWRKTYMMDlKLwAtaaeoeBxlIaRBhNBOVFYi0Cx4H73deSrmqvb-P6w7do4EpfKm4q2zRl8SIoXUB3ITGmBB7-a6B-32sN2MjFVsDeZaHpvGUcDwJk-NPegE8AGOUh4XZL2tnI2V5eq14GsbfP-ebfC8TdEPXezc0xpkj69stAwC-GsxfWFRg1sWucJcdPaPAAstLD0vXFE01U5EBluq3gQARtozuEkngMQskNIMiT_UAVj8o-uSqPl64JdrcDYeEIB5Oe5w4fTmbTrlN93En7-qc8fpXfU8p2R2B-Wv5zA0uB6YMoiSug
response_status_code
200
2021-07-01 15:29:32 FINISHED
fapi1-advanced-final-ensure-request-object-with-bad-aud-fails
Test has run to completion
testmodule_result
PASSED
2021-07-01 15:29:33
TEST-RUNNER
Alias has now been claimed by another test
alias
oidc-provider-by_value-private_key_jwt-plain_fapi-jarm
new_test_id
3azFuYMOiVecdLV
Test Results