Test detail

Test Name	fapi-rw-id2-ensure-mtls-holder-of-key-required
Variant	client_auth_type=mtls, fapi_auth_request_method=pushed, fapi_profile=plain_fapi, fapi_response_mode=plain_response
Test ID	ttMMpSkHmxqZZUv https://www.certification.openid.net/log-detail.html?public=true&log=ttMMpSkHmxqZZUv
Created	2021-06-15T16:10:38.906622Z
Description	fapi-mtls-par
Test Version	4.1.13
Test Owner	109339807647777393961 https://accounts.google.com
Plan ID	uKAD4JxFp1hHg https://www.certification.openid.net/plan-detail.html?public=true&plan=uKAD4JxFp1hHg
Exported From	https://www.certification.openid.net
Exported By	109339807647777393961 https://accounts.google.com
Suite Version	4.1.13
Exported	2021-06-15 19:22:06 (UTC)

2021-06-15 16:10:38

(7) More

INFO

TEST-RUNNER

Test instance ttMMpSkHmxqZZUv created

baseUrl	https://www.certification.openid.net/test/a/pi
variant	{ "client_auth_type": "mtls", "fapi_auth_request_method": "pushed", "fapi_profile": "plain_fapi", "fapi_response_mode": "plain_response" }
alias	pi
description	fapi-mtls-par
planId	uKAD4JxFp1hHg
config	{ "alias": "pi", "description": "fapi-mtls-par", "server": { "discoveryUrl": "https://par-what-is-it-good-for.ping-eng.com:9032/.well-known/openid-configuration" }, "client": { "client_id": "c__fapi-mtls-par1", "scope": "openid other", "hint_type": "login_hint", "hint_value": "cheba-hut@ping-eng.com", "jwks": { "keys": [ { "kty": "RSA", "kid": "NjSdpg", "use": "sig", "alg": "PS256", "n": "pAHkPUm8SY4OdllzAU3NlWN1lOufCQ1mRkkrEfkXtiVcekY5yOM54PIxWtRtSkaJvv8RynyoQA-P_WiPRkjpUcHAFEhk3xi-nrihUhsfOlU7fFxfZqCcS36rUG9WGPKjWBsBiE3qOWb_NqVkzdzGu5Q-mhizoDTxpe77v6eg4c_meLs_Mu-Qa3V_IOZ-_lvDdKmUeKzNgs0vm0KbiaiAW9jY0Gg7Wzb44CdGeSJASe41KRP1dM-yByVESLm2IAk-KnGaKzfa-mZcrdrW-I15CGWNh2tYe_e4aNX85cEA1qj5OdAp9abr5v09sHERCkVg4X9fzdircHDAHi7EQpqhWQ", "e": "AQAB", "d": "L2rslluvOIT94XHTMllQSxTKdhf5jyB0pXWaIkQmet8qcZ_ELTSlE0hyxJQOVR83zCTq--Q2sO7O7rFAW03RR3YBFtwnbek1k6ZF3ftBeBgUbsw2OPHOvnUNCuBlwCjG2T5VnxcH1TjWKPKAxpRCURF3WA40QOmNxC_oUW0hsqd2lyf2Qa-OmllDFyOUuaIjSx5AZ36j4GWuCs_khvhGmQIcFG9ASn_8_yQqzBnQ7wCQ_SFgINvUP6cY5PRdAi_TjEYjckBmX8SqYZgQmVgtxxxDn11jayWnTa8Lu13ubJBQdhGOrU85Mg4x3eMKXGVVkSvjbaZFSStmBEdwimao0Q", "p": "1xM-aLtcc_MAfwfqu1MPR_vcWWlUsAdAgpj3K1HhpXpR_DI4V-sMbX8_x0iKWCjoZDVGW5JjNK3ho6V0h5Oi995ZJ2MgB8uA0BtceCV2jOL-lVJYaZwoESl_3KwfidiU3oe3oWoEJeOrWc0CY76mVv93mKuDzj2vsAPYzexuR3c", "q": "wzcH0PyMkXJ1yqTdH73L9NWuG8y499PxN1n60M60_-_WqwbExB-xYzySaFN_JCjI2zKRmMX_eH3p9p5xhjmmISspJr0EMvHJlHxpQ59AjBFg_On-vNLTkLh34ibNKT7Wsq95ec6ff0D9o4XDoO1f_5S60CNxhWLzcQ9KmitGMa8", "dp": "hDfHWRk9l-ZeermCO1Cvh0A1UR4ouuJqbR7ebFo1Dsao2hKBgsLz6-iba8aTjejwHJKHw0m2BS-UFEdl4OcI-7pMMqOEkGYxtT3s1cuqGqh9e4yY36vpEcviV-XUqahktHzYjbmf_S7-KwGWI32Tws3gVxGxwLs5Y0qqIMXlcbc", "dq": "JZRKZOi5BqbKFiB2kM2wnYkk4yUd1lducAFaTyf7n-lDodjDuB2BwGDArmSkbQmM4OVzMb2r2D4k89y8beJbILd2TIbGcCgrbfIlMWdOvaf6y7Uf3KmZIJriOR7PD8mQ-wTclZ45Bf401W3CoxAPEtxGuhqYl9zckD8pVVRPRvE", "qi": "0ULXUQ6d4nnxE4_9V2mCqkqMM-q0isgDzac57c3p6lia-Om1wZzZt6lMxYQfOmYPtm5KD9Pvx3LIraF4U0M-Mc3MtMxPvizG3HGkiqrzN3aZIOFYzm0Jb0IdBST_U4QZGBGwXOUCEymkhthuHT9UtH5vfG5pq2ahEM-Wc2uBHUs" } ] } }, "mtls": { "cert": "-----BEGIN CERTIFICATE-----\nMIICsjCCAlegAwIBAgIBDTAKBggqhkjOPQQDAjA6MRswGQYDVQQKDBJMZXQncyBB\ndXRoZW50aWNhdGUxGzAZBgNVBAMMEkxBIEludGVybWVkaWF0ZSBDQTAeFw0yMTA2\nMTQxNzM1NDBaFw0yMjA2MjQxNzM1NDBaMEsxCzAJBgNVBAYTAlVTMQswCQYDVQQI\nDAJDTzEPMA0GA1UEBwwGRGVudmVyMR4wHAYDVQQDDBV1bmNvbW1vbiB0ZXN0IGNs\naWVudCAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiTHom8Sxa0cjg\nUSNnXGnZx/gm+93ip+7HQQPM4zHSK/LQeZSbCdiADTT0pDv0hzW4udhwSNBKVPcP\n+ermuzAliIn5MVSEZgfe9i7qWpdnLARsX+FS0VRQzEDp7uhS2NvGnnLQhgHfcc8C\n+A4nK/MWEJFGGE/Y7AmRKRZHjq9sUs6N+ExiDnARxCrzj/SFRY3NMXIVC9J5HaCp\nx2ld6YfPP0Hi/HZq5PsvN3hYYxvaRAgY9VUQSttz/d0JJu+aIjEuirpxVLp2BANJ\nvUv1J9hTpVQGbOYaZBGaxWJefOLcHWKsi1HYK69mMEWrKOxBoMxAk50SgxIsvk7V\nw/kPQJDVAgMBAAGjcjBwMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUZt1oy2t/JWxG\nArogj3LdGWkhA9gwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMC\nMB0GA1UdEQEB/wQTMBGBD2JkY0BleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBG\nAiEAi//EFm4lAJSDTFvhl9gWOjS/sk74D0AcJDw37M9QDVUCIQCLTLeFZhuNYEKN\ndElnrKUuAXiZGrMh9B1php83AQlk9A\u003d\u003d\n-----END CERTIFICATE-----", "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAokx6JvEsWtHI4FEjZ1xp2cf4Jvvd4qfux0EDzOMx0ivy0HmU\nmwnYgA009KQ79Ic1uLnYcEjQSlT3D/nq5rswJYiJ+TFUhGYH3vYu6lqXZywEbF/h\nUtFUUMxA6e7oUtjbxp5y0IYB33HPAvgOJyvzFhCRRhhP2OwJkSkWR46vbFLOjfhM\nYg5wEcQq84/0hUWNzTFyFQvSeR2gqcdpXemHzz9B4vx2auT7Lzd4WGMb2kQIGPVV\nEErbc/3dCSbvmiIxLoq6cVS6dgQDSb1L9SfYU6VUBmzmGmQRmsViXnzi3B1irItR\n2CuvZjBFqyjsQaDMQJOdEoMSLL5O1cP5D0CQ1QIDAQABAoIBAQCftz8mf4Q0w+o4\nxeBfYVRRmzabtpT+7mBO+a4xvQtUVyeW/W6+vAuwyE5qygyucTju1wUmSqGf5MlV\nkY4XDfMtnJabAm639GiehApbWldQksKvnBNzmsis0rS3AgLjNMHjTh6TEq1ZJPih\nZVcYOWn5NsigAGDjijVIAvUH6mS75ZfEfBvIvgrBKkdhvXzLc5Hof8t7RVusPl1f\nPIiYy1r3RfhuSDWQLNysyXeCA3a5FEdMq0N+ZPiNejNsFIzO75QmJyXmVe38BERN\nVD0wMAlnHyYQKn5EPmWhhxncQkhzuyK8MqqNkH/ho6Rg5swlzJLXMYVKecjca9XY\nGZGAnsOpAoGBANfN36Ptfh6kxLX7ULHUbo1E7gYY27+FS9GAkuw8jFSxU/+3zTrl\ns3Quw7q+LGCVZo6MBJPvWY9KKpYm8WtlOzL6yp47Ni2+yutjvevlBSuw/tSEKJft\nDJlwrzpXf8I4TMcwK492xw3Z/kEB5+LcACjDaAZ9uQFYjvs7X2OT6OFXAoGBAMCH\nUa5JcwCa0vNES+/AT5wVVe1TlPSgyc763fkm14tWYB4eMbfKobziHiDWp8aorsMJ\nGY8NdYdwps775hwbtAm24IooJdoeVIU3XACRAgANBOaSc6BbGQw2xQyBnBb0YPB/\nD0oXjQR8xbfT+cAxD/X3G4zRDELt51A4sYD3p2ezAoGBAKk3gH6tEjD7KFg+WVcn\n6QwTGcVkJqO15O7BL/PXwn4Ckog42s+tIBshNE8xIeEWJVXvSwOpMgPetygIH1QE\nC/h8mPacHW6fZcRP8LORYI2S+y8u9hmzQibrKivIQqDLvsCN8ApNq+YbonfdA7Rq\nqCFOoDo+yRvaEjvDoZeWeox/AoGAJQAcl4UwH9ahYfUnLt1jr1h+WgztHJJmFmwq\nCr8HP5ULBd7BqVO8/6LpLWBzf/9dDsiJ6+8nPi9NL4xDrfU5BYDq6EJM+/1GOw/n\nk4hKvR3DaliM9i1rw+gmuH+UMukmVDHnC1M5W7pq+Sg44FHNgnTKC6cFVzuHb+hl\nXKa7uncCgYAby+y2VVsqd16KcURYSBx02wuVNcgL6dSjZ855cBGLgg8jiTScfRYk\nZf3t3HoxC2tFv0eE8+tbcXh9SnuhQOyq7poeYhSKzarOLpk/w9f5hpQD7JVLcm+Q\n+EAPeU8ELXYaPlE3NkwLP9QoEXD5IyjIASih2u8XJMk097IrS9M/rg\u003d\u003d\n-----END RSA PRIVATE KEY-----", "ca": "-----BEGIN CERTIFICATE-----\nMIIB5jCCAYugAwIBAgIBFjAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJVUzEbMBkG\nA1UECgwSTGV0J3MgQXV0aGVudGljYXRlMSowKAYDVQQDDCFMZXQncyBBdXRoZW50\naWNhdGUgUm9vdCBBdXRob3JpdHkwHhcNMjAwMTE0MjEzMjMwWhcNMzAwMTExMjEz\nMjMwWjA6MRswGQYDVQQKDBJMZXQncyBBdXRoZW50aWNhdGUxGzAZBgNVBAMMEkxB\nIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJf+aA54\nRC5pyLAR5yfXVYmNpgd+CGUTDp2KOGhc0gK91zxhHesEYkdXkpS2UN8Kati+yHtW\nCV3kkhCngGyv7RqjZjBkMB0GA1UdDgQWBBRm3WjLa38lbEYCuiCPct0ZaSED2DAf\nBgNVHSMEGDAWgBTEA2Q6eecKu9g9yb5glbkhhVINGDASBgNVHRMBAf8ECDAGAQH/\nAgEAMA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEA5pLvaFwRRkxo\nmIAtDIwg9D7gC1xzxBl4r28EzmSO1pcCIQCJUShpSXO9HDIQMUgH69fNDEMHXD3R\nRX5gP7kuu2KGMg\u003d\u003d\n-----END CERTIFICATE-----" }, "resource": { "resourceUrl": "https://par-what-is-it-good-for.ping-eng.com:3000/get" }, "client2": { "client_id": "c__fapi-mtls-par2", "scope": "openid", "jwks": { "keys": [ { "kty": "RSA", "kid": "LG7PuQ", "use": "sig", "alg": "PS256", "n": "hfCAETIrxp4a_4ObLtexDJFx5E6MSoJ6adImX9goGGQ8SjBb-syIlkCRvYvH7fSTR7IJ_a3kSOLKFa1v9GYftjIh8JdeV4aI6igbu7D7qsiMe8FUSqoKfMLlOtuOBULU2mqkMJ8LmXh6NwR2ZkznDRoTE1N-drB4RQc5FeEqpO2OYZMUAkH3fR01SY9NGPdKFjWnweGA2FDzfmL6kju79qlofn1CWtXoUTSv9S8jGzw258WruTqsFjbL4LeccEsQMhg1eBjLlnDQEVHqPbI6mUdvA5HwUlQQLli1_5Za8ONoBW9FwFOsZgLIAdB8JNgfzVE1ignKMALdzHnU4z641w", "e": "AQAB", "d": "GVDKs_VaptDNY4wZcbIc6bY346IhDBg7UPMCg80UTv_rEU6wo-eyzUtpAH2CDWzTxZJWJxeN9WTAM3azmWsQBVzWY2YI09w-1ps8Gq6p8q6zNtTkvLQFBW3E6-oBnubx2lKbtADrrVdDKlDynAVfCm_qORXn6kESimGCHauQZtmlMe43xLRrsjVLWztoyVYaYCjepvQ9Lsbirq_vFlu9AqYUqHSoKP9pHCsKVNFONictRHD5aQQZT1WocLj9XAwSs9SxtGMVP9XEo4qldkvMMakIe3kvEQsChfjkDoQrO6f1ti7tAP3AV3qLcxO0WSdr0YOSPe1T4SraMDIH1Pb_qQ", "p": "0ShCrAFdoYwMZodMjmyFH6U9hUCcmHmU9hSg1EzbEopRf9uJuxJejnOMw98un4pEFkTfEtkDzodyBd7gp_4Ao_sPCwC8rmThGE4J9BLDWIg8evcziH3TemKrPwAdxsIsCOraLjK5FpGuMSwSVHmciBBIKovgcOe3nNCPfc3ELoM", "q": "o--7TSNhhu4B1UyhRkYgdIF6HMNidVvcOHzcyy-uVz5ww7wzG4iK0SSPi7LkMyRl-9DhJOoaa9G1i_I6Mf3S_onBxYccwc57-KEsyN4BfmbTewiX-OLID1u3giECNFVWrznmbsofEswGU0215m03Zd7mc6OrnaNWPcJP-qQqfB0", "dp": "faGGMpT7bZ6WkDsyo9XRPInfYxvFM9zLuef4Fq03ZXKJs5flqeVFwKDta3WyJohBj3K83zBVFgfLWHVgUefC8LxLc9t0efgEMLonRmDCz3m9gkrbvF9_2GJN5CCowgs9sfmHJfq3rDPDAqwrMmx9tki5YDz2ijrU0i-AERu4fAs", "dq": "bNKGkv4Zj2gO73ie1fdXM_9-__jzMtR3q0e3iWltYZyhXk1f37cT7yFF6IYn1Ysj57UQv2BniYr76Joy51yG41CuwGCgRka7JKBZCj3U4AOB_voFZ8Gi7A8GEeu3euXrVQYqYQDq_59P05ySUxPM4mLEt56-HTZ_2R9T2B2B1kE", "qi": "RtUzv_tHGTpn2kyMQqo63soTlkV1yk0Ww3efYizZKvKsB3HDWm4D5xlBYXo9odTzLGu5yHMDcPJ4GntfFErjUMWWCxKf5xi6pMk1dH8FEm9rfxn0z3i83iaLRcdf_tVNHwJjuBBF0Q4tjpu8XolWHcrsgvkaHigPcpYMCe9xiJ0" } ] } }, "mtls2": { "cert": "-----BEGIN CERTIFICATE-----\nMIICsjCCAlegAwIBAgIBDzAKBggqhkjOPQQDAjA6MRswGQYDVQQKDBJMZXQncyBB\ndXRoZW50aWNhdGUxGzAZBgNVBAMMEkxBIEludGVybWVkaWF0ZSBDQTAeFw0yMTA2\nMTQxODAzMjdaFw0yMjA2MjQxODAzMjdaMEsxCzAJBgNVBAYTAkNBMQswCQYDVQQI\nDAJCQzESMBAGA1UEBwwJVmFuY291dmVyMRswGQYDVQQDDBJ0aGUgbmFtZSBnb2Vz\nIGhlcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6BzxrtSWajtOb\n8HgO9l8XN+Ho2s4LWuT6tB9mpmG6v9YnoqpUq1Y4H7taIdiboRezt9i9wS93dPKp\nJhwanuiIrMCi7n5s973DwB4Ff7uFyKPUBT2L2J4367wnI+w1I0SjzLTIkK9rmrwa\nbMpzc0xn/dERfiKJul5zzr3UOFXZ9YAlAxdqvFH5NzuAr4KaWOLwaHxvQMbr8d7d\nYWdOEZTWTAmkD+ATf9ZsqKLrE6wr0hgEjnrJNqdWXS9jaekBNTMyy/+sUfGKpsHH\nrxFeFgxficK5BZ1dMQNFXNV8Fuo83OmvsD/w4GkhsrrimOJcYj+gVAbaEcjJqoKq\nnu3G0/FZAgMBAAGjcjBwMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUZt1oy2t/JWxG\nArogj3LdGWkhA9gwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMC\nMB0GA1UdEQEB/wQTMBGBD2JkY0BleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBG\nAiEA6tI9+IS2SInpF7NWfhWVVaETmBeVD9YTXMVWEVp6EVYCIQD0vGsjcpoOPw2f\nJLjx36xJmOBNKZqeMU3LMya7P9vl7A\u003d\u003d\n-----END CERTIFICATE-----", "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAugc8a7Ulmo7Tm/B4DvZfFzfh6NrOC1rk+rQfZqZhur/WJ6Kq\nVKtWOB+7WiHYm6EXs7fYvcEvd3TyqSYcGp7oiKzAou5+bPe9w8AeBX+7hcij1AU9\ni9ieN+u8JyPsNSNEo8y0yJCva5q8GmzKc3NMZ/3REX4iibpec8691DhV2fWAJQMX\narxR+Tc7gK+Cmlji8Gh8b0DG6/He3WFnThGU1kwJpA/gE3/WbKii6xOsK9IYBI56\nyTanVl0vY2npATUzMsv/rFHxiqbBx68RXhYMX4nCuQWdXTEDRVzVfBbqPNzpr7A/\n8OBpIbK64pjiXGI/oFQG2hHIyaqCqp7txtPxWQIDAQABAoIBAHuO3NHJQo2yudhE\nUunVN/mK83CfC+W83IOr6YNblWPdkRdIUovkNWMXqG/INT/BMqX6wWnfi3Bza81v\nc5E25MoKu/Q8JhqoPhFrZEVQvrOwPShQxr1BBm2sFI+Gq5frseZ9y8G/X9Q/tRp0\nEc+20BPuINPWjIggEiYnNixjspoN9MaFSAzPEkcMKVGq7UYdmuOSNxS1v8wyCECx\n3/XCXRjPtCSeA/eMtA6zfA9QatiybVTfbqN3QK3HXYcrtvIHwikB4+6CmoWSqt2F\nUsHyzAz4CwdG3QhAXboI8ryeZ5oLCkKwj4MB0vVa8Y9ARM+dM+f8uhQTKgGwif1e\nuKP9ytUCgYEA21Clfueat18qAF2A9NyAw3MbkJOrfiFFcfgMwsNAw0/dcJWBs0kD\n/toXhndTYGYXkLY6U+JImLdIp7vXRjPccQ1qx2PP4vuH8wVkfbWHJt+Q2T6Izvml\namPpuDlQg5atusj0x5ZWKjHfT24kVGA6l4mssDOzFhUK1V7BJaoBmxcCgYEA2SU1\nFskcNdzycLWvdnC1PG90poOCG92zNCT7PuCPjmuae7JDArbHK4R6c9jW1mJb/TWQ\njFiteDkQ1DBEQeHrsQuIKMK0AVNR4HpLF7rBzblNE7WC4S2r95OMz3G2JmysvmKO\nCAJEoAoJ5a/zK1RgtNl060p4R9EXUx2T3hSP3Q8CgYB+3rBeMWz3Fz4c5/pprAVx\nC22uvT4/wM+DlpMLOBiG4/Sd5F8bb+m3zEI/r1e0NFr9g+1KCWUlsyF8ptVp7yZe\n3/wdTEg+bnO+yifP8Os2Oa55fgt2cESYvyO9Rqqk9M2beBTiQL2nuyILuRObG+/J\nKgOUCtRWueWCeUYSm75CEQKBgEEdCyJeA/uS2ZA6qvbVLUOGGHCmFqnMfSQxwrVE\nGUgXtCdLeRSjQm4mN6Htb96xd+wh18p9/OaEFivKnW00FbztPFMcr2WGWpL5mPLw\nqZTK7/XtA+YKD/sZX6wE6R30kIg2fWihZXqoB/e8HyrrDmSsoIa9ufuvE1N1FxYN\nDGa5AoGBAJMEsPXmWfoGMukKnGhgQGy4UvKfzn1ruXGvVbMOrBpQzjaDPd7sMNrz\n8bHJERKhyoi5zJDbn0tVC9I9Z4VPUo2mwyfJvqNYrfBOb/lqe5QKFbx/dp5lA6DV\nIVIFUQH18LsQb1f3HdB4yJXvf5a0jJ0l3oizOnFQDlDbK9Xhla9i\n-----END RSA PRIVATE KEY-----", "ca": "-----BEGIN CERTIFICATE-----\nMIIB5jCCAYugAwIBAgIBFjAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJVUzEbMBkG\nA1UECgwSTGV0J3MgQXV0aGVudGljYXRlMSowKAYDVQQDDCFMZXQncyBBdXRoZW50\naWNhdGUgUm9vdCBBdXRob3JpdHkwHhcNMjAwMTE0MjEzMjMwWhcNMzAwMTExMjEz\nMjMwWjA6MRswGQYDVQQKDBJMZXQncyBBdXRoZW50aWNhdGUxGzAZBgNVBAMMEkxB\nIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJf+aA54\nRC5pyLAR5yfXVYmNpgd+CGUTDp2KOGhc0gK91zxhHesEYkdXkpS2UN8Kati+yHtW\nCV3kkhCngGyv7RqjZjBkMB0GA1UdDgQWBBRm3WjLa38lbEYCuiCPct0ZaSED2DAf\nBgNVHSMEGDAWgBTEA2Q6eecKu9g9yb5glbkhhVINGDASBgNVHRMBAf8ECDAGAQH/\nAgEAMA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEA5pLvaFwRRkxo\nmIAtDIwg9D7gC1xzxBl4r28EzmSO1pcCIQCJUShpSXO9HDIQMUgH69fNDEMHXD3R\nRX5gP7kuu2KGMg\u003d\u003d\n-----END CERTIFICATE-----" }, "automated_ciba_approval_url": "https://cheba-hut.ping-eng.com:9031/ext/fake/{action}/oob?v\u003d{auth_req_id}" }
testName	fapi-rw-id2-ensure-mtls-holder-of-key-required

2021-06-15 16:10:39

(1) More

SUCCESS

CreateRedirectUri

Created redirect URI

redirect_uri

https://www.certification.openid.net/test/a/pi/callback

2021-06-15 16:10:39

(4) More

GetDynamicServerConfiguration

HTTP request

request_uri	https://par-what-is-it-good-for.ping-eng.com:9032/.well-known/openid-configuration
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/cbor, application/+json, /*", "content-length": "0" }
request_body

2021-06-15 16:10:39

(4) More

RESPONSE

GetDynamicServerConfiguration

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "date": "Tue, 15 Jun 2021 16:10:39 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "origin", "cache-control": "no-cache, no-store", "pragma": "no-cache", "expires": "Thu, 01 Jan 1970 00:00:00 GMT", "content-type": "application/json;charset\u003dutf-8", "set-cookie": "PF\u003dKWOAUENR5TC5bJTk12Kpre;Path\u003d/;Secure;HttpOnly;SameSite\u003dNone", "content-length": "3666" }
response_body	{ "issuer": "https://par-what-is-it-good-for.ping-eng.com:9032", "authorization_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9031/as/authorization.oauth2", "token_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/token.oauth2", "revocation_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/revoke_token.oauth2", "userinfo_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/idp/userinfo.openid", "introspection_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/introspect.oauth2", "jwks_uri": "https://par-what-is-it-good-for.ping-eng.com:9032/pf/JWKS", "registration_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/clients.oauth2", "ping_revoked_sris_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/pf-ws/rest/sessionMgmt/revokedSris", "ping_session_management_sris_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/pf-ws/rest/sessionMgmt/sessions", "ping_end_session_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/idp/startSLO.ping", "device_authorization_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/device_authz.oauth2", "scopes_supported": [ "other", "openid" ], "claims_supported": [ "acr", "sub" ], "response_types_supported": [ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ], "response_modes_supported": [ "fragment", "query", "form_post" ], "grant_types_supported": [ "implicit", "authorization_code", "refresh_token", "password", "client_credentials", "urn:pingidentity.com:oauth2:grant_type:validate_bearer", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:openid:params:grant-type:ciba" ], "subject_types_supported": [ "public", "pairwise" ], "id_token_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "token_endpoint_auth_methods_supported": ["client_secret_basic","client_secret_post","private_key_jwt","tls_client_auth"], "token_endpoint_auth_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "claim_types_supported": [ "normal" ], "claims_parameter_supported": false, "request_parameter_supported": true, "request_uri_parameter_supported": false, "request_object_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "id_token_encryption_alg_values_supported": [ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP" ], "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "pushed_authorization_request_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/par.oauth2", "require_pushed_authorization_requests": false, "backchannel_authentication_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/bc-auth.ciba", "backchannel_token_delivery_modes_supported": [ "poll", "ping" ], "backchannel_authentication_request_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "backchannel_user_code_parameter_supported": false, "tls_client_certificate_bound_access_tokens": true, "code_challenge_methods_supported": [ "plain", "S256" ] }

2021-06-15 16:10:39

(1) More

GetDynamicServerConfiguration

Downloaded server configuration

server_config_string

{
  "issuer": "https://par-what-is-it-good-for.ping-eng.com:9032",
  "authorization_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9031/as/authorization.oauth2",
  "token_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/token.oauth2",
  "revocation_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/revoke_token.oauth2",
  "userinfo_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/idp/userinfo.openid",
  "introspection_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/introspect.oauth2",
  "jwks_uri": "https://par-what-is-it-good-for.ping-eng.com:9032/pf/JWKS",
  "registration_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/clients.oauth2",
  "ping_revoked_sris_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/pf-ws/rest/sessionMgmt/revokedSris",
  "ping_session_management_sris_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/pf-ws/rest/sessionMgmt/sessions",
  "ping_end_session_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/idp/startSLO.ping",
  "device_authorization_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/device_authz.oauth2",
  "scopes_supported": [ "other", "openid" ],
  "claims_supported": [ "acr", "sub" ],
  "response_types_supported": [ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ],
  "response_modes_supported": [ "fragment", "query", "form_post" ],
  "grant_types_supported": [ "implicit", "authorization_code", "refresh_token", "password", "client_credentials", "urn:pingidentity.com:oauth2:grant_type:validate_bearer", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:openid:params:grant-type:ciba" ],
  "subject_types_supported": [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "token_endpoint_auth_methods_supported": ["client_secret_basic","client_secret_post","private_key_jwt","tls_client_auth"],
  "token_endpoint_auth_signing_alg_values_supported":  [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "claim_types_supported": [ "normal" ],
  "claims_parameter_supported": false,
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false,
  "request_object_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "id_token_encryption_alg_values_supported": [ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP" ],
  "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ],
  "pushed_authorization_request_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/par.oauth2",
  "require_pushed_authorization_requests": false,
  "backchannel_authentication_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/bc-auth.ciba",
  "backchannel_token_delivery_modes_supported": [ "poll", "ping" ],
  "backchannel_authentication_request_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ],
  "backchannel_user_code_parameter_supported": false,
  "tls_client_certificate_bound_access_tokens": true,
  "code_challenge_methods_supported": [ "plain", "S256" ]
}

2021-06-15 16:10:39

(36) More

SUCCESS

GetDynamicServerConfiguration

Successfully parsed server configuration

issuer	https://par-what-is-it-good-for.ping-eng.com:9032
authorization_endpoint	https://par-what-is-it-good-for.ping-eng.com:9031/as/authorization.oauth2
token_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/as/token.oauth2
revocation_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/as/revoke_token.oauth2
userinfo_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/idp/userinfo.openid
introspection_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/as/introspect.oauth2
jwks_uri	https://par-what-is-it-good-for.ping-eng.com:9032/pf/JWKS
registration_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/as/clients.oauth2
ping_revoked_sris_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/pf-ws/rest/sessionMgmt/revokedSris
ping_session_management_sris_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/pf-ws/rest/sessionMgmt/sessions
ping_end_session_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/idp/startSLO.ping
device_authorization_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/as/device_authz.oauth2
scopes_supported	[ "other", "openid" ]
claims_supported	[ "acr", "sub" ]
response_types_supported	[ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ]
response_modes_supported	[ "fragment", "query", "form_post" ]
grant_types_supported	[ "implicit", "authorization_code", "refresh_token", "password", "client_credentials", "urn:pingidentity.com:oauth2:grant_type:validate_bearer", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:openid:params:grant-type:ciba" ]
subject_types_supported	[ "public", "pairwise" ]
id_token_signing_alg_values_supported	[ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
token_endpoint_auth_methods_supported	[ "client_secret_basic", "client_secret_post", "private_key_jwt", "tls_client_auth" ]
token_endpoint_auth_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
claim_types_supported	[ "normal" ]
claims_parameter_supported	false
request_parameter_supported	true
request_uri_parameter_supported	false
request_object_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
id_token_encryption_alg_values_supported	[ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP" ]
id_token_encryption_enc_values_supported	[ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ]
pushed_authorization_request_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/as/par.oauth2
require_pushed_authorization_requests	false
backchannel_authentication_endpoint	https://par-what-is-it-good-for.ping-eng.com:9032/as/bc-auth.ciba
backchannel_token_delivery_modes_supported	[ "poll", "ping" ]
backchannel_authentication_request_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
backchannel_user_code_parameter_supported	false
tls_client_certificate_bound_access_tokens	true
code_challenge_methods_supported	[ "plain", "S256" ]

2021-06-15 16:10:39

(1) More

INFO

RFC8705-5

AddMTLSEndpointAliasesToEnvironment

The mtls_endpoint_aliases is not present in the server configuration

server

{
  "issuer": "https://par-what-is-it-good-for.ping-eng.com:9032",
  "authorization_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9031/as/authorization.oauth2",
  "token_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/token.oauth2",
  "revocation_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/revoke_token.oauth2",
  "userinfo_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/idp/userinfo.openid",
  "introspection_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/introspect.oauth2",
  "jwks_uri": "https://par-what-is-it-good-for.ping-eng.com:9032/pf/JWKS",
  "registration_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/clients.oauth2",
  "ping_revoked_sris_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/pf-ws/rest/sessionMgmt/revokedSris",
  "ping_session_management_sris_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/pf-ws/rest/sessionMgmt/sessions",
  "ping_end_session_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/idp/startSLO.ping",
  "device_authorization_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/device_authz.oauth2",
  "scopes_supported": [
    "other",
    "openid"
  ],
  "claims_supported": [
    "acr",
    "sub"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token"
  ],
  "response_modes_supported": [
    "fragment",
    "query",
    "form_post"
  ],
  "grant_types_supported": [
    "implicit",
    "authorization_code",
    "refresh_token",
    "password",
    "client_credentials",
    "urn:pingidentity.com:oauth2:grant_type:validate_bearer",
    "urn:ietf:params:oauth:grant-type:jwt-bearer",
    "urn:ietf:params:oauth:grant-type:saml2-bearer",
    "urn:ietf:params:oauth:grant-type:device_code",
    "urn:ietf:params:oauth:grant-type:token-exchange",
    "urn:openid:params:grant-type:ciba"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "private_key_jwt",
    "tls_client_auth"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512"
  ],
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false,
  "request_object_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512"
  ],
  "id_token_encryption_alg_values_supported": [
    "dir",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "RSA-OAEP"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "pushed_authorization_request_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/par.oauth2",
  "require_pushed_authorization_requests": false,
  "backchannel_authentication_endpoint": "https://par-what-is-it-good-for.ping-eng.com:9032/as/bc-auth.ciba",
  "backchannel_token_delivery_modes_supported": [
    "poll",
    "ping"
  ],
  "backchannel_authentication_request_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512"
  ],
  "backchannel_user_code_parameter_supported": false,
  "tls_client_certificate_bound_access_tokens": true,
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ]
}

2021-06-15 16:10:39

(1) More

SUCCESS

CheckServerConfiguration

Found required server configuration keys

required

[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]

2021-06-15 16:10:39

(4) More

SUCCESS

ExtractTLSTestValuesFromServerConfiguration

Extracted TLS information from authorization server configuration

registration_endpoint	{ "testHost": "par-what-is-it-good-for.ping-eng.com", "testPort": 9032 }
authorization_endpoint	{ "testHost": "par-what-is-it-good-for.ping-eng.com", "testPort": 9031 }
token_endpoint	{ "testHost": "par-what-is-it-good-for.ping-eng.com", "testPort": 9032 }
userinfo_endpoint	{ "testHost": "par-what-is-it-good-for.ping-eng.com", "testPort": 9032 }

2021-06-15 16:10:39

(1) More

FetchServerKeys

Fetching server key

jwks_uri

https://par-what-is-it-good-for.ping-eng.com:9032/pf/JWKS

2021-06-15 16:10:39

(4) More

FetchServerKeys

HTTP request

request_uri	https://par-what-is-it-good-for.ping-eng.com:9032/pf/JWKS
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/cbor, application/+json, /*", "content-length": "0" }
request_body

2021-06-15 16:10:39

(4) More

RESPONSE

FetchServerKeys

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "date": "Tue, 15 Jun 2021 16:10:39 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "origin", "cache-control": "no-cache, no-store", "pragma": "no-cache", "expires": "Thu, 01 Jan 1970 00:00:00 GMT", "content-type": "application/json;charset\u003dutf-8", "set-cookie": "PF\u003dvLFQLZolnvzHuKxPkGeYPG;Path\u003d/;Secure;HttpOnly;SameSite\u003dNone", "transfer-encoding": "chunked" }
response_body	{"keys":[{"kty":"EC","kid":"5QadRhn8CbPcH87TPn44jtdjEb0","use":"sig","x":"NqD3pkyW21AvgCu7ZqBJh4K8SOuWcIWEEKfN_pU52jY","y":"gjZTZuUYqizpY-gjoVBfDRUiD6k_mv679L0KaDxlSPI","crv":"P-256"},{"kty":"RSA","kid":"E7i-dwTdrPHhrxA87ERbRd3SMTw","use":"sig","n":"gyhVGIOSmrrL_jUQl1GZAmOMs_OJiY69_vLlMYPia_yafsBNYvpX9CF2iboE3NRVC-1m8bZuiINxIgNEqEvqUQDOLmw6ymNP7apGZV19OQndmfi746w7ONh1n48zFZEH4YvG4WOLLOqK4JuHHBu_TZaFve1DoRhEj4tZquJEM67Yl7GVlv89MnwUxOmi8L7Q9Er1ZaZoemwaiNwif1q_suyBSQbNgZ9GZIen9FTtR0p72KBrTuxULkhCoMw7OcKoTwd02iRxgaoxdbiS3g3XHQbPvBCzZ3U84frc7oK664JZ1KFWSGjvpaVwwtojGE3efpoi5-5QPPJOI9r7PvCALw","e":"AQAB"},{"kty":"EC","kid":"NJ-xeJ1prPqxexh2SKij5J2P4uo","use":"sig","x":"H92ITt53QuWhi_qcEFk562XnIiX8BrRoMqMe74SoNTe7EuXNPUo2ttWqVjtrCOLQ","y":"r-UM637j132U7n4V4d9XMnOdvoMtzFki-OcNPcDeB-_fijjyfI8dRniVX6WfOP5-","crv":"P-384"},{"kty":"EC","kid":"_jjw9ffzGB6Z4kAQAO_NV0B7sEU","use":"sig","x":"AbdbAgstypbQKRDhxw9nsfr9_ioGD0w8sWMwN3vD2LsXGW9RaQUh5RgBQ1g-V0I8ZhDPDhjaRneIS2xQ5-uLP70E","y":"AR274LRg7ReUXW1SMQI3SU4wmKBdMoGUbTJq1gg4wAEQiwlNLbOBuEmiJGMcwYZgt1WiO2nmjwGNboSLmk6xab12","crv":"P-521"},{"kty":"EC","kid":"SN6UlUJWv_KKF_mHImCtTOmUD2M","use":"sig","x":"gYJHBD55iX9_exq0hGbhRXRVVqtFlgOsVwkn_A_h1AQ","y":"y3wzQIoknL1wvd3XKpHaeDLp44yJ12wiIbQfBcKji60","crv":"P-256"},{"kty":"RSA","kid":"ZH2y4AetHTynvUgDK_YxYbB5yLQ","use":"sig","n":"mutK9ALOPwBn0Ma6EMzgNq45icxxZtsozOGgJhRv87q7_oaccs5E6LvyIAEYTe4tylKXkb5U36sXb3fB_ljVLUo8TzEvYk8p1AnzrDq17edRsBrK7rA55d1K8kvDXksT9aAAyHxsTvtnpEIPIMy-9zDBsu89nqzBvGBC4qfvonrUK7KAXmq7PsrQykuBD1dNg9DNZL3gWLVaZMEbnioe_f9miaXcUHbR37TEjaOjezBSakjRXqRDIB9bE5JWQvpNfyJDnN_P8EPZK8fq6yn_5kGzMPf-r86bjbz4oR-_HO2o4h5lrov0Hwjic20oeFV7jIx2f2qMuBdPz-x0J3lcjQ","e":"AQAB"},{"kty":"EC","kid":"dsh6NHxZgjoeBgIu0XsECIIbtL8","use":"sig","x":"37_BpW5YpwgG4z7GQWIaW8jViBJ0fRGnDsKpSkyoaiTEjymlR9sBI5tZ9oYFg4pV","y":"jQbA_nqKFiBVfbxratx7YCQgqXr8Ew3GkYw_6vROZikjRPfAl70TLkzaHl2HZk-F","crv":"P-384"},{"kty":"EC","kid":"qrrYthgG0KN3BK0QKR5GVxPIKhA","use":"sig","x":"AJ2bpXuFGeOxaEBP4jU2Yb4etTEfY07rqI1PYQForVj_-lZ7eMDBqIsUJuPvYUulV-mUSDkzwuSRl8-qaQs_MLFS","y":"AKZbW_cNCVuHC-lqWMckKOo7NG1Jtfoph8aUzvyjpAY6KDr1yVxDEPdnhgdeXq17atWu79GHG5LX_f9kqiOF7kKj","crv":"P-521"},{"kty":"EC","kid":"5MwmNtztM_lf-V-GNg1yUkl07HA","use":"enc","x":"_mUAKV1wWPtzvi0dIRLR9TUhNhC-wb14LgS8GZcTOk0","y":"YjCcIQxF_JsLvbmIkak9wn6SR4E54Wqk4hawrmwDG4g","crv":"P-256"},{"kty":"RSA","kid":"KiKQ8Y4fuTo7Q8TIXWyZPHaPDCM","use":"enc","n":"r10ldw2__6mJGjPMpAv_aNYT95bnrWMGiyg6G_3UMYPLbaGF-Nq7SostX8klpLNAWAanJMpdvUSB6X2d5IkQsAvaaLvmDW-jwADA_gSq9ACzPXs_IkL7WvulYhhCmTHtwQwjzbmqS5dDeQ9fYB07l3rEEUskf96-9R6uH1eWeMjle4MWVF-Ex0Sw1EVrOTFf1wjOePJJ2Xop8ZsHaqT52BliNd5gXdlUkdpcj0OfF9wvvAkUdgEXK336VCMeIRpT-NWItmYpGihaTxJaxYKg98REnMmEZ6wGLiJecJWU6Cwxvxd_asPggkxA4DLNtH-35KuQ6ZvTKqabKuka72WHnw","e":"AQAB"},{"kty":"EC","kid":"tTz8_Iu7CET43WmjZANNqOkoSpg","use":"enc","x":"CDCpGMWM1jwborjr3hIFmAko4kgXVYo_CO06dKlxHhsycAIk3zdYf7r50m4nA1jQ","y":"pWm_4nhohNpvwtzqMzAxq8PFNaor9wNSdhbQTAVFp3FUtAZ5lXuy6cqpUrCLA1YL","crv":"P-384"},{"kty":"EC","kid":"yJTeSKJRk14clH6IWD7NKszzrbQ","use":"enc","x":"AbXvCDr46z-ZHwpVoVgVcWHBUfvXsJ7ktit3z-egproYs6GOvKhyd19XlS3RMSs4FnQLdEEqh6zsOOMYxkY3eWTI","y":"AZFW30tO1BFKv92Panabi-mkSY6mdCCbLcnJenpdX7r4lIGXVTvtXFf2wQDaxT-wlQy7SKHQ0xxg4Sc5Am8J0W5p","crv":"P-521"}]}

2021-06-15 16:10:39

(1) More

FetchServerKeys

Found JWK set string

jwk_string

{"keys":[{"kty":"EC","kid":"5QadRhn8CbPcH87TPn44jtdjEb0","use":"sig","x":"NqD3pkyW21AvgCu7ZqBJh4K8SOuWcIWEEKfN_pU52jY","y":"gjZTZuUYqizpY-gjoVBfDRUiD6k_mv679L0KaDxlSPI","crv":"P-256"},{"kty":"RSA","kid":"E7i-dwTdrPHhrxA87ERbRd3SMTw","use":"sig","n":"gyhVGIOSmrrL_jUQl1GZAmOMs_OJiY69_vLlMYPia_yafsBNYvpX9CF2iboE3NRVC-1m8bZuiINxIgNEqEvqUQDOLmw6ymNP7apGZV19OQndmfi746w7ONh1n48zFZEH4YvG4WOLLOqK4JuHHBu_TZaFve1DoRhEj4tZquJEM67Yl7GVlv89MnwUxOmi8L7Q9Er1ZaZoemwaiNwif1q_suyBSQbNgZ9GZIen9FTtR0p72KBrTuxULkhCoMw7OcKoTwd02iRxgaoxdbiS3g3XHQbPvBCzZ3U84frc7oK664JZ1KFWSGjvpaVwwtojGE3efpoi5-5QPPJOI9r7PvCALw","e":"AQAB"},{"kty":"EC","kid":"NJ-xeJ1prPqxexh2SKij5J2P4uo","use":"sig","x":"H92ITt53QuWhi_qcEFk562XnIiX8BrRoMqMe74SoNTe7EuXNPUo2ttWqVjtrCOLQ","y":"r-UM637j132U7n4V4d9XMnOdvoMtzFki-OcNPcDeB-_fijjyfI8dRniVX6WfOP5-","crv":"P-384"},{"kty":"EC","kid":"_jjw9ffzGB6Z4kAQAO_NV0B7sEU","use":"sig","x":"AbdbAgstypbQKRDhxw9nsfr9_ioGD0w8sWMwN3vD2LsXGW9RaQUh5RgBQ1g-V0I8ZhDPDhjaRneIS2xQ5-uLP70E","y":"AR274LRg7ReUXW1SMQI3SU4wmKBdMoGUbTJq1gg4wAEQiwlNLbOBuEmiJGMcwYZgt1WiO2nmjwGNboSLmk6xab12","crv":"P-521"},{"kty":"EC","kid":"SN6UlUJWv_KKF_mHImCtTOmUD2M","use":"sig","x":"gYJHBD55iX9_exq0hGbhRXRVVqtFlgOsVwkn_A_h1AQ","y":"y3wzQIoknL1wvd3XKpHaeDLp44yJ12wiIbQfBcKji60","crv":"P-256"},{"kty":"RSA","kid":"ZH2y4AetHTynvUgDK_YxYbB5yLQ","use":"sig","n":"mutK9ALOPwBn0Ma6EMzgNq45icxxZtsozOGgJhRv87q7_oaccs5E6LvyIAEYTe4tylKXkb5U36sXb3fB_ljVLUo8TzEvYk8p1AnzrDq17edRsBrK7rA55d1K8kvDXksT9aAAyHxsTvtnpEIPIMy-9zDBsu89nqzBvGBC4qfvonrUK7KAXmq7PsrQykuBD1dNg9DNZL3gWLVaZMEbnioe_f9miaXcUHbR37TEjaOjezBSakjRXqRDIB9bE5JWQvpNfyJDnN_P8EPZK8fq6yn_5kGzMPf-r86bjbz4oR-_HO2o4h5lrov0Hwjic20oeFV7jIx2f2qMuBdPz-x0J3lcjQ","e":"AQAB"},{"kty":"EC","kid":"dsh6NHxZgjoeBgIu0XsECIIbtL8","use":"sig","x":"37_BpW5YpwgG4z7GQWIaW8jViBJ0fRGnDsKpSkyoaiTEjymlR9sBI5tZ9oYFg4pV","y":"jQbA_nqKFiBVfbxratx7YCQgqXr8Ew3GkYw_6vROZikjRPfAl70TLkzaHl2HZk-F","crv":"P-384"},{"kty":"EC","kid":"qrrYthgG0KN3BK0QKR5GVxPIKhA","use":"sig","x":"AJ2bpXuFGeOxaEBP4jU2Yb4etTEfY07rqI1PYQForVj_-lZ7eMDBqIsUJuPvYUulV-mUSDkzwuSRl8-qaQs_MLFS","y":"AKZbW_cNCVuHC-lqWMckKOo7NG1Jtfoph8aUzvyjpAY6KDr1yVxDEPdnhgdeXq17atWu79GHG5LX_f9kqiOF7kKj","crv":"P-521"},{"kty":"EC","kid":"5MwmNtztM_lf-V-GNg1yUkl07HA","use":"enc","x":"_mUAKV1wWPtzvi0dIRLR9TUhNhC-wb14LgS8GZcTOk0","y":"YjCcIQxF_JsLvbmIkak9wn6SR4E54Wqk4hawrmwDG4g","crv":"P-256"},{"kty":"RSA","kid":"KiKQ8Y4fuTo7Q8TIXWyZPHaPDCM","use":"enc","n":"r10ldw2__6mJGjPMpAv_aNYT95bnrWMGiyg6G_3UMYPLbaGF-Nq7SostX8klpLNAWAanJMpdvUSB6X2d5IkQsAvaaLvmDW-jwADA_gSq9ACzPXs_IkL7WvulYhhCmTHtwQwjzbmqS5dDeQ9fYB07l3rEEUskf96-9R6uH1eWeMjle4MWVF-Ex0Sw1EVrOTFf1wjOePJJ2Xop8ZsHaqT52BliNd5gXdlUkdpcj0OfF9wvvAkUdgEXK336VCMeIRpT-NWItmYpGihaTxJaxYKg98REnMmEZ6wGLiJecJWU6Cwxvxd_asPggkxA4DLNtH-35KuQ6ZvTKqabKuka72WHnw","e":"AQAB"},{"kty":"EC","kid":"tTz8_Iu7CET43WmjZANNqOkoSpg","use":"enc","x":"CDCpGMWM1jwborjr3hIFmAko4kgXVYo_CO06dKlxHhsycAIk3zdYf7r50m4nA1jQ","y":"pWm_4nhohNpvwtzqMzAxq8PFNaor9wNSdhbQTAVFp3FUtAZ5lXuy6cqpUrCLA1YL","crv":"P-384"},{"kty":"EC","kid":"yJTeSKJRk14clH6IWD7NKszzrbQ","use":"enc","x":"AbXvCDr46z-ZHwpVoVgVcWHBUfvXsJ7ktit3z-egproYs6GOvKhyd19XlS3RMSs4FnQLdEEqh6zsOOMYxkY3eWTI","y":"AZFW30tO1BFKv92Panabi-mkSY6mdCCbLcnJenpdX7r4lIGXVTvtXFf2wQDaxT-wlQy7SKHQ0xxg4Sc5Am8J0W5p","crv":"P-521"}]}

2021-06-15 16:10:39

(1) More

SUCCESS

FetchServerKeys

Found server JWK set

server_jwks

{
  "keys": [
    {
      "kty": "EC",
      "kid": "5QadRhn8CbPcH87TPn44jtdjEb0",
      "use": "sig",
      "x": "NqD3pkyW21AvgCu7ZqBJh4K8SOuWcIWEEKfN_pU52jY",
      "y": "gjZTZuUYqizpY-gjoVBfDRUiD6k_mv679L0KaDxlSPI",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "E7i-dwTdrPHhrxA87ERbRd3SMTw",
      "use": "sig",
      "n": "gyhVGIOSmrrL_jUQl1GZAmOMs_OJiY69_vLlMYPia_yafsBNYvpX9CF2iboE3NRVC-1m8bZuiINxIgNEqEvqUQDOLmw6ymNP7apGZV19OQndmfi746w7ONh1n48zFZEH4YvG4WOLLOqK4JuHHBu_TZaFve1DoRhEj4tZquJEM67Yl7GVlv89MnwUxOmi8L7Q9Er1ZaZoemwaiNwif1q_suyBSQbNgZ9GZIen9FTtR0p72KBrTuxULkhCoMw7OcKoTwd02iRxgaoxdbiS3g3XHQbPvBCzZ3U84frc7oK664JZ1KFWSGjvpaVwwtojGE3efpoi5-5QPPJOI9r7PvCALw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "NJ-xeJ1prPqxexh2SKij5J2P4uo",
      "use": "sig",
      "x": "H92ITt53QuWhi_qcEFk562XnIiX8BrRoMqMe74SoNTe7EuXNPUo2ttWqVjtrCOLQ",
      "y": "r-UM637j132U7n4V4d9XMnOdvoMtzFki-OcNPcDeB-_fijjyfI8dRniVX6WfOP5-",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "_jjw9ffzGB6Z4kAQAO_NV0B7sEU",
      "use": "sig",
      "x": "AbdbAgstypbQKRDhxw9nsfr9_ioGD0w8sWMwN3vD2LsXGW9RaQUh5RgBQ1g-V0I8ZhDPDhjaRneIS2xQ5-uLP70E",
      "y": "AR274LRg7ReUXW1SMQI3SU4wmKBdMoGUbTJq1gg4wAEQiwlNLbOBuEmiJGMcwYZgt1WiO2nmjwGNboSLmk6xab12",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "SN6UlUJWv_KKF_mHImCtTOmUD2M",
      "use": "sig",
      "x": "gYJHBD55iX9_exq0hGbhRXRVVqtFlgOsVwkn_A_h1AQ",
      "y": "y3wzQIoknL1wvd3XKpHaeDLp44yJ12wiIbQfBcKji60",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "ZH2y4AetHTynvUgDK_YxYbB5yLQ",
      "use": "sig",
      "n": "mutK9ALOPwBn0Ma6EMzgNq45icxxZtsozOGgJhRv87q7_oaccs5E6LvyIAEYTe4tylKXkb5U36sXb3fB_ljVLUo8TzEvYk8p1AnzrDq17edRsBrK7rA55d1K8kvDXksT9aAAyHxsTvtnpEIPIMy-9zDBsu89nqzBvGBC4qfvonrUK7KAXmq7PsrQykuBD1dNg9DNZL3gWLVaZMEbnioe_f9miaXcUHbR37TEjaOjezBSakjRXqRDIB9bE5JWQvpNfyJDnN_P8EPZK8fq6yn_5kGzMPf-r86bjbz4oR-_HO2o4h5lrov0Hwjic20oeFV7jIx2f2qMuBdPz-x0J3lcjQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "dsh6NHxZgjoeBgIu0XsECIIbtL8",
      "use": "sig",
      "x": "37_BpW5YpwgG4z7GQWIaW8jViBJ0fRGnDsKpSkyoaiTEjymlR9sBI5tZ9oYFg4pV",
      "y": "jQbA_nqKFiBVfbxratx7YCQgqXr8Ew3GkYw_6vROZikjRPfAl70TLkzaHl2HZk-F",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "qrrYthgG0KN3BK0QKR5GVxPIKhA",
      "use": "sig",
      "x": "AJ2bpXuFGeOxaEBP4jU2Yb4etTEfY07rqI1PYQForVj_-lZ7eMDBqIsUJuPvYUulV-mUSDkzwuSRl8-qaQs_MLFS",
      "y": "AKZbW_cNCVuHC-lqWMckKOo7NG1Jtfoph8aUzvyjpAY6KDr1yVxDEPdnhgdeXq17atWu79GHG5LX_f9kqiOF7kKj",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "5MwmNtztM_lf-V-GNg1yUkl07HA",
      "use": "enc",
      "x": "_mUAKV1wWPtzvi0dIRLR9TUhNhC-wb14LgS8GZcTOk0",
      "y": "YjCcIQxF_JsLvbmIkak9wn6SR4E54Wqk4hawrmwDG4g",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "KiKQ8Y4fuTo7Q8TIXWyZPHaPDCM",
      "use": "enc",
      "n": "r10ldw2__6mJGjPMpAv_aNYT95bnrWMGiyg6G_3UMYPLbaGF-Nq7SostX8klpLNAWAanJMpdvUSB6X2d5IkQsAvaaLvmDW-jwADA_gSq9ACzPXs_IkL7WvulYhhCmTHtwQwjzbmqS5dDeQ9fYB07l3rEEUskf96-9R6uH1eWeMjle4MWVF-Ex0Sw1EVrOTFf1wjOePJJ2Xop8ZsHaqT52BliNd5gXdlUkdpcj0OfF9wvvAkUdgEXK336VCMeIRpT-NWItmYpGihaTxJaxYKg98REnMmEZ6wGLiJecJWU6Cwxvxd_asPggkxA4DLNtH-35KuQ6ZvTKqabKuka72WHnw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "tTz8_Iu7CET43WmjZANNqOkoSpg",
      "use": "enc",
      "x": "CDCpGMWM1jwborjr3hIFmAko4kgXVYo_CO06dKlxHhsycAIk3zdYf7r50m4nA1jQ",
      "y": "pWm_4nhohNpvwtzqMzAxq8PFNaor9wNSdhbQTAVFp3FUtAZ5lXuy6cqpUrCLA1YL",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "yJTeSKJRk14clH6IWD7NKszzrbQ",
      "use": "enc",
      "x": "AbXvCDr46z-ZHwpVoVgVcWHBUfvXsJ7ktit3z-egproYs6GOvKhyd19XlS3RMSs4FnQLdEEqh6zsOOMYxkY3eWTI",
      "y": "AZFW30tO1BFKv92Panabi-mkSY6mdCCbLcnJenpdX7r4lIGXVTvtXFf2wQDaxT-wlQy7SKHQ0xxg4Sc5Am8J0W5p",
      "crv": "P-521"
    }
  ]
}

2021-06-15 16:10:39

(1) More

SUCCESS

CheckServerKeysIsValid

Server JWKs is valid

server_jwks

{
  "keys": [
    {
      "kty": "EC",
      "kid": "5QadRhn8CbPcH87TPn44jtdjEb0",
      "use": "sig",
      "x": "NqD3pkyW21AvgCu7ZqBJh4K8SOuWcIWEEKfN_pU52jY",
      "y": "gjZTZuUYqizpY-gjoVBfDRUiD6k_mv679L0KaDxlSPI",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "E7i-dwTdrPHhrxA87ERbRd3SMTw",
      "use": "sig",
      "n": "gyhVGIOSmrrL_jUQl1GZAmOMs_OJiY69_vLlMYPia_yafsBNYvpX9CF2iboE3NRVC-1m8bZuiINxIgNEqEvqUQDOLmw6ymNP7apGZV19OQndmfi746w7ONh1n48zFZEH4YvG4WOLLOqK4JuHHBu_TZaFve1DoRhEj4tZquJEM67Yl7GVlv89MnwUxOmi8L7Q9Er1ZaZoemwaiNwif1q_suyBSQbNgZ9GZIen9FTtR0p72KBrTuxULkhCoMw7OcKoTwd02iRxgaoxdbiS3g3XHQbPvBCzZ3U84frc7oK664JZ1KFWSGjvpaVwwtojGE3efpoi5-5QPPJOI9r7PvCALw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "NJ-xeJ1prPqxexh2SKij5J2P4uo",
      "use": "sig",
      "x": "H92ITt53QuWhi_qcEFk562XnIiX8BrRoMqMe74SoNTe7EuXNPUo2ttWqVjtrCOLQ",
      "y": "r-UM637j132U7n4V4d9XMnOdvoMtzFki-OcNPcDeB-_fijjyfI8dRniVX6WfOP5-",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "_jjw9ffzGB6Z4kAQAO_NV0B7sEU",
      "use": "sig",
      "x": "AbdbAgstypbQKRDhxw9nsfr9_ioGD0w8sWMwN3vD2LsXGW9RaQUh5RgBQ1g-V0I8ZhDPDhjaRneIS2xQ5-uLP70E",
      "y": "AR274LRg7ReUXW1SMQI3SU4wmKBdMoGUbTJq1gg4wAEQiwlNLbOBuEmiJGMcwYZgt1WiO2nmjwGNboSLmk6xab12",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "SN6UlUJWv_KKF_mHImCtTOmUD2M",
      "use": "sig",
      "x": "gYJHBD55iX9_exq0hGbhRXRVVqtFlgOsVwkn_A_h1AQ",
      "y": "y3wzQIoknL1wvd3XKpHaeDLp44yJ12wiIbQfBcKji60",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "ZH2y4AetHTynvUgDK_YxYbB5yLQ",
      "use": "sig",
      "n": "mutK9ALOPwBn0Ma6EMzgNq45icxxZtsozOGgJhRv87q7_oaccs5E6LvyIAEYTe4tylKXkb5U36sXb3fB_ljVLUo8TzEvYk8p1AnzrDq17edRsBrK7rA55d1K8kvDXksT9aAAyHxsTvtnpEIPIMy-9zDBsu89nqzBvGBC4qfvonrUK7KAXmq7PsrQykuBD1dNg9DNZL3gWLVaZMEbnioe_f9miaXcUHbR37TEjaOjezBSakjRXqRDIB9bE5JWQvpNfyJDnN_P8EPZK8fq6yn_5kGzMPf-r86bjbz4oR-_HO2o4h5lrov0Hwjic20oeFV7jIx2f2qMuBdPz-x0J3lcjQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "dsh6NHxZgjoeBgIu0XsECIIbtL8",
      "use": "sig",
      "x": "37_BpW5YpwgG4z7GQWIaW8jViBJ0fRGnDsKpSkyoaiTEjymlR9sBI5tZ9oYFg4pV",
      "y": "jQbA_nqKFiBVfbxratx7YCQgqXr8Ew3GkYw_6vROZikjRPfAl70TLkzaHl2HZk-F",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "qrrYthgG0KN3BK0QKR5GVxPIKhA",
      "use": "sig",
      "x": "AJ2bpXuFGeOxaEBP4jU2Yb4etTEfY07rqI1PYQForVj_-lZ7eMDBqIsUJuPvYUulV-mUSDkzwuSRl8-qaQs_MLFS",
      "y": "AKZbW_cNCVuHC-lqWMckKOo7NG1Jtfoph8aUzvyjpAY6KDr1yVxDEPdnhgdeXq17atWu79GHG5LX_f9kqiOF7kKj",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "5MwmNtztM_lf-V-GNg1yUkl07HA",
      "use": "enc",
      "x": "_mUAKV1wWPtzvi0dIRLR9TUhNhC-wb14LgS8GZcTOk0",
      "y": "YjCcIQxF_JsLvbmIkak9wn6SR4E54Wqk4hawrmwDG4g",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "KiKQ8Y4fuTo7Q8TIXWyZPHaPDCM",
      "use": "enc",
      "n": "r10ldw2__6mJGjPMpAv_aNYT95bnrWMGiyg6G_3UMYPLbaGF-Nq7SostX8klpLNAWAanJMpdvUSB6X2d5IkQsAvaaLvmDW-jwADA_gSq9ACzPXs_IkL7WvulYhhCmTHtwQwjzbmqS5dDeQ9fYB07l3rEEUskf96-9R6uH1eWeMjle4MWVF-Ex0Sw1EVrOTFf1wjOePJJ2Xop8ZsHaqT52BliNd5gXdlUkdpcj0OfF9wvvAkUdgEXK336VCMeIRpT-NWItmYpGihaTxJaxYKg98REnMmEZ6wGLiJecJWU6Cwxvxd_asPggkxA4DLNtH-35KuQ6ZvTKqabKuka72WHnw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "tTz8_Iu7CET43WmjZANNqOkoSpg",
      "use": "enc",
      "x": "CDCpGMWM1jwborjr3hIFmAko4kgXVYo_CO06dKlxHhsycAIk3zdYf7r50m4nA1jQ",
      "y": "pWm_4nhohNpvwtzqMzAxq8PFNaor9wNSdhbQTAVFp3FUtAZ5lXuy6cqpUrCLA1YL",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "yJTeSKJRk14clH6IWD7NKszzrbQ",
      "use": "enc",
      "x": "AbXvCDr46z-ZHwpVoVgVcWHBUfvXsJ7ktit3z-egproYs6GOvKhyd19XlS3RMSs4FnQLdEEqh6zsOOMYxkY3eWTI",
      "y": "AZFW30tO1BFKv92Panabi-mkSY6mdCCbLcnJenpdX7r4lIGXVTvtXFf2wQDaxT-wlQy7SKHQ0xxg4Sc5Am8J0W5p",
      "crv": "P-521"
    }
  ]
}

2021-06-15 16:10:39	SUCCESS RFC7517-1.1	ValidateServerJWKs Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url

2021-06-15 16:10:39	SUCCESS OIDCC-10.1	CheckForKeyIdInServerJWKs All keys contain kids

2021-06-15 16:10:39	SUCCESS RFC7518-6.3.2.1	EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys Jwks does not contain any private or symmetric keys

2021-06-15 16:10:39

(1) More

SUCCESS

FAPI-R-5.2.2-5 FAPI-R-5.2.2-6

FAPIEnsureMinimumServerKeyLength

Validated minimum key lengths for server_jwks

server_jwks

{
  "keys": [
    {
      "kty": "EC",
      "kid": "5QadRhn8CbPcH87TPn44jtdjEb0",
      "use": "sig",
      "x": "NqD3pkyW21AvgCu7ZqBJh4K8SOuWcIWEEKfN_pU52jY",
      "y": "gjZTZuUYqizpY-gjoVBfDRUiD6k_mv679L0KaDxlSPI",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "E7i-dwTdrPHhrxA87ERbRd3SMTw",
      "use": "sig",
      "n": "gyhVGIOSmrrL_jUQl1GZAmOMs_OJiY69_vLlMYPia_yafsBNYvpX9CF2iboE3NRVC-1m8bZuiINxIgNEqEvqUQDOLmw6ymNP7apGZV19OQndmfi746w7ONh1n48zFZEH4YvG4WOLLOqK4JuHHBu_TZaFve1DoRhEj4tZquJEM67Yl7GVlv89MnwUxOmi8L7Q9Er1ZaZoemwaiNwif1q_suyBSQbNgZ9GZIen9FTtR0p72KBrTuxULkhCoMw7OcKoTwd02iRxgaoxdbiS3g3XHQbPvBCzZ3U84frc7oK664JZ1KFWSGjvpaVwwtojGE3efpoi5-5QPPJOI9r7PvCALw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "NJ-xeJ1prPqxexh2SKij5J2P4uo",
      "use": "sig",
      "x": "H92ITt53QuWhi_qcEFk562XnIiX8BrRoMqMe74SoNTe7EuXNPUo2ttWqVjtrCOLQ",
      "y": "r-UM637j132U7n4V4d9XMnOdvoMtzFki-OcNPcDeB-_fijjyfI8dRniVX6WfOP5-",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "_jjw9ffzGB6Z4kAQAO_NV0B7sEU",
      "use": "sig",
      "x": "AbdbAgstypbQKRDhxw9nsfr9_ioGD0w8sWMwN3vD2LsXGW9RaQUh5RgBQ1g-V0I8ZhDPDhjaRneIS2xQ5-uLP70E",
      "y": "AR274LRg7ReUXW1SMQI3SU4wmKBdMoGUbTJq1gg4wAEQiwlNLbOBuEmiJGMcwYZgt1WiO2nmjwGNboSLmk6xab12",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "SN6UlUJWv_KKF_mHImCtTOmUD2M",
      "use": "sig",
      "x": "gYJHBD55iX9_exq0hGbhRXRVVqtFlgOsVwkn_A_h1AQ",
      "y": "y3wzQIoknL1wvd3XKpHaeDLp44yJ12wiIbQfBcKji60",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "ZH2y4AetHTynvUgDK_YxYbB5yLQ",
      "use": "sig",
      "n": "mutK9ALOPwBn0Ma6EMzgNq45icxxZtsozOGgJhRv87q7_oaccs5E6LvyIAEYTe4tylKXkb5U36sXb3fB_ljVLUo8TzEvYk8p1AnzrDq17edRsBrK7rA55d1K8kvDXksT9aAAyHxsTvtnpEIPIMy-9zDBsu89nqzBvGBC4qfvonrUK7KAXmq7PsrQykuBD1dNg9DNZL3gWLVaZMEbnioe_f9miaXcUHbR37TEjaOjezBSakjRXqRDIB9bE5JWQvpNfyJDnN_P8EPZK8fq6yn_5kGzMPf-r86bjbz4oR-_HO2o4h5lrov0Hwjic20oeFV7jIx2f2qMuBdPz-x0J3lcjQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "dsh6NHxZgjoeBgIu0XsECIIbtL8",
      "use": "sig",
      "x": "37_BpW5YpwgG4z7GQWIaW8jViBJ0fRGnDsKpSkyoaiTEjymlR9sBI5tZ9oYFg4pV",
      "y": "jQbA_nqKFiBVfbxratx7YCQgqXr8Ew3GkYw_6vROZikjRPfAl70TLkzaHl2HZk-F",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "qrrYthgG0KN3BK0QKR5GVxPIKhA",
      "use": "sig",
      "x": "AJ2bpXuFGeOxaEBP4jU2Yb4etTEfY07rqI1PYQForVj_-lZ7eMDBqIsUJuPvYUulV-mUSDkzwuSRl8-qaQs_MLFS",
      "y": "AKZbW_cNCVuHC-lqWMckKOo7NG1Jtfoph8aUzvyjpAY6KDr1yVxDEPdnhgdeXq17atWu79GHG5LX_f9kqiOF7kKj",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "5MwmNtztM_lf-V-GNg1yUkl07HA",
      "use": "enc",
      "x": "_mUAKV1wWPtzvi0dIRLR9TUhNhC-wb14LgS8GZcTOk0",
      "y": "YjCcIQxF_JsLvbmIkak9wn6SR4E54Wqk4hawrmwDG4g",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "KiKQ8Y4fuTo7Q8TIXWyZPHaPDCM",
      "use": "enc",
      "n": "r10ldw2__6mJGjPMpAv_aNYT95bnrWMGiyg6G_3UMYPLbaGF-Nq7SostX8klpLNAWAanJMpdvUSB6X2d5IkQsAvaaLvmDW-jwADA_gSq9ACzPXs_IkL7WvulYhhCmTHtwQwjzbmqS5dDeQ9fYB07l3rEEUskf96-9R6uH1eWeMjle4MWVF-Ex0Sw1EVrOTFf1wjOePJJ2Xop8ZsHaqT52BliNd5gXdlUkdpcj0OfF9wvvAkUdgEXK336VCMeIRpT-NWItmYpGihaTxJaxYKg98REnMmEZ6wGLiJecJWU6Cwxvxd_asPggkxA4DLNtH-35KuQ6ZvTKqabKuka72WHnw",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "tTz8_Iu7CET43WmjZANNqOkoSpg",
      "use": "enc",
      "x": "CDCpGMWM1jwborjr3hIFmAko4kgXVYo_CO06dKlxHhsycAIk3zdYf7r50m4nA1jQ",
      "y": "pWm_4nhohNpvwtzqMzAxq8PFNaor9wNSdhbQTAVFp3FUtAZ5lXuy6cqpUrCLA1YL",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "yJTeSKJRk14clH6IWD7NKszzrbQ",
      "use": "enc",
      "x": "AbXvCDr46z-ZHwpVoVgVcWHBUfvXsJ7ktit3z-egproYs6GOvKhyd19XlS3RMSs4FnQLdEEqh6zsOOMYxkY3eWTI",
      "y": "AZFW30tO1BFKv92Panabi-mkSY6mdCCbLcnJenpdX7r4lIGXVTvtXFf2wQDaxT-wlQy7SKHQ0xxg4Sc5Am8J0W5p",
      "crv": "P-521"
    }
  ]
}

2021-06-15 16:10:39

(5) More

SUCCESS

GetStaticClientConfiguration

Found a static client object

client_id	c__fapi-mtls-par1
scope	openid other
hint_type	login_hint
hint_value	cheba-hut@ping-eng.com
jwks	{ "keys": [ { "kty": "RSA", "kid": "NjSdpg", "use": "sig", "alg": "PS256", "n": "pAHkPUm8SY4OdllzAU3NlWN1lOufCQ1mRkkrEfkXtiVcekY5yOM54PIxWtRtSkaJvv8RynyoQA-P_WiPRkjpUcHAFEhk3xi-nrihUhsfOlU7fFxfZqCcS36rUG9WGPKjWBsBiE3qOWb_NqVkzdzGu5Q-mhizoDTxpe77v6eg4c_meLs_Mu-Qa3V_IOZ-_lvDdKmUeKzNgs0vm0KbiaiAW9jY0Gg7Wzb44CdGeSJASe41KRP1dM-yByVESLm2IAk-KnGaKzfa-mZcrdrW-I15CGWNh2tYe_e4aNX85cEA1qj5OdAp9abr5v09sHERCkVg4X9fzdircHDAHi7EQpqhWQ", "e": "AQAB", "d": "L2rslluvOIT94XHTMllQSxTKdhf5jyB0pXWaIkQmet8qcZ_ELTSlE0hyxJQOVR83zCTq--Q2sO7O7rFAW03RR3YBFtwnbek1k6ZF3ftBeBgUbsw2OPHOvnUNCuBlwCjG2T5VnxcH1TjWKPKAxpRCURF3WA40QOmNxC_oUW0hsqd2lyf2Qa-OmllDFyOUuaIjSx5AZ36j4GWuCs_khvhGmQIcFG9ASn_8_yQqzBnQ7wCQ_SFgINvUP6cY5PRdAi_TjEYjckBmX8SqYZgQmVgtxxxDn11jayWnTa8Lu13ubJBQdhGOrU85Mg4x3eMKXGVVkSvjbaZFSStmBEdwimao0Q", "p": "1xM-aLtcc_MAfwfqu1MPR_vcWWlUsAdAgpj3K1HhpXpR_DI4V-sMbX8_x0iKWCjoZDVGW5JjNK3ho6V0h5Oi995ZJ2MgB8uA0BtceCV2jOL-lVJYaZwoESl_3KwfidiU3oe3oWoEJeOrWc0CY76mVv93mKuDzj2vsAPYzexuR3c", "q": "wzcH0PyMkXJ1yqTdH73L9NWuG8y499PxN1n60M60_-_WqwbExB-xYzySaFN_JCjI2zKRmMX_eH3p9p5xhjmmISspJr0EMvHJlHxpQ59AjBFg_On-vNLTkLh34ibNKT7Wsq95ec6ff0D9o4XDoO1f_5S60CNxhWLzcQ9KmitGMa8", "dp": "hDfHWRk9l-ZeermCO1Cvh0A1UR4ouuJqbR7ebFo1Dsao2hKBgsLz6-iba8aTjejwHJKHw0m2BS-UFEdl4OcI-7pMMqOEkGYxtT3s1cuqGqh9e4yY36vpEcviV-XUqahktHzYjbmf_S7-KwGWI32Tws3gVxGxwLs5Y0qqIMXlcbc", "dq": "JZRKZOi5BqbKFiB2kM2wnYkk4yUd1lducAFaTyf7n-lDodjDuB2BwGDArmSkbQmM4OVzMb2r2D4k89y8beJbILd2TIbGcCgrbfIlMWdOvaf6y7Uf3KmZIJriOR7PD8mQ-wTclZ45Bf401W3CoxAPEtxGuhqYl9zckD8pVVRPRvE", "qi": "0ULXUQ6d4nnxE4_9V2mCqkqMM-q0isgDzac57c3p6lia-Om1wZzZt6lMxYQfOmYPtm5KD9Pvx3LIraF4U0M-Mc3MtMxPvizG3HGkiqrzN3aZIOFYzm0Jb0IdBST_U4QZGBGwXOUCEymkhthuHT9UtH5vfG5pq2ahEM-Wc2uBHUs" } ] }

2021-06-15 16:10:39	SUCCESS	ValidateMTLSCertificatesHeader MTLS certificates header is valid

2021-06-15 16:10:39

(3) More

SUCCESS

ExtractMTLSCertificatesFromConfiguration

Mutual TLS authentication credentials loaded

cert

MIICsjCCAlegAwIBAgIBDTAKBggqhkjOPQQDAjA6MRswGQYDVQQKDBJMZXQncyBBdXRoZW50aWNhdGUxGzAZBgNVBAMMEkxBIEludGVybWVkaWF0ZSBDQTAeFw0yMTA2MTQxNzM1NDBaFw0yMjA2MjQxNzM1NDBaMEsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEPMA0GA1UEBwwGRGVudmVyMR4wHAYDVQQDDBV1bmNvbW1vbiB0ZXN0IGNsaWVudCAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiTHom8Sxa0cjgUSNnXGnZx/gm+93ip+7HQQPM4zHSK/LQeZSbCdiADTT0pDv0hzW4udhwSNBKVPcP+ermuzAliIn5MVSEZgfe9i7qWpdnLARsX+FS0VRQzEDp7uhS2NvGnnLQhgHfcc8C+A4nK/MWEJFGGE/Y7AmRKRZHjq9sUs6N+ExiDnARxCrzj/SFRY3NMXIVC9J5HaCpx2ld6YfPP0Hi/HZq5PsvN3hYYxvaRAgY9VUQSttz/d0JJu+aIjEuirpxVLp2BANJvUv1J9hTpVQGbOYaZBGaxWJefOLcHWKsi1HYK69mMEWrKOxBoMxAk50SgxIsvk7Vw/kPQJDVAgMBAAGjcjBwMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUZt1oy2t/JWxGArogj3LdGWkhA9gwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdEQEB/wQTMBGBD2JkY0BleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEAi//EFm4lAJSDTFvhl9gWOjS/sk74D0AcJDw37M9QDVUCIQCLTLeFZhuNYEKNdElnrKUuAXiZGrMh9B1php83AQlk9A==

key

MIIEpAIBAAKCAQEAokx6JvEsWtHI4FEjZ1xp2cf4Jvvd4qfux0EDzOMx0ivy0HmUmwnYgA009KQ79Ic1uLnYcEjQSlT3D/nq5rswJYiJ+TFUhGYH3vYu6lqXZywEbF/hUtFUUMxA6e7oUtjbxp5y0IYB33HPAvgOJyvzFhCRRhhP2OwJkSkWR46vbFLOjfhMYg5wEcQq84/0hUWNzTFyFQvSeR2gqcdpXemHzz9B4vx2auT7Lzd4WGMb2kQIGPVVEErbc/3dCSbvmiIxLoq6cVS6dgQDSb1L9SfYU6VUBmzmGmQRmsViXnzi3B1irItR2CuvZjBFqyjsQaDMQJOdEoMSLL5O1cP5D0CQ1QIDAQABAoIBAQCftz8mf4Q0w+o4xeBfYVRRmzabtpT+7mBO+a4xvQtUVyeW/W6+vAuwyE5qygyucTju1wUmSqGf5MlVkY4XDfMtnJabAm639GiehApbWldQksKvnBNzmsis0rS3AgLjNMHjTh6TEq1ZJPihZVcYOWn5NsigAGDjijVIAvUH6mS75ZfEfBvIvgrBKkdhvXzLc5Hof8t7RVusPl1fPIiYy1r3RfhuSDWQLNysyXeCA3a5FEdMq0N+ZPiNejNsFIzO75QmJyXmVe38BERNVD0wMAlnHyYQKn5EPmWhhxncQkhzuyK8MqqNkH/ho6Rg5swlzJLXMYVKecjca9XYGZGAnsOpAoGBANfN36Ptfh6kxLX7ULHUbo1E7gYY27+FS9GAkuw8jFSxU/+3zTrls3Quw7q+LGCVZo6MBJPvWY9KKpYm8WtlOzL6yp47Ni2+yutjvevlBSuw/tSEKJftDJlwrzpXf8I4TMcwK492xw3Z/kEB5+LcACjDaAZ9uQFYjvs7X2OT6OFXAoGBAMCHUa5JcwCa0vNES+/AT5wVVe1TlPSgyc763fkm14tWYB4eMbfKobziHiDWp8aorsMJGY8NdYdwps775hwbtAm24IooJdoeVIU3XACRAgANBOaSc6BbGQw2xQyBnBb0YPB/D0oXjQR8xbfT+cAxD/X3G4zRDELt51A4sYD3p2ezAoGBAKk3gH6tEjD7KFg+WVcn6QwTGcVkJqO15O7BL/PXwn4Ckog42s+tIBshNE8xIeEWJVXvSwOpMgPetygIH1QEC/h8mPacHW6fZcRP8LORYI2S+y8u9hmzQibrKivIQqDLvsCN8ApNq+YbonfdA7RqqCFOoDo+yRvaEjvDoZeWeox/AoGAJQAcl4UwH9ahYfUnLt1jr1h+WgztHJJmFmwqCr8HP5ULBd7BqVO8/6LpLWBzf/9dDsiJ6+8nPi9NL4xDrfU5BYDq6EJM+/1GOw/nk4hKvR3DaliM9i1rw+gmuH+UMukmVDHnC1M5W7pq+Sg44FHNgnTKC6cFVzuHb+hlXKa7uncCgYAby+y2VVsqd16KcURYSBx02wuVNcgL6dSjZ855cBGLgg8jiTScfRYkZf3t3HoxC2tFv0eE8+tbcXh9SnuhQOyq7poeYhSKzarOLpk/w9f5hpQD7JVLcm+Q+EAPeU8ELXYaPlE3NkwLP9QoEXD5IyjIASih2u8XJMk097IrS9M/rg==

ca

MIIB5jCCAYugAwIBAgIBFjAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJVUzEbMBkGA1UECgwSTGV0J3MgQXV0aGVudGljYXRlMSowKAYDVQQDDCFMZXQncyBBdXRoZW50aWNhdGUgUm9vdCBBdXRob3JpdHkwHhcNMjAwMTE0MjEzMjMwWhcNMzAwMTExMjEzMjMwWjA6MRswGQYDVQQKDBJMZXQncyBBdXRoZW50aWNhdGUxGzAZBgNVBAMMEkxBIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJf+aA54RC5pyLAR5yfXVYmNpgd+CGUTDp2KOGhc0gK91zxhHesEYkdXkpS2UN8Kati+yHtWCV3kkhCngGyv7RqjZjBkMB0GA1UdDgQWBBRm3WjLa38lbEYCuiCPct0ZaSED2DAfBgNVHSMEGDAWgBTEA2Q6eecKu9g9yb5glbkhhVINGDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEA5pLvaFwRRkxomIAtDIwg9D7gC1xzxBl4r28EzmSO1pcCIQCJUShpSXO9HDIQMUgH69fNDEMHXD3RRX5gP7kuu2KGMg==

2021-06-15 16:10:39	SUCCESS RFC7517-1.1	ValidateClientJWKsPrivatePart Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url

2021-06-15 16:10:39

(2) More

SUCCESS

ExtractJWKsFromStaticClientConfiguration

Extracted client JWK

client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "NjSdpg",
      "use": "sig",
      "alg": "PS256",
      "n": "pAHkPUm8SY4OdllzAU3NlWN1lOufCQ1mRkkrEfkXtiVcekY5yOM54PIxWtRtSkaJvv8RynyoQA-P_WiPRkjpUcHAFEhk3xi-nrihUhsfOlU7fFxfZqCcS36rUG9WGPKjWBsBiE3qOWb_NqVkzdzGu5Q-mhizoDTxpe77v6eg4c_meLs_Mu-Qa3V_IOZ-_lvDdKmUeKzNgs0vm0KbiaiAW9jY0Gg7Wzb44CdGeSJASe41KRP1dM-yByVESLm2IAk-KnGaKzfa-mZcrdrW-I15CGWNh2tYe_e4aNX85cEA1qj5OdAp9abr5v09sHERCkVg4X9fzdircHDAHi7EQpqhWQ",
      "e": "AQAB",
      "d": "L2rslluvOIT94XHTMllQSxTKdhf5jyB0pXWaIkQmet8qcZ_ELTSlE0hyxJQOVR83zCTq--Q2sO7O7rFAW03RR3YBFtwnbek1k6ZF3ftBeBgUbsw2OPHOvnUNCuBlwCjG2T5VnxcH1TjWKPKAxpRCURF3WA40QOmNxC_oUW0hsqd2lyf2Qa-OmllDFyOUuaIjSx5AZ36j4GWuCs_khvhGmQIcFG9ASn_8_yQqzBnQ7wCQ_SFgINvUP6cY5PRdAi_TjEYjckBmX8SqYZgQmVgtxxxDn11jayWnTa8Lu13ubJBQdhGOrU85Mg4x3eMKXGVVkSvjbaZFSStmBEdwimao0Q",
      "p": "1xM-aLtcc_MAfwfqu1MPR_vcWWlUsAdAgpj3K1HhpXpR_DI4V-sMbX8_x0iKWCjoZDVGW5JjNK3ho6V0h5Oi995ZJ2MgB8uA0BtceCV2jOL-lVJYaZwoESl_3KwfidiU3oe3oWoEJeOrWc0CY76mVv93mKuDzj2vsAPYzexuR3c",
      "q": "wzcH0PyMkXJ1yqTdH73L9NWuG8y499PxN1n60M60_-_WqwbExB-xYzySaFN_JCjI2zKRmMX_eH3p9p5xhjmmISspJr0EMvHJlHxpQ59AjBFg_On-vNLTkLh34ibNKT7Wsq95ec6ff0D9o4XDoO1f_5S60CNxhWLzcQ9KmitGMa8",
      "dp": "hDfHWRk9l-ZeermCO1Cvh0A1UR4ouuJqbR7ebFo1Dsao2hKBgsLz6-iba8aTjejwHJKHw0m2BS-UFEdl4OcI-7pMMqOEkGYxtT3s1cuqGqh9e4yY36vpEcviV-XUqahktHzYjbmf_S7-KwGWI32Tws3gVxGxwLs5Y0qqIMXlcbc",
      "dq": "JZRKZOi5BqbKFiB2kM2wnYkk4yUd1lducAFaTyf7n-lDodjDuB2BwGDArmSkbQmM4OVzMb2r2D4k89y8beJbILd2TIbGcCgrbfIlMWdOvaf6y7Uf3KmZIJriOR7PD8mQ-wTclZ45Bf401W3CoxAPEtxGuhqYl9zckD8pVVRPRvE",
      "qi": "0ULXUQ6d4nnxE4_9V2mCqkqMM-q0isgDzac57c3p6lia-Om1wZzZt6lMxYQfOmYPtm5KD9Pvx3LIraF4U0M-Mc3MtMxPvizG3HGkiqrzN3aZIOFYzm0Jb0IdBST_U4QZGBGwXOUCEymkhthuHT9UtH5vfG5pq2ahEM-Wc2uBHUs"
    }
  ]
}

public_client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "NjSdpg",
      "alg": "PS256",
      "n": "pAHkPUm8SY4OdllzAU3NlWN1lOufCQ1mRkkrEfkXtiVcekY5yOM54PIxWtRtSkaJvv8RynyoQA-P_WiPRkjpUcHAFEhk3xi-nrihUhsfOlU7fFxfZqCcS36rUG9WGPKjWBsBiE3qOWb_NqVkzdzGu5Q-mhizoDTxpe77v6eg4c_meLs_Mu-Qa3V_IOZ-_lvDdKmUeKzNgs0vm0KbiaiAW9jY0Gg7Wzb44CdGeSJASe41KRP1dM-yByVESLm2IAk-KnGaKzfa-mZcrdrW-I15CGWNh2tYe_e4aNX85cEA1qj5OdAp9abr5v09sHERCkVg4X9fzdircHDAHi7EQpqhWQ"
    }
  ]
}

2021-06-15 16:10:39	SUCCESS OIDCC-10.1	CheckForKeyIdInClientJWKs All keys contain kids

2021-06-15 16:10:39

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Distinct 'kid' value in all keys of client_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2021-06-15 16:10:39

(1) More

SUCCESS

FAPI-RW-8.6

FAPICheckKeyAlgInClientJWKs

Keys in client JWKS all have permitted 'alg'

permitted

[
  "PS256",
  "ES256"
]

2021-06-15 16:10:39

(1) More

SUCCESS

FAPI-R-5.2.2-5 FAPI-R-5.2.2-6

FAPIEnsureMinimumClientKeyLength

Validated minimum key lengths for client_jwks

client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "NjSdpg",
      "use": "sig",
      "alg": "PS256",
      "n": "pAHkPUm8SY4OdllzAU3NlWN1lOufCQ1mRkkrEfkXtiVcekY5yOM54PIxWtRtSkaJvv8RynyoQA-P_WiPRkjpUcHAFEhk3xi-nrihUhsfOlU7fFxfZqCcS36rUG9WGPKjWBsBiE3qOWb_NqVkzdzGu5Q-mhizoDTxpe77v6eg4c_meLs_Mu-Qa3V_IOZ-_lvDdKmUeKzNgs0vm0KbiaiAW9jY0Gg7Wzb44CdGeSJASe41KRP1dM-yByVESLm2IAk-KnGaKzfa-mZcrdrW-I15CGWNh2tYe_e4aNX85cEA1qj5OdAp9abr5v09sHERCkVg4X9fzdircHDAHi7EQpqhWQ",
      "e": "AQAB",
      "d": "L2rslluvOIT94XHTMllQSxTKdhf5jyB0pXWaIkQmet8qcZ_ELTSlE0hyxJQOVR83zCTq--Q2sO7O7rFAW03RR3YBFtwnbek1k6ZF3ftBeBgUbsw2OPHOvnUNCuBlwCjG2T5VnxcH1TjWKPKAxpRCURF3WA40QOmNxC_oUW0hsqd2lyf2Qa-OmllDFyOUuaIjSx5AZ36j4GWuCs_khvhGmQIcFG9ASn_8_yQqzBnQ7wCQ_SFgINvUP6cY5PRdAi_TjEYjckBmX8SqYZgQmVgtxxxDn11jayWnTa8Lu13ubJBQdhGOrU85Mg4x3eMKXGVVkSvjbaZFSStmBEdwimao0Q",
      "p": "1xM-aLtcc_MAfwfqu1MPR_vcWWlUsAdAgpj3K1HhpXpR_DI4V-sMbX8_x0iKWCjoZDVGW5JjNK3ho6V0h5Oi995ZJ2MgB8uA0BtceCV2jOL-lVJYaZwoESl_3KwfidiU3oe3oWoEJeOrWc0CY76mVv93mKuDzj2vsAPYzexuR3c",
      "q": "wzcH0PyMkXJ1yqTdH73L9NWuG8y499PxN1n60M60_-_WqwbExB-xYzySaFN_JCjI2zKRmMX_eH3p9p5xhjmmISspJr0EMvHJlHxpQ59AjBFg_On-vNLTkLh34ibNKT7Wsq95ec6ff0D9o4XDoO1f_5S60CNxhWLzcQ9KmitGMa8",
      "dp": "hDfHWRk9l-ZeermCO1Cvh0A1UR4ouuJqbR7ebFo1Dsao2hKBgsLz6-iba8aTjejwHJKHw0m2BS-UFEdl4OcI-7pMMqOEkGYxtT3s1cuqGqh9e4yY36vpEcviV-XUqahktHzYjbmf_S7-KwGWI32Tws3gVxGxwLs5Y0qqIMXlcbc",
      "dq": "JZRKZOi5BqbKFiB2kM2wnYkk4yUd1lducAFaTyf7n-lDodjDuB2BwGDArmSkbQmM4OVzMb2r2D4k89y8beJbILd2TIbGcCgrbfIlMWdOvaf6y7Uf3KmZIJriOR7PD8mQ-wTclZ45Bf401W3CoxAPEtxGuhqYl9zckD8pVVRPRvE",
      "qi": "0ULXUQ6d4nnxE4_9V2mCqkqMM-q0isgDzac57c3p6lia-Om1wZzZt6lMxYQfOmYPtm5KD9Pvx3LIraF4U0M-Mc3MtMxPvizG3HGkiqrzN3aZIOFYzm0Jb0IdBST_U4QZGBGwXOUCEymkhthuHT9UtH5vfG5pq2ahEM-Wc2uBHUs"
    }
  ]
}

2021-06-15 16:10:39	SUCCESS	ValidateMTLSCertificatesAsX509 Mutual TLS authentication cert validated as X.509

Verify configuration of second client

2021-06-15 16:10:39

(3) More

SUCCESS

GetStaticClient2Configuration

Found a static second client object

client_id

c__fapi-mtls-par2

scope

openid

jwks

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "LG7PuQ",
      "use": "sig",
      "alg": "PS256",
      "n": "hfCAETIrxp4a_4ObLtexDJFx5E6MSoJ6adImX9goGGQ8SjBb-syIlkCRvYvH7fSTR7IJ_a3kSOLKFa1v9GYftjIh8JdeV4aI6igbu7D7qsiMe8FUSqoKfMLlOtuOBULU2mqkMJ8LmXh6NwR2ZkznDRoTE1N-drB4RQc5FeEqpO2OYZMUAkH3fR01SY9NGPdKFjWnweGA2FDzfmL6kju79qlofn1CWtXoUTSv9S8jGzw258WruTqsFjbL4LeccEsQMhg1eBjLlnDQEVHqPbI6mUdvA5HwUlQQLli1_5Za8ONoBW9FwFOsZgLIAdB8JNgfzVE1ignKMALdzHnU4z641w",
      "e": "AQAB",
      "d": "GVDKs_VaptDNY4wZcbIc6bY346IhDBg7UPMCg80UTv_rEU6wo-eyzUtpAH2CDWzTxZJWJxeN9WTAM3azmWsQBVzWY2YI09w-1ps8Gq6p8q6zNtTkvLQFBW3E6-oBnubx2lKbtADrrVdDKlDynAVfCm_qORXn6kESimGCHauQZtmlMe43xLRrsjVLWztoyVYaYCjepvQ9Lsbirq_vFlu9AqYUqHSoKP9pHCsKVNFONictRHD5aQQZT1WocLj9XAwSs9SxtGMVP9XEo4qldkvMMakIe3kvEQsChfjkDoQrO6f1ti7tAP3AV3qLcxO0WSdr0YOSPe1T4SraMDIH1Pb_qQ",
      "p": "0ShCrAFdoYwMZodMjmyFH6U9hUCcmHmU9hSg1EzbEopRf9uJuxJejnOMw98un4pEFkTfEtkDzodyBd7gp_4Ao_sPCwC8rmThGE4J9BLDWIg8evcziH3TemKrPwAdxsIsCOraLjK5FpGuMSwSVHmciBBIKovgcOe3nNCPfc3ELoM",
      "q": "o--7TSNhhu4B1UyhRkYgdIF6HMNidVvcOHzcyy-uVz5ww7wzG4iK0SSPi7LkMyRl-9DhJOoaa9G1i_I6Mf3S_onBxYccwc57-KEsyN4BfmbTewiX-OLID1u3giECNFVWrznmbsofEswGU0215m03Zd7mc6OrnaNWPcJP-qQqfB0",
      "dp": "faGGMpT7bZ6WkDsyo9XRPInfYxvFM9zLuef4Fq03ZXKJs5flqeVFwKDta3WyJohBj3K83zBVFgfLWHVgUefC8LxLc9t0efgEMLonRmDCz3m9gkrbvF9_2GJN5CCowgs9sfmHJfq3rDPDAqwrMmx9tki5YDz2ijrU0i-AERu4fAs",
      "dq": "bNKGkv4Zj2gO73ie1fdXM_9-__jzMtR3q0e3iWltYZyhXk1f37cT7yFF6IYn1Ysj57UQv2BniYr76Joy51yG41CuwGCgRka7JKBZCj3U4AOB_voFZ8Gi7A8GEeu3euXrVQYqYQDq_59P05ySUxPM4mLEt56-HTZ_2R9T2B2B1kE",
      "qi": "RtUzv_tHGTpn2kyMQqo63soTlkV1yk0Ww3efYizZKvKsB3HDWm4D5xlBYXo9odTzLGu5yHMDcPJ4GntfFErjUMWWCxKf5xi6pMk1dH8FEm9rfxn0z3i83iaLRcdf_tVNHwJjuBBF0Q4tjpu8XolWHcrsgvkaHigPcpYMCe9xiJ0"
    }
  ]
}

2021-06-15 16:10:39	SUCCESS	ValidateMTLSCertificates2Header MTLS certificates header is valid

2021-06-15 16:10:39

(3) More

SUCCESS

ExtractMTLSCertificates2FromConfiguration

Mutual TLS authentication credentials loaded

cert

MIICsjCCAlegAwIBAgIBDzAKBggqhkjOPQQDAjA6MRswGQYDVQQKDBJMZXQncyBBdXRoZW50aWNhdGUxGzAZBgNVBAMMEkxBIEludGVybWVkaWF0ZSBDQTAeFw0yMTA2MTQxODAzMjdaFw0yMjA2MjQxODAzMjdaMEsxCzAJBgNVBAYTAkNBMQswCQYDVQQIDAJCQzESMBAGA1UEBwwJVmFuY291dmVyMRswGQYDVQQDDBJ0aGUgbmFtZSBnb2VzIGhlcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6BzxrtSWajtOb8HgO9l8XN+Ho2s4LWuT6tB9mpmG6v9YnoqpUq1Y4H7taIdiboRezt9i9wS93dPKpJhwanuiIrMCi7n5s973DwB4Ff7uFyKPUBT2L2J4367wnI+w1I0SjzLTIkK9rmrwabMpzc0xn/dERfiKJul5zzr3UOFXZ9YAlAxdqvFH5NzuAr4KaWOLwaHxvQMbr8d7dYWdOEZTWTAmkD+ATf9ZsqKLrE6wr0hgEjnrJNqdWXS9jaekBNTMyy/+sUfGKpsHHrxFeFgxficK5BZ1dMQNFXNV8Fuo83OmvsD/w4GkhsrrimOJcYj+gVAbaEcjJqoKqnu3G0/FZAgMBAAGjcjBwMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUZt1oy2t/JWxGArogj3LdGWkhA9gwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdEQEB/wQTMBGBD2JkY0BleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA6tI9+IS2SInpF7NWfhWVVaETmBeVD9YTXMVWEVp6EVYCIQD0vGsjcpoOPw2fJLjx36xJmOBNKZqeMU3LMya7P9vl7A==

key

MIIEowIBAAKCAQEAugc8a7Ulmo7Tm/B4DvZfFzfh6NrOC1rk+rQfZqZhur/WJ6KqVKtWOB+7WiHYm6EXs7fYvcEvd3TyqSYcGp7oiKzAou5+bPe9w8AeBX+7hcij1AU9i9ieN+u8JyPsNSNEo8y0yJCva5q8GmzKc3NMZ/3REX4iibpec8691DhV2fWAJQMXarxR+Tc7gK+Cmlji8Gh8b0DG6/He3WFnThGU1kwJpA/gE3/WbKii6xOsK9IYBI56yTanVl0vY2npATUzMsv/rFHxiqbBx68RXhYMX4nCuQWdXTEDRVzVfBbqPNzpr7A/8OBpIbK64pjiXGI/oFQG2hHIyaqCqp7txtPxWQIDAQABAoIBAHuO3NHJQo2yudhEUunVN/mK83CfC+W83IOr6YNblWPdkRdIUovkNWMXqG/INT/BMqX6wWnfi3Bza81vc5E25MoKu/Q8JhqoPhFrZEVQvrOwPShQxr1BBm2sFI+Gq5frseZ9y8G/X9Q/tRp0Ec+20BPuINPWjIggEiYnNixjspoN9MaFSAzPEkcMKVGq7UYdmuOSNxS1v8wyCECx3/XCXRjPtCSeA/eMtA6zfA9QatiybVTfbqN3QK3HXYcrtvIHwikB4+6CmoWSqt2FUsHyzAz4CwdG3QhAXboI8ryeZ5oLCkKwj4MB0vVa8Y9ARM+dM+f8uhQTKgGwif1euKP9ytUCgYEA21Clfueat18qAF2A9NyAw3MbkJOrfiFFcfgMwsNAw0/dcJWBs0kD/toXhndTYGYXkLY6U+JImLdIp7vXRjPccQ1qx2PP4vuH8wVkfbWHJt+Q2T6IzvmlamPpuDlQg5atusj0x5ZWKjHfT24kVGA6l4mssDOzFhUK1V7BJaoBmxcCgYEA2SU1FskcNdzycLWvdnC1PG90poOCG92zNCT7PuCPjmuae7JDArbHK4R6c9jW1mJb/TWQjFiteDkQ1DBEQeHrsQuIKMK0AVNR4HpLF7rBzblNE7WC4S2r95OMz3G2JmysvmKOCAJEoAoJ5a/zK1RgtNl060p4R9EXUx2T3hSP3Q8CgYB+3rBeMWz3Fz4c5/pprAVxC22uvT4/wM+DlpMLOBiG4/Sd5F8bb+m3zEI/r1e0NFr9g+1KCWUlsyF8ptVp7yZe3/wdTEg+bnO+yifP8Os2Oa55fgt2cESYvyO9Rqqk9M2beBTiQL2nuyILuRObG+/JKgOUCtRWueWCeUYSm75CEQKBgEEdCyJeA/uS2ZA6qvbVLUOGGHCmFqnMfSQxwrVEGUgXtCdLeRSjQm4mN6Htb96xd+wh18p9/OaEFivKnW00FbztPFMcr2WGWpL5mPLwqZTK7/XtA+YKD/sZX6wE6R30kIg2fWihZXqoB/e8HyrrDmSsoIa9ufuvE1N1FxYNDGa5AoGBAJMEsPXmWfoGMukKnGhgQGy4UvKfzn1ruXGvVbMOrBpQzjaDPd7sMNrz8bHJERKhyoi5zJDbn0tVC9I9Z4VPUo2mwyfJvqNYrfBOb/lqe5QKFbx/dp5lA6DVIVIFUQH18LsQb1f3HdB4yJXvf5a0jJ0l3oizOnFQDlDbK9Xhla9i

ca

MIIB5jCCAYugAwIBAgIBFjAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJVUzEbMBkGA1UECgwSTGV0J3MgQXV0aGVudGljYXRlMSowKAYDVQQDDCFMZXQncyBBdXRoZW50aWNhdGUgUm9vdCBBdXRob3JpdHkwHhcNMjAwMTE0MjEzMjMwWhcNMzAwMTExMjEzMjMwWjA6MRswGQYDVQQKDBJMZXQncyBBdXRoZW50aWNhdGUxGzAZBgNVBAMMEkxBIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJf+aA54RC5pyLAR5yfXVYmNpgd+CGUTDp2KOGhc0gK91zxhHesEYkdXkpS2UN8Kati+yHtWCV3kkhCngGyv7RqjZjBkMB0GA1UdDgQWBBRm3WjLa38lbEYCuiCPct0ZaSED2DAfBgNVHSMEGDAWgBTEA2Q6eecKu9g9yb5glbkhhVINGDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEA5pLvaFwRRkxomIAtDIwg9D7gC1xzxBl4r28EzmSO1pcCIQCJUShpSXO9HDIQMUgH69fNDEMHXD3RRX5gP7kuu2KGMg==

2021-06-15 16:10:39	SUCCESS RFC7517-1.1	ValidateClientJWKsPrivatePart Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url

2021-06-15 16:10:39

(2) More

SUCCESS

ExtractJWKsFromStaticClientConfiguration

Extracted client JWK

client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "LG7PuQ",
      "use": "sig",
      "alg": "PS256",
      "n": "hfCAETIrxp4a_4ObLtexDJFx5E6MSoJ6adImX9goGGQ8SjBb-syIlkCRvYvH7fSTR7IJ_a3kSOLKFa1v9GYftjIh8JdeV4aI6igbu7D7qsiMe8FUSqoKfMLlOtuOBULU2mqkMJ8LmXh6NwR2ZkznDRoTE1N-drB4RQc5FeEqpO2OYZMUAkH3fR01SY9NGPdKFjWnweGA2FDzfmL6kju79qlofn1CWtXoUTSv9S8jGzw258WruTqsFjbL4LeccEsQMhg1eBjLlnDQEVHqPbI6mUdvA5HwUlQQLli1_5Za8ONoBW9FwFOsZgLIAdB8JNgfzVE1ignKMALdzHnU4z641w",
      "e": "AQAB",
      "d": "GVDKs_VaptDNY4wZcbIc6bY346IhDBg7UPMCg80UTv_rEU6wo-eyzUtpAH2CDWzTxZJWJxeN9WTAM3azmWsQBVzWY2YI09w-1ps8Gq6p8q6zNtTkvLQFBW3E6-oBnubx2lKbtADrrVdDKlDynAVfCm_qORXn6kESimGCHauQZtmlMe43xLRrsjVLWztoyVYaYCjepvQ9Lsbirq_vFlu9AqYUqHSoKP9pHCsKVNFONictRHD5aQQZT1WocLj9XAwSs9SxtGMVP9XEo4qldkvMMakIe3kvEQsChfjkDoQrO6f1ti7tAP3AV3qLcxO0WSdr0YOSPe1T4SraMDIH1Pb_qQ",
      "p": "0ShCrAFdoYwMZodMjmyFH6U9hUCcmHmU9hSg1EzbEopRf9uJuxJejnOMw98un4pEFkTfEtkDzodyBd7gp_4Ao_sPCwC8rmThGE4J9BLDWIg8evcziH3TemKrPwAdxsIsCOraLjK5FpGuMSwSVHmciBBIKovgcOe3nNCPfc3ELoM",
      "q": "o--7TSNhhu4B1UyhRkYgdIF6HMNidVvcOHzcyy-uVz5ww7wzG4iK0SSPi7LkMyRl-9DhJOoaa9G1i_I6Mf3S_onBxYccwc57-KEsyN4BfmbTewiX-OLID1u3giECNFVWrznmbsofEswGU0215m03Zd7mc6OrnaNWPcJP-qQqfB0",
      "dp": "faGGMpT7bZ6WkDsyo9XRPInfYxvFM9zLuef4Fq03ZXKJs5flqeVFwKDta3WyJohBj3K83zBVFgfLWHVgUefC8LxLc9t0efgEMLonRmDCz3m9gkrbvF9_2GJN5CCowgs9sfmHJfq3rDPDAqwrMmx9tki5YDz2ijrU0i-AERu4fAs",
      "dq": "bNKGkv4Zj2gO73ie1fdXM_9-__jzMtR3q0e3iWltYZyhXk1f37cT7yFF6IYn1Ysj57UQv2BniYr76Joy51yG41CuwGCgRka7JKBZCj3U4AOB_voFZ8Gi7A8GEeu3euXrVQYqYQDq_59P05ySUxPM4mLEt56-HTZ_2R9T2B2B1kE",
      "qi": "RtUzv_tHGTpn2kyMQqo63soTlkV1yk0Ww3efYizZKvKsB3HDWm4D5xlBYXo9odTzLGu5yHMDcPJ4GntfFErjUMWWCxKf5xi6pMk1dH8FEm9rfxn0z3i83iaLRcdf_tVNHwJjuBBF0Q4tjpu8XolWHcrsgvkaHigPcpYMCe9xiJ0"
    }
  ]
}

public_client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "LG7PuQ",
      "alg": "PS256",
      "n": "hfCAETIrxp4a_4ObLtexDJFx5E6MSoJ6adImX9goGGQ8SjBb-syIlkCRvYvH7fSTR7IJ_a3kSOLKFa1v9GYftjIh8JdeV4aI6igbu7D7qsiMe8FUSqoKfMLlOtuOBULU2mqkMJ8LmXh6NwR2ZkznDRoTE1N-drB4RQc5FeEqpO2OYZMUAkH3fR01SY9NGPdKFjWnweGA2FDzfmL6kju79qlofn1CWtXoUTSv9S8jGzw258WruTqsFjbL4LeccEsQMhg1eBjLlnDQEVHqPbI6mUdvA5HwUlQQLli1_5Za8ONoBW9FwFOsZgLIAdB8JNgfzVE1ignKMALdzHnU4z641w"
    }
  ]
}

2021-06-15 16:10:39	SUCCESS OIDCC-10.1	CheckForKeyIdInClientJWKs All keys contain kids

2021-06-15 16:10:39

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Distinct 'kid' value in all keys of client_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2021-06-15 16:10:39

(1) More

SUCCESS

FAPI-RW-8.6

FAPICheckKeyAlgInClientJWKs

Keys in client JWKS all have permitted 'alg'

permitted

[
  "PS256",
  "ES256"
]

2021-06-15 16:10:39

(1) More

SUCCESS

FAPI-R-5.2.2-5 FAPI-R-5.2.2-6

FAPIEnsureMinimumClientKeyLength

Validated minimum key lengths for client_jwks

client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "LG7PuQ",
      "use": "sig",
      "alg": "PS256",
      "n": "hfCAETIrxp4a_4ObLtexDJFx5E6MSoJ6adImX9goGGQ8SjBb-syIlkCRvYvH7fSTR7IJ_a3kSOLKFa1v9GYftjIh8JdeV4aI6igbu7D7qsiMe8FUSqoKfMLlOtuOBULU2mqkMJ8LmXh6NwR2ZkznDRoTE1N-drB4RQc5FeEqpO2OYZMUAkH3fR01SY9NGPdKFjWnweGA2FDzfmL6kju79qlofn1CWtXoUTSv9S8jGzw258WruTqsFjbL4LeccEsQMhg1eBjLlnDQEVHqPbI6mUdvA5HwUlQQLli1_5Za8ONoBW9FwFOsZgLIAdB8JNgfzVE1ignKMALdzHnU4z641w",
      "e": "AQAB",
      "d": "GVDKs_VaptDNY4wZcbIc6bY346IhDBg7UPMCg80UTv_rEU6wo-eyzUtpAH2CDWzTxZJWJxeN9WTAM3azmWsQBVzWY2YI09w-1ps8Gq6p8q6zNtTkvLQFBW3E6-oBnubx2lKbtADrrVdDKlDynAVfCm_qORXn6kESimGCHauQZtmlMe43xLRrsjVLWztoyVYaYCjepvQ9Lsbirq_vFlu9AqYUqHSoKP9pHCsKVNFONictRHD5aQQZT1WocLj9XAwSs9SxtGMVP9XEo4qldkvMMakIe3kvEQsChfjkDoQrO6f1ti7tAP3AV3qLcxO0WSdr0YOSPe1T4SraMDIH1Pb_qQ",
      "p": "0ShCrAFdoYwMZodMjmyFH6U9hUCcmHmU9hSg1EzbEopRf9uJuxJejnOMw98un4pEFkTfEtkDzodyBd7gp_4Ao_sPCwC8rmThGE4J9BLDWIg8evcziH3TemKrPwAdxsIsCOraLjK5FpGuMSwSVHmciBBIKovgcOe3nNCPfc3ELoM",
      "q": "o--7TSNhhu4B1UyhRkYgdIF6HMNidVvcOHzcyy-uVz5ww7wzG4iK0SSPi7LkMyRl-9DhJOoaa9G1i_I6Mf3S_onBxYccwc57-KEsyN4BfmbTewiX-OLID1u3giECNFVWrznmbsofEswGU0215m03Zd7mc6OrnaNWPcJP-qQqfB0",
      "dp": "faGGMpT7bZ6WkDsyo9XRPInfYxvFM9zLuef4Fq03ZXKJs5flqeVFwKDta3WyJohBj3K83zBVFgfLWHVgUefC8LxLc9t0efgEMLonRmDCz3m9gkrbvF9_2GJN5CCowgs9sfmHJfq3rDPDAqwrMmx9tki5YDz2ijrU0i-AERu4fAs",
      "dq": "bNKGkv4Zj2gO73ie1fdXM_9-__jzMtR3q0e3iWltYZyhXk1f37cT7yFF6IYn1Ysj57UQv2BniYr76Joy51yG41CuwGCgRka7JKBZCj3U4AOB_voFZ8Gi7A8GEeu3euXrVQYqYQDq_59P05ySUxPM4mLEt56-HTZ_2R9T2B2B1kE",
      "qi": "RtUzv_tHGTpn2kyMQqo63soTlkV1yk0Ww3efYizZKvKsB3HDWm4D5xlBYXo9odTzLGu5yHMDcPJ4GntfFErjUMWWCxKf5xi6pMk1dH8FEm9rfxn0z3i83iaLRcdf_tVNHwJjuBBF0Q4tjpu8XolWHcrsgvkaHigPcpYMCe9xiJ0"
    }
  ]
}

2021-06-15 16:10:39	SUCCESS	ValidateMTLSCertificatesAsX509 Mutual TLS authentication cert validated as X.509

2021-06-15 16:10:39

(1) More

SUCCESS

GetResourceEndpointConfiguration

Found a resource endpoint object

resourceUrl

https://par-what-is-it-good-for.ping-eng.com:3000/get

2021-06-15 16:10:39

(1) More

SUCCESS

SetProtectedResourceUrlToSingleResourceEndpoint

Set protected resource URL

protected_resource_url

https://par-what-is-it-good-for.ping-eng.com:3000/get

2021-06-15 16:10:39

(1) More

SUCCESS

ExtractTLSTestValuesFromResourceConfiguration

Extracted TLS information from resource endpoint

resource_endpoint

{
  "testHost": "par-what-is-it-good-for.ping-eng.com",
  "testPort": 3000
}

2021-06-15 16:10:39

(2) More

SUCCESS

ExtractTLSTestValuesFromOBResourceConfiguration

Extracted TLS information from resource endpoint

accounts_resource_endpoint	{ "testHost": "par-what-is-it-good-for.ping-eng.com", "testPort": 3000 }
accounts_request_endpoint	{ "testHost": "par-what-is-it-good-for.ping-eng.com", "testPort": 3000 }

2021-06-15 16:10:39		fapi-rw-id2-ensure-mtls-holder-of-key-required Setup Done

Authorization endpoint TLS test

2021-06-15 16:10:40

(2) More

SUCCESS

FAPI-RW-8.5-2

EnsureTLS12WithFAPICiphers

Server agreed to TLS 1.2

port	9031
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:40

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowTLS10

Server refused TLS 1.0 handshake

port	9031
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:40

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowTLS11

Server refused TLS 1.1 handshake

port	9031
host	par-what-is-it-good-for.ping-eng.com

Token Endpoint TLS test

2021-06-15 16:10:40

(2) More

SUCCESS

FAPI-RW-8.5-2

EnsureTLS12WithFAPICiphers

Server agreed to TLS 1.2

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:40

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowTLS10

Server refused TLS 1.0 handshake

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:41

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowTLS11

Server refused TLS 1.1 handshake

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:41

(2) More

DisallowInsecureCipher

Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:41

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowInsecureCipher

The TLS handshake was rejected when trying to connect with disallowed ciphers.

port	9032
host	par-what-is-it-good-for.ping-eng.com

Userinfo Endpoint TLS test

2021-06-15 16:10:41

(2) More

SUCCESS

FAPI-RW-8.5-2

EnsureTLS12WithFAPICiphers

Server agreed to TLS 1.2

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:41

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowTLS10

Server refused TLS 1.0 handshake

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:41

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowTLS11

Server refused TLS 1.1 handshake

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:41

(2) More

DisallowInsecureCipher

Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:41

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowInsecureCipher

The TLS handshake was rejected when trying to connect with disallowed ciphers.

port	9032
host	par-what-is-it-good-for.ping-eng.com

Registration Endpoint TLS test

2021-06-15 16:10:42

(2) More

SUCCESS

FAPI-RW-8.5-2

EnsureTLS12WithFAPICiphers

Server agreed to TLS 1.2

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:42

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowTLS10

Server refused TLS 1.0 handshake

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:42

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowTLS11

Server refused TLS 1.1 handshake

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:42

(2) More

DisallowInsecureCipher

Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)

port	9032
host	par-what-is-it-good-for.ping-eng.com

2021-06-15 16:10:42

(2) More

SUCCESS

FAPI-RW-8.5-2

DisallowInsecureCipher

The TLS handshake was rejected when trying to connect with disallowed ciphers.

port	9032
host	par-what-is-it-good-for.ping-eng.com

Make request to authorization endpoint

2021-06-15 16:10:42

(3) More

SUCCESS

CreateAuthorizationEndpointRequestFromClientInformation

Created authorization endpoint request

client_id	c__fapi-mtls-par1
redirect_uri	https://www.certification.openid.net/test/a/pi/callback
scope	openid other

2021-06-15 16:10:42

(1) More

SUCCESS

AddAcrClaimToAuthorizationEndpointRequest

Added acr claim to authorization_endpoint_request

authorization_endpoint_request

{
  "client_id": "c__fapi-mtls-par1",
  "redirect_uri": "https://www.certification.openid.net/test/a/pi/callback",
  "scope": "openid other",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}

2021-06-15 16:10:42

(2) More

CreateRandomStateValue

Created state value

requested_state_length	10
state	RYfs7g4HTt

2021-06-15 16:10:42

(5) More

SUCCESS

AddStateToAuthorizationEndpointRequest

Added state parameter to request

client_id	c__fapi-mtls-par1
redirect_uri	https://www.certification.openid.net/test/a/pi/callback
scope	openid other
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	RYfs7g4HTt

2021-06-15 16:10:42

(2) More

CreateRandomNonceValue

Created nonce value

requested_nonce_length	10
nonce	5FCUA4HG4x

2021-06-15 16:10:42

(6) More

SUCCESS

AddNonceToAuthorizationEndpointRequest

Added nonce parameter to request

client_id	c__fapi-mtls-par1
redirect_uri	https://www.certification.openid.net/test/a/pi/callback
scope	openid other
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	RYfs7g4HTt
nonce	5FCUA4HG4x

2021-06-15 16:10:42

(7) More

SUCCESS

SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken

Added response_type parameter to request

client_id	c__fapi-mtls-par1
redirect_uri	https://www.certification.openid.net/test/a/pi/callback
scope	openid other
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	RYfs7g4HTt
nonce	5FCUA4HG4x
response_type	code id_token

2021-06-15 16:10:42

(1) More

SUCCESS

ConvertAuthorizationEndpointRequestToRequestObject

Created request object claims

request_object_claims

{
  "client_id": "c__fapi-mtls-par1",
  "redirect_uri": "https://www.certification.openid.net/test/a/pi/callback",
  "scope": "openid other",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "RYfs7g4HTt",
  "nonce": "5FCUA4HG4x",
  "response_type": "code id_token"
}

2021-06-15 16:10:42

(1) More

SUCCESS

FAPI-RW-5.2.2-13

AddExpToRequestObject

Added exp to request object claims

exp	1.623773742E9

2021-06-15 16:10:42

(1) More

SUCCESS

FAPI-RW-5.2.2-14

AddAudToRequestObject

Added aud to request object claims

aud	https://par-what-is-it-good-for.ping-eng.com:9032

2021-06-15 16:10:42

(1) More

SUCCESS

OIDCC-6.1

AddIssToRequestObject

Added iss to request object claims

iss	c__fapi-mtls-par1

2021-06-15 16:10:42

(1) More

SUCCESS

FAPI-RW-5.2.3-8

AddClientIdToRequestObject

Added client_id to request object claims

client_id

c__fapi-mtls-par1

2021-06-15 16:10:42

(4) More

SUCCESS

SignRequestObject

Signed the request object

claims	{"aud":"https:\/\/par-what-is-it-good-for.ping-eng.com:9032","scope":"openid other","claims":{"id_token":{"acr":{"value":"urn:mace:incommon:iap:silver","essential":true}}},"iss":"c__fapi-mtls-par1","response_type":"code id_token","redirect_uri":"https:\/\/www.certification.openid.net\/test\/a\/pi\/callback","state":"RYfs7g4HTt","exp":1623773742,"nonce":"5FCUA4HG4x","client_id":"c__fapi-mtls-par1"}
header	{"kid":"NjSdpg","alg":"PS256"}
request_object	eyJraWQiOiJOalNkcGciLCJhbGciOiJQUzI1NiJ9.eyJhdWQiOiJodHRwczpcL1wvcGFyLXdoYXQtaXMtaXQtZ29vZC1mb3IucGluZy1lbmcuY29tOjkwMzIiLCJzY29wZSI6Im9wZW5pZCBvdGhlciIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJjX19mYXBpLW10bHMtcGFyMSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpXC9jYWxsYmFjayIsInN0YXRlIjoiUllmczdnNEhUdCIsImV4cCI6MTYyMzc3Mzc0Miwibm9uY2UiOiI1RkNVQTRIRzR4IiwiY2xpZW50X2lkIjoiY19fZmFwaS1tdGxzLXBhcjEifQ.Kv49owhVYv1jQCBkRTZxmn643h2w_JgVXAtZ8IzJWoKVovwqu2EGA2xu_siQ6tvEK0vyiyf_1wIvXVCZRvqp-6_Rc7447ielCHcTOVy8oA9wvCZTIlfmDjJfQx-_FzNVLRbjYA57MJut8DjD66VhcwR-VKi3qhGUb1I6ynNBGWAsCsj8U8jtcPhGBiErdXyETBnrv5guVdSDaS6bHNpIvo_Iv3ROS1XTT9yPvVMNBP8ZzDd5u15sewiHwV0j7NEBrvJ2cz-JQy-T2ZaC_uROcmfMbbuPqLzqqe-WboHF6DRkyBrUG64tPc2pyWfNba9RhE7T6rgpzWaKZQsZYEbfFw
key	{"p":"1xM-aLtcc_MAfwfqu1MPR_vcWWlUsAdAgpj3K1HhpXpR_DI4V-sMbX8_x0iKWCjoZDVGW5JjNK3ho6V0h5Oi995ZJ2MgB8uA0BtceCV2jOL-lVJYaZwoESl_3KwfidiU3oe3oWoEJeOrWc0CY76mVv93mKuDzj2vsAPYzexuR3c","kty":"RSA","q":"wzcH0PyMkXJ1yqTdH73L9NWuG8y499PxN1n60M60_-_WqwbExB-xYzySaFN_JCjI2zKRmMX_eH3p9p5xhjmmISspJr0EMvHJlHxpQ59AjBFg_On-vNLTkLh34ibNKT7Wsq95ec6ff0D9o4XDoO1f_5S60CNxhWLzcQ9KmitGMa8","d":"L2rslluvOIT94XHTMllQSxTKdhf5jyB0pXWaIkQmet8qcZ_ELTSlE0hyxJQOVR83zCTq--Q2sO7O7rFAW03RR3YBFtwnbek1k6ZF3ftBeBgUbsw2OPHOvnUNCuBlwCjG2T5VnxcH1TjWKPKAxpRCURF3WA40QOmNxC_oUW0hsqd2lyf2Qa-OmllDFyOUuaIjSx5AZ36j4GWuCs_khvhGmQIcFG9ASn_8_yQqzBnQ7wCQ_SFgINvUP6cY5PRdAi_TjEYjckBmX8SqYZgQmVgtxxxDn11jayWnTa8Lu13ubJBQdhGOrU85Mg4x3eMKXGVVkSvjbaZFSStmBEdwimao0Q","e":"AQAB","use":"sig","kid":"NjSdpg","qi":"0ULXUQ6d4nnxE4_9V2mCqkqMM-q0isgDzac57c3p6lia-Om1wZzZt6lMxYQfOmYPtm5KD9Pvx3LIraF4U0M-Mc3MtMxPvizG3HGkiqrzN3aZIOFYzm0Jb0IdBST_U4QZGBGwXOUCEymkhthuHT9UtH5vfG5pq2ahEM-Wc2uBHUs","dp":"hDfHWRk9l-ZeermCO1Cvh0A1UR4ouuJqbR7ebFo1Dsao2hKBgsLz6-iba8aTjejwHJKHw0m2BS-UFEdl4OcI-7pMMqOEkGYxtT3s1cuqGqh9e4yY36vpEcviV-XUqahktHzYjbmf_S7-KwGWI32Tws3gVxGxwLs5Y0qqIMXlcbc","alg":"PS256","dq":"JZRKZOi5BqbKFiB2kM2wnYkk4yUd1lducAFaTyf7n-lDodjDuB2BwGDArmSkbQmM4OVzMb2r2D4k89y8beJbILd2TIbGcCgrbfIlMWdOvaf6y7Uf3KmZIJriOR7PD8mQ-wTclZ45Bf401W3CoxAPEtxGuhqYl9zckD8pVVRPRvE","n":"pAHkPUm8SY4OdllzAU3NlWN1lOufCQ1mRkkrEfkXtiVcekY5yOM54PIxWtRtSkaJvv8RynyoQA-P_WiPRkjpUcHAFEhk3xi-nrihUhsfOlU7fFxfZqCcS36rUG9WGPKjWBsBiE3qOWb_NqVkzdzGu5Q-mhizoDTxpe77v6eg4c_meLs_Mu-Qa3V_IOZ-_lvDdKmUeKzNgs0vm0KbiaiAW9jY0Gg7Wzb44CdGeSJASe41KRP1dM-yByVESLm2IAk-KnGaKzfa-mZcrdrW-I15CGWNh2tYe_e4aNX85cEA1qj5OdAp9abr5v09sHERCkVg4X9fzdircHDAHi7EQpqhWQ"}

2021-06-15 16:10:42

(1) More

SUCCESS

BuildRequestObjectPostToPAREndpoint

request

eyJraWQiOiJOalNkcGciLCJhbGciOiJQUzI1NiJ9.eyJhdWQiOiJodHRwczpcL1wvcGFyLXdoYXQtaXMtaXQtZ29vZC1mb3IucGluZy1lbmcuY29tOjkwMzIiLCJzY29wZSI6Im9wZW5pZCBvdGhlciIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJjX19mYXBpLW10bHMtcGFyMSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpXC9jYWxsYmFjayIsInN0YXRlIjoiUllmczdnNEhUdCIsImV4cCI6MTYyMzc3Mzc0Miwibm9uY2UiOiI1RkNVQTRIRzR4IiwiY2xpZW50X2lkIjoiY19fZmFwaS1tdGxzLXBhcjEifQ.Kv49owhVYv1jQCBkRTZxmn643h2w_JgVXAtZ8IzJWoKVovwqu2EGA2xu_siQ6tvEK0vyiyf_1wIvXVCZRvqp-6_Rc7447ielCHcTOVy8oA9wvCZTIlfmDjJfQx-_FzNVLRbjYA57MJut8DjD66VhcwR-VKi3qhGUb1I6ynNBGWAsCsj8U8jtcPhGBiErdXyETBnrv5guVdSDaS6bHNpIvo_Iv3ROS1XTT9yPvVMNBP8ZzDd5u15sewiHwV0j7NEBrvJ2cz-JQy-T2ZaC_uROcmfMbbuPqLzqqe-WboHF6DRkyBrUG64tPc2pyWfNba9RhE7T6rgpzWaKZQsZYEbfFw

2021-06-15 16:10:42

(2) More

SUCCESS

AddClientIdToPAREndpointRequest

request

eyJraWQiOiJOalNkcGciLCJhbGciOiJQUzI1NiJ9.eyJhdWQiOiJodHRwczpcL1wvcGFyLXdoYXQtaXMtaXQtZ29vZC1mb3IucGluZy1lbmcuY29tOjkwMzIiLCJzY29wZSI6Im9wZW5pZCBvdGhlciIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJjX19mYXBpLW10bHMtcGFyMSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpXC9jYWxsYmFjayIsInN0YXRlIjoiUllmczdnNEhUdCIsImV4cCI6MTYyMzc3Mzc0Miwibm9uY2UiOiI1RkNVQTRIRzR4IiwiY2xpZW50X2lkIjoiY19fZmFwaS1tdGxzLXBhcjEifQ.Kv49owhVYv1jQCBkRTZxmn643h2w_JgVXAtZ8IzJWoKVovwqu2EGA2xu_siQ6tvEK0vyiyf_1wIvXVCZRvqp-6_Rc7447ielCHcTOVy8oA9wvCZTIlfmDjJfQx-_FzNVLRbjYA57MJut8DjD66VhcwR-VKi3qhGUb1I6ynNBGWAsCsj8U8jtcPhGBiErdXyETBnrv5guVdSDaS6bHNpIvo_Iv3ROS1XTT9yPvVMNBP8ZzDd5u15sewiHwV0j7NEBrvJ2cz-JQy-T2ZaC_uROcmfMbbuPqLzqqe-WboHF6DRkyBrUG64tPc2pyWfNba9RhE7T6rgpzWaKZQsZYEbfFw

client_id

c__fapi-mtls-par1

2021-06-15 16:10:42

(5) More

CallPAREndpoint

HTTP request

request_uri	https://par-what-is-it-good-for.ping-eng.com:9032/as/par.oauth2
request_method	POST
request_headers	{ "accept": "application/json;charset\u003dUTF-8", "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8", "accept-charset": "utf-8", "content-length": "954" }
request_body	request=eyJraWQiOiJOalNkcGciLCJhbGciOiJQUzI1NiJ9.eyJhdWQiOiJodHRwczpcL1wvcGFyLXdoYXQtaXMtaXQtZ29vZC1mb3IucGluZy1lbmcuY29tOjkwMzIiLCJzY29wZSI6Im9wZW5pZCBvdGhlciIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJjX19mYXBpLW10bHMtcGFyMSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpXC9jYWxsYmFjayIsInN0YXRlIjoiUllmczdnNEhUdCIsImV4cCI6MTYyMzc3Mzc0Miwibm9uY2UiOiI1RkNVQTRIRzR4IiwiY2xpZW50X2lkIjoiY19fZmFwaS1tdGxzLXBhcjEifQ.Kv49owhVYv1jQCBkRTZxmn643h2w_JgVXAtZ8IzJWoKVovwqu2EGA2xu_siQ6tvEK0vyiyf_1wIvXVCZRvqp-6_Rc7447ielCHcTOVy8oA9wvCZTIlfmDjJfQx-_FzNVLRbjYA57MJut8DjD66VhcwR-VKi3qhGUb1I6ynNBGWAsCsj8U8jtcPhGBiErdXyETBnrv5guVdSDaS6bHNpIvo_Iv3ROS1XTT9yPvVMNBP8ZzDd5u15sewiHwV0j7NEBrvJ2cz-JQy-T2ZaC_uROcmfMbbuPqLzqqe-WboHF6DRkyBrUG64tPc2pyWfNba9RhE7T6rgpzWaKZQsZYEbfFw&client_id=c__fapi-mtls-par1
request_mutual_tls	{ "cert": "MIICsjCCAlegAwIBAgIBDTAKBggqhkjOPQQDAjA6MRswGQYDVQQKDBJMZXQncyBBdXRoZW50aWNhdGUxGzAZBgNVBAMMEkxBIEludGVybWVkaWF0ZSBDQTAeFw0yMTA2MTQxNzM1NDBaFw0yMjA2MjQxNzM1NDBaMEsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEPMA0GA1UEBwwGRGVudmVyMR4wHAYDVQQDDBV1bmNvbW1vbiB0ZXN0IGNsaWVudCAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiTHom8Sxa0cjgUSNnXGnZx/gm+93ip+7HQQPM4zHSK/LQeZSbCdiADTT0pDv0hzW4udhwSNBKVPcP+ermuzAliIn5MVSEZgfe9i7qWpdnLARsX+FS0VRQzEDp7uhS2NvGnnLQhgHfcc8C+A4nK/MWEJFGGE/Y7AmRKRZHjq9sUs6N+ExiDnARxCrzj/SFRY3NMXIVC9J5HaCpx2ld6YfPP0Hi/HZq5PsvN3hYYxvaRAgY9VUQSttz/d0JJu+aIjEuirpxVLp2BANJvUv1J9hTpVQGbOYaZBGaxWJefOLcHWKsi1HYK69mMEWrKOxBoMxAk50SgxIsvk7Vw/kPQJDVAgMBAAGjcjBwMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUZt1oy2t/JWxGArogj3LdGWkhA9gwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdEQEB/wQTMBGBD2JkY0BleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEAi//EFm4lAJSDTFvhl9gWOjS/sk74D0AcJDw37M9QDVUCIQCLTLeFZhuNYEKNdElnrKUuAXiZGrMh9B1php83AQlk9A\u003d\u003d", "key": "MIIEpAIBAAKCAQEAokx6JvEsWtHI4FEjZ1xp2cf4Jvvd4qfux0EDzOMx0ivy0HmUmwnYgA009KQ79Ic1uLnYcEjQSlT3D/nq5rswJYiJ+TFUhGYH3vYu6lqXZywEbF/hUtFUUMxA6e7oUtjbxp5y0IYB33HPAvgOJyvzFhCRRhhP2OwJkSkWR46vbFLOjfhMYg5wEcQq84/0hUWNzTFyFQvSeR2gqcdpXemHzz9B4vx2auT7Lzd4WGMb2kQIGPVVEErbc/3dCSbvmiIxLoq6cVS6dgQDSb1L9SfYU6VUBmzmGmQRmsViXnzi3B1irItR2CuvZjBFqyjsQaDMQJOdEoMSLL5O1cP5D0CQ1QIDAQABAoIBAQCftz8mf4Q0w+o4xeBfYVRRmzabtpT+7mBO+a4xvQtUVyeW/W6+vAuwyE5qygyucTju1wUmSqGf5MlVkY4XDfMtnJabAm639GiehApbWldQksKvnBNzmsis0rS3AgLjNMHjTh6TEq1ZJPihZVcYOWn5NsigAGDjijVIAvUH6mS75ZfEfBvIvgrBKkdhvXzLc5Hof8t7RVusPl1fPIiYy1r3RfhuSDWQLNysyXeCA3a5FEdMq0N+ZPiNejNsFIzO75QmJyXmVe38BERNVD0wMAlnHyYQKn5EPmWhhxncQkhzuyK8MqqNkH/ho6Rg5swlzJLXMYVKecjca9XYGZGAnsOpAoGBANfN36Ptfh6kxLX7ULHUbo1E7gYY27+FS9GAkuw8jFSxU/+3zTrls3Quw7q+LGCVZo6MBJPvWY9KKpYm8WtlOzL6yp47Ni2+yutjvevlBSuw/tSEKJftDJlwrzpXf8I4TMcwK492xw3Z/kEB5+LcACjDaAZ9uQFYjvs7X2OT6OFXAoGBAMCHUa5JcwCa0vNES+/AT5wVVe1TlPSgyc763fkm14tWYB4eMbfKobziHiDWp8aorsMJGY8NdYdwps775hwbtAm24IooJdoeVIU3XACRAgANBOaSc6BbGQw2xQyBnBb0YPB/D0oXjQR8xbfT+cAxD/X3G4zRDELt51A4sYD3p2ezAoGBAKk3gH6tEjD7KFg+WVcn6QwTGcVkJqO15O7BL/PXwn4Ckog42s+tIBshNE8xIeEWJVXvSwOpMgPetygIH1QEC/h8mPacHW6fZcRP8LORYI2S+y8u9hmzQibrKivIQqDLvsCN8ApNq+YbonfdA7RqqCFOoDo+yRvaEjvDoZeWeox/AoGAJQAcl4UwH9ahYfUnLt1jr1h+WgztHJJmFmwqCr8HP5ULBd7BqVO8/6LpLWBzf/9dDsiJ6+8nPi9NL4xDrfU5BYDq6EJM+/1GOw/nk4hKvR3DaliM9i1rw+gmuH+UMukmVDHnC1M5W7pq+Sg44FHNgnTKC6cFVzuHb+hlXKa7uncCgYAby+y2VVsqd16KcURYSBx02wuVNcgL6dSjZ855cBGLgg8jiTScfRYkZf3t3HoxC2tFv0eE8+tbcXh9SnuhQOyq7poeYhSKzarOLpk/w9f5hpQD7JVLcm+Q+EAPeU8ELXYaPlE3NkwLP9QoEXD5IyjIASih2u8XJMk097IrS9M/rg\u003d\u003d", "ca": "MIIB5jCCAYugAwIBAgIBFjAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJVUzEbMBkGA1UECgwSTGV0J3MgQXV0aGVudGljYXRlMSowKAYDVQQDDCFMZXQncyBBdXRoZW50aWNhdGUgUm9vdCBBdXRob3JpdHkwHhcNMjAwMTE0MjEzMjMwWhcNMzAwMTExMjEzMjMwWjA6MRswGQYDVQQKDBJMZXQncyBBdXRoZW50aWNhdGUxGzAZBgNVBAMMEkxBIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJf+aA54RC5pyLAR5yfXVYmNpgd+CGUTDp2KOGhc0gK91zxhHesEYkdXkpS2UN8Kati+yHtWCV3kkhCngGyv7RqjZjBkMB0GA1UdDgQWBBRm3WjLa38lbEYCuiCPct0ZaSED2DAfBgNVHSMEGDAWgBTEA2Q6eecKu9g9yb5glbkhhVINGDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEA5pLvaFwRRkxomIAtDIwg9D7gC1xzxBl4r28EzmSO1pcCIQCJUShpSXO9HDIQMUgH69fNDEMHXD3RRX5gP7kuu2KGMg\u003d\u003d" }

2021-06-15 16:10:43

(4) More

RESPONSE

CallPAREndpoint

HTTP response

response_status_code	201 CREATED
response_status_text	Created
response_headers	{ "date": "Tue, 15 Jun 2021 16:10:43 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "origin", "cache-control": "no-cache, no-store", "pragma": "no-cache", "expires": "Thu, 01 Jan 1970 00:00:00 GMT", "content-type": "application/json;charset\u003dutf-8", "set-cookie": "PF\u003dK1DmtcoZV6Uyui4Dw3zzha;Path\u003d/;Secure;HttpOnly;SameSite\u003dNone", "transfer-encoding": "chunked" }
response_body	{"expires_in":15,"request_uri":"urn:ietf:params:oauth:request_uri:CF_o35OdCdlsJddl-vLoMnuIgxm8kCla"}

2021-06-15 16:10:43	SUCCESS PAR-2.1	CallPAREndpoint Storing pushed_authorization_endpoint_response_http_status 201

2021-06-15 16:10:43

(2) More

SUCCESS

PAR-2.1

CallPAREndpoint

Parsed pushed authorization request endpoint response

expires_in	15
request_uri	urn:ietf:params:oauth:request_uri:CF_o35OdCdlsJddl-vLoMnuIgxm8kCla

2021-06-15 16:10:43	SUCCESS PAR-2.2 PAR-2.3	CheckIfPAREndpointResponseError pushed authorization request endpoint correct response.

2021-06-15 16:10:43

(1) More

SUCCESS

PAR-2.2

CheckForRequestUriValue

Found valid request_uri

request_uri

urn:ietf:params:oauth:request_uri:CF_o35OdCdlsJddl-vLoMnuIgxm8kCla

2021-06-15 16:10:43

(1) More

SUCCESS

PAR-2.2

CheckForPARResponseExpiresIn

Found expires_in

expires_in

2021-06-15 16:10:43	SUCCESS	ExtractRequestUriFromPARResponse Extracted the request_uri: urn:ietf:params:oauth:request_uri:CF_o35OdCdlsJddl-vLoMnuIgxm8kCla

2021-06-15 16:10:43

(2) More

SUCCESS

PAR-7.1 PAR-2.2 JAR-10.2

EnsureMinimumRequestUriEntropy

Calculated shannon entropy seems sufficient

actual	315.18140591580357
expected	128.0

2021-06-15 16:10:43

(1) More

SUCCESS

PAR-4

BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint

Sending to authorization endpoint

redirect_to_authorization_endpoint

https://par-what-is-it-good-for.ping-eng.com:9031/as/authorization.oauth2?request_uri=urn:ietf:params:oauth:request_uri:CF_o35OdCdlsJddl-vLoMnuIgxm8kCla&client_id=c__fapi-mtls-par1&redirect_uri=https://www.certification.openid.net/test/a/pi/callback&scope=openid%20other&response_type=code%20id_token

2021-06-15 16:10:43

(1) More

REDIRECT

fapi-rw-id2-ensure-mtls-holder-of-key-required

Redirecting to authorization endpoint

redirect_to

https://par-what-is-it-good-for.ping-eng.com:9031/as/authorization.oauth2?request_uri=urn:ietf:params:oauth:request_uri:CF_o35OdCdlsJddl-vLoMnuIgxm8kCla&client_id=c__fapi-mtls-par1&redirect_uri=https://www.certification.openid.net/test/a/pi/callback&scope=openid%20other&response_type=code%20id_token

2021-06-15 16:10:48

(7) More

INCOMING

fapi-rw-id2-ensure-mtls-holder-of-key-required

Incoming HTTP request to test instance ttMMpSkHmxqZZUv

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,/;q\u003d0.8", "accept-language": "en-US,en;q\u003d0.5", "accept-encoding": "gzip, deflate, br", "referer": "https://par-what-is-it-good-for.ping-eng.com:9031/", "cookie": "__utma\u003d201319536.1543712019.1535389192.1623687574.1623770157.261; __utmz\u003d201319536.1623105741.257.63.utmcsr\u003dgoogle\|utmccn\u003d(organic)\|utmcmd\u003dorganic\|utmctr\u003d(not%20provided); _ga\u003dGA1.2.1543712019.1535389192; expected_tab\u003dgoogleplus; welcome_info_name\u003dBrian%20Campbell; __utmc\u003d201319536; JSESSIONID\u003d9013661A0A3851129F3BCC0475BAB396", "upgrade-insecure-requests": "1", "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
incoming_path	callback
incoming_body_form_params
incoming_method	GET
incoming_body_json
incoming_query_string_params	{}
incoming_body

2021-06-15 16:10:48

(1) More

SUCCESS

CreateRandomImplicitSubmitUrl

Created random implicit submission URL

implicit_submit

{
  "path": "implicit/ybHbjY3EqWCiEMjUJYJ5",
  "fullUrl": "https://www.certification.openid.net/test/a/pi/implicit/ybHbjY3EqWCiEMjUJYJ5"
}

2021-06-15 16:10:48

(2) More

OUTGOING

fapi-rw-id2-ensure-mtls-holder-of-key-required

Response to HTTP request to test instance ttMMpSkHmxqZZUv

outgoing	ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/pi/implicit/ybHbjY3EqWCiEMjUJYJ5, returnUrl=/log-detail.html?log=ttMMpSkHmxqZZUv}]
outgoing_path	callback

2021-06-15 16:10:48

(7) More

INCOMING

fapi-rw-id2-ensure-mtls-holder-of-key-required

Incoming HTTP request to test instance ttMMpSkHmxqZZUv

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0", "accept": "/", "accept-language": "en-US,en;q\u003d0.5", "accept-encoding": "gzip, deflate, br", "content-type": "text/plain", "x-requested-with": "XMLHttpRequest", "origin": "https://www.certification.openid.net", "referer": "https://www.certification.openid.net/test/a/pi/callback", "cookie": "__utma\u003d201319536.1543712019.1535389192.1623687574.1623770157.261; __utmz\u003d201319536.1623105741.257.63.utmcsr\u003dgoogle\|utmccn\u003d(organic)\|utmcmd\u003dorganic\|utmctr\u003d(not%20provided); _ga\u003dGA1.2.1543712019.1535389192; expected_tab\u003dgoogleplus; welcome_info_name\u003dBrian%20Campbell; __utmc\u003d201319536; JSESSIONID\u003d9013661A0A3851129F3BCC0475BAB396", "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256", "x-ssl-protocol": "TLSv1.2", "content-length": "969", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net", "connection": "close" }
incoming_path	implicit/ybHbjY3EqWCiEMjUJYJ5
incoming_body_form_params
incoming_method	POST
incoming_body_json
incoming_query_string_params	{}
incoming_body	#code=HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp&id_token=eyJhbGciOiJQUzI1NiIsImtpZCI6IlpIMnk0QWV0SFR5bnZVZ0RLX1l4WWJCNXlMUSJ9.eyJzdWIiOiI5d1A0MUFkRzE5OVNPR3JLaUtoYUlZVnRqYWhkeG9rQ0k2UDF2ZlpjeGkwU2RfeU9SY3BLM3Y0IiwiYXVkIjoiY19fZmFwaS1tdGxzLXBhcjEiLCJqdGkiOiJ4ZDBvSmt6SUg3bkQzTHBFRFU5TFZXIiwiaXNzIjoiaHR0cHM6Ly9wYXItd2hhdC1pcy1pdC1nb29kLWZvci5waW5nLWVuZy5jb206OTAzMiIsImlhdCI6MTYyMzc3MzQ0OCwiZXhwIjoxNjIzNzczNzQ4LCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXV0aF90aW1lIjoxNjIzNzczMTQ2LCJub25jZSI6IjVGQ1VBNEhHNHgiLCJjX2hhc2giOiJ5b1ZrQkpRSW1UckZ3elJEdDVSTDVRIiwic19oYXNoIjoiNndjRU1QMXJUS2ozNWphcHl4Rm5xZyJ9.V_JbWMmSOUAGp68blM1bu0nDpA65siMveLmqq_CEfPr9JkxlVFUccdjdEspWeafL0eFlDdLjY-2OYU8CXdUaDCI3na3EcNi29Ub1RzfNbK1yMKOwAt5kKpYsw4E-ImiEd12q06iK40Nx_MjD0ilLSB4cwgzNbR2O8tJxfxnjf_HeY24C9wkrozjsVN159AjsGPnTdX10k636qpWZGSIuD6TuPYLdBlzZOxURzWYCrOwwUYmPDx_x-N3MiQ0w89vyluW4amySQc9Dh3Zb5YFwj7g1CAlgknB6twdYPUsXEdJcW9S5cbYxavtyfcSqSOf9NkB_1PiRC9Gp89_4avOAkA&state=RYfs7g4HTt

2021-06-15 16:10:48

(4) More

OUTGOING

fapi-rw-id2-ensure-mtls-holder-of-key-required

Response to HTTP request to test instance ttMMpSkHmxqZZUv

outgoing_status_code	204
outgoing_headers	{}
outgoing_body
outgoing_path	implicit/ybHbjY3EqWCiEMjUJYJ5

2021-06-15 16:10:48

(1) More

ExtractImplicitHashToCallbackResponse

Extracted response from URL fragment

parameters

[
  {
    "name": "code",
    "value": "HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp"
  },
  {
    "name": "id_token",
    "value": "eyJhbGciOiJQUzI1NiIsImtpZCI6IlpIMnk0QWV0SFR5bnZVZ0RLX1l4WWJCNXlMUSJ9.eyJzdWIiOiI5d1A0MUFkRzE5OVNPR3JLaUtoYUlZVnRqYWhkeG9rQ0k2UDF2ZlpjeGkwU2RfeU9SY3BLM3Y0IiwiYXVkIjoiY19fZmFwaS1tdGxzLXBhcjEiLCJqdGkiOiJ4ZDBvSmt6SUg3bkQzTHBFRFU5TFZXIiwiaXNzIjoiaHR0cHM6Ly9wYXItd2hhdC1pcy1pdC1nb29kLWZvci5waW5nLWVuZy5jb206OTAzMiIsImlhdCI6MTYyMzc3MzQ0OCwiZXhwIjoxNjIzNzczNzQ4LCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXV0aF90aW1lIjoxNjIzNzczMTQ2LCJub25jZSI6IjVGQ1VBNEhHNHgiLCJjX2hhc2giOiJ5b1ZrQkpRSW1UckZ3elJEdDVSTDVRIiwic19oYXNoIjoiNndjRU1QMXJUS2ozNWphcHl4Rm5xZyJ9.V_JbWMmSOUAGp68blM1bu0nDpA65siMveLmqq_CEfPr9JkxlVFUccdjdEspWeafL0eFlDdLjY-2OYU8CXdUaDCI3na3EcNi29Ub1RzfNbK1yMKOwAt5kKpYsw4E-ImiEd12q06iK40Nx_MjD0ilLSB4cwgzNbR2O8tJxfxnjf_HeY24C9wkrozjsVN159AjsGPnTdX10k636qpWZGSIuD6TuPYLdBlzZOxURzWYCrOwwUYmPDx_x-N3MiQ0w89vyluW4amySQc9Dh3Zb5YFwj7g1CAlgknB6twdYPUsXEdJcW9S5cbYxavtyfcSqSOf9NkB_1PiRC9Gp89_4avOAkA"
  },
  {
    "name": "state",
    "value": "RYfs7g4HTt"
  }
]

2021-06-15 16:10:48

(3) More

SUCCESS

ExtractImplicitHashToCallbackResponse

Extracted the hash values

code	HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp
id_token	eyJhbGciOiJQUzI1NiIsImtpZCI6IlpIMnk0QWV0SFR5bnZVZ0RLX1l4WWJCNXlMUSJ9.eyJzdWIiOiI5d1A0MUFkRzE5OVNPR3JLaUtoYUlZVnRqYWhkeG9rQ0k2UDF2ZlpjeGkwU2RfeU9SY3BLM3Y0IiwiYXVkIjoiY19fZmFwaS1tdGxzLXBhcjEiLCJqdGkiOiJ4ZDBvSmt6SUg3bkQzTHBFRFU5TFZXIiwiaXNzIjoiaHR0cHM6Ly9wYXItd2hhdC1pcy1pdC1nb29kLWZvci5waW5nLWVuZy5jb206OTAzMiIsImlhdCI6MTYyMzc3MzQ0OCwiZXhwIjoxNjIzNzczNzQ4LCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXV0aF90aW1lIjoxNjIzNzczMTQ2LCJub25jZSI6IjVGQ1VBNEhHNHgiLCJjX2hhc2giOiJ5b1ZrQkpRSW1UckZ3elJEdDVSTDVRIiwic19oYXNoIjoiNndjRU1QMXJUS2ozNWphcHl4Rm5xZyJ9.V_JbWMmSOUAGp68blM1bu0nDpA65siMveLmqq_CEfPr9JkxlVFUccdjdEspWeafL0eFlDdLjY-2OYU8CXdUaDCI3na3EcNi29Ub1RzfNbK1yMKOwAt5kKpYsw4E-ImiEd12q06iK40Nx_MjD0ilLSB4cwgzNbR2O8tJxfxnjf_HeY24C9wkrozjsVN159AjsGPnTdX10k636qpWZGSIuD6TuPYLdBlzZOxURzWYCrOwwUYmPDx_x-N3MiQ0w89vyluW4amySQc9Dh3Zb5YFwj7g1CAlgknB6twdYPUsXEdJcW9S5cbYxavtyfcSqSOf9NkB_1PiRC9Gp89_4avOAkA
state	RYfs7g4HTt

2021-06-15 16:10:48

(5) More

REDIRECT-IN

fapi-rw-id2-ensure-mtls-holder-of-key-required

Authorization endpoint response captured

url_query	{}
headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,/;q\u003d0.8", "accept-language": "en-US,en;q\u003d0.5", "accept-encoding": "gzip, deflate, br", "referer": "https://par-what-is-it-good-for.ping-eng.com:9031/", "cookie": "__utma\u003d201319536.1543712019.1535389192.1623687574.1623770157.261; __utmz\u003d201319536.1623105741.257.63.utmcsr\u003dgoogle\|utmccn\u003d(organic)\|utmcmd\u003dorganic\|utmctr\u003d(not%20provided); _ga\u003dGA1.2.1543712019.1535389192; expected_tab\u003dgoogleplus; welcome_info_name\u003dBrian%20Campbell; __utmc\u003d201319536; JSESSIONID\u003d9013661A0A3851129F3BCC0475BAB396", "upgrade-insecure-requests": "1", "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
http_method	GET
url_fragment	{ "code": "HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp", "id_token": "eyJhbGciOiJQUzI1NiIsImtpZCI6IlpIMnk0QWV0SFR5bnZVZ0RLX1l4WWJCNXlMUSJ9.eyJzdWIiOiI5d1A0MUFkRzE5OVNPR3JLaUtoYUlZVnRqYWhkeG9rQ0k2UDF2ZlpjeGkwU2RfeU9SY3BLM3Y0IiwiYXVkIjoiY19fZmFwaS1tdGxzLXBhcjEiLCJqdGkiOiJ4ZDBvSmt6SUg3bkQzTHBFRFU5TFZXIiwiaXNzIjoiaHR0cHM6Ly9wYXItd2hhdC1pcy1pdC1nb29kLWZvci5waW5nLWVuZy5jb206OTAzMiIsImlhdCI6MTYyMzc3MzQ0OCwiZXhwIjoxNjIzNzczNzQ4LCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXV0aF90aW1lIjoxNjIzNzczMTQ2LCJub25jZSI6IjVGQ1VBNEhHNHgiLCJjX2hhc2giOiJ5b1ZrQkpRSW1UckZ3elJEdDVSTDVRIiwic19oYXNoIjoiNndjRU1QMXJUS2ozNWphcHl4Rm5xZyJ9.V_JbWMmSOUAGp68blM1bu0nDpA65siMveLmqq_CEfPr9JkxlVFUccdjdEspWeafL0eFlDdLjY-2OYU8CXdUaDCI3na3EcNi29Ub1RzfNbK1yMKOwAt5kKpYsw4E-ImiEd12q06iK40Nx_MjD0ilLSB4cwgzNbR2O8tJxfxnjf_HeY24C9wkrozjsVN159AjsGPnTdX10k636qpWZGSIuD6TuPYLdBlzZOxURzWYCrOwwUYmPDx_x-N3MiQ0w89vyluW4amySQc9Dh3Zb5YFwj7g1CAlgknB6twdYPUsXEdJcW9S5cbYxavtyfcSqSOf9NkB_1PiRC9Gp89_4avOAkA", "state": "RYfs7g4HTt" }
post_body

Verify authorization endpoint response

2021-06-15 16:10:48	SUCCESS OAuth2-RT-5	RejectErrorInUrlQuery 'error' is not present in URL query returned from authorization endpoint

2021-06-15 16:10:48	SUCCESS OIDCC-3.3.2.5	RejectAuthCodeInUrlQuery Authorization code is not present in URL query returned from authorization endpoint

2021-06-15 16:10:48	SUCCESS	CheckMatchingCallbackParameters Callback parameters successfully verified

2021-06-15 16:10:48	SUCCESS OIDCC-3.3.2.5	RejectStateInUrlQueryForHybridFlow state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)

2021-06-15 16:10:48	SUCCESS	CheckIfAuthorizationEndpointError No error from authorization endpoint

2021-06-15 16:10:48

(3) More

SUCCESS

ValidateSuccessfulHybridResponseFromAuthorizationEndpoint

authorization endpoint response does not include unexpected parameters

code	HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp
id_token	eyJhbGciOiJQUzI1NiIsImtpZCI6IlpIMnk0QWV0SFR5bnZVZ0RLX1l4WWJCNXlMUSJ9.eyJzdWIiOiI5d1A0MUFkRzE5OVNPR3JLaUtoYUlZVnRqYWhkeG9rQ0k2UDF2ZlpjeGkwU2RfeU9SY3BLM3Y0IiwiYXVkIjoiY19fZmFwaS1tdGxzLXBhcjEiLCJqdGkiOiJ4ZDBvSmt6SUg3bkQzTHBFRFU5TFZXIiwiaXNzIjoiaHR0cHM6Ly9wYXItd2hhdC1pcy1pdC1nb29kLWZvci5waW5nLWVuZy5jb206OTAzMiIsImlhdCI6MTYyMzc3MzQ0OCwiZXhwIjoxNjIzNzczNzQ4LCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXV0aF90aW1lIjoxNjIzNzczMTQ2LCJub25jZSI6IjVGQ1VBNEhHNHgiLCJjX2hhc2giOiJ5b1ZrQkpRSW1UckZ3elJEdDVSTDVRIiwic19oYXNoIjoiNndjRU1QMXJUS2ozNWphcHl4Rm5xZyJ9.V_JbWMmSOUAGp68blM1bu0nDpA65siMveLmqq_CEfPr9JkxlVFUccdjdEspWeafL0eFlDdLjY-2OYU8CXdUaDCI3na3EcNi29Ub1RzfNbK1yMKOwAt5kKpYsw4E-ImiEd12q06iK40Nx_MjD0ilLSB4cwgzNbR2O8tJxfxnjf_HeY24C9wkrozjsVN159AjsGPnTdX10k636qpWZGSIuD6TuPYLdBlzZOxURzWYCrOwwUYmPDx_x-N3MiQ0w89vyluW4amySQc9Dh3Zb5YFwj7g1CAlgknB6twdYPUsXEdJcW9S5cbYxavtyfcSqSOf9NkB_1PiRC9Gp89_4avOAkA
state	RYfs7g4HTt

2021-06-15 16:10:48

(1) More

SUCCESS

OIDCC-3.2.2.5 JARM-4.4-2

CheckStateInAuthorizationResponse

State in response correctly returned

state

RYfs7g4HTt

2021-06-15 16:10:48		ValidateIssInAuthorizationResponse No 'iss' value in authorization response.

2021-06-15 16:10:48

(1) More

SUCCESS

ExtractAuthorizationCodeFromAuthorizationResponse

Found authorization code

code	HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp

2021-06-15 16:10:48

(2) More

SUCCESS

RFC6819-5.1.4.2-2 RFC6749-10.10

EnsureMinimumAuthorizationCodeLength

Authorization code is of sufficient length

actual	320
required	128

2021-06-15 16:10:48

(2) More

SUCCESS

RFC6819-5.1.4.2-2 RFC6749-10.10

EnsureMinimumAuthorizationCodeEntropy

Calculated shannon entropy seems sufficient

actual	194.8771237954945
expected	96.0

2021-06-15 16:10:48

(3) More

SUCCESS

CreateTokenEndpointRequestForAuthorizationCodeGrant

grant_type	authorization_code
code	HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp
redirect_uri	https://www.certification.openid.net/test/a/pi/callback

2021-06-15 16:10:48

(4) More

SUCCESS

AddClientIdToTokenEndpointRequest

grant_type	authorization_code
code	HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp
redirect_uri	https://www.certification.openid.net/test/a/pi/callback
client_id	c__fapi-mtls-par1

2021-06-15 16:10:48	SUCCESS	RemoveMTLSCertificates Removed mutual TLS authentication credentials

2021-06-15 16:10:48

(4) More

CallTokenEndpointAllowingTLSFailure

HTTP request

request_uri	https://par-what-is-it-good-for.ping-eng.com:9032/as/token.oauth2
request_method	POST
request_headers	{ "accept": "application/json;charset\u003dUTF-8", "accept-charset": "utf-8", "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8", "content-length": "186" }
request_body	grant_type=authorization_code&code=HYPHdx9dvEDki4P9YFtM0zKWe02Mk1uy4ZqNX7Lp&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2Fpi%2Fcallback&client_id=c__fapi-mtls-par1

2021-06-15 16:10:49

(4) More

RESPONSE

CallTokenEndpointAllowingTLSFailure

HTTP response

response_status_code	401 UNAUTHORIZED
response_status_text	Unauthorized
response_headers	{ "date": "Tue, 15 Jun 2021 16:10:48 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "origin", "cache-control": "no-cache, no-store", "pragma": "no-cache", "expires": "Thu, 01 Jan 1970 00:00:00 GMT", "content-type": "application/json;charset\u003dutf-8", "www-authenticate": "basic realm\u003d\"PF AS Token Endpoints\"", "set-cookie": "PF\u003dl1KtskLwhNKTrWHFBWHat3;Path\u003d/;Secure;HttpOnly;SameSite\u003dNone", "transfer-encoding": "chunked" }
response_body	{"error_description":"c__fapi-mtls-par1 is configured to use client certificates but there were no client certificates sent in the request.","error":"invalid_client"}

2021-06-15 16:10:49

(2) More

SUCCESS

FAPI-RW-5.2.2-6

CallTokenEndpointAllowingTLSFailure

Parsed token endpoint response

error_description	c__fapi-mtls-par1 is configured to use client certificates but there were no client certificates sent in the request.
error	invalid_client

2021-06-15 16:10:49	SUCCESS RFC6749-5.2	CheckTokenEndpointHttpStatus400or401 Token endpoint http status code was 401

2021-06-15 16:10:49	SUCCESS OIDCC-3.1.3.4	CheckTokenEndpointReturnedJsonContentType token_endpoint_response_headers Content-Type: header is application/json

2021-06-15 16:10:49	SUCCESS RFC6749-5.2	CheckTokenEndpointHttpStatusForInvalidRequestOrInvalidClientError Token endpoint http status code was 401 for error 'invalid_client'

2021-06-15 16:10:49

(2) More

SUCCESS

RFC6749-5.2

CheckErrorFromTokenEndpointResponseErrorInvalidClientOrInvalidRequest

Token endpoint returned an expected error

actual	invalid_client
expected	[ "invalid_request", "invalid_client" ]

2021-06-15 16:10:49

(1) More

SUCCESS

RFC6749-5.2

ValidateErrorFromTokenEndpointResponseError

Token endpoint response error returned valid 'error' field

error

invalid_client

2021-06-15 16:10:49

(1) More

SUCCESS

RFC6749-5.2

CheckErrorDescriptionFromTokenEndpointResponseErrorContainsCRLFTAB

token_endpoint_response 'error_description' field does not include CR/LF/TAB

error_description

c__fapi-mtls-par1 is configured to use client certificates but there were no client certificates sent in the request.

2021-06-15 16:10:49

(1) More

SUCCESS

RFC6749-5.2

ValidateErrorDescriptionFromTokenEndpointResponseError

token_endpoint_response error returned valid 'error_description' field

error_description

c__fapi-mtls-par1 is configured to use client certificates but there were no client certificates sent in the request.

2021-06-15 16:10:49	SUCCESS RFC6749-5.2	ValidateErrorUriFromTokenEndpointResponseError token_endpoint_response did not include optional 'error_uri' field

2021-06-15 16:10:49

(1) More

FINISHED

fapi-rw-id2-ensure-mtls-holder-of-key-required

Test has run to completion

testmodule_result

PASSED

2021-06-15 16:10:52

(2) More

TEST-RUNNER

Alias has now been claimed by another test

alias	pi
new_test_id	RE9RhezqPJHZtVe

Test Summary

Test Results