Conformance Testing for OpenID Shared Signals Framework

The following describes conformance tests for OpenID Shared Signals Framework 1.0 (SSF) implementations.

At the moment we only support conformance tests for OpenID SSF Transmitter implementations. 
Support for running conformance tests for OpenID SSF Receivers will be provided in the future.

First, go to https://www.certification.openid.net and log in with your Google or Gitlab account. Next, choose to Create a new test plan.

Shared Signals Framework Transmitter Test

To test an SSF Transmitter, go to the OpenID Foundation Conformance Suite and sign in with a Google or Gitlab account. After sing-in, click on “Create new Test plan” and select “OpenID Shared Signals Framework 1.0 Final”: Transmitter” and configure the variant settings as necessary.

Note that currently we allow the certification of SSF Transmitters the following variants:

  1. SSF Transmitter (ssf_profile=caep_interop, delivery_methods=push)
  2. SSF Transmitter (ssf_profile=caep_interop, delivery_methods=poll)


Vendors with SSF Transmitters that support the delivery_methods push and poll need to run the test plan for each delivery_method configuration separately.

⚠️ We only support certification of SSF Transmitter implementations that support obtaining an Access Tokens
via OAuth Client Credentials Grant Flow at the moment.

Note that the transmitter test emulates an SSF Receiver and tests various aspects of an SSF Transmitter, including SSF configuration metadata, stream management, and stream verification and delivery (push/poll).

Currently, the CAEP Interoperability Profile 1.0 is used as the SSF profile for the certification.

Configuring the Transmitter Test

Configure SSF specifics

For interoperability, it is recommended to use dynamic authentication with a static client.

The conformance suite supports testing event delivery via PUSH / POLL. Depending on the capabilities of the SSF Transmitter,
you need to select the desired delivery mode.

If your implementation supports push and poll delivery, then you need to create two different test configurations and run each separately.

In case of push delivery, the conformance suite will expose a dynamic endpoint for the duration of the test execution based on
the provided test alias, see below.

SSF Transmitter issuer

If your transmitter deployment uses a generic issuer with tenant-specific content paths, then you can specify the part
via theTransmitter metadata suffixfield. 

For example, you can define a generic issuer for the SSF Transmitter like https://ssf.issuer.com and
use a specific SSF Transmitter metadata suffix like this: /tenants/my-tenant-id.

This configuration will result in the following SSF Configuration lookup URL: https://ssf.issuer.com/.well-known/ssf-configuration/tenants/my-tenant-id 

Configure Authentication

The SSF Transmitter conformance test can either use a static access token or a client to obtain one dynamically.
Currently, only static_client is supported for client registration. To use a dynamic access token with client credentials grant
with client_secret_basic, see the following example: 

 

SSF Transmitter Conformance tests with dynamic client Authentication
SSF Transmitter Conformance Test with dynamic Client Authentication

To use a static access token, use the following configuration as an example:

SSF Transmitter Conformance tests with static client Authentication
SSF Transmitter Conformance Test with static Client Authentication

Note that the client authentication type is only relevant if the authentication variant is set to dynamic.

Provide additional test configuration

You need to specify a unique alias that is used by the test-specific dynamic endpoints exposed by the conformance suite.

For example, an alias like ssf-transmitter-demo-caepdev will expose the the following SSF push endpoint if push delivery is configured:
https://www.certification.openid.net/test/a/ssf-transmitter-demo-caepdev/ssf-push 

 

Running the tests

In the test plan overview, you see a list of individual tests. Click Run Test to execute each test.

Sharing the test results

In the test plan overview, click Publish everything to make the test results visible to everyone (not just the logged-in user).

Getting help

Do not hesitate to register issues in the conformance suite project if you’re observing unexpected or incorrect behavior. You can also reach out to certification@oidf.org with any questions about the tests.