Test Info

Issuerhttps://testop.funet.fi
Profile[]
Test IDOP-Discovery-jwks_uri
Test descriptionVerify that jwks_uri is published
Timestamp2019-04-29T12:42:02Z

Conditions


bare-keys: status=OK [Dynamic OPs MUST publish their public keys as bare JWK keys]
providerinfo-has-jwks_uri: status=OK [Check that the jwks_uri discovery metadata value is in the provider_info]
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK

Trace Output

0phase<--<-- 0 --- Webfinger -->-->
0not expected to doWebFinger
0phase<--<-- 1 --- Discovery -->-->
0provider_config
kwargs:{'issuer': 'https://testop.funet.fi'}
1http response
url:https://testop.funet.fi/.well-known/openid-configuration status_code:200
1ProviderConfigurationResponse
{
    "authorization_endpoint": "https://testop.funet.fi/idp/profile/oidc/authorize",
    "claims_parameter_supported": true,
    "claims_supported": [
        "aud",
        "iss",
        "sub",
        "iat",
        "exp",
        "acr",
        "auth_time",
        "email",
        "email_verified",
        "address",
        "phone",
        "phone_number_verified",
        "name",
        "family_name",
        "given_name",
        "middle_name",
        "nickname",
        "preferred_username",
        "profile",
        "picture",
        "website",
        "gender",
        "birthdate",
        "zoneinfo",
        "locale",
        "updated_at"
    ],
    "display_values_supported": [
        "page"
    ],
    "grant_types_supported": [
        "authorization_code",
        "implicit",
        "refresh_token"
    ],
    "id_token_encryption_alg_values_supported": [
        "RSA1_5",
        "RSA-OAEP",
        "RSA-OAEP-256",
        "A128KW",
        "A192KW",
        "A256KW"
    ],
    "id_token_encryption_enc_values_supported": [
        "A128CBC-HS256",
        "A192CBC-HS384",
        "A256CBC-HS512",
        "A128GCM",
        "A192GCM",
        "A256GCM"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256",
        "RS384",
        "RS512",
        "HS256",
        "HS384",
        "HS512",
        "ES256"
    ],
    "issuer": "https://testop.funet.fi",
    "jwks_uri": "https://testop.funet.fi/idp/profile/oidc/keyset",
    "registration_endpoint": "https://testop.funet.fi/idp/profile/oidc/register",
    "request_object_encryption_alg_values_supported": [
        "RSA1_5",
        "RSA-OAEP",
        "RSA-OAEP-256",
        "A128KW",
        "A192KW",
        "A256KW"
    ],
    "request_object_encryption_enc_values_supported": [
        "A128CBC-HS256",
        "A192CBC-HS384",
        "A256CBC-HS512",
        "A128GCM",
        "A192GCM",
        "A256GCM"
    ],
    "request_object_signing_alg_values_supported": [
        "none",
        "RS256",
        "RS384",
        "RS512",
        "HS256",
        "HS384",
        "HS512",
        "ES256",
        "ES384",
        "ES512"
    ],
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": false,
    "response_modes_supported": [
        "query",
        "fragment",
        "form_post"
    ],
    "response_types_supported": [
        "code",
        "id_token",
        "token id_token",
        "code id_token",
        "code token",
        "code token id_token"
    ],
    "scopes_supported": [
        "openid",
        "profile",
        "email",
        "address",
        "phone",
        "offline_access"
    ],
    "subject_types_supported": [
        "public",
        "pairwise"
    ],
    "token_endpoint": "https://testop.funet.fi/idp/profile/oidc/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_basic",
        "client_secret_post",
        "client_secret_jwt",
        "private_key_jwt"
    ],
    "userinfo_encryption_alg_values_supported": [
        "RSA1_5",
        "RSA-OAEP",
        "RSA-OAEP-256",
        "A128KW",
        "A192KW",
        "A256KW"
    ],
    "userinfo_encryption_enc_values_supported": [
        "A128CBC-HS256",
        "A192CBC-HS384",
        "A256CBC-HS512",
        "A128GCM",
        "A192GCM",
        "A256GCM"
    ],
    "userinfo_endpoint": "https://testop.funet.fi/idp/profile/oidc/userinfo",
    "userinfo_signing_alg_values_supported": [
        "RS256",
        "RS384",
        "RS512",
        "HS256",
        "HS384",
        "HS512",
        "ES256"
    ],
    "version": "3.0"
}
1phase<--<-- 2 --- Done -->-->
1end
1assertionBareKeys
1http response
url:https://testop.funet.fi/idp/profile/oidc/keyset status_code:200
1jwks{'keys': [{'kty': 'RSA', 'e': 'AQAB', 'use': 'sig', 'kid': 'testkeyRS', 'n': 'pNf03ghVzMAw5sWrwDAMAZdSYNY2q7OVlxMInljMgz8XB5mf8XKH3EtP7AKrb8IAf7rGhfuH3T1N1C7F-jwIeYjXxMm2nIAZ0hXApgbccvBpf4n2H7IZflMjt4A3tt587QQSxQ069drCP4sYevxhTcLplJy6RWA0cLj-5CHyWy94zPeeA4GRd6xgHFLz0RNiSF0pF0kE4rmRgQVZ-b4_BmD9SsWnIpwhms5Ihciw36WyAGQUeZqULGsfwAMwlNLIaTCBLAoRgv370p-XsLrgz86pTkNBJqXP5GwI-ZfgiLmJuHjQ9l85KqHM87f-QdsqiV8KoRcslgXPqb6VOTJBVw'}, {'kty': 'EC', 'use': 'sig', 'crv': 'P-256', 'kid': 'testkeyES', 'x': '2uzfE1oK0cf1_c11SFc9vFdGLnJoH3e0AKTrGPAmUis', 'y': '14410NGKqwLM58b26ZcvGOruFixpHt_SJTw8I5wwgLQ'}, {'kty': 'RSA', 'e': 'AQAB', 'use': 'enc', 'kid': 'testkeyRSAEncryption', 'n': '47mkdLGrenv7QFkAWv1JryydVjq8HsEVCKz-qRttVe2II1-lQc-4sObf-9X0LtAwdtK0g1_EpRzZNuGaK2nFISr9uZQQ5evNHETgUKE2oKJs3r0wnfgvEZVHV6wXg4B7NRmDBgphExIYndBt__L-tC9_S_isaJOXQ_PAx17621pmxdyg8WEnJx9Azc23vH-Cii0ttMxDLNqUTu-tdgtZ8eo0IX7VPBWAnXVi0bRKHJuuvzJ4B8QqwsZsj8hGrwqNkRMoJVEiz-5M6ACLo-rgGNjtCBJRaezolrHSCc-r-hZbAaBKq0dOPRNPcMtRm8TUdmuRKBY7rXaFi7zGV7XDdw'}]}
1conditionbare-keys: status=OK [Dynamic OPs MUST publish their public keys as bare JWK keys]
1assertionCheckHasJwksURI
1conditionproviderinfo-has-jwks_uri: status=OK [Check that the jwks_uri discovery metadata value is in the provider_info]
1assertionCheckHTTPResponse
1conditioncheck-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
1conditionDone: status=OK

Result

PASSED