Test Info
Issuer | https://testop.funet.fi |
---|---|
Profile | [] |
Test ID | OP-claims-Split |
Test description | Supports returning different claims in ID Token and at UserInfo Endpoint |
Timestamp | 2019-04-29T13:23:41Z |
Conditions
verify-claims: status=OK [Verifies that the claims returned as UserInfo or in the ID Token is consistent with what was asked for]
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
Trace Output
0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config |
|
1 | http response |
|
1 | ProviderConfigurationResponse |
|
1 | phase | <--<-- 2 --- Registration -->--> |
1 | register |
|
1 | RegistrationRequest |
|
2 | http response |
|
2 | RegistrationResponse |
|
2 | phase | <--<-- 3 --- AsyncAuthn -->--> |
2 | AuthorizationRequest |
|
2 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=dWiUQ4puItEirSpA&nonce=I6sriZJJAJasRV1K&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&claims=%7B%22id_token%22%3A+%7B%22email%22%3A+%7B%22essential%22%3A+true%7D%7D%2C+%22userinfo%22%3A+%7B%22name%22%3A+%7B%22essential%22%3A+true%7D%7D%7D&client_id=_a04e221ad93b4416ee5306d5b383bd9c |
2 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=dWiUQ4puItEirSpA&nonce=I6sriZJJAJasRV1K&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&claims=%7B%22id_token%22%3A+%7B%22email%22%3A+%7B%22essential%22%3A+true%7D%7D%2C+%22userinfo%22%3A+%7B%22name%22%3A+%7B%22essential%22%3A+true%7D%7D%7D&client_id=_a04e221ad93b4416ee5306d5b383bd9c |
4 | http args | {} |
5 | response | URL with fragment |
5 | response | access_token=AAdzZWNyZXQxMK8WSxDG25dKSkX2ib4v2DDfy-Xf3iMEI7zu18g1Ni6bYuHaXH78dBdSqbG0iWOhcSDTUOpIu7_P9Z5xQaeLSgQZ92ngVFJ56VfMf7L38Xw8qCJfZr53oeGOB63HFRZljWSigE_Vs4E4mc5X1c8z3LW_rpUJ0yg0fEqErFqlNDaQ8bJjr-kKygSS1ynaHA2qnhGGyW7-QsTo-LgavwBI3Is7k0pTPmKJ_J_0RgEKWfX_Dh2Z31gRxhr1lfHcj6p2Ix2EtBcSWiLD45EToUA_t0GOsCpye1MTYAKaeQwJ9FaUBODtFdg47OTry-0JtN_L2Uywk98nA0lRDkl4uLkjwEH83AEboDKM37BpL1tJ5-r1ujpnGDxDCK7Vc6di-V-4ciVDIBV8ZOyo2GrcwvlxS95bQub-1zrgKbn1ZOuOmC7po7DL2Fd4bDmBrz_egaNWskZs7l_6i86GpnP56c1HkjhryPkuhJfc03WavJmGEJzYc2QXp5DIy-hCmED2WqYyYkz6cUcscqv3NBqebtxMyCQhQjFXmvOD0FooFkvX9f76q9ZLuPktgcFzp3FX&id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiN0dmMnYwcEM4Zi1fUU1nV3J0a3FSUSIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiX2EwNGUyMjFhZDkzYjQ0MTZlZTUzMDZkNWIzODNiZDljIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDMwMTEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDc4MTksImlhdCI6MTU1NjU0NDIxOSwibm9uY2UiOiJJNnNyaVpKSkFKYXNSVjFLIiwiZW1haWwiOiJ0ZXBwb0BleGFtcGxlLm9yZyJ9.QNbHPA1GgOaJMkqFNogacA0bhlrPv3TNlXCacuE1FBzmNWN1i8X947EHkmdslh4bwVwbpVmQEm6VJojCqVruUSWkYpnriwFtGlSZ_Qjcsc6yGWOUvoO7BWbZGvJy_NE3KHHVQZHVz59VjHM3t21nOeJaH5yLcZ_4Zv7iXAeffKvaHC4HmJbkujNzm7hXN8-6s2UT9ACqTird-lRjzi9U16wMg6dg-Q-B_XAwbuCGESlMBmDSV-fwPdXhQpNq_dUMD_ebVBViLt7p6sEr067CY92F-LoIHo9hKKkTGGdXzUxrdLSAezdpdyQCGpKENXFRUQF2MlZOn3qH6xwSDlh7TA&state=dWiUQ4puItEirSpA&token_type=Bearer&expires_in=600 |
5 | response | {'access_token': 'AAdzZWNyZXQxMK8WSxDG25dKSkX2ib4v2DDfy-Xf3iMEI7zu18g1Ni6bYuHaXH78dBdSqbG0iWOhcSDTUOpIu7_P9Z5xQaeLSgQZ92ngVFJ56VfMf7L38Xw8qCJfZr53oeGOB63HFRZljWSigE_Vs4E4mc5X1c8z3LW_rpUJ0yg0fEqErFqlNDaQ8bJjr-kKygSS1ynaHA2qnhGGyW7-QsTo-LgavwBI3Is7k0pTPmKJ_J_0RgEKWfX_Dh2Z31gRxhr1lfHcj6p2Ix2EtBcSWiLD45EToUA_t0GOsCpye1MTYAKaeQwJ9FaUBODtFdg47OTry-0JtN_L2Uywk98nA0lRDkl4uLkjwEH83AEboDKM37BpL1tJ5-r1ujpnGDxDCK7Vc6di-V-4ciVDIBV8ZOyo2GrcwvlxS95bQub-1zrgKbn1ZOuOmC7po7DL2Fd4bDmBrz_egaNWskZs7l_6i86GpnP56c1HkjhryPkuhJfc03WavJmGEJzYc2QXp5DIy-hCmED2WqYyYkz6cUcscqv3NBqebtxMyCQhQjFXmvOD0FooFkvX9f76q9ZLuPktgcFzp3FX', 'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiN0dmMnYwcEM4Zi1fUU1nV3J0a3FSUSIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiX2EwNGUyMjFhZDkzYjQ0MTZlZTUzMDZkNWIzODNiZDljIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDMwMTEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDc4MTksImlhdCI6MTU1NjU0NDIxOSwibm9uY2UiOiJJNnNyaVpKSkFKYXNSVjFLIiwiZW1haWwiOiJ0ZXBwb0BleGFtcGxlLm9yZyJ9.QNbHPA1GgOaJMkqFNogacA0bhlrPv3TNlXCacuE1FBzmNWN1i8X947EHkmdslh4bwVwbpVmQEm6VJojCqVruUSWkYpnriwFtGlSZ_Qjcsc6yGWOUvoO7BWbZGvJy_NE3KHHVQZHVz59VjHM3t21nOeJaH5yLcZ_4Zv7iXAeffKvaHC4HmJbkujNzm7hXN8-6s2UT9ACqTird-lRjzi9U16wMg6dg-Q-B_XAwbuCGESlMBmDSV-fwPdXhQpNq_dUMD_ebVBViLt7p6sEr067CY92F-LoIHo9hKKkTGGdXzUxrdLSAezdpdyQCGpKENXFRUQF2MlZOn3qH6xwSDlh7TA', 'state': 'dWiUQ4puItEirSpA', 'token_type': 'Bearer', 'expires_in': 600} |
5 | AuthorizationResponse |
|
5 | phase | <--<-- 4 --- AccessToken -->--> |
5 | phase | <--<-- 5 --- UserInfo -->--> |
5 | do_user_info_request |
|
5 | request | {'body': None} |
5 | request_url | https://testop.funet.fi/idp/profile/oidc/userinfo |
5 | request_http_args | {'headers': {'Authorization': 'Bearer AAdzZWNyZXQxMK8WSxDG25dKSkX2ib4v2DDfy-Xf3iMEI7zu18g1Ni6bYuHaXH78dBdSqbG0iWOhcSDTUOpIu7_P9Z5xQaeLSgQZ92ngVFJ56VfMf7L38Xw8qCJfZr53oeGOB63HFRZljWSigE_Vs4E4mc5X1c8z3LW_rpUJ0yg0fEqErFqlNDaQ8bJjr-kKygSS1ynaHA2qnhGGyW7-QsTo-LgavwBI3Is7k0pTPmKJ_J_0RgEKWfX_Dh2Z31gRxhr1lfHcj6p2Ix2EtBcSWiLD45EToUA_t0GOsCpye1MTYAKaeQwJ9FaUBODtFdg47OTry-0JtN_L2Uywk98nA0lRDkl4uLkjwEH83AEboDKM37BpL1tJ5-r1ujpnGDxDCK7Vc6di-V-4ciVDIBV8ZOyo2GrcwvlxS95bQub-1zrgKbn1ZOuOmC7po7DL2Fd4bDmBrz_egaNWskZs7l_6i86GpnP56c1HkjhryPkuhJfc03WavJmGEJzYc2QXp5DIy-hCmED2WqYyYkz6cUcscqv3NBqebtxMyCQhQjFXmvOD0FooFkvX9f76q9ZLuPktgcFzp3FX'}} |
6 | http response |
|
6 | OpenIDSchema |
|
6 | OpenIDSchema |
|
6 | phase | <--<-- 6 --- Done -->--> |
6 | end | |
6 | assertion | VerifyClaims |
6 | condition | verify-claims: status=OK [Verifies that the claims returned as UserInfo or in the ID Token is consistent with what was asked for] |
6 | assertion | CheckHTTPResponse |
6 | condition | check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks] |
6 | condition | Done: status=OK |
Result
PASSED