Test Info
Issuer | https://testop.funet.fi |
---|---|
Profile | [] |
Test ID | OP-UserInfo-RS256 |
Test description | RP registers userinfo_signed_response_alg to signal that it wants signed UserInfo returned |
Timestamp | 2019-04-29T13:21:59Z |
Conditions
asym-signed-userinfo: status=OK [Verifies that the UserInfo was signed with a RSA key]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
Trace Output
0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config |
|
1 | http response |
|
1 | ProviderConfigurationResponse |
|
1 | phase | <--<-- 2 --- Registration -->--> |
1 | register |
|
1 | RegistrationRequest |
|
2 | http response |
|
2 | RegistrationResponse |
|
2 | phase | <--<-- 3 --- AsyncAuthn -->--> |
2 | AuthorizationRequest |
|
2 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=kZhArhvLBpaZmflC&nonce=AkDGlxLnlec7WVYr&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_39346b179dcefe2805a403316d13e495 |
2 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=kZhArhvLBpaZmflC&nonce=AkDGlxLnlec7WVYr&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_39346b179dcefe2805a403316d13e495 |
4 | http args | {} |
4 | response | URL with fragment |
4 | response | access_token=AAdzZWNyZXQxdNs6Rgb6mls1d3-lHMS19LDcff14N2uWed8Avx9gM98ozUCEcM0wy_7abZpPxh4j2Uia7SlyCubdFDKeRqgzadZmnAV6WmaQx0MjEfO5KpOR5twDFhGPxaLdi7zad8thtgu4JcT-D5U2h3G7Rx0zhYCMfRJTuQ3Izxl-GCCtLsDucd_BAW7gXgo21mKbsfmzBIC4e1Fxp_qEnbH974VyjoMCC4L_KPhp5sEwMroDym3nrEqCGIpI68mNi4HFbXUFIKKih_yjnFMq_cFMG5G3IjkuV13wDEcsGcXQfiM7bvkL1k7yDLhuYcDC1146KMx9uTaumi-D4DyCbCVqtq8mW-HknpRlES_WZMvhYlRhU1CubFok727UePFvkBgaBD1MYh0qPl-YGMk-MgFwQFpDeAu9QTaHM3uVmfxwqeMd9S3SelxYTZ5qolMz4v9ePPUqsXFBHdbxfct0kSrkrEA_G0v4Xb6O1_FsVy0HJpu_HsOrN8s&id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoibnNRanMycGc4aUpjUVNKV3lWV0hLQSIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiXzM5MzQ2YjE3OWRjZWZlMjgwNWE0MDMzMTZkMTNlNDk1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDMwMTEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDc3MTcsImlhdCI6MTU1NjU0NDExNywibm9uY2UiOiJBa0RHbHhMbmxlYzdXVllyIn0.U9cv0XK3-9ww1aqhIC93DjvKaUfL5BNCxasVQBi2fdhxwhklIm7Z-3ErXgcJdVyb5P5CvFwYH_7wKRFOm6FIMSKt-g6VJIpkwx6s-t3gWW3skSSrbVghABp1FQDrwOhbzLU7Ru_fRUc2NDBDtRGUWl7uLV7B6f4S-x91mLY5xOUrffdwFoRIpgQoyp8Pp5AnqZeV992bQRaFxTun_D9iRrTi-CPIOh9K9FCg5c5C_tTqWPtZ9k6mxFA6KPcuLHk75F2Dk1VC2tLJgfmE9PXCxqvUoSVEcEbi_AorW70pRE4SKSgo9r7YMCJIU02lWmVX8xcGzcnveI01EXX28Ut-7g&state=kZhArhvLBpaZmflC&token_type=Bearer&expires_in=600 |
4 | response | {'access_token': 'AAdzZWNyZXQxdNs6Rgb6mls1d3-lHMS19LDcff14N2uWed8Avx9gM98ozUCEcM0wy_7abZpPxh4j2Uia7SlyCubdFDKeRqgzadZmnAV6WmaQx0MjEfO5KpOR5twDFhGPxaLdi7zad8thtgu4JcT-D5U2h3G7Rx0zhYCMfRJTuQ3Izxl-GCCtLsDucd_BAW7gXgo21mKbsfmzBIC4e1Fxp_qEnbH974VyjoMCC4L_KPhp5sEwMroDym3nrEqCGIpI68mNi4HFbXUFIKKih_yjnFMq_cFMG5G3IjkuV13wDEcsGcXQfiM7bvkL1k7yDLhuYcDC1146KMx9uTaumi-D4DyCbCVqtq8mW-HknpRlES_WZMvhYlRhU1CubFok727UePFvkBgaBD1MYh0qPl-YGMk-MgFwQFpDeAu9QTaHM3uVmfxwqeMd9S3SelxYTZ5qolMz4v9ePPUqsXFBHdbxfct0kSrkrEA_G0v4Xb6O1_FsVy0HJpu_HsOrN8s', 'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoibnNRanMycGc4aUpjUVNKV3lWV0hLQSIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiXzM5MzQ2YjE3OWRjZWZlMjgwNWE0MDMzMTZkMTNlNDk1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDMwMTEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDc3MTcsImlhdCI6MTU1NjU0NDExNywibm9uY2UiOiJBa0RHbHhMbmxlYzdXVllyIn0.U9cv0XK3-9ww1aqhIC93DjvKaUfL5BNCxasVQBi2fdhxwhklIm7Z-3ErXgcJdVyb5P5CvFwYH_7wKRFOm6FIMSKt-g6VJIpkwx6s-t3gWW3skSSrbVghABp1FQDrwOhbzLU7Ru_fRUc2NDBDtRGUWl7uLV7B6f4S-x91mLY5xOUrffdwFoRIpgQoyp8Pp5AnqZeV992bQRaFxTun_D9iRrTi-CPIOh9K9FCg5c5C_tTqWPtZ9k6mxFA6KPcuLHk75F2Dk1VC2tLJgfmE9PXCxqvUoSVEcEbi_AorW70pRE4SKSgo9r7YMCJIU02lWmVX8xcGzcnveI01EXX28Ut-7g', 'state': 'kZhArhvLBpaZmflC', 'token_type': 'Bearer', 'expires_in': 600} |
5 | AuthorizationResponse |
|
5 | phase | <--<-- 4 --- AccessToken -->--> |
5 | phase | <--<-- 5 --- UserInfo -->--> |
5 | do_user_info_request |
|
5 | request | {'body': None} |
5 | request_url | https://testop.funet.fi/idp/profile/oidc/userinfo |
5 | request_http_args | {'headers': {'Authorization': 'Bearer AAdzZWNyZXQxdNs6Rgb6mls1d3-lHMS19LDcff14N2uWed8Avx9gM98ozUCEcM0wy_7abZpPxh4j2Uia7SlyCubdFDKeRqgzadZmnAV6WmaQx0MjEfO5KpOR5twDFhGPxaLdi7zad8thtgu4JcT-D5U2h3G7Rx0zhYCMfRJTuQ3Izxl-GCCtLsDucd_BAW7gXgo21mKbsfmzBIC4e1Fxp_qEnbH974VyjoMCC4L_KPhp5sEwMroDym3nrEqCGIpI68mNi4HFbXUFIKKih_yjnFMq_cFMG5G3IjkuV13wDEcsGcXQfiM7bvkL1k7yDLhuYcDC1146KMx9uTaumi-D4DyCbCVqtq8mW-HknpRlES_WZMvhYlRhU1CubFok727UePFvkBgaBD1MYh0qPl-YGMk-MgFwQFpDeAu9QTaHM3uVmfxwqeMd9S3SelxYTZ5qolMz4v9ePPUqsXFBHdbxfct0kSrkrEA_G0v4Xb6O1_FsVy0HJpu_HsOrN8s'}} |
6 | http response |
|
6 | OpenIDSchema |
|
6 | OpenIDSchema |
|
6 | jws header | {'kid': 'testkeyRS', 'alg': 'RS256'} |
6 | phase | <--<-- 6 --- Done -->--> |
6 | end | |
6 | assertion | CheckAsymSignedUserInfo |
6 | condition | asym-signed-userinfo: status=OK [Verifies that the UserInfo was signed with a RSA key] |
6 | assertion | VerifyResponse |
6 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
6 | condition | Done: status=OK |
Result
PASSED