Test Info
Issuer | https://testop.funet.fi |
---|---|
Profile | [] |
Test ID | OP-Registration-Sub-Differ |
Test description | Public and pairwise sub values differ |
Timestamp | 2019-04-29T12:43:15Z |
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
different_sub: status=OK [Verifies that the sub value differs between public and pairwise subject types.]
Done: status=OK
Trace Output
0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config |
|
1 | http response |
|
1 | ProviderConfigurationResponse |
|
1 | phase | <--<-- 2 --- Registration -->--> |
1 | register |
|
1 | RegistrationRequest |
|
2 | http response |
|
2 | RegistrationResponse |
|
2 | phase | <--<-- 3 --- AsyncAuthn -->--> |
2 | AuthorizationRequest |
|
2 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=LOdT3vQ82BaAt32k&nonce=3bXdUAU5IFmKVzxw&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_39914e5b52a188ea6d6f00e31f2b530d |
2 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=LOdT3vQ82BaAt32k&nonce=3bXdUAU5IFmKVzxw&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_39914e5b52a188ea6d6f00e31f2b530d |
5 | http args | {} |
5 | response | URL with fragment |
5 | response | id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il8zOTkxNGU1YjUyYTE4OGVhNmQ2ZjAwZTMxZjJiNTMwZCIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQxNTczLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ1MzkwLCJpYXQiOjE1NTY1NDE3OTAsIm5vbmNlIjoiM2JYZFVBVTVJRm1LVnp4dyJ9.Atuv3njOIArxQ_XV5yf45mcD9ZWp2fJWfUQMBz8bMN3u-PvjU40m2knD5Q04IMAVTdzzorbNz5NY82uRix08qnnErVE1LPbi9-PznwaJGZZ36NUfG_jqLG6vs9nCgh2b1669BY43ZgzhpfoHMWnLwTZ-X2vPqNgsaFH-nQ5pf-PR2cJgESo_af9y2PwO2njgI6Llpby-KP3gwXf0Cuscbcj2a0_zeBoCiuuZE9OYSkeeMKfA8bxHVwAzuhLKuZ5390s8nf8lKQGipYwdxWwjJ5q317JvgWPGVo7GqV2YcTzsLT-aWjRld0_dDKSdKga8s7MvjrnOdgqUK6gpLjDrLw&state=LOdT3vQ82BaAt32k |
5 | response | {'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il8zOTkxNGU1YjUyYTE4OGVhNmQ2ZjAwZTMxZjJiNTMwZCIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQxNTczLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ1MzkwLCJpYXQiOjE1NTY1NDE3OTAsIm5vbmNlIjoiM2JYZFVBVTVJRm1LVnp4dyJ9.Atuv3njOIArxQ_XV5yf45mcD9ZWp2fJWfUQMBz8bMN3u-PvjU40m2knD5Q04IMAVTdzzorbNz5NY82uRix08qnnErVE1LPbi9-PznwaJGZZ36NUfG_jqLG6vs9nCgh2b1669BY43ZgzhpfoHMWnLwTZ-X2vPqNgsaFH-nQ5pf-PR2cJgESo_af9y2PwO2njgI6Llpby-KP3gwXf0Cuscbcj2a0_zeBoCiuuZE9OYSkeeMKfA8bxHVwAzuhLKuZ5390s8nf8lKQGipYwdxWwjJ5q317JvgWPGVo7GqV2YcTzsLT-aWjRld0_dDKSdKga8s7MvjrnOdgqUK6gpLjDrLw', 'state': 'LOdT3vQ82BaAt32k'} |
6 | AuthorizationResponse |
|
6 | phase | <--<-- 4 --- AccessToken -->--> |
6 | phase | <--<-- 5 --- Registration -->--> |
6 | register |
|
6 | RegistrationRequest |
|
7 | http response |
|
7 | RegistrationResponse |
|
7 | phase | <--<-- 6 --- AsyncAuthn -->--> |
7 | AuthorizationRequest |
|
7 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=GK9dsY6UaP6QdqiK&nonce=jp2g2C1zEQOzwmwe&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_466e79813aa525d5796cab7432681d25 |
7 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=GK9dsY6UaP6QdqiK&nonce=jp2g2C1zEQOzwmwe&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_466e79813aa525d5796cab7432681d25 |
10 | http args | {} |
10 | response | URL with fragment |
10 | response | id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJPSFZQN0NDVVFKVEIyRkZJRUtSSlRESk1WS1FOSFM2RiIsImF1ZCI6Il80NjZlNzk4MTNhYTUyNWQ1Nzk2Y2FiNzQzMjY4MWQyNSIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQxNTczLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ1Mzk0LCJpYXQiOjE1NTY1NDE3OTQsIm5vbmNlIjoianAyZzJDMXpFUU96d213ZSJ9.d6lAhvb4qghJnUBZLJ8-1lvvbNmhdQlptKSZj_bcd9uKYppyPKya5oPXVI1hUauvED_gd6PMsNZJXb4BOsKpBN8FxKaOIqt4sZGltRDJSCUpS4GZEMUb0L_ZXPIQA8sU7ji5-gv_tZjSOr-PHFoGYkSfpoXwU41QKgizSy1fNQeGLkUOCC-2MIviIIkKdKzIwJoAcp_YJeVjZm_xN1kAEGvOQA3vC1EKkA9et7tr99Gk9wCkulNt_i7qFB3O-vIrGCQv7DBSAZtEhIhXRfb8PpAaHfEuF7ESPxwevMRtWpgjvAslAs15vkfB9VJVB3GbR4Iua6y7rKBoXEoc-ZRNSQ&state=GK9dsY6UaP6QdqiK |
10 | response | {'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJPSFZQN0NDVVFKVEIyRkZJRUtSSlRESk1WS1FOSFM2RiIsImF1ZCI6Il80NjZlNzk4MTNhYTUyNWQ1Nzk2Y2FiNzQzMjY4MWQyNSIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQxNTczLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ1Mzk0LCJpYXQiOjE1NTY1NDE3OTQsIm5vbmNlIjoianAyZzJDMXpFUU96d213ZSJ9.d6lAhvb4qghJnUBZLJ8-1lvvbNmhdQlptKSZj_bcd9uKYppyPKya5oPXVI1hUauvED_gd6PMsNZJXb4BOsKpBN8FxKaOIqt4sZGltRDJSCUpS4GZEMUb0L_ZXPIQA8sU7ji5-gv_tZjSOr-PHFoGYkSfpoXwU41QKgizSy1fNQeGLkUOCC-2MIviIIkKdKzIwJoAcp_YJeVjZm_xN1kAEGvOQA3vC1EKkA9et7tr99Gk9wCkulNt_i7qFB3O-vIrGCQv7DBSAZtEhIhXRfb8PpAaHfEuF7ESPxwevMRtWpgjvAslAs15vkfB9VJVB3GbR4Iua6y7rKBoXEoc-ZRNSQ', 'state': 'GK9dsY6UaP6QdqiK'} |
10 | AuthorizationResponse |
|
10 | phase | <--<-- 7 --- AccessToken -->--> |
10 | phase | <--<-- 8 --- Done -->--> |
10 | end | |
10 | assertion | VerifyResponse |
10 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
10 | assertion | CheckUserID |
10 | condition | different_sub: status=OK [Verifies that the sub value differs between public and pairwise subject types.] |
10 | condition | Done: status=OK |
Result
PASSED