Test Info
Issuer | https://testop.funet.fi |
---|---|
Profile | [] |
Test ID | OP-claims-sub |
Test description | Support claims request specifying sub value |
Timestamp | 2019-04-29T12:50:58Z |
Conditions
verify-sub-value: status=OK [Verifies that the sub claim returned in the id_token matched the one asked for.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
Trace Output
0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config |
|
1 | http response |
|
1 | ProviderConfigurationResponse |
|
1 | phase | <--<-- 2 --- Registration -->--> |
1 | register |
|
1 | RegistrationRequest |
|
2 | http response |
|
2 | RegistrationResponse |
|
2 | phase | <--<-- 3 --- AsyncAuthn -->--> |
2 | AuthorizationRequest |
|
2 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=hrMOm4QdzWJq0nVR&nonce=5BpMJtFEdWm3gBk3&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_d99bd0232a847542be668ca12c86704e |
2 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=hrMOm4QdzWJq0nVR&nonce=5BpMJtFEdWm3gBk3&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_d99bd0232a847542be668ca12c86704e |
4 | http args | {} |
4 | response | URL with fragment |
4 | response | id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il9kOTliZDAyMzJhODQ3NTQyYmU2NjhjYTEyYzg2NzA0ZSIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQxNTczLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ1ODQ2LCJpYXQiOjE1NTY1NDIyNDYsIm5vbmNlIjoiNUJwTUp0RkVkV20zZ0JrMyJ9.GIeaDNmcMa7RjdpjgerRhiwJGxq9318a2Z30kXBa-9cx_psKlkmHz5D2OvSua_F-gCuJiSiZkvrPsiY9TYjj7nckehYvPOf5nGyHkfxMYAbbObbNfpm1Q_LPDc3nOyJFikSRoYokNjl91hQ-6kGroYknC1FwmNPswEh0_BOtekPXugHa0cUbA3NgGTDfRdvNyx4gpKrTOPdV_HnC684XDvdXw0CQZ06IRJzy5U4r3ljv98kMgrrjERv16P9xN4-ZCxhJ5W6BnQPqeWsRKfTcAStdSex0eHKwkBlkyq3OeiCA7XFd9SqVbWSFtbMoJnvY584pm8JZT68pgX1AgKy6Bg&state=hrMOm4QdzWJq0nVR |
4 | response | {'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il9kOTliZDAyMzJhODQ3NTQyYmU2NjhjYTEyYzg2NzA0ZSIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQxNTczLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ1ODQ2LCJpYXQiOjE1NTY1NDIyNDYsIm5vbmNlIjoiNUJwTUp0RkVkV20zZ0JrMyJ9.GIeaDNmcMa7RjdpjgerRhiwJGxq9318a2Z30kXBa-9cx_psKlkmHz5D2OvSua_F-gCuJiSiZkvrPsiY9TYjj7nckehYvPOf5nGyHkfxMYAbbObbNfpm1Q_LPDc3nOyJFikSRoYokNjl91hQ-6kGroYknC1FwmNPswEh0_BOtekPXugHa0cUbA3NgGTDfRdvNyx4gpKrTOPdV_HnC684XDvdXw0CQZ06IRJzy5U4r3ljv98kMgrrjERv16P9xN4-ZCxhJ5W6BnQPqeWsRKfTcAStdSex0eHKwkBlkyq3OeiCA7XFd9SqVbWSFtbMoJnvY584pm8JZT68pgX1AgKy6Bg', 'state': 'hrMOm4QdzWJq0nVR'} |
5 | AuthorizationResponse |
|
5 | phase | <--<-- 4 --- AccessToken -->--> |
5 | phase | <--<-- 5 --- Cache -->--> |
5 | phase | <--<-- 6 --- Note -->--> |
11 | phase | <--<-- 7 --- AsyncAuthn -->--> |
11 | AuthorizationRequest |
|
11 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=GZKXWEoxEf8VKSom&nonce=JvFxf8knF0ViIap1&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&claims=%7B%22id_token%22%3A+%7B%22sub%22%3A+%7B%22value%22%3A+%22VUG4777YP3NMU5KRFESX6SKRAPXLE4MI%22%7D%7D%7D&client_id=_d99bd0232a847542be668ca12c86704e |
11 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=GZKXWEoxEf8VKSom&nonce=JvFxf8knF0ViIap1&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&claims=%7B%22id_token%22%3A+%7B%22sub%22%3A+%7B%22value%22%3A+%22VUG4777YP3NMU5KRFESX6SKRAPXLE4MI%22%7D%7D%7D&client_id=_d99bd0232a847542be668ca12c86704e |
16 | http args | {} |
16 | response | URL with fragment |
16 | response | id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il9kOTliZDAyMzJhODQ3NTQyYmU2NjhjYTEyYzg2NzA0ZSIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQyMjU3LCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ1ODU3LCJpYXQiOjE1NTY1NDIyNTcsIm5vbmNlIjoiSnZGeGY4a25GMFZpSWFwMSJ9.XpWmUBeHaq-DVJXuFo6tmBKhJPT6liQVIGacJV3yege0ZdrmOy4xlC2tX0owbVELwBOC5Kt9ys9g5wnhjfDsTjnPiEh49RgQ1aHsjuHzGXzlLEsHL9CRzEnXuFHwcuPZG5jHDNDva6fGuVvIwSa5WcLVPR0DzUfOLakIMqbSRtpc8tkX2H8rA3WhgpcVi0WL6MLkgwefsq88Lwd72Dnm1SVdO4k3aC3srbzl5rqTcZCaijIrQWkOOFtXf-3hamZDCGChjTM7q2pqdPnLaey-_GwfFpOyt1SFYDCTcmOsMUo9Cus3BcwxZ_SacrVy8GpfM64-llqDC827XKOMskfdgg&state=GZKXWEoxEf8VKSom |
16 | response | {'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il9kOTliZDAyMzJhODQ3NTQyYmU2NjhjYTEyYzg2NzA0ZSIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQyMjU3LCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ1ODU3LCJpYXQiOjE1NTY1NDIyNTcsIm5vbmNlIjoiSnZGeGY4a25GMFZpSWFwMSJ9.XpWmUBeHaq-DVJXuFo6tmBKhJPT6liQVIGacJV3yege0ZdrmOy4xlC2tX0owbVELwBOC5Kt9ys9g5wnhjfDsTjnPiEh49RgQ1aHsjuHzGXzlLEsHL9CRzEnXuFHwcuPZG5jHDNDva6fGuVvIwSa5WcLVPR0DzUfOLakIMqbSRtpc8tkX2H8rA3WhgpcVi0WL6MLkgwefsq88Lwd72Dnm1SVdO4k3aC3srbzl5rqTcZCaijIrQWkOOFtXf-3hamZDCGChjTM7q2pqdPnLaey-_GwfFpOyt1SFYDCTcmOsMUo9Cus3BcwxZ_SacrVy8GpfM64-llqDC827XKOMskfdgg', 'state': 'GZKXWEoxEf8VKSom'} |
16 | AuthorizationResponse |
|
16 | phase | <--<-- 8 --- AccessToken -->--> |
16 | phase | <--<-- 9 --- Done -->--> |
16 | end | |
16 | assertion | VerifySubValue |
16 | condition | verify-sub-value: status=OK [Verifies that the sub claim returned in the id_token matched the one asked for.] |
16 | assertion | VerifyResponse |
16 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
16 | condition | Done: status=OK |
Result
PASSED