Test Info
Issuer | https://testop.funet.fi |
---|---|
Profile | [] |
Test ID | OP-Req-max_age=10000 |
Test description | Requesting ID Token with max_age=10000 seconds restriction |
Timestamp | 2019-04-29T13:03:51Z |
Conditions
claims-check: status=OK [Checks if specific claims is present or not]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
Trace Output
0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config |
|
1 | http response |
|
1 | ProviderConfigurationResponse |
|
1 | phase | <--<-- 2 --- Registration -->--> |
1 | register |
|
1 | RegistrationRequest |
|
2 | http response |
|
2 | RegistrationResponse |
|
2 | phase | <--<-- 3 --- AsyncAuthn -->--> |
2 | AuthorizationRequest |
|
2 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=iGiskaNYYWzq2fLv&nonce=uhKEuXGk0Eac4fpf&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_cb0fbc978dba9776ecfa0a86d79b704c |
2 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=iGiskaNYYWzq2fLv&nonce=uhKEuXGk0Eac4fpf&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_cb0fbc978dba9776ecfa0a86d79b704c |
4 | http args | {} |
5 | response | URL with fragment |
5 | response | id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il9jYjBmYmM5NzhkYmE5Nzc2ZWNmYTBhODZkNzliNzA0YyIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQzMDExLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ2NjI5LCJpYXQiOjE1NTY1NDMwMjksIm5vbmNlIjoidWhLRXVYR2swRWFjNGZwZiJ9.Lk5N2Y5WPBbbAsbsaUQGxE0UWpwzBBLP3IMBtli7YP4td-fuC3w7snu__1OQJxN5rLuGO_-V6VtM0jkbWgbZ0HFGcNEi3jxMjSAE5Lu1Cb0TtHkrm4c51DSoLgaPwhuhXc6pEekIxKRE3gPedxOKIzkf8jBUQQqlnx6luLI1kmCl8toyBipY4xzReR82F13imsZsabSiDZS0zraM4pzYjkOTaoiV4Kkd2h582jVgfHI__lo88offikmw-uq5FmEtuxR11YmsoRAkZxZKd1cJFWUXjoLcu5DZSm52nZvCpyMiA6U5wYQBPM0xO55Zi0JURZ-hk6DLCPgHDi9m66dMTw&state=iGiskaNYYWzq2fLv |
5 | response | {'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il9jYjBmYmM5NzhkYmE5Nzc2ZWNmYTBhODZkNzliNzA0YyIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQzMDExLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ2NjI5LCJpYXQiOjE1NTY1NDMwMjksIm5vbmNlIjoidWhLRXVYR2swRWFjNGZwZiJ9.Lk5N2Y5WPBbbAsbsaUQGxE0UWpwzBBLP3IMBtli7YP4td-fuC3w7snu__1OQJxN5rLuGO_-V6VtM0jkbWgbZ0HFGcNEi3jxMjSAE5Lu1Cb0TtHkrm4c51DSoLgaPwhuhXc6pEekIxKRE3gPedxOKIzkf8jBUQQqlnx6luLI1kmCl8toyBipY4xzReR82F13imsZsabSiDZS0zraM4pzYjkOTaoiV4Kkd2h582jVgfHI__lo88offikmw-uq5FmEtuxR11YmsoRAkZxZKd1cJFWUXjoLcu5DZSm52nZvCpyMiA6U5wYQBPM0xO55Zi0JURZ-hk6DLCPgHDi9m66dMTw', 'state': 'iGiskaNYYWzq2fLv'} |
5 | AuthorizationResponse |
|
5 | phase | <--<-- 4 --- AccessToken -->--> |
5 | phase | <--<-- 5 --- AsyncAuthn -->--> |
5 | AuthorizationRequest |
|
5 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=Fz1Tb44UVRseIlEQ&nonce=5HxQpgbxND5C1LSF&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&max_age=10000&client_id=_cb0fbc978dba9776ecfa0a86d79b704c |
5 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=Fz1Tb44UVRseIlEQ&nonce=5HxQpgbxND5C1LSF&response_type=id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&max_age=10000&client_id=_cb0fbc978dba9776ecfa0a86d79b704c |
6 | http args | {} |
6 | response | URL with fragment |
6 | response | id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il9jYjBmYmM5NzhkYmE5Nzc2ZWNmYTBhODZkNzliNzA0YyIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQzMDExLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ2NjMxLCJpYXQiOjE1NTY1NDMwMzEsIm5vbmNlIjoiNUh4UXBnYnhORDVDMUxTRiJ9.SZxHU8VL3bA1scCCt_iokiEGkLRTuVQMskZoMz1n7n_qO3sa4Jn7QhblAT07rMDhwY2qAIBTkdEfiAbTaRUMDa03FwhOruveoHVdhldkXwlcW95OY90OXz_CN9TlTou04_UNSYSCW1dNiPtsuQc2BtM-HrqHpw5bYPd5gHW7Dxr6vdWfZqFzSlP87RS2jzwfhADqnvvtoi4-ZlpgbJ0ch1fO454MSmkdxgFODpbgE88bN-HhmmOulMkGWCKdc3YfUcPI4TlXN_JXbz6pEC9B1l1ihBUDmO9E9X5NUBS6fa4J1SCL-c19eqj7-z3OWxkDS5-VR1wIvb9TzMv8JvtrNw&state=Fz1Tb44UVRseIlEQ |
6 | response | {'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJWVUc0Nzc3WVAzTk1VNUtSRkVTWDZTS1JBUFhMRTRNSSIsImF1ZCI6Il9jYjBmYmM5NzhkYmE5Nzc2ZWNmYTBhODZkNzliNzA0YyIsImFjciI6InBhc3N3b3JkIiwiYXV0aF90aW1lIjoxNTU2NTQzMDExLCJpc3MiOiJodHRwczpcL1wvdGVzdG9wLmZ1bmV0LmZpIiwiZXhwIjoxNTU2NTQ2NjMxLCJpYXQiOjE1NTY1NDMwMzEsIm5vbmNlIjoiNUh4UXBnYnhORDVDMUxTRiJ9.SZxHU8VL3bA1scCCt_iokiEGkLRTuVQMskZoMz1n7n_qO3sa4Jn7QhblAT07rMDhwY2qAIBTkdEfiAbTaRUMDa03FwhOruveoHVdhldkXwlcW95OY90OXz_CN9TlTou04_UNSYSCW1dNiPtsuQc2BtM-HrqHpw5bYPd5gHW7Dxr6vdWfZqFzSlP87RS2jzwfhADqnvvtoi4-ZlpgbJ0ch1fO454MSmkdxgFODpbgE88bN-HhmmOulMkGWCKdc3YfUcPI4TlXN_JXbz6pEC9B1l1ihBUDmO9E9X5NUBS6fa4J1SCL-c19eqj7-z3OWxkDS5-VR1wIvb9TzMv8JvtrNw', 'state': 'Fz1Tb44UVRseIlEQ'} |
6 | AuthorizationResponse |
|
6 | phase | <--<-- 6 --- AccessToken -->--> |
6 | phase | <--<-- 7 --- Done -->--> |
6 | end | |
6 | assertion | ClaimsCheck |
6 | condition | claims-check: status=OK [Checks if specific claims is present or not] |
6 | assertion | SameAuthn |
6 | condition | same-authn: status=OK [Verifies that the same authentication was used twice in the flow.] |
6 | assertion | AuthTimeCheck |
6 | condition | auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.] |
6 | assertion | VerifyResponse |
6 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
6 | condition | Done: status=OK |
Result
PASSED