Test Info
Issuer | https://testop.funet.fi |
---|---|
Profile | [] |
Test ID | OP-claims-sub |
Test description | Support claims request specifying sub value |
Timestamp | 2019-04-29T13:25:58Z |
Conditions
verify-sub-value: status=OK [Verifies that the sub claim returned in the id_token matched the one asked for.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
Trace Output
0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config |
|
0 | http response |
|
0 | ProviderConfigurationResponse |
|
0 | phase | <--<-- 2 --- Registration -->--> |
0 | register |
|
0 | RegistrationRequest |
|
2 | http response |
|
2 | RegistrationResponse |
|
2 | phase | <--<-- 3 --- AsyncAuthn -->--> |
2 | AuthorizationRequest |
|
2 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=oii2vqU8Iq2McDeA&nonce=5Djt6efEGCzJorE4&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_a6a301985e7cb8ec4f0bf41f9e70cb3a |
2 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=oii2vqU8Iq2McDeA&nonce=5Djt6efEGCzJorE4&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_a6a301985e7cb8ec4f0bf41f9e70cb3a |
4 | http args | {} |
4 | response | URL with fragment |
4 | response | access_token=AAdzZWNyZXQx5UmMqLohZLHiezTHcNCc6GAQdTf9yfXCwDHEZ61JHWkYK8MoV-knzI2o9-OqUUAOtJFkxSgryYfPAq-A7lqpc0rvPyQEnf72ukclZ71VAfxeANQFBo6UulviKXO0IYR-L6SAYnfc_s_eAHzCLb8hb6C8rbUJaAm6t9pJFt1eRTAcJjn1KTzqrCeBJwL__xPm5Lsx_loJTGUztEhMHB7CRZeBxTzT8722etI7BqgTo37Pd-534tNpGUdzfEtcHm6JuscPtULDFXCrXMHB5TaRjmxiB8wKnTNX6lHfBd4kUoh0TzVquJiR5uKaQpmh1InBmaeQGnJ4mYeN3g0pT9zjDe1Yh8qOYG6YoF8wm69TIzM1tMXdo5TTAJyJwq7Z0Gmm0bxcG_H6c_7pKXyQdNsmliyeFqTohTyGRRwCslY3RYo3CnLOje_3oE922WuyuX4UYMT8Xp3NB8dhpcGoypXqzVFYzPMpvOfhxViCLYsNZLPr&id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiVlhoOUJzUUtVRjgtTUVaWVQxQk9ydyIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiX2E2YTMwMTk4NWU3Y2I4ZWM0ZjBiZjQxZjllNzBjYjNhIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDMwMTEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDc5NDgsImlhdCI6MTU1NjU0NDM0OCwibm9uY2UiOiI1RGp0NmVmRUdDekpvckU0In0.TLTjroY-QyfewKNJ2g30g78srNThGG4nZ2Eww9uPDt6ev89r15HRaTXboz_T2QMh1TTXB7vqNLdmPll7WJvabnk_43U5-0au6-f9OnITkoycyWoEB1gk0gaZj4k1hUWYWuM_wjOQhPacFMljT0DJx26WG_XTaJyHsh7kFypAcjtLPYFeXT6jqswRc_8YxPTcBimyJ5tsfrSHUwPPEa0VIIbMtADAnlEppmupvu_mPssWaEvhWpeyZKoRpYAEt3xlrXDWX4kpM0BW2uanF5Wg984hDDYw2rDQBEoDjDbHdWcYsBYINDHugTORLxwsXExO0jkyVd8zJVq1ho7FbnpjDw&state=oii2vqU8Iq2McDeA&token_type=Bearer&expires_in=600 |
4 | response | {'access_token': 'AAdzZWNyZXQx5UmMqLohZLHiezTHcNCc6GAQdTf9yfXCwDHEZ61JHWkYK8MoV-knzI2o9-OqUUAOtJFkxSgryYfPAq-A7lqpc0rvPyQEnf72ukclZ71VAfxeANQFBo6UulviKXO0IYR-L6SAYnfc_s_eAHzCLb8hb6C8rbUJaAm6t9pJFt1eRTAcJjn1KTzqrCeBJwL__xPm5Lsx_loJTGUztEhMHB7CRZeBxTzT8722etI7BqgTo37Pd-534tNpGUdzfEtcHm6JuscPtULDFXCrXMHB5TaRjmxiB8wKnTNX6lHfBd4kUoh0TzVquJiR5uKaQpmh1InBmaeQGnJ4mYeN3g0pT9zjDe1Yh8qOYG6YoF8wm69TIzM1tMXdo5TTAJyJwq7Z0Gmm0bxcG_H6c_7pKXyQdNsmliyeFqTohTyGRRwCslY3RYo3CnLOje_3oE922WuyuX4UYMT8Xp3NB8dhpcGoypXqzVFYzPMpvOfhxViCLYsNZLPr', 'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiVlhoOUJzUUtVRjgtTUVaWVQxQk9ydyIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiX2E2YTMwMTk4NWU3Y2I4ZWM0ZjBiZjQxZjllNzBjYjNhIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDMwMTEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDc5NDgsImlhdCI6MTU1NjU0NDM0OCwibm9uY2UiOiI1RGp0NmVmRUdDekpvckU0In0.TLTjroY-QyfewKNJ2g30g78srNThGG4nZ2Eww9uPDt6ev89r15HRaTXboz_T2QMh1TTXB7vqNLdmPll7WJvabnk_43U5-0au6-f9OnITkoycyWoEB1gk0gaZj4k1hUWYWuM_wjOQhPacFMljT0DJx26WG_XTaJyHsh7kFypAcjtLPYFeXT6jqswRc_8YxPTcBimyJ5tsfrSHUwPPEa0VIIbMtADAnlEppmupvu_mPssWaEvhWpeyZKoRpYAEt3xlrXDWX4kpM0BW2uanF5Wg984hDDYw2rDQBEoDjDbHdWcYsBYINDHugTORLxwsXExO0jkyVd8zJVq1ho7FbnpjDw', 'state': 'oii2vqU8Iq2McDeA', 'token_type': 'Bearer', 'expires_in': 600} |
5 | AuthorizationResponse |
|
5 | phase | <--<-- 4 --- AccessToken -->--> |
5 | phase | <--<-- 5 --- Cache -->--> |
5 | phase | <--<-- 6 --- Note -->--> |
10 | phase | <--<-- 7 --- AsyncAuthn -->--> |
10 | AuthorizationRequest |
|
10 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=PxbaGRySpmpcaYUX&nonce=H37FeQ5Aq1f5ILe9&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&claims=%7B%22id_token%22%3A+%7B%22sub%22%3A+%7B%22value%22%3A+%22VUG4777YP3NMU5KRFESX6SKRAPXLE4MI%22%7D%7D%7D&client_id=_a6a301985e7cb8ec4f0bf41f9e70cb3a |
10 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=PxbaGRySpmpcaYUX&nonce=H37FeQ5Aq1f5ILe9&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&claims=%7B%22id_token%22%3A+%7B%22sub%22%3A+%7B%22value%22%3A+%22VUG4777YP3NMU5KRFESX6SKRAPXLE4MI%22%7D%7D%7D&client_id=_a6a301985e7cb8ec4f0bf41f9e70cb3a |
13 | http args | {} |
14 | response | URL with fragment |
14 | response | access_token=AAdzZWNyZXQxjxX8JeUKtxM_1USkZho0LqY0mvhX6H5t1sfyKX6gIVj70sXdj6K8z2ITY2oGAe0Xi0eE0763MH36AkrfrSolNbLi6uPdjkYXMFp7_BSr1f3BDYLJoxNUq-GCXzCJOsJ_fRA5hiK3iqmQ67b0zZsoEpTXD510HurbrgNug9x527hpOrzU81ID9V2IAqaxLKXVfSpPmiMHWO-bdpULQDEidaFnOE8Ppfwcktl-9WXxqxINAmR5T7Kar3SEpSLUupE5lx_fhOO9DAcf0ZtlAscRlp6jhGfe-vOkU8JnIcY2d8YxOASKcx-6cu0arz7E7u-5F8UwFjRqJOTDs2Va3oyrvT7ClrXMsXbZO2IlDvy0ijO3lTiI0Bj8xcoeWvdMAp6dpx8NFo7tpuCcwddtx0yHnqbEu49OP0JMB8rnMEagSdvAays3nRPzZ23EBP20H0anzEx5eA9j9Tinv2fM0rrhztre_8_Hu0enVPo1P5fq9TWxTY-fHhZ9kQRLaG3hd2I6FikgIG-Y&id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiODd2TmtwWTlYME1WUmozcUx2NThsdyIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiX2E2YTMwMTk4NWU3Y2I4ZWM0ZjBiZjQxZjllNzBjYjNhIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDQzNTcsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDc5NTcsImlhdCI6MTU1NjU0NDM1Nywibm9uY2UiOiJIMzdGZVE1QXExZjVJTGU5In0.SMg2aicmCKPLerkHKQm4XH2LhvyabwNqtr02XOX9cPsTBJGW47RwcC487aPe6ijqr5C4hIwd0Z7hm2-i4jxCq8QfswXbT9o_NDDQoj2Hih1l-svikoGs-iJkKGYGEkhlYmqzEukU8BTcWJ5MWM2OkNAJvNqDcKcvpklbvqccLqBmpsoquljK71HeTjG9bytuG81sI-YZ9gByyT_XdoY6faDKIzqj49Z6gebrYIKGsIx4dJWpp68QozfrHcBpFXzzr74OGGmRhqiKDgJnQby4qrfwHPoBxyOwEt_qORN6zT9LzK5DEBgAukU1rSAR1e9vJlT9l4k0LGVPJAAYxmbUQQ&state=PxbaGRySpmpcaYUX&token_type=Bearer&expires_in=600 |
14 | response | {'access_token': 'AAdzZWNyZXQxjxX8JeUKtxM_1USkZho0LqY0mvhX6H5t1sfyKX6gIVj70sXdj6K8z2ITY2oGAe0Xi0eE0763MH36AkrfrSolNbLi6uPdjkYXMFp7_BSr1f3BDYLJoxNUq-GCXzCJOsJ_fRA5hiK3iqmQ67b0zZsoEpTXD510HurbrgNug9x527hpOrzU81ID9V2IAqaxLKXVfSpPmiMHWO-bdpULQDEidaFnOE8Ppfwcktl-9WXxqxINAmR5T7Kar3SEpSLUupE5lx_fhOO9DAcf0ZtlAscRlp6jhGfe-vOkU8JnIcY2d8YxOASKcx-6cu0arz7E7u-5F8UwFjRqJOTDs2Va3oyrvT7ClrXMsXbZO2IlDvy0ijO3lTiI0Bj8xcoeWvdMAp6dpx8NFo7tpuCcwddtx0yHnqbEu49OP0JMB8rnMEagSdvAays3nRPzZ23EBP20H0anzEx5eA9j9Tinv2fM0rrhztre_8_Hu0enVPo1P5fq9TWxTY-fHhZ9kQRLaG3hd2I6FikgIG-Y', 'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiODd2TmtwWTlYME1WUmozcUx2NThsdyIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiX2E2YTMwMTk4NWU3Y2I4ZWM0ZjBiZjQxZjllNzBjYjNhIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDQzNTcsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDc5NTcsImlhdCI6MTU1NjU0NDM1Nywibm9uY2UiOiJIMzdGZVE1QXExZjVJTGU5In0.SMg2aicmCKPLerkHKQm4XH2LhvyabwNqtr02XOX9cPsTBJGW47RwcC487aPe6ijqr5C4hIwd0Z7hm2-i4jxCq8QfswXbT9o_NDDQoj2Hih1l-svikoGs-iJkKGYGEkhlYmqzEukU8BTcWJ5MWM2OkNAJvNqDcKcvpklbvqccLqBmpsoquljK71HeTjG9bytuG81sI-YZ9gByyT_XdoY6faDKIzqj49Z6gebrYIKGsIx4dJWpp68QozfrHcBpFXzzr74OGGmRhqiKDgJnQby4qrfwHPoBxyOwEt_qORN6zT9LzK5DEBgAukU1rSAR1e9vJlT9l4k0LGVPJAAYxmbUQQ', 'state': 'PxbaGRySpmpcaYUX', 'token_type': 'Bearer', 'expires_in': 600} |
14 | AuthorizationResponse |
|
14 | phase | <--<-- 8 --- AccessToken -->--> |
14 | phase | <--<-- 9 --- Done -->--> |
14 | end | |
14 | assertion | VerifySubValue |
14 | condition | verify-sub-value: status=OK [Verifies that the sub claim returned in the id_token matched the one asked for.] |
14 | assertion | VerifyResponse |
14 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
14 | condition | Done: status=OK |
Result
PASSED