Test Info
Issuer | https://testop.funet.fi |
---|---|
Profile | [] |
Test ID | OP-Req-max_age=10000 |
Test description | Requesting ID Token with max_age=10000 seconds restriction |
Timestamp | 2019-04-29T13:39:03Z |
Conditions
claims-check: status=OK [Checks if specific claims is present or not]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
Trace Output
0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config |
|
0 | http response |
|
0 | ProviderConfigurationResponse |
|
0 | phase | <--<-- 2 --- Registration -->--> |
0 | register |
|
0 | RegistrationRequest |
|
2 | http response |
|
2 | RegistrationResponse |
|
2 | phase | <--<-- 3 --- AsyncAuthn -->--> |
2 | AuthorizationRequest |
|
2 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=y2UYNkvKSC0N2YoK&nonce=2ZFUmZT4upbH5heN&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_994e4145ee9f96d4518624b8882e5eb2 |
2 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=y2UYNkvKSC0N2YoK&nonce=2ZFUmZT4upbH5heN&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_994e4145ee9f96d4518624b8882e5eb2 |
4 | http args | {} |
4 | response | URL with fragment |
4 | response | access_token=AAdzZWNyZXQxtuSpDgHkVZpU9vsyNC96ZSNzzuPijPpcPH4vOD0MBsg_p1eRp0_x30tkYh-_h0xwpjEeQx4GleXkVGnsu0qCPtaLOwaQr9_xidZfLh78i8CG0gTdLN5H1ySaXrKax1fxS2p1YpKZ4i-_6xQT0uyplRwKlEkgSvIIWp6mhyxLMeHyDZP6LKfH7G6DwBQjuTdbim_tea4ejWtofTSRCmC0BvOSKD761qV9Qfv6ZuVyk8pcy3EeJM_h1KPuH8p5Oas76CKTLp0_WPjaSVPlSZ6ZL5-sqPykx4D2C1RPeZ1TB2iSmtsE0gw0OH7xU1Y6evjVv9uPPJL8b-yYIFKAuiRDe3VmLidi1wTfYzMj_lxkoG8hmunINnw_HGInZSa4HaX7W5INI_8UZPLgmC9WzAmcmxmRCyRnsVpUUFzLE5LQx0YYnsZFNlKqfaMlUfTBAtyF5lI3-1DcTXL3OIFrJZ6oaSabY8yfmbdux74SO4bVeF0&id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMW10T0FZV3FQdFlWRjZob0ViblF2USIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiXzk5NGU0MTQ1ZWU5Zjk2ZDQ1MTg2MjRiODg4MmU1ZWIyIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDUxMjEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDg3NDIsImlhdCI6MTU1NjU0NTE0Miwibm9uY2UiOiIyWkZVbVpUNHVwYkg1aGVOIn0.fgCpaZ_sSsiVZ3vbKWFyCA01qaIiwXRnNpBVUAbOG_GV9-t0R13xZwMtd8St0ghYOLmnzncyohAKJ_6XdhVCIX1Ih1Cj6wPUaMD_1MhRgUkKzuaUV778SX_Q5qTj1kRmud7J_zgjplKGgSweEn-OWgUqc2m1_L8ABOdCHaV_yIDIrl0lvaVsc_irllYUmzirvYQBG04w_-Xl-OI8bjdysoVujnbkG7tQXxOreav5J22nWEDuO4zPmu_eBdfq4YwkYntpuq5P1qXrKX7iGq0rZ9DG05Lt2KhwRyqjCX5OFPRWF-kg4VAGbrS0kLEckqKNYWvq2uwBcj3RbCO6Y7jmXA&state=y2UYNkvKSC0N2YoK&token_type=Bearer&expires_in=600 |
4 | response | {'access_token': 'AAdzZWNyZXQxtuSpDgHkVZpU9vsyNC96ZSNzzuPijPpcPH4vOD0MBsg_p1eRp0_x30tkYh-_h0xwpjEeQx4GleXkVGnsu0qCPtaLOwaQr9_xidZfLh78i8CG0gTdLN5H1ySaXrKax1fxS2p1YpKZ4i-_6xQT0uyplRwKlEkgSvIIWp6mhyxLMeHyDZP6LKfH7G6DwBQjuTdbim_tea4ejWtofTSRCmC0BvOSKD761qV9Qfv6ZuVyk8pcy3EeJM_h1KPuH8p5Oas76CKTLp0_WPjaSVPlSZ6ZL5-sqPykx4D2C1RPeZ1TB2iSmtsE0gw0OH7xU1Y6evjVv9uPPJL8b-yYIFKAuiRDe3VmLidi1wTfYzMj_lxkoG8hmunINnw_HGInZSa4HaX7W5INI_8UZPLgmC9WzAmcmxmRCyRnsVpUUFzLE5LQx0YYnsZFNlKqfaMlUfTBAtyF5lI3-1DcTXL3OIFrJZ6oaSabY8yfmbdux74SO4bVeF0', 'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMW10T0FZV3FQdFlWRjZob0ViblF2USIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiXzk5NGU0MTQ1ZWU5Zjk2ZDQ1MTg2MjRiODg4MmU1ZWIyIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDUxMjEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDg3NDIsImlhdCI6MTU1NjU0NTE0Miwibm9uY2UiOiIyWkZVbVpUNHVwYkg1aGVOIn0.fgCpaZ_sSsiVZ3vbKWFyCA01qaIiwXRnNpBVUAbOG_GV9-t0R13xZwMtd8St0ghYOLmnzncyohAKJ_6XdhVCIX1Ih1Cj6wPUaMD_1MhRgUkKzuaUV778SX_Q5qTj1kRmud7J_zgjplKGgSweEn-OWgUqc2m1_L8ABOdCHaV_yIDIrl0lvaVsc_irllYUmzirvYQBG04w_-Xl-OI8bjdysoVujnbkG7tQXxOreav5J22nWEDuO4zPmu_eBdfq4YwkYntpuq5P1qXrKX7iGq0rZ9DG05Lt2KhwRyqjCX5OFPRWF-kg4VAGbrS0kLEckqKNYWvq2uwBcj3RbCO6Y7jmXA', 'state': 'y2UYNkvKSC0N2YoK', 'token_type': 'Bearer', 'expires_in': 600} |
4 | AuthorizationResponse |
|
4 | phase | <--<-- 4 --- AccessToken -->--> |
4 | phase | <--<-- 5 --- AsyncAuthn -->--> |
4 | AuthorizationRequest |
|
4 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=zRFCUC1z7hzbWcAN&nonce=u8LlMCTwbij8SyjW&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&max_age=10000&client_id=_994e4145ee9f96d4518624b8882e5eb2 |
4 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=zRFCUC1z7hzbWcAN&nonce=u8LlMCTwbij8SyjW&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&max_age=10000&client_id=_994e4145ee9f96d4518624b8882e5eb2 |
5 | http args | {} |
5 | response | URL with fragment |
5 | response | access_token=AAdzZWNyZXQx-giYywLHsmukD3LWYlAyfasBRckl3by5yL-ZsgHOtQFhHR4SH2uK7z5LCtvmm9R3eahm5Etw7O-nhHguz7bRFTq_1pcrsKVmpQYKZhfsZ-oduY6McfWslDMSn0bk-rz2t6MbmJzhuWQOLjRnwSCPHV6lJiz9roXXYGS10E_z36_shPXCCCQm9916_kgWUBPm9iRdIXwejkqRacO9VxBjA2YA-ZV2ZwW3L8XG9a_yBI5rPGYRVhJEV8VLuTgDy0DT7p8oFS6OAq5W_3yF-JYlVKL_4Qv-Z1Ot9z6T92k_MGWY_1RWTwYrfFcSqnARvsHfjgGBTaGXWg17S5JRkD_Bkx-JoFHYfuNG-zSqM5OfIWT3ELseOp-MhngUSWm033WJ2-I0Eck0vpKLi0D1ISwZDFUztS-Bj00tZpBTZwhAaKDGXg6biwte3UWr9XNHx0cQKwOBlaUczWT9urrWaTpZbwD7lhbPTZRAxuzDFOE&id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoic0hRd241SHU2cW1RT0psdEpHRzY3dyIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiXzk5NGU0MTQ1ZWU5Zjk2ZDQ1MTg2MjRiODg4MmU1ZWIyIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDUxMjEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDg3NDMsImlhdCI6MTU1NjU0NTE0Mywibm9uY2UiOiJ1OExsTUNUd2JpajhTeWpXIn0.gjpuTtXC22TCvgme_WSUeGIOi3DTew0pr3lVO_qkjbW82AqThFX1aIzDmXv90l3hQneLI4GgeeBdIEOukrwELynRRhQJq4QV-z7G8DONhEb7xjxNCQAhZKcjbd4ELcFZah4NJsbwUk5eLVoH0XlLxZS4gOWKklBfP0a6OANnz8sX6UlvCj_AFE4sNEPRrnESMLULg1fvH3oCy-KHgVyvqfGHf7j0-NSAdXaXCekwI9aLgJK6_rWh9Ib3dSZ0eDcLyzz5k_qJHLbKc7MHzYqqYsPjVBXzc75K7JXd7U6F51yohTLRTf9EQ-tzBiULCizbXdHIMVf1wZnG7q8UDC6K9w&state=zRFCUC1z7hzbWcAN&token_type=Bearer&expires_in=600 |
5 | response | {'access_token': 'AAdzZWNyZXQx-giYywLHsmukD3LWYlAyfasBRckl3by5yL-ZsgHOtQFhHR4SH2uK7z5LCtvmm9R3eahm5Etw7O-nhHguz7bRFTq_1pcrsKVmpQYKZhfsZ-oduY6McfWslDMSn0bk-rz2t6MbmJzhuWQOLjRnwSCPHV6lJiz9roXXYGS10E_z36_shPXCCCQm9916_kgWUBPm9iRdIXwejkqRacO9VxBjA2YA-ZV2ZwW3L8XG9a_yBI5rPGYRVhJEV8VLuTgDy0DT7p8oFS6OAq5W_3yF-JYlVKL_4Qv-Z1Ot9z6T92k_MGWY_1RWTwYrfFcSqnARvsHfjgGBTaGXWg17S5JRkD_Bkx-JoFHYfuNG-zSqM5OfIWT3ELseOp-MhngUSWm033WJ2-I0Eck0vpKLi0D1ISwZDFUztS-Bj00tZpBTZwhAaKDGXg6biwte3UWr9XNHx0cQKwOBlaUczWT9urrWaTpZbwD7lhbPTZRAxuzDFOE', 'id_token': 'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoic0hRd241SHU2cW1RT0psdEpHRzY3dyIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiXzk5NGU0MTQ1ZWU5Zjk2ZDQ1MTg2MjRiODg4MmU1ZWIyIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDUxMjEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDg3NDMsImlhdCI6MTU1NjU0NTE0Mywibm9uY2UiOiJ1OExsTUNUd2JpajhTeWpXIn0.gjpuTtXC22TCvgme_WSUeGIOi3DTew0pr3lVO_qkjbW82AqThFX1aIzDmXv90l3hQneLI4GgeeBdIEOukrwELynRRhQJq4QV-z7G8DONhEb7xjxNCQAhZKcjbd4ELcFZah4NJsbwUk5eLVoH0XlLxZS4gOWKklBfP0a6OANnz8sX6UlvCj_AFE4sNEPRrnESMLULg1fvH3oCy-KHgVyvqfGHf7j0-NSAdXaXCekwI9aLgJK6_rWh9Ib3dSZ0eDcLyzz5k_qJHLbKc7MHzYqqYsPjVBXzc75K7JXd7U6F51yohTLRTf9EQ-tzBiULCizbXdHIMVf1wZnG7q8UDC6K9w', 'state': 'zRFCUC1z7hzbWcAN', 'token_type': 'Bearer', 'expires_in': 600} |
5 | AuthorizationResponse |
|
5 | phase | <--<-- 6 --- AccessToken -->--> |
5 | phase | <--<-- 7 --- Done -->--> |
5 | end | |
5 | assertion | ClaimsCheck |
5 | condition | claims-check: status=OK [Checks if specific claims is present or not] |
5 | assertion | SameAuthn |
5 | condition | same-authn: status=OK [Verifies that the same authentication was used twice in the flow.] |
5 | assertion | AuthTimeCheck |
5 | condition | auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.] |
5 | assertion | VerifyResponse |
5 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
5 | condition | Done: status=OK |
Result
PASSED