Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-07-28 20:30:28 INFO
TEST-RUNNER
Test instance SYGFMwj42D created
baseUrl
https://www.certification.openid.net/test/SYGFMwj42D
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "id_token token",
  "server_metadata": "discovery",
  "response_mode": "default",
  "client_registration": "dynamic_client"
}
alias

                                
description
node oidc-provider
planId
80AoM0SOgisqm
config
{
  "description": "node oidc-provider",
  "server": {
    "discoveryUrl": "https://op.panva.cz/.well-known/openid-configuration",
    "login_hint": "bob@example.com"
  },
  "client": {
    "client_name": "first-openid-client"
  },
  "client2": {
    "client_name": "second-openid-client"
  }
}
testName
oidcc-session-management-rp-initiated-logout
2020-07-28 20:30:28 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/SYGFMwj42D/callback
2020-07-28 20:30:28
GetDynamicServerConfiguration
HTTP request
request_uri
https://op.panva.cz/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-07-28 20:30:28 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "5937",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Tue, 28 Jul 2020 20:30:28 GMT",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
response_body
{"acr_values_supported":["urn:mace:incommon:iap:bronze"],"authorization_endpoint":"https://op.panva.cz/auth","device_authorization_endpoint":"https://op.panva.cz/device/auth","claims_parameter_supported":true,"claims_supported":["sub","address","email","email_verified","phone_number","phone_number_verified","birthdate","family_name","gender","given_name","locale","middle_name","name","nickname","picture","preferred_username","profile","updated_at","website","zoneinfo","acr","sid","auth_time","iss","amr"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://op.panva.cz/session/end","check_session_iframe":"https://op.panva.cz/session/check","grant_types_supported":["implicit","authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:device_code"],"id_token_signing_alg_values_supported":["HS256","HS384","HS512","none","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"issuer":"https://op.panva.cz","jwks_uri":"https://op.panva.cz/jwks","registration_endpoint":"https://op.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token token","code id_token","code token","code","id_token token","id_token","none"],"scopes_supported":["openid","offline_access","address","email","phone","profile"],"subject_types_supported":["public","pairwise"],"token_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"token_endpoint":"https://op.panva.cz/token","pushed_authorization_request_endpoint":"https://op.panva.cz/request","request_object_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA","none"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"userinfo_endpoint":"https://op.panva.cz/me","userinfo_signing_alg_values_supported":["HS256","HS384","HS512","none","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"authorization_signing_alg_values_supported":["HS256","HS384","HS512","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"introspection_endpoint":"https://op.panva.cz/token/introspection","introspection_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"introspection_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"dpop_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"revocation_endpoint":"https://op.panva.cz/token/revocation","revocation_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"revocation_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"authorization_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"request_object_encryption_alg_values_supported":["A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir","RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"request_object_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"tls_client_certificate_bound_access_tokens":true,"claim_types_supported":["normal"],"service_documentation":"https://github.com/panva/node-oidc-provider","version":"6.28.0-a4eb4b2","mtls_endpoint_aliases":{"token_endpoint":"https://mtls.op.panva.cz/token","introspection_endpoint":"https://mtls.op.panva.cz/token/introspection","revocation_endpoint":"https://mtls.op.panva.cz/token/revocation","userinfo_endpoint":"https://mtls.op.panva.cz/me","device_authorization_endpoint":"https://mtls.op.panva.cz/device/auth","pushed_authorization_request_endpoint":"https://mtls.op.panva.cz/request"}}
2020-07-28 20:30:28
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"acr_values_supported":["urn:mace:incommon:iap:bronze"],"authorization_endpoint":"https://op.panva.cz/auth","device_authorization_endpoint":"https://op.panva.cz/device/auth","claims_parameter_supported":true,"claims_supported":["sub","address","email","email_verified","phone_number","phone_number_verified","birthdate","family_name","gender","given_name","locale","middle_name","name","nickname","picture","preferred_username","profile","updated_at","website","zoneinfo","acr","sid","auth_time","iss","amr"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://op.panva.cz/session/end","check_session_iframe":"https://op.panva.cz/session/check","grant_types_supported":["implicit","authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:device_code"],"id_token_signing_alg_values_supported":["HS256","HS384","HS512","none","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"issuer":"https://op.panva.cz","jwks_uri":"https://op.panva.cz/jwks","registration_endpoint":"https://op.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token token","code id_token","code token","code","id_token token","id_token","none"],"scopes_supported":["openid","offline_access","address","email","phone","profile"],"subject_types_supported":["public","pairwise"],"token_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"token_endpoint":"https://op.panva.cz/token","pushed_authorization_request_endpoint":"https://op.panva.cz/request","request_object_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA","none"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"userinfo_endpoint":"https://op.panva.cz/me","userinfo_signing_alg_values_supported":["HS256","HS384","HS512","none","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"authorization_signing_alg_values_supported":["HS256","HS384","HS512","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"introspection_endpoint":"https://op.panva.cz/token/introspection","introspection_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"introspection_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"dpop_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"revocation_endpoint":"https://op.panva.cz/token/revocation","revocation_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"revocation_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"authorization_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"request_object_encryption_alg_values_supported":["A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir","RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"request_object_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"tls_client_certificate_bound_access_tokens":true,"claim_types_supported":["normal"],"service_documentation":"https://github.com/panva/node-oidc-provider","version":"6.28.0-a4eb4b2","mtls_endpoint_aliases":{"token_endpoint":"https://mtls.op.panva.cz/token","introspection_endpoint":"https://mtls.op.panva.cz/token/introspection","revocation_endpoint":"https://mtls.op.panva.cz/token/revocation","userinfo_endpoint":"https://mtls.op.panva.cz/me","device_authorization_endpoint":"https://mtls.op.panva.cz/device/auth","pushed_authorization_request_endpoint":"https://mtls.op.panva.cz/request"}}
2020-07-28 20:30:28 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
acr_values_supported
[
  "urn:mace:incommon:iap:bronze"
]
authorization_endpoint
https://op.panva.cz/auth
device_authorization_endpoint
https://op.panva.cz/device/auth
claims_parameter_supported
true
claims_supported
[
  "sub",
  "address",
  "email",
  "email_verified",
  "phone_number",
  "phone_number_verified",
  "birthdate",
  "family_name",
  "gender",
  "given_name",
  "locale",
  "middle_name",
  "name",
  "nickname",
  "picture",
  "preferred_username",
  "profile",
  "updated_at",
  "website",
  "zoneinfo",
  "acr",
  "sid",
  "auth_time",
  "iss",
  "amr"
]
code_challenge_methods_supported
[
  "S256"
]
end_session_endpoint
https://op.panva.cz/session/end
check_session_iframe
https://op.panva.cz/session/check
grant_types_supported
[
  "implicit",
  "authorization_code",
  "refresh_token",
  "urn:ietf:params:oauth:grant-type:device_code"
]
id_token_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "none",
  "PS256",
  "PS384",
  "PS512",
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
issuer
https://op.panva.cz
jwks_uri
https://op.panva.cz/jwks
registration_endpoint
https://op.panva.cz/reg
response_modes_supported
[
  "form_post",
  "fragment",
  "query",
  "jwt",
  "query.jwt",
  "fragment.jwt",
  "form_post.jwt"
]
response_types_supported
[
  "code id_token token",
  "code id_token",
  "code token",
  "code",
  "id_token token",
  "id_token",
  "none"
]
scopes_supported
[
  "openid",
  "offline_access",
  "address",
  "email",
  "phone",
  "profile"
]
subject_types_supported
[
  "public",
  "pairwise"
]
token_endpoint_auth_methods_supported
[
  "none",
  "client_secret_basic",
  "client_secret_jwt",
  "client_secret_post",
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
token_endpoint
https://op.panva.cz/token
pushed_authorization_request_endpoint
https://op.panva.cz/request
request_object_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA",
  "none"
]
request_parameter_supported
true
request_uri_parameter_supported
true
require_request_uri_registration
true
userinfo_endpoint
https://op.panva.cz/me
userinfo_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "none",
  "PS256",
  "PS384",
  "PS512",
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
authorization_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "PS256",
  "PS384",
  "PS512",
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
introspection_endpoint
https://op.panva.cz/token/introspection
introspection_endpoint_auth_methods_supported
[
  "none",
  "client_secret_basic",
  "client_secret_jwt",
  "client_secret_post",
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
introspection_endpoint_auth_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
dpop_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
revocation_endpoint
https://op.panva.cz/token/revocation
revocation_endpoint_auth_methods_supported
[
  "none",
  "client_secret_basic",
  "client_secret_jwt",
  "client_secret_post",
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
revocation_endpoint_auth_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
id_token_encryption_alg_values_supported
[
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA-OAEP-384",
  "RSA-OAEP-512",
  "RSA1_5",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "A128KW",
  "A192KW",
  "A256KW",
  "PBES2-HS256+A128KW",
  "PBES2-HS384+A192KW",
  "PBES2-HS512+A256KW",
  "dir"
]
id_token_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A128GCM",
  "A192CBC-HS384",
  "A192GCM",
  "A256CBC-HS512",
  "A256GCM"
]
userinfo_encryption_alg_values_supported
[
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA-OAEP-384",
  "RSA-OAEP-512",
  "RSA1_5",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "A128KW",
  "A192KW",
  "A256KW",
  "PBES2-HS256+A128KW",
  "PBES2-HS384+A192KW",
  "PBES2-HS512+A256KW",
  "dir"
]
userinfo_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A128GCM",
  "A192CBC-HS384",
  "A192GCM",
  "A256CBC-HS512",
  "A256GCM"
]
authorization_encryption_alg_values_supported
[
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA-OAEP-384",
  "RSA-OAEP-512",
  "RSA1_5",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "A128KW",
  "A192KW",
  "A256KW",
  "PBES2-HS256+A128KW",
  "PBES2-HS384+A192KW",
  "PBES2-HS512+A256KW",
  "dir"
]
authorization_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A128GCM",
  "A192CBC-HS384",
  "A192GCM",
  "A256CBC-HS512",
  "A256GCM"
]
request_object_encryption_alg_values_supported
[
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "A128KW",
  "A192KW",
  "A256KW",
  "PBES2-HS256+A128KW",
  "PBES2-HS384+A192KW",
  "PBES2-HS512+A256KW",
  "dir",
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA-OAEP-384",
  "RSA-OAEP-512",
  "RSA1_5",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW"
]
request_object_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A128GCM",
  "A192CBC-HS384",
  "A192GCM",
  "A256CBC-HS512",
  "A256GCM"
]
backchannel_logout_supported
true
backchannel_logout_session_supported
true
frontchannel_logout_supported
true
frontchannel_logout_session_supported
true
tls_client_certificate_bound_access_tokens
true
claim_types_supported
[
  "normal"
]
service_documentation
https://github.com/panva/node-oidc-provider
version
6.28.0-a4eb4b2
mtls_endpoint_aliases
{
  "token_endpoint": "https://mtls.op.panva.cz/token",
  "introspection_endpoint": "https://mtls.op.panva.cz/token/introspection",
  "revocation_endpoint": "https://mtls.op.panva.cz/token/revocation",
  "userinfo_endpoint": "https://mtls.op.panva.cz/me",
  "device_authorization_endpoint": "https://mtls.op.panva.cz/device/auth",
  "pushed_authorization_request_endpoint": "https://mtls.op.panva.cz/request"
}
2020-07-28 20:30:28 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2020-07-28 20:30:28 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "op.panva.cz",
  "testPort": 443
}
authorization_endpoint
{
  "testHost": "op.panva.cz",
  "testPort": 443
}
token_endpoint
{
  "testHost": "op.panva.cz",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "op.panva.cz",
  "testPort": 443
}
2020-07-28 20:30:28
FetchServerKeys
Fetching server key
jwks_uri
https://op.panva.cz/jwks
2020-07-28 20:30:28
FetchServerKeys
HTTP request
request_uri
https://op.panva.cz/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-07-28 20:30:29 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "2810",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Tue, 28 Jul 2020 20:30:29 GMT",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
response_body
{"keys":[{"e":"AQAB","n":"xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ","kty":"RSA","kid":"r1LkbBo3925Rb2ZFFrKyU3MVex9T2817Kx0vbi6i_Kc","use":"sig"},{"e":"AQAB","n":"mXauIvyeUFA74P2vcmgAWSCMw6CP6-MJ6EvFuRARfLLJEi49AzQvJl_4pwDvLkZcCqS7OqPE1ufNyDH6oQPEc7JuukHMY02EgwqHjJ6GG6FQqJuiWlKB_l-7c9y9r4bh4r58xdZc6T5dFVSNT2VcIVoSjq9VmzwpaTKCUyVeZYHZhnLfWMm9rKU5WSz75siG-_jbudItsfhEwA59kvi4So2IV9TxHwW50i4IcTB1gXwG1olNgiX3-Mq1Iw5VGPzMo2hQXI3q1y-ZjhSwhvG5dje9J8htBEWdVYk4f6cv19IE9gEx7T-2vIVw5FCpAmmfFuRebec49c7zjfr0EyTI4w","kty":"RSA","kid":"w5kPRdJWODnYjihMgqs0tHkKk-e5OxU4DnSCZDkF_h0","use":"enc"},{"crv":"P-256","x":"FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4","y":"_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4","kty":"EC","kid":"MFZeG102dQiqbANoaMlW_Jmf7fOZmtRsHt77JFhTpF0","use":"sig"},{"crv":"P-256","x":"Eb3RtGgBGOEz33yu46aha_RU6pyBaYNlu6SawlWGGHQ","y":"tUncttzF6Ud4Abfn1N2A1Rz2MBbJSdI0zuKS28BNb-U","kty":"EC","kid":"mlSUkq-ELqZiWl9zs9ZKkbcjIvgajGgnXfPWUZn9lEc","use":"enc"},{"crv":"secp256k1","x":"KDAUHh_SpgROXXAq8IFs9B9lGNB9VP4RwebeAO2tBao","y":"wr3L1dZyUCrS4H18fDYy5hcvGTCp05tiiBy0ZUG8Qs4","kty":"EC","kid":"vl5k1biVlGOHeu2XiLg_0qrIVdoFdM0POWeeCl-QMsY","use":"sig"},{"crv":"P-384","x":"P1npwyTJ2p20D9_r2u31DU7tfDEufaVcSJJcDOuO6QyqrXvjyMvf8e5xv3XxE39l","y":"tmq2S12MVdKUQTmd0AxVEOji1ihR_vZAhTLKojD2XW_2EJH7ydiaz2oxrnkC0mvI","kty":"EC","kid":"rqHXKVLLF2RxqFgXWfEZE578gM-IhelOjugVfb_BMZ4","use":"sig"},{"crv":"P-384","x":"UhkqvxbxMCGtkg_-6W0gqkr21fgY3LSaNbquU7CYEDwBwGCd6iK6Bu5PVUxraulY","y":"CXrg3mxUkN5D4bPfiLfnD1jMYGSDxn2Zeh-8_OOstX21WNZJ9_i-iFZR3pIXyH0z","kty":"EC","kid":"rV1Hjt_79O_m1oJ7Jz0QgKHDa2iwb8p4kvMU0L99wjg","use":"enc"},{"crv":"P-521","x":"AIjEl5H8w2Rf_iqIP8WT7v5-FlBlBGYy5sMJs1XOxWz4RRARIEOemEY45g10sEPzZ4qe7oyjCUDK5FY1WwjRvgHK","y":"AaKN94cn1ApvvfpOWO9VpJm-lLzOUR8XxOrKYfPqcLs0zEqSPiGdWA5CoNL5ck1q-CXD09ysQSmNkzFGaig2Mnop","kty":"EC","kid":"RG_hu6lggazoCOu2wsrn3icSvhAXuGyL55f2GAaH2NA","use":"sig"},{"crv":"P-521","x":"AXFcu6lqcxoyFUU14xTw0I5cfCR2q0jqOXwU_EKjA5mIxUpue58IIrfrIh4IauV3co2SziD6Uf1SWe8l11Y4-BoJ","y":"AREzsMJu3VveUPMaJ2QWmjucwzZH4FqufXzS2IW-MGqViyDNTg2BgX-2VCJvdTo0zbhvRvBC1ghJNrVnH5M92JQ6","kty":"EC","kid":"MPcTmIIPYRnLt9s_TdBrpV27HcNVDi9aZpB0eJvAxzE","use":"enc"},{"crv":"Ed25519","x":"lDkysGJKRmJeUp8ncTyGraHPHHiIfdxSajxGm7Srla8","kty":"OKP","kid":"CLjPrbijCB2z9dScRNpM1mSGOQVOIByTmd18Ft2eiAQ","use":"sig"},{"crv":"Ed448","x":"BG1zKFg6A_Rzix4pA08oYN5xHqhKIiREXZ59NZoA8p3xhgjh-tm8nc-6udtiL5ZNhWDbnRSq4jQA","kty":"OKP","kid":"kU2PiegZOPUKcsJATItJArz18oWWfEH-Ma52K_8nGaE","use":"sig"}]}
2020-07-28 20:30:29
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"e":"AQAB","n":"xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ","kty":"RSA","kid":"r1LkbBo3925Rb2ZFFrKyU3MVex9T2817Kx0vbi6i_Kc","use":"sig"},{"e":"AQAB","n":"mXauIvyeUFA74P2vcmgAWSCMw6CP6-MJ6EvFuRARfLLJEi49AzQvJl_4pwDvLkZcCqS7OqPE1ufNyDH6oQPEc7JuukHMY02EgwqHjJ6GG6FQqJuiWlKB_l-7c9y9r4bh4r58xdZc6T5dFVSNT2VcIVoSjq9VmzwpaTKCUyVeZYHZhnLfWMm9rKU5WSz75siG-_jbudItsfhEwA59kvi4So2IV9TxHwW50i4IcTB1gXwG1olNgiX3-Mq1Iw5VGPzMo2hQXI3q1y-ZjhSwhvG5dje9J8htBEWdVYk4f6cv19IE9gEx7T-2vIVw5FCpAmmfFuRebec49c7zjfr0EyTI4w","kty":"RSA","kid":"w5kPRdJWODnYjihMgqs0tHkKk-e5OxU4DnSCZDkF_h0","use":"enc"},{"crv":"P-256","x":"FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4","y":"_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4","kty":"EC","kid":"MFZeG102dQiqbANoaMlW_Jmf7fOZmtRsHt77JFhTpF0","use":"sig"},{"crv":"P-256","x":"Eb3RtGgBGOEz33yu46aha_RU6pyBaYNlu6SawlWGGHQ","y":"tUncttzF6Ud4Abfn1N2A1Rz2MBbJSdI0zuKS28BNb-U","kty":"EC","kid":"mlSUkq-ELqZiWl9zs9ZKkbcjIvgajGgnXfPWUZn9lEc","use":"enc"},{"crv":"secp256k1","x":"KDAUHh_SpgROXXAq8IFs9B9lGNB9VP4RwebeAO2tBao","y":"wr3L1dZyUCrS4H18fDYy5hcvGTCp05tiiBy0ZUG8Qs4","kty":"EC","kid":"vl5k1biVlGOHeu2XiLg_0qrIVdoFdM0POWeeCl-QMsY","use":"sig"},{"crv":"P-384","x":"P1npwyTJ2p20D9_r2u31DU7tfDEufaVcSJJcDOuO6QyqrXvjyMvf8e5xv3XxE39l","y":"tmq2S12MVdKUQTmd0AxVEOji1ihR_vZAhTLKojD2XW_2EJH7ydiaz2oxrnkC0mvI","kty":"EC","kid":"rqHXKVLLF2RxqFgXWfEZE578gM-IhelOjugVfb_BMZ4","use":"sig"},{"crv":"P-384","x":"UhkqvxbxMCGtkg_-6W0gqkr21fgY3LSaNbquU7CYEDwBwGCd6iK6Bu5PVUxraulY","y":"CXrg3mxUkN5D4bPfiLfnD1jMYGSDxn2Zeh-8_OOstX21WNZJ9_i-iFZR3pIXyH0z","kty":"EC","kid":"rV1Hjt_79O_m1oJ7Jz0QgKHDa2iwb8p4kvMU0L99wjg","use":"enc"},{"crv":"P-521","x":"AIjEl5H8w2Rf_iqIP8WT7v5-FlBlBGYy5sMJs1XOxWz4RRARIEOemEY45g10sEPzZ4qe7oyjCUDK5FY1WwjRvgHK","y":"AaKN94cn1ApvvfpOWO9VpJm-lLzOUR8XxOrKYfPqcLs0zEqSPiGdWA5CoNL5ck1q-CXD09ysQSmNkzFGaig2Mnop","kty":"EC","kid":"RG_hu6lggazoCOu2wsrn3icSvhAXuGyL55f2GAaH2NA","use":"sig"},{"crv":"P-521","x":"AXFcu6lqcxoyFUU14xTw0I5cfCR2q0jqOXwU_EKjA5mIxUpue58IIrfrIh4IauV3co2SziD6Uf1SWe8l11Y4-BoJ","y":"AREzsMJu3VveUPMaJ2QWmjucwzZH4FqufXzS2IW-MGqViyDNTg2BgX-2VCJvdTo0zbhvRvBC1ghJNrVnH5M92JQ6","kty":"EC","kid":"MPcTmIIPYRnLt9s_TdBrpV27HcNVDi9aZpB0eJvAxzE","use":"enc"},{"crv":"Ed25519","x":"lDkysGJKRmJeUp8ncTyGraHPHHiIfdxSajxGm7Srla8","kty":"OKP","kid":"CLjPrbijCB2z9dScRNpM1mSGOQVOIByTmd18Ft2eiAQ","use":"sig"},{"crv":"Ed448","x":"BG1zKFg6A_Rzix4pA08oYN5xHqhKIiREXZ59NZoA8p3xhgjh-tm8nc-6udtiL5ZNhWDbnRSq4jQA","kty":"OKP","kid":"kU2PiegZOPUKcsJATItJArz18oWWfEH-Ma52K_8nGaE","use":"sig"}]}
2020-07-28 20:30:29 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ",
      "kty": "RSA",
      "kid": "r1LkbBo3925Rb2ZFFrKyU3MVex9T2817Kx0vbi6i_Kc",
      "use": "sig"
    },
    {
      "e": "AQAB",
      "n": "mXauIvyeUFA74P2vcmgAWSCMw6CP6-MJ6EvFuRARfLLJEi49AzQvJl_4pwDvLkZcCqS7OqPE1ufNyDH6oQPEc7JuukHMY02EgwqHjJ6GG6FQqJuiWlKB_l-7c9y9r4bh4r58xdZc6T5dFVSNT2VcIVoSjq9VmzwpaTKCUyVeZYHZhnLfWMm9rKU5WSz75siG-_jbudItsfhEwA59kvi4So2IV9TxHwW50i4IcTB1gXwG1olNgiX3-Mq1Iw5VGPzMo2hQXI3q1y-ZjhSwhvG5dje9J8htBEWdVYk4f6cv19IE9gEx7T-2vIVw5FCpAmmfFuRebec49c7zjfr0EyTI4w",
      "kty": "RSA",
      "kid": "w5kPRdJWODnYjihMgqs0tHkKk-e5OxU4DnSCZDkF_h0",
      "use": "enc"
    },
    {
      "crv": "P-256",
      "x": "FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4",
      "y": "_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4",
      "kty": "EC",
      "kid": "MFZeG102dQiqbANoaMlW_Jmf7fOZmtRsHt77JFhTpF0",
      "use": "sig"
    },
    {
      "crv": "P-256",
      "x": "Eb3RtGgBGOEz33yu46aha_RU6pyBaYNlu6SawlWGGHQ",
      "y": "tUncttzF6Ud4Abfn1N2A1Rz2MBbJSdI0zuKS28BNb-U",
      "kty": "EC",
      "kid": "mlSUkq-ELqZiWl9zs9ZKkbcjIvgajGgnXfPWUZn9lEc",
      "use": "enc"
    },
    {
      "crv": "secp256k1",
      "x": "KDAUHh_SpgROXXAq8IFs9B9lGNB9VP4RwebeAO2tBao",
      "y": "wr3L1dZyUCrS4H18fDYy5hcvGTCp05tiiBy0ZUG8Qs4",
      "kty": "EC",
      "kid": "vl5k1biVlGOHeu2XiLg_0qrIVdoFdM0POWeeCl-QMsY",
      "use": "sig"
    },
    {
      "crv": "P-384",
      "x": "P1npwyTJ2p20D9_r2u31DU7tfDEufaVcSJJcDOuO6QyqrXvjyMvf8e5xv3XxE39l",
      "y": "tmq2S12MVdKUQTmd0AxVEOji1ihR_vZAhTLKojD2XW_2EJH7ydiaz2oxrnkC0mvI",
      "kty": "EC",
      "kid": "rqHXKVLLF2RxqFgXWfEZE578gM-IhelOjugVfb_BMZ4",
      "use": "sig"
    },
    {
      "crv": "P-384",
      "x": "UhkqvxbxMCGtkg_-6W0gqkr21fgY3LSaNbquU7CYEDwBwGCd6iK6Bu5PVUxraulY",
      "y": "CXrg3mxUkN5D4bPfiLfnD1jMYGSDxn2Zeh-8_OOstX21WNZJ9_i-iFZR3pIXyH0z",
      "kty": "EC",
      "kid": "rV1Hjt_79O_m1oJ7Jz0QgKHDa2iwb8p4kvMU0L99wjg",
      "use": "enc"
    },
    {
      "crv": "P-521",
      "x": "AIjEl5H8w2Rf_iqIP8WT7v5-FlBlBGYy5sMJs1XOxWz4RRARIEOemEY45g10sEPzZ4qe7oyjCUDK5FY1WwjRvgHK",
      "y": "AaKN94cn1ApvvfpOWO9VpJm-lLzOUR8XxOrKYfPqcLs0zEqSPiGdWA5CoNL5ck1q-CXD09ysQSmNkzFGaig2Mnop",
      "kty": "EC",
      "kid": "RG_hu6lggazoCOu2wsrn3icSvhAXuGyL55f2GAaH2NA",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "x": "AXFcu6lqcxoyFUU14xTw0I5cfCR2q0jqOXwU_EKjA5mIxUpue58IIrfrIh4IauV3co2SziD6Uf1SWe8l11Y4-BoJ",
      "y": "AREzsMJu3VveUPMaJ2QWmjucwzZH4FqufXzS2IW-MGqViyDNTg2BgX-2VCJvdTo0zbhvRvBC1ghJNrVnH5M92JQ6",
      "kty": "EC",
      "kid": "MPcTmIIPYRnLt9s_TdBrpV27HcNVDi9aZpB0eJvAxzE",
      "use": "enc"
    },
    {
      "crv": "Ed25519",
      "x": "lDkysGJKRmJeUp8ncTyGraHPHHiIfdxSajxGm7Srla8",
      "kty": "OKP",
      "kid": "CLjPrbijCB2z9dScRNpM1mSGOQVOIByTmd18Ft2eiAQ",
      "use": "sig"
    },
    {
      "crv": "Ed448",
      "x": "BG1zKFg6A_Rzix4pA08oYN5xHqhKIiREXZ59NZoA8p3xhgjh-tm8nc-6udtiL5ZNhWDbnRSq4jQA",
      "kty": "OKP",
      "kid": "kU2PiegZOPUKcsJATItJArz18oWWfEH-Ma52K_8nGaE",
      "use": "sig"
    }
  ]
}
2020-07-28 20:30:29 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ",
      "kty": "RSA",
      "kid": "r1LkbBo3925Rb2ZFFrKyU3MVex9T2817Kx0vbi6i_Kc",
      "use": "sig"
    },
    {
      "e": "AQAB",
      "n": "mXauIvyeUFA74P2vcmgAWSCMw6CP6-MJ6EvFuRARfLLJEi49AzQvJl_4pwDvLkZcCqS7OqPE1ufNyDH6oQPEc7JuukHMY02EgwqHjJ6GG6FQqJuiWlKB_l-7c9y9r4bh4r58xdZc6T5dFVSNT2VcIVoSjq9VmzwpaTKCUyVeZYHZhnLfWMm9rKU5WSz75siG-_jbudItsfhEwA59kvi4So2IV9TxHwW50i4IcTB1gXwG1olNgiX3-Mq1Iw5VGPzMo2hQXI3q1y-ZjhSwhvG5dje9J8htBEWdVYk4f6cv19IE9gEx7T-2vIVw5FCpAmmfFuRebec49c7zjfr0EyTI4w",
      "kty": "RSA",
      "kid": "w5kPRdJWODnYjihMgqs0tHkKk-e5OxU4DnSCZDkF_h0",
      "use": "enc"
    },
    {
      "crv": "P-256",
      "x": "FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4",
      "y": "_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4",
      "kty": "EC",
      "kid": "MFZeG102dQiqbANoaMlW_Jmf7fOZmtRsHt77JFhTpF0",
      "use": "sig"
    },
    {
      "crv": "P-256",
      "x": "Eb3RtGgBGOEz33yu46aha_RU6pyBaYNlu6SawlWGGHQ",
      "y": "tUncttzF6Ud4Abfn1N2A1Rz2MBbJSdI0zuKS28BNb-U",
      "kty": "EC",
      "kid": "mlSUkq-ELqZiWl9zs9ZKkbcjIvgajGgnXfPWUZn9lEc",
      "use": "enc"
    },
    {
      "crv": "secp256k1",
      "x": "KDAUHh_SpgROXXAq8IFs9B9lGNB9VP4RwebeAO2tBao",
      "y": "wr3L1dZyUCrS4H18fDYy5hcvGTCp05tiiBy0ZUG8Qs4",
      "kty": "EC",
      "kid": "vl5k1biVlGOHeu2XiLg_0qrIVdoFdM0POWeeCl-QMsY",
      "use": "sig"
    },
    {
      "crv": "P-384",
      "x": "P1npwyTJ2p20D9_r2u31DU7tfDEufaVcSJJcDOuO6QyqrXvjyMvf8e5xv3XxE39l",
      "y": "tmq2S12MVdKUQTmd0AxVEOji1ihR_vZAhTLKojD2XW_2EJH7ydiaz2oxrnkC0mvI",
      "kty": "EC",
      "kid": "rqHXKVLLF2RxqFgXWfEZE578gM-IhelOjugVfb_BMZ4",
      "use": "sig"
    },
    {
      "crv": "P-384",
      "x": "UhkqvxbxMCGtkg_-6W0gqkr21fgY3LSaNbquU7CYEDwBwGCd6iK6Bu5PVUxraulY",
      "y": "CXrg3mxUkN5D4bPfiLfnD1jMYGSDxn2Zeh-8_OOstX21WNZJ9_i-iFZR3pIXyH0z",
      "kty": "EC",
      "kid": "rV1Hjt_79O_m1oJ7Jz0QgKHDa2iwb8p4kvMU0L99wjg",
      "use": "enc"
    },
    {
      "crv": "P-521",
      "x": "AIjEl5H8w2Rf_iqIP8WT7v5-FlBlBGYy5sMJs1XOxWz4RRARIEOemEY45g10sEPzZ4qe7oyjCUDK5FY1WwjRvgHK",
      "y": "AaKN94cn1ApvvfpOWO9VpJm-lLzOUR8XxOrKYfPqcLs0zEqSPiGdWA5CoNL5ck1q-CXD09ysQSmNkzFGaig2Mnop",
      "kty": "EC",
      "kid": "RG_hu6lggazoCOu2wsrn3icSvhAXuGyL55f2GAaH2NA",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "x": "AXFcu6lqcxoyFUU14xTw0I5cfCR2q0jqOXwU_EKjA5mIxUpue58IIrfrIh4IauV3co2SziD6Uf1SWe8l11Y4-BoJ",
      "y": "AREzsMJu3VveUPMaJ2QWmjucwzZH4FqufXzS2IW-MGqViyDNTg2BgX-2VCJvdTo0zbhvRvBC1ghJNrVnH5M92JQ6",
      "kty": "EC",
      "kid": "MPcTmIIPYRnLt9s_TdBrpV27HcNVDi9aZpB0eJvAxzE",
      "use": "enc"
    },
    {
      "crv": "Ed25519",
      "x": "lDkysGJKRmJeUp8ncTyGraHPHHiIfdxSajxGm7Srla8",
      "kty": "OKP",
      "kid": "CLjPrbijCB2z9dScRNpM1mSGOQVOIByTmd18Ft2eiAQ",
      "use": "sig"
    },
    {
      "crv": "Ed448",
      "x": "BG1zKFg6A_Rzix4pA08oYN5xHqhKIiREXZ59NZoA8p3xhgjh-tm8nc-6udtiL5ZNhWDbnRSq4jQA",
      "kty": "OKP",
      "kid": "kU2PiegZOPUKcsJATItJArz18oWWfEH-Ma52K_8nGaE",
      "use": "sig"
    }
  ]
}
2020-07-28 20:30:29 SUCCESS
ValidateServerJWKs
Valid server JWKs
2020-07-28 20:30:29 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2020-07-28 20:30:29 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-07-28 20:30:29 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2020-07-28 20:30:29 SUCCESS
CreatePostLogoutRedirectUri
Created post_logout_redirect_uri URI
post_logout_redirect_uri
https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect
2020-07-28 20:30:29 SUCCESS
GetDynamicClientConfiguration
Created dynamic_client_registration_template object from the client configuration.
client_name
first-openid-client
2020-07-28 20:30:29 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "7teZpRtpgmNVpYhR3vso3_aW5RMjVURcenask0_OWz5iysORQaANFC6a4t30_21ji3z2swfk_dpnG5Ax2xr9wNtqYzTtFw8IYD97m1JEYQ75AJwbB9qb6qce09C8lVxeNUHmJKlvDvS_jAK41PQaABTuumkleRThT-6Mpv489u8",
      "kty": "RSA",
      "q": "pB3aPKH_hPE8wAnfAzfpUZLhsxLfrOvEfyndgemsT6ruOZ5yhCaUQ1aL_BRXeL6wZs1apNEtlYr3_cYeAUr8NA61LyuachwzuDs5P50Y7ECqSY9Nxgwd6eZgKiR8LwivMh0H0ic3Ry2H-G7h1L0R7DUumBTQ3z44YCNbDwdAh4s",
      "d": "GOE20zv1-41fG2eAgyRcabYfaRa4SqaMGlI6HQVjmPBt2tVbxKqLbKCHMhnuM72FGvDRAwtyhgKQIXtmV-faxhg9ogJOM0fTu90ewbbt0denw-zaN6qyBzzbbi9JxMAZho4d6DcFFlUdTLE1gEOls3PiDDHe5qkrIYkHxS7WN-vn4hteNGgDQ4AE1jg0e0IwY4hdT82uIBpKa_gW3Dc_aW1vYL8waZbwfbGPh-SyWvKguDUAT8xb_1zV7PO2E8dwiElru8OJoJMFobRqWhfJNgaYau2rwOjx_4E7SJ8fOKwG27J-K-NKwEzh92nZcau6KNplC23hpiGLimS6Tr_HbQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "dbQOO4LpMfhspcInoOQLpcdy8X8XwQp3JcYHsRWP_IpauXvTfXdZ7itmivcNNO4geuGEOQPo_JPdHi39U43UoIO5MoA1DuVL5RE_nhF75A_FQH2fLrrMnbwflq0BrzqjKRuL9IZtD1nea8oDa7E7vBDgQ5KCqezZcwYtC-j7YSY",
      "dp": "autFMq5UyzPgsVuXGvTgVXI0FpQ8qv0RURkzJDcDr8D7xL1Ll08oy7IZUBoAhR_ZAiaM4ZRVJHbS1Xn1d5pboiwXMhYNVNc77qo8kUmAptpnCajYSOnKBn-Nw1CcO1jAK6M2fY8D0nQqE2lciKhFw2ebfwN27P815exqNo91hy0",
      "alg": "RS256",
      "dq": "pBOYaUAIxu-rrc7woDYY1M5FSZQX_bik9gF0DHsDI48fpolrsgUj-4KeZ0IrBXOXxt-NvPPIYBbUwml8_Avsw1rk96jfOzBI4OqM3LWCAkjQNsTHm7Xnfj4tbFSXtyo2haKSfB9q24WAx_aLXvY74ex1jeRZwqdhE3SliAvXDus",
      "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
    }
  ]
}
2020-07-28 20:30:29 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-07-28 20:30:29 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
first-openid-client SYGFMwj42D
2020-07-28 20:30:29
AddImplicitGrantTypeToDynamicRegistrationRequest
Added 'implicit' to 'grant_types'
grant_types
[
  "implicit"
]
2020-07-28 20:30:29
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client SYGFMwj42D",
  "grant_types": [
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
      }
    ]
  }
}
2020-07-28 20:30:29
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client SYGFMwj42D",
  "grant_types": [
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2020-07-28 20:30:29
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client SYGFMwj42D",
  "grant_types": [
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ]
}
2020-07-28 20:30:29
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client SYGFMwj42D",
  "grant_types": [
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/SYGFMwj42D/callback"
  ]
}
2020-07-28 20:30:29
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client SYGFMwj42D",
  "grant_types": [
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/SYGFMwj42D/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2020-07-28 20:30:29
AddPostLogoutRedirectUriToDynamicRegistrationRequest
Added post_logout_redirect_uris to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client SYGFMwj42D",
  "grant_types": [
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/SYGFMwj42D/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ],
  "post_logout_redirect_uris": [
    "https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect"
  ]
}
2020-07-28 20:30:29
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://op.panva.cz/reg
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "806"
}
request_body
{"client_name":"first-openid-client SYGFMwj42D","grant_types":["implicit"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["id_token token"],"redirect_uris":["https://www.certification.openid.net/test/SYGFMwj42D/callback"],"contacts":["certification@oidf.org"],"post_logout_redirect_uris":["https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect"]}
2020-07-28 20:30:34 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "cache-control": "no-cache, no-store",
  "content-length": "1672",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Tue, 28 Jul 2020 20:30:34 GMT",
  "pragma": "no-cache",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
response_body
{"application_type":"web","grant_types":["implicit"],"id_token_signed_response_alg":"RS256","post_logout_redirect_uris":["https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect"],"require_auth_time":false,"response_types":["id_token token"],"subject_type":"public","token_endpoint_auth_method":"client_secret_basic","introspection_endpoint_auth_method":"client_secret_basic","revocation_endpoint_auth_method":"client_secret_basic","backchannel_logout_session_required":false,"frontchannel_logout_session_required":false,"require_signed_request_object":false,"request_uris":[],"require_pushed_authorization_requests":false,"authorization_signed_response_alg":"RS256","tls_client_certificate_bound_access_tokens":false,"client_id_issued_at":1595968234,"client_id":"nKGw0A06bjJoJyKOP9wDp","client_name":"first-openid-client SYGFMwj42D","client_secret_expires_at":0,"client_secret":"csU8eu6uEzwowgy2xas6w84g5XqTHd-bO053qtf_r8-yIjhuCgrfBWlDlZzicuoNttkyxF6TdTnLSn34H2inCg","contacts":["certification@oidf.org"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"}]},"redirect_uris":["https://www.certification.openid.net/test/SYGFMwj42D/callback"],"registration_client_uri":"https://op.panva.cz/reg/nKGw0A06bjJoJyKOP9wDp","registration_access_token":"Ue_oLDw03AV-29eebJhWjjarYrxx_UBSkVtf06YpnqY"}
2020-07-28 20:30:34
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"application_type":"web","grant_types":["implicit"],"id_token_signed_response_alg":"RS256","post_logout_redirect_uris":["https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect"],"require_auth_time":false,"response_types":["id_token token"],"subject_type":"public","token_endpoint_auth_method":"client_secret_basic","introspection_endpoint_auth_method":"client_secret_basic","revocation_endpoint_auth_method":"client_secret_basic","backchannel_logout_session_required":false,"frontchannel_logout_session_required":false,"require_signed_request_object":false,"request_uris":[],"require_pushed_authorization_requests":false,"authorization_signed_response_alg":"RS256","tls_client_certificate_bound_access_tokens":false,"client_id_issued_at":1595968234,"client_id":"nKGw0A06bjJoJyKOP9wDp","client_name":"first-openid-client SYGFMwj42D","client_secret_expires_at":0,"client_secret":"csU8eu6uEzwowgy2xas6w84g5XqTHd-bO053qtf_r8-yIjhuCgrfBWlDlZzicuoNttkyxF6TdTnLSn34H2inCg","contacts":["certification@oidf.org"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"}]},"redirect_uris":["https://www.certification.openid.net/test/SYGFMwj42D/callback"],"registration_client_uri":"https://op.panva.cz/reg/nKGw0A06bjJoJyKOP9wDp","registration_access_token":"Ue_oLDw03AV-29eebJhWjjarYrxx_UBSkVtf06YpnqY"}
2020-07-28 20:30:34
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
application_type
web
grant_types
[
  "implicit"
]
id_token_signed_response_alg
RS256
post_logout_redirect_uris
[
  "https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect"
]
require_auth_time
false
response_types
[
  "id_token token"
]
subject_type
public
token_endpoint_auth_method
client_secret_basic
introspection_endpoint_auth_method
client_secret_basic
revocation_endpoint_auth_method
client_secret_basic
backchannel_logout_session_required
false
frontchannel_logout_session_required
false
require_signed_request_object
false
request_uris
[]
require_pushed_authorization_requests
false
authorization_signed_response_alg
RS256
tls_client_certificate_bound_access_tokens
false
client_id_issued_at
1595968234
client_id
nKGw0A06bjJoJyKOP9wDp
client_name
first-openid-client SYGFMwj42D
client_secret_expires_at
0
client_secret
csU8eu6uEzwowgy2xas6w84g5XqTHd-bO053qtf_r8-yIjhuCgrfBWlDlZzicuoNttkyxF6TdTnLSn34H2inCg
contacts
[
  "certification@oidf.org"
]
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "mR34dlfGSvDMdAfiD9bVSHHhKXjJAXyRgoUkmDVJf2M7PYwL4FKy-wXKEd1XhWPn4AZxCCkZAyzivp_cTudHhGliTgghZ8fRvW4kLQsF6IZG6EmdBDqaC6gUEwI8DWk6mcxTVHliYSAuMytAlRMQD52qRqCEIrcVDT_0CIZR8imGBpM2kir5U9VbEkauNmeZNsrOh9RenaoJ6Ibhqpz2py3j6NHSV-lLg_N6qczS8B9JBaEYf4pWVAK-s7KqT6fkaqnAzWmLJJE5vm2Bo6qY6Wp4Yv3X8JlZrAg68YFdFzenjO0YdLVml2R941UEHkrbsSNzLpS-yFjhbBW9dhIcxQ"
    }
  ]
}
redirect_uris
[
  "https://www.certification.openid.net/test/SYGFMwj42D/callback"
]
registration_client_uri
https://op.panva.cz/reg/nKGw0A06bjJoJyKOP9wDp
registration_access_token
Ue_oLDw03AV-29eebJhWjjarYrxx_UBSkVtf06YpnqY
2020-07-28 20:30:34 SUCCESS
CallDynamicRegistrationEndpoint
Extracted dynamic registration management credentials
registration_client_uri
https://op.panva.cz/reg/nKGw0A06bjJoJyKOP9wDp
registration_access_token
Ue_oLDw03AV-29eebJhWjjarYrxx_UBSkVtf06YpnqY
2020-07-28 20:30:34
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2020-07-28 20:30:34 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
token_endpoint_auth_methods_supported
actual
[
  "none",
  "client_secret_basic",
  "client_secret_jwt",
  "client_secret_post",
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2020-07-28 20:30:34 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://op.panva.cz/me
2020-07-28 20:30:34 SUCCESS
CheckDiscCheckSessionIframe
check_session_iframe
actual
https://op.panva.cz/session/check
2020-07-28 20:30:34
oidcc-session-management-rp-initiated-logout
Setup Done
Make request to authorization endpoint
2020-07-28 20:30:34 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
nKGw0A06bjJoJyKOP9wDp
redirect_uri
https://www.certification.openid.net/test/SYGFMwj42D/callback
scope
openid
2020-07-28 20:30:34
CreateRandomStateValue
Created state value
requested_state_length
128
state
celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j
2020-07-28 20:30:34 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
nKGw0A06bjJoJyKOP9wDp
redirect_uri
https://www.certification.openid.net/test/SYGFMwj42D/callback
scope
openid
state
celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j
2020-07-28 20:30:34
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
rdGGXq43uL
2020-07-28 20:30:34 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
nKGw0A06bjJoJyKOP9wDp
redirect_uri
https://www.certification.openid.net/test/SYGFMwj42D/callback
scope
openid
state
celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j
nonce
rdGGXq43uL
2020-07-28 20:30:34 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
nKGw0A06bjJoJyKOP9wDp
redirect_uri
https://www.certification.openid.net/test/SYGFMwj42D/callback
scope
openid
state
celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j
nonce
rdGGXq43uL
response_type
id_token token
2020-07-28 20:30:34 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://op.panva.cz/auth?client_id=nKGw0A06bjJoJyKOP9wDp&redirect_uri=https://www.certification.openid.net/test/SYGFMwj42D/callback&scope=openid&state=celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j&nonce=rdGGXq43uL&response_type=id_token%20token
2020-07-28 20:30:34 REDIRECT
oidcc-session-management-rp-initiated-logout
Redirecting to authorization endpoint
redirect_to
https://op.panva.cz/auth?client_id=nKGw0A06bjJoJyKOP9wDp&redirect_uri=https://www.certification.openid.net/test/SYGFMwj42D/callback&scope=openid&state=celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j&nonce=rdGGXq43uL&response_type=id_token%20token
2020-07-28 20:30:40 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://op.panva.cz/interaction/g5QoijjPaTe8Gb9GZREV_",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-07-28 20:30:40 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/ionIwMQll315qTE0TpwE",
  "fullUrl": "https://www.certification.openid.net/test/SYGFMwj42D/implicit/ionIwMQll315qTE0TpwE"
}
2020-07-28 20:30:40 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/SYGFMwj42D/implicit/ionIwMQll315qTE0TpwE, returnUrl=/log-detail.html?log=SYGFMwj42D}]
outgoing_path
callback
2020-07-28 20:30:40 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "*/*",
  "dnt": "1",
  "x-requested-with": "XMLHttpRequest",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/SYGFMwj42D/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "1017",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/ionIwMQll315qTE0TpwE
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
#id_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw&access_token=HEfkktGi6NhHa_Ji8QYUNweGPKFUj0lh9FVroYH9W2t&expires_in=3600&token_type=Bearer&scope=openid&state=celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j&session_state=Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0
2020-07-28 20:30:40 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [/log-detail.html?log=SYGFMwj42D]
outgoing_path
implicit/ionIwMQll315qTE0TpwE
2020-07-28 20:30:40
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "value": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw",
    "name": "id_token"
  },
  {
    "value": "HEfkktGi6NhHa_Ji8QYUNweGPKFUj0lh9FVroYH9W2t",
    "name": "access_token"
  },
  {
    "value": "3600",
    "name": "expires_in"
  },
  {
    "value": "Bearer",
    "name": "token_type"
  },
  {
    "value": "openid",
    "name": "scope"
  },
  {
    "value": "celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j",
    "name": "state"
  },
  {
    "value": "Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0",
    "name": "session_state"
  }
]
2020-07-28 20:30:40 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
id_token
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw
access_token
HEfkktGi6NhHa_Ji8QYUNweGPKFUj0lh9FVroYH9W2t
expires_in
3600
token_type
Bearer
scope
openid
state
celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j
session_state
Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0
2020-07-28 20:30:40 REDIRECT-IN
oidcc-session-management-rp-initiated-logout
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://op.panva.cz/interaction/g5QoijjPaTe8Gb9GZREV_",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw",
  "access_token": "HEfkktGi6NhHa_Ji8QYUNweGPKFUj0lh9FVroYH9W2t",
  "expires_in": "3600",
  "token_type": "Bearer",
  "scope": "openid",
  "state": "celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j",
  "session_state": "Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0"
}
post_body
Verify authorization endpoint response
2020-07-28 20:30:40 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2020-07-28 20:30:40 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2020-07-28 20:30:40 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2020-07-28 20:30:40 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2020-07-28 20:30:41 SUCCESS
CheckMatchingStateParameter
State parameter correctly returned
state
celPyYhLjgugsqswTiSEmVMPZPnTrfH80pTTaMenY09uNbxW3l894JO5RGExjniAiPtXIp4PLP4MRogtyxstc97WQaoCBJskRCbJ0HlGPMsIdLBKd5omR2ItZcRF5k8j
2020-07-28 20:30:41 SUCCESS
ExtractAccessTokenFromAuthorizationResponse
Extracted the access token
value
HEfkktGi6NhHa_Ji8QYUNweGPKFUj0lh9FVroYH9W2t
type
Bearer
2020-07-28 20:30:41 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw
header
{
  "kid": "r1LkbBo3925Rb2ZFFrKyU3MVex9T2817Kx0vbi6i_Kc",
  "typ": "JWT",
  "alg": "RS256"
}
claims
{
  "at_hash": "en1HGYNLOVSrFJFlO8Feiw",
  "sub": "foo",
  "aud": "nKGw0A06bjJoJyKOP9wDp",
  "s_hash": "MrwH32SkwoEoAXsOcR7ZNQ",
  "iss": "https://op.panva.cz",
  "exp": 1595971840,
  "nonce": "rdGGXq43uL",
  "iat": 1595968240
}
2020-07-28 20:30:41 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2020-07-28 20:30:41 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
rdGGXq43uL
2020-07-28 20:30:41 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2020-07-28 20:30:41 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw
2020-07-28 20:30:41 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw
2020-07-28 20:30:41 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
foo
Second authorization: Userinfo endpoint tests
2020-07-28 20:30:41
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://op.panva.cz/me
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer HEfkktGi6NhHa_Ji8QYUNweGPKFUj0lh9FVroYH9W2t",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2020-07-28 20:30:41 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "cache-control": "no-cache, no-store",
  "content-length": "13",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Tue, 28 Jul 2020 20:30:41 GMT",
  "pragma": "no-cache",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
response_body
{"sub":"foo"}
2020-07-28 20:30:41 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "cache-control": "no-cache, no-store",
  "content-length": "13",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Tue, 28 Jul 2020 20:30:41 GMT",
  "pragma": "no-cache",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
status_code
{
  "code": 200
}
body
{"sub":"foo"}
2020-07-28 20:30:41 SUCCESS
ExtractSessionStateFromAuthorizationResponse
Found session_state
session_state
Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0
2020-07-28 20:30:41 REDIRECT
oidcc-session-management-rp-initiated-logout
Redirecting to our session check page
redirect_to
https://www.certification.openid.net/test/SYGFMwj42D/session_verify
2020-07-28 20:30:43 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/log-detail.html?log\u003dSYGFMwj42D",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
session_verify
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-07-28 20:30:43 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
ModelAndView [view="sessionVerify"; model={check_session_iframe=https://op.panva.cz/session/check, session_iframe_unchanged=https://www.certification.openid.net/test/SYGFMwj42D/rp_session_iframe}]
outgoing_path
session_verify
2020-07-28 20:30:43 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "iframe",
  "referer": "https://www.certification.openid.net/test/SYGFMwj42D/session_verify",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
rp_session_iframe
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-07-28 20:30:43 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
ModelAndView [view="rpSessionIframe"; model={client_id=nKGw0A06bjJoJyKOP9wDp, session_state=Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0, issuer=https://op.panva.cz, service_url=https://www.certification.openid.net/test/SYGFMwj42D/session_result}]
outgoing_path
rp_session_iframe
2020-07-28 20:30:44 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/test/SYGFMwj42D/rp_session_iframe",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
session_result
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "state": "unchanged"
}
incoming_body
2020-07-28 20:30:44 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
ModelAndView [view="resultCaptured"; model={returnUrl=/log-detail.html?log=SYGFMwj42D}]
outgoing_path
session_result
2020-07-28 20:30:44 SUCCESS
CheckSessionResultIsUnchanged
state from the OP's check_session_iframe is 'unchanged' as expected.
2020-07-28 20:30:44 SUCCESS
ExtractSessionStateFromAuthorizationResponse
Found session_state
session_state
Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0
Redirect to end session endpoint & wait for response
2020-07-28 20:30:44
CreateRandomEndSessionState
Created end_session_state value
end_session_state
ovqUmuYOGiyTwOltWSPHtQUqFRymbmpYcwsgyHwKXLSJJZySio0369355417?&'}&(:^~~~\=\($?('^^^~='}%_&(
2020-07-28 20:30:44 SUCCESS
CreateEndSessionEndpointRequest
Created end session endpoint request
id_token_hint
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw
post_logout_redirect_uri
https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect
state
ovqUmuYOGiyTwOltWSPHtQUqFRymbmpYcwsgyHwKXLSJJZySio0369355417?&'}&(:^~~~\=\($?('^^^~='}%_&(
2020-07-28 20:30:44 SUCCESS
BuildRedirectToEndSessionEndpoint
Sending to end_session endpoint
redirect_to_end_session_endpoint
https://op.panva.cz/session/end?id_token_hint=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw&post_logout_redirect_uri=https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect&state=ovqUmuYOGiyTwOltWSPHtQUqFRymbmpYcwsgyHwKXLSJJZySio0369355417?%26'%7D%26(:%5E~~~%5C%3D%5C($?('%5E%5E%5E~%3D'%7D%25_%26(
2020-07-28 20:30:44 REDIRECT
oidcc-session-management-rp-initiated-logout
Redirecting to end session endpoint
redirect_to
https://op.panva.cz/session/end?id_token_hint=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw&post_logout_redirect_uri=https://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect&state=ovqUmuYOGiyTwOltWSPHtQUqFRymbmpYcwsgyHwKXLSJJZySio0369355417?%26'%7D%26(:%5E~~~%5C%3D%5C($?('%5E%5E%5E~%3D'%7D%25_%26(
2020-07-28 20:30:49 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://op.panva.cz/session/end?id_token_hint\u003deyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6InJkR0dYcTQzdUwiLCJhdF9oYXNoIjoiZW4xSEdZTkxPVlNyRkpGbE84RmVpdyIsInNfaGFzaCI6Ik1yd0gzMlNrd29Fb0FYc09jUjdaTlEiLCJhdWQiOiJuS0d3MEEwNmJqSm9KeUtPUDl3RHAiLCJleHAiOjE1OTU5NzE4NDAsImlhdCI6MTU5NTk2ODI0MCwiaXNzIjoiaHR0cHM6Ly9vcC5wYW52YS5jeiJ9.haakAzKEQu6e1LYr4GO7MVlXynjhn--nBRRCE0zU9L-5PmBjHv3ooSJVLvhhyzk8o4ciEyVJ4FM2LRN7P1pMv3xtBZL3hly47FVKbP4H0o5Bufn5-aEFJJhiO0J5xfZ0pfLgwjBlhthCTh9e8Yd5FqI7bdvSbSHl4BQFdavCCyoepDVRXSnkXPg6IHCSF0hktMjvuMucVHdByICCCYouGTsfTN3AlBRybaEi_hjPC3OIxknJLsKwl_zXq40AkzzRdRyuo3Qx3vdRAlI6SCzq4GRT1pcD7nwFrYn_QZDLl759Bxe7AUGfqUM8LipiEJj9AGCp0GVDITYT1DMzHey0Iw\u0026post_logout_redirect_uri\u003dhttps://www.certification.openid.net/test/SYGFMwj42D/post_logout_redirect\u0026state\u003dovqUmuYOGiyTwOltWSPHtQUqFRymbmpYcwsgyHwKXLSJJZySio0369355417?%26%27%7D%26(:%5E~~~%5C%3D%5C($?(%27%5E%5E%5E~%3D%27%7D%25_%26(",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
post_logout_redirect
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "state": "ovqUmuYOGiyTwOltWSPHtQUqFRymbmpYcwsgyHwKXLSJJZySio0369355417?\u0026\u0027}\u0026(:^~~~\\\u003d\\($?(\u0027^^^~\u003d\u0027}%_\u0026("
}
incoming_body
2020-07-28 20:30:49 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
ModelAndView [view="resultCaptured"; model={returnUrl=/log-detail.html?log=SYGFMwj42D}]
outgoing_path
post_logout_redirect
Verify frontchannel post logout redirect
2020-07-28 20:30:49 SUCCESS
CheckPostLogoutState
state passed to post logout redirect uri matches request
2020-07-28 20:30:49 SUCCESS
CheckForUnexpectedParametersInPostLogoutRedirect
post_logout_redirect includes only expected parameters
state
ovqUmuYOGiyTwOltWSPHtQUqFRymbmpYcwsgyHwKXLSJJZySio0369355417?&'}&(:^~~~\=\($?('^^^~='}%_&(
2020-07-28 20:30:49 SUCCESS
ExtractSessionStateFromAuthorizationResponse
Found session_state
session_state
Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0
2020-07-28 20:30:49 REDIRECT
oidcc-session-management-rp-initiated-logout
Redirecting to our session check page
redirect_to
https://www.certification.openid.net/test/SYGFMwj42D/second_session_verify
2020-07-28 20:30:54 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/log-detail.html?log\u003dSYGFMwj42D",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
second_session_verify
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-07-28 20:30:54 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
ModelAndView [view="sessionVerify"; model={check_session_iframe=https://op.panva.cz/session/check, session_iframe_unchanged=https://www.certification.openid.net/test/SYGFMwj42D/second_rp_session_iframe}]
outgoing_path
second_session_verify
2020-07-28 20:30:54 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "iframe",
  "referer": "https://www.certification.openid.net/test/SYGFMwj42D/second_session_verify",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
second_rp_session_iframe
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-07-28 20:30:54 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
ModelAndView [view="rpSessionIframe"; model={client_id=nKGw0A06bjJoJyKOP9wDp, session_state=Ml4MCOKEZzGkNvWJ3sBCl6g7l01hqa_t2GBP0yVNSy0, issuer=https://op.panva.cz, service_url=https://www.certification.openid.net/test/SYGFMwj42D/second_session_result}]
outgoing_path
second_rp_session_iframe
2020-07-28 20:30:55 INCOMING
oidcc-session-management-rp-initiated-logout
Incoming HTTP request to test instance SYGFMwj42D
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "dnt": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/test/SYGFMwj42D/second_rp_session_iframe",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en,en-US;q\u003d0.9,cs;q\u003d0.8",
  "cookie": "JSESSIONID\u003d81FE6060128F726EBB2F55AADA28DE83",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
second_session_result
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "state": "changed"
}
incoming_body
2020-07-28 20:30:55 OUTGOING
oidcc-session-management-rp-initiated-logout
Response to HTTP request to test instance SYGFMwj42D
outgoing
ModelAndView [view="resultCaptured"; model={returnUrl=/log-detail.html?log=SYGFMwj42D}]
outgoing_path
second_session_result
2020-07-28 20:30:55 SUCCESS
CheckSecondSessionResultIsChanged
state from the OP's check_session_iframe is 'changed' as expected.
2020-07-28 20:30:55 FINISHED
oidcc-session-management-rp-initiated-logout
Test has run to completion
testmodule_result
PASSED
Unregister dynamically registered client
2020-07-28 20:30:55
UnregisterDynamicallyRegisteredClient
HTTP request
request_uri
https://op.panva.cz/reg/nKGw0A06bjJoJyKOP9wDp
request_method
DELETE
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "authorization": "Bearer Ue_oLDw03AV-29eebJhWjjarYrxx_UBSkVtf06YpnqY",
  "content-length": "0"
}
request_body

                                
2020-07-28 20:30:55 RESPONSE
UnregisterDynamicallyRegisteredClient
HTTP response
response_status_code
204 NO_CONTENT
response_status_text
No Content
response_headers
{
  "cache-control": "no-cache, no-store",
  "date": "Tue, 28 Jul 2020 20:30:55 GMT",
  "pragma": "no-cache",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
response_body

                                
2020-07-28 20:30:55 SUCCESS
UnregisterDynamicallyRegisteredClient
Client successfully unregistered
Test Results