Test Info

Profile[]
Test descriptionRequesting ID Token with max_age=10000 seconds restriction
Timestamp2017-10-13T14:23:24Z
Issuerhttps://ofis.theoptimalcloud.com/odn/
Test IDOP-Req-max_age=10000

Conditions


auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
Done: status=OK

Trace Output

0.0phase<--<-- 0 --- Webfinger -->-->
0.0not expected to doWebFinger
0.0phase<--<-- 1 --- Discovery -->-->
0.0not expected to doDynamic discovery
0.0phase<--<-- 2 --- Registration -->-->
0.001not expected to doDynamic registration
0.001phase<--<-- 3 --- AsyncAuthn -->-->
0.001AuthorizationRequest
{
    "client_id": "https://op.certification.openid.net/",
    "nonce": "2BwaJzt1oMNCk30M",
    "redirect_uri": "https://op.certification.openid.net:60044/authz_cb",
    "response_type": "id_token",
    "scope": "openid",
    "state": "G0Mvf0iV9Ko4r7uG"
}
0.002redirect urlhttps://ofis.theoptimalcloud.com/odn/?nonce=2BwaJzt1oMNCk30M&response_type=id_token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=G0Mvf0iV9Ko4r7uG&scope=openid
0.002redirecthttps://ofis.theoptimalcloud.com/odn/?nonce=2BwaJzt1oMNCk30M&response_type=id_token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=G0Mvf0iV9Ko4r7uG&scope=openid
0.192http args{}
0.303responseaccess_token=kiRPKwxD-n3HVVmAwAOruuSNUcVRYqL1x5RbQK35_4XpiROx0iq2Y2Le29uR27Sx_MfJb-oRUhmyTJxQH8eBGHC--bbjyAEmGL_1CxUuW9eT97WPFaOzY-6r42GhRHQo4LrhdL7m36mBp7MS8N5YjM-T3ZBn93lrqOUysNAgkYcQXnjI8Z7IpEfEprPoThXBMwwhMCw2iSA9QNknKsA6slRZREnX8pIe-UfMeAr3RUrb8A4JBDMucb51JzhEK9J-&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiIyQndhSnp0MW9NTkNrMzBNIiwiYXRfaGFzaCI6IlhINWhpMkNGVjJHTkJ1aHpHQ3dUT0EiLCJjX2hhc2giOiItNEgxMG9ENmtQTzJ0Xzh5NDc2Y2hRIiwiaWF0IjoxNTA3OTA0NjA0LCJpc3MiOiJodHRwczovL29maXMudGhlb3B0aW1hbGNsb3VkLmNvbS9vZG4vIiwiYXVkIjoiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvIiwiZXhwIjoxNTA3OTA1MjA0LCJuYmYiOjE1MDc5MDQ2MDJ9.dpjTMqndcYP4hhS1AGz_nEKqtMgAq8xAcl6E3ZazwjuBHkAWCDSfNnLp-lEXihV7HimkGx9FQGlzWFUi75l1AecwOT88Ec4huvW7PLiutx_wx20ILQTB1etk_ryF5cBXQjF_r8eD7HIVKxN8DTZ3tVqWjRVGyHcN0HuL1z7vbiyARvAewdVll221Mm-GzpH5D6vTXGVA2nb9gLjemnm8WyRwFmyN8CT3UlLbEgpiI0WAB_Sk3D8t1z94KpfbZ3Ur28c0_HcfcRO-UnN7u1zzz2qZh1h7oK4M99_cXEEtxSipTaeCo0X3ovZ_Cqm0Ox2TyA7lmGlu9-KWKOaiRmjVmg&token_type=Bearer&state=G0Mvf0iV9Ko4r7uG&expires_in=36000
0.304response{'access_token': 'kiRPKwxD-n3HVVmAwAOruuSNUcVRYqL1x5RbQK35_4XpiROx0iq2Y2Le29uR27Sx_MfJb-oRUhmyTJxQH8eBGHC--bbjyAEmGL_1CxUuW9eT97WPFaOzY-6r42GhRHQo4LrhdL7m36mBp7MS8N5YjM-T3ZBn93lrqOUysNAgkYcQXnjI8Z7IpEfEprPoThXBMwwhMCw2iSA9QNknKsA6slRZREnX8pIe-UfMeAr3RUrb8A4JBDMucb51JzhEK9J-', 'id_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiIyQndhSnp0MW9NTkNrMzBNIiwiYXRfaGFzaCI6IlhINWhpMkNGVjJHTkJ1aHpHQ3dUT0EiLCJjX2hhc2giOiItNEgxMG9ENmtQTzJ0Xzh5NDc2Y2hRIiwiaWF0IjoxNTA3OTA0NjA0LCJpc3MiOiJodHRwczovL29maXMudGhlb3B0aW1hbGNsb3VkLmNvbS9vZG4vIiwiYXVkIjoiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvIiwiZXhwIjoxNTA3OTA1MjA0LCJuYmYiOjE1MDc5MDQ2MDJ9.dpjTMqndcYP4hhS1AGz_nEKqtMgAq8xAcl6E3ZazwjuBHkAWCDSfNnLp-lEXihV7HimkGx9FQGlzWFUi75l1AecwOT88Ec4huvW7PLiutx_wx20ILQTB1etk_ryF5cBXQjF_r8eD7HIVKxN8DTZ3tVqWjRVGyHcN0HuL1z7vbiyARvAewdVll221Mm-GzpH5D6vTXGVA2nb9gLjemnm8WyRwFmyN8CT3UlLbEgpiI0WAB_Sk3D8t1z94KpfbZ3Ur28c0_HcfcRO-UnN7u1zzz2qZh1h7oK4M99_cXEEtxSipTaeCo0X3ovZ_Cqm0Ox2TyA7lmGlu9-KWKOaiRmjVmg', 'state': 'G0Mvf0iV9Ko4r7uG', 'expires_in': 36000, 'token_type': 'Bearer'}
0.453AuthorizationResponse
{
    "access_token": "kiRPKwxD-n3HVVmAwAOruuSNUcVRYqL1x5RbQK35_4XpiROx0iq2Y2Le29uR27Sx_MfJb-oRUhmyTJxQH8eBGHC--bbjyAEmGL_1CxUuW9eT97WPFaOzY-6r42GhRHQo4LrhdL7m36mBp7MS8N5YjM-T3ZBn93lrqOUysNAgkYcQXnjI8Z7IpEfEprPoThXBMwwhMCw2iSA9QNknKsA6slRZREnX8pIe-UfMeAr3RUrb8A4JBDMucb51JzhEK9J-",
    "expires_in": 36000,
    "id_token": {
        "at_hash": "XH5hi2CFV2GNBuhzGCwTOA",
        "aud": [
            "https://op.certification.openid.net/"
        ],
        "birthdate": "1972-01-01",
        "c_hash": "-4H10oD6kPO2t_8y476chQ",
        "email": "jeff.bohren@optimalidm.com",
        "exp": 1507905204,
        "family_name": "Bohren",
        "gender": "male",
        "given_name": "Jeffrey",
        "iat": 1507904604,
        "iss": "https://ofis.theoptimalcloud.com/odn/",
        "locale": "en-US",
        "middle_name": "Scott",
        "name": "Jeffrey Bohren",
        "nbf": 1507904602,
        "nickname": "Jeffrey",
        "nonce": "2BwaJzt1oMNCk30M",
        "phone_number": "555-1212",
        "picture": "https://optimalidm.com",
        "preferred_username": "jeff.bohren@optimalidm.com",
        "profile": "https://optimalidm.com",
        "sub": "jBrDabUU7EGUyAxDB6KzCg==",
        "website": "http://optimalidm.com",
        "zoneinfo": "East US"
    },
    "state": "G0Mvf0iV9Ko4r7uG",
    "token_type": "Bearer"
}
0.453phase<--<-- 4 --- AccessToken -->-->
0.454phase<--<-- 5 --- AsyncAuthn -->-->
0.454AuthorizationRequest
{
    "client_id": "https://op.certification.openid.net/",
    "max_age": 10000,
    "nonce": "lGLfZdxsJqD9GkUV",
    "redirect_uri": "https://op.certification.openid.net:60044/authz_cb",
    "response_type": "id_token",
    "scope": "openid",
    "state": "jk62MR8kkaCFxQLE"
}
0.454redirect urlhttps://ofis.theoptimalcloud.com/odn/?nonce=lGLfZdxsJqD9GkUV&max_age=10000&response_type=id_token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=jk62MR8kkaCFxQLE&scope=openid
0.454redirecthttps://ofis.theoptimalcloud.com/odn/?nonce=lGLfZdxsJqD9GkUV&max_age=10000&response_type=id_token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=jk62MR8kkaCFxQLE&scope=openid
0.697http args{}
0.813responseaccess_token=bOrFptVSH0e4bkLriAx3jglf0aeVlX1MMsoiz4xQMzxciZMpi5jEUCVmLJOxuRqG-Hj4j6z_9atDD9x_E8wzLLXa27NiyX2vJLSX9q9NwJFGwAtYfKBU3r-rflRt-wG78IM2cUKL22Nz-kulFf9CG5g8yhPzxqpzumUa61v4JEVQv7ytMnUZMdz7r2CVc64CdzYlJ5UQIhni2sCjnfajHz2pUkvbVT2Jzk3zJuIlIxt2qCndVC5faVJK0bHiULet&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiJsR0xmWmR4c0pxRDlHa1VWIiwiYXRfaGFzaCI6Ikw1eG9KeHNWbzFqaXZ0TEJqdmdodUEiLCJjX2hhc2giOiJXUk1USW5nZkRhSlo5UEZRdHh0dXVBIiwiaWF0IjoxNTA3OTA0NjA0LCJhdXRoX3RpbWUiOiIxNTA3OTA0MTQ3IiwiaXNzIjoiaHR0cHM6Ly9vZmlzLnRoZW9wdGltYWxjbG91ZC5jb20vb2RuLyIsImF1ZCI6Imh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0LyIsImV4cCI6MTUwNzkwNTIwNCwibmJmIjoxNTA3OTA0NjAzfQ.VyYHfEJ62DicS9Kk1KZUJfekBPXgXqpcDcI8SkWVPmhNpl9bZTL32ogY8Q9HPTYtJ4je_hOempdJT3mU_XoALHLkyEB_o6ZGMfPJ0nffi8ndn1ULQjqNic3HJW4f6PR3cPcZHUML-Se24UzlcRgku7OZl0005mlJoHP8r3_S1BDoGHhFRhX-VEeUs85MHu69-J98IXAOhWMWAHxU_LT0Es3gwVYcuzQkyN70YdiMCo4U4PBnGv0Dil-zXAONqPDxTCS6QdBdYuz-48mhqx1PrAnc4wSx7_wKW4Dc2rZ0YEHfUkqqBZNyd4GiExuGspE-Y2-oVeg7WeHb61YLJMzOPQ&token_type=Bearer&state=jk62MR8kkaCFxQLE&expires_in=36000
0.813response{'access_token': 'bOrFptVSH0e4bkLriAx3jglf0aeVlX1MMsoiz4xQMzxciZMpi5jEUCVmLJOxuRqG-Hj4j6z_9atDD9x_E8wzLLXa27NiyX2vJLSX9q9NwJFGwAtYfKBU3r-rflRt-wG78IM2cUKL22Nz-kulFf9CG5g8yhPzxqpzumUa61v4JEVQv7ytMnUZMdz7r2CVc64CdzYlJ5UQIhni2sCjnfajHz2pUkvbVT2Jzk3zJuIlIxt2qCndVC5faVJK0bHiULet', 'id_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiJsR0xmWmR4c0pxRDlHa1VWIiwiYXRfaGFzaCI6Ikw1eG9KeHNWbzFqaXZ0TEJqdmdodUEiLCJjX2hhc2giOiJXUk1USW5nZkRhSlo5UEZRdHh0dXVBIiwiaWF0IjoxNTA3OTA0NjA0LCJhdXRoX3RpbWUiOiIxNTA3OTA0MTQ3IiwiaXNzIjoiaHR0cHM6Ly9vZmlzLnRoZW9wdGltYWxjbG91ZC5jb20vb2RuLyIsImF1ZCI6Imh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0LyIsImV4cCI6MTUwNzkwNTIwNCwibmJmIjoxNTA3OTA0NjAzfQ.VyYHfEJ62DicS9Kk1KZUJfekBPXgXqpcDcI8SkWVPmhNpl9bZTL32ogY8Q9HPTYtJ4je_hOempdJT3mU_XoALHLkyEB_o6ZGMfPJ0nffi8ndn1ULQjqNic3HJW4f6PR3cPcZHUML-Se24UzlcRgku7OZl0005mlJoHP8r3_S1BDoGHhFRhX-VEeUs85MHu69-J98IXAOhWMWAHxU_LT0Es3gwVYcuzQkyN70YdiMCo4U4PBnGv0Dil-zXAONqPDxTCS6QdBdYuz-48mhqx1PrAnc4wSx7_wKW4Dc2rZ0YEHfUkqqBZNyd4GiExuGspE-Y2-oVeg7WeHb61YLJMzOPQ', 'state': 'jk62MR8kkaCFxQLE', 'expires_in': 36000, 'token_type': 'Bearer'}
0.818AuthorizationResponse
{
    "access_token": "bOrFptVSH0e4bkLriAx3jglf0aeVlX1MMsoiz4xQMzxciZMpi5jEUCVmLJOxuRqG-Hj4j6z_9atDD9x_E8wzLLXa27NiyX2vJLSX9q9NwJFGwAtYfKBU3r-rflRt-wG78IM2cUKL22Nz-kulFf9CG5g8yhPzxqpzumUa61v4JEVQv7ytMnUZMdz7r2CVc64CdzYlJ5UQIhni2sCjnfajHz2pUkvbVT2Jzk3zJuIlIxt2qCndVC5faVJK0bHiULet",
    "expires_in": 36000,
    "id_token": {
        "at_hash": "L5xoJxsVo1jivtLBjvghuA",
        "aud": [
            "https://op.certification.openid.net/"
        ],
        "auth_time": 1507904147,
        "birthdate": "1972-01-01",
        "c_hash": "WRMTIngfDaJZ9PFQtxtuuA",
        "email": "jeff.bohren@optimalidm.com",
        "exp": 1507905204,
        "family_name": "Bohren",
        "gender": "male",
        "given_name": "Jeffrey",
        "iat": 1507904604,
        "iss": "https://ofis.theoptimalcloud.com/odn/",
        "locale": "en-US",
        "middle_name": "Scott",
        "name": "Jeffrey Bohren",
        "nbf": 1507904603,
        "nickname": "Jeffrey",
        "nonce": "lGLfZdxsJqD9GkUV",
        "phone_number": "555-1212",
        "picture": "https://optimalidm.com",
        "preferred_username": "jeff.bohren@optimalidm.com",
        "profile": "https://optimalidm.com",
        "sub": "jBrDabUU7EGUyAxDB6KzCg==",
        "website": "http://optimalidm.com",
        "zoneinfo": "East US"
    },
    "state": "jk62MR8kkaCFxQLE",
    "token_type": "Bearer"
}
0.818phase<--<-- 6 --- AccessToken -->-->
0.819phase<--<-- 7 --- Done -->-->
0.819end
0.819assertionAuthTimeCheck
0.819conditionauth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
0.82assertionSameAuthn
0.82conditionDone: status=OK

Result

PASSED