Test Info

Profile[]
Test descriptionRequesting ID Token with max_age=10000 seconds restriction
Timestamp2017-10-13T14:40:32Z
Issuerhttps://ofis.theoptimalcloud.com/odn/
Test IDOP-Req-max_age=10000

Conditions


auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
Done: status=OK

Trace Output

0.0phase<--<-- 0 --- Webfinger -->-->
0.0not expected to doWebFinger
0.0phase<--<-- 1 --- Discovery -->-->
0.0not expected to doDynamic discovery
0.0phase<--<-- 2 --- Registration -->-->
0.001not expected to doDynamic registration
0.001phase<--<-- 3 --- AsyncAuthn -->-->
0.001AuthorizationRequest
{
    "client_id": "https://op.certification.openid.net/",
    "nonce": "6jUc7FpF7xZtfXiI",
    "redirect_uri": "https://op.certification.openid.net:60044/authz_cb",
    "response_type": "id_token token",
    "scope": "openid",
    "state": "2NPYlznDujstUBsw"
}
0.001redirect urlhttps://ofis.theoptimalcloud.com/odn/?nonce=6jUc7FpF7xZtfXiI&response_type=id_token+token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=2NPYlznDujstUBsw&scope=openid
0.001redirecthttps://ofis.theoptimalcloud.com/odn/?nonce=6jUc7FpF7xZtfXiI&response_type=id_token+token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=2NPYlznDujstUBsw&scope=openid
0.201http args{}
0.308responseaccess_token=wceTis2b9HDbZ57W3FOIfuOnFiOqK-mY08c6zAyQE5Fc36bYkMkLJykqUhyMbXlGtoBtCZn3-4VjeAAwYefJv9K4W5i1CSympSbSbyD82H98LZUMv_zYs8i0OX512w3by20NhWWBYhJN2uKD86pqSo_0WYI1TWt0-cIlcCUrCEC9SujmaH9qMsUBeml4EwLA05yAcySE0ouWgiKLLKbyrr2zCJLtpSOlaUoflGoyWso5jDgcT7Lp66T3VF7GyrLH&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiI2alVjN0ZwRjd4WnRmWGlJIiwiYXRfaGFzaCI6IndXaWs2czFvSE1iQ0FqN2E2SDhHOFEiLCJjX2hhc2giOiJJeEtDaUhiY3BORm1taDJGWkRhaS1BIiwiaWF0IjoxNTA3OTA1NjMyLCJpc3MiOiJodHRwczovL29maXMudGhlb3B0aW1hbGNsb3VkLmNvbS9vZG4vIiwiYXVkIjoiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvIiwiZXhwIjoxNTA3OTA2MjMyLCJuYmYiOjE1MDc5MDU2MzB9.jVUlVJHqVrbOmSLA9SmhHs1k_cwPsHo8T6AEJFu0yOFLqCIMHVzzsR4ILumZrD310tbLRcDcVrk3xz1mAdmNBK8ltX4st3mY7obTHTxtyMi8DsoAKmDxTDMccke3BkI1rK052bgkTAdrwltqEpEoOk-Tse6zq1QZJk0FP2rQ8jpDq9O1Yxz6xR_vqbQp1GvQ72wtbr49puemVJc7Ngfp5DxBkfPRne9RfQR1mIxkub0H32SNCa4x39zaotw_QiUypjfhrOLFR_RzvLBeng9tDk-S-S6_LAmoPkyryYosGEpe_wbQ8h7J-F32IrvGsjHyF83aTrEspu6jwhFvN3M8AQ&token_type=Bearer&state=2NPYlznDujstUBsw&expires_in=36000
0.308response{'access_token': 'wceTis2b9HDbZ57W3FOIfuOnFiOqK-mY08c6zAyQE5Fc36bYkMkLJykqUhyMbXlGtoBtCZn3-4VjeAAwYefJv9K4W5i1CSympSbSbyD82H98LZUMv_zYs8i0OX512w3by20NhWWBYhJN2uKD86pqSo_0WYI1TWt0-cIlcCUrCEC9SujmaH9qMsUBeml4EwLA05yAcySE0ouWgiKLLKbyrr2zCJLtpSOlaUoflGoyWso5jDgcT7Lp66T3VF7GyrLH', 'id_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiI2alVjN0ZwRjd4WnRmWGlJIiwiYXRfaGFzaCI6IndXaWs2czFvSE1iQ0FqN2E2SDhHOFEiLCJjX2hhc2giOiJJeEtDaUhiY3BORm1taDJGWkRhaS1BIiwiaWF0IjoxNTA3OTA1NjMyLCJpc3MiOiJodHRwczovL29maXMudGhlb3B0aW1hbGNsb3VkLmNvbS9vZG4vIiwiYXVkIjoiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvIiwiZXhwIjoxNTA3OTA2MjMyLCJuYmYiOjE1MDc5MDU2MzB9.jVUlVJHqVrbOmSLA9SmhHs1k_cwPsHo8T6AEJFu0yOFLqCIMHVzzsR4ILumZrD310tbLRcDcVrk3xz1mAdmNBK8ltX4st3mY7obTHTxtyMi8DsoAKmDxTDMccke3BkI1rK052bgkTAdrwltqEpEoOk-Tse6zq1QZJk0FP2rQ8jpDq9O1Yxz6xR_vqbQp1GvQ72wtbr49puemVJc7Ngfp5DxBkfPRne9RfQR1mIxkub0H32SNCa4x39zaotw_QiUypjfhrOLFR_RzvLBeng9tDk-S-S6_LAmoPkyryYosGEpe_wbQ8h7J-F32IrvGsjHyF83aTrEspu6jwhFvN3M8AQ', 'state': '2NPYlznDujstUBsw', 'expires_in': 36000, 'token_type': 'Bearer'}
0.469AuthorizationResponse
{
    "access_token": "wceTis2b9HDbZ57W3FOIfuOnFiOqK-mY08c6zAyQE5Fc36bYkMkLJykqUhyMbXlGtoBtCZn3-4VjeAAwYefJv9K4W5i1CSympSbSbyD82H98LZUMv_zYs8i0OX512w3by20NhWWBYhJN2uKD86pqSo_0WYI1TWt0-cIlcCUrCEC9SujmaH9qMsUBeml4EwLA05yAcySE0ouWgiKLLKbyrr2zCJLtpSOlaUoflGoyWso5jDgcT7Lp66T3VF7GyrLH",
    "expires_in": 36000,
    "id_token": {
        "at_hash": "wWik6s1oHMbCAj7a6H8G8Q",
        "aud": [
            "https://op.certification.openid.net/"
        ],
        "birthdate": "1972-01-01",
        "c_hash": "IxKCiHbcpNFmmh2FZDai-A",
        "email": "jeff.bohren@optimalidm.com",
        "exp": 1507906232,
        "family_name": "Bohren",
        "gender": "male",
        "given_name": "Jeffrey",
        "iat": 1507905632,
        "iss": "https://ofis.theoptimalcloud.com/odn/",
        "locale": "en-US",
        "middle_name": "Scott",
        "name": "Jeffrey Bohren",
        "nbf": 1507905630,
        "nickname": "Jeffrey",
        "nonce": "6jUc7FpF7xZtfXiI",
        "phone_number": "555-1212",
        "picture": "https://optimalidm.com",
        "preferred_username": "jeff.bohren@optimalidm.com",
        "profile": "https://optimalidm.com",
        "sub": "jBrDabUU7EGUyAxDB6KzCg==",
        "website": "http://optimalidm.com",
        "zoneinfo": "East US"
    },
    "state": "2NPYlznDujstUBsw",
    "token_type": "Bearer"
}
0.469phase<--<-- 4 --- AccessToken -->-->
0.469phase<--<-- 5 --- AsyncAuthn -->-->
0.47AuthorizationRequest
{
    "client_id": "https://op.certification.openid.net/",
    "max_age": 10000,
    "nonce": "jlyv0eOU366qeLsV",
    "redirect_uri": "https://op.certification.openid.net:60044/authz_cb",
    "response_type": "id_token token",
    "scope": "openid",
    "state": "C4JShFyTJlcpRZTs"
}
0.47redirect urlhttps://ofis.theoptimalcloud.com/odn/?nonce=jlyv0eOU366qeLsV&max_age=10000&response_type=id_token+token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=C4JShFyTJlcpRZTs&scope=openid
0.47redirecthttps://ofis.theoptimalcloud.com/odn/?nonce=jlyv0eOU366qeLsV&max_age=10000&response_type=id_token+token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=C4JShFyTJlcpRZTs&scope=openid
0.644http args{}
0.743responseaccess_token=dgXDNWRBITD5-XUT8rRte7MlHHNMZ-TBd2L4PINByufzfWyutK58h60tGl7qftgfJVcllbaRWhjJyTI_wqcfvt2GPgPBbC-9TERSKi2kVAjail_9gxksaGbUQoErcX9NYiJBOb2t53Zel7qv5SNtxeZXmc3JC41iAcAOQfCIZyfaALT6sPesT_yzJoakucGuYy8iNUOIcrlMOFZ3ug58RQoAZU6XDiGk7KnckgIzObtPcsSDMflUtVHTILNP8OLP&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiJqbHl2MGVPVTM2NnFlTHNWIiwiYXRfaGFzaCI6IjRkV3ZsQXFpNmdraG5SRWNRM0xJOFEiLCJjX2hhc2giOiJGVlZmQWNabUxKOUZDTVdVMFEyQmNBIiwiaWF0IjoxNTA3OTA1NjMyLCJhdXRoX3RpbWUiOiIxNTA3OTA0NzIzIiwiaXNzIjoiaHR0cHM6Ly9vZmlzLnRoZW9wdGltYWxjbG91ZC5jb20vb2RuLyIsImF1ZCI6Imh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0LyIsImV4cCI6MTUwNzkwNjIzMiwibmJmIjoxNTA3OTA1NjMxfQ.RbJvbSgeRfIGOzuLg7vDA7hzjmn-Jh-y5liEidS63NzhOv60OkmCDkmybr53KvlRKOgw5HpxPXpnKSzlqGSp5m_tihYvd63WjHifAwBLyoLrDQP8iPwo_d__8dDGjuAwf-VCg9XqPttB2Lu-bhSpuOZJCov9ZH26jMTdl7bozSvqfF8PjAr5CtCPTRDgYpufVI8wQsR_tlLAZ4zHcYg04duZhIa47U1kADxpoYPfIrQJyol4XDElxTgRm9sI30rYIqBmE8CN8mJ2T-VkFJHQNyDz5_tLOIkRqiLoTyu-xOAHgSXjwj0NTbv_fzFL4uoX2I7ClPsQt5wN_Nhx2n2aRQ&token_type=Bearer&state=C4JShFyTJlcpRZTs&expires_in=36000
0.743response{'access_token': 'dgXDNWRBITD5-XUT8rRte7MlHHNMZ-TBd2L4PINByufzfWyutK58h60tGl7qftgfJVcllbaRWhjJyTI_wqcfvt2GPgPBbC-9TERSKi2kVAjail_9gxksaGbUQoErcX9NYiJBOb2t53Zel7qv5SNtxeZXmc3JC41iAcAOQfCIZyfaALT6sPesT_yzJoakucGuYy8iNUOIcrlMOFZ3ug58RQoAZU6XDiGk7KnckgIzObtPcsSDMflUtVHTILNP8OLP', 'id_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiJqbHl2MGVPVTM2NnFlTHNWIiwiYXRfaGFzaCI6IjRkV3ZsQXFpNmdraG5SRWNRM0xJOFEiLCJjX2hhc2giOiJGVlZmQWNabUxKOUZDTVdVMFEyQmNBIiwiaWF0IjoxNTA3OTA1NjMyLCJhdXRoX3RpbWUiOiIxNTA3OTA0NzIzIiwiaXNzIjoiaHR0cHM6Ly9vZmlzLnRoZW9wdGltYWxjbG91ZC5jb20vb2RuLyIsImF1ZCI6Imh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0LyIsImV4cCI6MTUwNzkwNjIzMiwibmJmIjoxNTA3OTA1NjMxfQ.RbJvbSgeRfIGOzuLg7vDA7hzjmn-Jh-y5liEidS63NzhOv60OkmCDkmybr53KvlRKOgw5HpxPXpnKSzlqGSp5m_tihYvd63WjHifAwBLyoLrDQP8iPwo_d__8dDGjuAwf-VCg9XqPttB2Lu-bhSpuOZJCov9ZH26jMTdl7bozSvqfF8PjAr5CtCPTRDgYpufVI8wQsR_tlLAZ4zHcYg04duZhIa47U1kADxpoYPfIrQJyol4XDElxTgRm9sI30rYIqBmE8CN8mJ2T-VkFJHQNyDz5_tLOIkRqiLoTyu-xOAHgSXjwj0NTbv_fzFL4uoX2I7ClPsQt5wN_Nhx2n2aRQ', 'state': 'C4JShFyTJlcpRZTs', 'expires_in': 36000, 'token_type': 'Bearer'}
0.748AuthorizationResponse
{
    "access_token": "dgXDNWRBITD5-XUT8rRte7MlHHNMZ-TBd2L4PINByufzfWyutK58h60tGl7qftgfJVcllbaRWhjJyTI_wqcfvt2GPgPBbC-9TERSKi2kVAjail_9gxksaGbUQoErcX9NYiJBOb2t53Zel7qv5SNtxeZXmc3JC41iAcAOQfCIZyfaALT6sPesT_yzJoakucGuYy8iNUOIcrlMOFZ3ug58RQoAZU6XDiGk7KnckgIzObtPcsSDMflUtVHTILNP8OLP",
    "expires_in": 36000,
    "id_token": {
        "at_hash": "4dWvlAqi6gkhnREcQ3LI8Q",
        "aud": [
            "https://op.certification.openid.net/"
        ],
        "auth_time": 1507904723,
        "birthdate": "1972-01-01",
        "c_hash": "FVVfAcZmLJ9FCMWU0Q2BcA",
        "email": "jeff.bohren@optimalidm.com",
        "exp": 1507906232,
        "family_name": "Bohren",
        "gender": "male",
        "given_name": "Jeffrey",
        "iat": 1507905632,
        "iss": "https://ofis.theoptimalcloud.com/odn/",
        "locale": "en-US",
        "middle_name": "Scott",
        "name": "Jeffrey Bohren",
        "nbf": 1507905631,
        "nickname": "Jeffrey",
        "nonce": "jlyv0eOU366qeLsV",
        "phone_number": "555-1212",
        "picture": "https://optimalidm.com",
        "preferred_username": "jeff.bohren@optimalidm.com",
        "profile": "https://optimalidm.com",
        "sub": "jBrDabUU7EGUyAxDB6KzCg==",
        "website": "http://optimalidm.com",
        "zoneinfo": "East US"
    },
    "state": "C4JShFyTJlcpRZTs",
    "token_type": "Bearer"
}
0.748phase<--<-- 6 --- AccessToken -->-->
0.748phase<--<-- 7 --- Done -->-->
0.748end
0.748assertionAuthTimeCheck
0.749conditionauth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
0.749assertionSameAuthn
0.749conditionDone: status=OK

Result

PASSED