Test Name | fapi-rw-id2 |
---|---|
Variant | mtls, openbanking_uk, plain_response |
Test ID | FsAlqnaF59 |
Created | 2020-07-15T13:05:42.715976Z |
Description | |
Test Version | 4.0.7 |
Test Owner | 104839057614645266510 https://accounts.google.com |
Plan ID | Swmue5OvTo85q |
Exported From | https://www.certification.openid.net |
Exported By | 104839057614645266510 https://accounts.google.com |
Suite Version | 4.0.7 |
Exported | 2020-07-15 14:35:15 (UTC) |
Status: FINISHED Result: PASSED |
SUCCESS 214 FAILURE 0 WARNING 0 REVIEW 0 INFO 18 |
2020-07-15 13:05:42 |
INFO
|
TEST-RUNNER
Test instance FsAlqnaF59 created
|
||||||||||||||
|
2020-07-15 13:05:42 |
SUCCESS
|
CreateRedirectUri
Created redirect URI
|
||
|
2020-07-15 13:05:42 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2020-07-15 13:05:43 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2020-07-15 13:05:43 |
|
GetDynamicServerConfiguration
Downloaded server configuration
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||
|
2020-07-15 13:05:43 | INFO |
AddMTLSEndpointAliasesToEnvironment
The mtls_endpoint_aliases is not present in the server configuration
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
|
||||||||
|
2020-07-15 13:05:43 |
|
FetchServerKeys
Fetching server key
|
||
|
2020-07-15 13:05:43 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2020-07-15 13:05:43 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2020-07-15 13:05:43 |
|
FetchServerKeys
Found JWK set string
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2020-07-15 13:05:43 | SUCCESS |
ValidateServerJWKs
Valid server JWKs
|
|
2020-07-15 13:05:43 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2020-07-15 13:05:43 |
SUCCESS
|
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2020-07-15 13:05:43 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||
|
2020-07-15 13:05:43 |
|
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
|
|
2020-07-15 13:05:43 |
SUCCESS
|
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
|
|
2020-07-15 13:05:43 |
|
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
|
|
2020-07-15 13:05:43 |
SUCCESS
|
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
|
||||
|
2020-07-15 13:05:43 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs
|
|
2020-07-15 13:05:43 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2020-07-15 13:05:43 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2020-07-15 13:05:43 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2020-07-15 13:05:43 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
|
|
2020-07-15 13:05:43 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
Verify configuration of second client |
2020-07-15 13:05:43 |
SUCCESS
|
GetStaticClient2Configuration
Found a static second client object
|
||||||
|
2020-07-15 13:05:43 |
|
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
|
|
2020-07-15 13:05:43 |
SUCCESS
|
ValidateMTLSCertificates2Header
MTLS certificates header is valid
|
|
2020-07-15 13:05:43 |
|
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
|
|
2020-07-15 13:05:43 |
SUCCESS
|
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
|
||||
|
2020-07-15 13:05:43 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs
|
|
2020-07-15 13:05:43 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2020-07-15 13:05:43 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2020-07-15 13:05:43 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2020-07-15 13:05:43 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
|
|
2020-07-15 13:05:43 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
2020-07-15 13:05:43 |
SUCCESS
|
GetResourceEndpointConfiguration
Found a resource endpoint object
|
||||
|
2020-07-15 13:05:43 |
SUCCESS
|
SetProtectedResourceUrlToAccountsEndpoint
Set protected resource URL
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
|
||
|
2020-07-15 13:05:43 |
SUCCESS
|
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
|
||||
|
2020-07-15 13:05:43 |
|
fapi-rw-id2
Setup Done
|
|
Use client_credentials grant to obtain OpenBanking UK intent_id |
2020-07-15 13:05:43 |
SUCCESS
|
CreateTokenEndpointRequestForClientCredentialsGrant
|
||||
|
2020-07-15 13:05:43 |
SUCCESS
|
SetAccountScopeOnTokenEndpointRequest
Set scope parameter to accounts for OB testing
|
||||
|
2020-07-15 13:05:43 |
SUCCESS
|
AddClientIdToTokenEndpointRequest
|
||||||
|
2020-07-15 13:05:43 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2020-07-15 13:05:44 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2020-07-15 13:05:44 |
|
CallTokenEndpoint
Token endpoint response
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
2020-07-15 13:05:44 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2020-07-15 13:05:44 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2020-07-15 13:05:44 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2020-07-15 13:05:44 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2020-07-15 13:05:44 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2020-07-15 13:05:44 |
|
AddFAPIFinancialIdToResourceEndpointRequest
Added x-fapi-financial-id to resource_endpoint_request_headers
|
|
2020-07-15 13:05:44 |
SUCCESS
|
CreateCreateAccountRequestRequest
|
||
|
2020-07-15 13:05:44 |
|
CallAccountRequestsEndpointWithBearerToken
Found '/v3.' in the resource url, using OB V3 API 'account-access-consents'
|
||
|
2020-07-15 13:05:44 |
|
CallAccountRequestsEndpointWithBearerToken
HTTP request
|
||||||||||
|
2020-07-15 13:05:44 |
RESPONSE
|
CallAccountRequestsEndpointWithBearerToken
HTTP response
|
||||||||
|
2020-07-15 13:05:44 |
|
CallAccountRequestsEndpointWithBearerToken
Account requests endpoint response
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
CallAccountRequestsEndpointWithBearerToken
Parsed account requests endpoint response
|
||||
|
2020-07-15 13:05:44 |
SUCCESS
|
CheckIfAccountRequestsEndpointResponseError
No error from account requests endpoint
|
|
2020-07-15 13:05:44 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
ExtractAccountRequestIdFromAccountRequestsEndpointResponse
Extracted the account request ID
|
||
|
Make request to authorization endpoint |
2020-07-15 13:05:44 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2020-07-15 13:05:44 |
SUCCESS
|
AddAccountRequestIdToAuthorizationEndpointRequest
Added openbanking_intent_id claim to authorization_endpoint_request
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
OpenBankingUkAddMultipleAcrClaimsToAuthorizationEndpointRequest
Added acr to request as an essential id_token claim
|
||
|
2020-07-15 13:05:44 |
|
CreateRandomStateValue
Created state value
|
||||
|
2020-07-15 13:05:44 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||||
|
2020-07-15 13:05:44 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2020-07-15 13:05:44 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||||
|
2020-07-15 13:05:44 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
|
||||||||||||||
|
2020-07-15 13:05:44 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
AddExpToRequestObject
Added exp to request object claims
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
AddAudToRequestObject
Added aud to request object claims
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
AddIssToRequestObject
Added iss to request object claims
|
||
|
2020-07-15 13:05:44 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2020-07-15 13:05:44 |
SUCCESS
|
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2020-07-15 13:05:44 |
REDIRECT
|
fapi-rw-id2
Redirecting to authorization endpoint
|
||
|
2020-07-15 13:07:18 |
INCOMING
|
fapi-rw-id2
Incoming HTTP request to test instance FsAlqnaF59
|
||||||||||||||
|
2020-07-15 13:07:18 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2020-07-15 13:07:18 |
OUTGOING
|
fapi-rw-id2
Response to HTTP request to test instance FsAlqnaF59
|
||||
|
2020-07-15 13:07:19 |
INCOMING
|
fapi-rw-id2
Incoming HTTP request to test instance FsAlqnaF59
|
||||||||||||||
|
2020-07-15 13:07:19 |
OUTGOING
|
fapi-rw-id2
Response to HTTP request to test instance FsAlqnaF59
|
||||
|
2020-07-15 13:07:19 |
|
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
|
||
|
2020-07-15 13:07:19 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
Extracted the hash values
|
||||||
|
2020-07-15 13:07:19 |
REDIRECT-IN
|
fapi-rw-id2
Authorization endpoint response captured
|
||||||||||
|
Verify authorization endpoint response |
2020-07-15 13:07:19 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2020-07-15 13:07:19 | SUCCESS |
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
|
|
2020-07-15 13:07:19 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
|
2020-07-15 13:07:19 | SUCCESS |
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
|
|
2020-07-15 13:07:19 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2020-07-15 13:07:19 |
SUCCESS
|
ValidateSuccessfulHybridResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
|
||||||
|
2020-07-15 13:07:19 | SUCCESS |
CheckMatchingStateParameter
State parameter correctly returned
|
||
|
2020-07-15 13:07:19 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2020-07-15 13:07:19 | SUCCESS |
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
|
||||
|
2020-07-15 13:07:19 | SUCCESS |
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2020-07-15 13:07:19 | SUCCESS |
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
|
||||||
|
2020-07-15 13:07:19 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2020-07-15 13:07:19 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2020-07-15 13:07:19 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
|
||||
|
2020-07-15 13:07:19 | SUCCESS |
OBValidateIdTokenIntentId
openbanking_intent_id passed all validation checks
|
|
2020-07-15 13:07:19 | SUCCESS |
ValidateIdTokenSignature
id_token signature validated
|
||
|
2020-07-15 13:07:19 | SUCCESS |
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2020-07-15 13:07:19 | SUCCESS |
CheckForSubjectInIdToken
Found 'sub' in id_token
|
||
|
2020-07-15 13:07:19 | SUCCESS |
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||
|
2020-07-15 13:07:19 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2020-07-15 13:07:19 | SUCCESS |
ExtractSHash
Extracted s_hash from ID Token
|
||||
|
2020-07-15 13:07:19 | SUCCESS |
ValidateSHash
State hash validated successfully
|
||
|
2020-07-15 13:07:19 | SUCCESS |
ExtractCHash
Extracted c_hash from ID Token
|
||||
|
2020-07-15 13:07:19 | SUCCESS |
ValidateCHash
State hash validated successfully
|
||
|
2020-07-15 13:07:19 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
|
||||||
|
2020-07-15 13:07:19 |
SUCCESS
|
AddClientIdToTokenEndpointRequest
|
||||||||
|
2020-07-15 13:07:19 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2020-07-15 13:07:20 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2020-07-15 13:07:20 |
|
CallTokenEndpoint
Token endpoint response
|
||
|
2020-07-15 13:07:20 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||||||
|
2020-07-15 13:07:20 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2020-07-15 13:07:20 | SUCCESS |
CheckForAccessTokenValue
Found an access token
|
||
|
2020-07-15 13:07:20 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2020-07-15 13:07:20 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2020-07-15 13:07:20 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2020-07-15 13:07:20 |
SUCCESS
|
CheckForRefreshTokenValue
Found a refresh token
|
||
|
2020-07-15 13:07:20 | SUCCESS |
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
|
||||
|
2020-07-15 13:07:20 | SUCCESS |
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2020-07-15 13:07:20 | SUCCESS |
EnsureMinimumAccessTokenLength
Access token is of sufficient length
|
||||
|
2020-07-15 13:07:20 | SUCCESS |
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2020-07-15 13:07:20 | SUCCESS |
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
|
||||||
|
2020-07-15 13:07:20 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2020-07-15 13:07:20 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2020-07-15 13:07:20 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
|
||||
|
2020-07-15 13:07:20 | SUCCESS |
OBValidateIdTokenIntentId
openbanking_intent_id passed all validation checks
|
|
2020-07-15 13:07:20 | SUCCESS |
ValidateIdTokenSignature
id_token signature validated
|
||
|
2020-07-15 13:07:20 | SUCCESS |
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2020-07-15 13:07:20 | SUCCESS |
CheckForSubjectInIdToken
Found 'sub' in id_token
|
||
|
2020-07-15 13:07:20 | SUCCESS |
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||
|
2020-07-15 13:07:20 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2020-07-15 13:07:20 | INFO |
ExtractCHash
Couldn't find c_hash in ID token
|
|
2020-07-15 13:07:20 | INFO |
ExtractSHash
Couldn't find s_hash in ID token
|
|
2020-07-15 13:07:20 | SUCCESS |
ExtractAtHash
Extracted at_hash from ID Token
|
||||
|
2020-07-15 13:07:20 | INFO |
ValidateCHash
Skipped evaluation due to missing required object: c_hash
|
||||
|
2020-07-15 13:07:20 | INFO |
ValidateSHash
Skipped evaluation due to missing required object: s_hash
|
||||
|
2020-07-15 13:07:20 | SUCCESS |
ValidateAtHash
State hash validated successfully
|
||
|
Verify at_hash in the authorization endpoint id_token |
2020-07-15 13:07:20 | INFO |
ExtractAtHash
Couldn't find at_hash in ID token
|
|
2020-07-15 13:07:20 | INFO |
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
|
||||
|
Accounts request endpoint TLS test |
2020-07-15 13:07:20 | SUCCESS |
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
|
||||
|
2020-07-15 13:07:20 | SUCCESS |
DisallowTLS10
Server refused TLS 1.0 handshake
|
||||
|
2020-07-15 13:07:21 | SUCCESS |
DisallowTLS11
Server refused TLS 1.1 handshake
|
||||
|
2020-07-15 13:07:21 |
|
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
|
||||
|
2020-07-15 13:07:21 | SUCCESS |
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
|
||||
|
Accounts resource endpoint TLS test |
2020-07-15 13:07:21 | SUCCESS |
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
|
||||
|
2020-07-15 13:07:21 | SUCCESS |
DisallowTLS10
Server refused TLS 1.0 handshake
|
||||
|
2020-07-15 13:07:21 | SUCCESS |
DisallowTLS11
Server refused TLS 1.1 handshake
|
||||
|
2020-07-15 13:07:22 |
|
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
|
||||
|
2020-07-15 13:07:22 | SUCCESS |
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
|
||||
|
Resource server endpoint tests |
2020-07-15 13:07:22 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2020-07-15 13:07:22 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2020-07-15 13:07:22 |
|
CreateRandomFAPIInteractionId
Created interaction ID
|
||
|
2020-07-15 13:07:22 |
|
AddFAPIInteractionIdToResourceEndpointRequest
Condition ran but did not log anything
|
|
2020-07-15 13:07:22 |
|
AddFAPIFinancialIdToResourceEndpointRequest
Added x-fapi-financial-id to resource_endpoint_request_headers
|
|
2020-07-15 13:07:22 |
|
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP request
|
||||||||||
|
2020-07-15 13:07:23 |
RESPONSE
|
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP response
|
||||||||
|
2020-07-15 13:07:23 | SUCCESS |
CallProtectedResourceWithBearerTokenAndCustomHeaders
Got a response from the resource endpoint
|
||||||
|
2020-07-15 13:07:23 | SUCCESS |
CheckForDateHeaderInResourceResponse
Date header present and validated
|
||||
|
2020-07-15 13:07:23 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2020-07-15 13:07:23 | SUCCESS |
EnsureMatchingFAPIInteractionId
Interaction ID matched
|
||
|
2020-07-15 13:07:23 | SUCCESS |
EnsureResourceResponseReturnedJsonContentType
Response content type is JSON
|
||
|
2020-07-15 13:07:23 |
|
DisallowAccessTokenInQuery
HTTP request
|
||||||||||
|
2020-07-15 13:07:24 |
RESPONSE
|
DisallowAccessTokenInQuery
HTTP response
|
||||||||
|
2020-07-15 13:07:24 | SUCCESS |
DisallowAccessTokenInQuery
Resource server refused request
|
||||
|
2020-07-15 13:07:24 |
SUCCESS
|
SetPlainJsonAcceptHeaderForResourceEndpointRequest
Set Accept header
|
||
|
2020-07-15 13:07:24 |
|
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP request
|
||||||||||
|
2020-07-15 13:07:25 |
RESPONSE
|
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP response
|
||||||||
|
2020-07-15 13:07:25 | SUCCESS |
CallProtectedResourceWithBearerTokenAndCustomHeaders
Got a response from the resource endpoint
|
||||||
|
2020-07-15 13:07:25 |
SUCCESS
|
SetPermissiveAcceptHeaderForResourceEndpointRequest
Set Accept header
|
||
|
2020-07-15 13:07:25 |
|
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP request
|
||||||||||
|
2020-07-15 13:07:26 |
RESPONSE
|
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP response
|
||||||||
|
2020-07-15 13:07:26 | SUCCESS |
CallProtectedResourceWithBearerTokenAndCustomHeaders
Got a response from the resource endpoint
|
||||||
|
2020-07-15 13:07:26 |
SUCCESS
|
ClearAcceptHeaderForResourceEndpointRequest
Cleared custom Accept header
|
|
Second client: Setup |
2020-07-15 13:07:26 | SUCCESS |
AddRedirectUriQuerySuffix
Created redirect URI query suffix to test that query sections in the registered redirect url are handled correctly. The redirect url, including this suffix, must be registered for the client as per http://openid.net/certification/fapi_op_testing/
|
||
|
2020-07-15 13:07:26 |
|
CreateRedirectUri
Appending suffix to redirect URI
|
||
|
2020-07-15 13:07:26 | SUCCESS |
CreateRedirectUri
Created redirect URI
|
||
|
Second client: Use client_credentials grant to obtain OpenBanking UK intent_id |
2020-07-15 13:07:26 |
SUCCESS
|
CreateTokenEndpointRequestForClientCredentialsGrant
|
||||
|
2020-07-15 13:07:26 |
SUCCESS
|
SetAccountScopeOnTokenEndpointRequest
Set scope parameter to accounts for OB testing
|
||||
|
2020-07-15 13:07:26 |
SUCCESS
|
AddClientIdToTokenEndpointRequest
|
||||||
|
2020-07-15 13:07:26 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2020-07-15 13:07:27 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2020-07-15 13:07:27 |
|
CallTokenEndpoint
Token endpoint response
|
||
|
2020-07-15 13:07:27 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
2020-07-15 13:07:27 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2020-07-15 13:07:27 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2020-07-15 13:07:27 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2020-07-15 13:07:27 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2020-07-15 13:07:27 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2020-07-15 13:07:27 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2020-07-15 13:07:27 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2020-07-15 13:07:27 |
|
AddFAPIFinancialIdToResourceEndpointRequest
Added x-fapi-financial-id to resource_endpoint_request_headers
|
|
2020-07-15 13:07:27 |
SUCCESS
|
CreateCreateAccountRequestRequestWithExpiration
|
||
|
2020-07-15 13:07:27 |
|
CallAccountRequestsEndpointWithBearerToken
Found '/v3.' in the resource url, using OB V3 API 'account-access-consents'
|
||
|
2020-07-15 13:07:27 |
|
CallAccountRequestsEndpointWithBearerToken
HTTP request
|
||||||||||
|
2020-07-15 13:07:28 |
RESPONSE
|
CallAccountRequestsEndpointWithBearerToken
HTTP response
|
||||||||
|
2020-07-15 13:07:28 |
|
CallAccountRequestsEndpointWithBearerToken
Account requests endpoint response
|
||
|
2020-07-15 13:07:28 |
SUCCESS
|
CallAccountRequestsEndpointWithBearerToken
Parsed account requests endpoint response
|
||||
|
2020-07-15 13:07:28 |
SUCCESS
|
CheckIfAccountRequestsEndpointResponseError
No error from account requests endpoint
|
|
2020-07-15 13:07:28 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2020-07-15 13:07:28 |
SUCCESS
|
ExtractAccountRequestIdFromAccountRequestsEndpointResponse
Extracted the account request ID
|
||
|
Second client: Make request to authorization endpoint |
2020-07-15 13:07:28 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2020-07-15 13:07:28 |
SUCCESS
|
AddAccountRequestIdToAuthorizationEndpointRequest
Added openbanking_intent_id claim to authorization_endpoint_request
|
||
|
2020-07-15 13:07:28 |
SUCCESS
|
OpenBankingUkAddMultipleAcrClaimsToAuthorizationEndpointRequest
Added acr to request as an essential id_token claim
|
||
|
2020-07-15 13:07:28 |
|
CreateRandomStateValue
Created state value
|
||||
|
2020-07-15 13:07:28 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||||
|
2020-07-15 13:07:28 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2020-07-15 13:07:28 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||||
|
2020-07-15 13:07:28 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
|
||||||||||||||
|
2020-07-15 13:07:28 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2020-07-15 13:07:28 |
SUCCESS
|
AddIatToRequestObject
Added iat to request object claims
|
||
|
2020-07-15 13:07:28 |
SUCCESS
|
AddExpToRequestObject
Added exp to request object claims
|
||
|
2020-07-15 13:07:28 |
SUCCESS
|
AddAudToRequestObject
Added aud to request object claims
|
||
|
2020-07-15 13:07:28 |
SUCCESS
|
AddIssToRequestObject
Added iss to request object claims
|
||
|
2020-07-15 13:07:28 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2020-07-15 13:07:28 |
SUCCESS
|
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2020-07-15 13:07:28 |
REDIRECT
|
fapi-rw-id2
Redirecting to authorization endpoint
|
||
|
2020-07-15 13:08:24 |
INCOMING
|
fapi-rw-id2
Incoming HTTP request to test instance FsAlqnaF59
|
||||||||||||||
|
2020-07-15 13:08:24 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2020-07-15 13:08:24 |
OUTGOING
|
fapi-rw-id2
Response to HTTP request to test instance FsAlqnaF59
|
||||
|
2020-07-15 13:08:25 |
INCOMING
|
fapi-rw-id2
Incoming HTTP request to test instance FsAlqnaF59
|
||||||||||||||
|
2020-07-15 13:08:25 |
OUTGOING
|
fapi-rw-id2
Response to HTTP request to test instance FsAlqnaF59
|
||||
|
2020-07-15 13:08:25 |
|
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
|
||
|
2020-07-15 13:08:25 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
Extracted the hash values
|
||||||
|
2020-07-15 13:08:25 |
REDIRECT-IN
|
fapi-rw-id2
Authorization endpoint response captured
|
||||||||||
|
Second client: Verify authorization endpoint response |
2020-07-15 13:08:25 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2020-07-15 13:08:25 | SUCCESS |
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
|
|
2020-07-15 13:08:25 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
||||
|
2020-07-15 13:08:25 | SUCCESS |
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
|
|
2020-07-15 13:08:25 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2020-07-15 13:08:25 |
SUCCESS
|
ValidateSuccessfulHybridResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
|
||||||
|
2020-07-15 13:08:25 | SUCCESS |
CheckMatchingStateParameter
State parameter correctly returned
|
||
|
2020-07-15 13:08:25 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2020-07-15 13:08:25 | SUCCESS |
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
|
||||
|
2020-07-15 13:08:25 | SUCCESS |
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2020-07-15 13:08:25 | SUCCESS |
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
|
||||||
|
2020-07-15 13:08:25 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2020-07-15 13:08:25 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2020-07-15 13:08:25 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
|
||||
|
2020-07-15 13:08:25 | SUCCESS |
OBValidateIdTokenIntentId
openbanking_intent_id passed all validation checks
|
|
2020-07-15 13:08:25 | SUCCESS |
ValidateIdTokenSignature
id_token signature validated
|
||
|
2020-07-15 13:08:25 | SUCCESS |
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2020-07-15 13:08:25 | SUCCESS |
CheckForSubjectInIdToken
Found 'sub' in id_token
|
||
|
2020-07-15 13:08:25 | SUCCESS |
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||
|
2020-07-15 13:08:25 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2020-07-15 13:08:25 | SUCCESS |
ExtractSHash
Extracted s_hash from ID Token
|
||||
|
2020-07-15 13:08:25 | SUCCESS |
ValidateSHash
State hash validated successfully
|
||
|
2020-07-15 13:08:25 | SUCCESS |
ExtractCHash
Extracted c_hash from ID Token
|
||||
|
2020-07-15 13:08:25 | SUCCESS |
ValidateCHash
State hash validated successfully
|
||
|
2020-07-15 13:08:25 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
|
||||||
|
2020-07-15 13:08:25 |
SUCCESS
|
AddClientIdToTokenEndpointRequest
|
||||||||
|
2020-07-15 13:08:25 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2020-07-15 13:08:26 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2020-07-15 13:08:26 |
|
CallTokenEndpoint
Token endpoint response
|
||
|
2020-07-15 13:08:26 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||||||
|
2020-07-15 13:08:26 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2020-07-15 13:08:26 | SUCCESS |
CheckForAccessTokenValue
Found an access token
|
||
|
2020-07-15 13:08:26 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2020-07-15 13:08:26 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2020-07-15 13:08:26 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2020-07-15 13:08:26 |
SUCCESS
|
CheckForRefreshTokenValue
Found a refresh token
|
||
|
2020-07-15 13:08:26 | SUCCESS |
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
|
||||
|
2020-07-15 13:08:26 | SUCCESS |
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2020-07-15 13:08:26 | SUCCESS |
EnsureMinimumAccessTokenLength
Access token is of sufficient length
|
||||
|
2020-07-15 13:08:26 | SUCCESS |
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2020-07-15 13:08:26 | SUCCESS |
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
|
||||||
|
2020-07-15 13:08:26 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2020-07-15 13:08:26 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2020-07-15 13:08:26 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
|
||||
|
2020-07-15 13:08:26 | SUCCESS |
OBValidateIdTokenIntentId
openbanking_intent_id passed all validation checks
|
|
2020-07-15 13:08:26 | SUCCESS |
ValidateIdTokenSignature
id_token signature validated
|
||
|
2020-07-15 13:08:26 | SUCCESS |
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2020-07-15 13:08:26 | SUCCESS |
CheckForSubjectInIdToken
Found 'sub' in id_token
|
||
|
2020-07-15 13:08:26 | SUCCESS |
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||
|
2020-07-15 13:08:26 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2020-07-15 13:08:26 | INFO |
ExtractCHash
Couldn't find c_hash in ID token
|
|
2020-07-15 13:08:26 | INFO |
ExtractSHash
Couldn't find s_hash in ID token
|
|
2020-07-15 13:08:26 | SUCCESS |
ExtractAtHash
Extracted at_hash from ID Token
|
||||
|
2020-07-15 13:08:26 | INFO |
ValidateCHash
Skipped evaluation due to missing required object: c_hash
|
||||
|
2020-07-15 13:08:26 | INFO |
ValidateSHash
Skipped evaluation due to missing required object: s_hash
|
||||
|
2020-07-15 13:08:26 | SUCCESS |
ValidateAtHash
State hash validated successfully
|
||
|
Second client: Verify at_hash in the authorization endpoint id_token |
2020-07-15 13:08:26 | INFO |
ExtractAtHash
Couldn't find at_hash in ID token
|
|
2020-07-15 13:08:26 | INFO |
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
|
||||
|
Second client: Resource server endpoint tests |
2020-07-15 13:08:26 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2020-07-15 13:08:26 |
|
AddFAPIFinancialIdToResourceEndpointRequest
Added x-fapi-financial-id to resource_endpoint_request_headers
|
|
2020-07-15 13:08:26 |
|
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP request
|
||||||||||
|
2020-07-15 13:08:27 |
RESPONSE
|
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP response
|
||||||||
|
2020-07-15 13:08:27 | SUCCESS |
CallProtectedResourceWithBearerTokenAndCustomHeaders
Got a response from the resource endpoint
|
||||||
|
2020-07-15 13:08:27 | SUCCESS |
CheckForDateHeaderInResourceResponse
Date header present and validated
|
||||
|
2020-07-15 13:08:27 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2020-07-15 13:08:27 | SUCCESS |
EnsureResourceResponseReturnedJsonContentType
Response content type is JSON
|
||
|
Try Client1's MTLS client certificate with Client2's access token |
2020-07-15 13:08:27 |
|
CallProtectedResourceWithBearerTokenExpectingError
HTTP request
|
||||||||||
|
2020-07-15 13:08:28 |
RESPONSE
|
CallProtectedResourceWithBearerTokenExpectingError
HTTP response
|
||||||||
|
2020-07-15 13:08:28 | SUCCESS |
CallProtectedResourceWithBearerTokenExpectingError
Resource endpoint returned error
|
||||||
|
2020-07-15 13:08:28 |
FINISHED
|
fapi-rw-id2
Test has run to completion
|
||
|
2020-07-15 13:08:41 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|