Test Name | fapi-rw-id2-ensure-signed-request-object-with-RS256-fails |
---|---|
Variant | mtls, by_value, openbanking_uk, plain_response |
Test ID | vfGE91ntQrLJbp4 https://www.certification.openid.net/log-detail.html?public=true&log=vfGE91ntQrLJbp4 |
Created | 2020-10-26T15:29:16.717106Z |
Description | RBS FAPI TEST PLAN |
Test Version | 4.1.3 |
Test Owner | 117246274168610678047 https://accounts.google.com |
Plan ID | xnTh2v5Dw4xdU https://www.certification.openid.net/plan-detail.html?public=true&plan=xnTh2v5Dw4xdU |
Exported From | https://www.certification.openid.net |
Exported By | 117246274168610678047 https://accounts.google.com |
Suite Version | 4.1.3 |
Exported | 2020-10-27 11:56:08 (UTC) |
Status: FINISHED Result: REVIEW |
SUCCESS 62 FAILURE 0 WARNING 0 REVIEW 1 INFO 2 |
2020-10-26 15:29:16 |
INFO
|
TEST-RUNNER
Test instance vfGE91ntQrLJbp4 created
|
||||||||||||||
|
2020-10-26 15:29:16 |
SUCCESS
|
CreateRedirectUri
Created redirect URI
|
||
|
2020-10-26 15:29:16 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2020-10-26 15:29:17 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2020-10-26 15:29:17 |
|
GetDynamicServerConfiguration
Downloaded server configuration
|
||
|
2020-10-26 15:29:17 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
2020-10-26 15:29:17 | INFO |
AddMTLSEndpointAliasesToEnvironment
The mtls_endpoint_aliases is not present in the server configuration
|
||
|
2020-10-26 15:29:17 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2020-10-26 15:29:17 |
SUCCESS
|
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
|
||||||||
|
2020-10-26 15:29:17 |
|
FetchServerKeys
Fetching server key
|
||
|
2020-10-26 15:29:17 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2020-10-26 15:29:17 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2020-10-26 15:29:17 |
|
FetchServerKeys
Found JWK set string
|
||
|
2020-10-26 15:29:17 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2020-10-26 15:29:17 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2020-10-26 15:29:17 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2020-10-26 15:29:17 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2020-10-26 15:29:17 | SUCCESS |
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2020-10-26 15:29:17 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2020-10-26 15:29:17 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||
|
2020-10-26 15:29:18 |
SUCCESS
|
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
|
|
2020-10-26 15:29:18 |
SUCCESS
|
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
|
||||||
|
2020-10-26 15:29:18 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2020-10-26 15:29:18 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2020-10-26 15:29:18 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2020-10-26 15:29:18 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2020-10-26 15:29:18 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
|
|
2020-10-26 15:29:18 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2020-10-26 15:29:18 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
Verify configuration of second client |
2020-10-26 15:29:18 |
SUCCESS
|
GetStaticClient2Configuration
Found a static second client object
|
||||||
|
2020-10-26 15:29:18 |
SUCCESS
|
ValidateMTLSCertificates2Header
MTLS certificates header is valid
|
|
2020-10-26 15:29:18 |
SUCCESS
|
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
|
||||||
|
2020-10-26 15:29:18 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2020-10-26 15:29:18 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2020-10-26 15:29:18 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2020-10-26 15:29:18 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2020-10-26 15:29:18 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
|
|
2020-10-26 15:29:18 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2020-10-26 15:29:18 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
2020-10-26 15:29:18 |
SUCCESS
|
GetResourceEndpointConfiguration
Found a resource endpoint object
|
||||
|
2020-10-26 15:29:18 |
SUCCESS
|
SetProtectedResourceUrlToAccountsEndpoint
Set protected resource URL
|
||
|
2020-10-26 15:29:18 |
SUCCESS
|
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
|
||
|
2020-10-26 15:29:18 |
SUCCESS
|
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
|
||||
|
2020-10-26 15:29:18 |
|
fapi-rw-id2-ensure-signed-request-object-with-RS256-fails
Setup Done
|
|
Use client_credentials grant to obtain OpenBanking UK intent_id |
2020-10-26 15:29:18 |
SUCCESS
|
CreateTokenEndpointRequestForClientCredentialsGrant
|
||||
|
2020-10-26 15:29:18 |
SUCCESS
|
SetAccountScopeOnTokenEndpointRequest
Set scope parameter to accounts for OB testing
|
||||
|
2020-10-26 15:29:18 |
SUCCESS
|
AddClientIdToTokenEndpointRequest
|
||||||
|
2020-10-26 15:29:18 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2020-10-26 15:29:18 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2020-10-26 15:29:18 |
|
CallTokenEndpoint
Token endpoint response
|
||
|
2020-10-26 15:29:18 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||
|
2020-10-26 15:29:18 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2020-10-26 15:29:18 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2020-10-26 15:29:18 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2020-10-26 15:29:18 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2020-10-26 15:29:18 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2020-10-26 15:29:18 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2020-10-26 15:29:18 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2020-10-26 15:29:18 |
|
AddFAPIFinancialIdToResourceEndpointRequest
Added x-fapi-financial-id to resource_endpoint_request_headers
|
|
2020-10-26 15:29:18 |
SUCCESS
|
CreateCreateAccountRequestRequest
|
||
|
2020-10-26 15:29:18 |
|
CallAccountRequestsEndpointWithBearerToken
Found '/v3.' in the resource url, using OB V3 API 'account-access-consents'
|
||
|
2020-10-26 15:29:18 |
|
CallAccountRequestsEndpointWithBearerToken
HTTP request
|
||||||||||
|
2020-10-26 15:29:19 |
RESPONSE
|
CallAccountRequestsEndpointWithBearerToken
HTTP response
|
||||||||
|
2020-10-26 15:29:19 |
|
CallAccountRequestsEndpointWithBearerToken
Account requests endpoint response
|
||
|
2020-10-26 15:29:19 |
SUCCESS
|
CallAccountRequestsEndpointWithBearerToken
Parsed account requests endpoint response
|
||||
|
2020-10-26 15:29:19 |
SUCCESS
|
CheckIfAccountRequestsEndpointResponseError
No error from account requests endpoint
|
|
2020-10-26 15:29:19 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2020-10-26 15:29:19 |
SUCCESS
|
ExtractAccountRequestIdFromAccountRequestsEndpointResponse
Extracted the account request ID
|
||
|
Make request to authorization endpoint |
2020-10-26 15:29:19 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2020-10-26 15:29:19 |
SUCCESS
|
AddAccountRequestIdToAuthorizationEndpointRequest
Added openbanking_intent_id claim to authorization_endpoint_request
|
||
|
2020-10-26 15:29:19 |
SUCCESS
|
OpenBankingUkAddMultipleAcrClaimsToAuthorizationEndpointRequest
Added acr to request as an essential id_token claim
|
||
|
2020-10-26 15:29:19 |
|
CreateRandomStateValue
Created state value
|
||||
|
2020-10-26 15:29:19 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||||
|
2020-10-26 15:29:19 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2020-10-26 15:29:19 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||||
|
2020-10-26 15:29:19 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
|
||||||||||||||
|
2020-10-26 15:29:19 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2020-10-26 15:29:19 |
SUCCESS
|
AddExpToRequestObject
Added exp to request object claims
|
||
|
2020-10-26 15:29:19 | SUCCESS |
ChangeClientJwksAlgToRS256
Added RS256 as algorithm
|
||
|
2020-10-26 15:29:19 |
SUCCESS
|
AddAudToRequestObject
Added aud to request object claims
|
||
|
2020-10-26 15:29:19 |
SUCCESS
|
AddIssToRequestObject
Added iss to request object claims
|
||
|
2020-10-26 15:29:19 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2020-10-26 15:29:19 |
SUCCESS
|
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2020-10-26 15:29:19 |
REDIRECT
|
fapi-rw-id2-ensure-signed-request-object-with-RS256-fails
Redirecting to authorization endpoint
|
||
|
2020-10-26 15:29:19 | REVIEW IMAGE |
ExpectSignedRS256RequestObjectErrorPage
If the server does not return an invalid_request_object error back to the client, it must show an error page saying the request object is invalid as the algorithm in the JWS header of the request object passed by 'request' parameter does not match the registered.
|
||||
|
2020-10-26 15:29:50 |
FINISHED
|
fapi-rw-id2-ensure-signed-request-object-with-RS256-fails
Test has run to completion
|
||
|
2020-10-26 15:30:13 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|