Test Name | fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object |
---|---|
Variant | private_key_jwt, pushed, consumerdataright_au, plain_response |
Test ID | zLl3K3wqnWM1NJD https://www.certification.openid.net/log-detail.html?public=true&log=zLl3K3wqnWM1NJD |
Created | 2021-02-05T03:35:04.904674Z |
Description | conformance suite instructions example using Authlete FAPI-RW with private_key |
Test Version | 4.1.6 |
Test Owner | 8126114 https://gitlab.com |
Plan ID | kZOEPbHs0xM1m https://www.certification.openid.net/plan-detail.html?public=true&plan=kZOEPbHs0xM1m |
Exported From | https://www.certification.openid.net |
Exported By | 8126114 https://gitlab.com |
Suite Version | 4.1.6 |
Exported | 2021-03-03 14:35:55 (UTC) |
Status: FINISHED Result: PASSED |
SUCCESS 68 FAILURE 0 WARNING 0 REVIEW 1 INFO 1 |
2021-02-05 03:35:04 |
INFO
|
TEST-RUNNER
Test instance zLl3K3wqnWM1NJD created
|
||||||||||||||
|
2021-02-05 03:35:04 |
SUCCESS
|
CreateRedirectUri
Created redirect URI
|
||
|
2021-02-05 03:35:04 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2021-02-05 03:35:05 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2021-02-05 03:35:05 |
|
GetDynamicServerConfiguration
Downloaded server configuration
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2021-02-05 03:35:05 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
|
||||||||
|
2021-02-05 03:35:05 |
|
FetchServerKeys
Fetching server key
|
||
|
2021-02-05 03:35:05 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2021-02-05 03:35:05 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2021-02-05 03:35:05 |
|
FetchServerKeys
Found JWK set string
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2021-02-05 03:35:05 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2021-02-05 03:35:05 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2021-02-05 03:35:05 | SUCCESS |
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2021-02-05 03:35:05 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||||
|
2021-02-05 03:35:05 |
SUCCESS
|
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
|
|
2021-02-05 03:35:05 |
SUCCESS
|
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
|
||||||
|
2021-02-05 03:35:05 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2021-02-05 03:35:05 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2021-02-05 03:35:05 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2021-02-05 03:35:05 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2021-02-05 03:35:05 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
|
|
2021-02-05 03:35:05 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
Verify configuration of second client |
2021-02-05 03:35:05 |
SUCCESS
|
GetStaticClient2Configuration
Found a static second client object
|
||||||
|
2021-02-05 03:35:05 |
SUCCESS
|
ValidateMTLSCertificates2Header
MTLS certificates header is valid
|
|
2021-02-05 03:35:05 |
SUCCESS
|
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
|
||||||
|
2021-02-05 03:35:05 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2021-02-05 03:35:05 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2021-02-05 03:35:05 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2021-02-05 03:35:05 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2021-02-05 03:35:05 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
|
|
2021-02-05 03:35:05 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
2021-02-05 03:35:05 |
SUCCESS
|
GetResourceEndpointConfiguration
Found a resource endpoint object
|
||||||
|
2021-02-05 03:35:05 |
SUCCESS
|
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
|
||||
|
2021-02-05 03:35:05 |
|
fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object
Setup Done
|
|
Make request to authorization endpoint |
2021-02-05 03:35:05 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2021-02-05 03:35:05 | SUCCESS |
AddCdrAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
|
||
|
2021-02-05 03:35:05 | SUCCESS |
AddCdrSharingDurationClaimToAuthorizationEndpointRequest
Added sharing_duration claim to authorization_endpoint_request
|
||
|
2021-02-05 03:35:05 |
|
CreateRandomStateValue
Created state value
|
||||
|
2021-02-05 03:35:05 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||||
|
2021-02-05 03:35:05 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2021-02-05 03:35:05 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||||
|
2021-02-05 03:35:05 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
|
||||||||||||||
|
2021-02-05 03:35:05 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
AddIncorrectNonceToAuthorizationEndpointRequest
Added incorrect nonce parameter to request
|
||||||||||||||
|
2021-02-05 03:35:05 | SUCCESS |
AddExpToRequestObject
Added exp to request object claims
|
||
|
2021-02-05 03:35:05 | SUCCESS |
AddAudToRequestObject
Added aud to request object claims
|
||
|
2021-02-05 03:35:05 | SUCCESS |
AddIssToRequestObject
Added iss to request object claims
|
||
|
2021-02-05 03:35:05 | SUCCESS |
AddClientIdToRequestObject
Added client_id to request object claims
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2021-02-05 03:35:05 |
SUCCESS
|
BuildRequestObjectPostToPAREndpoint
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
CreateClientAuthenticationAssertionClaims
Created client assertion claims
|
||||||||||||
|
2021-02-05 03:35:05 | SUCCESS |
UpdateClientAuthenticationAssertionClaimsWithISSAud
Updated audience in client assertion claims
|
||||||||||||
|
2021-02-05 03:35:05 |
SUCCESS
|
SignClientAuthenticationAssertion
Signed the client assertion
|
||
|
2021-02-05 03:35:05 |
SUCCESS
|
AddClientAssertionToPAREndpointParameters
Added client assertion to request
|
||
|
2021-02-05 03:35:05 |
|
CallPAREndpoint
HTTP request
|
||||||||||
|
2021-02-05 03:35:07 |
RESPONSE
|
CallPAREndpoint
HTTP response
|
||||||||
|
2021-02-05 03:35:07 | SUCCESS |
CallPAREndpoint
Storing pushed_authorization_endpoint_response_http_status 201
|
|
2021-02-05 03:35:07 | SUCCESS |
CallPAREndpoint
Parsed pushed authorization endpoint response
|
||||
|
2021-02-05 03:35:07 | SUCCESS |
CheckIfPAREndpointResponseError
pushed authorization endpoint correct response.
|
|
2021-02-05 03:35:07 | SUCCESS |
CheckForRequestUriValue
Found valid request_uri
|
||
|
2021-02-05 03:35:07 | SUCCESS |
CheckForPARResponseExpiresIn
Found expires_in
|
||
|
2021-02-05 03:35:07 |
SUCCESS
|
ExtractRequestUriFromPARResponse
Extracted the request_uri: 0F125ED5151FBC851FDB5D79EB5929B54F63E005B629CC8408C0586A9EDE436D
|
|
2021-02-05 03:35:07 | SUCCESS |
EnsureMinimumRequestUriEntropy
Calculated shannon entropy seems sufficient
|
||||
|
2021-02-05 03:35:07 | SUCCESS |
BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2021-02-05 03:35:07 |
REDIRECT
|
fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object
Redirecting to authorization endpoint
|
||
|
2021-02-05 03:35:07 | REVIEW |
ExpectRequestDifferentNonceInsideAndOutsideErrorPage
If the server does not return an invalid_request error back to the client, it must either show an error page (saying the request object is invalid as the 'nonce' value in the request object and outside it are different - upload a screenshot of the error page) or must successfully authenticate and but return the nonce from inside the request object.
|
||
|
2021-02-05 03:35:21 |
INCOMING
|
fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object
Incoming HTTP request to test instance zLl3K3wqnWM1NJD
|
||||||||||||||
|
2021-02-05 03:35:21 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2021-02-05 03:35:21 |
OUTGOING
|
fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object
Response to HTTP request to test instance zLl3K3wqnWM1NJD
|
||||
|
2021-02-05 03:35:23 |
INCOMING
|
fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object
Incoming HTTP request to test instance zLl3K3wqnWM1NJD
|
||||||||||||||
|
2021-02-05 03:35:23 |
OUTGOING
|
fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object
Response to HTTP request to test instance zLl3K3wqnWM1NJD
|
||||||||
|
2021-02-05 03:35:23 |
|
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
|
||
|
2021-02-05 03:35:23 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
Extracted the hash values
|
||||||
|
2021-02-05 03:35:23 |
REDIRECT-IN
|
fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object
Authorization endpoint response captured
|
||||||||||
|
Verify authorization endpoint response |
2021-02-05 03:35:23 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2021-02-05 03:35:23 | SUCCESS |
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
|
|
2021-02-05 03:35:23 |
SUCCESS
|
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2021-02-05 03:35:23 | SUCCESS |
EnsureErrorFromAuthorizationEndpointResponse
Authorization endpoint returned an error
|
||||||
|
2021-02-05 03:35:23 | SUCCESS |
CheckForUnexpectedParametersInErrorResponseFromAuthorizationEndpoint
error response includes only expected parameters
|
||||||
|
2021-02-05 03:35:23 | SUCCESS |
EnsureInvalidRequestError
Authorization endpoint returned expected 'error' of 'invalid_request'
|
||
|
2021-02-05 03:35:23 |
FINISHED
|
fapi-rw-id2-ensure-different-nonce-inside-and-outside-request-object
Test has run to completion
|
||
|
2021-02-05 03:35:39 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|