Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-04-20 02:23:39 INFO
TEST-RUNNER
Test instance 1mWL0ZEr4ikXLIH created
baseUrl
https://www.certification.openid.net/test/a/IPv280-2
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "id_token token",
  "server_metadata": "static",
  "response_mode": "default",
  "client_registration": "static_client"
}
alias
IPv280-2
description
planId
OnfW5AdFmrGul
config
{
  "alias": "IPv280-2",
  "server": {
    "issuer": "https://v280-oidc4.ipdev.themistruct.com/oauth/v2",
    "jwks_uri": "https://v280-oidc4.ipdev.themistruct.com/oauth/v2/jwk",
    "authorization_endpoint": "https://v280-oidc4.ipdev.themistruct.com/oauth/v2/authz",
    "token_endpoint": "https://v280-oidc4.ipdev.themistruct.com/oauth/v2/token",
    "userinfo_endpoint": "https://v280-oidc4.ipdev.themistruct.com/oauth/v2/userinfo",
    "acr_values": "default Privilege",
    "login_hint": "certTest"
  },
  "client": {
    "client_id": "jeenLlI8aao5OOW1rpaqKeTWwYsnfycF",
    "client_secret": "9QtOZj84IqUyOAnzq0u3HyFkyUkQwoag"
  }
}
testName
oidcc-ensure-request-without-nonce-fails
2021-04-20 02:23:39 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/IPv280-2/callback
2021-04-20 02:23:39 SUCCESS
GetStaticServerConfiguration
Found a static server object
issuer
https://v280-oidc4.ipdev.themistruct.com/oauth/v2
jwks_uri
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/jwk
authorization_endpoint
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/authz
token_endpoint
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/token
userinfo_endpoint
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/userinfo
acr_values
default Privilege
login_hint
certTest
2021-04-20 02:23:39 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-04-20 02:23:39 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
authorization_endpoint
{
  "testHost": "v280-oidc4.ipdev.themistruct.com",
  "testPort": 443
}
token_endpoint
{
  "testHost": "v280-oidc4.ipdev.themistruct.com",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "v280-oidc4.ipdev.themistruct.com",
  "testPort": 443
}
2021-04-20 02:23:39
FetchServerKeys
Fetching server key
jwks_uri
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/jwk
2021-04-20 02:23:39
FetchServerKeys
HTTP request
request_uri
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/jwk
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-04-20 02:23:40 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json; charset\u003dutf-8",
  "content-length": "462",
  "connection": "keep-alive",
  "date": "Tue, 20 Apr 2021 02:23:40 GMT",
  "x-amzn-requestid": "6c6d767e-5a6f-466a-a3a4-071aca4937f9",
  "x-amzn-remapped-content-length": "462",
  "x-amzn-remapped-connection": "close",
  "x-amz-apigw-id": "eD4u8En8tjMFi9A\u003d",
  "cache-control": "no-cache, no-store",
  "x-amzn-trace-id": "Root\u003d1-607e3b2c-7865161741c5868b6973d6be;Sampled\u003d0",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 20 Apr 2021 02:23:40 GMT",
  "access-control-allow-credentials": "true",
  "via": "1.1 4147caa9bd44f24d893d2277818f3b16.cloudfront.net (CloudFront), 1.1 776776097c9c5473638771d24267cf4f.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": [
    "MIA3-C2",
    "MIA3-C5"
  ],
  "x-cache": "Miss from cloudfront",
  "x-amz-cf-id": "ehhMQ4q4fEfoIBB2JfP1Y265vU1dgoouCVoSxg65BFlp_yv6ueFQkA\u003d\u003d"
}
response_body
{"keys":[{"kty":"RSA","n":"jLZco5YAJ5O-C9xmLpHwApw1Undb1h6lw3RWjHtIBlXbTBNIJnShFZjzzEeaj_61dbKanNajaBWhw7GR7qpMY3Rdmpa53YctVqQpsFjsc4Y7pkVs5ntY_abbG-AVQnc2SnB4cGTOBFCsczHutFZ8tmSrgTBw9vYR1LAXeHQub0idF3_X_xy3V3OzpfCg5aRbfVGhwC1H2mC3Ls3G0iCmDGVYcaMqO-HCVK9xoEo76KtvjP-o9nIeIR2UHRQDUyv87NmGY7q-kI30MpAww2DuQKcYImMXxe-r8VC-MEwmbvXueQC4Pk7SBKBps8hDBYBayBY2hQ2JXg41QY34lbgrTQ","e":"AQAB","alg":"RS256","use":"sig","kid":"N6juwc4ZaH0TL+KQUdymKdFk4sSVi6FB1fQTOjPwaI8"}]}
2021-04-20 02:23:40
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","n":"jLZco5YAJ5O-C9xmLpHwApw1Undb1h6lw3RWjHtIBlXbTBNIJnShFZjzzEeaj_61dbKanNajaBWhw7GR7qpMY3Rdmpa53YctVqQpsFjsc4Y7pkVs5ntY_abbG-AVQnc2SnB4cGTOBFCsczHutFZ8tmSrgTBw9vYR1LAXeHQub0idF3_X_xy3V3OzpfCg5aRbfVGhwC1H2mC3Ls3G0iCmDGVYcaMqO-HCVK9xoEo76KtvjP-o9nIeIR2UHRQDUyv87NmGY7q-kI30MpAww2DuQKcYImMXxe-r8VC-MEwmbvXueQC4Pk7SBKBps8hDBYBayBY2hQ2JXg41QY34lbgrTQ","e":"AQAB","alg":"RS256","use":"sig","kid":"N6juwc4ZaH0TL+KQUdymKdFk4sSVi6FB1fQTOjPwaI8"}]}
2021-04-20 02:23:40 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "n": "jLZco5YAJ5O-C9xmLpHwApw1Undb1h6lw3RWjHtIBlXbTBNIJnShFZjzzEeaj_61dbKanNajaBWhw7GR7qpMY3Rdmpa53YctVqQpsFjsc4Y7pkVs5ntY_abbG-AVQnc2SnB4cGTOBFCsczHutFZ8tmSrgTBw9vYR1LAXeHQub0idF3_X_xy3V3OzpfCg5aRbfVGhwC1H2mC3Ls3G0iCmDGVYcaMqO-HCVK9xoEo76KtvjP-o9nIeIR2UHRQDUyv87NmGY7q-kI30MpAww2DuQKcYImMXxe-r8VC-MEwmbvXueQC4Pk7SBKBps8hDBYBayBY2hQ2JXg41QY34lbgrTQ",
      "e": "AQAB",
      "alg": "RS256",
      "use": "sig",
      "kid": "N6juwc4ZaH0TL+KQUdymKdFk4sSVi6FB1fQTOjPwaI8"
    }
  ]
}
2021-04-20 02:23:40 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "n": "jLZco5YAJ5O-C9xmLpHwApw1Undb1h6lw3RWjHtIBlXbTBNIJnShFZjzzEeaj_61dbKanNajaBWhw7GR7qpMY3Rdmpa53YctVqQpsFjsc4Y7pkVs5ntY_abbG-AVQnc2SnB4cGTOBFCsczHutFZ8tmSrgTBw9vYR1LAXeHQub0idF3_X_xy3V3OzpfCg5aRbfVGhwC1H2mC3Ls3G0iCmDGVYcaMqO-HCVK9xoEo76KtvjP-o9nIeIR2UHRQDUyv87NmGY7q-kI30MpAww2DuQKcYImMXxe-r8VC-MEwmbvXueQC4Pk7SBKBps8hDBYBayBY2hQ2JXg41QY34lbgrTQ",
      "e": "AQAB",
      "alg": "RS256",
      "use": "sig",
      "kid": "N6juwc4ZaH0TL+KQUdymKdFk4sSVi6FB1fQTOjPwaI8"
    }
  ]
}
2021-04-20 02:23:40 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-04-20 02:23:40 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-04-20 02:23:40 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-04-20 02:23:40 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-04-20 02:23:40 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
jeenLlI8aao5OOW1rpaqKeTWwYsnfycF
client_secret
9QtOZj84IqUyOAnzq0u3HyFkyUkQwoag
2021-04-20 02:23:40
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2021-04-20 02:23:40 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/userinfo
2021-04-20 02:23:40
oidcc-ensure-request-without-nonce-fails
Setup Done
Make request to authorization endpoint
2021-04-20 02:23:40 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
jeenLlI8aao5OOW1rpaqKeTWwYsnfycF
redirect_uri
https://www.certification.openid.net/test/a/IPv280-2/callback
scope
openid
2021-04-20 02:23:40
CreateRandomStateValue
Created state value
requested_state_length
10
state
wUzAavWH3K
2021-04-20 02:23:40 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
jeenLlI8aao5OOW1rpaqKeTWwYsnfycF
redirect_uri
https://www.certification.openid.net/test/a/IPv280-2/callback
scope
openid
state
wUzAavWH3K
2021-04-20 02:23:40
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
J1aJk0qp1f
2021-04-20 02:23:40
AddNonceToAuthorizationEndpointRequest
NOT adding nonce to request object
2021-04-20 02:23:40 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
jeenLlI8aao5OOW1rpaqKeTWwYsnfycF
redirect_uri
https://www.certification.openid.net/test/a/IPv280-2/callback
scope
openid
state
wUzAavWH3K
response_type
id_token token
2021-04-20 02:23:40 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/authz?client_id=jeenLlI8aao5OOW1rpaqKeTWwYsnfycF&redirect_uri=https://www.certification.openid.net/test/a/IPv280-2/callback&scope=openid&state=wUzAavWH3K&response_type=id_token%20token
2021-04-20 02:23:40 REDIRECT
oidcc-ensure-request-without-nonce-fails
Redirecting to authorization endpoint
redirect_to
https://v280-oidc4.ipdev.themistruct.com/oauth/v2/authz?client_id=jeenLlI8aao5OOW1rpaqKeTWwYsnfycF&redirect_uri=https://www.certification.openid.net/test/a/IPv280-2/callback&scope=openid&state=wUzAavWH3K&response_type=id_token%20token
2021-04-20 02:23:40 REVIEW
ExpectRequestMissingNonceErrorPage
If the server does not return an invalid_request error back to the client, it must show an error page saying the request is invalid as it is missing the 'nonce' claim - upload a screenshot of the error page.
image_no_longer_required
true
2021-04-20 02:24:00 INCOMING
oidcc-ensure-request-without-nonce-fails
Incoming HTTP request to test instance 1mWL0ZEr4ikXLIH
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utmc\u003d201319536; JSESSIONID\u003dDE145F54BDBF77E49951D9C52DD70EFC; __utma\u003d201319536.1249704783.1594777695.1618811934.1618881019.6; __utmz\u003d201319536.1618881019.6.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-04-20 02:24:00 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/OBuKHcTRvIOIjodoqnKF",
  "fullUrl": "https://www.certification.openid.net/test/a/IPv280-2/implicit/OBuKHcTRvIOIjodoqnKF"
}
2021-04-20 02:24:00 OUTGOING
oidcc-ensure-request-without-nonce-fails
Response to HTTP request to test instance 1mWL0ZEr4ikXLIH
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/IPv280-2/implicit/OBuKHcTRvIOIjodoqnKF, returnUrl=/log-detail.html?log=1mWL0ZEr4ikXLIH}]
outgoing_path
callback
2021-04-20 02:24:01 INCOMING
oidcc-ensure-request-without-nonce-fails
Incoming HTTP request to test instance 1mWL0ZEr4ikXLIH
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/IPv280-2/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utmc\u003d201319536; JSESSIONID\u003dDE145F54BDBF77E49951D9C52DD70EFC; __utma\u003d201319536.1249704783.1594777695.1618811934.1618881019.6; __utmz\u003d201319536.1618881019.6.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "99",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/OBuKHcTRvIOIjodoqnKF
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
#error=invalid_request&error_description=nonce%20is%20not%20exists.&state=wUzAavWH3K&error_code=292
2021-04-20 02:24:01 OUTGOING
oidcc-ensure-request-without-nonce-fails
Response to HTTP request to test instance 1mWL0ZEr4ikXLIH
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/OBuKHcTRvIOIjodoqnKF
2021-04-20 02:24:01
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "name": "error",
    "value": "invalid_request"
  },
  {
    "name": "error_description",
    "value": "nonce is not exists."
  },
  {
    "name": "state",
    "value": "wUzAavWH3K"
  },
  {
    "name": "error_code",
    "value": "292"
  }
]
2021-04-20 02:24:01 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
error
invalid_request
error_description
nonce is not exists.
state
wUzAavWH3K
error_code
292
2021-04-20 02:24:01 REDIRECT-IN
oidcc-ensure-request-without-nonce-fails
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utmc\u003d201319536; JSESSIONID\u003dDE145F54BDBF77E49951D9C52DD70EFC; __utma\u003d201319536.1249704783.1594777695.1618811934.1618881019.6; __utmz\u003d201319536.1618881019.6.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "error": "invalid_request",
  "error_description": "nonce is not exists.",
  "state": "wUzAavWH3K",
  "error_code": "292"
}
post_body
Verify authorization endpoint response
2021-04-20 02:24:01 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2021-04-20 02:24:01 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2021-04-20 02:24:01 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
wUzAavWH3K
2021-04-20 02:24:01
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2021-04-20 02:24:01 SUCCESS
EnsureErrorFromAuthorizationEndpointResponse
Authorization endpoint returned an error
error
invalid_request
error_description
nonce is not exists.
state
wUzAavWH3K
error_code
292
2021-04-20 02:24:01 SUCCESS
RejectAuthCodeInAuthorizationEndpointResponse
Authorization code is not present in authorization endpoint response
2021-04-20 02:24:01 WARNING
CheckForUnexpectedParametersInErrorResponseFromAuthorizationEndpoint
error response includes unexpected parameters. This may be because the server supports extensions the test suite is unaware of, or the server may be returning values it should not.
error_code
292
2021-04-20 02:24:01 SUCCESS
CheckErrorDescriptionFromAuthorizationEndpointResponseErrorContainsCRLFTAB
authorization_endpoint_response 'error_description' field does not include CR/LF/TAB
error_description
nonce is not exists.
2021-04-20 02:24:01 SUCCESS
ValidateErrorDescriptionFromAuthorizationEndpointResponseError
authorization_endpoint_response error returned valid 'error_description' field
error_description
nonce is not exists.
2021-04-20 02:24:01 SUCCESS
ValidateErrorUriFromAuthorizationEndpointResponseError
authorization_endpoint_response did not include optional 'error_uri' field
2021-04-20 02:24:01 SUCCESS
CheckErrorFromAuthorizationEndpointErrorInvalidRequest
Authorization endpoint returned expected error
actual
invalid_request
expected
[
  "invalid_request"
]
2021-04-20 02:24:01 FINISHED
oidcc-ensure-request-without-nonce-fails
Test has run to completion
testmodule_result
WARNING
Unregister dynamically registered client
2021-04-20 02:24:01 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
2021-04-20 02:24:17
TEST-RUNNER
Alias has now been claimed by another test
alias
IPv280-2
new_test_id
NIAPbm6cM6gzX6D
Test Results