Test Name | fapi-ciba-id1-ensure-client-assertion-signature-algorithm-in-token-endpoint-request-is-RS256-fails |
---|---|
Variant | private_key_jwt, ping, plain_fapi, static_client |
Test ID | Yz7z9pYKPzKx1Gu https://www.certification.openid.net/log-detail.html?public=true&log=Yz7z9pYKPzKx1Gu |
Created | 2021-02-10T09:52:22.934654Z |
Description | Initial test |
Test Version | 4.1.6 |
Test Owner | 111875527379833678417 https://accounts.google.com |
Plan ID | R3sICwc4v1jsm https://www.certification.openid.net/plan-detail.html?public=true&plan=R3sICwc4v1jsm |
Exported From | https://www.certification.openid.net |
Exported By | 111875527379833678417 https://accounts.google.com |
Suite Version | 4.1.9 |
Exported | 2021-03-29 17:37:49 (UTC) |
Status: FINISHED Result: SKIPPED |
SUCCESS 24 FAILURE 0 WARNING 0 REVIEW 0 INFO 2 |
2021-02-10 09:52:22 |
INFO
|
TEST-RUNNER
Test instance Yz7z9pYKPzKx1Gu created
|
||||||||||||||
|
2021-02-10 09:52:22 |
SUCCESS
|
CreateCIBANotificationEndpointUri
Created ciba notification endpoint URI
|
||
|
2021-02-10 09:52:22 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2021-02-10 09:52:23 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2021-02-10 09:52:23 |
|
GetDynamicServerConfiguration
Downloaded server configuration
|
||
|
2021-02-10 09:52:23 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2021-02-10 09:52:23 |
SUCCESS
|
CheckCIBAServerConfiguration
Found required server configuration keys
|
||
|
2021-02-10 09:52:23 |
SUCCESS
|
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
|
||||||||
|
2021-02-10 09:52:23 |
|
FetchServerKeys
Fetching server key
|
||
|
2021-02-10 09:52:23 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2021-02-10 09:52:23 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2021-02-10 09:52:23 |
|
FetchServerKeys
Found JWK set string
|
||
|
2021-02-10 09:52:23 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2021-02-10 09:52:23 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2021-02-10 09:52:23 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2021-02-10 09:52:23 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2021-02-10 09:52:23 | SUCCESS |
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2021-02-10 09:52:23 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
Verify First client: static client configuration |
2021-02-10 09:52:23 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||||||
|
2021-02-10 09:52:23 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2021-02-10 09:52:23 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2021-02-10 09:52:23 |
|
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
|
|
2021-02-10 09:52:23 |
SUCCESS
|
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
|
|
2021-02-10 09:52:23 |
|
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
|
|
2021-02-10 09:52:23 |
SUCCESS
|
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
|
||||
|
2021-02-10 09:52:23 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2021-02-10 09:52:23 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2021-02-10 09:52:23 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
|
|
2021-02-10 09:52:23 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2021-02-10 09:52:23 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
2021-02-10 09:52:23 |
SUCCESS
|
GetResourceEndpointConfiguration
Found a resource endpoint object
|
||
|
2021-02-10 09:52:23 |
SUCCESS
|
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
|
||
|
2021-02-10 09:52:23 |
SUCCESS
|
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
|
||
|
2021-02-10 09:52:23 |
SUCCESS
|
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
|
||||
|
2021-02-10 09:52:23 |
SKIPPED
|
fapi-ciba-id1-ensure-client-assertion-signature-algorithm-in-token-endpoint-request-is-RS256-fails
The test was skipped: This test requires RSA keys to be performed, the alg in client configuration is 'ES256' so this test is being skipped. If your server does not support PS256 then this will not prevent you certifying.
|
|
2021-02-10 09:52:23 |
FINISHED
|
fapi-ciba-id1-ensure-client-assertion-signature-algorithm-in-token-endpoint-request-is-RS256-fails
Test has run to completion
|
||
|
Unregister dynamically registered client |
2021-02-10 09:52:23 |
INFO
|
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
|
||
|
2021-02-10 09:52:26 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|