Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-05-04 10:35:29 INFO
TEST-RUNNER
Test instance 9YyzZVBUOys4nkz created
baseUrl
https://www.certification.openid.net/test/a/keycloak
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "by_value",
  "fapi_profile": "openbanking_uk",
  "fapi_response_mode": "plain_response"
}
alias
keycloak
description
FAPI-RW-ID2: Keycloak test with mtls client authentication (RequestObject:ES256/IDToken:ES256)
planId
GpKFxBPePEcsv
config
{
  "alias": "keycloak",
  "description": "FAPI-RW-ID2: Keycloak test with mtls client authentication (RequestObject:ES256/IDToken:ES256)",
  "server": {
    "discoveryUrl": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "client111-mtls-ES256-ES256",
    "scope": "openid email",
    "jwks": {
      "keys": [
        {
          "use": "sig",
          "kty": "EC",
          "kid": "client1-ES256",
          "crv": "P-256",
          "alg": "ES256",
          "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4",
          "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw",
          "d": "zngKYq2KBIRGiawAAZQJ0K_ZxL3VyZbOHYScKtrOWX0"
        }
      ]
    }
  },
  "client2": {
    "client_id": "client112-mtls-ES256-ES256",
    "scope": "openid email",
    "jwks": {
      "keys": [
        {
          "use": "sig",
          "kty": "EC",
          "kid": "client2-ES256",
          "crv": "P-256",
          "alg": "ES256",
          "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME",
          "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo",
          "d": "xDb8I6rF-rMPo5MV-rZSZZRwk1-TYJCm6SK4JGeP7Gk"
        }
      ]
    }
  },
  "mtls": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIDKDCCAs6gAwIBAgIUXl6GT8Ex1EENFSPveDA8fUoqHAwwCgYIKoZIzj0EAwIw\ndjELMAkGA1UEBhMCSlAxEzARBgNVBAgTClByaXZhdGUgQ0ExFzAVBgNVBAoTDlNl\nY3VyZSBPU1MgU2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMSEwHwYDVQQDExhL\nZXljbG9hay1mYXBpIFByaXZhdGUgQ0EwHhcNMTkwNTIxMDIwNDAwWhcNMjQwNTE5\nMDIwNDAwWjBhMQswCQYDVQQGEwJKUDEPMA0GA1UECBMGQ2xpZW50MRcwFQYDVQQK\nEw5TZWN1cmUgT1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEQMA4GA1UE\nAxMHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM74QUE+\nRfLtdHCKj1QXRQkj30AtveZa/7jbBpHYJCoSGA4bzuNE04HTK02hwtBO0J0bvbRy\n14BYHimwhUY6n7gtZKex3JQ39QC2UHbIOtIQXvCgbn6K4iU6WrUbCK4I8p77gIk4\nMXQmsCQokAtxsF1eq/RyLhRJXo/aTwcHDWcb5n8jFGmpOJyhmPEXwtzqMZwO9Y+a\nI3d5P/xHXnb84zrgRJH2YMzTKOfGt72I8Ag34ITTQUxox5RUMMGwqlzN6bEYIF9l\nyCcd3kCSgyp4b4wNBc5h5g3GPDBTCUx3z07oQ50LR7AAICevHvWGlUxXtX+MYc6+\nMvjb3l/e+EEldb0CAwEAAaOBgzCBgDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww\nCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQURPpQRYqk1GU0v615\n9IJV4fo7s8YwHwYDVR0jBBgwFoAUJmT6o2FQqWh2KBGYB3nfWHkAtEgwCwYDVR0R\nBAQwAoIAMAoGCCqGSM49BAMCA0gAMEUCIHImOqdaMfLN1M7i4wfXKIGnJHDlEv8B\n3jASpdlMb35IAiEA5oj7fyh0KxGG9Z4kUGusBUYidOemP81CtyOPzg1A64w\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAzvhBQT5F8u10cIqPVBdFCSPfQC295lr/uNsGkdgkKhIYDhvO\n40TTgdMrTaHC0E7QnRu9tHLXgFgeKbCFRjqfuC1kp7HclDf1ALZQdsg60hBe8KBu\nforiJTpatRsIrgjynvuAiTgxdCawJCiQC3GwXV6r9HIuFElej9pPBwcNZxvmfyMU\naak4nKGY8RfC3OoxnA71j5ojd3k//EdedvzjOuBEkfZgzNMo58a3vYjwCDfghNNB\nTGjHlFQwwbCqXM3psRggX2XIJx3eQJKDKnhvjA0FzmHmDcY8MFMJTHfPTuhDnQtH\nsAAgJ68e9YaVTFe1f4xhzr4y+NveX974QSV1vQIDAQABAoIBAQCbyK7NXgMmi+b2\nAsVJZU54R8D1vLhQWDRdPrceNdNau03R6Mp7tEWDVaAlidlqE7jgWI4c8cgVeb4S\nYSSfrOalqb02oCDIi6nlRFUiYyorDVl4wzkIFJ+Np/O4l8WbwW5ljia8okhPBgPU\n45cwlf1K+kRx9TOL34HGw2pyfrNu5G1NWs3a30qHVc5FnKBgJq4PZgxtTC15DoQ4\nU8IF7M9XYlXOkx3zSOjk2mpQaOPDeRWBwoFsoxqOl+x3/u9rhiGW+9OXEltq+AKA\nlsZ4QVfvmjIZ65c5SJwrV+OhLIKOoA8TzheBGKZ4vkKt17GxWsm7KP1afh1fqc5C\nd1lE0e1BAoGBAPI5SKi+HKuMsWY6YLv0c6j/FHJ/ZnSLLYc6/edfXso0djuz7BOf\nmLjgnntDrWTf6jWJ14DMDZVaohFr69eham8N9H9bQl7tpdtswRL0IVfOZYbEBbQk\n57/l5yADZcxvOMne/yh8K8LARYdFe5WDHCijgLhqmENenRHhHUjAuPVxAoGBANq9\nrnqQ6j4n2GEx+YhIKOflCUWwUe9XQ8pdQwniDQkQ3imOsOLn/nMXUO1oUMbaH0cb\nQ0+e5QGW74alTaFkQxBeSTbvZplMtwgaKDl2GzlYFPUxSLkAf5crChjT0z5t74Rv\nChCvoLLxXXD+PmkC1Hpub78bfEwqit54fVGMJW8NAoGBAMzk8fZzYnMmvwU3io5T\nOOcSZqx34iXheTC0EQT/4oHvILhd+OucjCaPMuAYHnt/AXIqWJYFhdP557AO91/e\nlda9Gj4E5z6/jhXvh97Njcrlt3HpLN32fecQxZKJ7TmiN4pjzLjlWGsUE3xapTCS\nyGYD8KWO3Z/XT8xI/WmGRK6xAoGBAMBmaUr7nl4vk/7iAzehKQHYDpDSpy8bldAw\nuh++SnL3+EGbdfEP2FsJXjCEOdC+2RYlX85v18TPKz5GtgLIesix9jow1xDuTmv8\n/faU8Rs+Y6jLwcigLJodzFLMNxnJfw0A0lyc7n+XF/akWubpC1XpP7dcCLfCD8Xh\nO3F4EREdAoGAQRNaIHonLPVg+cZAVR6DAKj7l20tE1THRfHrkJDoM661hl7EnPL3\n0SoLJyKYh3uil+/XAMtdegE5nrumg25FKdDY+JvSSvqEI0dLqKZzc6PBRau3+KVU\nVAYQtvtH7E2uJ7oFzFepTp2mq1I7+BYEmTIaPDJvf/l5gz+vy+voLrs\u003d\n-----END RSA PRIVATE KEY-----\n"
  },
  "mtls2": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAs6gAwIBAgIUKHCTpsodVknyAZC7gFy3hZZqTtEwCgYIKoZIzj0EAwIw\ndjELMAkGA1UEBhMCSlAxEzARBgNVBAgTClByaXZhdGUgQ0ExFzAVBgNVBAoTDlNl\nY3VyZSBPU1MgU2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMSEwHwYDVQQDExhL\nZXljbG9hay1mYXBpIFByaXZhdGUgQ0EwHhcNMTkwNTIxMDIwNDAwWhcNMjQwNTE5\nMDIwNDAwWjBhMQswCQYDVQQGEwJKUDEPMA0GA1UECBMGQ2xpZW50MRcwFQYDVQQK\nEw5TZWN1cmUgT1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEQMA4GA1UE\nAxMHY2xpZW50MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlwHpEQ\nVCrBo1yRmKACefdDiGLunW+REQHmTWUTEokWdVCsMGjqns1E4h68nmXVApXtyuGL\nF3IVzJrUQ6DQXCKdPpmoFplD6aC0CdFVouY8XULyny8d1aNl+1nrFFaiamW2JxD9\nPbtUKfE/TVMM+bums+gHW63KrJo7OnfEC0wvuEwY4vVDvL5DhxoURTU8YhBUxDvA\nnfQfD4TJEVqEiIt/0vTwrdEoRlHTwaJadcyKdUKvNVG1O1RGlsPm63qS2XkG4Qvw\nasIuhoxuUZbr74S9mlDQV33k/XCWj/nOr+58xCaXNKGOI9TlFA4+YUclJxy/GeBZ\nB0OmSitP5swqpCkCAwEAAaOBgzCBgDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww\nCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUT8nMrrlLi/LQTlb3\nk6QnqLwpGT0wHwYDVR0jBBgwFoAUJmT6o2FQqWh2KBGYB3nfWHkAtEgwCwYDVR0R\nBAQwAoIAMAoGCCqGSM49BAMCA0YAMEMCID4FMD7NJZFeO4X26GifL4ODr/vK+Nje\noAcnXdYo5WX7Ah8OifloGxnCplM7doLaG+LaE8r9VEi6QyD29NAIPUPe\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAyXAekRBUKsGjXJGYoAJ590OIYu6db5ERAeZNZRMSiRZ1UKww\naOqezUTiHryeZdUCle3K4YsXchXMmtRDoNBcIp0+magWmUPpoLQJ0VWi5jxdQvKf\nLx3Vo2X7WesUVqJqZbYnEP09u1Qp8T9NUwz5u6az6Adbrcqsmjs6d8QLTC+4TBji\n9UO8vkOHGhRFNTxiEFTEO8Cd9B8PhMkRWoSIi3/S9PCt0ShGUdPBolp1zIp1Qq81\nUbU7VEaWw+brepLZeQbhC/Bqwi6GjG5RluvvhL2aUNBXfeT9cJaP+c6v7nzEJpc0\noY4j1OUUDj5hRyUnHL8Z4FkHQ6ZKK0/mzCqkKQIDAQABAoIBAC6BHe1rkaLVVXuX\neV7nc3TsOF5urBYHrZ98pb2B67OOZcMcHYj7MXI+Rt3FuePUi2ZFoaL0U5NZCQVt\nn7dOoxayqrMapSz5CsS5C9MyLAtvQDCmhq1/+8RfVOnrZaSilmGo7df0Pv4ybgRu\nEtHrmvQBhmM436d9tN9ecR8ZOWp66Luy1GVM6rwH6ceOc46ZHUwoumN0kQt/G72G\n0QRbt7iGle/s11TzEKh3YaR9gkS+KPm5K+iPzSP1FxDiwSrKLRQJSjANrzTKEkuQ\nyDm7MSYm23guxosA/4Oyaa+7SDEqk9509yiDp51HK9fFJWnuBoDt7iduz0VJVqHg\nq0lE9wECgYEA08hkjl9PKMTX8vN9cOX+0W4en3K10Jjonw4d2gS2dIyb8o7B4ulb\nfGpleMAmcyGuG+k8fC8nSjqYSx4YHPunbmK1O4PCGTi8r6BtD9zW8opJVi+ImMsa\nn8l8bUASOuOFrHhvnB/JZS3yoOZVE8ey6/5QtSjwbn6I7dAvXXgT5pkCgYEA837O\nFMLfbWoYvdEa9LXmXGWagQe7Ta09BGbJ1Qs1hpuZJl8qK0kVWTDURtr5yu24r7YQ\n3S3cqKcg3FB3XO+vjreYKl2Cww/v8Wy/glGgqkAhd0dP9K1Q8F8XeQPlrPkNANrG\njIlNFYmg163EDwLJ+IoRr+t43KbIoGvsb9kTdBECgYEAh1keys6mrIuA58gtdyXG\nQNp7v7Nz9yiCIoTHFzrD0KC8WbxatUYmLdFhoFZNPG9d8oCRI1yPY6UnB3roNj2u\nt6Fl6e8+8ReNn0CL8wNUbBVs4SPnzJ6hGVWPq9Ky0+fs2ljuG31FHODMm4AZB1ct\nRh12PxE296buo+3VF4tSTKECgYEA4dUW73x52rHPNqWs+Y+HkuSNMuTn3DgzYlSv\nFw+pWioQFd2nb7P9v9Yg24KWsJZgd19GLs0tXaJ8QLnEqwaGbbhrwccu0xmB8glp\naUWp3J1ULJuQVZ81dWrMi2mI6C+o1sUR5yAkxTf7XG4Ga+GrTv9HPkEHvKZXZyoR\nhP7xIvECgYB6S0i6ruOAFq2iMyGoX83RlWjo+WrGqSVWfzRZ43rFQ3MBEIlkQD3K\n6+Y+v0MMlgrN3VQTi31IW42ftgOIiy7ZndMvBaQd2Zp4POtNISsRysQJcewPwbL0\nVXsalNqW+Rl8PDzrd6s13wYogMuWrwmbPphC04LdBhZb6nX6KVkn0A\u003d\u003d\n-----END RSA PRIVATE KEY-----\n"
  },
  "resource": {
    "resourceUrl": "https://gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com/brazil-aisp/v3.1/aisp/",
    "institution_id": "xxx",
    "resourceUrlAccountRequests": "https://gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com/brazil-aisp/v3.1/aisp/",
    "resourceUrlAccountsResource": "https://gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com/brazil-aisp/v3.1/aisp/"
  },
  "browser": [
    {
      "match": "https://keycloak-direct-brazil-ob.apps.brazilob.a7z0.p1.openshiftapps.com/auth/realms/test/openid-connect/auth*",
      "tasks": [
        {
          "task": "Initial Login",
          "match": "https://keycloak-direct-brazil-ob.apps.brazilob.a7z0.p1.openshiftapps.com/auth/realms/test/openid-connect/auth*",
          "commands": [
            [
              "text",
              "name",
              "username",
              "john"
            ],
            [
              "text",
              "name",
              "password",
              "john"
            ],
            [
              "click",
              "name",
              "login"
            ]
          ]
        },
        {
          "task": "Verify Complete",
          "match": "https://*/test/a/keycloak/callback*",
          "commands": [
            [
              "wait",
              "id",
              "submission_complete",
              10
            ]
          ]
        }
      ]
    }
  ]
}
testName
fapi-rw-id2-ensure-signed-request-object-with-RS256-fails
2021-05-04 10:35:30 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/keycloak/callback
2021-05-04 10:35:30
GetDynamicServerConfiguration
HTTP request
request_uri
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-05-04 10:35:30 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "cache-control": "no-cache, must-revalidate, no-transform, no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "SAMEORIGIN",
  "referrer-policy": "no-referrer",
  "date": "Tue, 04 May 2021 10:35:30 GMT",
  "connection": "keep-alive",
  "strict-transport-security": "max-age\u003d31536000; includeSubDomains",
  "x-content-type-options": "nosniff",
  "content-type": "application/json",
  "content-length": "3306"
}
response_body
{"issuer":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test","authorization_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/auth","token_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/token","introspection_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/userinfo","end_session_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/logout","jwks_uri":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/certs","check_session_iframe":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr","openbanking_intent_id"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","roles","web-origins","microprofile-jwt","accounts","offline_access","profile","email","address","phone"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true,"revocation_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/revoke","revocation_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"revocation_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"backchannel_logout_supported":true,"backchannel_logout_session_supported":true}
2021-05-04 10:35:30
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"issuer":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test","authorization_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/auth","token_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/token","introspection_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/userinfo","end_session_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/logout","jwks_uri":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/certs","check_session_iframe":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr","openbanking_intent_id"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","roles","web-origins","microprofile-jwt","accounts","offline_access","profile","email","address","phone"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true,"revocation_endpoint":"https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/revoke","revocation_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"revocation_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"backchannel_logout_supported":true,"backchannel_logout_session_supported":true}
2021-05-04 10:35:30 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
issuer
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test
authorization_endpoint
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/auth
token_endpoint
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/token
introspection_endpoint
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/token/introspect
userinfo_endpoint
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/userinfo
end_session_endpoint
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/logout
jwks_uri
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/certs
check_session_iframe
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/login-status-iframe.html
grant_types_supported
[
  "authorization_code",
  "implicit",
  "refresh_token",
  "password",
  "client_credentials"
]
response_types_supported
[
  "code",
  "none",
  "id_token",
  "token",
  "id_token token",
  "code id_token",
  "code token",
  "code id_token token"
]
subject_types_supported
[
  "public",
  "pairwise"
]
id_token_signing_alg_values_supported
[
  "PS384",
  "ES384",
  "RS384",
  "HS256",
  "HS512",
  "ES256",
  "RS256",
  "HS384",
  "ES512",
  "PS256",
  "PS512",
  "RS512"
]
id_token_encryption_alg_values_supported
[
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA1_5"
]
id_token_encryption_enc_values_supported
[
  "A256GCM",
  "A192GCM",
  "A128GCM",
  "A128CBC-HS256",
  "A192CBC-HS384",
  "A256CBC-HS512"
]
userinfo_signing_alg_values_supported
[
  "PS384",
  "ES384",
  "RS384",
  "HS256",
  "HS512",
  "ES256",
  "RS256",
  "HS384",
  "ES512",
  "PS256",
  "PS512",
  "RS512",
  "none"
]
request_object_signing_alg_values_supported
[
  "PS384",
  "ES384",
  "RS384",
  "HS256",
  "HS512",
  "ES256",
  "RS256",
  "HS384",
  "ES512",
  "PS256",
  "PS512",
  "RS512",
  "none"
]
response_modes_supported
[
  "query",
  "fragment",
  "form_post"
]
registration_endpoint
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/clients-registrations/openid-connect
token_endpoint_auth_methods_supported
[
  "private_key_jwt",
  "client_secret_basic",
  "client_secret_post",
  "tls_client_auth",
  "client_secret_jwt"
]
token_endpoint_auth_signing_alg_values_supported
[
  "PS384",
  "ES384",
  "RS384",
  "HS256",
  "HS512",
  "ES256",
  "RS256",
  "HS384",
  "ES512",
  "PS256",
  "PS512",
  "RS512"
]
claims_supported
[
  "aud",
  "sub",
  "iss",
  "auth_time",
  "name",
  "given_name",
  "family_name",
  "preferred_username",
  "email",
  "acr",
  "openbanking_intent_id"
]
claim_types_supported
[
  "normal"
]
claims_parameter_supported
true
scopes_supported
[
  "openid",
  "roles",
  "web-origins",
  "microprofile-jwt",
  "accounts",
  "offline_access",
  "profile",
  "email",
  "address",
  "phone"
]
request_parameter_supported
true
request_uri_parameter_supported
true
require_request_uri_registration
true
code_challenge_methods_supported
[
  "plain",
  "S256"
]
tls_client_certificate_bound_access_tokens
true
revocation_endpoint
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/revoke
revocation_endpoint_auth_methods_supported
[
  "private_key_jwt",
  "client_secret_basic",
  "client_secret_post",
  "tls_client_auth",
  "client_secret_jwt"
]
revocation_endpoint_auth_signing_alg_values_supported
[
  "PS384",
  "ES384",
  "RS384",
  "HS256",
  "HS512",
  "ES256",
  "RS256",
  "HS384",
  "ES512",
  "PS256",
  "PS512",
  "RS512"
]
backchannel_logout_supported
true
backchannel_logout_session_supported
true
2021-05-04 10:35:30 INFO
AddMTLSEndpointAliasesToEnvironment
The mtls_endpoint_aliases is not present in the server configuration
server
{
  "issuer": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test",
  "authorization_endpoint": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/auth",
  "token_endpoint": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/token",
  "introspection_endpoint": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/token/introspect",
  "userinfo_endpoint": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/userinfo",
  "end_session_endpoint": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/logout",
  "jwks_uri": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/certs",
  "check_session_iframe": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/login-status-iframe.html",
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "refresh_token",
    "password",
    "client_credentials"
  ],
  "response_types_supported": [
    "code",
    "none",
    "id_token",
    "token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "id_token_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5"
  ],
  "id_token_encryption_enc_values_supported": [
    "A256GCM",
    "A192GCM",
    "A128GCM",
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512"
  ],
  "userinfo_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512",
    "none"
  ],
  "request_object_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512",
    "none"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "registration_endpoint": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/clients-registrations/openid-connect",
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt",
    "client_secret_basic",
    "client_secret_post",
    "tls_client_auth",
    "client_secret_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512"
  ],
  "claims_supported": [
    "aud",
    "sub",
    "iss",
    "auth_time",
    "name",
    "given_name",
    "family_name",
    "preferred_username",
    "email",
    "acr",
    "openbanking_intent_id"
  ],
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": true,
  "scopes_supported": [
    "openid",
    "roles",
    "web-origins",
    "microprofile-jwt",
    "accounts",
    "offline_access",
    "profile",
    "email",
    "address",
    "phone"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "tls_client_certificate_bound_access_tokens": true,
  "revocation_endpoint": "https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/revoke",
  "revocation_endpoint_auth_methods_supported": [
    "private_key_jwt",
    "client_secret_basic",
    "client_secret_post",
    "tls_client_auth",
    "client_secret_jwt"
  ],
  "revocation_endpoint_auth_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512"
  ],
  "backchannel_logout_supported": true,
  "backchannel_logout_session_supported": true
}
2021-05-04 10:35:30 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-05-04 10:35:30 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "iam.brazil-ob.brazilob.obly.io",
  "testPort": 443
}
authorization_endpoint
{
  "testHost": "iam.brazil-ob.brazilob.obly.io",
  "testPort": 443
}
token_endpoint
{
  "testHost": "iam.brazil-ob.brazilob.obly.io",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "iam.brazil-ob.brazilob.obly.io",
  "testPort": 443
}
2021-05-04 10:35:30
FetchServerKeys
Fetching server key
jwks_uri
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/certs
2021-05-04 10:35:30
FetchServerKeys
HTTP request
request_uri
https://iam.brazil-ob.brazilob.obly.io/auth/realms/test/protocol/openid-connect/certs
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-05-04 10:35:31 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "cache-control": "no-cache",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "SAMEORIGIN",
  "referrer-policy": "no-referrer",
  "date": "Tue, 04 May 2021 10:35:31 GMT",
  "connection": "keep-alive",
  "strict-transport-security": "max-age\u003d31536000; includeSubDomains",
  "x-content-type-options": "nosniff",
  "content-type": "application/json",
  "content-length": "3111"
}
response_body
{"keys":[{"kid":"xZoOVbDvoAK4qijpbhYZFQ1IveJlIgqlMRqaGhqT-64","kty":"EC","alg":"ES256","use":"sig","crv":"P-256","x":"Lybsovf5hDRWucOoKfakkFo6XRjWgeASlbJg0TAU6ts","y":"nAKR-V-A_XZO-xOuUCdxPusUXQPdy0J079VYrYO9oeQ"},{"kid":"SC-uY3bJnyeTpaaqQB0dYTYPZMo7WitRp5dEqoDl8FQ","kty":"RSA","alg":"RS256","use":"sig","n":"j8TbzjhUPnSbTlXdn-x6d33icEek6DBlUHPKBVK_oTQ2QuAoJE2KdSFqONyI6CZvyo6w4KE-AQlPkMT5HyR5ICDoTai0yMP-HXA9reA5giDAObbjLiAEL4C25SSi5YeM7RmS6ZlTRZJ3vUSuQX9rc-iBnbpgyBFQjHI-XrkaJrTEr-mFrX3IYG3J3SJpy-aknWvDFH5rhtNknADhjcuIlPQYMO3yRcLWprqO8fRvNis0AACEKwo-GzF1g3ByxBYocWVl22ggqvQ453_OU4giSn9HQZK5_xKEYsGA6jdBIpxowCEUwBaFKrGkZqtm7XQuoYjCJrhJfuRh7udjX9smvQ","e":"AQAB","x5c":["MIIClzCCAX8CBgF42lxs+zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI/E2844VD50m05V3Z/send94nBHpOgwZVBzygVSv6E0NkLgKCRNinUhajjciOgmb8qOsOChPgEJT5DE+R8keSAg6E2otMjD/h1wPa3gOYIgwDm24y4gBC+AtuUkouWHjO0ZkumZU0WSd71ErkF/a3PogZ26YMgRUIxyPl65Gia0xK/pha19yGBtyd0iacvmpJ1rwxR+a4bTZJwA4Y3LiJT0GDDt8kXC1qa6jvH0bzYrNAAAhCsKPhsxdYNwcsQWKHFlZdtoIKr0OOd/zlOIIkp/R0GSuf8ShGLBgOo3QSKcaMAhFMAWhSqxpGarZu10LqGIwia4SX7kYe7nY1/bJr0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgL2u6o8mbTNb9VXZdN1GTyBQlIUAzhRK/a04i3Rz2uqElLurPo4QBhSoTXnqbAUnYqVOzs9hbA6w65EjMOjYmcXcVYOarNBEWEWIkKR9O+Hk7wqbD7ScYVjBhQnJ5N7W1JA3kC7ZKZhpe3sSIJLxc6DXuB9Eo/mCseXLX7Mydn3cHq7I4YFwQyRf8XqIuXBGvXL5tbfBZ9ie6XUvdGBgXLWaJNU54PSloEMTF8vIZ/zjMcl2EjTfhe+xT/53hO5pzCPG9KkPF8zUaAD+M+jP9R44tWyhkYN1+eZf+cfIhyetcneSc7xDSaF30Aw1Rxx+6q1ZDhAsI9QPTMcDs8j9FA=="],"x5t":"rjEjauFRe5Wx-LszIQX7LLFmnz8","x5t#S256":"0VzDVRJbyhFafD-YPd0fa7bB4Gvu4he78VPP17cAItQ"},{"kid":"QU9sUz8SX134GzIyTBVy6HtMB-tJ_RmNgKhPQiYRId8","kty":"RSA","alg":"PS256","use":"sig","n":"hrDCotmXed_3MpmUEMPC-ZaQeflhNNkA2a9genCuFFZreFiiDhVt7hO4_8Ko98Lik7UF1dWzG4hAtekQHvB-oEfcXO387KGCs5zisJ0pVRmZyUeUsGclc8tFEDmyLn1ajRj5d4XIsA5vVmmWa3YiJHN6mLYXtgg8FFoBXMvf0Ew94c4uC0Z0__ix-rN0vnQoBEdTxS17VT0v_g52CLMWXsD5X5DQ2EkRsGYOH_aJwnVGo9-hSZWWGMqIra7BZVsJkTL0H-4fr6HzlU8qqwnGvgbWkG_vHIr1E4dK_lxnE58KNCI24VImtmVxRfPYMbMFByoukwQqjSW0ZIN5B0nFMQ","e":"AQAB","x5c":["MIIClzCCAX8CBgF42lxtjDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIawwqLZl3nf9zKZlBDDwvmWkHn5YTTZANmvYHpwrhRWa3hYog4Vbe4TuP/CqPfC4pO1BdXVsxuIQLXpEB7wfqBH3Fzt/OyhgrOc4rCdKVUZmclHlLBnJXPLRRA5si59Wo0Y+XeFyLAOb1Zplmt2IiRzepi2F7YIPBRaAVzL39BMPeHOLgtGdP/4sfqzdL50KARHU8Ute1U9L/4OdgizFl7A+V+Q0NhJEbBmDh/2icJ1RqPfoUmVlhjKiK2uwWVbCZEy9B/uH6+h85VPKqsJxr4G1pBv7xyK9ROHSv5cZxOfCjQiNuFSJrZlcUXz2DGzBQcqLpMEKo0ltGSDeQdJxTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAJnw/2VFZx3fukDnEpMoEowW26a83ish/A66ZKRlyYAQlqIFqhWdU/KWjJri85l23/E9BfW3CW1/+dvanSFaqQ6KiYagQY8sCi6nXr9bxczxm06Ny/yh9eIy3wVk/BEVmP+i5/U2bkrbfI+f8ITaG2nV7dZgWzrDYx5Mvv8ZZ1aJRIldBMjs6PBAzvw3ZQQuj/6G1CTQkx5lMDLDb/0P9aZ0zlljGG+BZdgcjvln1u/n3Q8j3FVOOA+F5hIaLuEf4b+4wvVKbzUo/A3W8NVQ3gHhsMKYbX6OsKVCY9d061XTC9jyicWjeBpFHFpODZh1HV4LaKjLLDBsPwKdTTmaULw=="],"x5t":"Kqsoj7yFdoNQBuqNCQYxG641omk","x5t#S256":"5MOyu0gs-SFWSdSuvO1qiGrsgvDRq3ZpkSu_KKS56h4"}]}
2021-05-04 10:35:31
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kid":"xZoOVbDvoAK4qijpbhYZFQ1IveJlIgqlMRqaGhqT-64","kty":"EC","alg":"ES256","use":"sig","crv":"P-256","x":"Lybsovf5hDRWucOoKfakkFo6XRjWgeASlbJg0TAU6ts","y":"nAKR-V-A_XZO-xOuUCdxPusUXQPdy0J079VYrYO9oeQ"},{"kid":"SC-uY3bJnyeTpaaqQB0dYTYPZMo7WitRp5dEqoDl8FQ","kty":"RSA","alg":"RS256","use":"sig","n":"j8TbzjhUPnSbTlXdn-x6d33icEek6DBlUHPKBVK_oTQ2QuAoJE2KdSFqONyI6CZvyo6w4KE-AQlPkMT5HyR5ICDoTai0yMP-HXA9reA5giDAObbjLiAEL4C25SSi5YeM7RmS6ZlTRZJ3vUSuQX9rc-iBnbpgyBFQjHI-XrkaJrTEr-mFrX3IYG3J3SJpy-aknWvDFH5rhtNknADhjcuIlPQYMO3yRcLWprqO8fRvNis0AACEKwo-GzF1g3ByxBYocWVl22ggqvQ453_OU4giSn9HQZK5_xKEYsGA6jdBIpxowCEUwBaFKrGkZqtm7XQuoYjCJrhJfuRh7udjX9smvQ","e":"AQAB","x5c":["MIIClzCCAX8CBgF42lxs+zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI/E2844VD50m05V3Z/send94nBHpOgwZVBzygVSv6E0NkLgKCRNinUhajjciOgmb8qOsOChPgEJT5DE+R8keSAg6E2otMjD/h1wPa3gOYIgwDm24y4gBC+AtuUkouWHjO0ZkumZU0WSd71ErkF/a3PogZ26YMgRUIxyPl65Gia0xK/pha19yGBtyd0iacvmpJ1rwxR+a4bTZJwA4Y3LiJT0GDDt8kXC1qa6jvH0bzYrNAAAhCsKPhsxdYNwcsQWKHFlZdtoIKr0OOd/zlOIIkp/R0GSuf8ShGLBgOo3QSKcaMAhFMAWhSqxpGarZu10LqGIwia4SX7kYe7nY1/bJr0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgL2u6o8mbTNb9VXZdN1GTyBQlIUAzhRK/a04i3Rz2uqElLurPo4QBhSoTXnqbAUnYqVOzs9hbA6w65EjMOjYmcXcVYOarNBEWEWIkKR9O+Hk7wqbD7ScYVjBhQnJ5N7W1JA3kC7ZKZhpe3sSIJLxc6DXuB9Eo/mCseXLX7Mydn3cHq7I4YFwQyRf8XqIuXBGvXL5tbfBZ9ie6XUvdGBgXLWaJNU54PSloEMTF8vIZ/zjMcl2EjTfhe+xT/53hO5pzCPG9KkPF8zUaAD+M+jP9R44tWyhkYN1+eZf+cfIhyetcneSc7xDSaF30Aw1Rxx+6q1ZDhAsI9QPTMcDs8j9FA=="],"x5t":"rjEjauFRe5Wx-LszIQX7LLFmnz8","x5t#S256":"0VzDVRJbyhFafD-YPd0fa7bB4Gvu4he78VPP17cAItQ"},{"kid":"QU9sUz8SX134GzIyTBVy6HtMB-tJ_RmNgKhPQiYRId8","kty":"RSA","alg":"PS256","use":"sig","n":"hrDCotmXed_3MpmUEMPC-ZaQeflhNNkA2a9genCuFFZreFiiDhVt7hO4_8Ko98Lik7UF1dWzG4hAtekQHvB-oEfcXO387KGCs5zisJ0pVRmZyUeUsGclc8tFEDmyLn1ajRj5d4XIsA5vVmmWa3YiJHN6mLYXtgg8FFoBXMvf0Ew94c4uC0Z0__ix-rN0vnQoBEdTxS17VT0v_g52CLMWXsD5X5DQ2EkRsGYOH_aJwnVGo9-hSZWWGMqIra7BZVsJkTL0H-4fr6HzlU8qqwnGvgbWkG_vHIr1E4dK_lxnE58KNCI24VImtmVxRfPYMbMFByoukwQqjSW0ZIN5B0nFMQ","e":"AQAB","x5c":["MIIClzCCAX8CBgF42lxtjDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIawwqLZl3nf9zKZlBDDwvmWkHn5YTTZANmvYHpwrhRWa3hYog4Vbe4TuP/CqPfC4pO1BdXVsxuIQLXpEB7wfqBH3Fzt/OyhgrOc4rCdKVUZmclHlLBnJXPLRRA5si59Wo0Y+XeFyLAOb1Zplmt2IiRzepi2F7YIPBRaAVzL39BMPeHOLgtGdP/4sfqzdL50KARHU8Ute1U9L/4OdgizFl7A+V+Q0NhJEbBmDh/2icJ1RqPfoUmVlhjKiK2uwWVbCZEy9B/uH6+h85VPKqsJxr4G1pBv7xyK9ROHSv5cZxOfCjQiNuFSJrZlcUXz2DGzBQcqLpMEKo0ltGSDeQdJxTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAJnw/2VFZx3fukDnEpMoEowW26a83ish/A66ZKRlyYAQlqIFqhWdU/KWjJri85l23/E9BfW3CW1/+dvanSFaqQ6KiYagQY8sCi6nXr9bxczxm06Ny/yh9eIy3wVk/BEVmP+i5/U2bkrbfI+f8ITaG2nV7dZgWzrDYx5Mvv8ZZ1aJRIldBMjs6PBAzvw3ZQQuj/6G1CTQkx5lMDLDb/0P9aZ0zlljGG+BZdgcjvln1u/n3Q8j3FVOOA+F5hIaLuEf4b+4wvVKbzUo/A3W8NVQ3gHhsMKYbX6OsKVCY9d061XTC9jyicWjeBpFHFpODZh1HV4LaKjLLDBsPwKdTTmaULw=="],"x5t":"Kqsoj7yFdoNQBuqNCQYxG641omk","x5t#S256":"5MOyu0gs-SFWSdSuvO1qiGrsgvDRq3ZpkSu_KKS56h4"}]}
2021-05-04 10:35:31 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kid": "xZoOVbDvoAK4qijpbhYZFQ1IveJlIgqlMRqaGhqT-64",
      "kty": "EC",
      "alg": "ES256",
      "use": "sig",
      "crv": "P-256",
      "x": "Lybsovf5hDRWucOoKfakkFo6XRjWgeASlbJg0TAU6ts",
      "y": "nAKR-V-A_XZO-xOuUCdxPusUXQPdy0J079VYrYO9oeQ"
    },
    {
      "kid": "SC-uY3bJnyeTpaaqQB0dYTYPZMo7WitRp5dEqoDl8FQ",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "j8TbzjhUPnSbTlXdn-x6d33icEek6DBlUHPKBVK_oTQ2QuAoJE2KdSFqONyI6CZvyo6w4KE-AQlPkMT5HyR5ICDoTai0yMP-HXA9reA5giDAObbjLiAEL4C25SSi5YeM7RmS6ZlTRZJ3vUSuQX9rc-iBnbpgyBFQjHI-XrkaJrTEr-mFrX3IYG3J3SJpy-aknWvDFH5rhtNknADhjcuIlPQYMO3yRcLWprqO8fRvNis0AACEKwo-GzF1g3ByxBYocWVl22ggqvQ453_OU4giSn9HQZK5_xKEYsGA6jdBIpxowCEUwBaFKrGkZqtm7XQuoYjCJrhJfuRh7udjX9smvQ",
      "e": "AQAB",
      "x5c": [
        "MIIClzCCAX8CBgF42lxs+zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI/E2844VD50m05V3Z/send94nBHpOgwZVBzygVSv6E0NkLgKCRNinUhajjciOgmb8qOsOChPgEJT5DE+R8keSAg6E2otMjD/h1wPa3gOYIgwDm24y4gBC+AtuUkouWHjO0ZkumZU0WSd71ErkF/a3PogZ26YMgRUIxyPl65Gia0xK/pha19yGBtyd0iacvmpJ1rwxR+a4bTZJwA4Y3LiJT0GDDt8kXC1qa6jvH0bzYrNAAAhCsKPhsxdYNwcsQWKHFlZdtoIKr0OOd/zlOIIkp/R0GSuf8ShGLBgOo3QSKcaMAhFMAWhSqxpGarZu10LqGIwia4SX7kYe7nY1/bJr0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgL2u6o8mbTNb9VXZdN1GTyBQlIUAzhRK/a04i3Rz2uqElLurPo4QBhSoTXnqbAUnYqVOzs9hbA6w65EjMOjYmcXcVYOarNBEWEWIkKR9O+Hk7wqbD7ScYVjBhQnJ5N7W1JA3kC7ZKZhpe3sSIJLxc6DXuB9Eo/mCseXLX7Mydn3cHq7I4YFwQyRf8XqIuXBGvXL5tbfBZ9ie6XUvdGBgXLWaJNU54PSloEMTF8vIZ/zjMcl2EjTfhe+xT/53hO5pzCPG9KkPF8zUaAD+M+jP9R44tWyhkYN1+eZf+cfIhyetcneSc7xDSaF30Aw1Rxx+6q1ZDhAsI9QPTMcDs8j9FA\u003d\u003d"
      ],
      "x5t": "rjEjauFRe5Wx-LszIQX7LLFmnz8",
      "x5t#S256": "0VzDVRJbyhFafD-YPd0fa7bB4Gvu4he78VPP17cAItQ"
    },
    {
      "kid": "QU9sUz8SX134GzIyTBVy6HtMB-tJ_RmNgKhPQiYRId8",
      "kty": "RSA",
      "alg": "PS256",
      "use": "sig",
      "n": "hrDCotmXed_3MpmUEMPC-ZaQeflhNNkA2a9genCuFFZreFiiDhVt7hO4_8Ko98Lik7UF1dWzG4hAtekQHvB-oEfcXO387KGCs5zisJ0pVRmZyUeUsGclc8tFEDmyLn1ajRj5d4XIsA5vVmmWa3YiJHN6mLYXtgg8FFoBXMvf0Ew94c4uC0Z0__ix-rN0vnQoBEdTxS17VT0v_g52CLMWXsD5X5DQ2EkRsGYOH_aJwnVGo9-hSZWWGMqIra7BZVsJkTL0H-4fr6HzlU8qqwnGvgbWkG_vHIr1E4dK_lxnE58KNCI24VImtmVxRfPYMbMFByoukwQqjSW0ZIN5B0nFMQ",
      "e": "AQAB",
      "x5c": [
        "MIIClzCCAX8CBgF42lxtjDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIawwqLZl3nf9zKZlBDDwvmWkHn5YTTZANmvYHpwrhRWa3hYog4Vbe4TuP/CqPfC4pO1BdXVsxuIQLXpEB7wfqBH3Fzt/OyhgrOc4rCdKVUZmclHlLBnJXPLRRA5si59Wo0Y+XeFyLAOb1Zplmt2IiRzepi2F7YIPBRaAVzL39BMPeHOLgtGdP/4sfqzdL50KARHU8Ute1U9L/4OdgizFl7A+V+Q0NhJEbBmDh/2icJ1RqPfoUmVlhjKiK2uwWVbCZEy9B/uH6+h85VPKqsJxr4G1pBv7xyK9ROHSv5cZxOfCjQiNuFSJrZlcUXz2DGzBQcqLpMEKo0ltGSDeQdJxTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAJnw/2VFZx3fukDnEpMoEowW26a83ish/A66ZKRlyYAQlqIFqhWdU/KWjJri85l23/E9BfW3CW1/+dvanSFaqQ6KiYagQY8sCi6nXr9bxczxm06Ny/yh9eIy3wVk/BEVmP+i5/U2bkrbfI+f8ITaG2nV7dZgWzrDYx5Mvv8ZZ1aJRIldBMjs6PBAzvw3ZQQuj/6G1CTQkx5lMDLDb/0P9aZ0zlljGG+BZdgcjvln1u/n3Q8j3FVOOA+F5hIaLuEf4b+4wvVKbzUo/A3W8NVQ3gHhsMKYbX6OsKVCY9d061XTC9jyicWjeBpFHFpODZh1HV4LaKjLLDBsPwKdTTmaULw\u003d\u003d"
      ],
      "x5t": "Kqsoj7yFdoNQBuqNCQYxG641omk",
      "x5t#S256": "5MOyu0gs-SFWSdSuvO1qiGrsgvDRq3ZpkSu_KKS56h4"
    }
  ]
}
2021-05-04 10:35:31 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kid": "xZoOVbDvoAK4qijpbhYZFQ1IveJlIgqlMRqaGhqT-64",
      "kty": "EC",
      "alg": "ES256",
      "use": "sig",
      "crv": "P-256",
      "x": "Lybsovf5hDRWucOoKfakkFo6XRjWgeASlbJg0TAU6ts",
      "y": "nAKR-V-A_XZO-xOuUCdxPusUXQPdy0J079VYrYO9oeQ"
    },
    {
      "kid": "SC-uY3bJnyeTpaaqQB0dYTYPZMo7WitRp5dEqoDl8FQ",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "j8TbzjhUPnSbTlXdn-x6d33icEek6DBlUHPKBVK_oTQ2QuAoJE2KdSFqONyI6CZvyo6w4KE-AQlPkMT5HyR5ICDoTai0yMP-HXA9reA5giDAObbjLiAEL4C25SSi5YeM7RmS6ZlTRZJ3vUSuQX9rc-iBnbpgyBFQjHI-XrkaJrTEr-mFrX3IYG3J3SJpy-aknWvDFH5rhtNknADhjcuIlPQYMO3yRcLWprqO8fRvNis0AACEKwo-GzF1g3ByxBYocWVl22ggqvQ453_OU4giSn9HQZK5_xKEYsGA6jdBIpxowCEUwBaFKrGkZqtm7XQuoYjCJrhJfuRh7udjX9smvQ",
      "e": "AQAB",
      "x5c": [
        "MIIClzCCAX8CBgF42lxs+zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI/E2844VD50m05V3Z/send94nBHpOgwZVBzygVSv6E0NkLgKCRNinUhajjciOgmb8qOsOChPgEJT5DE+R8keSAg6E2otMjD/h1wPa3gOYIgwDm24y4gBC+AtuUkouWHjO0ZkumZU0WSd71ErkF/a3PogZ26YMgRUIxyPl65Gia0xK/pha19yGBtyd0iacvmpJ1rwxR+a4bTZJwA4Y3LiJT0GDDt8kXC1qa6jvH0bzYrNAAAhCsKPhsxdYNwcsQWKHFlZdtoIKr0OOd/zlOIIkp/R0GSuf8ShGLBgOo3QSKcaMAhFMAWhSqxpGarZu10LqGIwia4SX7kYe7nY1/bJr0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgL2u6o8mbTNb9VXZdN1GTyBQlIUAzhRK/a04i3Rz2uqElLurPo4QBhSoTXnqbAUnYqVOzs9hbA6w65EjMOjYmcXcVYOarNBEWEWIkKR9O+Hk7wqbD7ScYVjBhQnJ5N7W1JA3kC7ZKZhpe3sSIJLxc6DXuB9Eo/mCseXLX7Mydn3cHq7I4YFwQyRf8XqIuXBGvXL5tbfBZ9ie6XUvdGBgXLWaJNU54PSloEMTF8vIZ/zjMcl2EjTfhe+xT/53hO5pzCPG9KkPF8zUaAD+M+jP9R44tWyhkYN1+eZf+cfIhyetcneSc7xDSaF30Aw1Rxx+6q1ZDhAsI9QPTMcDs8j9FA\u003d\u003d"
      ],
      "x5t": "rjEjauFRe5Wx-LszIQX7LLFmnz8",
      "x5t#S256": "0VzDVRJbyhFafD-YPd0fa7bB4Gvu4he78VPP17cAItQ"
    },
    {
      "kid": "QU9sUz8SX134GzIyTBVy6HtMB-tJ_RmNgKhPQiYRId8",
      "kty": "RSA",
      "alg": "PS256",
      "use": "sig",
      "n": "hrDCotmXed_3MpmUEMPC-ZaQeflhNNkA2a9genCuFFZreFiiDhVt7hO4_8Ko98Lik7UF1dWzG4hAtekQHvB-oEfcXO387KGCs5zisJ0pVRmZyUeUsGclc8tFEDmyLn1ajRj5d4XIsA5vVmmWa3YiJHN6mLYXtgg8FFoBXMvf0Ew94c4uC0Z0__ix-rN0vnQoBEdTxS17VT0v_g52CLMWXsD5X5DQ2EkRsGYOH_aJwnVGo9-hSZWWGMqIra7BZVsJkTL0H-4fr6HzlU8qqwnGvgbWkG_vHIr1E4dK_lxnE58KNCI24VImtmVxRfPYMbMFByoukwQqjSW0ZIN5B0nFMQ",
      "e": "AQAB",
      "x5c": [
        "MIIClzCCAX8CBgF42lxtjDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIawwqLZl3nf9zKZlBDDwvmWkHn5YTTZANmvYHpwrhRWa3hYog4Vbe4TuP/CqPfC4pO1BdXVsxuIQLXpEB7wfqBH3Fzt/OyhgrOc4rCdKVUZmclHlLBnJXPLRRA5si59Wo0Y+XeFyLAOb1Zplmt2IiRzepi2F7YIPBRaAVzL39BMPeHOLgtGdP/4sfqzdL50KARHU8Ute1U9L/4OdgizFl7A+V+Q0NhJEbBmDh/2icJ1RqPfoUmVlhjKiK2uwWVbCZEy9B/uH6+h85VPKqsJxr4G1pBv7xyK9ROHSv5cZxOfCjQiNuFSJrZlcUXz2DGzBQcqLpMEKo0ltGSDeQdJxTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAJnw/2VFZx3fukDnEpMoEowW26a83ish/A66ZKRlyYAQlqIFqhWdU/KWjJri85l23/E9BfW3CW1/+dvanSFaqQ6KiYagQY8sCi6nXr9bxczxm06Ny/yh9eIy3wVk/BEVmP+i5/U2bkrbfI+f8ITaG2nV7dZgWzrDYx5Mvv8ZZ1aJRIldBMjs6PBAzvw3ZQQuj/6G1CTQkx5lMDLDb/0P9aZ0zlljGG+BZdgcjvln1u/n3Q8j3FVOOA+F5hIaLuEf4b+4wvVKbzUo/A3W8NVQ3gHhsMKYbX6OsKVCY9d061XTC9jyicWjeBpFHFpODZh1HV4LaKjLLDBsPwKdTTmaULw\u003d\u003d"
      ],
      "x5t": "Kqsoj7yFdoNQBuqNCQYxG641omk",
      "x5t#S256": "5MOyu0gs-SFWSdSuvO1qiGrsgvDRq3ZpkSu_KKS56h4"
    }
  ]
}
2021-05-04 10:35:31 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-05-04 10:35:31 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-05-04 10:35:31 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-05-04 10:35:31 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kid": "xZoOVbDvoAK4qijpbhYZFQ1IveJlIgqlMRqaGhqT-64",
      "kty": "EC",
      "alg": "ES256",
      "use": "sig",
      "crv": "P-256",
      "x": "Lybsovf5hDRWucOoKfakkFo6XRjWgeASlbJg0TAU6ts",
      "y": "nAKR-V-A_XZO-xOuUCdxPusUXQPdy0J079VYrYO9oeQ"
    },
    {
      "kid": "SC-uY3bJnyeTpaaqQB0dYTYPZMo7WitRp5dEqoDl8FQ",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "j8TbzjhUPnSbTlXdn-x6d33icEek6DBlUHPKBVK_oTQ2QuAoJE2KdSFqONyI6CZvyo6w4KE-AQlPkMT5HyR5ICDoTai0yMP-HXA9reA5giDAObbjLiAEL4C25SSi5YeM7RmS6ZlTRZJ3vUSuQX9rc-iBnbpgyBFQjHI-XrkaJrTEr-mFrX3IYG3J3SJpy-aknWvDFH5rhtNknADhjcuIlPQYMO3yRcLWprqO8fRvNis0AACEKwo-GzF1g3ByxBYocWVl22ggqvQ453_OU4giSn9HQZK5_xKEYsGA6jdBIpxowCEUwBaFKrGkZqtm7XQuoYjCJrhJfuRh7udjX9smvQ",
      "e": "AQAB",
      "x5c": [
        "MIIClzCCAX8CBgF42lxs+zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI/E2844VD50m05V3Z/send94nBHpOgwZVBzygVSv6E0NkLgKCRNinUhajjciOgmb8qOsOChPgEJT5DE+R8keSAg6E2otMjD/h1wPa3gOYIgwDm24y4gBC+AtuUkouWHjO0ZkumZU0WSd71ErkF/a3PogZ26YMgRUIxyPl65Gia0xK/pha19yGBtyd0iacvmpJ1rwxR+a4bTZJwA4Y3LiJT0GDDt8kXC1qa6jvH0bzYrNAAAhCsKPhsxdYNwcsQWKHFlZdtoIKr0OOd/zlOIIkp/R0GSuf8ShGLBgOo3QSKcaMAhFMAWhSqxpGarZu10LqGIwia4SX7kYe7nY1/bJr0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgL2u6o8mbTNb9VXZdN1GTyBQlIUAzhRK/a04i3Rz2uqElLurPo4QBhSoTXnqbAUnYqVOzs9hbA6w65EjMOjYmcXcVYOarNBEWEWIkKR9O+Hk7wqbD7ScYVjBhQnJ5N7W1JA3kC7ZKZhpe3sSIJLxc6DXuB9Eo/mCseXLX7Mydn3cHq7I4YFwQyRf8XqIuXBGvXL5tbfBZ9ie6XUvdGBgXLWaJNU54PSloEMTF8vIZ/zjMcl2EjTfhe+xT/53hO5pzCPG9KkPF8zUaAD+M+jP9R44tWyhkYN1+eZf+cfIhyetcneSc7xDSaF30Aw1Rxx+6q1ZDhAsI9QPTMcDs8j9FA\u003d\u003d"
      ],
      "x5t": "rjEjauFRe5Wx-LszIQX7LLFmnz8",
      "x5t#S256": "0VzDVRJbyhFafD-YPd0fa7bB4Gvu4he78VPP17cAItQ"
    },
    {
      "kid": "QU9sUz8SX134GzIyTBVy6HtMB-tJ_RmNgKhPQiYRId8",
      "kty": "RSA",
      "alg": "PS256",
      "use": "sig",
      "n": "hrDCotmXed_3MpmUEMPC-ZaQeflhNNkA2a9genCuFFZreFiiDhVt7hO4_8Ko98Lik7UF1dWzG4hAtekQHvB-oEfcXO387KGCs5zisJ0pVRmZyUeUsGclc8tFEDmyLn1ajRj5d4XIsA5vVmmWa3YiJHN6mLYXtgg8FFoBXMvf0Ew94c4uC0Z0__ix-rN0vnQoBEdTxS17VT0v_g52CLMWXsD5X5DQ2EkRsGYOH_aJwnVGo9-hSZWWGMqIra7BZVsJkTL0H-4fr6HzlU8qqwnGvgbWkG_vHIr1E4dK_lxnE58KNCI24VImtmVxRfPYMbMFByoukwQqjSW0ZIN5B0nFMQ",
      "e": "AQAB",
      "x5c": [
        "MIIClzCCAX8CBgF42lxtjDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIxMDQxNjExMDQ1M1oXDTMxMDQxNjExMDYzM1owDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIawwqLZl3nf9zKZlBDDwvmWkHn5YTTZANmvYHpwrhRWa3hYog4Vbe4TuP/CqPfC4pO1BdXVsxuIQLXpEB7wfqBH3Fzt/OyhgrOc4rCdKVUZmclHlLBnJXPLRRA5si59Wo0Y+XeFyLAOb1Zplmt2IiRzepi2F7YIPBRaAVzL39BMPeHOLgtGdP/4sfqzdL50KARHU8Ute1U9L/4OdgizFl7A+V+Q0NhJEbBmDh/2icJ1RqPfoUmVlhjKiK2uwWVbCZEy9B/uH6+h85VPKqsJxr4G1pBv7xyK9ROHSv5cZxOfCjQiNuFSJrZlcUXz2DGzBQcqLpMEKo0ltGSDeQdJxTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAJnw/2VFZx3fukDnEpMoEowW26a83ish/A66ZKRlyYAQlqIFqhWdU/KWjJri85l23/E9BfW3CW1/+dvanSFaqQ6KiYagQY8sCi6nXr9bxczxm06Ny/yh9eIy3wVk/BEVmP+i5/U2bkrbfI+f8ITaG2nV7dZgWzrDYx5Mvv8ZZ1aJRIldBMjs6PBAzvw3ZQQuj/6G1CTQkx5lMDLDb/0P9aZ0zlljGG+BZdgcjvln1u/n3Q8j3FVOOA+F5hIaLuEf4b+4wvVKbzUo/A3W8NVQ3gHhsMKYbX6OsKVCY9d061XTC9jyicWjeBpFHFpODZh1HV4LaKjLLDBsPwKdTTmaULw\u003d\u003d"
      ],
      "x5t": "Kqsoj7yFdoNQBuqNCQYxG641omk",
      "x5t#S256": "5MOyu0gs-SFWSdSuvO1qiGrsgvDRq3ZpkSu_KKS56h4"
    }
  ]
}
2021-05-04 10:35:31 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
client111-mtls-ES256-ES256
scope
openid email
jwks
{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "client1-ES256",
      "crv": "P-256",
      "alg": "ES256",
      "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4",
      "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw",
      "d": "zngKYq2KBIRGiawAAZQJ0K_ZxL3VyZbOHYScKtrOWX0"
    }
  ]
}
2021-05-04 10:35:31
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2021-05-04 10:35:31 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2021-05-04 10:35:31
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2021-05-04 10:35:31 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIDKDCCAs6gAwIBAgIUXl6GT8Ex1EENFSPveDA8fUoqHAwwCgYIKoZIzj0EAwIwdjELMAkGA1UEBhMCSlAxEzARBgNVBAgTClByaXZhdGUgQ0ExFzAVBgNVBAoTDlNlY3VyZSBPU1MgU2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMSEwHwYDVQQDExhLZXljbG9hay1mYXBpIFByaXZhdGUgQ0EwHhcNMTkwNTIxMDIwNDAwWhcNMjQwNTE5MDIwNDAwWjBhMQswCQYDVQQGEwJKUDEPMA0GA1UECBMGQ2xpZW50MRcwFQYDVQQKEw5TZWN1cmUgT1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEQMA4GA1UEAxMHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM74QUE+RfLtdHCKj1QXRQkj30AtveZa/7jbBpHYJCoSGA4bzuNE04HTK02hwtBO0J0bvbRy14BYHimwhUY6n7gtZKex3JQ39QC2UHbIOtIQXvCgbn6K4iU6WrUbCK4I8p77gIk4MXQmsCQokAtxsF1eq/RyLhRJXo/aTwcHDWcb5n8jFGmpOJyhmPEXwtzqMZwO9Y+aI3d5P/xHXnb84zrgRJH2YMzTKOfGt72I8Ag34ITTQUxox5RUMMGwqlzN6bEYIF9lyCcd3kCSgyp4b4wNBc5h5g3GPDBTCUx3z07oQ50LR7AAICevHvWGlUxXtX+MYc6+Mvjb3l/e+EEldb0CAwEAAaOBgzCBgDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQURPpQRYqk1GU0v6159IJV4fo7s8YwHwYDVR0jBBgwFoAUJmT6o2FQqWh2KBGYB3nfWHkAtEgwCwYDVR0RBAQwAoIAMAoGCCqGSM49BAMCA0gAMEUCIHImOqdaMfLN1M7i4wfXKIGnJHDlEv8B3jASpdlMb35IAiEA5oj7fyh0KxGG9Z4kUGusBUYidOemP81CtyOPzg1A64w=
key
MIIEpQIBAAKCAQEAzvhBQT5F8u10cIqPVBdFCSPfQC295lr/uNsGkdgkKhIYDhvO40TTgdMrTaHC0E7QnRu9tHLXgFgeKbCFRjqfuC1kp7HclDf1ALZQdsg60hBe8KBuforiJTpatRsIrgjynvuAiTgxdCawJCiQC3GwXV6r9HIuFElej9pPBwcNZxvmfyMUaak4nKGY8RfC3OoxnA71j5ojd3k//EdedvzjOuBEkfZgzNMo58a3vYjwCDfghNNBTGjHlFQwwbCqXM3psRggX2XIJx3eQJKDKnhvjA0FzmHmDcY8MFMJTHfPTuhDnQtHsAAgJ68e9YaVTFe1f4xhzr4y+NveX974QSV1vQIDAQABAoIBAQCbyK7NXgMmi+b2AsVJZU54R8D1vLhQWDRdPrceNdNau03R6Mp7tEWDVaAlidlqE7jgWI4c8cgVeb4SYSSfrOalqb02oCDIi6nlRFUiYyorDVl4wzkIFJ+Np/O4l8WbwW5ljia8okhPBgPU45cwlf1K+kRx9TOL34HGw2pyfrNu5G1NWs3a30qHVc5FnKBgJq4PZgxtTC15DoQ4U8IF7M9XYlXOkx3zSOjk2mpQaOPDeRWBwoFsoxqOl+x3/u9rhiGW+9OXEltq+AKAlsZ4QVfvmjIZ65c5SJwrV+OhLIKOoA8TzheBGKZ4vkKt17GxWsm7KP1afh1fqc5Cd1lE0e1BAoGBAPI5SKi+HKuMsWY6YLv0c6j/FHJ/ZnSLLYc6/edfXso0djuz7BOfmLjgnntDrWTf6jWJ14DMDZVaohFr69eham8N9H9bQl7tpdtswRL0IVfOZYbEBbQk57/l5yADZcxvOMne/yh8K8LARYdFe5WDHCijgLhqmENenRHhHUjAuPVxAoGBANq9rnqQ6j4n2GEx+YhIKOflCUWwUe9XQ8pdQwniDQkQ3imOsOLn/nMXUO1oUMbaH0cbQ0+e5QGW74alTaFkQxBeSTbvZplMtwgaKDl2GzlYFPUxSLkAf5crChjT0z5t74RvChCvoLLxXXD+PmkC1Hpub78bfEwqit54fVGMJW8NAoGBAMzk8fZzYnMmvwU3io5TOOcSZqx34iXheTC0EQT/4oHvILhd+OucjCaPMuAYHnt/AXIqWJYFhdP557AO91/elda9Gj4E5z6/jhXvh97Njcrlt3HpLN32fecQxZKJ7TmiN4pjzLjlWGsUE3xapTCSyGYD8KWO3Z/XT8xI/WmGRK6xAoGBAMBmaUr7nl4vk/7iAzehKQHYDpDSpy8bldAwuh++SnL3+EGbdfEP2FsJXjCEOdC+2RYlX85v18TPKz5GtgLIesix9jow1xDuTmv8/faU8Rs+Y6jLwcigLJodzFLMNxnJfw0A0lyc7n+XF/akWubpC1XpP7dcCLfCD8XhO3F4EREdAoGAQRNaIHonLPVg+cZAVR6DAKj7l20tE1THRfHrkJDoM661hl7EnPL30SoLJyKYh3uil+/XAMtdegE5nrumg25FKdDY+JvSSvqEI0dLqKZzc6PBRau3+KVUVAYQtvtH7E2uJ7oFzFepTp2mq1I7+BYEmTIaPDJvf/l5gz+vy+voLrs=
2021-05-04 10:35:31 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-05-04 10:35:31 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "client1-ES256",
      "crv": "P-256",
      "alg": "ES256",
      "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4",
      "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw",
      "d": "zngKYq2KBIRGiawAAZQJ0K_ZxL3VyZbOHYScKtrOWX0"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "client1-ES256",
      "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4",
      "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw",
      "alg": "ES256"
    }
  ]
}
2021-05-04 10:35:31 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-05-04 10:35:31 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-04 10:35:31 SUCCESS
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
2021-05-04 10:35:31 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "client1-ES256",
      "crv": "P-256",
      "alg": "ES256",
      "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4",
      "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw",
      "d": "zngKYq2KBIRGiawAAZQJ0K_ZxL3VyZbOHYScKtrOWX0"
    }
  ]
}
2021-05-04 10:35:31 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
Verify configuration of second client
2021-05-04 10:35:31 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
client112-mtls-ES256-ES256
scope
openid email
jwks
{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "client2-ES256",
      "crv": "P-256",
      "alg": "ES256",
      "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME",
      "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo",
      "d": "xDb8I6rF-rMPo5MV-rZSZZRwk1-TYJCm6SK4JGeP7Gk"
    }
  ]
}
2021-05-04 10:35:31
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
2021-05-04 10:35:31 SUCCESS
ValidateMTLSCertificates2Header
MTLS certificates header is valid
2021-05-04 10:35:31
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
2021-05-04 10:35:31 SUCCESS
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIDJjCCAs6gAwIBAgIUKHCTpsodVknyAZC7gFy3hZZqTtEwCgYIKoZIzj0EAwIwdjELMAkGA1UEBhMCSlAxEzARBgNVBAgTClByaXZhdGUgQ0ExFzAVBgNVBAoTDlNlY3VyZSBPU1MgU2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMSEwHwYDVQQDExhLZXljbG9hay1mYXBpIFByaXZhdGUgQ0EwHhcNMTkwNTIxMDIwNDAwWhcNMjQwNTE5MDIwNDAwWjBhMQswCQYDVQQGEwJKUDEPMA0GA1UECBMGQ2xpZW50MRcwFQYDVQQKEw5TZWN1cmUgT1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEQMA4GA1UEAxMHY2xpZW50MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlwHpEQVCrBo1yRmKACefdDiGLunW+REQHmTWUTEokWdVCsMGjqns1E4h68nmXVApXtyuGLF3IVzJrUQ6DQXCKdPpmoFplD6aC0CdFVouY8XULyny8d1aNl+1nrFFaiamW2JxD9PbtUKfE/TVMM+bums+gHW63KrJo7OnfEC0wvuEwY4vVDvL5DhxoURTU8YhBUxDvAnfQfD4TJEVqEiIt/0vTwrdEoRlHTwaJadcyKdUKvNVG1O1RGlsPm63qS2XkG4QvwasIuhoxuUZbr74S9mlDQV33k/XCWj/nOr+58xCaXNKGOI9TlFA4+YUclJxy/GeBZB0OmSitP5swqpCkCAwEAAaOBgzCBgDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUT8nMrrlLi/LQTlb3k6QnqLwpGT0wHwYDVR0jBBgwFoAUJmT6o2FQqWh2KBGYB3nfWHkAtEgwCwYDVR0RBAQwAoIAMAoGCCqGSM49BAMCA0YAMEMCID4FMD7NJZFeO4X26GifL4ODr/vK+NjeoAcnXdYo5WX7Ah8OifloGxnCplM7doLaG+LaE8r9VEi6QyD29NAIPUPe
key
MIIEpAIBAAKCAQEAyXAekRBUKsGjXJGYoAJ590OIYu6db5ERAeZNZRMSiRZ1UKwwaOqezUTiHryeZdUCle3K4YsXchXMmtRDoNBcIp0+magWmUPpoLQJ0VWi5jxdQvKfLx3Vo2X7WesUVqJqZbYnEP09u1Qp8T9NUwz5u6az6Adbrcqsmjs6d8QLTC+4TBji9UO8vkOHGhRFNTxiEFTEO8Cd9B8PhMkRWoSIi3/S9PCt0ShGUdPBolp1zIp1Qq81UbU7VEaWw+brepLZeQbhC/Bqwi6GjG5RluvvhL2aUNBXfeT9cJaP+c6v7nzEJpc0oY4j1OUUDj5hRyUnHL8Z4FkHQ6ZKK0/mzCqkKQIDAQABAoIBAC6BHe1rkaLVVXuXeV7nc3TsOF5urBYHrZ98pb2B67OOZcMcHYj7MXI+Rt3FuePUi2ZFoaL0U5NZCQVtn7dOoxayqrMapSz5CsS5C9MyLAtvQDCmhq1/+8RfVOnrZaSilmGo7df0Pv4ybgRuEtHrmvQBhmM436d9tN9ecR8ZOWp66Luy1GVM6rwH6ceOc46ZHUwoumN0kQt/G72G0QRbt7iGle/s11TzEKh3YaR9gkS+KPm5K+iPzSP1FxDiwSrKLRQJSjANrzTKEkuQyDm7MSYm23guxosA/4Oyaa+7SDEqk9509yiDp51HK9fFJWnuBoDt7iduz0VJVqHgq0lE9wECgYEA08hkjl9PKMTX8vN9cOX+0W4en3K10Jjonw4d2gS2dIyb8o7B4ulbfGpleMAmcyGuG+k8fC8nSjqYSx4YHPunbmK1O4PCGTi8r6BtD9zW8opJVi+ImMsan8l8bUASOuOFrHhvnB/JZS3yoOZVE8ey6/5QtSjwbn6I7dAvXXgT5pkCgYEA837OFMLfbWoYvdEa9LXmXGWagQe7Ta09BGbJ1Qs1hpuZJl8qK0kVWTDURtr5yu24r7YQ3S3cqKcg3FB3XO+vjreYKl2Cww/v8Wy/glGgqkAhd0dP9K1Q8F8XeQPlrPkNANrGjIlNFYmg163EDwLJ+IoRr+t43KbIoGvsb9kTdBECgYEAh1keys6mrIuA58gtdyXGQNp7v7Nz9yiCIoTHFzrD0KC8WbxatUYmLdFhoFZNPG9d8oCRI1yPY6UnB3roNj2ut6Fl6e8+8ReNn0CL8wNUbBVs4SPnzJ6hGVWPq9Ky0+fs2ljuG31FHODMm4AZB1ctRh12PxE296buo+3VF4tSTKECgYEA4dUW73x52rHPNqWs+Y+HkuSNMuTn3DgzYlSvFw+pWioQFd2nb7P9v9Yg24KWsJZgd19GLs0tXaJ8QLnEqwaGbbhrwccu0xmB8glpaUWp3J1ULJuQVZ81dWrMi2mI6C+o1sUR5yAkxTf7XG4Ga+GrTv9HPkEHvKZXZyoRhP7xIvECgYB6S0i6ruOAFq2iMyGoX83RlWjo+WrGqSVWfzRZ43rFQ3MBEIlkQD3K6+Y+v0MMlgrN3VQTi31IW42ftgOIiy7ZndMvBaQd2Zp4POtNISsRysQJcewPwbL0VXsalNqW+Rl8PDzrd6s13wYogMuWrwmbPphC04LdBhZb6nX6KVkn0A==
2021-05-04 10:35:31 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-05-04 10:35:31 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "client2-ES256",
      "crv": "P-256",
      "alg": "ES256",
      "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME",
      "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo",
      "d": "xDb8I6rF-rMPo5MV-rZSZZRwk1-TYJCm6SK4JGeP7Gk"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "client2-ES256",
      "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME",
      "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo",
      "alg": "ES256"
    }
  ]
}
2021-05-04 10:35:31 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-05-04 10:35:31 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-04 10:35:31 SUCCESS
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
2021-05-04 10:35:31 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "client2-ES256",
      "crv": "P-256",
      "alg": "ES256",
      "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME",
      "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo",
      "d": "xDb8I6rF-rMPo5MV-rZSZZRwk1-TYJCm6SK4JGeP7Gk"
    }
  ]
}
2021-05-04 10:35:31 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2021-05-04 10:35:31 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com/brazil-aisp/v3.1/aisp/
institution_id
xxx
resourceUrlAccountRequests
https://gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com/brazil-aisp/v3.1/aisp/
resourceUrlAccountsResource
https://gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com/brazil-aisp/v3.1/aisp/
2021-05-04 10:35:31 SUCCESS
SetProtectedResourceUrlToAccountsEndpoint
Set protected resource URL
protected_resource_url
https://gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com/brazil-aisp/v3.1/aisp/accounts
2021-05-04 10:35:31 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com",
  "testPort": 443
}
2021-05-04 10:35:31 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com",
  "testPort": 443
}
accounts_request_endpoint
{
  "testHost": "gw-dev-direct.apps.brazilob.a7z0.p1.openshiftapps.com",
  "testPort": 443
}
2021-05-04 10:35:31 FINISHED
fapi-rw-id2-ensure-signed-request-object-with-RS256-fails
Test has run to completion
testmodule_result
SKIPPED
2021-05-04 10:35:37
TEST-RUNNER
Alias has now been claimed by another test
alias
keycloak
new_test_id
ZeygRI7XnwMTVun
Test Results