Test Name | fapi1-advanced-final-client-brazildcr-happypath-test |
---|---|
Variant | client_auth_type=private_key_jwt, fapi_jarm_type=oidc, fapi_auth_request_method=pushed, fapi_profile=openbanking_brazil, fapi_response_mode=plain_response |
Test ID | bELM9nBmnZLLgNa https://www.certification.openid.net/log-detail.html?public=true&log=bELM9nBmnZLLgNa |
Created | 2021-12-16T19:20:13.461068Z |
Description | Teste de Segurança de RP do Ambiente de Homologação do PAN para o Open Banking |
Test Version | 4.1.38 |
Test Owner | 112037456904268539395 https://accounts.google.com |
Plan ID | TQoMgbFqkMMZ0 https://www.certification.openid.net/plan-detail.html?public=true&plan=TQoMgbFqkMMZ0 |
Exported From | https://www.certification.openid.net |
Exported By | 112037456904268539395 https://accounts.google.com |
Suite Version | 4.1.38 |
Exported | 2021-12-16 20:47:29 (UTC) |
Status: FINISHED Result: PASSED |
SUCCESS 173 FAILURE 0 WARNING 0 REVIEW 0 INFO 16 |
2021-12-16 19:20:13 |
INFO
|
TEST-RUNNER
Test instance bELM9nBmnZLLgNa created
|
||||||||||||||
|
2021-12-16 19:20:13 |
SUCCESS
|
FAPIBrazilGenerateServerConfiguration
Created server configuration
|
||||||
|
2021-12-16 19:20:13 |
SUCCESS
|
LoadServerJWKs
Parsed public and private JWK sets
|
||||||
|
2021-12-16 19:20:13 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2021-12-16 19:20:13 |
|
SetServerSigningAlgToPS256
Successfully set signing algorithm to PS256
|
|
2021-12-16 19:20:13 |
|
FAPIBrazilSetGrantTypesSupportedInServerConfiguration
Successfully set grant_types_supported
|
||
|
2021-12-16 19:20:13 |
|
AddClaimsParameterSupportedTrueToServerConfiguration
Successfully added claims_parameter_supported to server configuration
|
||
|
2021-12-16 19:20:13 |
|
FAPIBrazilAddBrazilSpecificSettingsToServerConfiguration
Added open banking Brazil specific server settings
|
||
|
2021-12-16 19:20:13 |
|
SetTokenEndpointAuthMethodsSupportedToPrivateKeyJWTOnly
Changed token_endpoint_auth_methods_supported to private_key_jwt only in server configuration
|
||
|
2021-12-16 19:20:13 |
|
AddPushedAuthorizationRequestEndpointToServerConfig
Added pushed_authorization_request_endpoint to server configuration
|
||
|
2021-12-16 19:20:13 |
|
AddRequirePushedAuthorizationRequestsToServerConfig
Added require_pushed_authorization_requests to server configuration
|
||
|
2021-12-16 19:20:13 | SUCCESS |
AddResponseTypeCodeIdTokenToServerConfiguration
Added code id_token as response type supported
|
||
|
2021-12-16 19:20:13 |
SUCCESS
|
FAPIBrazilAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
|
||
|
2021-12-16 19:20:13 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2021-12-16 19:20:13 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2021-12-16 19:20:13 |
SUCCESS
|
LoadUserInfo
Added user information
|
||
|
2021-12-16 19:20:13 |
|
fapi1-advanced-final-client-brazildcr-happypath-test
Setup Done
|
|
2021-12-16 19:20:23 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:23 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:23 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:23 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:23 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Registration endpoint |
2021-12-16 19:20:23 |
SUCCESS
|
OIDCCExtractDynamicRegistrationRequest
Extracted dynamic client registration request
|
||
|
2021-12-16 19:20:23 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:23 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:23 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:23 |
SUCCESS
|
FAPIBrazilExtractSSAFromDynamicRegistrationRequest
Extracted software statement assertion from dynamic client registration request
|
||
|
2021-12-16 19:20:23 |
|
FAPIBrazilFetchDirectorySSAJwks
Fetching directory jwks
|
||
|
2021-12-16 19:20:23 |
|
FAPIBrazilFetchDirectorySSAJwks
HTTP request
|
||||||||
|
2021-12-16 19:20:23 |
RESPONSE
|
FAPIBrazilFetchDirectorySSAJwks
HTTP response
|
||||||||
|
2021-12-16 19:20:23 |
|
FAPIBrazilFetchDirectorySSAJwks
Found JWK set string
|
||
|
2021-12-16 19:20:23 |
SUCCESS
|
FAPIBrazilFetchDirectorySSAJwks
Downloaded and added directory SSA JWK set to environment
|
||
|
2021-12-16 19:20:23 |
SUCCESS
|
FAPIBrazilValidateSSASignature
software statement signature validated
|
||
|
2021-12-16 19:20:23 |
SUCCESS
|
FAPIBrazilExtractSoftwareStatement
Parsed software_statement
|
||
|
2021-12-16 19:20:23 | SUCCESS |
ValidateClientGrantTypes
grant_types match response_types
|
||||
|
2021-12-16 19:20:23 | SUCCESS |
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
|
||
|
2021-12-16 19:20:23 | SUCCESS |
ValidateClientLogoUris
Client does not contain any logo_uri
|
|
2021-12-16 19:20:23 |
|
ValidateClientUris
HTTP request
|
||||||||
|
2021-12-16 19:20:24 |
RESPONSE
|
ValidateClientUris
HTTP response
|
||||||||
|
2021-12-16 19:20:24 | SUCCESS |
ValidateClientUris
Client contains valid client_uri value(s)
|
||
|
2021-12-16 19:20:24 | SUCCESS |
ValidateClientPolicyUris
Client does not contain any policy_uri
|
|
2021-12-16 19:20:24 | SUCCESS |
ValidateClientTosUris
Client does not contain any tos_uri
|
|
2021-12-16 19:20:24 | SUCCESS |
ValidateClientSubjectType
subject_type is valid
|
||
|
2021-12-16 19:20:24 | SUCCESS |
FAPIBrazilValidateIdTokenSignedResponseAlg
id_token_signed_response_alg is PS256
|
|
2021-12-16 19:20:24 | SUCCESS |
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
|
|
2021-12-16 19:20:24 | INFO |
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
|
||||||
|
2021-12-16 19:20:24 | INFO |
FAPIBrazilValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
|
||||||
|
2021-12-16 19:20:24 | SUCCESS |
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
|
|
2021-12-16 19:20:24 | SUCCESS |
FAPIBrazilValidateRequestObjectSigningAlg
request_object_signing_alg is PS256
|
|
2021-12-16 19:20:24 | SUCCESS |
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_alg is set
|
||||
|
2021-12-16 19:20:24 | INFO |
FAPIBrazilValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
|
||||||
|
2021-12-16 19:20:24 | SUCCESS |
ValidateDefaultMaxAge
default_max_age is not set
|
|
2021-12-16 19:20:24 | SUCCESS |
ValidateRequireAuthTime
require_auth_time is encoded as a boolean
|
||
|
2021-12-16 19:20:24 | INFO |
FAPIBrazilValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
|
||||||
|
2021-12-16 19:20:24 | INFO |
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
|
||||||
|
2021-12-16 19:20:24 | SUCCESS |
FAPIBrazilValidateSoftwareStatementIat
Software statement was issued (iat) not more than 5 minutes ago
|
||||
|
2021-12-16 19:20:24 | SUCCESS |
FAPIBrazilEnsureRegistrationRequestDoesNotIncludeJwks
Registration request does not contain a jwks
|
|
2021-12-16 19:20:24 | SUCCESS |
FAPIBrazilEnsureJwksUriMatchesSoftwareJwksUri
jwks_uri matches software_jwks_uri
|
|
2021-12-16 19:20:24 | SUCCESS |
FAPIBrazilEnsureRedirectUrisMatchSoftwareRedirectUris
redirect_uris match or contain a sub set of software_redirect_uris
|
|
2021-12-16 19:20:24 | SUCCESS |
FAPIBrazilValidateClientAuthenticationMethods
token_endpoint_auth_method is valid
|
||
|
2021-12-16 19:20:24 | SUCCESS |
FAPIBrazilEnsureClientMetadataMatchSoftwareStatement
Client metadata matches software statement
|
|
2021-12-16 19:20:24 |
|
FAPIBrazilEnsureTlsClientAuthSubjectDnOnly
token_endpoint_auth_method is not tls_client_auth
|
|
2021-12-16 19:20:24 | SUCCESS |
GenerateRegistrationAccessToken
Generated registration access token
|
||
|
2021-12-16 19:20:24 |
|
CreateRandomRegistrationClientUri
Created random URL for registration_client_uri
|
||||
|
2021-12-16 19:20:24 |
SUCCESS
|
FAPIBrazilRegisterClient
Registered client
|
||
|
2021-12-16 19:20:24 |
|
FetchClientKeys
Fetching client keys
|
||
|
2021-12-16 19:20:24 |
|
FetchClientKeys
HTTP request
|
||||||||
|
2021-12-16 19:20:25 |
RESPONSE
|
FetchClientKeys
HTTP response
|
||||||||
|
2021-12-16 19:20:25 |
|
FetchClientKeys
Found JWK set string
|
||
|
2021-12-16 19:20:25 |
SUCCESS
|
FetchClientKeys
Downloaded and added client JWK set to client
|
||
|
2021-12-16 19:20:25 | SUCCESS |
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2021-12-16 19:20:25 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2021-12-16 19:20:25 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2021-12-16 19:20:25 |
SUCCESS
|
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2021-12-16 19:20:25 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2021-12-16 19:20:25 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:25 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:25 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:25 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:25 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:25 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Token endpoint |
2021-12-16 19:20:25 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:25 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:25 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:25 | SUCCESS |
ExtractClientAssertion
Parsed client assertion
|
||
|
2021-12-16 19:20:25 |
|
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
|
|
2021-12-16 19:20:25 | SUCCESS |
ValidateClientAssertionSignature
client_assertion signature validated
|
||
|
2021-12-16 19:20:25 | SUCCESS |
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
|
||
|
2021-12-16 19:20:25 | SUCCESS |
ValidateClientAssertionClaims
Client Assertion passed all validation checks
|
|
2021-12-16 19:20:25 |
SUCCESS
|
FAPIBrazilExtractRequestedScopeFromClientCredentialsGrant
Found 'consents' scope in request
|
||||
|
2021-12-16 19:20:25 |
SUCCESS
|
GenerateBearerAccessToken
Generated access token
|
||
|
2021-12-16 19:20:25 |
SUCCESS
|
CreateTokenEndpointResponse
Created token endpoint response
|
||||
|
2021-12-16 19:20:25 |
|
CopyAccessTokenToClientCredentialsField
Condition ran but did not log anything
|
|
2021-12-16 19:20:25 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:25 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:25 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
New consent endpoint |
2021-12-16 19:20:25 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:25 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:25 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:25 |
SUCCESS
|
EnsureIncomingRequestMethodIsPost
Client correctly used http POST method
|
|
2021-12-16 19:20:25 | SUCCESS |
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
|
|
2021-12-16 19:20:25 | SUCCESS |
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
|
||
|
2021-12-16 19:20:25 |
SUCCESS
|
RequireBearerClientCredentialsAccessToken
Found access token in request
|
||
|
2021-12-16 19:20:25 | INFO |
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
|
||||||
|
2021-12-16 19:20:25 | INFO |
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
|
||||||
|
2021-12-16 19:20:25 | INFO |
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
|
||||||
|
2021-12-16 19:20:25 |
SUCCESS
|
FAPIBrazilEnsureClientCredentialsScopeContainedConsents
The token request which was used to obtain the access token contained 'consents' scope
|
||
|
2021-12-16 19:20:25 |
|
FAPIBrazilExtractConsentRequest
Condition ran but did not log anything
|
|
2021-12-16 19:20:25 | SUCCESS |
CreateFapiInteractionIdIfNeeded
Created new FAPI interaction ID
|
||
|
2021-12-16 19:20:25 | SUCCESS |
FAPIBrazilGenerateNewConsentResponse
Created consent response
|
||||||
|
2021-12-16 19:20:25 |
|
ClearAccessTokenFromRequest
Condition ran but did not log anything
|
|
2021-12-16 19:20:25 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:26 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:26 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:26 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:26 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:26 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:26 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:26 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:26 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
PAR endpoint |
2021-12-16 19:20:26 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:26 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:26 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:26 | SUCCESS |
ExtractClientAssertion
Parsed client assertion
|
||
|
2021-12-16 19:20:26 |
|
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
|
|
2021-12-16 19:20:26 | SUCCESS |
ValidateClientAssertionSignature
client_assertion signature validated
|
||
|
2021-12-16 19:20:26 | SUCCESS |
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
|
||
|
2021-12-16 19:20:26 | SUCCESS |
ValidateClientAssertionClaimsForPAREndpoint
Client Assertion passed all validation checks
|
|
2021-12-16 19:20:26 | SUCCESS |
ExtractRequestObjectFromPAREndpointRequest
Parsed request object
|
||
|
2021-12-16 19:20:26 | SUCCESS |
EnsurePAREndpointRequestDoesNotContainRequestUriParameter
PAR endpoint request does not contain a request_uri parameter
|
|
2021-12-16 19:20:26 | SUCCESS |
ValidateEncryptedRequestObjectHasKid
kid was found in the encrypted request object header
|
||
|
2021-12-16 19:20:26 | SUCCESS |
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
|
||
|
2021-12-16 19:20:26 |
|
FAPIBrazilValidateRequestObjectIdTokenACRClaims
acr claim is not requested
|
|
2021-12-16 19:20:26 | SUCCESS |
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
|
||
|
2021-12-16 19:20:26 | SUCCESS |
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
|
||||
|
2021-12-16 19:20:26 |
|
ValidateRequestObjectClaims
Request object does not contain a max_age claim
|
|
2021-12-16 19:20:26 |
SUCCESS
|
ValidateRequestObjectClaims
Request object claims passed all validation checks
|
|
2021-12-16 19:20:26 | SUCCESS |
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
|
||
|
2021-12-16 19:20:26 | SUCCESS |
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
|
|
2021-12-16 19:20:26 | SUCCESS |
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
|
|
2021-12-16 19:20:26 | SUCCESS |
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
|
||||||
|
2021-12-16 19:20:26 |
SUCCESS
|
EnsureRedirectUriInRequestObjectMatchesOneOfClientRedirectUris
Redirect URI matched one of client redirect_uris
|
||
|
2021-12-16 19:20:26 | SUCCESS |
EnsureRequestObjectContainsCodeChallengeWhenUsingPAR
Found required PKCE parameters in request
|
||||
|
2021-12-16 19:20:26 | SUCCESS |
CreatePAREndpointResponse
Created PAR endpoint response
|
||||
|
2021-12-16 19:20:26 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:27 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:27 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Authorization endpoint |
2021-12-16 19:20:27 |
SUCCESS
|
EnsureAuthorizationRequestDoesNotContainRequestWhenUsingPAR
Request does not contain a request parameter
|
|
2021-12-16 19:20:27 | SUCCESS |
ValidateEncryptedRequestObjectHasKid
kid was found in the encrypted request object header
|
||
|
2021-12-16 19:20:27 |
SUCCESS
|
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
|
||
|
2021-12-16 19:20:27 | SUCCESS |
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
|
|
2021-12-16 19:20:27 |
SUCCESS
|
ExtractRequestedScopes
Requested scopes
|
||
|
2021-12-16 19:20:27 |
SUCCESS
|
FAPIBrazilValidateConsentScope
Found consent scope in request
|
||||
|
2021-12-16 19:20:27 |
SUCCESS
|
EnsureScopeContainsAccounts
Found accounts scope in request
|
||
|
2021-12-16 19:20:27 | SUCCESS |
EnsureResponseTypeIsCodeIdToken
Response type is expected value
|
||
|
2021-12-16 19:20:27 | SUCCESS |
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
|
||||
|
2021-12-16 19:20:27 | SUCCESS |
EnsureMatchingClientId
Client ID matched
|
||
|
2021-12-16 19:20:27 |
SUCCESS
|
CreateAuthorizationCode
Created authorization code
|
||
|
2021-12-16 19:20:27 | SUCCESS |
ExtractNonceFromAuthorizationRequest
Extracted nonce
|
||
|
2021-12-16 19:20:27 | SUCCESS |
CalculateCHash
Successful c_hash encoding
|
||
|
2021-12-16 19:20:27 | SUCCESS |
CalculateSHash
Successful s_hash encoding
|
||
|
2021-12-16 19:20:27 |
SUCCESS
|
GenerateIdTokenClaims
Created ID Token Claims
|
||||||||||||
|
2021-12-16 19:20:27 |
|
FAPIBrazilAddCPFAndCPNJToIdTokenClaims
Request object does not contain a claims element.id_token
|
|
2021-12-16 19:20:27 | SUCCESS |
AddCHashToIdTokenClaims
Added c_hash to ID token claims
|
||||
|
2021-12-16 19:20:27 | SUCCESS |
AddSHashToIdTokenClaims
Added s_hash to ID token claims
|
||||
|
2021-12-16 19:20:27 | INFO |
AddAtHashToIdTokenClaims
Skipped evaluation due to missing required string: at_hash
|
||
|
2021-12-16 19:20:27 | INFO |
FAPIBrazilAddACRClaimToIdTokenClaims
Skipped evaluation due to missing required string: requested_id_token_acr_values
|
||
|
2021-12-16 19:20:27 |
SUCCESS
|
SignIdToken
Signed the ID token
|
||
|
2021-12-16 19:20:27 |
SUCCESS
|
FAPIBrazilChangeConsentStatusToAuthorized
Changed consent status to AUTHORISED
|
||
|
2021-12-16 19:20:27 |
SUCCESS
|
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
|
||
|
2021-12-16 19:20:27 | SUCCESS |
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
|
||
|
2021-12-16 19:20:27 | SUCCESS |
AddIdTokenToAuthorizationEndpointResponseParams
Added id_token to authorization endpoint response params
|
||
|
2021-12-16 19:20:27 |
|
SendAuthorizationResponseWithResponseModeFragment
Redirecting back to client
|
||
|
2021-12-16 19:20:27 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||
|
2021-12-16 19:20:28 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:28 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:28 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:29 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:29 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:29 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:29 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:29 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Token endpoint |
2021-12-16 19:20:29 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:29 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:29 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:29 | SUCCESS |
ExtractClientAssertion
Parsed client assertion
|
||
|
2021-12-16 19:20:29 |
|
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
|
|
2021-12-16 19:20:29 | SUCCESS |
ValidateClientAssertionSignature
client_assertion signature validated
|
||
|
2021-12-16 19:20:29 | SUCCESS |
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
|
||
|
2021-12-16 19:20:29 | SUCCESS |
ValidateClientAssertionClaims
Client Assertion passed all validation checks
|
|
2021-12-16 19:20:29 |
SUCCESS
|
ValidateAuthorizationCode
Found authorization code
|
||
|
2021-12-16 19:20:29 |
SUCCESS
|
ValidateRedirectUriForTokenEndpointRequest
redirect_uri is the same as the one used in the authorization request
|
||
|
2021-12-16 19:20:29 | SUCCESS |
ValidateCodeVerifierWithS256
Validated code_verifier successfully
|
||||||
|
2021-12-16 19:20:29 |
SUCCESS
|
GenerateBearerAccessToken
Generated access token
|
||
|
2021-12-16 19:20:29 | SUCCESS |
CalculateAtHash
Successful at_hash encoding
|
||
|
2021-12-16 19:20:29 |
|
CreateRefreshToken
Created refresh token
|
||
|
2021-12-16 19:20:29 |
SUCCESS
|
GenerateIdTokenClaims
Created ID Token Claims
|
||||||||||||
|
2021-12-16 19:20:29 |
|
FAPIBrazilAddCPFAndCPNJToIdTokenClaims
Request object does not contain a claims element.id_token
|
|
2021-12-16 19:20:29 | SUCCESS |
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
|
||||
|
2021-12-16 19:20:29 | INFO |
FAPIBrazilAddACRClaimToIdTokenClaims
Skipped evaluation due to missing required string: requested_id_token_acr_values
|
||
|
2021-12-16 19:20:29 |
SUCCESS
|
SignIdToken
Signed the ID token
|
||
|
2021-12-16 19:20:29 |
SUCCESS
|
CreateTokenEndpointResponse
Created token endpoint response
|
||||||||||
|
2021-12-16 19:20:29 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:31 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:31 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:31 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:31 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:31 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:31 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:31 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:31 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Token endpoint |
2021-12-16 19:20:31 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:31 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:31 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:31 | SUCCESS |
ExtractClientAssertion
Parsed client assertion
|
||
|
2021-12-16 19:20:31 |
|
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
|
|
2021-12-16 19:20:31 | SUCCESS |
ValidateClientAssertionSignature
client_assertion signature validated
|
||
|
2021-12-16 19:20:31 | SUCCESS |
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
|
||
|
2021-12-16 19:20:31 | SUCCESS |
ValidateClientAssertionClaims
Client Assertion passed all validation checks
|
|
2021-12-16 19:20:31 |
SUCCESS
|
ValidateRefreshToken
refresh_token parameter matches the expected value.
|
||
|
2021-12-16 19:20:31 |
SUCCESS
|
GenerateBearerAccessToken
Generated access token
|
||
|
2021-12-16 19:20:31 | SUCCESS |
CalculateAtHash
Successful at_hash encoding
|
||
|
2021-12-16 19:20:31 |
|
CreateRefreshToken
Created refresh token
|
||
|
2021-12-16 19:20:31 |
SUCCESS
|
CreateTokenEndpointResponse
Created token endpoint response
|
||||||||
|
2021-12-16 19:20:31 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:32 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
2021-12-16 19:20:32 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Accounts endpoint |
2021-12-16 19:20:32 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:32 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:32 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:32 | SUCCESS |
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
|
|
2021-12-16 19:20:32 | SUCCESS |
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
|
||
|
2021-12-16 19:20:32 |
SUCCESS
|
RequireBearerAccessToken
Found access token in request
|
||
|
2021-12-16 19:20:32 | INFO |
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
|
||||||
|
2021-12-16 19:20:32 | INFO |
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
|
||||||
|
2021-12-16 19:20:32 | INFO |
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
|
||||||
|
2021-12-16 19:20:32 |
SUCCESS
|
FAPIBrazilEnsureAuthorizationRequestScopesContainAccounts
'accounts' was included in authorization request scopes
|
||||
|
2021-12-16 19:20:32 |
INFO
|
CreateFapiInteractionIdIfNeeded
Found existing FAPI interaction ID
|
||
|
2021-12-16 19:20:32 |
SUCCESS
|
CreateFAPIAccountEndpointResponse
Created account response object
|
||||
|
2021-12-16 19:20:32 |
SUCCESS
|
CreateBrazilAccountsEndpointResponse
Created Brazil accounts response (Please note that this is a hardcoded response copied from API documentation)
|
||||
|
2021-12-16 19:20:32 |
|
ClearAccessTokenFromRequest
Condition ran but did not log anything
|
|
2021-12-16 19:20:32 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:33 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
Registration endpoint |
2021-12-16 19:20:33 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:33 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:33 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:33 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:33 | SUCCESS |
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
|
||
|
2021-12-16 19:20:33 | SUCCESS |
RequireBearerRegistrationAccessToken
Found access token in request
|
||
|
2021-12-16 19:20:33 | SUCCESS |
GenerateRegistrationAccessToken
Generated registration access token
|
||
|
2021-12-16 19:20:33 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:34 |
INCOMING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Incoming HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||||||||||||||
|
Registration endpoint |
2021-12-16 19:20:34 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-12-16 19:20:34 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-12-16 19:20:34 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-12-16 19:20:34 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-12-16 19:20:34 | SUCCESS |
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
|
||
|
2021-12-16 19:20:34 | SUCCESS |
RequireBearerRegistrationAccessToken
Found access token in request
|
||
|
2021-12-16 19:20:34 | SUCCESS |
GenerateRegistrationAccessToken
Generated registration access token
|
||
|
2021-12-16 19:20:34 |
OUTGOING
|
fapi1-advanced-final-client-brazildcr-happypath-test
Response to HTTP request to test instance bELM9nBmnZLLgNa
|
||||||||
|
2021-12-16 19:20:34 |
FINISHED
|
fapi1-advanced-final-client-brazildcr-happypath-test
Test has run to completion
|
||
|
2021-12-16 19:20:38 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|