Test Name | fapi1-advanced-final |
---|---|
Variant | client_auth_type=mtls, fapi_auth_request_method=by_value, fapi_profile=openbanking_brazil, fapi_response_mode=jarm |
Test ID | G0kPRT4M7Xk0k9d https://www.certification.openid.net/log-detail.html?public=true&log=G0kPRT4M7Xk0k9d |
Created | 2022-04-06T08:05:05.696025Z |
Description | az.openitio.com testing |
Test Version | 4.1.42 |
Test Owner | 5019191 https://gitlab.com |
Plan ID | bght8ChfYjUM0 https://www.certification.openid.net/plan-detail.html?public=true&plan=bght8ChfYjUM0 |
Exported From | https://www.certification.openid.net |
Exported By | 5019191 https://gitlab.com |
Suite Version | 4.1.42 |
Exported | 2022-04-20 12:26:43 (UTC) |
Status: FINISHED Result: PASSED |
SUCCESS 213 FAILURE 0 WARNING 0 REVIEW 0 INFO 15 |
2022-04-06 08:05:05 |
INFO
|
TEST-RUNNER
Test instance G0kPRT4M7Xk0k9d created
|
||||||||||||||
|
2022-04-06 08:05:05 |
SUCCESS
|
CreateRedirectUri
Created redirect URI
|
||
|
2022-04-06 08:05:05 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2022-04-06 08:05:05 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2022-04-06 08:05:05 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2022-04-06 08:05:05 | SUCCESS |
AddMTLSEndpointAliasesToEnvironment
Added mtls_endpoint_aliases to environment
|
|
2022-04-06 08:05:05 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2022-04-06 08:05:05 |
|
FetchServerKeys
Fetching server key
|
||
|
2022-04-06 08:05:06 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2022-04-06 08:05:06 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2022-04-06 08:05:06 |
|
FetchServerKeys
Found JWK set string
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2022-04-06 08:05:06 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2022-04-06 08:05:06 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2022-04-06 08:05:06 | SUCCESS |
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2022-04-06 08:05:06 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
|
|
2022-04-06 08:05:06 |
SUCCESS
|
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
|
||||||
|
2022-04-06 08:05:06 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2022-04-06 08:05:06 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2022-04-06 08:05:06 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2022-04-06 08:05:06 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2022-04-06 08:05:06 | SUCCESS |
FAPIBrazilCheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
|
||
|
2022-04-06 08:05:06 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
Verify configuration of second client |
2022-04-06 08:05:06 |
SUCCESS
|
GetStaticClient2Configuration
Found a static second client object
|
||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
ValidateMTLSCertificates2Header
MTLS certificates header is valid
|
|
2022-04-06 08:05:06 |
SUCCESS
|
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
|
||||||
|
2022-04-06 08:05:06 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2022-04-06 08:05:06 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2022-04-06 08:05:06 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2022-04-06 08:05:06 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2022-04-06 08:05:06 | SUCCESS |
FAPIBrazilCheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
|
||
|
2022-04-06 08:05:06 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
2022-04-06 08:05:06 |
SUCCESS
|
ValidateClientPrivateKeysAreDifferent
Client signing JWKs have different thumbprints
|
||||
|
2022-04-06 08:05:06 |
SUCCESS
|
GetResourceEndpointConfiguration
Found a resource endpoint object
|
||||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
|
||||
|
2022-04-06 08:05:06 |
|
fapi1-advanced-final
Setup Done
|
|
Use client_credentials grant to obtain Brazil consent |
2022-04-06 08:05:06 |
SUCCESS
|
CreateTokenEndpointRequestForClientCredentialsGrant
Created token endpoint request
|
||||
|
2022-04-06 08:05:06 |
SUCCESS
|
SetConsentsScopeOnTokenEndpointRequest
Set scope parameter to 'consents'
|
||||
|
2022-04-06 08:05:06 |
|
AddClientIdToTokenEndpointRequest
|
||||||
|
2022-04-06 08:05:06 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2022-04-06 08:05:06 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-04-06 08:05:06 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-04-06 08:05:06 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-04-06 08:05:06 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-04-06 08:05:06 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
FAPIBrazilCreateConsentRequest
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
FAPIBrazilAddExpirationToConsentRequest
Added expiration time to consent request
|
||
|
2022-04-06 08:05:06 |
|
CallConsentEndpointWithBearerToken
HTTP request
|
||||||||||
|
2022-04-06 08:05:06 |
RESPONSE
|
CallConsentEndpointWithBearerToken
HTTP response
|
||||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
CallConsentEndpointWithBearerToken
Got a response from the consent endpoint
|
||||||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
EnsureHttpStatusCodeIs201
resource endpoint returned the expected http status
|
||||
|
2022-04-06 08:05:06 |
SUCCESS
|
EnsureContentTypeJson
endpoint_response Content-Type: header is application/json
|
|
2022-04-06 08:05:06 |
SUCCESS
|
FAPIBrazilConsentEndpointResponseValidatePermissions
Consent endpoint response contains expected permissions
|
||||
|
2022-04-06 08:05:06 |
SUCCESS
|
ExtractConsentIdFromConsentEndpointResponse
Extracted the consent id
|
||
|
2022-04-06 08:05:06 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
FAPIBrazilAddConsentIdToClientScope
Added scope of 'openid accounts consent:4cdd73a5-ea2c-4b3c-95c1-9b064c335593:17b8b82e-b3ec-42a2-bd90-4097028a37f3' to client's scope
|
||||||
|
Make request to authorization endpoint |
2022-04-06 08:05:06 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2022-04-06 08:05:06 |
|
CreateRandomStateValue
Created state value
|
||||
|
2022-04-06 08:05:06 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||
|
2022-04-06 08:05:06 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2022-04-06 08:05:06 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
|
||||||||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
|
||||||||||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2022-04-06 08:05:06 | SUCCESS |
AddNbfToRequestObject
Added nbf to request object claims
|
||
|
2022-04-06 08:05:06 | SUCCESS |
AddExpToRequestObject
Added exp to request object claims
|
||
|
2022-04-06 08:05:06 | SUCCESS |
AddAudToRequestObject
Added aud to request object claims
|
||
|
2022-04-06 08:05:06 | SUCCESS |
AddIssToRequestObject
Added iss to request object claims
|
||
|
2022-04-06 08:05:06 | SUCCESS |
AddClientIdToRequestObject
Added client_id to request object claims
|
||
|
2022-04-06 08:05:06 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2022-04-06 08:05:06 |
|
FAPIBrazilEncryptRequestObject
Encrypted the request object
|
||||||
|
2022-04-06 08:05:06 |
SUCCESS
|
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2022-04-06 08:05:06 |
REDIRECT
|
fapi1-advanced-final
Redirecting to authorization endpoint
|
||
|
2022-04-06 08:05:16 |
INCOMING
|
fapi1-advanced-final
Incoming HTTP request to /test/a/az-openitio/callback
|
||||||||||||||||||||
|
2022-04-06 08:05:16 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2022-04-06 08:05:16 |
OUTGOING
|
fapi1-advanced-final
Response to HTTP request to test instance G0kPRT4M7Xk0k9d
|
||||
|
2022-04-06 08:05:17 |
INCOMING
|
fapi1-advanced-final
Incoming HTTP request to /test/a/az-openitio/implicit/UmYxn0Fi24m1mIrxjNG7
|
||||||||||||||||||||
|
2022-04-06 08:05:17 |
OUTGOING
|
fapi1-advanced-final
Response to HTTP request to test instance G0kPRT4M7Xk0k9d
|
||||||||
|
2022-04-06 08:05:17 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
|
|
2022-04-06 08:05:17 |
REDIRECT-IN
|
fapi1-advanced-final
Authorization endpoint response captured
|
||||||||||
|
Verify authorization endpoint response |
2022-04-06 08:05:17 | SUCCESS |
ExtractJARMFromURLQuery
Found and parsed the jarm_response from callback_query_params
|
||||||
|
2022-04-06 08:05:17 | SUCCESS |
RejectNonJarmResponsesInUrlQuery
Authorization endpoint response only includes the JARM JWT.
|
|
2022-04-06 08:05:17 |
SUCCESS
|
ExtractAuthorizationEndpointResponseFromJARMResponse
Extracted the authorization response
|
||||||||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateJARMResponse
JARM response standard JWT claims are valid
|
|
2022-04-06 08:05:17 | SUCCESS |
ValidateJARMExpRecommendations
JARM response 'exp' is less than 10 minutes
|
||||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateJARMSignatureUsingKid
jarm_response signature validated
|
||
|
2022-04-06 08:05:17 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2022-04-06 08:05:17 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
|
2022-04-06 08:05:17 | SUCCESS |
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
|
|
2022-04-06 08:05:17 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2022-04-06 08:05:17 |
SUCCESS
|
ValidateSuccessfulJARMResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
|
||||||||
|
2022-04-06 08:05:17 | SUCCESS |
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateIssInAuthorizationResponse
'iss' parameter in authorization response matches server's issuer value.
|
|
2022-04-06 08:05:17 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2022-04-06 08:05:17 | SUCCESS |
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
|
||||
|
2022-04-06 08:05:17 | SUCCESS |
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
Call token endpoint |
2022-04-06 08:05:17 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
|
||||||
|
2022-04-06 08:05:17 |
|
AddClientIdToTokenEndpointRequest
|
||||||||
|
2022-04-06 08:05:17 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2022-04-06 08:05:17 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-04-06 08:05:17 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
Verify token endpoint response |
2022-04-06 08:05:17 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-04-06 08:05:17 | SUCCESS |
CheckForAccessTokenValue
Found an access token
|
||
|
2022-04-06 08:05:17 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-04-06 08:05:17 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-04-06 08:05:17 | SUCCESS |
FAPIBrazilValidateExpiresIn
expires_in no greater than 900 seconds and no less than 300 seconds
|
||
|
2022-04-06 08:05:17 |
INFO
|
CheckForRefreshTokenValue
Couldn't find refresh token
|
|
2022-04-06 08:05:17 | INFO |
EnsureMinimumRefreshTokenLength
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
|
||||||
|
2022-04-06 08:05:17 | INFO |
EnsureMinimumRefreshTokenEntropy
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
|
||||||
|
2022-04-06 08:05:17 | SUCCESS |
EnsureMinimumAccessTokenLength
Access token is of sufficient length
|
||||
|
2022-04-06 08:05:17 | SUCCESS |
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-04-06 08:05:17 | SUCCESS |
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
|
||||||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2022-04-06 08:05:17 | SUCCESS |
EnsureIdTokenContainsKid
kid was found in the ID token header
|
||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
|
|
2022-04-06 08:05:17 | SUCCESS |
ValidateIdTokenSignature
id_token signature validated
|
||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2022-04-06 08:05:17 | SUCCESS |
CheckForSubjectInIdToken
Found 'sub' in id_token
|
||
|
2022-04-06 08:05:17 | SUCCESS |
FAPIBrazilValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||||
|
2022-04-06 08:05:17 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-04-06 08:05:17 | INFO |
FAPIValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-04-06 08:05:17 | SUCCESS |
ExtractCHash
Extracted c_hash from ID Token
|
||||
|
2022-04-06 08:05:17 | INFO |
ExtractSHash
Couldn't find s_hash in ID token
|
|
2022-04-06 08:05:17 | SUCCESS |
ExtractAtHash
Extracted at_hash from ID Token
|
||||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateCHash
c_hash validated successfully
|
||||||
|
2022-04-06 08:05:17 | INFO |
ValidateSHash
Skipped evaluation due to missing required object: s_hash
|
||||
|
2022-04-06 08:05:17 | SUCCESS |
ValidateAtHash
at_hash validated successfully
|
||||||
|
Accounts request endpoint TLS test |
2022-04-06 08:05:18 | SUCCESS |
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
|
||||
|
2022-04-06 08:05:18 | SUCCESS |
DisallowTLS10
Server refused TLS 1.0 handshake
|
||||
|
2022-04-06 08:05:18 | SUCCESS |
DisallowTLS11
Server refused TLS 1.1 handshake
|
||||
|
2022-04-06 08:05:18 |
|
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
|
||||
|
2022-04-06 08:05:18 | SUCCESS |
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
|
||||
|
Accounts resource endpoint TLS test |
2022-04-06 08:05:18 | SUCCESS |
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
|
||||
|
2022-04-06 08:05:18 | SUCCESS |
DisallowTLS10
Server refused TLS 1.0 handshake
|
||||
|
2022-04-06 08:05:18 | SUCCESS |
DisallowTLS11
Server refused TLS 1.1 handshake
|
||||
|
2022-04-06 08:05:18 |
|
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
|
||||
|
2022-04-06 08:05:18 | SUCCESS |
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
|
||||
|
Resource server endpoint tests |
2022-04-06 08:05:18 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2022-04-06 08:05:18 | SUCCESS |
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2022-04-06 08:05:18 |
|
AddIpV4FapiCustomerIpAddressToResourceEndpointRequest
Added x-fapi-customer-ip-address containing IPv4 address to resource endpoint request headers
|
||
|
2022-04-06 08:05:18 |
|
CreateRandomFAPIInteractionId
Created interaction ID
|
||
|
2022-04-06 08:05:18 | SUCCESS |
AddFAPIInteractionIdToResourceEndpointRequest
Added x-fapi-interaction-id to resource endpoint request headers
|
||
|
2022-04-06 08:05:18 |
|
CallProtectedResource
HTTP request
|
||||||||||
|
2022-04-06 08:05:18 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-04-06 08:05:18 | SUCCESS |
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-04-06 08:05:18 |
SUCCESS
|
EnsureHttpStatusCodeIs200or201
resource endpoint http status code was 200
|
|
2022-04-06 08:05:18 | SUCCESS |
CheckForDateHeaderInResourceResponse
Date header present and validated
|
||||
|
2022-04-06 08:05:18 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2022-04-06 08:05:18 | SUCCESS |
EnsureMatchingFAPIInteractionId
Interaction ID matched
|
||
|
2022-04-06 08:05:18 | SUCCESS |
EnsureResourceResponseReturnedJsonContentType
Response content type is json
|
||
|
2022-04-06 08:05:18 |
|
DisallowAccessTokenInQuery
HTTP request
|
||||||||||
|
2022-04-06 08:05:18 |
RESPONSE
|
DisallowAccessTokenInQuery
HTTP response
|
||||||||
|
2022-04-06 08:05:18 | SUCCESS |
DisallowAccessTokenInQuery
Resource server refused request
|
||||
|
2022-04-06 08:05:18 |
|
AddIpV6FapiCustomerIpAddressToResourceEndpointRequest
Added x-fapi-customer-ip-address containing IPv6 address to resource endpoint request headers
|
||
|
2022-04-06 08:05:18 |
SUCCESS
|
SetUtf8JsonAcceptHeadersForResourceEndpointRequest
Set Accept header
|
||
|
2022-04-06 08:05:18 |
|
CallProtectedResource
HTTP request
|
||||||||||
|
2022-04-06 08:05:18 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-04-06 08:05:18 | SUCCESS |
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-04-06 08:05:18 |
SUCCESS
|
EnsureHttpStatusCodeIs200or201
resource endpoint http status code was 200
|
|
2022-04-06 08:05:18 |
SUCCESS
|
SetPermissiveAcceptHeaderForResourceEndpointRequest
Set Accept header
|
||
|
2022-04-06 08:05:18 |
|
CallProtectedResource
HTTP request
|
||||||||||
|
2022-04-06 08:05:18 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-04-06 08:05:18 | SUCCESS |
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-04-06 08:05:18 |
SUCCESS
|
EnsureHttpStatusCodeIs200or201
resource endpoint http status code was 200
|
|
2022-04-06 08:05:18 |
SUCCESS
|
ClearAcceptHeaderForResourceEndpointRequest
Cleared custom Accept header
|
|
Second client: Setup |
2022-04-06 08:05:18 | SUCCESS |
AddRedirectUriQuerySuffix
Created redirect URI query suffix to test that query sections in the registered redirect url are handled correctly. The redirect url, including this suffix, must be registered for the client as per http://openid.net/certification/fapi_op_testing/
|
||
|
2022-04-06 08:05:18 |
|
CreateRedirectUri
Appending suffix to redirect URI
|
||
|
2022-04-06 08:05:18 | SUCCESS |
CreateRedirectUri
Created redirect URI
|
||
|
Second client: Use client_credentials grant to obtain Brazil consent |
2022-04-06 08:05:18 |
SUCCESS
|
CreateTokenEndpointRequestForClientCredentialsGrant
Created token endpoint request
|
||||
|
2022-04-06 08:05:18 |
SUCCESS
|
SetConsentsScopeOnTokenEndpointRequest
Set scope parameter to 'consents'
|
||||
|
2022-04-06 08:05:18 |
|
AddClientIdToTokenEndpointRequest
|
||||||
|
2022-04-06 08:05:18 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2022-04-06 08:05:18 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-04-06 08:05:18 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
2022-04-06 08:05:18 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-04-06 08:05:18 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2022-04-06 08:05:18 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-04-06 08:05:18 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-04-06 08:05:18 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-04-06 08:05:18 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2022-04-06 08:05:18 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2022-04-06 08:05:18 |
SUCCESS
|
FAPIBrazilCreateConsentRequest
|
||
|
2022-04-06 08:05:18 |
SUCCESS
|
FAPIBrazilAddExpirationToConsentRequest
Added expiration time to consent request
|
||
|
2022-04-06 08:05:18 |
|
CallConsentEndpointWithBearerToken
HTTP request
|
||||||||||
|
2022-04-06 08:05:19 |
RESPONSE
|
CallConsentEndpointWithBearerToken
HTTP response
|
||||||||
|
2022-04-06 08:05:19 |
SUCCESS
|
CallConsentEndpointWithBearerToken
Got a response from the consent endpoint
|
||||||||||
|
2022-04-06 08:05:19 |
SUCCESS
|
EnsureHttpStatusCodeIs201
resource endpoint returned the expected http status
|
||||
|
2022-04-06 08:05:19 |
SUCCESS
|
EnsureContentTypeJson
endpoint_response Content-Type: header is application/json
|
|
2022-04-06 08:05:19 |
SUCCESS
|
FAPIBrazilConsentEndpointResponseValidatePermissions
Consent endpoint response contains expected permissions
|
||||
|
2022-04-06 08:05:19 |
SUCCESS
|
ExtractConsentIdFromConsentEndpointResponse
Extracted the consent id
|
||
|
2022-04-06 08:05:19 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2022-04-06 08:05:19 |
SUCCESS
|
FAPIBrazilAddConsentIdToClientScope
Added scope of 'openid accounts consent:0caf1998-fa7b-4a17-9b47-595319f7fa35:fd46d193-bca6-4343-b49f-6e0b020197c3' to client's scope
|
||||||
|
Second client: Make request to authorization endpoint |
2022-04-06 08:05:19 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2022-04-06 08:05:19 |
|
CreateRandomStateValue
Created state value
|
||||
|
2022-04-06 08:05:19 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||
|
2022-04-06 08:05:19 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2022-04-06 08:05:19 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||
|
2022-04-06 08:05:19 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
|
||||||||||||
|
2022-04-06 08:05:19 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
|
||||||||||||||
|
2022-04-06 08:05:19 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2022-04-06 08:05:19 |
SUCCESS
|
AddIatToRequestObject
Added iat to request object claims
|
||
|
2022-04-06 08:05:19 | SUCCESS |
AddNbfToRequestObject
Added nbf to request object claims
|
||
|
2022-04-06 08:05:19 | SUCCESS |
AddExpToRequestObject
Added exp to request object claims
|
||
|
2022-04-06 08:05:19 | SUCCESS |
AddAudToRequestObject
Added aud to request object claims
|
||
|
2022-04-06 08:05:19 | SUCCESS |
AddIssToRequestObject
Added iss to request object claims
|
||
|
2022-04-06 08:05:19 | SUCCESS |
AddClientIdToRequestObject
Added client_id to request object claims
|
||
|
2022-04-06 08:05:19 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2022-04-06 08:05:19 |
|
FAPIBrazilEncryptRequestObject
Encrypted the request object
|
||||||
|
2022-04-06 08:05:19 |
SUCCESS
|
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2022-04-06 08:05:19 |
REDIRECT
|
fapi1-advanced-final
Redirecting to authorization endpoint
|
||
|
2022-04-06 08:05:28 |
INCOMING
|
fapi1-advanced-final
Incoming HTTP request to /test/a/az-openitio/callback
|
||||||||||||||||||||
|
2022-04-06 08:05:28 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2022-04-06 08:05:28 |
OUTGOING
|
fapi1-advanced-final
Response to HTTP request to test instance G0kPRT4M7Xk0k9d
|
||||
|
2022-04-06 08:05:29 |
INCOMING
|
fapi1-advanced-final
Incoming HTTP request to /test/a/az-openitio/implicit/BilCJbffXQdp1vPrsKbA
|
||||||||||||||||||||
|
2022-04-06 08:05:29 |
OUTGOING
|
fapi1-advanced-final
Response to HTTP request to test instance G0kPRT4M7Xk0k9d
|
||||||||
|
2022-04-06 08:05:29 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
|
|
2022-04-06 08:05:29 |
REDIRECT-IN
|
fapi1-advanced-final
Authorization endpoint response captured
|
||||||||||
|
Second client: Verify authorization endpoint response |
2022-04-06 08:05:29 | SUCCESS |
ExtractJARMFromURLQuery
Found and parsed the jarm_response from callback_query_params
|
||||||
|
2022-04-06 08:05:29 | SUCCESS |
RejectNonJarmResponsesInUrlQuery
Authorization endpoint response only includes the JARM JWT.
|
|
2022-04-06 08:05:29 |
SUCCESS
|
ExtractAuthorizationEndpointResponseFromJARMResponse
Extracted the authorization response
|
||||||||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateJARMResponse
JARM response standard JWT claims are valid
|
|
2022-04-06 08:05:29 | SUCCESS |
ValidateJARMExpRecommendations
JARM response 'exp' is less than 10 minutes
|
||||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateJARMSignatureUsingKid
jarm_response signature validated
|
||
|
2022-04-06 08:05:29 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2022-04-06 08:05:29 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
||||
|
2022-04-06 08:05:29 | SUCCESS |
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
|
|
2022-04-06 08:05:29 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2022-04-06 08:05:29 |
SUCCESS
|
ValidateSuccessfulJARMResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
|
||||||||
|
2022-04-06 08:05:29 | SUCCESS |
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateIssInAuthorizationResponse
'iss' parameter in authorization response matches server's issuer value.
|
|
2022-04-06 08:05:29 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2022-04-06 08:05:29 | SUCCESS |
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
|
||||
|
2022-04-06 08:05:29 | SUCCESS |
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
Second client: Call token endpoint |
2022-04-06 08:05:29 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
|
||||||
|
2022-04-06 08:05:29 |
|
AddClientIdToTokenEndpointRequest
|
||||||||
|
2022-04-06 08:05:29 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2022-04-06 08:05:29 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-04-06 08:05:29 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
Second client: Verify token endpoint response |
2022-04-06 08:05:29 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-04-06 08:05:29 | SUCCESS |
CheckForAccessTokenValue
Found an access token
|
||
|
2022-04-06 08:05:29 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-04-06 08:05:29 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-04-06 08:05:29 | SUCCESS |
FAPIBrazilValidateExpiresIn
expires_in no greater than 900 seconds and no less than 300 seconds
|
||
|
2022-04-06 08:05:29 |
INFO
|
CheckForRefreshTokenValue
Couldn't find refresh token
|
|
2022-04-06 08:05:29 | INFO |
EnsureMinimumRefreshTokenLength
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
|
||||||
|
2022-04-06 08:05:29 | INFO |
EnsureMinimumRefreshTokenEntropy
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
|
||||||
|
2022-04-06 08:05:29 | SUCCESS |
EnsureMinimumAccessTokenLength
Access token is of sufficient length
|
||||
|
2022-04-06 08:05:29 | SUCCESS |
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-04-06 08:05:29 | SUCCESS |
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
|
||||||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2022-04-06 08:05:29 | SUCCESS |
EnsureIdTokenContainsKid
kid was found in the ID token header
|
||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
|
|
2022-04-06 08:05:29 | SUCCESS |
ValidateIdTokenSignature
id_token signature validated
|
||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2022-04-06 08:05:29 | SUCCESS |
CheckForSubjectInIdToken
Found 'sub' in id_token
|
||
|
2022-04-06 08:05:29 | SUCCESS |
FAPIBrazilValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||||
|
2022-04-06 08:05:29 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-04-06 08:05:29 | INFO |
FAPIValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-04-06 08:05:29 | SUCCESS |
ExtractCHash
Extracted c_hash from ID Token
|
||||
|
2022-04-06 08:05:29 | INFO |
ExtractSHash
Couldn't find s_hash in ID token
|
|
2022-04-06 08:05:29 | SUCCESS |
ExtractAtHash
Extracted at_hash from ID Token
|
||||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateCHash
c_hash validated successfully
|
||||||
|
2022-04-06 08:05:29 | INFO |
ValidateSHash
Skipped evaluation due to missing required object: s_hash
|
||||
|
2022-04-06 08:05:29 | SUCCESS |
ValidateAtHash
at_hash validated successfully
|
||||||
|
Second client: Resource server endpoint tests |
2022-04-06 08:05:29 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2022-04-06 08:05:29 |
|
CallProtectedResource
HTTP request
|
||||||||||
|
2022-04-06 08:05:29 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-04-06 08:05:29 | SUCCESS |
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-04-06 08:05:29 |
SUCCESS
|
EnsureHttpStatusCodeIs200or201
resource endpoint http status code was 200
|
|
2022-04-06 08:05:29 | SUCCESS |
CheckForDateHeaderInResourceResponse
Date header present and validated
|
||||
|
2022-04-06 08:05:29 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2022-04-06 08:05:29 | SUCCESS |
EnsureResourceResponseReturnedJsonContentType
Response content type is json
|
||
|
Try Client1's MTLS client certificate with Client2's access token |
2022-04-06 08:05:29 |
|
CallProtectedResource
HTTP request
|
||||||||||
|
2022-04-06 08:05:29 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-04-06 08:05:29 | SUCCESS |
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-04-06 08:05:29 | SUCCESS |
EnsureHttpStatusCodeIs4xx
resource endpoint http status code was 401
|
|
2022-04-06 08:05:29 |
FINISHED
|
fapi1-advanced-final
Test has run to completion
|
||
|
2022-04-06 08:05:59 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|