Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-09-05 05:31:31 INFO
TEST-RUNNER
Test instance u0bS9LSDP0rxOmC created
baseUrl
https://www.certification.openid.net/test/a/NC7000-3A-OC
variant
{
  "client_auth_type": "private_key_jwt",
  "fapi_auth_request_method": "by_value",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "plain_response"
}
alias
NC7000-3A-OC
description
NC7000-3A-OC FAPI Conformance Test
planId
0EXGX3mqQUPdO
config
{
  "alias": "NC7000-3A-OC",
  "description": "NC7000-3A-OC FAPI Conformance Test",
  "server": {
    "discoveryUrl": "https://3a-rplib-test3.cloud-idauth.com/oc/.well-known/openid-configuration",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "alg": "ES256",
          "crv": "P-256",
          "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
          "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
          "kid": "kid2019040100001"
        }
      ]
    }
  },
  "client": {
    "client_id": "OIDFCERT0003",
    "scope": "openid SCOPE0002 offline_access",
    "fapi_financial_id": "https://3a-rplib-test3.cloud-idauth.com/",
    "client_secret": "confidencial_client_es256_0003",
    "client_secret_jwt_alg": "HS256",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "alg": "ES256",
          "crv": "P-256",
          "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
          "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
          "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
          "kid": "kid2019040100008"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJ\nBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H\nbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN\nMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4g\nQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/\nHDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFC\nJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQ\nrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKND\nu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEY\nv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisC\nAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQw\nRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0\nL2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2Nz\ncDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBB\nBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2ln\nbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDww\nOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZh\nbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91\nZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV\nHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWB\nhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYB\nSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5\nKE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+u\nll8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCD\nDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNO\nIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgU\nh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxA\nMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyh\nAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kT\nAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/\nYWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0B\nAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3\nEDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjt\nLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904Mony\nRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKo\nBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLw\nyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d\n-----END CERTIFICATE-----\n"
  },
  "resource": {
    "resourceUrl": "https://3a-rplib-test3.cloud-idauth.com/oc/accounts",
    "institution_id": "nc7000-3a-oc"
  },
  "client2": {
    "client_id": "OIDFCERT0004",
    "client_secret": "confidencial_client_es256_0004",
    "scope": "openid SCOPE0002 offline_access",
    "client_secret_jwt_alg": "HS256",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "alg": "ES256",
          "crv": "P-256",
          "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
          "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
          "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
          "kid": "kid2019040100009"
        }
      ]
    }
  },
  "mtls": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJ\nBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H\nbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN\nMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4g\nQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/\nHDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFC\nJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQ\nrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKND\nu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEY\nv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisC\nAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQw\nRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0\nL2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2Nz\ncDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBB\nBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2ln\nbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDww\nOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZh\nbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91\nZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV\nHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWB\nhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYB\nSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5\nKE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+u\nll8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCD\nDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNO\nIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgU\nh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxA\nMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyh\nAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kT\nAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/\nYWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0B\nAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3\nEDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjt\nLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904Mony\nRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKo\nBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLw\nyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIM\nlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/V\npeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07\n/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blO\nk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mU\nIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMW\neT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4\nFL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5\niRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGg\nakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzm\njRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUW\nIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa\n1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6\nHPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7\na4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP\n/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIR\nmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCi\nbAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS\n7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3\n+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilm\nnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3S\nOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aF\nsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+\nA3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/\nX/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfH\npPylmNcfY4XXW8WwkngGCFg\u003d\n-----END PRIVATE KEY-----\n"
  },
  "mtls2": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJK\nUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05F\nQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4X\nDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAM\nBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAK\nBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3\nw/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmO\nLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5H\nv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2A\nTiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNO\nD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATAN\nBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZY\nkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/\nwGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK\n3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0d\nD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH4\n1LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg\u003d\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCO\nY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3Jy\nVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi\n+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsd\nj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R\n7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXA\nLxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVY\npLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfF\nJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFq\nuf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvb\nk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB\n6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3\nnHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx\n9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiu\neG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+\n3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6\nYZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDB\nviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZ\nV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0\nUWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMY\nChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0\ncFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FC\nTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehp\ncg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCz\nDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU\u003d\n-----END RSA PRIVATE KEY-----\n"
  }
}
testName
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
2020-09-05 05:31:31 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
2020-09-05 05:31:31
GetDynamicServerConfiguration
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-09-05 05:31:32 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:31:32 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d4D7DE029995A24D9FF90E762C79F4BFE; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "1663",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body

{
  "authorization_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/",
  "claims_parameter_supported":true,
  "claims_supported":["acr"],
  "code_challenge_methods_supported":["S256"],
  "grant_types_supported":["authorization_code","urn:openid:params:grant-type:ciba"],
  "id_token_signing_alg_values_supported":["ES256"],
  "issuer":"https://3a-rplib-test3.cloud-idauth.com/oc/",
  "jwks_uri":"https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json",
  "request_object_signing_alg_values_supported":["ES256"],
  "request_parameter_supported":true,
  "response_types_supported":["code","id_token","code token","code id_token","token id_token","code token id_token"],
  "scopes_supported":["openid","accounts","payments"],
  "subject_types_supported":["pairwise","public"],
  "token_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/",
  "token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt","tls_client_auth","self_signed_tls_client_auth"],
  "token_endpoint_auth_signing_alg_values_supported":["HS256","ES256"],
  "token_endpoint_signing_alg_values_supported":["ES256"],
  "userinfo_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/UserInfoEndpoint/",
  "userinfo_signing_alg_values_supported":["ES256"],
  "tls_client_certificate_bound_access_tokens":true,
  "backchannel_token_delivery_modes_supported":["push","poll","ping"],
  "backchannel_authentication_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/BackchannelEndpoint/",
  "backchannel_authentication_request_signing_alg_values_supported":["ES256"]
}
2020-09-05 05:31:32
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string

{
  "authorization_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/",
  "claims_parameter_supported":true,
  "claims_supported":["acr"],
  "code_challenge_methods_supported":["S256"],
  "grant_types_supported":["authorization_code","urn:openid:params:grant-type:ciba"],
  "id_token_signing_alg_values_supported":["ES256"],
  "issuer":"https://3a-rplib-test3.cloud-idauth.com/oc/",
  "jwks_uri":"https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json",
  "request_object_signing_alg_values_supported":["ES256"],
  "request_parameter_supported":true,
  "response_types_supported":["code","id_token","code token","code id_token","token id_token","code token id_token"],
  "scopes_supported":["openid","accounts","payments"],
  "subject_types_supported":["pairwise","public"],
  "token_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/",
  "token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt","tls_client_auth","self_signed_tls_client_auth"],
  "token_endpoint_auth_signing_alg_values_supported":["HS256","ES256"],
  "token_endpoint_signing_alg_values_supported":["ES256"],
  "userinfo_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/UserInfoEndpoint/",
  "userinfo_signing_alg_values_supported":["ES256"],
  "tls_client_certificate_bound_access_tokens":true,
  "backchannel_token_delivery_modes_supported":["push","poll","ping"],
  "backchannel_authentication_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/BackchannelEndpoint/",
  "backchannel_authentication_request_signing_alg_values_supported":["ES256"]
}
2020-09-05 05:31:32 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
authorization_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/
claims_parameter_supported
true
claims_supported
[
  "acr"
]
code_challenge_methods_supported
[
  "S256"
]
grant_types_supported
[
  "authorization_code",
  "urn:openid:params:grant-type:ciba"
]
id_token_signing_alg_values_supported
[
  "ES256"
]
issuer
https://3a-rplib-test3.cloud-idauth.com/oc/
jwks_uri
https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json
request_object_signing_alg_values_supported
[
  "ES256"
]
request_parameter_supported
true
response_types_supported
[
  "code",
  "id_token",
  "code token",
  "code id_token",
  "token id_token",
  "code token id_token"
]
scopes_supported
[
  "openid",
  "accounts",
  "payments"
]
subject_types_supported
[
  "pairwise",
  "public"
]
token_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
token_endpoint_auth_methods_supported
[
  "client_secret_post",
  "client_secret_basic",
  "client_secret_jwt",
  "private_key_jwt",
  "tls_client_auth",
  "self_signed_tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "HS256",
  "ES256"
]
token_endpoint_signing_alg_values_supported
[
  "ES256"
]
userinfo_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/UserInfoEndpoint/
userinfo_signing_alg_values_supported
[
  "ES256"
]
tls_client_certificate_bound_access_tokens
true
backchannel_token_delivery_modes_supported
[
  "push",
  "poll",
  "ping"
]
backchannel_authentication_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/BackchannelEndpoint/
backchannel_authentication_request_signing_alg_values_supported
[
  "ES256"
]
2020-09-05 05:31:32 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2020-09-05 05:31:32 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
authorization_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
token_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
2020-09-05 05:31:32
FetchServerKeys
Fetching server key
jwks_uri
https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json
2020-09-05 05:31:32
FetchServerKeys
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-09-05 05:31:33 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:31:33 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "accept-ranges": "bytes",
  "etag": "W/\"250-1554082818000\"",
  "last-modified": "Mon, 01 Apr 2019 01:40:18 GMT",
  "content-type": "application/json",
  "content-length": "250",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"keys":
  [
    {
      "kty":"EC",
      "alg":"ES256",
      "crv":"P-256",
      "x":"ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y":"AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid":"kid2019040100001"
    }
  ]
}
2020-09-05 05:31:33
FetchServerKeys
Found JWK set string
jwk_string
{"keys":
  [
    {
      "kty":"EC",
      "alg":"ES256",
      "crv":"P-256",
      "x":"ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y":"AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid":"kid2019040100001"
    }
  ]
}
2020-09-05 05:31:33 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2020-09-05 05:31:33 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2020-09-05 05:31:33 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2020-09-05 05:31:33 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2020-09-05 05:31:33 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2020-09-05 05:31:33 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2020-09-05 05:31:33 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
OIDFCERT0003
scope
openid SCOPE0002 offline_access
fapi_financial_id
https://3a-rplib-test3.cloud-idauth.com/
client_secret
confidencial_client_es256_0003
client_secret_jwt_alg
HS256
jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4g
Q29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/
HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFC
JAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQ
rYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKND
u7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEY
v0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisC
AwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQw
RwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0
L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2Nz
cDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBB
BgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2ln
bi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDww
OjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZh
bHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91
ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
HQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWB
hiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYB
SuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5
KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+u
ll8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCD
DwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNO
IlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgU
h7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxA
MgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyh
AvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kT
AAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/
YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0B
AQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3
EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjt
LeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904Mony
RQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKo
BUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLw
yDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg==
-----END CERTIFICATE-----
2020-09-05 05:31:33
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2020-09-05 05:31:33 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2020-09-05 05:31:33
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2020-09-05 05:31:33 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg==
key
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg=
2020-09-05 05:31:33 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2020-09-05 05:31:33 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "kid": "kid2019040100008",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "alg": "ES256"
    }
  ]
}
2020-09-05 05:31:33 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2020-09-05 05:31:33 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-09-05 05:31:33 SUCCESS
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
2020-09-05 05:31:33 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
2020-09-05 05:31:33 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
Verify configuration of second client
2020-09-05 05:31:33 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
OIDFCERT0004
client_secret
confidencial_client_es256_0004
scope
openid SCOPE0002 offline_access
client_secret_jwt_alg
HS256
jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
2020-09-05 05:31:33
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
2020-09-05 05:31:33 SUCCESS
ValidateMTLSCertificates2Header
MTLS certificates header is valid
2020-09-05 05:31:33
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
2020-09-05 05:31:33 SUCCESS
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05FQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4XDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAKBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3w/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmOLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5Hv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2ATiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNOD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZYkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/wGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0dD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH41LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg==
key
MIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCOY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3JyVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsdj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXALxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVYpLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfFJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFquf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvbk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3nHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiueG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6YZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDBviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0UWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMYChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0cFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FCTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehpcg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCzDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU=
2020-09-05 05:31:33 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2020-09-05 05:31:33 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "kid": "kid2019040100009",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "alg": "ES256"
    }
  ]
}
2020-09-05 05:31:33 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2020-09-05 05:31:33 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-09-05 05:31:33 SUCCESS
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
2020-09-05 05:31:33 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
2020-09-05 05:31:33 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2020-09-05 05:31:33 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://3a-rplib-test3.cloud-idauth.com/oc/accounts
institution_id
nc7000-3a-oc
2020-09-05 05:31:33 SUCCESS
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
protected_resource_url
https://3a-rplib-test3.cloud-idauth.com/oc/accounts
2020-09-05 05:31:33 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
2020-09-05 05:31:33 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
accounts_request_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
2020-09-05 05:31:33
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Setup Done
Make request to authorization endpoint
2020-09-05 05:31:33 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
2020-09-05 05:31:33 SUCCESS
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
authorization_endpoint_request
{
  "client_id": "OIDFCERT0003",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}
2020-09-05 05:31:33
CreateRandomStateValue
Created state value
requested_state_length
10
state
zsd1FHMeQw
2020-09-05 05:31:33 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
zsd1FHMeQw
2020-09-05 05:31:33
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
B8Jwj4Btsq
2020-09-05 05:31:33 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
zsd1FHMeQw
nonce
B8Jwj4Btsq
2020-09-05 05:31:33 SUCCESS
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
zsd1FHMeQw
nonce
B8Jwj4Btsq
response_type
code id_token
2020-09-05 05:31:33 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "client_id": "OIDFCERT0003",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "zsd1FHMeQw",
  "nonce": "B8Jwj4Btsq",
  "response_type": "code id_token"
}
2020-09-05 05:31:33 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.599284193E9
2020-09-05 05:31:33 SUCCESS
AddAudToRequestObject
Added aud to request object claims
aud
https://3a-rplib-test3.cloud-idauth.com/oc/
2020-09-05 05:31:33 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
OIDFCERT0003
2020-09-05 05:31:33 SUCCESS
AddClientIdToRequestObject
Added client_id to request object claims
client_id
OIDFCERT0003
2020-09-05 05:31:33 SUCCESS
SignRequestObject
Signed the request object
claims
{"aud":"https:\/\/3a-rplib-test3.cloud-idauth.com\/oc\/","scope":"openid SCOPE0002 offline_access","claims":{"id_token":{"acr":{"value":"urn:mace:incommon:iap:silver","essential":true}}},"iss":"OIDFCERT0003","response_type":"code id_token","redirect_uri":"https:\/\/www.certification.openid.net\/test\/a\/NC7000-3A-OC\/callback","state":"zsd1FHMeQw","exp":1599284193,"nonce":"B8Jwj4Btsq","client_id":"OIDFCERT0003"}
header
{"kid":"kid2019040100008","alg":"ES256"}
request_object
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDMiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwic3RhdGUiOiJ6c2QxRkhNZVF3IiwiZXhwIjoxNTk5Mjg0MTkzLCJub25jZSI6IkI4SndqNEJ0c3EiLCJjbGllbnRfaWQiOiJPSURGQ0VSVDAwMDMifQ.IqGtKhBY2EHnO4y3wkjUN1pTSMeGld0t8tw15FVsjyYhPJl4rNG-SQtfCD_Xb59Jv6Y5rs4eedhYVlod86uHUA
key
{"kty":"EC","d":"dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng","crv":"P-256","kid":"kid2019040100008","x":"ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm","y":"AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd","alg":"ES256"}
2020-09-05 05:31:33 SUCCESS
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/?request=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDMiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwic3RhdGUiOiJ6c2QxRkhNZVF3IiwiZXhwIjoxNTk5Mjg0MTkzLCJub25jZSI6IkI4SndqNEJ0c3EiLCJjbGllbnRfaWQiOiJPSURGQ0VSVDAwMDMifQ.IqGtKhBY2EHnO4y3wkjUN1pTSMeGld0t8tw15FVsjyYhPJl4rNG-SQtfCD_Xb59Jv6Y5rs4eedhYVlod86uHUA&client_id=OIDFCERT0003&redirect_uri=https://www.certification.openid.net/test/a/NC7000-3A-OC/callback&scope=openid%20SCOPE0002%20offline_access&response_type=code%20id_token
2020-09-05 05:31:33 REDIRECT
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Redirecting to authorization endpoint
redirect_to
https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/?request=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDMiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwic3RhdGUiOiJ6c2QxRkhNZVF3IiwiZXhwIjoxNTk5Mjg0MTkzLCJub25jZSI6IkI4SndqNEJ0c3EiLCJjbGllbnRfaWQiOiJPSURGQ0VSVDAwMDMifQ.IqGtKhBY2EHnO4y3wkjUN1pTSMeGld0t8tw15FVsjyYhPJl4rNG-SQtfCD_Xb59Jv6Y5rs4eedhYVlod86uHUA&client_id=OIDFCERT0003&redirect_uri=https://www.certification.openid.net/test/a/NC7000-3A-OC/callback&scope=openid%20SCOPE0002%20offline_access&response_type=code%20id_token
2020-09-05 05:31:47 INCOMING
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Incoming HTTP request to test instance u0bS9LSDP0rxOmC
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://3a-rplib-test3.cloud-idauth.com/oc/InternalAuthoriEndpoint/?client_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_client_uri\u0026logo_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_logo_uri\u0026tos_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_tos_uri\u0026client_name\u003dOIDF_CertTest_Client_0003\u0026client_id\u003dOIDFCERT0003\u0026policy_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_policy_uri\u0026loa\u003durn%3Amace%3Aincommon%3Aiap%3Asilver",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "connection": "close",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-09-05 05:31:47 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/ioDmCHuC4IBgXwYOagmE",
  "fullUrl": "https://www.certification.openid.net/test/a/NC7000-3A-OC/implicit/ioDmCHuC4IBgXwYOagmE"
}
2020-09-05 05:31:47 OUTGOING
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Response to HTTP request to test instance u0bS9LSDP0rxOmC
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/NC7000-3A-OC/implicit/ioDmCHuC4IBgXwYOagmE, returnUrl=/log-detail.html?log=u0bS9LSDP0rxOmC}]
outgoing_path
callback
2020-09-05 05:31:48 INCOMING
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Incoming HTTP request to test instance u0bS9LSDP0rxOmC
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "content-length": "569",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/ioDmCHuC4IBgXwYOagmE
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
#code=mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InVROENod1ktVmpTR3h5bnU5VVVvM2ciLCJzX2hhc2giOiJNd2Izc3N0RXR3eUt0eTRSM3dBYlRRIiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg3NTA3LCJpYXQiOjE1OTkyODM5MDcsIm5vbmNlIjoiQjhKd2o0QnRzcSJ9.8hxUJb54U48CjYTt4coHarXpZPpjVpLFZwGRQzeS8ADGOSK1qIMSgtpRNxxO5mqs4KKR0dS3gWcHiRNOBuEwcQ&state=zsd1FHMeQw
2020-09-05 05:31:48 OUTGOING
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Response to HTTP request to test instance u0bS9LSDP0rxOmC
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [/log-detail.html?log=u0bS9LSDP0rxOmC]
outgoing_path
implicit/ioDmCHuC4IBgXwYOagmE
2020-09-05 05:31:48
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "name": "code",
    "value": "mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY"
  },
  {
    "name": "id_token",
    "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InVROENod1ktVmpTR3h5bnU5VVVvM2ciLCJzX2hhc2giOiJNd2Izc3N0RXR3eUt0eTRSM3dBYlRRIiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg3NTA3LCJpYXQiOjE1OTkyODM5MDcsIm5vbmNlIjoiQjhKd2o0QnRzcSJ9.8hxUJb54U48CjYTt4coHarXpZPpjVpLFZwGRQzeS8ADGOSK1qIMSgtpRNxxO5mqs4KKR0dS3gWcHiRNOBuEwcQ"
  },
  {
    "name": "state",
    "value": "zsd1FHMeQw"
  }
]
2020-09-05 05:31:48 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
code
mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InVROENod1ktVmpTR3h5bnU5VVVvM2ciLCJzX2hhc2giOiJNd2Izc3N0RXR3eUt0eTRSM3dBYlRRIiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg3NTA3LCJpYXQiOjE1OTkyODM5MDcsIm5vbmNlIjoiQjhKd2o0QnRzcSJ9.8hxUJb54U48CjYTt4coHarXpZPpjVpLFZwGRQzeS8ADGOSK1qIMSgtpRNxxO5mqs4KKR0dS3gWcHiRNOBuEwcQ
state
zsd1FHMeQw
2020-09-05 05:31:48 REDIRECT-IN
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://3a-rplib-test3.cloud-idauth.com/oc/InternalAuthoriEndpoint/?client_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_client_uri\u0026logo_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_logo_uri\u0026tos_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_tos_uri\u0026client_name\u003dOIDF_CertTest_Client_0003\u0026client_id\u003dOIDFCERT0003\u0026policy_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_policy_uri\u0026loa\u003durn%3Amace%3Aincommon%3Aiap%3Asilver",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "connection": "close",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "code": "mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY",
  "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InVROENod1ktVmpTR3h5bnU5VVVvM2ciLCJzX2hhc2giOiJNd2Izc3N0RXR3eUt0eTRSM3dBYlRRIiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg3NTA3LCJpYXQiOjE1OTkyODM5MDcsIm5vbmNlIjoiQjhKd2o0QnRzcSJ9.8hxUJb54U48CjYTt4coHarXpZPpjVpLFZwGRQzeS8ADGOSK1qIMSgtpRNxxO5mqs4KKR0dS3gWcHiRNOBuEwcQ",
  "state": "zsd1FHMeQw"
}
post_body
Verify authorization endpoint response
2020-09-05 05:31:48 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2020-09-05 05:31:48 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2020-09-05 05:31:48 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2020-09-05 05:31:48 SUCCESS
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
2020-09-05 05:31:48 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2020-09-05 05:31:48 SUCCESS
ValidateSuccessfulHybridResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
code
mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InVROENod1ktVmpTR3h5bnU5VVVvM2ciLCJzX2hhc2giOiJNd2Izc3N0RXR3eUt0eTRSM3dBYlRRIiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg3NTA3LCJpYXQiOjE1OTkyODM5MDcsIm5vbmNlIjoiQjhKd2o0QnRzcSJ9.8hxUJb54U48CjYTt4coHarXpZPpjVpLFZwGRQzeS8ADGOSK1qIMSgtpRNxxO5mqs4KKR0dS3gWcHiRNOBuEwcQ
state
zsd1FHMeQw
2020-09-05 05:31:48 SUCCESS
CheckMatchingStateParameter
State parameter correctly returned
state
zsd1FHMeQw
2020-09-05 05:31:48 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY
2020-09-05 05:31:48 SUCCESS
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
actual
256
required
128
2020-09-05 05:31:48 SUCCESS
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
actual
151.24511249783654
expected
96.0
2020-09-05 05:31:48 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InVROENod1ktVmpTR3h5bnU5VVVvM2ciLCJzX2hhc2giOiJNd2Izc3N0RXR3eUt0eTRSM3dBYlRRIiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg3NTA3LCJpYXQiOjE1OTkyODM5MDcsIm5vbmNlIjoiQjhKd2o0QnRzcSJ9.8hxUJb54U48CjYTt4coHarXpZPpjVpLFZwGRQzeS8ADGOSK1qIMSgtpRNxxO5mqs4KKR0dS3gWcHiRNOBuEwcQ
header
{
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "sub": "1",
  "aud": "OIDFCERT0003",
  "acr": "urn:mace:incommon:iap:silver",
  "c_hash": "uQ8ChwY-VjSGxynu9UUo3g",
  "s_hash": "Mwb3sstEtwyKty4R3wAbTQ",
  "azp": "OIDFCERT0003",
  "amr": "AUTH_OP",
  "iss": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "exp": 1599287507,
  "iat": 1599283907,
  "nonce": "B8Jwj4Btsq"
}
2020-09-05 05:31:48 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2020-09-05 05:31:48 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
B8Jwj4Btsq
2020-09-05 05:31:48 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
actual
urn:mace:incommon:iap:silver
requested
[
  "urn:mace:incommon:iap:silver"
]
2020-09-05 05:31:48 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InVROENod1ktVmpTR3h5bnU5VVVvM2ciLCJzX2hhc2giOiJNd2Izc3N0RXR3eUt0eTRSM3dBYlRRIiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg3NTA3LCJpYXQiOjE1OTkyODM5MDcsIm5vbmNlIjoiQjhKd2o0QnRzcSJ9.8hxUJb54U48CjYTt4coHarXpZPpjVpLFZwGRQzeS8ADGOSK1qIMSgtpRNxxO5mqs4KKR0dS3gWcHiRNOBuEwcQ
2020-09-05 05:31:48 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InVROENod1ktVmpTR3h5bnU5VVVvM2ciLCJzX2hhc2giOiJNd2Izc3N0RXR3eUt0eTRSM3dBYlRRIiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg3NTA3LCJpYXQiOjE1OTkyODM5MDcsIm5vbmNlIjoiQjhKd2o0QnRzcSJ9.8hxUJb54U48CjYTt4coHarXpZPpjVpLFZwGRQzeS8ADGOSK1qIMSgtpRNxxO5mqs4KKR0dS3gWcHiRNOBuEwcQ
2020-09-05 05:31:48 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
1
2020-09-05 05:31:48 SUCCESS
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
alg
ES256
2020-09-05 05:31:48 INFO
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2020-09-05 05:31:48 SUCCESS
ExtractSHash
Extracted s_hash from ID Token
s_hash
Mwb3sstEtwyKty4R3wAbTQ
alg
ES256
2020-09-05 05:31:48 SUCCESS
ValidateSHash
s_hash validated successfully
expected_hash
Mwb3sstEtwyKty4R3wAbTQ
unhashed_value
zsd1FHMeQw
id_token_hash
Mwb3sstEtwyKty4R3wAbTQ
2020-09-05 05:31:48 SUCCESS
ExtractCHash
Extracted c_hash from ID Token
c_hash
uQ8ChwY-VjSGxynu9UUo3g
alg
ES256
2020-09-05 05:31:48 SUCCESS
ValidateCHash
c_hash validated successfully
expected_hash
uQ8ChwY-VjSGxynu9UUo3g
unhashed_value
mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY
id_token_hash
uQ8ChwY-VjSGxynu9UUo3g
2020-09-05 05:31:48 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
2020-09-05 05:31:48 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
OIDFCERT0003
sub
OIDFCERT0003
aud
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
jti
8JyyrSCGEJQ2X8oXxPF6
iat
1599283908
exp
1599283968
2020-09-05 05:31:48 SUCCESS
AddExpIs5MinutesInPastToClientAssertionClaims
Added 'exp' is 5 minutes in the past to client_assertion_claims
iss
OIDFCERT0003
sub
OIDFCERT0003
aud
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
jti
8JyyrSCGEJQ2X8oXxPF6
iat
1599283908
exp
1599283608
2020-09-05 05:31:48 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4MzYwOCwiaWF0IjoxNTk5MjgzOTA4LCJqdGkiOiI4Snl5clNDR0VKUTJYOG9YeFBGNiJ9.4oJ93BvpmJPODAFmAjYTTUapN4oCw2UQNKqY1x7QEYYd7DScsSKVa21o1Snpx8sBOi13mNFhvM3UDKZiy6lpDQ
2020-09-05 05:31:48
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
authorization_code
code
mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4MzYwOCwiaWF0IjoxNTk5MjgzOTA4LCJqdGkiOiI4Snl5clNDR0VKUTJYOG9YeFBGNiJ9.4oJ93BvpmJPODAFmAjYTTUapN4oCw2UQNKqY1x7QEYYd7DScsSKVa21o1Snpx8sBOi13mNFhvM3UDKZiy6lpDQ
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2020-09-05 05:31:48
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "643"
}
request_body
grant_type=authorization_code&code=mXRSwO0tCIkMeSJQaSA8fKdrHQ9o4IGY&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2FNC7000-3A-OC%2Fcallback&client_assertion=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4MzYwOCwiaWF0IjoxNTk5MjgzOTA4LCJqdGkiOiI4Snl5clNDR0VKUTJYOG9YeFBGNiJ9.4oJ93BvpmJPODAFmAjYTTUapN4oCw2UQNKqY1x7QEYYd7DScsSKVa21o1Snpx8sBOi13mNFhvM3UDKZiy6lpDQ&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
request_mutual_tls
{
  "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
  "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
}
2020-09-05 05:31:49 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
400 BAD_REQUEST
response_status_text
400
response_headers
{
  "date": "Sat, 05 Sep 2020 05:31:48 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d22040C0F23682EC3758AE9B19A17FECC; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "132",
  "connection": "close"
}
response_body
{"error_description":"invalid_client","error":"invalid_client","error_uri":"https://3a-rplib-test3.cloud-idauth.com/oc/OC-OP-13175"}
2020-09-05 05:31:49 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
error_description
invalid_client
error
invalid_client
error_uri
https://3a-rplib-test3.cloud-idauth.com/oc/OC-OP-13175
2020-09-05 05:31:49 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2020-09-05 05:31:49 SUCCESS
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
error
invalid_client
2020-09-05 05:31:49 SUCCESS
CheckErrorDescriptionFromTokenEndpointResponseErrorContainsCRLFTAB
token_endpoint_response 'error_description' field does not include CR/LF/TAB
error_description
invalid_client
2020-09-05 05:31:49 SUCCESS
ValidateErrorDescriptionFromTokenEndpointResponseError
token_endpoint_response error returned valid 'error_description' field
error_description
invalid_client
2020-09-05 05:31:49 SUCCESS
ValidateErrorUriFromTokenEndpointResponseError
token_endpoint_response returned valid 'error_uri' field
error_uri
https://3a-rplib-test3.cloud-idauth.com/oc/OC-OP-13175
2020-09-05 05:31:49 SUCCESS
CheckTokenEndpointHttpStatusForInvalidRequestOrInvalidClientError
Token endpoint http status code was 400 for error 'invalid_client'
2020-09-05 05:31:49 SUCCESS
CheckErrorFromTokenEndpointResponseErrorInvalidClientOrInvalidRequest
Token endpoint returned an expected error
actual
invalid_client
expected
[
  "invalid_request",
  "invalid_client"
]
2020-09-05 05:31:49 FINISHED
fapi-rw-id2-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Test has run to completion
testmodule_result
PASSED
2020-09-05 05:32:15
TEST-RUNNER
Alias has now been claimed by another test
alias
NC7000-3A-OC
new_test_id
8oN9KmHu6m55DKv
Test Results