Test detail

Test Name	fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Variant	client_auth_type=mtls, fapi_auth_request_method=by_value, fapi_profile=plain_fapi, fapi_response_mode=jarm
Test ID	qRrIhEBIFnWH1pv https://www.certification.openid.net/log-detail.html?public=true&log=qRrIhEBIFnWH1pv
Created	2022-07-18T20:31:15.768874Z
Description
Test Version	4.1.45
Test Owner	102081685218744222837 https://accounts.google.com
Plan ID	kTLR7Tdfkbqur https://www.certification.openid.net/plan-detail.html?public=true&plan=kTLR7Tdfkbqur
Exported From	https://www.certification.openid.net
Exported By	102081685218744222837 https://accounts.google.com
Suite Version	4.1.45
Exported	2022-07-18 21:19:17 (UTC)

2022-07-18 20:31:15

(7) More

INFO

TEST-RUNNER

Test instance qRrIhEBIFnWH1pv created

baseUrl	https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm
variant	{ "client_auth_type": "mtls", "fapi_auth_request_method": "by_value", "fapi_profile": "plain_fapi", "fapi_response_mode": "jarm" }
alias	pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm
description
planId	kTLR7Tdfkbqur
config	{ "alias": "pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm", "browser": [ { "match": "https://idp.conf.ping-eng.com:9031/as/authorization.oauth2", "tasks": [ { "task": "capture error", "match": "https://idp.conf.ping-eng.com:9031/as/authorization.oauth2", "commands": [ [ "wait", "xpath", "//", 10, ".400 - invalid_request_object*", "update-image-placeholder" ] ] } ] } ], "server": { "discoveryUrl": "https://idp.conf.ping-eng.com:9031/.well-known/openid-configuration" }, "client": { "client_id": "fapi_adv_op_w_mtls_value_first_client", "scope": "openid payments", "jwks": { "keys": [ { "p": "7Iiv4eby1Ubo_U9uzWEa8OlUQoBz4vjPtB7MWQ6dlM7ajD9IjhjwwE8e1d_fE22DW4bEjHb1ls6_wbEm07PusUuMyHtWzW1sNWnpCh0xgDsEnLZwmtdXhPDHJlbRXHXAqcTVTUIJNMUSa8Mj9MXs33u1mkMD-hYWJfDHNCrDUAc", "kty": "RSA", "q": "msxkZpdafUHdoC-S5QrAHZ8z0NrQNFjn2yFcpznZ0zjXK83QH-jbBHCcTDBkF7xpatG61SbEznYxYaDEFR4xzuyy0WOYtoIk5IukygdvZhMkAXDNl5rNvF770Fnv8gwpoxZqlpb18kWtP2gk-ebJK2YHKjhl-pHDOrbzubkRdOE", "d": "AXvpT93_Y-hQYTCk95gHj6BinFTppIaTZhgJWvnDY-Bz1NhUZ7fz-RjePxQBEuRv3DUk6nEmT8CivxJKZdql9AR9UjHz_ANOH6mAwHxkE2bcEKEsJFGTkaDJhVqmwukYwfKfGpkeNuD2r5rhNdl3XNUQ6VdTkUokmZM3KNrLhks3NtPL3xEMqK5KAYJbJuS8AQoOI5scRTJZYcS63KK9WwBoOFwbz3PFHJb2lffTOH_tnqgSvm9chb7y1CaarSJuFSVTjkjMyk2rBOr4bu5YRtxzH1dAa3Dd5n9XzVwN_q0dIitTh7Vro2JcSU24O1n-XR4WGzCCiarMxPKc8SWyAQ", "e": "AQAB", "use": "sig", "kid": "pingfederate-fapi-jwt-assertion-client1", "qi": "De5E3i5KIQ88R7jYZDWEsVonhPPGcWksWXC-s4frJ0tISk5-zlCdP6eitstJTaB1i7bkCW4R7iXufgXqW2WCRK2IXXjwItZo1zEpuAZJnKFwDPxXt5pLoc_sDjarMRENxdx_spyiFIxejLvvDmKGxs7vt3LDm_ytvJXfsymzjqM", "dp": "z80l9-jV3dl2R1TJm1V8Pbo_dE01gmnkz_Fexb65Ykp4Zk4SiAQRPmJETNFpQcAsbvRvKJg6Gkt428muur6RLOGaxWbWU5OWRTbOrTwIiQdQff0p4F7fXMPLsjsDo58vq_ZpDn69Z8ba8CF4LUrVV2Fvoh7OF5_fxWVLHOGUxXE", "alg": "PS256", "dq": "JRS_HEA3YffsMhoTUyB_ItlnHSm9ZDzD1Z8pRbm67zkXehvENlCeXnLnTeztnS36BqeU3Mh7roVrkNpk_jYMcmgK8dOs2lNUqRa2c9rSGZ6OKnYuGZnwnKYYJjHVI6M8Oh_9inNBGTcNqDm3WdGp8OZw4vE9pIdUP_VhbuThRKE", "n": "jwcTfjv0q48qux1sg2MR8OvCh1mXITYu7zkEJVCz0UImIrIqLtEzmGkqJP0LobK6-NlFHWOsAp2NcVTh79RBwawsrmi59rJ_nHigX00C7wjVpJtldJmOwmSS4HD8EgRkiM0yJzyKijtRiB5ssrOoBK3VPFMqZYm_JBJY35s_qDDHWTlwuWDLqADZp809btMcwQZCqgrSKgtalspeKXIh6Lv3lkFnELJhfwGZYPtVc2SJk91F8tmgamPNJUfVJV3ygdBuDcB8EZ8m-tIaISghfR1RRkEeYI8r_Wf4dfjIAZRkrj8GHqAJOi762rjyFvXvcPc0Zc-ABDYnVi4WdWOCJw" } ] } }, "mtls": { "cert": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUIi7yAbDDmWkZjI8CwjLBVkswVkIwDQYJKoZIhvcNAQEL\nBQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIx\nFTATBgNVBAoMDFBpbmdJZGVudGl0eTEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxIzAh\nBgNVBAMMGkZBUEkgQWR2IE9QIHcgRmlyc3QgQ2xpZW50MCAXDTIxMDcyNjIyMzQz\nN1oYDzIxMjEwNzAyMjIzNDM3WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08x\nDzANBgNVBAcMBkRlbnZlcjEVMBMGA1UECgwMUGluZ0lkZW50aXR5MRQwEgYDVQQL\nDAtEZXZlbG9wbWVudDEjMCEGA1UEAwwaRkFQSSBBZHYgT1AgdyBGaXJzdCBDbGll\nbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa91hiBBEaNcRdvQ0G\nvg06mzaIQpa17vgtP77HwtV0FvH+3imrnqmaCcpEnWGMv/udX8S5r/VAeUPB2Q31\n187vKDLKxbadWTKuSNQajOkRyiXZzutbEQbN/t7JAz7oETujYoOTlMNT4N9twYvK\nEvxTeZAWNUCQHXZcESKYXhph0eZaaOvNo7WqQ+ygGBzgTVev6tXr/Q2+M3NkBnSv\nRYegSN5ZtmIXMrNVaH7D+SC8QUPWxsB8ZVIENzBhCI8+brrPjyLNqVKoI9O7Hjdg\nzb8Xs+gC98ATmsbQrE/8pRdYYCPkEoETAWRq2T/dEf7NE+AMerttKk9TdNwvbB1W\nbAoHAgMBAAGjUzBRMB0GA1UdDgQWBBTr8p3YWM2Rtw/BAQaellNa1RUKSTAfBgNV\nHSMEGDAWgBTr8p3YWM2Rtw/BAQaellNa1RUKSTAPBgNVHRMBAf8EBTADAQH/MA0G\nCSqGSIb3DQEBCwUAA4IBAQB17ygVKcEpZxP4XML98KyUycNxsyHcKdIo2GZCRsmw\njDR5nRcdWlE+tI50sduSaAR+gSbDFR/dqBxl0lBEMLj6Rqpson+z17jv68fU9H7l\n7JLfI5xAXuW4s1Kg/xBcYBy7QJkU9CTMIb6TBQESCbTUq89aCX4fT8WQleCflRJj\nSuzzdpVWd0PIhcxCoxpa/BcXtK0gf/z0rimF4jJKv40rqdf0LGsVzKQ9TxQIDWk0\ntov4FkvBw63VUp6b7PWdEHi4E9uKgHxh2Pj+VykK33nCmUsGXENfj4SSkY2O00iD\nw3oHfC8xmWvgqsTdlzJm1qhZCZGNOsdWLEv6hGl4XLyr\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa91hiBBEaNcRd\nvQ0Gvg06mzaIQpa17vgtP77HwtV0FvH+3imrnqmaCcpEnWGMv/udX8S5r/VAeUPB\n2Q31187vKDLKxbadWTKuSNQajOkRyiXZzutbEQbN/t7JAz7oETujYoOTlMNT4N9t\nwYvKEvxTeZAWNUCQHXZcESKYXhph0eZaaOvNo7WqQ+ygGBzgTVev6tXr/Q2+M3Nk\nBnSvRYegSN5ZtmIXMrNVaH7D+SC8QUPWxsB8ZVIENzBhCI8+brrPjyLNqVKoI9O7\nHjdgzb8Xs+gC98ATmsbQrE/8pRdYYCPkEoETAWRq2T/dEf7NE+AMerttKk9TdNwv\nbB1WbAoHAgMBAAECggEAf4aFKUQHfvY4PpvRGHdWE6CfY8rIk7ewbCxFJ8biOcKY\nKxFQYXcUQztDROvu1xE2Uu/4yIZQ4VnptKCWqHWMSatfARdrjFlXJ62vPpovQwCD\n3ZY2gJ6mZucTF4CgSAHGflIXzV9izqgDtiLMkuLE2zzyohP4qaBVQranLZRjSZNW\neGvEpkcf7Nv7FlfZaOJ/FkcGwyFn7iSzX/KRL/1TA6zDlreA3PGJr96i9SmFHQsu\nrFv7quRxEUFoSVxVtn5IiOJji45Evte8KAhMzlau1MuAlKxiIJAMIPN2l1nTRTRZ\nUybDBoLp9CkkAmvp75krld9NB/hbWaeRsxhgVPXYwQKBgQDMsai5QHJAFZ5P31LN\n0dvlvcj0X2dPS0hEd6NsIf5DkbQKHQuVlxdIGhChLhVBdkGUt9ZYSflxlUtc8GUG\n3+e0TKg+ZAHNakueV73TGZy3BAzQBxwQBMqUltcXWMjWBaDnbQH+TrtYP0A+ZdHd\n4gnBNuSUuv5R7IxGWHgfcvtnuQKBgQDBzt2kGjDXXPV4qrtmGl4KaCAvsFr76VsV\nr8879MhrVgevI5vbsBNWQ3yvykXLr5B6s0VaqibvgDTcchQvqwtoEeDQfHsSHnAg\nlGYCAi06hwGArTW/hxW0L7IivB+laFsbPY2HbnGZ6WUOjMNTgGAihbbLd6+IvLJE\nVdn7gjxfvwKBgD/DS9rBP5XE5jbdS08AA27yiqnNGkJyIgXp+sdRY4Iq3hmUaKpl\nkYQNUobS8x4cN1ubVLLWAFUoe3xtCht1HhllE7ezsXgKl5mwnVooDVBZe6BFxrEa\nvPxCbKhCKPW6dSACLe/JGMTplxqY3yIuKnm8nsHR6i0c8alsH6c0SypJAoGBALcV\nCn+5ViY8ZI9nCby8b9X4417phCmxGiB0gpoq9SGglYW3Z8ayoLG+8wzFUgXGhf/D\nVmL9leZuAIG3KqaVOCNJsEyDK2fEZTwBtBN1pvBBFQRPnBSgMbqTy/3QJT0GRfqH\nvSkRBjPVLWf/RY2eGjLCihnPqHzNdMHlMBTNxObVAoGAMRDZNtM0vIUNbjY5YFK0\nAoetPqR1mS2fWOFdCVnyHYBOJmmUZbU4oNZk5HmHBOC8N7aOELyXu56I4yEw0KUj\nOphKGfA9b2553q1A6t1x1oHBIwVuj1W3sEpUOtj2fWwmmdqjEyRsdzEJWfOuOEFz\nbfaw1pClq9IbngVcDGfzg74\u003d\n-----END PRIVATE KEY-----" }, "client2": { "client_id": "fapi_adv_op_w_mtls_value_second_client", "scope": "openid payments", "jwks": { "keys": [ { "p": "43lqQE0EN1LJ_jdqHq56hNFjErKfcrwJnVpIVRsXCZWboV4MSfLzGGEyePPs6SxV6-l_txQY-M2dW6xLaedRUlaFT89r10cIm136ecYUzs51iX_GZW_AvohaXSmAbZKpjLmsHIDelgggQKjDQxGGbmAAQojnqzorpVrfz-8aUNc", "kty": "RSA", "q": "q1t1ErKAx06nV7ohJ4zlo3xUeMA3rO7HLmK6Eh460DsiX80AsCxyw1AsQy0N1W8u_RgkA3y_p_5Nf7K1KLLa9mduIBWyUFEim1EneviM4m3q7e2UtQ7iezh6FatYFZD5c_v_CH2gV0bhxZrMzNc8ubL46OXo5h1WycY1iAqsjNs", "d": "ElS590xAIy7zN4KHKmq2rLnAg1TJ9kODaUrb98X3gCGuTOLBAtFzUqjPyBF8rqXAtkgl8inec6GwY6gmB9p53quJfKSunnN7CbU3Qe37f8HBgS95vFsmJtbctbJ43XKlwo0imYbIeBYLmxKUJt5BKSnUYWWv4EI2AVE_LrqecL-QaNLH2IxY1JVLvR8WhP7wzjTHIsGjaQGn7199eVBaHZ7KTC-bFaEWnPgklR0e8t8TdICUqJudCqTEuoEBFYXRdqi_3betdNZHtJdcwfk9VEXTYTnjzw0fJ7RoFyVE1_1-wMULnEYk5SyfSYfYsBq_V25e-TUSLxB3IXgzBmJVOQ", "e": "AQAB", "use": "sig", "kid": "pingfederate-fapi-jwt-assertion-client2", "qi": "rBDWPBNof1ZrvpqRqpPIf-hn6jmOmLN5mzv8ArwfYEuoIPo9Ltzta1m42A6KQAAsHfXUaKtihSXnVopYtYcxguVNCi2qbDh4nx7ZZNCcQsKSkUOw-hgm4vHZJMOJ-4jh6jthUeLTRmCpEZAHQrtmnpQ1tC1g3g2VCDH48p8cLzo", "dp": "BrSxmSusECV0pvXjPvxNyFST4x047hz0-5qJv1iJGVM7v0oSequa1wEmh8JJHaac8dN0XGVPRyZomSc_IeQb1Z2PWIb42uPRMSNYGvbn7iDP_jmyE5Nzzyod39k1XAWS0f83P6_c3_dlXAKdnwCJQf-6gjue-MFCQCGpr2uRDwk", "alg": "PS256", "dq": "GyE3v-YTDXsec308ko50LRYaKaQFLJQBZQ6sdwHiPeWe45wJZ9shsFqZJ2mSryATSG7yBLtTfL1-d6FLnU3z7N8jSGEnAiBWYlDO92EyrQbKEzFyQdhBc1DVw2iFYaS6WeqjzixVnnvScv63Phc1vhDf57--x_ANNZT0FL3b49E", "n": "mENeKNMC5ttp60qEq6LZoWaihn-__Ei70wnW8Zd_-ILFnYcaM90oTTnl8R2uHD4EJ3t_VCjFteXIwWV7OwDmRmOMwda0X1R5IKYn0O2ujT8NI4citj8G4NHY0r5Y5loLdb5dynGgT-YpsnWwfTC8Ky98gNA3OLf6Z2n8PEdKJr818RMAC0Vx6NQMHBNG4jI1D0bvbrZbx0XkXan7h2Elm9HLRjzHar5Qb5gFLGQRFdeHVHF5lRKyAFgdeQPvBqMiRsAwcgyKxDjbzF5qHPwhKMB-7IVhxuSULMvgSkesIIhrylzU9bo2KRhcxTB7oPkhAbPgumpoVZV0ME-ypiy77Q" } ] } }, "mtls2": { "cert": "-----BEGIN CERTIFICATE-----\nMIID3zCCAsegAwIBAgIUUbO7wc+DFfteEqK0M1D+iRwKDOkwDQYJKoZIhvcNAQEL\nBQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIx\nFTATBgNVBAoMDFBpbmdJZGVudGl0eTEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxJDAi\nBgNVBAMMG0ZBUEkgQWR2IE9QIHcgU2Vjb25kIENsaWVudDAgFw0yMTA3MjYyMjM0\nNDFaGA8yMTIxMDcwMjIyMzQ0MVowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNP\nMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDFBpbmdJZGVudGl0eTEUMBIGA1UE\nCwwLRGV2ZWxvcG1lbnQxJDAiBgNVBAMMG0ZBUEkgQWR2IE9QIHcgU2Vjb25kIENs\naWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALASMA/8vTQ+vFqs\nR7UBSG5cldHwJ5SGvoHpGqhdv6xSXHUi8bp0Ob927l93bdkk1YnWqYQbmtmwlfqR\nFyxXYAvNXoIrFY86gBOg4O9vkCeVSMK1l7CdSps3ypXR4p7Fy1eERIN4fTwUS5wR\nu0bpcG4kocShcoxYu5A30s8k6onYVafO0ZfrbKEfnEJY74f8A3v8ns2Nr5AasPqZ\nsz3g5TiyVygRG6+D6yrhORvW33roDEYnrwompE6UUkjVXNhoBoXvohLhf3Zh7kEp\nVQjXjD/rMlj5NFSFXLW4RXDokruapCyY3Q66OoAO5SYBpKtfxHiAp28ooUSmmwpx\nd39voaUCAwEAAaNTMFEwHQYDVR0OBBYEFFGFWe386uahXiBMwViRnP9t210BMB8G\nA1UdIwQYMBaAFFGFWe386uahXiBMwViRnP9t210BMA8GA1UdEwEB/wQFMAMBAf8w\nDQYJKoZIhvcNAQELBQADggEBAJ346s52BzNNZU9Sc6qUnG68yjZxCadEgijudr5h\nILhkLYsLy6HOdnirsakqdc/KhbRQPm+TbuUT94bahigOM1QuCGa8XjewTdmXGDdR\nxFTHNMLc+SopCuInXeNlBO8tekbWSglGaP742240gERzXHaGyqrSzXeL2yosY2ev\ntqbMB9i+d8uMhTYniwP3Isbbld2lCCF/Cw7flVzXnWItU0pGVj8U9qIW874eMDss\n+dxq6WfwaVzyXqH7k59xI/37zxWdRa1zNIwyi8H1dkl0vsoJSrrIGPCJpq+snT+6\n+xrUbrRn4H+K0eQSLE+LmmxuOaE4WgdK4ln9ZUXQC90R1aM\u003d\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQCwEjAP/L00Prxa\nrEe1AUhuXJXR8CeUhr6B6RqoXb+sUlx1IvG6dDm/du5fd23ZJNWJ1qmEG5rZsJX6\nkRcsV2ALzV6CKxWPOoAToODvb5AnlUjCtZewnUqbN8qV0eKexctXhESDeH08FEuc\nEbtG6XBuJKHEoXKMWLuQN9LPJOqJ2FWnztGX62yhH5xCWO+H/AN7/J7Nja+QGrD6\nmbM94OU4slcoERuvg+sq4Tkb1t966AxGJ68KJqROlFJI1VzYaAaF76IS4X92Ye5B\nKVUI14w/6zJY+TRUhVy1uEVw6JK7mqQsmN0OujqADuUmAaSrX8R4gKdvKKFEppsK\ncXd/b6GlAgMBAAECggEBAIxtlSPLImR+/N8ctPxqj4hmE6AjeI3/ggY/EuHiE7Ou\n5MsQGdfqRvysMKa3rEcaF64eJYmWMsUZECWOfvsAnTwMiiorjsBzmh8Nmxmc006e\nxC93ggp9CToPH2aqxaJ4gxvEBJkPCmNWlI9fnQyLtv5B/TvEwIWrZ704qMxJ1z4k\nlxZgPvRAa5lCRIs1BAwkvtgkc9S2nTzJqO7tfHpXk1tCMxkHyqMlfpBfWxgysPQB\nueju/IFXw3IoO80uOCZYnHagMmZeSdomlCQmX+5UjanVt4TFFppIQxKXjrkJ0Q0X\ncnboNs+VsKZgvFdVAKFXHZY5BtaQaC8U8vPKDH2SSikCgYEA5z6fgw7T9etmkqsm\nc+cAt6LH/NspMOH92Ot7IPgjZIiODx1AIPIQXM6/DzJuntyYtMk+ZJ06q/h7C8Zk\ndAQX1z3M6maD2y8vVVIMh1yjd2el7CvAc3fejEbliKKK2R9RSGB8udNcGVyNbsjT\nTLJb2mx89JFI2yGA0gXyVTbT7CsCgYEAwuuBMF0THYZ4kNi62MvF/EblkKwKY1+v\n6XFdOZiyQljClNdT8bRFxjkdnIxaXemm6X5MPtsKBKY+0ix3uHKXdglzycCth/Ku\nhqmItT1gitPEjq3Ut5Q9liWPpKNhuJjdlUi97Yj7r4NRBWeCLAUBh4n1lpl3rPxI\nvBMJqFgIMW8CgYEAinFPhmMmOyDHtB+LUfCG2Wo3WQbMzls+YtP4T3C/n7yxcBMP\nBapmaWnNsQd8etePBQ1GsW4AZlzJLe+EzIB21YJGYD8nyd2h9O6+WXv40c/X4mD/\nQyIMtubrHLZTclHxk+dQROBpTzW95wmMl2pg24//71vbxnV0bkjpIGNG1SkCgYEA\nkvnTsy0rgcLo3Ief9GNLCdxHs9wWBTKcyZDis9Bw8dhN+L+ZG5NMXZipvGaUqWXK\npxvF0EuH9VOJ4R8Iszss/CNKfOHdt7oFYaMqY0dBqcze1Js836RXAAWYl5Ne1zvl\nMXDlTdxRs9l32XRgUmL/8TzUw1c7R2QAUFimmpquqt8CgYEAjtIr2L2llacZi7vB\nfFwgvjVVg7vuAvGpRokC4m6OzfjcO7fPVJa9f8IZLSQU6E2VM//dbuAHbPC2iIGn\nQn848cwF2rhXrY0VvqfpTuxQCdiW+TGwukLxW0AHWeiD5YauGqtz4+ZC6DWGyFZQ\nSPB0OxcyG9wu0OBKbG70lP6scQE\u003d\n-----END PRIVATE KEY-----" }, "resource": { "resourceUrl": "https://idp.conf.ping-eng.com:3000/get" } }
testName	fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails

2022-07-18 20:31:15

(1) More

SUCCESS

CreateRedirectUri

Created redirect URI

redirect_uri

https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback

2022-07-18 20:31:15

(4) More

GetDynamicServerConfiguration

HTTP request

request_uri	https://idp.conf.ping-eng.com:9031/.well-known/openid-configuration
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/+json, /*", "content-length": "0" }
request_body

2022-07-18 20:31:16

(4) More

RESPONSE

GetDynamicServerConfiguration

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "date": "Mon, 18 Jul 2022 20:31:16 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "origin", "cache-control": "no-cache, no-store", "pragma": "no-cache", "expires": "Thu, 01 Jan 1970 00:00:00 GMT", "content-type": "application/json;charset\u003dutf-8", "set-cookie": "PF\u003dOaAl9UZpp1hsxj8xlLu71k; Path\u003d/; Secure; HttpOnly; SameSite\u003dNone", "content-length": "5325" }
response_body	{ "issuer": "https://idp.conf.ping-eng.com:9031", "authorization_endpoint": "https://idp.conf.ping-eng.com:9031/as/authorization.oauth2", "token_endpoint": "https://idp.conf.ping-eng.com:9032/as/token.oauth2", "revocation_endpoint": "https://idp.conf.ping-eng.com:9031/as/revoke_token.oauth2", "userinfo_endpoint": "https://idp.conf.ping-eng.com:9031/idp/userinfo.openid", "introspection_endpoint": "https://idp.conf.ping-eng.com:9031/as/introspect.oauth2", "jwks_uri": "https://idp.conf.ping-eng.com:9031/pf/JWKS", "registration_endpoint": "https://idp.conf.ping-eng.com:9031/as/clients.oauth2", "ping_revoked_sris_endpoint": "https://idp.conf.ping-eng.com:9031/pf-ws/rest/sessionMgmt/revokedSris", "ping_session_management_sris_endpoint": "https://idp.conf.ping-eng.com:9031/pf-ws/rest/sessionMgmt/sessions", "ping_session_management_users_endpoint": "https://idp.conf.ping-eng.com:9031/pf-ws/rest/sessionMgmt/users", "ping_end_session_endpoint": "https://idp.conf.ping-eng.com:9031/idp/startSLO.ping", "device_authorization_endpoint": "https://idp.conf.ping-eng.com:9031/as/device_authz.oauth2", "scopes_supported": [ "openid", "payments" ], "claims_supported": [ "acr", "sub" ], "response_types_supported": [ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ], "response_modes_supported": [ "fragment", "fragment.jwt", "query", "query.jwt", "form_post", "form_post.jwt", "jwt" ], "grant_types_supported": [ "implicit", "authorization_code", "refresh_token", "password", "client_credentials", "urn:pingidentity.com:oauth2:grant_type:validate_bearer", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:openid:params:grant-type:ciba" ], "subject_types_supported": [ "public", "pairwise" ], "id_token_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "private_key_jwt", "tls_client_auth" ], "token_endpoint_auth_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "tls_client_certificate_bound_access_tokens":true, "claim_types_supported": [ "normal" ], "claims_parameter_supported": false, "request_parameter_supported": true, "request_uri_parameter_supported": false, "authorization_response_iss_parameter_supported": false, "request_object_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "none" ], "request_object_encryption_alg_values_supported": [ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP", "RSA-OAEP-256" ], "request_object_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "id_token_encryption_alg_values_supported": [ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP", "RSA-OAEP-256" ], "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "introspection_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "introspection_encryption_alg_values_supported": [ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP", "RSA-OAEP-256" ], "introspection_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "authorization_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "authorization_encryption_alg_values_supported": [ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP", "RSA-OAEP-256" ], "authorization_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "pushed_authorization_request_endpoint": "https://idp.conf.ping-eng.com:9031/as/par.oauth2", "require_pushed_authorization_requests": false, "backchannel_authentication_endpoint": "https://idp.conf.ping-eng.com:9031/as/bc-auth.ciba", "backchannel_token_delivery_modes_supported": [ "poll", "ping" ], "backchannel_authentication_request_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "backchannel_user_code_parameter_supported": false, "code_challenge_methods_supported": [ "S256" ] , "mtls_endpoint_aliases": { "token_endpoint": "https://idp.conf.ping-eng.com:9032/as/token.oauth2", "pushed_authorization_request_endpoint": "https://idp.conf.ping-eng.com:9032/as/par.oauth2" } }

2022-07-18 20:31:16

(47) More

SUCCESS

GetDynamicServerConfiguration

Successfully parsed server configuration

issuer	https://idp.conf.ping-eng.com:9031
authorization_endpoint	https://idp.conf.ping-eng.com:9031/as/authorization.oauth2
token_endpoint	https://idp.conf.ping-eng.com:9032/as/token.oauth2
revocation_endpoint	https://idp.conf.ping-eng.com:9031/as/revoke_token.oauth2
userinfo_endpoint	https://idp.conf.ping-eng.com:9031/idp/userinfo.openid
introspection_endpoint	https://idp.conf.ping-eng.com:9031/as/introspect.oauth2
jwks_uri	https://idp.conf.ping-eng.com:9031/pf/JWKS
registration_endpoint	https://idp.conf.ping-eng.com:9031/as/clients.oauth2
ping_revoked_sris_endpoint	https://idp.conf.ping-eng.com:9031/pf-ws/rest/sessionMgmt/revokedSris
ping_session_management_sris_endpoint	https://idp.conf.ping-eng.com:9031/pf-ws/rest/sessionMgmt/sessions
ping_session_management_users_endpoint	https://idp.conf.ping-eng.com:9031/pf-ws/rest/sessionMgmt/users
ping_end_session_endpoint	https://idp.conf.ping-eng.com:9031/idp/startSLO.ping
device_authorization_endpoint	https://idp.conf.ping-eng.com:9031/as/device_authz.oauth2
scopes_supported	[ "openid", "payments" ]
claims_supported	[ "acr", "sub" ]
response_types_supported	[ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ]
response_modes_supported	[ "fragment", "fragment.jwt", "query", "query.jwt", "form_post", "form_post.jwt", "jwt" ]
grant_types_supported	[ "implicit", "authorization_code", "refresh_token", "password", "client_credentials", "urn:pingidentity.com:oauth2:grant_type:validate_bearer", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:openid:params:grant-type:ciba" ]
subject_types_supported	[ "public", "pairwise" ]
id_token_signing_alg_values_supported	[ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
token_endpoint_auth_methods_supported	[ "client_secret_basic", "client_secret_post", "private_key_jwt", "tls_client_auth" ]
token_endpoint_auth_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
tls_client_certificate_bound_access_tokens	true
claim_types_supported	[ "normal" ]
claims_parameter_supported	false
request_parameter_supported	true
request_uri_parameter_supported	false
authorization_response_iss_parameter_supported	false
request_object_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "none" ]
request_object_encryption_alg_values_supported	[ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP", "RSA-OAEP-256" ]
request_object_encryption_enc_values_supported	[ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ]
id_token_encryption_alg_values_supported	[ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP", "RSA-OAEP-256" ]
id_token_encryption_enc_values_supported	[ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ]
introspection_signing_alg_values_supported	[ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
introspection_encryption_alg_values_supported	[ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP", "RSA-OAEP-256" ]
introspection_encryption_enc_values_supported	[ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ]
authorization_signing_alg_values_supported	[ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
authorization_encryption_alg_values_supported	[ "dir", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "RSA-OAEP", "RSA-OAEP-256" ]
authorization_encryption_enc_values_supported	[ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ]
pushed_authorization_request_endpoint	https://idp.conf.ping-eng.com:9031/as/par.oauth2
require_pushed_authorization_requests	false
backchannel_authentication_endpoint	https://idp.conf.ping-eng.com:9031/as/bc-auth.ciba
backchannel_token_delivery_modes_supported	[ "poll", "ping" ]
backchannel_authentication_request_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ]
backchannel_user_code_parameter_supported	false
code_challenge_methods_supported	[ "S256" ]
mtls_endpoint_aliases	{ "token_endpoint": "https://idp.conf.ping-eng.com:9032/as/token.oauth2", "pushed_authorization_request_endpoint": "https://idp.conf.ping-eng.com:9032/as/par.oauth2" }

2022-07-18 20:31:16	SUCCESS RFC8705-5	AddMTLSEndpointAliasesToEnvironment Added mtls_endpoint_aliases to environment

2022-07-18 20:31:16

(1) More

SUCCESS

CheckServerConfiguration

Found required server configuration keys

required

[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]

2022-07-18 20:31:16

(1) More

FetchServerKeys

Fetching server key

jwks_uri

https://idp.conf.ping-eng.com:9031/pf/JWKS

2022-07-18 20:31:16

(4) More

FetchServerKeys

HTTP request

request_uri	https://idp.conf.ping-eng.com:9031/pf/JWKS
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/+json, /*", "content-length": "0" }
request_body

2022-07-18 20:31:16

(4) More

RESPONSE

FetchServerKeys

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "date": "Mon, 18 Jul 2022 20:31:16 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "origin", "cache-control": "no-cache, no-store", "pragma": "no-cache", "expires": "Thu, 01 Jan 1970 00:00:00 GMT", "content-type": "application/json;charset\u003dutf-8", "set-cookie": "PF\u003dkZS1riHXEMNJ4fygJ6GGPl; Path\u003d/; Secure; HttpOnly; SameSite\u003dNone", "transfer-encoding": "chunked" }
response_body	{"keys":[{"kty":"EC","kid":"ILYc8s78pdP3b8CeV_eeL2pQT3o","use":"sig","x":"AKKT-nHDGlTampYI-eAFtuewiEv7rtk-hdz-VGpCsCBmW1BDGBZelqYANKxU_AxM1SA15t9EO9RQyFC6GXyRfLvI","y":"AA6lbBWf-8v-mer9FxNh8WhfXpY-Sc7vTJfNQRsWEZrmTgs9IV929-uYMdCpafcxoP-B_kRpiy8sVxhNQBKrN9zJ","crv":"P-521"},{"kty":"EC","kid":"Mih581S7deqtjYsUkln3a6P8WlM","use":"sig","x":"zdavbEth5GBJ4Q24TMx1Fx9tFOwSbLkAs9rW69Iys3gDS336gywuSX2FQ0eq79BB","y":"E8smmBQi0d0SWry9hqdaPDaFhN0dv8hXCFERg__sl9_LDVKg1e91OOB0YRajAwEG","crv":"P-384"},{"kty":"EC","kid":"VXk25MfHYuhysxj8fgZdB2B9o-8","use":"sig","x":"8WCQrzwCcJDeJdoKMuCVtYiI2tqpXxgJU3_DqertLFg","y":"lLTO5VnKlqVqIj26BSN72v9kG0zD5KmXfVmvB9ejKMk","crv":"P-256"},{"kty":"RSA","kid":"_E4wBFqqxTDtdA0oVdn7tW_oFCg","use":"sig","n":"suau9fFuGfngFHKoxbphzmUkrmNRIgUzdGIE1Lg9hyWajMZib6mmwRom0ryxHJOyLKsque_9djpjW9d4fwfktPHk7g4WZ7V-BoBt26-_g-ngRiUoaR03ruOVN53N4R_LIufkEeIHVImHlqETY4MYVe-t06WAjssIzSXWtHYk1y1f0WzAfhC0-rXTZZLvmuCGa6LZK2LuEFyfodMkCAuIVMlltsW6VtNPh-QJAkT9DbIMsU5zrwoMlw1MExUiU60KuXrWS7TlnC_yHSo284mAffhWDdwP5PJlYvRwFQR5O9UPoSvAlTT-eNW78Qj5DHxHXqn4bvllu7ww3pURWqRvTQ","e":"AQAB"},{"kty":"EC","kid":"qWphj4yKBwdpgRg5ZAluqvcO_qQ","use":"sig","x":"zTtXYg2TOWg5b-lco-Z7wBPlUET5bt0wHLsLbxhUzJc","y":"JSL0Slfq1OZxoZi8b3NnQ8OEAA_oiR6_R30KIa8hY1k","crv":"P-256"},{"kty":"EC","kid":"thsiJOnkyky6Dq8lGKxiOB5H_pk","use":"sig","x":"AB6OHhxl6Tsl7BQeBHsvRFQzrLxlEzfnuibI3xFm3gIRbYggUqtSPhp7uWvwPept5DCRmCEyj6mv_iKTnFBgyUUs","y":"AbNfwccUkbZv0Jte0fyMEi09hKCdHM8-dA_qe2IQGfGXj_E-sbtqHpkn3ejBDHFtSP5wuwNTU0kaujOvcKimwFNi","crv":"P-521"},{"kty":"RSA","kid":"wvdB7gXFvdGrH3Yok89QSa7jRqU","use":"sig","n":"geRQ2pRV1719RuvjxJ_eP3Szu509WowOI9dY4B4x6fVj3xXfpEx_e-Y_Ev9Bm1yTCPJCxRUHCUUFpAaPl_idyM-Jh-RVHYBS2ezCy2g52tA3pgOj7jIdG2du6H0edM3EFzIIBzKlXpapHO8sRxwzwfesgJ2VHQLgCfk1SXJ7K640pvtL-MOiKU5r9PPlIcwBZdcIlrlPVNvdzftSfLWLMp8-nqw30qrPN-08-g0xHGzcycfZv7h130Ec6M3UqZf9qfuJ7mp6AAdLrKProkWc7a19aQ3rPejAsOVbwIC-7tROut8UXAtNHNg0UWfzT_oUyQhSFBQOm7zfD4VmGQFIeQ","e":"AQAB"},{"kty":"EC","kid":"yW2oAavkYkxNCsYNpzw67mEGSjc","use":"sig","x":"4cDCR47Z-BDfLOMz7j3JR5_4QiA2W1E7ceDqWWcmpidemYQpTqf6Es1d3fCkwmEV","y":"_WnoAZXleX0khHX0Ov3jKHgm7E2Vnjqo-F8VAjimnhWRx7JgP_b1rmgGXOZjsZWM","crv":"P-384"},{"kty":"EC","kid":"SlMCnWPUA0Gt7JLWELVsAcDkIA0","use":"enc","x":"gZ-Ja5cKhbKta9hdmGiYKv2sNADmxmu5KsqR4UWUCF4Zettvsac4BRUr_Xt_8ke-","y":"Aew3JpE_dZNTohYp4BeCp4oBfoheblrWfXTL2_YcxQ230xWaaOMrvYhb2a8yWVJ4","crv":"P-384"},{"kty":"RSA","kid":"VA5LpgpzT3U4f72lvvHnJpyWUvs","use":"enc","n":"hpMlY36DpH6yHmVwymNF1Q4ziEIn44D0g2BOs4iahy2tai7W17SwVpuWdbaQ8F9-G486sC4Y2ReVLeDTDjbIoyKBXTdSAbzO0c48Z3Jz9wUQ3iaw9Z6VZknE9MN8y_3SV17pQ2-F69h1rk8iv5-xFiAYEitTgUjwWdTWKw3JQzclpmQMpLYn-jD--94vPGCO_GA3jLlIEpmfwWDXUZfDIdc_OSijlDKiZFRApd8KHG5oMY7Oui4J6hGwJbDG_4piP6vefc_H5jT-E5OQP4lpzKupw6BmJ2IH9iarVDz0QgFZ14r6ci_9I_eosZ5AL0InsjrLOxBDfCMtKDLpD6LupQ","e":"AQAB"},{"kty":"EC","kid":"xMQz7S3isb8GrkUV8JXkCH_J45U","use":"enc","x":"2gYaq45NRdFQ3eUUU1zV24d3U5LZAakgD5vRuHuTpOc","y":"euwl4FMuLVIGA2SQKm2GOEsphfllDpOOhTAVukYDCmE","crv":"P-256"},{"kty":"EC","kid":"zCZZ-1J5TT5Av19MN7NrZBD3enI","use":"enc","x":"ATxjs2dQfjJNg9-4vOWFSN5Mz081RmdCeQbxiu49EgPQFa5ZxdyauDMxecBebsKd4VQz-q4yiHjSlBIw3k1rGA34","y":"AaNdHpm-KbrtYy6-4VQi2BE1Sv1oWyyIOPt1LgiLANM727aLciA_e8lw_UEW6f6Ff5Lu3JqxoV_oAs0eXNSLxuLB","crv":"P-521"}]}

2022-07-18 20:31:16

(1) More

FetchServerKeys

Found JWK set string

jwk_string

{"keys":[{"kty":"EC","kid":"ILYc8s78pdP3b8CeV_eeL2pQT3o","use":"sig","x":"AKKT-nHDGlTampYI-eAFtuewiEv7rtk-hdz-VGpCsCBmW1BDGBZelqYANKxU_AxM1SA15t9EO9RQyFC6GXyRfLvI","y":"AA6lbBWf-8v-mer9FxNh8WhfXpY-Sc7vTJfNQRsWEZrmTgs9IV929-uYMdCpafcxoP-B_kRpiy8sVxhNQBKrN9zJ","crv":"P-521"},{"kty":"EC","kid":"Mih581S7deqtjYsUkln3a6P8WlM","use":"sig","x":"zdavbEth5GBJ4Q24TMx1Fx9tFOwSbLkAs9rW69Iys3gDS336gywuSX2FQ0eq79BB","y":"E8smmBQi0d0SWry9hqdaPDaFhN0dv8hXCFERg__sl9_LDVKg1e91OOB0YRajAwEG","crv":"P-384"},{"kty":"EC","kid":"VXk25MfHYuhysxj8fgZdB2B9o-8","use":"sig","x":"8WCQrzwCcJDeJdoKMuCVtYiI2tqpXxgJU3_DqertLFg","y":"lLTO5VnKlqVqIj26BSN72v9kG0zD5KmXfVmvB9ejKMk","crv":"P-256"},{"kty":"RSA","kid":"_E4wBFqqxTDtdA0oVdn7tW_oFCg","use":"sig","n":"suau9fFuGfngFHKoxbphzmUkrmNRIgUzdGIE1Lg9hyWajMZib6mmwRom0ryxHJOyLKsque_9djpjW9d4fwfktPHk7g4WZ7V-BoBt26-_g-ngRiUoaR03ruOVN53N4R_LIufkEeIHVImHlqETY4MYVe-t06WAjssIzSXWtHYk1y1f0WzAfhC0-rXTZZLvmuCGa6LZK2LuEFyfodMkCAuIVMlltsW6VtNPh-QJAkT9DbIMsU5zrwoMlw1MExUiU60KuXrWS7TlnC_yHSo284mAffhWDdwP5PJlYvRwFQR5O9UPoSvAlTT-eNW78Qj5DHxHXqn4bvllu7ww3pURWqRvTQ","e":"AQAB"},{"kty":"EC","kid":"qWphj4yKBwdpgRg5ZAluqvcO_qQ","use":"sig","x":"zTtXYg2TOWg5b-lco-Z7wBPlUET5bt0wHLsLbxhUzJc","y":"JSL0Slfq1OZxoZi8b3NnQ8OEAA_oiR6_R30KIa8hY1k","crv":"P-256"},{"kty":"EC","kid":"thsiJOnkyky6Dq8lGKxiOB5H_pk","use":"sig","x":"AB6OHhxl6Tsl7BQeBHsvRFQzrLxlEzfnuibI3xFm3gIRbYggUqtSPhp7uWvwPept5DCRmCEyj6mv_iKTnFBgyUUs","y":"AbNfwccUkbZv0Jte0fyMEi09hKCdHM8-dA_qe2IQGfGXj_E-sbtqHpkn3ejBDHFtSP5wuwNTU0kaujOvcKimwFNi","crv":"P-521"},{"kty":"RSA","kid":"wvdB7gXFvdGrH3Yok89QSa7jRqU","use":"sig","n":"geRQ2pRV1719RuvjxJ_eP3Szu509WowOI9dY4B4x6fVj3xXfpEx_e-Y_Ev9Bm1yTCPJCxRUHCUUFpAaPl_idyM-Jh-RVHYBS2ezCy2g52tA3pgOj7jIdG2du6H0edM3EFzIIBzKlXpapHO8sRxwzwfesgJ2VHQLgCfk1SXJ7K640pvtL-MOiKU5r9PPlIcwBZdcIlrlPVNvdzftSfLWLMp8-nqw30qrPN-08-g0xHGzcycfZv7h130Ec6M3UqZf9qfuJ7mp6AAdLrKProkWc7a19aQ3rPejAsOVbwIC-7tROut8UXAtNHNg0UWfzT_oUyQhSFBQOm7zfD4VmGQFIeQ","e":"AQAB"},{"kty":"EC","kid":"yW2oAavkYkxNCsYNpzw67mEGSjc","use":"sig","x":"4cDCR47Z-BDfLOMz7j3JR5_4QiA2W1E7ceDqWWcmpidemYQpTqf6Es1d3fCkwmEV","y":"_WnoAZXleX0khHX0Ov3jKHgm7E2Vnjqo-F8VAjimnhWRx7JgP_b1rmgGXOZjsZWM","crv":"P-384"},{"kty":"EC","kid":"SlMCnWPUA0Gt7JLWELVsAcDkIA0","use":"enc","x":"gZ-Ja5cKhbKta9hdmGiYKv2sNADmxmu5KsqR4UWUCF4Zettvsac4BRUr_Xt_8ke-","y":"Aew3JpE_dZNTohYp4BeCp4oBfoheblrWfXTL2_YcxQ230xWaaOMrvYhb2a8yWVJ4","crv":"P-384"},{"kty":"RSA","kid":"VA5LpgpzT3U4f72lvvHnJpyWUvs","use":"enc","n":"hpMlY36DpH6yHmVwymNF1Q4ziEIn44D0g2BOs4iahy2tai7W17SwVpuWdbaQ8F9-G486sC4Y2ReVLeDTDjbIoyKBXTdSAbzO0c48Z3Jz9wUQ3iaw9Z6VZknE9MN8y_3SV17pQ2-F69h1rk8iv5-xFiAYEitTgUjwWdTWKw3JQzclpmQMpLYn-jD--94vPGCO_GA3jLlIEpmfwWDXUZfDIdc_OSijlDKiZFRApd8KHG5oMY7Oui4J6hGwJbDG_4piP6vefc_H5jT-E5OQP4lpzKupw6BmJ2IH9iarVDz0QgFZ14r6ci_9I_eosZ5AL0InsjrLOxBDfCMtKDLpD6LupQ","e":"AQAB"},{"kty":"EC","kid":"xMQz7S3isb8GrkUV8JXkCH_J45U","use":"enc","x":"2gYaq45NRdFQ3eUUU1zV24d3U5LZAakgD5vRuHuTpOc","y":"euwl4FMuLVIGA2SQKm2GOEsphfllDpOOhTAVukYDCmE","crv":"P-256"},{"kty":"EC","kid":"zCZZ-1J5TT5Av19MN7NrZBD3enI","use":"enc","x":"ATxjs2dQfjJNg9-4vOWFSN5Mz081RmdCeQbxiu49EgPQFa5ZxdyauDMxecBebsKd4VQz-q4yiHjSlBIw3k1rGA34","y":"AaNdHpm-KbrtYy6-4VQi2BE1Sv1oWyyIOPt1LgiLANM727aLciA_e8lw_UEW6f6Ff5Lu3JqxoV_oAs0eXNSLxuLB","crv":"P-521"}]}

2022-07-18 20:31:16

(1) More

SUCCESS

FetchServerKeys

Found server JWK set

server_jwks

{
  "keys": [
    {
      "kty": "EC",
      "kid": "ILYc8s78pdP3b8CeV_eeL2pQT3o",
      "use": "sig",
      "x": "AKKT-nHDGlTampYI-eAFtuewiEv7rtk-hdz-VGpCsCBmW1BDGBZelqYANKxU_AxM1SA15t9EO9RQyFC6GXyRfLvI",
      "y": "AA6lbBWf-8v-mer9FxNh8WhfXpY-Sc7vTJfNQRsWEZrmTgs9IV929-uYMdCpafcxoP-B_kRpiy8sVxhNQBKrN9zJ",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "Mih581S7deqtjYsUkln3a6P8WlM",
      "use": "sig",
      "x": "zdavbEth5GBJ4Q24TMx1Fx9tFOwSbLkAs9rW69Iys3gDS336gywuSX2FQ0eq79BB",
      "y": "E8smmBQi0d0SWry9hqdaPDaFhN0dv8hXCFERg__sl9_LDVKg1e91OOB0YRajAwEG",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "VXk25MfHYuhysxj8fgZdB2B9o-8",
      "use": "sig",
      "x": "8WCQrzwCcJDeJdoKMuCVtYiI2tqpXxgJU3_DqertLFg",
      "y": "lLTO5VnKlqVqIj26BSN72v9kG0zD5KmXfVmvB9ejKMk",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "_E4wBFqqxTDtdA0oVdn7tW_oFCg",
      "use": "sig",
      "n": "suau9fFuGfngFHKoxbphzmUkrmNRIgUzdGIE1Lg9hyWajMZib6mmwRom0ryxHJOyLKsque_9djpjW9d4fwfktPHk7g4WZ7V-BoBt26-_g-ngRiUoaR03ruOVN53N4R_LIufkEeIHVImHlqETY4MYVe-t06WAjssIzSXWtHYk1y1f0WzAfhC0-rXTZZLvmuCGa6LZK2LuEFyfodMkCAuIVMlltsW6VtNPh-QJAkT9DbIMsU5zrwoMlw1MExUiU60KuXrWS7TlnC_yHSo284mAffhWDdwP5PJlYvRwFQR5O9UPoSvAlTT-eNW78Qj5DHxHXqn4bvllu7ww3pURWqRvTQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "qWphj4yKBwdpgRg5ZAluqvcO_qQ",
      "use": "sig",
      "x": "zTtXYg2TOWg5b-lco-Z7wBPlUET5bt0wHLsLbxhUzJc",
      "y": "JSL0Slfq1OZxoZi8b3NnQ8OEAA_oiR6_R30KIa8hY1k",
      "crv": "P-256"
    },
    {
      "kty": "EC",
      "kid": "thsiJOnkyky6Dq8lGKxiOB5H_pk",
      "use": "sig",
      "x": "AB6OHhxl6Tsl7BQeBHsvRFQzrLxlEzfnuibI3xFm3gIRbYggUqtSPhp7uWvwPept5DCRmCEyj6mv_iKTnFBgyUUs",
      "y": "AbNfwccUkbZv0Jte0fyMEi09hKCdHM8-dA_qe2IQGfGXj_E-sbtqHpkn3ejBDHFtSP5wuwNTU0kaujOvcKimwFNi",
      "crv": "P-521"
    },
    {
      "kty": "RSA",
      "kid": "wvdB7gXFvdGrH3Yok89QSa7jRqU",
      "use": "sig",
      "n": "geRQ2pRV1719RuvjxJ_eP3Szu509WowOI9dY4B4x6fVj3xXfpEx_e-Y_Ev9Bm1yTCPJCxRUHCUUFpAaPl_idyM-Jh-RVHYBS2ezCy2g52tA3pgOj7jIdG2du6H0edM3EFzIIBzKlXpapHO8sRxwzwfesgJ2VHQLgCfk1SXJ7K640pvtL-MOiKU5r9PPlIcwBZdcIlrlPVNvdzftSfLWLMp8-nqw30qrPN-08-g0xHGzcycfZv7h130Ec6M3UqZf9qfuJ7mp6AAdLrKProkWc7a19aQ3rPejAsOVbwIC-7tROut8UXAtNHNg0UWfzT_oUyQhSFBQOm7zfD4VmGQFIeQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "yW2oAavkYkxNCsYNpzw67mEGSjc",
      "use": "sig",
      "x": "4cDCR47Z-BDfLOMz7j3JR5_4QiA2W1E7ceDqWWcmpidemYQpTqf6Es1d3fCkwmEV",
      "y": "_WnoAZXleX0khHX0Ov3jKHgm7E2Vnjqo-F8VAjimnhWRx7JgP_b1rmgGXOZjsZWM",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "SlMCnWPUA0Gt7JLWELVsAcDkIA0",
      "use": "enc",
      "x": "gZ-Ja5cKhbKta9hdmGiYKv2sNADmxmu5KsqR4UWUCF4Zettvsac4BRUr_Xt_8ke-",
      "y": "Aew3JpE_dZNTohYp4BeCp4oBfoheblrWfXTL2_YcxQ230xWaaOMrvYhb2a8yWVJ4",
      "crv": "P-384"
    },
    {
      "kty": "RSA",
      "kid": "VA5LpgpzT3U4f72lvvHnJpyWUvs",
      "use": "enc",
      "n": "hpMlY36DpH6yHmVwymNF1Q4ziEIn44D0g2BOs4iahy2tai7W17SwVpuWdbaQ8F9-G486sC4Y2ReVLeDTDjbIoyKBXTdSAbzO0c48Z3Jz9wUQ3iaw9Z6VZknE9MN8y_3SV17pQ2-F69h1rk8iv5-xFiAYEitTgUjwWdTWKw3JQzclpmQMpLYn-jD--94vPGCO_GA3jLlIEpmfwWDXUZfDIdc_OSijlDKiZFRApd8KHG5oMY7Oui4J6hGwJbDG_4piP6vefc_H5jT-E5OQP4lpzKupw6BmJ2IH9iarVDz0QgFZ14r6ci_9I_eosZ5AL0InsjrLOxBDfCMtKDLpD6LupQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "xMQz7S3isb8GrkUV8JXkCH_J45U",
      "use": "enc",
      "x": "2gYaq45NRdFQ3eUUU1zV24d3U5LZAakgD5vRuHuTpOc",
      "y": "euwl4FMuLVIGA2SQKm2GOEsphfllDpOOhTAVukYDCmE",
      "crv": "P-256"
    },
    {
      "kty": "EC",
      "kid": "zCZZ-1J5TT5Av19MN7NrZBD3enI",
      "use": "enc",
      "x": "ATxjs2dQfjJNg9-4vOWFSN5Mz081RmdCeQbxiu49EgPQFa5ZxdyauDMxecBebsKd4VQz-q4yiHjSlBIw3k1rGA34",
      "y": "AaNdHpm-KbrtYy6-4VQi2BE1Sv1oWyyIOPt1LgiLANM727aLciA_e8lw_UEW6f6Ff5Lu3JqxoV_oAs0eXNSLxuLB",
      "crv": "P-521"
    }
  ]
}

2022-07-18 20:31:16

(1) More

SUCCESS

CheckServerKeysIsValid

Server JWKs is valid

server_jwks

{
  "keys": [
    {
      "kty": "EC",
      "kid": "ILYc8s78pdP3b8CeV_eeL2pQT3o",
      "use": "sig",
      "x": "AKKT-nHDGlTampYI-eAFtuewiEv7rtk-hdz-VGpCsCBmW1BDGBZelqYANKxU_AxM1SA15t9EO9RQyFC6GXyRfLvI",
      "y": "AA6lbBWf-8v-mer9FxNh8WhfXpY-Sc7vTJfNQRsWEZrmTgs9IV929-uYMdCpafcxoP-B_kRpiy8sVxhNQBKrN9zJ",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "Mih581S7deqtjYsUkln3a6P8WlM",
      "use": "sig",
      "x": "zdavbEth5GBJ4Q24TMx1Fx9tFOwSbLkAs9rW69Iys3gDS336gywuSX2FQ0eq79BB",
      "y": "E8smmBQi0d0SWry9hqdaPDaFhN0dv8hXCFERg__sl9_LDVKg1e91OOB0YRajAwEG",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "VXk25MfHYuhysxj8fgZdB2B9o-8",
      "use": "sig",
      "x": "8WCQrzwCcJDeJdoKMuCVtYiI2tqpXxgJU3_DqertLFg",
      "y": "lLTO5VnKlqVqIj26BSN72v9kG0zD5KmXfVmvB9ejKMk",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "_E4wBFqqxTDtdA0oVdn7tW_oFCg",
      "use": "sig",
      "n": "suau9fFuGfngFHKoxbphzmUkrmNRIgUzdGIE1Lg9hyWajMZib6mmwRom0ryxHJOyLKsque_9djpjW9d4fwfktPHk7g4WZ7V-BoBt26-_g-ngRiUoaR03ruOVN53N4R_LIufkEeIHVImHlqETY4MYVe-t06WAjssIzSXWtHYk1y1f0WzAfhC0-rXTZZLvmuCGa6LZK2LuEFyfodMkCAuIVMlltsW6VtNPh-QJAkT9DbIMsU5zrwoMlw1MExUiU60KuXrWS7TlnC_yHSo284mAffhWDdwP5PJlYvRwFQR5O9UPoSvAlTT-eNW78Qj5DHxHXqn4bvllu7ww3pURWqRvTQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "qWphj4yKBwdpgRg5ZAluqvcO_qQ",
      "use": "sig",
      "x": "zTtXYg2TOWg5b-lco-Z7wBPlUET5bt0wHLsLbxhUzJc",
      "y": "JSL0Slfq1OZxoZi8b3NnQ8OEAA_oiR6_R30KIa8hY1k",
      "crv": "P-256"
    },
    {
      "kty": "EC",
      "kid": "thsiJOnkyky6Dq8lGKxiOB5H_pk",
      "use": "sig",
      "x": "AB6OHhxl6Tsl7BQeBHsvRFQzrLxlEzfnuibI3xFm3gIRbYggUqtSPhp7uWvwPept5DCRmCEyj6mv_iKTnFBgyUUs",
      "y": "AbNfwccUkbZv0Jte0fyMEi09hKCdHM8-dA_qe2IQGfGXj_E-sbtqHpkn3ejBDHFtSP5wuwNTU0kaujOvcKimwFNi",
      "crv": "P-521"
    },
    {
      "kty": "RSA",
      "kid": "wvdB7gXFvdGrH3Yok89QSa7jRqU",
      "use": "sig",
      "n": "geRQ2pRV1719RuvjxJ_eP3Szu509WowOI9dY4B4x6fVj3xXfpEx_e-Y_Ev9Bm1yTCPJCxRUHCUUFpAaPl_idyM-Jh-RVHYBS2ezCy2g52tA3pgOj7jIdG2du6H0edM3EFzIIBzKlXpapHO8sRxwzwfesgJ2VHQLgCfk1SXJ7K640pvtL-MOiKU5r9PPlIcwBZdcIlrlPVNvdzftSfLWLMp8-nqw30qrPN-08-g0xHGzcycfZv7h130Ec6M3UqZf9qfuJ7mp6AAdLrKProkWc7a19aQ3rPejAsOVbwIC-7tROut8UXAtNHNg0UWfzT_oUyQhSFBQOm7zfD4VmGQFIeQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "yW2oAavkYkxNCsYNpzw67mEGSjc",
      "use": "sig",
      "x": "4cDCR47Z-BDfLOMz7j3JR5_4QiA2W1E7ceDqWWcmpidemYQpTqf6Es1d3fCkwmEV",
      "y": "_WnoAZXleX0khHX0Ov3jKHgm7E2Vnjqo-F8VAjimnhWRx7JgP_b1rmgGXOZjsZWM",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "SlMCnWPUA0Gt7JLWELVsAcDkIA0",
      "use": "enc",
      "x": "gZ-Ja5cKhbKta9hdmGiYKv2sNADmxmu5KsqR4UWUCF4Zettvsac4BRUr_Xt_8ke-",
      "y": "Aew3JpE_dZNTohYp4BeCp4oBfoheblrWfXTL2_YcxQ230xWaaOMrvYhb2a8yWVJ4",
      "crv": "P-384"
    },
    {
      "kty": "RSA",
      "kid": "VA5LpgpzT3U4f72lvvHnJpyWUvs",
      "use": "enc",
      "n": "hpMlY36DpH6yHmVwymNF1Q4ziEIn44D0g2BOs4iahy2tai7W17SwVpuWdbaQ8F9-G486sC4Y2ReVLeDTDjbIoyKBXTdSAbzO0c48Z3Jz9wUQ3iaw9Z6VZknE9MN8y_3SV17pQ2-F69h1rk8iv5-xFiAYEitTgUjwWdTWKw3JQzclpmQMpLYn-jD--94vPGCO_GA3jLlIEpmfwWDXUZfDIdc_OSijlDKiZFRApd8KHG5oMY7Oui4J6hGwJbDG_4piP6vefc_H5jT-E5OQP4lpzKupw6BmJ2IH9iarVDz0QgFZ14r6ci_9I_eosZ5AL0InsjrLOxBDfCMtKDLpD6LupQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "xMQz7S3isb8GrkUV8JXkCH_J45U",
      "use": "enc",
      "x": "2gYaq45NRdFQ3eUUU1zV24d3U5LZAakgD5vRuHuTpOc",
      "y": "euwl4FMuLVIGA2SQKm2GOEsphfllDpOOhTAVukYDCmE",
      "crv": "P-256"
    },
    {
      "kty": "EC",
      "kid": "zCZZ-1J5TT5Av19MN7NrZBD3enI",
      "use": "enc",
      "x": "ATxjs2dQfjJNg9-4vOWFSN5Mz081RmdCeQbxiu49EgPQFa5ZxdyauDMxecBebsKd4VQz-q4yiHjSlBIw3k1rGA34",
      "y": "AaNdHpm-KbrtYy6-4VQi2BE1Sv1oWyyIOPt1LgiLANM727aLciA_e8lw_UEW6f6Ff5Lu3JqxoV_oAs0eXNSLxuLB",
      "crv": "P-521"
    }
  ]
}

2022-07-18 20:31:16	SUCCESS RFC7517-1.1	ValidateServerJWKs Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url

2022-07-18 20:31:16	SUCCESS OIDCC-10.1	CheckForKeyIdInServerJWKs All keys contain kids

2022-07-18 20:31:16	SUCCESS RFC7518-6.3.2.1	EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys Jwks does not contain any private or symmetric keys

2022-07-18 20:31:16

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumServerKeyLength

Validated minimum key lengths for server_jwks

server_jwks

{
  "keys": [
    {
      "kty": "EC",
      "kid": "ILYc8s78pdP3b8CeV_eeL2pQT3o",
      "use": "sig",
      "x": "AKKT-nHDGlTampYI-eAFtuewiEv7rtk-hdz-VGpCsCBmW1BDGBZelqYANKxU_AxM1SA15t9EO9RQyFC6GXyRfLvI",
      "y": "AA6lbBWf-8v-mer9FxNh8WhfXpY-Sc7vTJfNQRsWEZrmTgs9IV929-uYMdCpafcxoP-B_kRpiy8sVxhNQBKrN9zJ",
      "crv": "P-521"
    },
    {
      "kty": "EC",
      "kid": "Mih581S7deqtjYsUkln3a6P8WlM",
      "use": "sig",
      "x": "zdavbEth5GBJ4Q24TMx1Fx9tFOwSbLkAs9rW69Iys3gDS336gywuSX2FQ0eq79BB",
      "y": "E8smmBQi0d0SWry9hqdaPDaFhN0dv8hXCFERg__sl9_LDVKg1e91OOB0YRajAwEG",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "VXk25MfHYuhysxj8fgZdB2B9o-8",
      "use": "sig",
      "x": "8WCQrzwCcJDeJdoKMuCVtYiI2tqpXxgJU3_DqertLFg",
      "y": "lLTO5VnKlqVqIj26BSN72v9kG0zD5KmXfVmvB9ejKMk",
      "crv": "P-256"
    },
    {
      "kty": "RSA",
      "kid": "_E4wBFqqxTDtdA0oVdn7tW_oFCg",
      "use": "sig",
      "n": "suau9fFuGfngFHKoxbphzmUkrmNRIgUzdGIE1Lg9hyWajMZib6mmwRom0ryxHJOyLKsque_9djpjW9d4fwfktPHk7g4WZ7V-BoBt26-_g-ngRiUoaR03ruOVN53N4R_LIufkEeIHVImHlqETY4MYVe-t06WAjssIzSXWtHYk1y1f0WzAfhC0-rXTZZLvmuCGa6LZK2LuEFyfodMkCAuIVMlltsW6VtNPh-QJAkT9DbIMsU5zrwoMlw1MExUiU60KuXrWS7TlnC_yHSo284mAffhWDdwP5PJlYvRwFQR5O9UPoSvAlTT-eNW78Qj5DHxHXqn4bvllu7ww3pURWqRvTQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "qWphj4yKBwdpgRg5ZAluqvcO_qQ",
      "use": "sig",
      "x": "zTtXYg2TOWg5b-lco-Z7wBPlUET5bt0wHLsLbxhUzJc",
      "y": "JSL0Slfq1OZxoZi8b3NnQ8OEAA_oiR6_R30KIa8hY1k",
      "crv": "P-256"
    },
    {
      "kty": "EC",
      "kid": "thsiJOnkyky6Dq8lGKxiOB5H_pk",
      "use": "sig",
      "x": "AB6OHhxl6Tsl7BQeBHsvRFQzrLxlEzfnuibI3xFm3gIRbYggUqtSPhp7uWvwPept5DCRmCEyj6mv_iKTnFBgyUUs",
      "y": "AbNfwccUkbZv0Jte0fyMEi09hKCdHM8-dA_qe2IQGfGXj_E-sbtqHpkn3ejBDHFtSP5wuwNTU0kaujOvcKimwFNi",
      "crv": "P-521"
    },
    {
      "kty": "RSA",
      "kid": "wvdB7gXFvdGrH3Yok89QSa7jRqU",
      "use": "sig",
      "n": "geRQ2pRV1719RuvjxJ_eP3Szu509WowOI9dY4B4x6fVj3xXfpEx_e-Y_Ev9Bm1yTCPJCxRUHCUUFpAaPl_idyM-Jh-RVHYBS2ezCy2g52tA3pgOj7jIdG2du6H0edM3EFzIIBzKlXpapHO8sRxwzwfesgJ2VHQLgCfk1SXJ7K640pvtL-MOiKU5r9PPlIcwBZdcIlrlPVNvdzftSfLWLMp8-nqw30qrPN-08-g0xHGzcycfZv7h130Ec6M3UqZf9qfuJ7mp6AAdLrKProkWc7a19aQ3rPejAsOVbwIC-7tROut8UXAtNHNg0UWfzT_oUyQhSFBQOm7zfD4VmGQFIeQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "yW2oAavkYkxNCsYNpzw67mEGSjc",
      "use": "sig",
      "x": "4cDCR47Z-BDfLOMz7j3JR5_4QiA2W1E7ceDqWWcmpidemYQpTqf6Es1d3fCkwmEV",
      "y": "_WnoAZXleX0khHX0Ov3jKHgm7E2Vnjqo-F8VAjimnhWRx7JgP_b1rmgGXOZjsZWM",
      "crv": "P-384"
    },
    {
      "kty": "EC",
      "kid": "SlMCnWPUA0Gt7JLWELVsAcDkIA0",
      "use": "enc",
      "x": "gZ-Ja5cKhbKta9hdmGiYKv2sNADmxmu5KsqR4UWUCF4Zettvsac4BRUr_Xt_8ke-",
      "y": "Aew3JpE_dZNTohYp4BeCp4oBfoheblrWfXTL2_YcxQ230xWaaOMrvYhb2a8yWVJ4",
      "crv": "P-384"
    },
    {
      "kty": "RSA",
      "kid": "VA5LpgpzT3U4f72lvvHnJpyWUvs",
      "use": "enc",
      "n": "hpMlY36DpH6yHmVwymNF1Q4ziEIn44D0g2BOs4iahy2tai7W17SwVpuWdbaQ8F9-G486sC4Y2ReVLeDTDjbIoyKBXTdSAbzO0c48Z3Jz9wUQ3iaw9Z6VZknE9MN8y_3SV17pQ2-F69h1rk8iv5-xFiAYEitTgUjwWdTWKw3JQzclpmQMpLYn-jD--94vPGCO_GA3jLlIEpmfwWDXUZfDIdc_OSijlDKiZFRApd8KHG5oMY7Oui4J6hGwJbDG_4piP6vefc_H5jT-E5OQP4lpzKupw6BmJ2IH9iarVDz0QgFZ14r6ci_9I_eosZ5AL0InsjrLOxBDfCMtKDLpD6LupQ",
      "e": "AQAB"
    },
    {
      "kty": "EC",
      "kid": "xMQz7S3isb8GrkUV8JXkCH_J45U",
      "use": "enc",
      "x": "2gYaq45NRdFQ3eUUU1zV24d3U5LZAakgD5vRuHuTpOc",
      "y": "euwl4FMuLVIGA2SQKm2GOEsphfllDpOOhTAVukYDCmE",
      "crv": "P-256"
    },
    {
      "kty": "EC",
      "kid": "zCZZ-1J5TT5Av19MN7NrZBD3enI",
      "use": "enc",
      "x": "ATxjs2dQfjJNg9-4vOWFSN5Mz081RmdCeQbxiu49EgPQFa5ZxdyauDMxecBebsKd4VQz-q4yiHjSlBIw3k1rGA34",
      "y": "AaNdHpm-KbrtYy6-4VQi2BE1Sv1oWyyIOPt1LgiLANM727aLciA_e8lw_UEW6f6Ff5Lu3JqxoV_oAs0eXNSLxuLB",
      "crv": "P-521"
    }
  ]
}

2022-07-18 20:31:16

(3) More

SUCCESS

GetStaticClientConfiguration

Found a static client object

client_id

fapi_adv_op_w_mtls_value_first_client

scope

openid payments

jwks

{
  "keys": [
    {
      "p": "7Iiv4eby1Ubo_U9uzWEa8OlUQoBz4vjPtB7MWQ6dlM7ajD9IjhjwwE8e1d_fE22DW4bEjHb1ls6_wbEm07PusUuMyHtWzW1sNWnpCh0xgDsEnLZwmtdXhPDHJlbRXHXAqcTVTUIJNMUSa8Mj9MXs33u1mkMD-hYWJfDHNCrDUAc",
      "kty": "RSA",
      "q": "msxkZpdafUHdoC-S5QrAHZ8z0NrQNFjn2yFcpznZ0zjXK83QH-jbBHCcTDBkF7xpatG61SbEznYxYaDEFR4xzuyy0WOYtoIk5IukygdvZhMkAXDNl5rNvF770Fnv8gwpoxZqlpb18kWtP2gk-ebJK2YHKjhl-pHDOrbzubkRdOE",
      "d": "AXvpT93_Y-hQYTCk95gHj6BinFTppIaTZhgJWvnDY-Bz1NhUZ7fz-RjePxQBEuRv3DUk6nEmT8CivxJKZdql9AR9UjHz_ANOH6mAwHxkE2bcEKEsJFGTkaDJhVqmwukYwfKfGpkeNuD2r5rhNdl3XNUQ6VdTkUokmZM3KNrLhks3NtPL3xEMqK5KAYJbJuS8AQoOI5scRTJZYcS63KK9WwBoOFwbz3PFHJb2lffTOH_tnqgSvm9chb7y1CaarSJuFSVTjkjMyk2rBOr4bu5YRtxzH1dAa3Dd5n9XzVwN_q0dIitTh7Vro2JcSU24O1n-XR4WGzCCiarMxPKc8SWyAQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "pingfederate-fapi-jwt-assertion-client1",
      "qi": "De5E3i5KIQ88R7jYZDWEsVonhPPGcWksWXC-s4frJ0tISk5-zlCdP6eitstJTaB1i7bkCW4R7iXufgXqW2WCRK2IXXjwItZo1zEpuAZJnKFwDPxXt5pLoc_sDjarMRENxdx_spyiFIxejLvvDmKGxs7vt3LDm_ytvJXfsymzjqM",
      "dp": "z80l9-jV3dl2R1TJm1V8Pbo_dE01gmnkz_Fexb65Ykp4Zk4SiAQRPmJETNFpQcAsbvRvKJg6Gkt428muur6RLOGaxWbWU5OWRTbOrTwIiQdQff0p4F7fXMPLsjsDo58vq_ZpDn69Z8ba8CF4LUrVV2Fvoh7OF5_fxWVLHOGUxXE",
      "alg": "PS256",
      "dq": "JRS_HEA3YffsMhoTUyB_ItlnHSm9ZDzD1Z8pRbm67zkXehvENlCeXnLnTeztnS36BqeU3Mh7roVrkNpk_jYMcmgK8dOs2lNUqRa2c9rSGZ6OKnYuGZnwnKYYJjHVI6M8Oh_9inNBGTcNqDm3WdGp8OZw4vE9pIdUP_VhbuThRKE",
      "n": "jwcTfjv0q48qux1sg2MR8OvCh1mXITYu7zkEJVCz0UImIrIqLtEzmGkqJP0LobK6-NlFHWOsAp2NcVTh79RBwawsrmi59rJ_nHigX00C7wjVpJtldJmOwmSS4HD8EgRkiM0yJzyKijtRiB5ssrOoBK3VPFMqZYm_JBJY35s_qDDHWTlwuWDLqADZp809btMcwQZCqgrSKgtalspeKXIh6Lv3lkFnELJhfwGZYPtVc2SJk91F8tmgamPNJUfVJV3ygdBuDcB8EZ8m-tIaISghfR1RRkEeYI8r_Wf4dfjIAZRkrj8GHqAJOi762rjyFvXvcPc0Zc-ABDYnVi4WdWOCJw"
    }
  ]
}

2022-07-18 20:31:16		ValidateMTLSCertificatesHeader No certificate authority found for MTLS

2022-07-18 20:31:16	SUCCESS	ValidateMTLSCertificatesHeader MTLS certificates header is valid

2022-07-18 20:31:16		ExtractMTLSCertificatesFromConfiguration No certificate authority found for MTLS

2022-07-18 20:31:16

(2) More

SUCCESS

ExtractMTLSCertificatesFromConfiguration

Mutual TLS authentication credentials loaded

cert

MIID3TCCAsWgAwIBAgIUIi7yAbDDmWkZjI8CwjLBVkswVkIwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDFBpbmdJZGVudGl0eTEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxIzAhBgNVBAMMGkZBUEkgQWR2IE9QIHcgRmlyc3QgQ2xpZW50MCAXDTIxMDcyNjIyMzQzN1oYDzIxMjEwNzAyMjIzNDM3WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEVMBMGA1UECgwMUGluZ0lkZW50aXR5MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEjMCEGA1UEAwwaRkFQSSBBZHYgT1AgdyBGaXJzdCBDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa91hiBBEaNcRdvQ0Gvg06mzaIQpa17vgtP77HwtV0FvH+3imrnqmaCcpEnWGMv/udX8S5r/VAeUPB2Q31187vKDLKxbadWTKuSNQajOkRyiXZzutbEQbN/t7JAz7oETujYoOTlMNT4N9twYvKEvxTeZAWNUCQHXZcESKYXhph0eZaaOvNo7WqQ+ygGBzgTVev6tXr/Q2+M3NkBnSvRYegSN5ZtmIXMrNVaH7D+SC8QUPWxsB8ZVIENzBhCI8+brrPjyLNqVKoI9O7Hjdgzb8Xs+gC98ATmsbQrE/8pRdYYCPkEoETAWRq2T/dEf7NE+AMerttKk9TdNwvbB1WbAoHAgMBAAGjUzBRMB0GA1UdDgQWBBTr8p3YWM2Rtw/BAQaellNa1RUKSTAfBgNVHSMEGDAWgBTr8p3YWM2Rtw/BAQaellNa1RUKSTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB17ygVKcEpZxP4XML98KyUycNxsyHcKdIo2GZCRsmwjDR5nRcdWlE+tI50sduSaAR+gSbDFR/dqBxl0lBEMLj6Rqpson+z17jv68fU9H7l7JLfI5xAXuW4s1Kg/xBcYBy7QJkU9CTMIb6TBQESCbTUq89aCX4fT8WQleCflRJjSuzzdpVWd0PIhcxCoxpa/BcXtK0gf/z0rimF4jJKv40rqdf0LGsVzKQ9TxQIDWk0tov4FkvBw63VUp6b7PWdEHi4E9uKgHxh2Pj+VykK33nCmUsGXENfj4SSkY2O00iDw3oHfC8xmWvgqsTdlzJm1qhZCZGNOsdWLEv6hGl4XLyr

key

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa91hiBBEaNcRdvQ0Gvg06mzaIQpa17vgtP77HwtV0FvH+3imrnqmaCcpEnWGMv/udX8S5r/VAeUPB2Q31187vKDLKxbadWTKuSNQajOkRyiXZzutbEQbN/t7JAz7oETujYoOTlMNT4N9twYvKEvxTeZAWNUCQHXZcESKYXhph0eZaaOvNo7WqQ+ygGBzgTVev6tXr/Q2+M3NkBnSvRYegSN5ZtmIXMrNVaH7D+SC8QUPWxsB8ZVIENzBhCI8+brrPjyLNqVKoI9O7Hjdgzb8Xs+gC98ATmsbQrE/8pRdYYCPkEoETAWRq2T/dEf7NE+AMerttKk9TdNwvbB1WbAoHAgMBAAECggEAf4aFKUQHfvY4PpvRGHdWE6CfY8rIk7ewbCxFJ8biOcKYKxFQYXcUQztDROvu1xE2Uu/4yIZQ4VnptKCWqHWMSatfARdrjFlXJ62vPpovQwCD3ZY2gJ6mZucTF4CgSAHGflIXzV9izqgDtiLMkuLE2zzyohP4qaBVQranLZRjSZNWeGvEpkcf7Nv7FlfZaOJ/FkcGwyFn7iSzX/KRL/1TA6zDlreA3PGJr96i9SmFHQsurFv7quRxEUFoSVxVtn5IiOJji45Evte8KAhMzlau1MuAlKxiIJAMIPN2l1nTRTRZUybDBoLp9CkkAmvp75krld9NB/hbWaeRsxhgVPXYwQKBgQDMsai5QHJAFZ5P31LN0dvlvcj0X2dPS0hEd6NsIf5DkbQKHQuVlxdIGhChLhVBdkGUt9ZYSflxlUtc8GUG3+e0TKg+ZAHNakueV73TGZy3BAzQBxwQBMqUltcXWMjWBaDnbQH+TrtYP0A+ZdHd4gnBNuSUuv5R7IxGWHgfcvtnuQKBgQDBzt2kGjDXXPV4qrtmGl4KaCAvsFr76VsVr8879MhrVgevI5vbsBNWQ3yvykXLr5B6s0VaqibvgDTcchQvqwtoEeDQfHsSHnAglGYCAi06hwGArTW/hxW0L7IivB+laFsbPY2HbnGZ6WUOjMNTgGAihbbLd6+IvLJEVdn7gjxfvwKBgD/DS9rBP5XE5jbdS08AA27yiqnNGkJyIgXp+sdRY4Iq3hmUaKplkYQNUobS8x4cN1ubVLLWAFUoe3xtCht1HhllE7ezsXgKl5mwnVooDVBZe6BFxrEavPxCbKhCKPW6dSACLe/JGMTplxqY3yIuKnm8nsHR6i0c8alsH6c0SypJAoGBALcVCn+5ViY8ZI9nCby8b9X4417phCmxGiB0gpoq9SGglYW3Z8ayoLG+8wzFUgXGhf/DVmL9leZuAIG3KqaVOCNJsEyDK2fEZTwBtBN1pvBBFQRPnBSgMbqTy/3QJT0GRfqHvSkRBjPVLWf/RY2eGjLCihnPqHzNdMHlMBTNxObVAoGAMRDZNtM0vIUNbjY5YFK0AoetPqR1mS2fWOFdCVnyHYBOJmmUZbU4oNZk5HmHBOC8N7aOELyXu56I4yEw0KUjOphKGfA9b2553q1A6t1x1oHBIwVuj1W3sEpUOtj2fWwmmdqjEyRsdzEJWfOuOEFzbfaw1pClq9IbngVcDGfzg74=

2022-07-18 20:31:16	SUCCESS RFC7517-1.1	ValidateClientJWKsPrivatePart Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url

2022-07-18 20:31:16

(2) More

SUCCESS

ExtractJWKsFromStaticClientConfiguration

Extracted client JWK

client_jwks

{
  "keys": [
    {
      "p": "7Iiv4eby1Ubo_U9uzWEa8OlUQoBz4vjPtB7MWQ6dlM7ajD9IjhjwwE8e1d_fE22DW4bEjHb1ls6_wbEm07PusUuMyHtWzW1sNWnpCh0xgDsEnLZwmtdXhPDHJlbRXHXAqcTVTUIJNMUSa8Mj9MXs33u1mkMD-hYWJfDHNCrDUAc",
      "kty": "RSA",
      "q": "msxkZpdafUHdoC-S5QrAHZ8z0NrQNFjn2yFcpznZ0zjXK83QH-jbBHCcTDBkF7xpatG61SbEznYxYaDEFR4xzuyy0WOYtoIk5IukygdvZhMkAXDNl5rNvF770Fnv8gwpoxZqlpb18kWtP2gk-ebJK2YHKjhl-pHDOrbzubkRdOE",
      "d": "AXvpT93_Y-hQYTCk95gHj6BinFTppIaTZhgJWvnDY-Bz1NhUZ7fz-RjePxQBEuRv3DUk6nEmT8CivxJKZdql9AR9UjHz_ANOH6mAwHxkE2bcEKEsJFGTkaDJhVqmwukYwfKfGpkeNuD2r5rhNdl3XNUQ6VdTkUokmZM3KNrLhks3NtPL3xEMqK5KAYJbJuS8AQoOI5scRTJZYcS63KK9WwBoOFwbz3PFHJb2lffTOH_tnqgSvm9chb7y1CaarSJuFSVTjkjMyk2rBOr4bu5YRtxzH1dAa3Dd5n9XzVwN_q0dIitTh7Vro2JcSU24O1n-XR4WGzCCiarMxPKc8SWyAQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "pingfederate-fapi-jwt-assertion-client1",
      "qi": "De5E3i5KIQ88R7jYZDWEsVonhPPGcWksWXC-s4frJ0tISk5-zlCdP6eitstJTaB1i7bkCW4R7iXufgXqW2WCRK2IXXjwItZo1zEpuAZJnKFwDPxXt5pLoc_sDjarMRENxdx_spyiFIxejLvvDmKGxs7vt3LDm_ytvJXfsymzjqM",
      "dp": "z80l9-jV3dl2R1TJm1V8Pbo_dE01gmnkz_Fexb65Ykp4Zk4SiAQRPmJETNFpQcAsbvRvKJg6Gkt428muur6RLOGaxWbWU5OWRTbOrTwIiQdQff0p4F7fXMPLsjsDo58vq_ZpDn69Z8ba8CF4LUrVV2Fvoh7OF5_fxWVLHOGUxXE",
      "alg": "PS256",
      "dq": "JRS_HEA3YffsMhoTUyB_ItlnHSm9ZDzD1Z8pRbm67zkXehvENlCeXnLnTeztnS36BqeU3Mh7roVrkNpk_jYMcmgK8dOs2lNUqRa2c9rSGZ6OKnYuGZnwnKYYJjHVI6M8Oh_9inNBGTcNqDm3WdGp8OZw4vE9pIdUP_VhbuThRKE",
      "n": "jwcTfjv0q48qux1sg2MR8OvCh1mXITYu7zkEJVCz0UImIrIqLtEzmGkqJP0LobK6-NlFHWOsAp2NcVTh79RBwawsrmi59rJ_nHigX00C7wjVpJtldJmOwmSS4HD8EgRkiM0yJzyKijtRiB5ssrOoBK3VPFMqZYm_JBJY35s_qDDHWTlwuWDLqADZp809btMcwQZCqgrSKgtalspeKXIh6Lv3lkFnELJhfwGZYPtVc2SJk91F8tmgamPNJUfVJV3ygdBuDcB8EZ8m-tIaISghfR1RRkEeYI8r_Wf4dfjIAZRkrj8GHqAJOi762rjyFvXvcPc0Zc-ABDYnVi4WdWOCJw"
    }
  ]
}

public_client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "pingfederate-fapi-jwt-assertion-client1",
      "alg": "PS256",
      "n": "jwcTfjv0q48qux1sg2MR8OvCh1mXITYu7zkEJVCz0UImIrIqLtEzmGkqJP0LobK6-NlFHWOsAp2NcVTh79RBwawsrmi59rJ_nHigX00C7wjVpJtldJmOwmSS4HD8EgRkiM0yJzyKijtRiB5ssrOoBK3VPFMqZYm_JBJY35s_qDDHWTlwuWDLqADZp809btMcwQZCqgrSKgtalspeKXIh6Lv3lkFnELJhfwGZYPtVc2SJk91F8tmgamPNJUfVJV3ygdBuDcB8EZ8m-tIaISghfR1RRkEeYI8r_Wf4dfjIAZRkrj8GHqAJOi762rjyFvXvcPc0Zc-ABDYnVi4WdWOCJw"
    }
  ]
}

2022-07-18 20:31:16	SUCCESS OIDCC-10.1	CheckForKeyIdInClientJWKs All keys contain kids

2022-07-18 20:31:16

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Distinct 'kid' value in all keys of client_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2022-07-18 20:31:16

(1) More

SUCCESS

FAPI1-ADV-8.6

FAPICheckKeyAlgInClientJWKs

Keys in client JWKS all have permitted 'alg'

permitted

[
  "ES256",
  "PS256"
]

2022-07-18 20:31:16

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumClientKeyLength

Validated minimum key lengths for client_jwks

client_jwks

{
  "keys": [
    {
      "p": "7Iiv4eby1Ubo_U9uzWEa8OlUQoBz4vjPtB7MWQ6dlM7ajD9IjhjwwE8e1d_fE22DW4bEjHb1ls6_wbEm07PusUuMyHtWzW1sNWnpCh0xgDsEnLZwmtdXhPDHJlbRXHXAqcTVTUIJNMUSa8Mj9MXs33u1mkMD-hYWJfDHNCrDUAc",
      "kty": "RSA",
      "q": "msxkZpdafUHdoC-S5QrAHZ8z0NrQNFjn2yFcpznZ0zjXK83QH-jbBHCcTDBkF7xpatG61SbEznYxYaDEFR4xzuyy0WOYtoIk5IukygdvZhMkAXDNl5rNvF770Fnv8gwpoxZqlpb18kWtP2gk-ebJK2YHKjhl-pHDOrbzubkRdOE",
      "d": "AXvpT93_Y-hQYTCk95gHj6BinFTppIaTZhgJWvnDY-Bz1NhUZ7fz-RjePxQBEuRv3DUk6nEmT8CivxJKZdql9AR9UjHz_ANOH6mAwHxkE2bcEKEsJFGTkaDJhVqmwukYwfKfGpkeNuD2r5rhNdl3XNUQ6VdTkUokmZM3KNrLhks3NtPL3xEMqK5KAYJbJuS8AQoOI5scRTJZYcS63KK9WwBoOFwbz3PFHJb2lffTOH_tnqgSvm9chb7y1CaarSJuFSVTjkjMyk2rBOr4bu5YRtxzH1dAa3Dd5n9XzVwN_q0dIitTh7Vro2JcSU24O1n-XR4WGzCCiarMxPKc8SWyAQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "pingfederate-fapi-jwt-assertion-client1",
      "qi": "De5E3i5KIQ88R7jYZDWEsVonhPPGcWksWXC-s4frJ0tISk5-zlCdP6eitstJTaB1i7bkCW4R7iXufgXqW2WCRK2IXXjwItZo1zEpuAZJnKFwDPxXt5pLoc_sDjarMRENxdx_spyiFIxejLvvDmKGxs7vt3LDm_ytvJXfsymzjqM",
      "dp": "z80l9-jV3dl2R1TJm1V8Pbo_dE01gmnkz_Fexb65Ykp4Zk4SiAQRPmJETNFpQcAsbvRvKJg6Gkt428muur6RLOGaxWbWU5OWRTbOrTwIiQdQff0p4F7fXMPLsjsDo58vq_ZpDn69Z8ba8CF4LUrVV2Fvoh7OF5_fxWVLHOGUxXE",
      "alg": "PS256",
      "dq": "JRS_HEA3YffsMhoTUyB_ItlnHSm9ZDzD1Z8pRbm67zkXehvENlCeXnLnTeztnS36BqeU3Mh7roVrkNpk_jYMcmgK8dOs2lNUqRa2c9rSGZ6OKnYuGZnwnKYYJjHVI6M8Oh_9inNBGTcNqDm3WdGp8OZw4vE9pIdUP_VhbuThRKE",
      "n": "jwcTfjv0q48qux1sg2MR8OvCh1mXITYu7zkEJVCz0UImIrIqLtEzmGkqJP0LobK6-NlFHWOsAp2NcVTh79RBwawsrmi59rJ_nHigX00C7wjVpJtldJmOwmSS4HD8EgRkiM0yJzyKijtRiB5ssrOoBK3VPFMqZYm_JBJY35s_qDDHWTlwuWDLqADZp809btMcwQZCqgrSKgtalspeKXIh6Lv3lkFnELJhfwGZYPtVc2SJk91F8tmgamPNJUfVJV3ygdBuDcB8EZ8m-tIaISghfR1RRkEeYI8r_Wf4dfjIAZRkrj8GHqAJOi762rjyFvXvcPc0Zc-ABDYnVi4WdWOCJw"
    }
  ]
}

2022-07-18 20:31:16	SUCCESS	ValidateMTLSCertificatesAsX509 Mutual TLS authentication cert validated as X.509

Verify configuration of second client

2022-07-18 20:31:16

(3) More

SUCCESS

GetStaticClient2Configuration

Found a static second client object

client_id

fapi_adv_op_w_mtls_value_second_client

scope

openid payments

jwks

{
  "keys": [
    {
      "p": "43lqQE0EN1LJ_jdqHq56hNFjErKfcrwJnVpIVRsXCZWboV4MSfLzGGEyePPs6SxV6-l_txQY-M2dW6xLaedRUlaFT89r10cIm136ecYUzs51iX_GZW_AvohaXSmAbZKpjLmsHIDelgggQKjDQxGGbmAAQojnqzorpVrfz-8aUNc",
      "kty": "RSA",
      "q": "q1t1ErKAx06nV7ohJ4zlo3xUeMA3rO7HLmK6Eh460DsiX80AsCxyw1AsQy0N1W8u_RgkA3y_p_5Nf7K1KLLa9mduIBWyUFEim1EneviM4m3q7e2UtQ7iezh6FatYFZD5c_v_CH2gV0bhxZrMzNc8ubL46OXo5h1WycY1iAqsjNs",
      "d": "ElS590xAIy7zN4KHKmq2rLnAg1TJ9kODaUrb98X3gCGuTOLBAtFzUqjPyBF8rqXAtkgl8inec6GwY6gmB9p53quJfKSunnN7CbU3Qe37f8HBgS95vFsmJtbctbJ43XKlwo0imYbIeBYLmxKUJt5BKSnUYWWv4EI2AVE_LrqecL-QaNLH2IxY1JVLvR8WhP7wzjTHIsGjaQGn7199eVBaHZ7KTC-bFaEWnPgklR0e8t8TdICUqJudCqTEuoEBFYXRdqi_3betdNZHtJdcwfk9VEXTYTnjzw0fJ7RoFyVE1_1-wMULnEYk5SyfSYfYsBq_V25e-TUSLxB3IXgzBmJVOQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "pingfederate-fapi-jwt-assertion-client2",
      "qi": "rBDWPBNof1ZrvpqRqpPIf-hn6jmOmLN5mzv8ArwfYEuoIPo9Ltzta1m42A6KQAAsHfXUaKtihSXnVopYtYcxguVNCi2qbDh4nx7ZZNCcQsKSkUOw-hgm4vHZJMOJ-4jh6jthUeLTRmCpEZAHQrtmnpQ1tC1g3g2VCDH48p8cLzo",
      "dp": "BrSxmSusECV0pvXjPvxNyFST4x047hz0-5qJv1iJGVM7v0oSequa1wEmh8JJHaac8dN0XGVPRyZomSc_IeQb1Z2PWIb42uPRMSNYGvbn7iDP_jmyE5Nzzyod39k1XAWS0f83P6_c3_dlXAKdnwCJQf-6gjue-MFCQCGpr2uRDwk",
      "alg": "PS256",
      "dq": "GyE3v-YTDXsec308ko50LRYaKaQFLJQBZQ6sdwHiPeWe45wJZ9shsFqZJ2mSryATSG7yBLtTfL1-d6FLnU3z7N8jSGEnAiBWYlDO92EyrQbKEzFyQdhBc1DVw2iFYaS6WeqjzixVnnvScv63Phc1vhDf57--x_ANNZT0FL3b49E",
      "n": "mENeKNMC5ttp60qEq6LZoWaihn-__Ei70wnW8Zd_-ILFnYcaM90oTTnl8R2uHD4EJ3t_VCjFteXIwWV7OwDmRmOMwda0X1R5IKYn0O2ujT8NI4citj8G4NHY0r5Y5loLdb5dynGgT-YpsnWwfTC8Ky98gNA3OLf6Z2n8PEdKJr818RMAC0Vx6NQMHBNG4jI1D0bvbrZbx0XkXan7h2Elm9HLRjzHar5Qb5gFLGQRFdeHVHF5lRKyAFgdeQPvBqMiRsAwcgyKxDjbzF5qHPwhKMB-7IVhxuSULMvgSkesIIhrylzU9bo2KRhcxTB7oPkhAbPgumpoVZV0ME-ypiy77Q"
    }
  ]
}

2022-07-18 20:31:16		ValidateMTLSCertificates2Header No certificate authority found for MTLS

2022-07-18 20:31:16	SUCCESS	ValidateMTLSCertificates2Header MTLS certificates header is valid

2022-07-18 20:31:16		ExtractMTLSCertificates2FromConfiguration No certificate authority found for MTLS

2022-07-18 20:31:16

(2) More

SUCCESS

ExtractMTLSCertificates2FromConfiguration

Mutual TLS authentication credentials loaded

cert

MIID3zCCAsegAwIBAgIUUbO7wc+DFfteEqK0M1D+iRwKDOkwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDFBpbmdJZGVudGl0eTEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxJDAiBgNVBAMMG0ZBUEkgQWR2IE9QIHcgU2Vjb25kIENsaWVudDAgFw0yMTA3MjYyMjM0NDFaGA8yMTIxMDcwMjIyMzQ0MVowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDFBpbmdJZGVudGl0eTEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxJDAiBgNVBAMMG0ZBUEkgQWR2IE9QIHcgU2Vjb25kIENsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALASMA/8vTQ+vFqsR7UBSG5cldHwJ5SGvoHpGqhdv6xSXHUi8bp0Ob927l93bdkk1YnWqYQbmtmwlfqRFyxXYAvNXoIrFY86gBOg4O9vkCeVSMK1l7CdSps3ypXR4p7Fy1eERIN4fTwUS5wRu0bpcG4kocShcoxYu5A30s8k6onYVafO0ZfrbKEfnEJY74f8A3v8ns2Nr5AasPqZsz3g5TiyVygRG6+D6yrhORvW33roDEYnrwompE6UUkjVXNhoBoXvohLhf3Zh7kEpVQjXjD/rMlj5NFSFXLW4RXDokruapCyY3Q66OoAO5SYBpKtfxHiAp28ooUSmmwpxd39voaUCAwEAAaNTMFEwHQYDVR0OBBYEFFGFWe386uahXiBMwViRnP9t210BMB8GA1UdIwQYMBaAFFGFWe386uahXiBMwViRnP9t210BMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ346s52BzNNZU9Sc6qUnG68yjZxCadEgijudr5hILhkLYsLy6HOdnirsakqdc/KhbRQPm+TbuUT94bahigOM1QuCGa8XjewTdmXGDdRxFTHNMLc+SopCuInXeNlBO8tekbWSglGaP742240gERzXHaGyqrSzXeL2yosY2evtqbMB9i+d8uMhTYniwP3Isbbld2lCCF/Cw7flVzXnWItU0pGVj8U9qIW874eMDss+dxq6WfwaVzyXqH7k59xI/37zxWdRa1zNIwyi8H1dkl0vsoJSrrIGPCJpq+snT+6+xrUbrRn4H+K0eQSLE+LmmxuOaE4WgdK4ln9ZUXQC90R1aM=

key

MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQCwEjAP/L00PrxarEe1AUhuXJXR8CeUhr6B6RqoXb+sUlx1IvG6dDm/du5fd23ZJNWJ1qmEG5rZsJX6kRcsV2ALzV6CKxWPOoAToODvb5AnlUjCtZewnUqbN8qV0eKexctXhESDeH08FEucEbtG6XBuJKHEoXKMWLuQN9LPJOqJ2FWnztGX62yhH5xCWO+H/AN7/J7Nja+QGrD6mbM94OU4slcoERuvg+sq4Tkb1t966AxGJ68KJqROlFJI1VzYaAaF76IS4X92Ye5BKVUI14w/6zJY+TRUhVy1uEVw6JK7mqQsmN0OujqADuUmAaSrX8R4gKdvKKFEppsKcXd/b6GlAgMBAAECggEBAIxtlSPLImR+/N8ctPxqj4hmE6AjeI3/ggY/EuHiE7Ou5MsQGdfqRvysMKa3rEcaF64eJYmWMsUZECWOfvsAnTwMiiorjsBzmh8Nmxmc006exC93ggp9CToPH2aqxaJ4gxvEBJkPCmNWlI9fnQyLtv5B/TvEwIWrZ704qMxJ1z4klxZgPvRAa5lCRIs1BAwkvtgkc9S2nTzJqO7tfHpXk1tCMxkHyqMlfpBfWxgysPQBueju/IFXw3IoO80uOCZYnHagMmZeSdomlCQmX+5UjanVt4TFFppIQxKXjrkJ0Q0XcnboNs+VsKZgvFdVAKFXHZY5BtaQaC8U8vPKDH2SSikCgYEA5z6fgw7T9etmkqsmc+cAt6LH/NspMOH92Ot7IPgjZIiODx1AIPIQXM6/DzJuntyYtMk+ZJ06q/h7C8ZkdAQX1z3M6maD2y8vVVIMh1yjd2el7CvAc3fejEbliKKK2R9RSGB8udNcGVyNbsjTTLJb2mx89JFI2yGA0gXyVTbT7CsCgYEAwuuBMF0THYZ4kNi62MvF/EblkKwKY1+v6XFdOZiyQljClNdT8bRFxjkdnIxaXemm6X5MPtsKBKY+0ix3uHKXdglzycCth/KuhqmItT1gitPEjq3Ut5Q9liWPpKNhuJjdlUi97Yj7r4NRBWeCLAUBh4n1lpl3rPxIvBMJqFgIMW8CgYEAinFPhmMmOyDHtB+LUfCG2Wo3WQbMzls+YtP4T3C/n7yxcBMPBapmaWnNsQd8etePBQ1GsW4AZlzJLe+EzIB21YJGYD8nyd2h9O6+WXv40c/X4mD/QyIMtubrHLZTclHxk+dQROBpTzW95wmMl2pg24//71vbxnV0bkjpIGNG1SkCgYEAkvnTsy0rgcLo3Ief9GNLCdxHs9wWBTKcyZDis9Bw8dhN+L+ZG5NMXZipvGaUqWXKpxvF0EuH9VOJ4R8Iszss/CNKfOHdt7oFYaMqY0dBqcze1Js836RXAAWYl5Ne1zvlMXDlTdxRs9l32XRgUmL/8TzUw1c7R2QAUFimmpquqt8CgYEAjtIr2L2llacZi7vBfFwgvjVVg7vuAvGpRokC4m6OzfjcO7fPVJa9f8IZLSQU6E2VM//dbuAHbPC2iIGnQn848cwF2rhXrY0VvqfpTuxQCdiW+TGwukLxW0AHWeiD5YauGqtz4+ZC6DWGyFZQSPB0OxcyG9wu0OBKbG70lP6scQE=

2022-07-18 20:31:16	SUCCESS RFC7517-1.1	ValidateClientJWKsPrivatePart Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url

2022-07-18 20:31:16

(2) More

SUCCESS

ExtractJWKsFromStaticClientConfiguration

Extracted client JWK

client_jwks

{
  "keys": [
    {
      "p": "43lqQE0EN1LJ_jdqHq56hNFjErKfcrwJnVpIVRsXCZWboV4MSfLzGGEyePPs6SxV6-l_txQY-M2dW6xLaedRUlaFT89r10cIm136ecYUzs51iX_GZW_AvohaXSmAbZKpjLmsHIDelgggQKjDQxGGbmAAQojnqzorpVrfz-8aUNc",
      "kty": "RSA",
      "q": "q1t1ErKAx06nV7ohJ4zlo3xUeMA3rO7HLmK6Eh460DsiX80AsCxyw1AsQy0N1W8u_RgkA3y_p_5Nf7K1KLLa9mduIBWyUFEim1EneviM4m3q7e2UtQ7iezh6FatYFZD5c_v_CH2gV0bhxZrMzNc8ubL46OXo5h1WycY1iAqsjNs",
      "d": "ElS590xAIy7zN4KHKmq2rLnAg1TJ9kODaUrb98X3gCGuTOLBAtFzUqjPyBF8rqXAtkgl8inec6GwY6gmB9p53quJfKSunnN7CbU3Qe37f8HBgS95vFsmJtbctbJ43XKlwo0imYbIeBYLmxKUJt5BKSnUYWWv4EI2AVE_LrqecL-QaNLH2IxY1JVLvR8WhP7wzjTHIsGjaQGn7199eVBaHZ7KTC-bFaEWnPgklR0e8t8TdICUqJudCqTEuoEBFYXRdqi_3betdNZHtJdcwfk9VEXTYTnjzw0fJ7RoFyVE1_1-wMULnEYk5SyfSYfYsBq_V25e-TUSLxB3IXgzBmJVOQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "pingfederate-fapi-jwt-assertion-client2",
      "qi": "rBDWPBNof1ZrvpqRqpPIf-hn6jmOmLN5mzv8ArwfYEuoIPo9Ltzta1m42A6KQAAsHfXUaKtihSXnVopYtYcxguVNCi2qbDh4nx7ZZNCcQsKSkUOw-hgm4vHZJMOJ-4jh6jthUeLTRmCpEZAHQrtmnpQ1tC1g3g2VCDH48p8cLzo",
      "dp": "BrSxmSusECV0pvXjPvxNyFST4x047hz0-5qJv1iJGVM7v0oSequa1wEmh8JJHaac8dN0XGVPRyZomSc_IeQb1Z2PWIb42uPRMSNYGvbn7iDP_jmyE5Nzzyod39k1XAWS0f83P6_c3_dlXAKdnwCJQf-6gjue-MFCQCGpr2uRDwk",
      "alg": "PS256",
      "dq": "GyE3v-YTDXsec308ko50LRYaKaQFLJQBZQ6sdwHiPeWe45wJZ9shsFqZJ2mSryATSG7yBLtTfL1-d6FLnU3z7N8jSGEnAiBWYlDO92EyrQbKEzFyQdhBc1DVw2iFYaS6WeqjzixVnnvScv63Phc1vhDf57--x_ANNZT0FL3b49E",
      "n": "mENeKNMC5ttp60qEq6LZoWaihn-__Ei70wnW8Zd_-ILFnYcaM90oTTnl8R2uHD4EJ3t_VCjFteXIwWV7OwDmRmOMwda0X1R5IKYn0O2ujT8NI4citj8G4NHY0r5Y5loLdb5dynGgT-YpsnWwfTC8Ky98gNA3OLf6Z2n8PEdKJr818RMAC0Vx6NQMHBNG4jI1D0bvbrZbx0XkXan7h2Elm9HLRjzHar5Qb5gFLGQRFdeHVHF5lRKyAFgdeQPvBqMiRsAwcgyKxDjbzF5qHPwhKMB-7IVhxuSULMvgSkesIIhrylzU9bo2KRhcxTB7oPkhAbPgumpoVZV0ME-ypiy77Q"
    }
  ]
}

public_client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "pingfederate-fapi-jwt-assertion-client2",
      "alg": "PS256",
      "n": "mENeKNMC5ttp60qEq6LZoWaihn-__Ei70wnW8Zd_-ILFnYcaM90oTTnl8R2uHD4EJ3t_VCjFteXIwWV7OwDmRmOMwda0X1R5IKYn0O2ujT8NI4citj8G4NHY0r5Y5loLdb5dynGgT-YpsnWwfTC8Ky98gNA3OLf6Z2n8PEdKJr818RMAC0Vx6NQMHBNG4jI1D0bvbrZbx0XkXan7h2Elm9HLRjzHar5Qb5gFLGQRFdeHVHF5lRKyAFgdeQPvBqMiRsAwcgyKxDjbzF5qHPwhKMB-7IVhxuSULMvgSkesIIhrylzU9bo2KRhcxTB7oPkhAbPgumpoVZV0ME-ypiy77Q"
    }
  ]
}

2022-07-18 20:31:16	SUCCESS OIDCC-10.1	CheckForKeyIdInClientJWKs All keys contain kids

2022-07-18 20:31:16

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Distinct 'kid' value in all keys of client_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2022-07-18 20:31:16

(1) More

SUCCESS

FAPI1-ADV-8.6

FAPICheckKeyAlgInClientJWKs

Keys in client JWKS all have permitted 'alg'

permitted

[
  "ES256",
  "PS256"
]

2022-07-18 20:31:16

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumClientKeyLength

Validated minimum key lengths for client_jwks

client_jwks

{
  "keys": [
    {
      "p": "43lqQE0EN1LJ_jdqHq56hNFjErKfcrwJnVpIVRsXCZWboV4MSfLzGGEyePPs6SxV6-l_txQY-M2dW6xLaedRUlaFT89r10cIm136ecYUzs51iX_GZW_AvohaXSmAbZKpjLmsHIDelgggQKjDQxGGbmAAQojnqzorpVrfz-8aUNc",
      "kty": "RSA",
      "q": "q1t1ErKAx06nV7ohJ4zlo3xUeMA3rO7HLmK6Eh460DsiX80AsCxyw1AsQy0N1W8u_RgkA3y_p_5Nf7K1KLLa9mduIBWyUFEim1EneviM4m3q7e2UtQ7iezh6FatYFZD5c_v_CH2gV0bhxZrMzNc8ubL46OXo5h1WycY1iAqsjNs",
      "d": "ElS590xAIy7zN4KHKmq2rLnAg1TJ9kODaUrb98X3gCGuTOLBAtFzUqjPyBF8rqXAtkgl8inec6GwY6gmB9p53quJfKSunnN7CbU3Qe37f8HBgS95vFsmJtbctbJ43XKlwo0imYbIeBYLmxKUJt5BKSnUYWWv4EI2AVE_LrqecL-QaNLH2IxY1JVLvR8WhP7wzjTHIsGjaQGn7199eVBaHZ7KTC-bFaEWnPgklR0e8t8TdICUqJudCqTEuoEBFYXRdqi_3betdNZHtJdcwfk9VEXTYTnjzw0fJ7RoFyVE1_1-wMULnEYk5SyfSYfYsBq_V25e-TUSLxB3IXgzBmJVOQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "pingfederate-fapi-jwt-assertion-client2",
      "qi": "rBDWPBNof1ZrvpqRqpPIf-hn6jmOmLN5mzv8ArwfYEuoIPo9Ltzta1m42A6KQAAsHfXUaKtihSXnVopYtYcxguVNCi2qbDh4nx7ZZNCcQsKSkUOw-hgm4vHZJMOJ-4jh6jthUeLTRmCpEZAHQrtmnpQ1tC1g3g2VCDH48p8cLzo",
      "dp": "BrSxmSusECV0pvXjPvxNyFST4x047hz0-5qJv1iJGVM7v0oSequa1wEmh8JJHaac8dN0XGVPRyZomSc_IeQb1Z2PWIb42uPRMSNYGvbn7iDP_jmyE5Nzzyod39k1XAWS0f83P6_c3_dlXAKdnwCJQf-6gjue-MFCQCGpr2uRDwk",
      "alg": "PS256",
      "dq": "GyE3v-YTDXsec308ko50LRYaKaQFLJQBZQ6sdwHiPeWe45wJZ9shsFqZJ2mSryATSG7yBLtTfL1-d6FLnU3z7N8jSGEnAiBWYlDO92EyrQbKEzFyQdhBc1DVw2iFYaS6WeqjzixVnnvScv63Phc1vhDf57--x_ANNZT0FL3b49E",
      "n": "mENeKNMC5ttp60qEq6LZoWaihn-__Ei70wnW8Zd_-ILFnYcaM90oTTnl8R2uHD4EJ3t_VCjFteXIwWV7OwDmRmOMwda0X1R5IKYn0O2ujT8NI4citj8G4NHY0r5Y5loLdb5dynGgT-YpsnWwfTC8Ky98gNA3OLf6Z2n8PEdKJr818RMAC0Vx6NQMHBNG4jI1D0bvbrZbx0XkXan7h2Elm9HLRjzHar5Qb5gFLGQRFdeHVHF5lRKyAFgdeQPvBqMiRsAwcgyKxDjbzF5qHPwhKMB-7IVhxuSULMvgSkesIIhrylzU9bo2KRhcxTB7oPkhAbPgumpoVZV0ME-ypiy77Q"
    }
  ]
}

2022-07-18 20:31:16	SUCCESS	ValidateMTLSCertificatesAsX509 Mutual TLS authentication cert validated as X.509

2022-07-18 20:31:16

(2) More

SUCCESS

ValidateClientPrivateKeysAreDifferent

Client signing JWKs have different thumbprints

jwk1

{
  "p": "7Iiv4eby1Ubo_U9uzWEa8OlUQoBz4vjPtB7MWQ6dlM7ajD9IjhjwwE8e1d_fE22DW4bEjHb1ls6_wbEm07PusUuMyHtWzW1sNWnpCh0xgDsEnLZwmtdXhPDHJlbRXHXAqcTVTUIJNMUSa8Mj9MXs33u1mkMD-hYWJfDHNCrDUAc",
  "kty": "RSA",
  "q": "msxkZpdafUHdoC-S5QrAHZ8z0NrQNFjn2yFcpznZ0zjXK83QH-jbBHCcTDBkF7xpatG61SbEznYxYaDEFR4xzuyy0WOYtoIk5IukygdvZhMkAXDNl5rNvF770Fnv8gwpoxZqlpb18kWtP2gk-ebJK2YHKjhl-pHDOrbzubkRdOE",
  "d": "AXvpT93_Y-hQYTCk95gHj6BinFTppIaTZhgJWvnDY-Bz1NhUZ7fz-RjePxQBEuRv3DUk6nEmT8CivxJKZdql9AR9UjHz_ANOH6mAwHxkE2bcEKEsJFGTkaDJhVqmwukYwfKfGpkeNuD2r5rhNdl3XNUQ6VdTkUokmZM3KNrLhks3NtPL3xEMqK5KAYJbJuS8AQoOI5scRTJZYcS63KK9WwBoOFwbz3PFHJb2lffTOH_tnqgSvm9chb7y1CaarSJuFSVTjkjMyk2rBOr4bu5YRtxzH1dAa3Dd5n9XzVwN_q0dIitTh7Vro2JcSU24O1n-XR4WGzCCiarMxPKc8SWyAQ",
  "e": "AQAB",
  "use": "sig",
  "kid": "pingfederate-fapi-jwt-assertion-client1",
  "qi": "De5E3i5KIQ88R7jYZDWEsVonhPPGcWksWXC-s4frJ0tISk5-zlCdP6eitstJTaB1i7bkCW4R7iXufgXqW2WCRK2IXXjwItZo1zEpuAZJnKFwDPxXt5pLoc_sDjarMRENxdx_spyiFIxejLvvDmKGxs7vt3LDm_ytvJXfsymzjqM",
  "dp": "z80l9-jV3dl2R1TJm1V8Pbo_dE01gmnkz_Fexb65Ykp4Zk4SiAQRPmJETNFpQcAsbvRvKJg6Gkt428muur6RLOGaxWbWU5OWRTbOrTwIiQdQff0p4F7fXMPLsjsDo58vq_ZpDn69Z8ba8CF4LUrVV2Fvoh7OF5_fxWVLHOGUxXE",
  "alg": "PS256",
  "dq": "JRS_HEA3YffsMhoTUyB_ItlnHSm9ZDzD1Z8pRbm67zkXehvENlCeXnLnTeztnS36BqeU3Mh7roVrkNpk_jYMcmgK8dOs2lNUqRa2c9rSGZ6OKnYuGZnwnKYYJjHVI6M8Oh_9inNBGTcNqDm3WdGp8OZw4vE9pIdUP_VhbuThRKE",
  "n": "jwcTfjv0q48qux1sg2MR8OvCh1mXITYu7zkEJVCz0UImIrIqLtEzmGkqJP0LobK6-NlFHWOsAp2NcVTh79RBwawsrmi59rJ_nHigX00C7wjVpJtldJmOwmSS4HD8EgRkiM0yJzyKijtRiB5ssrOoBK3VPFMqZYm_JBJY35s_qDDHWTlwuWDLqADZp809btMcwQZCqgrSKgtalspeKXIh6Lv3lkFnELJhfwGZYPtVc2SJk91F8tmgamPNJUfVJV3ygdBuDcB8EZ8m-tIaISghfR1RRkEeYI8r_Wf4dfjIAZRkrj8GHqAJOi762rjyFvXvcPc0Zc-ABDYnVi4WdWOCJw"
}

jwk2

{
  "p": "43lqQE0EN1LJ_jdqHq56hNFjErKfcrwJnVpIVRsXCZWboV4MSfLzGGEyePPs6SxV6-l_txQY-M2dW6xLaedRUlaFT89r10cIm136ecYUzs51iX_GZW_AvohaXSmAbZKpjLmsHIDelgggQKjDQxGGbmAAQojnqzorpVrfz-8aUNc",
  "kty": "RSA",
  "q": "q1t1ErKAx06nV7ohJ4zlo3xUeMA3rO7HLmK6Eh460DsiX80AsCxyw1AsQy0N1W8u_RgkA3y_p_5Nf7K1KLLa9mduIBWyUFEim1EneviM4m3q7e2UtQ7iezh6FatYFZD5c_v_CH2gV0bhxZrMzNc8ubL46OXo5h1WycY1iAqsjNs",
  "d": "ElS590xAIy7zN4KHKmq2rLnAg1TJ9kODaUrb98X3gCGuTOLBAtFzUqjPyBF8rqXAtkgl8inec6GwY6gmB9p53quJfKSunnN7CbU3Qe37f8HBgS95vFsmJtbctbJ43XKlwo0imYbIeBYLmxKUJt5BKSnUYWWv4EI2AVE_LrqecL-QaNLH2IxY1JVLvR8WhP7wzjTHIsGjaQGn7199eVBaHZ7KTC-bFaEWnPgklR0e8t8TdICUqJudCqTEuoEBFYXRdqi_3betdNZHtJdcwfk9VEXTYTnjzw0fJ7RoFyVE1_1-wMULnEYk5SyfSYfYsBq_V25e-TUSLxB3IXgzBmJVOQ",
  "e": "AQAB",
  "use": "sig",
  "kid": "pingfederate-fapi-jwt-assertion-client2",
  "qi": "rBDWPBNof1ZrvpqRqpPIf-hn6jmOmLN5mzv8ArwfYEuoIPo9Ltzta1m42A6KQAAsHfXUaKtihSXnVopYtYcxguVNCi2qbDh4nx7ZZNCcQsKSkUOw-hgm4vHZJMOJ-4jh6jthUeLTRmCpEZAHQrtmnpQ1tC1g3g2VCDH48p8cLzo",
  "dp": "BrSxmSusECV0pvXjPvxNyFST4x047hz0-5qJv1iJGVM7v0oSequa1wEmh8JJHaac8dN0XGVPRyZomSc_IeQb1Z2PWIb42uPRMSNYGvbn7iDP_jmyE5Nzzyod39k1XAWS0f83P6_c3_dlXAKdnwCJQf-6gjue-MFCQCGpr2uRDwk",
  "alg": "PS256",
  "dq": "GyE3v-YTDXsec308ko50LRYaKaQFLJQBZQ6sdwHiPeWe45wJZ9shsFqZJ2mSryATSG7yBLtTfL1-d6FLnU3z7N8jSGEnAiBWYlDO92EyrQbKEzFyQdhBc1DVw2iFYaS6WeqjzixVnnvScv63Phc1vhDf57--x_ANNZT0FL3b49E",
  "n": "mENeKNMC5ttp60qEq6LZoWaihn-__Ei70wnW8Zd_-ILFnYcaM90oTTnl8R2uHD4EJ3t_VCjFteXIwWV7OwDmRmOMwda0X1R5IKYn0O2ujT8NI4citj8G4NHY0r5Y5loLdb5dynGgT-YpsnWwfTC8Ky98gNA3OLf6Z2n8PEdKJr818RMAC0Vx6NQMHBNG4jI1D0bvbrZbx0XkXan7h2Elm9HLRjzHar5Qb5gFLGQRFdeHVHF5lRKyAFgdeQPvBqMiRsAwcgyKxDjbzF5qHPwhKMB-7IVhxuSULMvgSkesIIhrylzU9bo2KRhcxTB7oPkhAbPgumpoVZV0ME-ypiy77Q"
}

2022-07-18 20:31:16

(1) More

SUCCESS

GetResourceEndpointConfiguration

Found a resource endpoint object

resourceUrl

https://idp.conf.ping-eng.com:3000/get

2022-07-18 20:31:16

(1) More

SUCCESS

SetProtectedResourceUrlToSingleResourceEndpoint

Set protected resource URL

protected_resource_url

https://idp.conf.ping-eng.com:3000/get

2022-07-18 20:31:16

(1) More

SUCCESS

ExtractTLSTestValuesFromResourceConfiguration

Extracted TLS information from resource endpoint

resource_endpoint

{
  "testHost": "idp.conf.ping-eng.com",
  "testPort": 3000
}

2022-07-18 20:31:16

(2) More

SUCCESS

ExtractTLSTestValuesFromOBResourceConfiguration

Extracted TLS information from resource endpoint

accounts_resource_endpoint	{ "testHost": "idp.conf.ping-eng.com", "testPort": 3000 }
accounts_request_endpoint	{ "testHost": "idp.conf.ping-eng.com", "testPort": 3000 }

2022-07-18 20:31:16		fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails Setup Done

Make request to authorization endpoint

2022-07-18 20:31:16

(3) More

SUCCESS

CreateAuthorizationEndpointRequestFromClientInformation

Created authorization endpoint request

client_id	fapi_adv_op_w_mtls_value_first_client
redirect_uri	https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback
scope	openid payments

2022-07-18 20:31:16

(1) More

SUCCESS

AddAcrClaimToAuthorizationEndpointRequest

Added acr claim to authorization_endpoint_request

authorization_endpoint_request

{
  "client_id": "fapi_adv_op_w_mtls_value_first_client",
  "redirect_uri": "https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback",
  "scope": "openid payments",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}

2022-07-18 20:31:16

(2) More

CreateRandomStateValue

Created state value

requested_state_length	10
state	ibU4EL11zS

2022-07-18 20:31:16

(5) More

SUCCESS

AddStateToAuthorizationEndpointRequest

Added state parameter to request

client_id	fapi_adv_op_w_mtls_value_first_client
redirect_uri	https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback
scope	openid payments
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	ibU4EL11zS

2022-07-18 20:31:16

(2) More

CreateRandomNonceValue

Created nonce value

requested_nonce_length	10
nonce	cQh5dTZSuC

2022-07-18 20:31:16

(6) More

SUCCESS

AddNonceToAuthorizationEndpointRequest

Added nonce parameter to request

client_id	fapi_adv_op_w_mtls_value_first_client
redirect_uri	https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback
scope	openid payments
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	ibU4EL11zS
nonce	cQh5dTZSuC

2022-07-18 20:31:16

(7) More

SUCCESS

SetAuthorizationEndpointRequestResponseTypeToCode

Added response_type parameter to request

client_id	fapi_adv_op_w_mtls_value_first_client
redirect_uri	https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback
scope	openid payments
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	ibU4EL11zS
nonce	cQh5dTZSuC
response_type	code

2022-07-18 20:31:16

(8) More

SUCCESS

SetAuthorizationEndpointRequestResponseModeToJWT

Added response_mode parameter to request

client_id	fapi_adv_op_w_mtls_value_first_client
redirect_uri	https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback
scope	openid payments
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	ibU4EL11zS
nonce	cQh5dTZSuC
response_type	code
response_mode	jwt

2022-07-18 20:31:16

(1) More

SUCCESS

ConvertAuthorizationEndpointRequestToRequestObject

Created request object claims

request_object_claims

{
  "client_id": "fapi_adv_op_w_mtls_value_first_client",
  "redirect_uri": "https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback",
  "scope": "openid payments",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "ibU4EL11zS",
  "nonce": "cQh5dTZSuC",
  "response_type": "code",
  "response_mode": "jwt"
}

2022-07-18 20:31:16

(2) More

SUCCESS

FAPI1-ADV-5.2.2-17

AddNbfValueIs70MinutesInPastToRequestObject

Added invalid nbf value to request object which is 70 minutes in the past

nbf_is_70_minutes_in_the_past

"Jul 18, 2022, 7:21:16 PM"

request_object_claims

{
  "client_id": "fapi_adv_op_w_mtls_value_first_client",
  "redirect_uri": "https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback",
  "scope": "openid payments",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "ibU4EL11zS",
  "nonce": "cQh5dTZSuC",
  "response_type": "code",
  "response_mode": "jwt",
  "nbf": 1658172076
}

2022-07-18 20:31:16

(1) More

SUCCESS

FAPI1-ADV-5.2.2-13

AddExpToRequestObject

Added exp to request object claims

exp	1.658176576E9

2022-07-18 20:31:16

(1) More

SUCCESS

FAPI1-ADV-5.2.2-14

AddAudToRequestObject

Added aud to request object claims

aud	https://idp.conf.ping-eng.com:9031

2022-07-18 20:31:16

(1) More

SUCCESS

OIDCC-6.1

AddIssToRequestObject

Added iss to request object claims

iss	fapi_adv_op_w_mtls_value_first_client

2022-07-18 20:31:16

(1) More

SUCCESS

FAPI1-ADV-5.2.3-8

AddClientIdToRequestObject

Added client_id to request object claims

client_id

fapi_adv_op_w_mtls_value_first_client

2022-07-18 20:31:16

(4) More

SUCCESS

SignRequestObject

Signed the request object

claims	{ "aud": "https://idp.conf.ping-eng.com:9031", "nbf": 1658172076, "scope": "openid payments", "claims": { "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }, "iss": "fapi_adv_op_w_mtls_value_first_client", "response_type": "code", "redirect_uri": "https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback", "state": "ibU4EL11zS", "exp": 1658176576, "nonce": "cQh5dTZSuC", "client_id": "fapi_adv_op_w_mtls_value_first_client", "response_mode": "jwt" }
header	{ "kid": "pingfederate-fapi-jwt-assertion-client1", "alg": "PS256" }
request_object	eyJraWQiOiJwaW5nZmVkZXJhdGUtZmFwaS1qd3QtYXNzZXJ0aW9uLWNsaWVudDEiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJub25jZSI6ImNRaDVkVFpTdUMiLCJjbGllbnRfaWQiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9pZHAuY29uZi5waW5nLWVuZy5jb206OTAzMSIsIm5iZiI6MTY1ODE3MjA3Niwic2NvcGUiOiJvcGVuaWQgcGF5bWVudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpbmdpZGVudGl0eS1waW5nZmVkZXJhdGUtZmFwaS1hZHYtb3AtbXRscy12YWx1ZS1qYXJtXC9jYWxsYmFjayIsInN0YXRlIjoiaWJVNEVMMTF6UyIsImV4cCI6MTY1ODE3NjU3Nn0.DSxXoPfYHMXeeNsEK67Wc-6aOvSFsozvIzRCIdYvpuWFFqqP5q0DbIk-QWlkFWbUtg5Pf9kZZD-mS-F39BCymQ90RmjTU_CgBrZaYO1ESDL-mdDF4roFoPZ2XGUfnkRJ3DqVNWZAs-dmKxcUJUXT1k1JKlKItWF_FJqbnMNICnnXicP_VIwhc-QiAdKyQBkkth5vXh09mJtOvLf6nYAgqZMxKb-f1liThsMnLmqFUOEl1CPPCX_qzAkBIScbz-2REEJZlvAJnQ5jbq8-fktml2Abln0npP0GSy0YYVXFbPlvui8P54Xe7AY0PSSK9QYdxRf3bZhZZRvmSkcatsHalA
key	{ "p": "7Iiv4eby1Ubo_U9uzWEa8OlUQoBz4vjPtB7MWQ6dlM7ajD9IjhjwwE8e1d_fE22DW4bEjHb1ls6_wbEm07PusUuMyHtWzW1sNWnpCh0xgDsEnLZwmtdXhPDHJlbRXHXAqcTVTUIJNMUSa8Mj9MXs33u1mkMD-hYWJfDHNCrDUAc", "kty": "RSA", "q": "msxkZpdafUHdoC-S5QrAHZ8z0NrQNFjn2yFcpznZ0zjXK83QH-jbBHCcTDBkF7xpatG61SbEznYxYaDEFR4xzuyy0WOYtoIk5IukygdvZhMkAXDNl5rNvF770Fnv8gwpoxZqlpb18kWtP2gk-ebJK2YHKjhl-pHDOrbzubkRdOE", "d": "AXvpT93_Y-hQYTCk95gHj6BinFTppIaTZhgJWvnDY-Bz1NhUZ7fz-RjePxQBEuRv3DUk6nEmT8CivxJKZdql9AR9UjHz_ANOH6mAwHxkE2bcEKEsJFGTkaDJhVqmwukYwfKfGpkeNuD2r5rhNdl3XNUQ6VdTkUokmZM3KNrLhks3NtPL3xEMqK5KAYJbJuS8AQoOI5scRTJZYcS63KK9WwBoOFwbz3PFHJb2lffTOH_tnqgSvm9chb7y1CaarSJuFSVTjkjMyk2rBOr4bu5YRtxzH1dAa3Dd5n9XzVwN_q0dIitTh7Vro2JcSU24O1n-XR4WGzCCiarMxPKc8SWyAQ", "e": "AQAB", "use": "sig", "kid": "pingfederate-fapi-jwt-assertion-client1", "qi": "De5E3i5KIQ88R7jYZDWEsVonhPPGcWksWXC-s4frJ0tISk5-zlCdP6eitstJTaB1i7bkCW4R7iXufgXqW2WCRK2IXXjwItZo1zEpuAZJnKFwDPxXt5pLoc_sDjarMRENxdx_spyiFIxejLvvDmKGxs7vt3LDm_ytvJXfsymzjqM", "dp": "z80l9-jV3dl2R1TJm1V8Pbo_dE01gmnkz_Fexb65Ykp4Zk4SiAQRPmJETNFpQcAsbvRvKJg6Gkt428muur6RLOGaxWbWU5OWRTbOrTwIiQdQff0p4F7fXMPLsjsDo58vq_ZpDn69Z8ba8CF4LUrVV2Fvoh7OF5_fxWVLHOGUxXE", "alg": "PS256", "dq": "JRS_HEA3YffsMhoTUyB_ItlnHSm9ZDzD1Z8pRbm67zkXehvENlCeXnLnTeztnS36BqeU3Mh7roVrkNpk_jYMcmgK8dOs2lNUqRa2c9rSGZ6OKnYuGZnwnKYYJjHVI6M8Oh_9inNBGTcNqDm3WdGp8OZw4vE9pIdUP_VhbuThRKE", "n": "jwcTfjv0q48qux1sg2MR8OvCh1mXITYu7zkEJVCz0UImIrIqLtEzmGkqJP0LobK6-NlFHWOsAp2NcVTh79RBwawsrmi59rJ_nHigX00C7wjVpJtldJmOwmSS4HD8EgRkiM0yJzyKijtRiB5ssrOoBK3VPFMqZYm_JBJY35s_qDDHWTlwuWDLqADZp809btMcwQZCqgrSKgtalspeKXIh6Lv3lkFnELJhfwGZYPtVc2SJk91F8tmgamPNJUfVJV3ygdBuDcB8EZ8m-tIaISghfR1RRkEeYI8r_Wf4dfjIAZRkrj8GHqAJOi762rjyFvXvcPc0Zc-ABDYnVi4WdWOCJw" }

2022-07-18 20:31:16

(1) More

SUCCESS

BuildRequestObjectByValueRedirectToAuthorizationEndpoint

Sending to authorization endpoint

redirect_to_authorization_endpoint

https://idp.conf.ping-eng.com:9031/as/authorization.oauth2?request=eyJraWQiOiJwaW5nZmVkZXJhdGUtZmFwaS1qd3QtYXNzZXJ0aW9uLWNsaWVudDEiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJub25jZSI6ImNRaDVkVFpTdUMiLCJjbGllbnRfaWQiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9pZHAuY29uZi5waW5nLWVuZy5jb206OTAzMSIsIm5iZiI6MTY1ODE3MjA3Niwic2NvcGUiOiJvcGVuaWQgcGF5bWVudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpbmdpZGVudGl0eS1waW5nZmVkZXJhdGUtZmFwaS1hZHYtb3AtbXRscy12YWx1ZS1qYXJtXC9jYWxsYmFjayIsInN0YXRlIjoiaWJVNEVMMTF6UyIsImV4cCI6MTY1ODE3NjU3Nn0.DSxXoPfYHMXeeNsEK67Wc-6aOvSFsozvIzRCIdYvpuWFFqqP5q0DbIk-QWlkFWbUtg5Pf9kZZD-mS-F39BCymQ90RmjTU_CgBrZaYO1ESDL-mdDF4roFoPZ2XGUfnkRJ3DqVNWZAs-dmKxcUJUXT1k1JKlKItWF_FJqbnMNICnnXicP_VIwhc-QiAdKyQBkkth5vXh09mJtOvLf6nYAgqZMxKb-f1liThsMnLmqFUOEl1CPPCX_qzAkBIScbz-2REEJZlvAJnQ5jbq8-fktml2Abln0npP0GSy0YYVXFbPlvui8P54Xe7AY0PSSK9QYdxRf3bZhZZRvmSkcatsHalA&client_id=fapi_adv_op_w_mtls_value_first_client&redirect_uri=https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback&scope=openid%20payments&response_type=code

2022-07-18 20:31:16

(1) More

REDIRECT

fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails

Redirecting to authorization endpoint

redirect_to

https://idp.conf.ping-eng.com:9031/as/authorization.oauth2?request=eyJraWQiOiJwaW5nZmVkZXJhdGUtZmFwaS1qd3QtYXNzZXJ0aW9uLWNsaWVudDEiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJub25jZSI6ImNRaDVkVFpTdUMiLCJjbGllbnRfaWQiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9pZHAuY29uZi5waW5nLWVuZy5jb206OTAzMSIsIm5iZiI6MTY1ODE3MjA3Niwic2NvcGUiOiJvcGVuaWQgcGF5bWVudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpbmdpZGVudGl0eS1waW5nZmVkZXJhdGUtZmFwaS1hZHYtb3AtbXRscy12YWx1ZS1qYXJtXC9jYWxsYmFjayIsInN0YXRlIjoiaWJVNEVMMTF6UyIsImV4cCI6MTY1ODE3NjU3Nn0.DSxXoPfYHMXeeNsEK67Wc-6aOvSFsozvIzRCIdYvpuWFFqqP5q0DbIk-QWlkFWbUtg5Pf9kZZD-mS-F39BCymQ90RmjTU_CgBrZaYO1ESDL-mdDF4roFoPZ2XGUfnkRJ3DqVNWZAs-dmKxcUJUXT1k1JKlKItWF_FJqbnMNICnnXicP_VIwhc-QiAdKyQBkkth5vXh09mJtOvLf6nYAgqZMxKb-f1liThsMnLmqFUOEl1CPPCX_qzAkBIScbz-2REEJZlvAJnQ5jbq8-fktml2Abln0npP0GSy0YYVXFbPlvui8P54Xe7AY0PSSK9QYdxRf3bZhZZRvmSkcatsHalA&client_id=fapi_adv_op_w_mtls_value_first_client&redirect_uri=https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback&scope=openid%20payments&response_type=code

2022-07-18 20:31:16

(2) More

REVIEW

OIDCC-6.1 RFC7519-4.1.5

ExpectRequestObjectWithNbfOver60ClaimErrorPage

If the server does not return an invalid_request_object error back to the client, it must show an error page saying the request object is invalid as it is using a 'nbf' value over 60 minutes in the past in the signed request object - upload a screenshot of the error page.

content_type

text/html

page_source

<?xml version="1.0" encoding="UTF-8"?>
<html lang="en" dir="ltr">
  <head>
    <title>
      Error
    </title>
    <base href="https://idp.conf.ping-eng.com:9031/"/>
    <meta name="robots" content="noindex, nofollow"/>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
    <meta name="viewport" content="initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"/>
    <meta http-equiv="x-ua-compatible" content="IE=edge"/>
    <link rel="stylesheet" type="text/css" href="assets/css/main.css"/>
  </head>
  <body>
    <div class="ping-container">
      <!--
     if there is a logo present in the 'company-logo' container,
     then 'has-logo' class should be added to 'ping-header' container.
     -->      <div class="ping-header">
        <span class="company-logo">
          <!-- client company logo here -->        </span>
        
        Error
    
      </div>
      <!-- .ping-header -->      <div class="ping-body-container">
        <div class="section-title">
          
            Oops
        
        </div>
        <div class="ping-messages ping-nopad">
          <div>
            
                Looks like something is not right. Please contact your administrator.
            
          </div>
          <div class="ping-note-text">
            
                400 - invalid_request_object: Unable to successfully process the JWT request object
            
          </div>
        </div>
      </div>
      <!-- .ping-body-container -->    </div>
    <!-- .ping-container -->  </body>
</html>

2022-07-18 20:31:16

(3) More

WebRunner

Scripted browser HTTP request

browser

goToUrl

request_method

GET

request_uri

https://idp.conf.ping-eng.com:9031/as/authorization.oauth2?request=eyJraWQiOiJwaW5nZmVkZXJhdGUtZmFwaS1qd3QtYXNzZXJ0aW9uLWNsaWVudDEiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJub25jZSI6ImNRaDVkVFpTdUMiLCJjbGllbnRfaWQiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9pZHAuY29uZi5waW5nLWVuZy5jb206OTAzMSIsIm5iZiI6MTY1ODE3MjA3Niwic2NvcGUiOiJvcGVuaWQgcGF5bWVudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpbmdpZGVudGl0eS1waW5nZmVkZXJhdGUtZmFwaS1hZHYtb3AtbXRscy12YWx1ZS1qYXJtXC9jYWxsYmFjayIsInN0YXRlIjoiaWJVNEVMMTF6UyIsImV4cCI6MTY1ODE3NjU3Nn0.DSxXoPfYHMXeeNsEK67Wc-6aOvSFsozvIzRCIdYvpuWFFqqP5q0DbIk-QWlkFWbUtg5Pf9kZZD-mS-F39BCymQ90RmjTU_CgBrZaYO1ESDL-mdDF4roFoPZ2XGUfnkRJ3DqVNWZAs-dmKxcUJUXT1k1JKlKItWF_FJqbnMNICnnXicP_VIwhc-QiAdKyQBkkth5vXh09mJtOvLf6nYAgqZMxKb-f1liThsMnLmqFUOEl1CPPCX_qzAkBIScbz-2REEJZlvAJnQ5jbq8-fktml2Abln0npP0GSy0YYVXFbPlvui8P54Xe7AY0PSSK9QYdxRf3bZhZZRvmSkcatsHalA&client_id=fapi_adv_op_w_mtls_value_first_client&redirect_uri=https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback&scope=openid%20payments&response_type=code

2022-07-18 20:31:17

(4) More

RESPONSE

WebRunner

Scripted browser HTTP response

response_content	<!DOCTYPE html> <!-- template name: http.error.page.template.html --> <html lang="en" dir="ltr"> <head> <title>Error</title> <base href="https://idp.conf.ping-eng.com:9031/" /> <meta name="robots" content="noindex, nofollow" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no" /> <meta http-equiv="x-ua-compatible" content="IE=edge" /> <link rel="stylesheet" type="text/css" href="assets/css/main.css" /> </head> <body> <div class="ping-container"> <!-- if there is a logo present in the 'company-logo' container, then 'has-logo' class should be added to 'ping-header' container. --> <div class="ping-header"> <span class="company-logo"><!-- client company logo here --></span> Error </div><!-- .ping-header --> <div class="ping-body-container"> <div class="section-title"> Oops </div> <div class="ping-messages ping-nopad"> <div> Looks like something is not right. Please contact your administrator. </div> <div class="ping-note-text"> 400 - invalid_request_object: Unable to successfully process the JWT request object </div> </div> </div> <!-- .ping-body-container --> </div> <!-- .ping-container --> </body> </html>
response_content_type	text/html
response_status_text	400-invalid_request_object: Unable to successfully process the JWT request object
response_status_code	400

2022-07-18 20:31:17

(8) More

INFO

WebRunner

Waiting

regexp	.400 - invalid_request_object
seconds	10
task	capture error
browser	wait
action	update-image-placeholder
element_type	xpath
url	https://idp.conf.ping-eng.com:9031/as/authorization.oauth2?request=eyJraWQiOiJwaW5nZmVkZXJhdGUtZmFwaS1qd3QtYXNzZXJ0aW9uLWNsaWVudDEiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJub25jZSI6ImNRaDVkVFpTdUMiLCJjbGllbnRfaWQiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9pZHAuY29uZi5waW5nLWVuZy5jb206OTAzMSIsIm5iZiI6MTY1ODE3MjA3Niwic2NvcGUiOiJvcGVuaWQgcGF5bWVudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpbmdpZGVudGl0eS1waW5nZmVkZXJhdGUtZmFwaS1hZHYtb3AtbXRscy12YWx1ZS1qYXJtXC9jYWxsYmFjayIsInN0YXRlIjoiaWJVNEVMMTF6UyIsImV4cCI6MTY1ODE3NjU3Nn0.DSxXoPfYHMXeeNsEK67Wc-6aOvSFsozvIzRCIdYvpuWFFqqP5q0DbIk-QWlkFWbUtg5Pf9kZZD-mS-F39BCymQ90RmjTU_CgBrZaYO1ESDL-mdDF4roFoPZ2XGUfnkRJ3DqVNWZAs-dmKxcUJUXT1k1JKlKItWF_FJqbnMNICnnXicP_VIwhc-QiAdKyQBkkth5vXh09mJtOvLf6nYAgqZMxKb-f1liThsMnLmqFUOEl1CPPCX_qzAkBIScbz-2REEJZlvAJnQ5jbq8-fktml2Abln0npP0GSy0YYVXFbPlvui8P54Xe7AY0PSSK9QYdxRf3bZhZZRvmSkcatsHalA&client_id=fapi_adv_op_w_mtls_value_first_client&redirect_uri=https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback&scope=openid%20payments&response_type=code
target	//*

2022-07-18 20:31:17

(1) More

BROWSER

Updated placeholder from scripted browser

placeholder

jFnZJ2Xc94

2022-07-18 20:31:17		BROWSER All placeholders filled by scripted browser

2022-07-18 20:31:17

(6) More

INFO

WebRunner

Completed processing of webpage

task	capture error
browser	complete
response_status_text	400-invalid_request_object: Unable to successfully process the JWT request object
match	https://idp.conf.ping-eng.com:9031/as/authorization.oauth2*
url	https://idp.conf.ping-eng.com:9031/as/authorization.oauth2?request=eyJraWQiOiJwaW5nZmVkZXJhdGUtZmFwaS1qd3QtYXNzZXJ0aW9uLWNsaWVudDEiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJub25jZSI6ImNRaDVkVFpTdUMiLCJjbGllbnRfaWQiOiJmYXBpX2Fkdl9vcF93X210bHNfdmFsdWVfZmlyc3RfY2xpZW50IiwicmVzcG9uc2VfbW9kZSI6Imp3dCIsImF1ZCI6Imh0dHBzOlwvXC9pZHAuY29uZi5waW5nLWVuZy5jb206OTAzMSIsIm5iZiI6MTY1ODE3MjA3Niwic2NvcGUiOiJvcGVuaWQgcGF5bWVudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL3BpbmdpZGVudGl0eS1waW5nZmVkZXJhdGUtZmFwaS1hZHYtb3AtbXRscy12YWx1ZS1qYXJtXC9jYWxsYmFjayIsInN0YXRlIjoiaWJVNEVMMTF6UyIsImV4cCI6MTY1ODE3NjU3Nn0.DSxXoPfYHMXeeNsEK67Wc-6aOvSFsozvIzRCIdYvpuWFFqqP5q0DbIk-QWlkFWbUtg5Pf9kZZD-mS-F39BCymQ90RmjTU_CgBrZaYO1ESDL-mdDF4roFoPZ2XGUfnkRJ3DqVNWZAs-dmKxcUJUXT1k1JKlKItWF_FJqbnMNICnnXicP_VIwhc-QiAdKyQBkkth5vXh09mJtOvLf6nYAgqZMxKb-f1liThsMnLmqFUOEl1CPPCX_qzAkBIScbz-2REEJZlvAJnQ5jbq8-fktml2Abln0npP0GSy0YYVXFbPlvui8P54Xe7AY0PSSK9QYdxRf3bZhZZRvmSkcatsHalA&client_id=fapi_adv_op_w_mtls_value_first_client&redirect_uri=https://www.certification.openid.net/test/a/pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm/callback&scope=openid%20payments&response_type=code
response_status_code	400

2022-07-18 20:31:17

(1) More

FINISHED

fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails

Test has run to completion

testmodule_result

REVIEW

2022-07-18 20:31:18

(2) More

TEST-RUNNER

Alias has now been claimed by another test

alias	pingidentity-pingfederate-fapi-adv-op-mtls-value-jarm
new_test_id	lGLM7wIlJGzHVCF

Test Summary

Test Results