Test Summary

Test Results

Expand All Collapse All
All times are UTC
2022-06-22 01:44:30 INFO
TEST-RUNNER
Test instance UkvkwUKIO33KlIO created
baseUrl
https://www.certification.openid.net/test/a/ZDF-test
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "by_value",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
ZDF-test
description
planId
Xg4EVqJSs9ENH
config
{
  "alias": "ZDF-test",
  "resource": {
    "resourceUrl": "https://pseudo-api.bs.minna-no-ginko.com/accounts/v1"
  },
  "server": {
    "discoveryUrl": "https://pseudo-static.bs.minna-no-ginko.com/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp",
    "scope": "accounts openid",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "d": "xXXJLzvKN-6_4p6rLA-ytRH48QB-DJVRin4A1RbqCA0",
          "use": "sig",
          "crv": "P-256",
          "kid": "frUMU4gP42714FAq2CHp1QQwdiUFe-22B9_BulXICDM",
          "x": "F1ZD5v3aCdaGuLtNIG5kCHizAMHWXajNjOMlv48i75Q",
          "y": "-GLYrefPdl1CJVbmqm0FiPIf2bAnFDAWTtvKwaDvP_0",
          "alg": "ES256"
        }
      ]
    }
  },
  "mtls": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIDyDCCArCgAwIBAgITVolfPdaYOb/eEqOxlITj2fcSiDANBgkqhkiG9w0BAQsF\nADCBoDELMAkGA1UEBhMCSlAxEDAOBgNVBAgTB0Z1a3Vva2ExFDASBgNVBAcTC0Z1\na3Vva2Etc2hpMRkwFwYDVQQKExBNaW5uYSBCYW5rLCBMdGQuMSMwIQYDVQQLExpE\naWdpdGFsIFNlcnZpY2UgTWFuYWdlbWVudDEpMCcGA1UEAxMgcHNldWRvLWFwaS5i\ncy5taW5uYS1uby1naW5rby5jb20wHhcNMjIwNTA4MjMwMzU0WhcNMzIwNTA4MDkx\nMTM0WjArMSkwJwYDVQQDEyBwc2V1ZG8tYXBpLmJzLm1pbm5hLW5vLWdpbmtvLmNv\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKV1KXRULDzPXfQu5B2O\nu2ebXQF7manfHOvl3xFxdDnIRtBFA+XSXn3QaNAJmMMAYcShNIAoT8RpQKY8ULIS\ndCQY2lojMxUVbZa4FOZfa1TJvv1gFL2+D+m/N3VcfCY5tEUwBWhfC1fDUlqtH4NB\nVWKn4kAjk7X34lW2Hh4k6P+FZ0XGeLL4Ys6b0KXkWv+Qt9VPD0pMbzl6Z+TBGK/B\n1wsuZGIUR1uPfEb1dSgvDx85FdALCj/9rRCaIIAYG8dXsrp0fkySAWAqyqzzQZSa\nYcrU3pduJMt0gTs78clLJnP+suOAKRMVi6Xzybx8sXXs6ooeQRCy1mHRVasOjmRN\nloMCAwEAAaNvMG0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMJMAwGA1Ud\nEwEB/wQCMAAwHQYDVR0OBBYEFCHZ/z0QtqEPRZCU0qUQZL6oyt5BMB8GA1UdIwQY\nMBaAFAcDgORMarYq29tDGsEXaop0GzsUMA0GCSqGSIb3DQEBCwUAA4IBAQBU6k4h\nRV5+lieCc+Rm5qp7Jey6RkraKHtBYJ4MW1y8ONgdGP+ti+XtRzc2pHKfF/wglfnJ\nyFmBzilAw4XL5yP5GBhF7OV/rX1WSHAgrxUe1b0SNZ6qsf6564udVIDTKKLJMcAp\nBzdywEHsR65TCm8NeGFLRcHDWanjOjlO+U6jxTYzrVBGZz12RplykxX2skU2IEo+\nadZiZF+koKhESJKwv6+fIN4pj1TuoxGtRRJa3Kl2eYHXEjyazBHMURm/adaOU7UA\nAGT4i5sO79cC1N8TvgtB5EzYy4SmJoeUmjACB1sVxq9WoUj3YqPAy8tae7428TP5\nPe/p/YrQJ4LUaoGY\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIENTCCAx2gAwIBAgIUANWaqV9QYvGd6dPC7O2yhIQDvKkwDQYJKoZIhvcNAQEL\nBQAwgaAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdGdWt1b2thMRQwEgYDVQQHEwtG\ndWt1b2thLXNoaTEZMBcGA1UEChMQTWlubmEgQmFuaywgTHRkLjEjMCEGA1UECxMa\nRGlnaXRhbCBTZXJ2aWNlIE1hbmFnZW1lbnQxKTAnBgNVBAMTIHBzZXVkby1hcGku\nYnMubWlubmEtbm8tZ2lua28uY29tMCAXDTIyMDIyNTA5MTUyNVoYDzIxMjIwMjAx\nMDkxNTI0WjCBoDELMAkGA1UEBhMCSlAxEDAOBgNVBAgTB0Z1a3Vva2ExFDASBgNV\nBAcTC0Z1a3Vva2Etc2hpMRkwFwYDVQQKExBNaW5uYSBCYW5rLCBMdGQuMSMwIQYD\nVQQLExpEaWdpdGFsIFNlcnZpY2UgTWFuYWdlbWVudDEpMCcGA1UEAxMgcHNldWRv\nLWFwaS5icy5taW5uYS1uby1naW5rby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQCKwGqK1IXkyLP6CVM9TYpNz1EoMdv69mOHQ5F6XzIGH0VBAMkF\n1aRHt+G7fRRylwCBxxdRq+lYwWhpljx4f15oGtiXpwYuVcF38FnohG0ASOhdZrWv\nNUH2D+P1VEdVdg5XiGJMiJp8xXUnGPvoDKMSM9O+mJZ28xnBqvA/ft5m5NcSlbFC\nZg03VO+xXgqKr93gFoLVHSxKc+jxsEU8ibnvExJq84OTH9h3+eGo5h/0gTKj72Ps\n4VgvfghGEmwJg9g4dob4nRm80IdJe3EHDvP7ewXHYwh8OETkPFt2UehCYURFVEHs\n5OwZMdi6B22d8t4x1pPyeExee561iyXoXTXrAgMBAAGjYzBhMA4GA1UdDwEB/wQE\nAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHA4DkTGq2KtvbQxrBF2qK\ndBs7FDAfBgNVHSMEGDAWgBQHA4DkTGq2KtvbQxrBF2qKdBs7FDANBgkqhkiG9w0B\nAQsFAAOCAQEAd2aKZNj3wiq0V+XC8qW5Qe7x+NJEaqjs5Hx7dvLa+AMp4VLt1PjM\nVKRM9S2eNITvxk44Qsh1DBTG6HA3Nw01aVI4DE/O+EllGCBCDmxeHG/iZt2KkSVj\nLAFDYBJtMO9Ab8+saGV6PKCl68KY0adIDlKGZGy0mQXD5bOESvNeaDhyupVX24g1\nCVSKXRt4daBGm60forewcIrq7Yp0S0H2gMO4mmMjMa38Pl8/bhDClDARJm7ELJGQ\nN/ImdjKqhsLF0q4yLryqHtNDsDEgQledbNpyMGCqUxZtxFw0c/JZwwoq3yDJmv77\nWmGu2iTZTMmPBwIMeM2ezMfF71wZuKH99A\u003d\u003d\n-----END CERTIFICATE-----",
    "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEApXUpdFQsPM9d9C7kHY67Z5tdAXuZqd8c6+XfEXF0OchG0EUD\n5dJefdBo0AmYwwBhxKE0gChPxGlApjxQshJ0JBjaWiMzFRVtlrgU5l9rVMm+/WAU\nvb4P6b83dVx8Jjm0RTAFaF8LV8NSWq0fg0FVYqfiQCOTtffiVbYeHiTo/4VnRcZ4\nsvhizpvQpeRa/5C31U8PSkxvOXpn5MEYr8HXCy5kYhRHW498RvV1KC8PHzkV0AsK\nP/2tEJoggBgbx1eyunR+TJIBYCrKrPNBlJphytTel24ky3SBOzvxyUsmc/6y44Ap\nExWLpfPJvHyxdezqih5BELLWYdFVqw6OZE2WgwIDAQABAoIBACLtr9mh51DTCeeB\neqCOwBsoHiMw/4hv1EAsX8Hj7IBCOki/OQpsNYxj0ayRShFoZDtJOLcRS32QJpix\nROvCn4f7QyUiJyd9RYw6wha78AGPMWV1wgsoM13KAyAgbQj4x4iPkaSt48wcLKd9\nwphH04mnHUki+YzBjqM/de4xJorCPNBWVhHh0e9/ybK6AdPdGI5EFjG+hBWypIUz\nXdUyFIF+BEnnxxOJH7ufU1A9AFx18qixk/FKCcVyuRKo3szJBL2YuOYeD4WMaN0F\nQmB1a8A+Rv/NE5U43/hnq3xceZROqt7aJmeYy77bF7vWWpXzB8hRvx98SGFDGbPc\nMh9McBkCgYEA1Ng7JCCyE6OINS7b/1M5KmqkJDmGYgVJ3LrAljtG6RrKDMhfecVI\ndLljs55XhuvXexlRuw4EhVu1bc/qnPKy3KfVFwJj31zM9kXkftfQeKECOjuc3zYw\n6RtOWp15/yqt57O98sSxWBw9X0zwfNzRlgKElOBLTNxREABwdEGkeB0CgYEAxwFL\nVjIYDZp5fEuJIl6Nr877u/n7eaaRDiyAiWbrJFkdIAjzKUR8qsLb9RkcaRsUfy/O\n7bOAC/Eh75h5tD0s2Q8ZL7BXJNn5jM2tbGKt0XKdwPIRHw15h3wQrPyPHVEeoGon\n/ytqYBCEBN6kkS95x01gp3wdTW35Tl0uW6XvRx8CgYEAmv/04bRlumOG16QOVfvX\nT4plinPR5yQOzA28HiuA0lTN+00YKmd/AnHXp4CSIREy1NR1bpEgvbUxhIy7QByG\nIKagSadV79127YmsgqrLiG1IX/v1m5+tMrTN9LNlmmsMRgXhOCABPjcignpXT7bH\nckTXJEvKymhPKCYJvr/m9AkCgYBxQOJQBqg7rarvuskrfyYhZKlM3EJqhAnPSDJK\ngADYKcLyhUVlOe28/LJTNVw+0MOEcn/QNTRtF2jZwyuYEKyiRv5tbmzZsxdbM347\nzZjgNttigCCQTInaOhf/aqhD5fOJFYD3rgyW6S9I2jBL0/n5G6cjCfZfJ3QXTd5h\nF/kpvwKBgCaLxqbRqfhfnq37/TX6RAjZ8u1Fob9HEbnGdM/3OmBGzoAuvuZMM209\nHjxfawwfk3aRfuQA0QcZzadInL7G7EJHVbz/QEA/64+4BlUaWts9X4Efv9OlMQ++\nYmd4qnqf9UkXDd4aeCKvFiVDqICsZDPOexunT/+1dy1ylEljIU1i\n-----END RSA PRIVATE KEY-----"
  },
  "client2": {
    "client_id": "2qLOeHKmRO3mhlRsWllxuTYRpRXm6f5B3Jg9b9dGQEyQneAU",
    "scope": "accounts openid",
    "jwks": {
      "keys": [
        {
          "kid": "sim2",
          "kty": "EC",
          "d": "6UC3bRcjpPE5OPC3Qt8foeBf3tsmN1LXf61DwXQDJEw",
          "use": "sig",
          "crv": "P-256",
          "x": "sRME9wNc3susbqCjwcl5D4iv7qiByhFcPhgoncmh05s",
          "y": "0UTli1f5QJcB2hiDjPgH46yOfo31DUy1ijIivQ0RyGU",
          "alg": "ES256"
        }
      ]
    }
  },
  "mtls2": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIDyDCCArCgAwIBAgITOARENV37zZuQ9Xmi+cYaw5h/XDANBgkqhkiG9w0BAQsF\nADCBoDELMAkGA1UEBhMCSlAxEDAOBgNVBAgTB0Z1a3Vva2ExFDASBgNVBAcTC0Z1\na3Vva2Etc2hpMRkwFwYDVQQKExBNaW5uYSBCYW5rLCBMdGQuMSMwIQYDVQQLExpE\naWdpdGFsIFNlcnZpY2UgTWFuYWdlbWVudDEpMCcGA1UEAxMgcHNldWRvLWFwaS5i\ncy5taW5uYS1uby1naW5rby5jb20wHhcNMjIwNTA4MjMwMzMwWhcNMzIwNTA4MDkx\nMTEwWjArMSkwJwYDVQQDEyBwc2V1ZG8tYXBpLmJzLm1pbm5hLW5vLWdpbmtvLmNv\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6zVIphbd/jZ54dBag0\n/2nBNO2yFuja7g+GU2B1Aik63Cpw+A+ph63ZVWoQt4mYBME8t+tZZCyqAh9cy6UG\nudame/+5DhnO3jceTnZPDtpz9dHFPXZTr6n4bi8pF0TibRc6nnL7aegmtD8SsaiS\nMqPhRjB5KiaHbCkKcsDKls+LOs0QQVdYKbxN3gn8J5+PfKi0n2qqYAoy/YT+rY0j\nOxuaZO62zummHhW64yOGxGZTl2rXtJnQnRkmrgjIuCPFLZie+A0m0xVdAp1CO4B7\n+DYt/YrdajY6ixsNH9Q85KtkzMNy7Q5E6XGZgMioqPxYzQEaLouJG3PxvwmQqBUX\npkUCAwEAAaNvMG0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMJMAwGA1Ud\nEwEB/wQCMAAwHQYDVR0OBBYEFGxZWALwsVYch4NUkOSBJKKWKoHxMB8GA1UdIwQY\nMBaAFAcDgORMarYq29tDGsEXaop0GzsUMA0GCSqGSIb3DQEBCwUAA4IBAQA8C/MM\nW+qxuR9X3ifT5XDNFGJVnczdQ/kzKwjqxXVX8a73xrBhVFauS/cgJULL18n3z6A+\nc+J9+WfICSN+sfpxGsQWuUjEpnZcY3bGSMkvRS4kSipHOrzoshZ7xnUjj6WdOQf4\ntOjBYCUYnKEWDywj6lq8tYiSXcC+QlGGY5hrNuG9rXdhrXHXNBQ4ng3J2qzFr7ZZ\nTPGiDAdCUt5oTNyUtUNRhpgK8NS3QSlo1XWgvRKED+966rAK2UgWG+cw10vSH+EC\np/j9XCu4CwVsFwkecGwJWwxfdtw36orofEBP+mN1qjc77O23V7ONKMkJwm9LNu/a\nUpYqVYd0XWlwAoZ+\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIENTCCAx2gAwIBAgIUANWaqV9QYvGd6dPC7O2yhIQDvKkwDQYJKoZIhvcNAQEL\nBQAwgaAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdGdWt1b2thMRQwEgYDVQQHEwtG\ndWt1b2thLXNoaTEZMBcGA1UEChMQTWlubmEgQmFuaywgTHRkLjEjMCEGA1UECxMa\nRGlnaXRhbCBTZXJ2aWNlIE1hbmFnZW1lbnQxKTAnBgNVBAMTIHBzZXVkby1hcGku\nYnMubWlubmEtbm8tZ2lua28uY29tMCAXDTIyMDIyNTA5MTUyNVoYDzIxMjIwMjAx\nMDkxNTI0WjCBoDELMAkGA1UEBhMCSlAxEDAOBgNVBAgTB0Z1a3Vva2ExFDASBgNV\nBAcTC0Z1a3Vva2Etc2hpMRkwFwYDVQQKExBNaW5uYSBCYW5rLCBMdGQuMSMwIQYD\nVQQLExpEaWdpdGFsIFNlcnZpY2UgTWFuYWdlbWVudDEpMCcGA1UEAxMgcHNldWRv\nLWFwaS5icy5taW5uYS1uby1naW5rby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQCKwGqK1IXkyLP6CVM9TYpNz1EoMdv69mOHQ5F6XzIGH0VBAMkF\n1aRHt+G7fRRylwCBxxdRq+lYwWhpljx4f15oGtiXpwYuVcF38FnohG0ASOhdZrWv\nNUH2D+P1VEdVdg5XiGJMiJp8xXUnGPvoDKMSM9O+mJZ28xnBqvA/ft5m5NcSlbFC\nZg03VO+xXgqKr93gFoLVHSxKc+jxsEU8ibnvExJq84OTH9h3+eGo5h/0gTKj72Ps\n4VgvfghGEmwJg9g4dob4nRm80IdJe3EHDvP7ewXHYwh8OETkPFt2UehCYURFVEHs\n5OwZMdi6B22d8t4x1pPyeExee561iyXoXTXrAgMBAAGjYzBhMA4GA1UdDwEB/wQE\nAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHA4DkTGq2KtvbQxrBF2qK\ndBs7FDAfBgNVHSMEGDAWgBQHA4DkTGq2KtvbQxrBF2qKdBs7FDANBgkqhkiG9w0B\nAQsFAAOCAQEAd2aKZNj3wiq0V+XC8qW5Qe7x+NJEaqjs5Hx7dvLa+AMp4VLt1PjM\nVKRM9S2eNITvxk44Qsh1DBTG6HA3Nw01aVI4DE/O+EllGCBCDmxeHG/iZt2KkSVj\nLAFDYBJtMO9Ab8+saGV6PKCl68KY0adIDlKGZGy0mQXD5bOESvNeaDhyupVX24g1\nCVSKXRt4daBGm60forewcIrq7Yp0S0H2gMO4mmMjMa38Pl8/bhDClDARJm7ELJGQ\nN/ImdjKqhsLF0q4yLryqHtNDsDEgQledbNpyMGCqUxZtxFw0c/JZwwoq3yDJmv77\nWmGu2iTZTMmPBwIMeM2ezMfF71wZuKH99A\u003d\u003d\n-----END CERTIFICATE-----",
    "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAvrNUimFt3+Nnnh0FqDT/acE07bIW6NruD4ZTYHUCKTrcKnD4\nD6mHrdlVahC3iZgEwTy361lkLKoCH1zLpQa51qZ7/7kOGc7eNx5Odk8O2nP10cU9\ndlOvqfhuLykXROJtFzqecvtp6Ca0PxKxqJIyo+FGMHkqJodsKQpywMqWz4s6zRBB\nV1gpvE3eCfwnn498qLSfaqpgCjL9hP6tjSM7G5pk7rbO6aYeFbrjI4bEZlOXate0\nmdCdGSauCMi4I8UtmJ74DSbTFV0CnUI7gHv4Ni39it1qNjqLGw0f1Dzkq2TMw3Lt\nDkTpcZmAyKio/FjNARoui4kbc/G/CZCoFRemRQIDAQABAoIBAFv5MbTr+Ioaq0be\nyHOv29+th1F8qv/zVw21w1CqHji0Yqs1gO5M3VtDjqZxGZQK9YAdQLcJjf7cn9lw\nb+dPryGPeg6DugFIfHQo8b6tsoQ5mT1q25HOGtLnNn0YXFiku+iQJQtfplyJDjW9\nVmHu4O2ZILkQNvwOJGRG3cGN8950ehjkaNieMfwYHWYmnlsQ19ghnNDpj6fx5UrP\nnC3wuSe2mrjjGLY5/PQHNddwnFnNDoz5XToc3hDwp6s914iba3Lyqhn6z4J0a90c\nGS0ie19RtMMizVl8pmPx40n0y0erogmXHWFhbE9/HMEKob4WvP37Qru5pI54UOm3\nGSVRRQECgYEA8WNfaZ/zBittQiDaMIXX1E7qhRw859j1SSkrigYH4ErqzrSAhmr/\n2mOcP9LKG+sIAhRMTl9f9Ojhxmbw0u9RGnMEjRwHP93eWyRqPDIwdSkv66XSZ9dH\n4ti4DcrDBfz97dzHUYvh38iGhXyy6Lvtaqy2gbCL4ZiuXVzfBPgAaSkCgYEAyj58\nR+X9UXxzSjhHL2R+8IXm9e/G8e10SID6Be/WrkQV4FsD7O4z0B6uJBJJ0B2oK7U1\ndwvmta7zhNrhyUqWxXjxdaj32C3wL7iJSWt8wEQn1Cv+448jYhUrOEyJcVaM5ArQ\n30eQWOVN+WqcxENUz5kywArmrO3iY+0Isl6DS70CgYEAlJAzdd+ig+aQXQW5I+oM\nNrfHMNt7RLpL5JY5HL6vdETHlSaUf6Y1B6UM0l8aUuppSFZTzFx4w1PdOO28RCZU\nRTIK2AorEAyuQGv+EkRVfJY3zxGEmLJvpNb7GEn1k6bsZcvexHqSLtfMqzVfK0wW\nR/Q6c0FEJjmA/yccf4NfRVkCgYBpVsh2znT192M5WjzBk4+Gicf1ezFdGzgA96TC\naNyhofbfB6jwxFUaZpB/W0M08e2A7n5thjZhlUFjhnop1P7Y1hi2Fw8YezzqLizb\nn++3WQiBu3SkZA6i7LG5Piwsa08xC+0lDupBUxYc/gmvM/69rma/ni3uDm1nbLOl\n7BJo5QKBgQCSQJTsHEH7rBuED4J3RNeoozvbusGpFqhP65LpRtIzpPsr98Eyxmgx\nZm42P1/WCXCZEiBV7UOdnrL1tFtc+C/zGcq0G9EvyPH1KRD35Db/gi/C731jONDC\nvWJpxUU5H/Fg0axEIuaywKEFiRQqWulF7BlZ7vDjHPshQCeGO9091A\u003d\u003d\n-----END RSA PRIVATE KEY-----\n"
  }
}
testName
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
2022-06-22 01:44:30 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/ZDF-test/callback
2022-06-22 01:44:30
GetDynamicServerConfiguration
HTTP request
request_uri
https://pseudo-static.bs.minna-no-ginko.com/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-06-22 01:44:31 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-guploader-uploadid": "ADPycduM-mFZxzU-aH6VMEFMb06RgTW5NyJqipv-60toZkAHLQwyIdM81_Mxj875K0Ud3SWqCNiHmnvNfJTdjDXQLPStVHWEhu59",
  "expires": "Wed, 22 Jun 2022 01:44:31 GMT",
  "date": "Wed, 22 Jun 2022 01:44:31 GMT",
  "cache-control": "private, max-age\u003d0",
  "last-modified": "Tue, 07 Jun 2022 01:27:47 GMT",
  "etag": "\"4e88cb77df5b863214c927797ab3ded6\"",
  "x-goog-generation": "1654565267864383",
  "x-goog-metageneration": "1",
  "x-goog-stored-content-encoding": "identity",
  "x-goog-stored-content-length": "1400",
  "content-type": "application/json",
  "x-goog-hash": [
    "crc32c\u003dqdUYlw\u003d\u003d",
    "md5\u003dTojLd99bhjIUySd5erPe1g\u003d\u003d"
  ],
  "x-goog-storage-class": "STANDARD",
  "accept-ranges": "bytes",
  "content-length": "1400",
  "server": "UploadServer",
  "content-security-policy": "default-src \u0027self\u0027 https://pseudo-static.bs.minna-no-ginko.com https://pseudo-api.bs.minna-no-ginko.com; script-src https://pseudo-static.bs.minna-no-ginko.com; style-src \u0027unsafe-inline\u0027 https://pseudo-static.bs.minna-no-ginko.com; font-src https://pseudo-static.bs.minna-no-ginko.com; form-action https:; connect-src https://pseudo-static.bs.minna-no-ginko.com https://pseudo-api.bs.minna-no-ginko.com; base-uri \u0027self\u0027; frame-src \u0027none\u0027; media-src \u0027none\u0027; object-src \u0027none\u0027; worker-src \u0027none\u0027;",
  "strict-transport-security": "max-age\u003d31536000",
  "x-content-type-options": "nosniff",
  "x-frame-options": "deny",
  "alt-svc": "h3\u003d\":443\"; ma\u003d2592000,h3-29\u003d\":443\"; ma\u003d2592000"
}
response_body
{
  "issuer": "https://pseudo-static.bs.minna-no-ginko.com",
  "authorization_endpoint": "https://pseudo-api.bs.minna-no-ginko.com/oauth2/v1/authorize",
  "token_endpoint": "https://pseudo-api.bs.minna-no-ginko.com/oauth2/v1/token",
  "jwks_uri": "https://pseudo-static.bs.minna-no-ginko.com/.well-known/jwks.json",
  "scopes_supported": [
    "openid",
    "accounts",
    "consents",
    "create:consents",
    "read:accounts"
  ],
  "request_object_signing_alg_values_supported": [
    "ES256"
  ],
  "response_modes_supported": [
    "query.jwt", "jwt"
  ],
  "response_types_supported": [
    "code"
  ],
  "authorization_signing_alg_values_supported": [
    "ES256"
  ],
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token"
  ],
  "subject_types_supported": [
    "pairwise"
  ],
  "id_token_signing_alg_values_supported": [
    "ES256"
  ],
  "id_token_encryption_alg_values_supported": [],
  "id_token_encryption_enc_values_supported": [],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "tls_client_auth"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "ES256"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "tls_client_certificate_bound_access_tokens": true,
  "claims_parameter_supported": false,
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false
}
2022-06-22 01:44:31 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
issuer
https://pseudo-static.bs.minna-no-ginko.com
authorization_endpoint
https://pseudo-api.bs.minna-no-ginko.com/oauth2/v1/authorize
token_endpoint
https://pseudo-api.bs.minna-no-ginko.com/oauth2/v1/token
jwks_uri
https://pseudo-static.bs.minna-no-ginko.com/.well-known/jwks.json
scopes_supported
[
  "openid",
  "accounts",
  "consents",
  "create:consents",
  "read:accounts"
]
request_object_signing_alg_values_supported
[
  "ES256"
]
response_modes_supported
[
  "query.jwt",
  "jwt"
]
response_types_supported
[
  "code"
]
authorization_signing_alg_values_supported
[
  "ES256"
]
grant_types_supported
[
  "authorization_code",
  "client_credentials",
  "refresh_token"
]
subject_types_supported
[
  "pairwise"
]
id_token_signing_alg_values_supported
[
  "ES256"
]
id_token_encryption_alg_values_supported
[]
id_token_encryption_enc_values_supported
[]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "ES256"
]
code_challenge_methods_supported
[
  "S256"
]
tls_client_certificate_bound_access_tokens
true
claims_parameter_supported
false
request_parameter_supported
true
request_uri_parameter_supported
false
2022-06-22 01:44:31 SUCCESS
AddMTLSEndpointAliasesToEnvironment
Added mtls_endpoint_aliases to environment
2022-06-22 01:44:31 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2022-06-22 01:44:31
FetchServerKeys
Fetching server key
jwks_uri
https://pseudo-static.bs.minna-no-ginko.com/.well-known/jwks.json
2022-06-22 01:44:31
FetchServerKeys
HTTP request
request_uri
https://pseudo-static.bs.minna-no-ginko.com/.well-known/jwks.json
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-06-22 01:44:31 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-guploader-uploadid": "ADPycduDm4qm5-W70rAsajr9yk50fuU-lg-N7N-4doPyy-GzB02P5O63Ed9ybXF25uc4MBc5GoBujm0Sj4jamTP8pZ-Rcw",
  "expires": "Wed, 22 Jun 2022 01:44:31 GMT",
  "date": "Wed, 22 Jun 2022 01:44:31 GMT",
  "cache-control": "private, max-age\u003d0",
  "last-modified": "Tue, 07 Jun 2022 08:06:21 GMT",
  "etag": "\"738d1951e260b54561cd0918cd1e9390\"",
  "x-goog-generation": "1654589181620933",
  "x-goog-metageneration": "1",
  "x-goog-stored-content-encoding": "identity",
  "x-goog-stored-content-length": "306",
  "content-type": "application/json",
  "x-goog-hash": [
    "crc32c\u003di6eC+w\u003d\u003d",
    "md5\u003dc40ZUeJgtUVhzQkYzR6TkA\u003d\u003d"
  ],
  "x-goog-storage-class": "STANDARD",
  "accept-ranges": "bytes",
  "content-length": "306",
  "server": "UploadServer",
  "content-security-policy": "default-src \u0027self\u0027 https://pseudo-static.bs.minna-no-ginko.com https://pseudo-api.bs.minna-no-ginko.com; script-src https://pseudo-static.bs.minna-no-ginko.com; style-src \u0027unsafe-inline\u0027 https://pseudo-static.bs.minna-no-ginko.com; font-src https://pseudo-static.bs.minna-no-ginko.com; form-action https:; connect-src https://pseudo-static.bs.minna-no-ginko.com https://pseudo-api.bs.minna-no-ginko.com; base-uri \u0027self\u0027; frame-src \u0027none\u0027; media-src \u0027none\u0027; object-src \u0027none\u0027; worker-src \u0027none\u0027;",
  "strict-transport-security": "max-age\u003d31536000",
  "x-content-type-options": "nosniff",
  "x-frame-options": "deny",
  "alt-svc": "h3\u003d\":443\"; ma\u003d2592000,h3-29\u003d\":443\"; ma\u003d2592000"
}
response_body
{
    "keys": [
      {
        "kty": "EC",
        "use": "sig",
        "crv": "P-256",
        "kid": "701fca13-4963-45c9-ada0-e98289a817c9",
        "x": "QQGcik4VZQi145KYvgssY0RQ8_rshDdZY6CamXXZBI0",
        "y": "aO3Ro37uFH6lNG6pQt7rH1in8ulFvl-FGNzyBL68PP8",
        "alg": "ES256"
      }
    ]
  }
2022-06-22 01:44:31
FetchServerKeys
Found JWK set string
jwk_string
{
    "keys": [
      {
        "kty": "EC",
        "use": "sig",
        "crv": "P-256",
        "kid": "701fca13-4963-45c9-ada0-e98289a817c9",
        "x": "QQGcik4VZQi145KYvgssY0RQ8_rshDdZY6CamXXZBI0",
        "y": "aO3Ro37uFH6lNG6pQt7rH1in8ulFvl-FGNzyBL68PP8",
        "alg": "ES256"
      }
    ]
  }
2022-06-22 01:44:31 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "701fca13-4963-45c9-ada0-e98289a817c9",
      "x": "QQGcik4VZQi145KYvgssY0RQ8_rshDdZY6CamXXZBI0",
      "y": "aO3Ro37uFH6lNG6pQt7rH1in8ulFvl-FGNzyBL68PP8",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "701fca13-4963-45c9-ada0-e98289a817c9",
      "x": "QQGcik4VZQi145KYvgssY0RQ8_rshDdZY6CamXXZBI0",
      "y": "aO3Ro37uFH6lNG6pQt7rH1in8ulFvl-FGNzyBL68PP8",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2022-06-22 01:44:31 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2022-06-22 01:44:31 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2022-06-22 01:44:31 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "701fca13-4963-45c9-ada0-e98289a817c9",
      "x": "QQGcik4VZQi145KYvgssY0RQ8_rshDdZY6CamXXZBI0",
      "y": "aO3Ro37uFH6lNG6pQt7rH1in8ulFvl-FGNzyBL68PP8",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp
scope
accounts openid
jwks
{
  "keys": [
    {
      "kty": "EC",
      "d": "xXXJLzvKN-6_4p6rLA-ytRH48QB-DJVRin4A1RbqCA0",
      "use": "sig",
      "crv": "P-256",
      "kid": "frUMU4gP42714FAq2CHp1QQwdiUFe-22B9_BulXICDM",
      "x": "F1ZD5v3aCdaGuLtNIG5kCHizAMHWXajNjOMlv48i75Q",
      "y": "-GLYrefPdl1CJVbmqm0FiPIf2bAnFDAWTtvKwaDvP_0",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2022-06-22 01:44:31 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2022-06-22 01:44:31
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2022-06-22 01:44:31 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIDyDCCArCgAwIBAgITVolfPdaYOb/eEqOxlITj2fcSiDANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCSlAxEDAOBgNVBAgTB0Z1a3Vva2ExFDASBgNVBAcTC0Z1a3Vva2Etc2hpMRkwFwYDVQQKExBNaW5uYSBCYW5rLCBMdGQuMSMwIQYDVQQLExpEaWdpdGFsIFNlcnZpY2UgTWFuYWdlbWVudDEpMCcGA1UEAxMgcHNldWRvLWFwaS5icy5taW5uYS1uby1naW5rby5jb20wHhcNMjIwNTA4MjMwMzU0WhcNMzIwNTA4MDkxMTM0WjArMSkwJwYDVQQDEyBwc2V1ZG8tYXBpLmJzLm1pbm5hLW5vLWdpbmtvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKV1KXRULDzPXfQu5B2Ou2ebXQF7manfHOvl3xFxdDnIRtBFA+XSXn3QaNAJmMMAYcShNIAoT8RpQKY8ULISdCQY2lojMxUVbZa4FOZfa1TJvv1gFL2+D+m/N3VcfCY5tEUwBWhfC1fDUlqtH4NBVWKn4kAjk7X34lW2Hh4k6P+FZ0XGeLL4Ys6b0KXkWv+Qt9VPD0pMbzl6Z+TBGK/B1wsuZGIUR1uPfEb1dSgvDx85FdALCj/9rRCaIIAYG8dXsrp0fkySAWAqyqzzQZSaYcrU3pduJMt0gTs78clLJnP+suOAKRMVi6Xzybx8sXXs6ooeQRCy1mHRVasOjmRNloMCAwEAAaNvMG0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMJMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCHZ/z0QtqEPRZCU0qUQZL6oyt5BMB8GA1UdIwQYMBaAFAcDgORMarYq29tDGsEXaop0GzsUMA0GCSqGSIb3DQEBCwUAA4IBAQBU6k4hRV5+lieCc+Rm5qp7Jey6RkraKHtBYJ4MW1y8ONgdGP+ti+XtRzc2pHKfF/wglfnJyFmBzilAw4XL5yP5GBhF7OV/rX1WSHAgrxUe1b0SNZ6qsf6564udVIDTKKLJMcApBzdywEHsR65TCm8NeGFLRcHDWanjOjlO+U6jxTYzrVBGZz12RplykxX2skU2IEo+adZiZF+koKhESJKwv6+fIN4pj1TuoxGtRRJa3Kl2eYHXEjyazBHMURm/adaOU7UAAGT4i5sO79cC1N8TvgtB5EzYy4SmJoeUmjACB1sVxq9WoUj3YqPAy8tae7428TP5Pe/p/YrQJ4LUaoGYMIIENTCCAx2gAwIBAgIUANWaqV9QYvGd6dPC7O2yhIQDvKkwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdGdWt1b2thMRQwEgYDVQQHEwtGdWt1b2thLXNoaTEZMBcGA1UEChMQTWlubmEgQmFuaywgTHRkLjEjMCEGA1UECxMaRGlnaXRhbCBTZXJ2aWNlIE1hbmFnZW1lbnQxKTAnBgNVBAMTIHBzZXVkby1hcGkuYnMubWlubmEtbm8tZ2lua28uY29tMCAXDTIyMDIyNTA5MTUyNVoYDzIxMjIwMjAxMDkxNTI0WjCBoDELMAkGA1UEBhMCSlAxEDAOBgNVBAgTB0Z1a3Vva2ExFDASBgNVBAcTC0Z1a3Vva2Etc2hpMRkwFwYDVQQKExBNaW5uYSBCYW5rLCBMdGQuMSMwIQYDVQQLExpEaWdpdGFsIFNlcnZpY2UgTWFuYWdlbWVudDEpMCcGA1UEAxMgcHNldWRvLWFwaS5icy5taW5uYS1uby1naW5rby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKwGqK1IXkyLP6CVM9TYpNz1EoMdv69mOHQ5F6XzIGH0VBAMkF1aRHt+G7fRRylwCBxxdRq+lYwWhpljx4f15oGtiXpwYuVcF38FnohG0ASOhdZrWvNUH2D+P1VEdVdg5XiGJMiJp8xXUnGPvoDKMSM9O+mJZ28xnBqvA/ft5m5NcSlbFCZg03VO+xXgqKr93gFoLVHSxKc+jxsEU8ibnvExJq84OTH9h3+eGo5h/0gTKj72Ps4VgvfghGEmwJg9g4dob4nRm80IdJe3EHDvP7ewXHYwh8OETkPFt2UehCYURFVEHs5OwZMdi6B22d8t4x1pPyeExee561iyXoXTXrAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHA4DkTGq2KtvbQxrBF2qKdBs7FDAfBgNVHSMEGDAWgBQHA4DkTGq2KtvbQxrBF2qKdBs7FDANBgkqhkiG9w0BAQsFAAOCAQEAd2aKZNj3wiq0V+XC8qW5Qe7x+NJEaqjs5Hx7dvLa+AMp4VLt1PjMVKRM9S2eNITvxk44Qsh1DBTG6HA3Nw01aVI4DE/O+EllGCBCDmxeHG/iZt2KkSVjLAFDYBJtMO9Ab8+saGV6PKCl68KY0adIDlKGZGy0mQXD5bOESvNeaDhyupVX24g1CVSKXRt4daBGm60forewcIrq7Yp0S0H2gMO4mmMjMa38Pl8/bhDClDARJm7ELJGQN/ImdjKqhsLF0q4yLryqHtNDsDEgQledbNpyMGCqUxZtxFw0c/JZwwoq3yDJmv77WmGu2iTZTMmPBwIMeM2ezMfF71wZuKH99A==
key
MIIEowIBAAKCAQEApXUpdFQsPM9d9C7kHY67Z5tdAXuZqd8c6+XfEXF0OchG0EUD5dJefdBo0AmYwwBhxKE0gChPxGlApjxQshJ0JBjaWiMzFRVtlrgU5l9rVMm+/WAUvb4P6b83dVx8Jjm0RTAFaF8LV8NSWq0fg0FVYqfiQCOTtffiVbYeHiTo/4VnRcZ4svhizpvQpeRa/5C31U8PSkxvOXpn5MEYr8HXCy5kYhRHW498RvV1KC8PHzkV0AsKP/2tEJoggBgbx1eyunR+TJIBYCrKrPNBlJphytTel24ky3SBOzvxyUsmc/6y44ApExWLpfPJvHyxdezqih5BELLWYdFVqw6OZE2WgwIDAQABAoIBACLtr9mh51DTCeeBeqCOwBsoHiMw/4hv1EAsX8Hj7IBCOki/OQpsNYxj0ayRShFoZDtJOLcRS32QJpixROvCn4f7QyUiJyd9RYw6wha78AGPMWV1wgsoM13KAyAgbQj4x4iPkaSt48wcLKd9wphH04mnHUki+YzBjqM/de4xJorCPNBWVhHh0e9/ybK6AdPdGI5EFjG+hBWypIUzXdUyFIF+BEnnxxOJH7ufU1A9AFx18qixk/FKCcVyuRKo3szJBL2YuOYeD4WMaN0FQmB1a8A+Rv/NE5U43/hnq3xceZROqt7aJmeYy77bF7vWWpXzB8hRvx98SGFDGbPcMh9McBkCgYEA1Ng7JCCyE6OINS7b/1M5KmqkJDmGYgVJ3LrAljtG6RrKDMhfecVIdLljs55XhuvXexlRuw4EhVu1bc/qnPKy3KfVFwJj31zM9kXkftfQeKECOjuc3zYw6RtOWp15/yqt57O98sSxWBw9X0zwfNzRlgKElOBLTNxREABwdEGkeB0CgYEAxwFLVjIYDZp5fEuJIl6Nr877u/n7eaaRDiyAiWbrJFkdIAjzKUR8qsLb9RkcaRsUfy/O7bOAC/Eh75h5tD0s2Q8ZL7BXJNn5jM2tbGKt0XKdwPIRHw15h3wQrPyPHVEeoGon/ytqYBCEBN6kkS95x01gp3wdTW35Tl0uW6XvRx8CgYEAmv/04bRlumOG16QOVfvXT4plinPR5yQOzA28HiuA0lTN+00YKmd/AnHXp4CSIREy1NR1bpEgvbUxhIy7QByGIKagSadV79127YmsgqrLiG1IX/v1m5+tMrTN9LNlmmsMRgXhOCABPjcignpXT7bHckTXJEvKymhPKCYJvr/m9AkCgYBxQOJQBqg7rarvuskrfyYhZKlM3EJqhAnPSDJKgADYKcLyhUVlOe28/LJTNVw+0MOEcn/QNTRtF2jZwyuYEKyiRv5tbmzZsxdbM347zZjgNttigCCQTInaOhf/aqhD5fOJFYD3rgyW6S9I2jBL0/n5G6cjCfZfJ3QXTd5hF/kpvwKBgCaLxqbRqfhfnq37/TX6RAjZ8u1Fob9HEbnGdM/3OmBGzoAuvuZMM209Hjxfawwfk3aRfuQA0QcZzadInL7G7EJHVbz/QEA/64+4BlUaWts9X4Efv9OlMQ++Ymd4qnqf9UkXDd4aeCKvFiVDqICsZDPOexunT/+1dy1ylEljIU1i
2022-06-22 01:44:31 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2022-06-22 01:44:31 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "d": "xXXJLzvKN-6_4p6rLA-ytRH48QB-DJVRin4A1RbqCA0",
      "use": "sig",
      "crv": "P-256",
      "kid": "frUMU4gP42714FAq2CHp1QQwdiUFe-22B9_BulXICDM",
      "x": "F1ZD5v3aCdaGuLtNIG5kCHizAMHWXajNjOMlv48i75Q",
      "y": "-GLYrefPdl1CJVbmqm0FiPIf2bAnFDAWTtvKwaDvP_0",
      "alg": "ES256"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "frUMU4gP42714FAq2CHp1QQwdiUFe-22B9_BulXICDM",
      "x": "F1ZD5v3aCdaGuLtNIG5kCHizAMHWXajNjOMlv48i75Q",
      "y": "-GLYrefPdl1CJVbmqm0FiPIf2bAnFDAWTtvKwaDvP_0",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2022-06-22 01:44:31 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-06-22 01:44:31 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "PS256",
  "ES256"
]
2022-06-22 01:44:31 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "d": "xXXJLzvKN-6_4p6rLA-ytRH48QB-DJVRin4A1RbqCA0",
      "use": "sig",
      "crv": "P-256",
      "kid": "frUMU4gP42714FAq2CHp1QQwdiUFe-22B9_BulXICDM",
      "x": "F1ZD5v3aCdaGuLtNIG5kCHizAMHWXajNjOMlv48i75Q",
      "y": "-GLYrefPdl1CJVbmqm0FiPIf2bAnFDAWTtvKwaDvP_0",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
Verify configuration of second client
2022-06-22 01:44:31 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
2qLOeHKmRO3mhlRsWllxuTYRpRXm6f5B3Jg9b9dGQEyQneAU
scope
accounts openid
jwks
{
  "keys": [
    {
      "kid": "sim2",
      "kty": "EC",
      "d": "6UC3bRcjpPE5OPC3Qt8foeBf3tsmN1LXf61DwXQDJEw",
      "use": "sig",
      "crv": "P-256",
      "x": "sRME9wNc3susbqCjwcl5D4iv7qiByhFcPhgoncmh05s",
      "y": "0UTli1f5QJcB2hiDjPgH46yOfo31DUy1ijIivQ0RyGU",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
2022-06-22 01:44:31 SUCCESS
ValidateMTLSCertificates2Header
MTLS certificates header is valid
2022-06-22 01:44:31
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
2022-06-22 01:44:31 SUCCESS
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIDyDCCArCgAwIBAgITOARENV37zZuQ9Xmi+cYaw5h/XDANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCSlAxEDAOBgNVBAgTB0Z1a3Vva2ExFDASBgNVBAcTC0Z1a3Vva2Etc2hpMRkwFwYDVQQKExBNaW5uYSBCYW5rLCBMdGQuMSMwIQYDVQQLExpEaWdpdGFsIFNlcnZpY2UgTWFuYWdlbWVudDEpMCcGA1UEAxMgcHNldWRvLWFwaS5icy5taW5uYS1uby1naW5rby5jb20wHhcNMjIwNTA4MjMwMzMwWhcNMzIwNTA4MDkxMTEwWjArMSkwJwYDVQQDEyBwc2V1ZG8tYXBpLmJzLm1pbm5hLW5vLWdpbmtvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6zVIphbd/jZ54dBag0/2nBNO2yFuja7g+GU2B1Aik63Cpw+A+ph63ZVWoQt4mYBME8t+tZZCyqAh9cy6UGudame/+5DhnO3jceTnZPDtpz9dHFPXZTr6n4bi8pF0TibRc6nnL7aegmtD8SsaiSMqPhRjB5KiaHbCkKcsDKls+LOs0QQVdYKbxN3gn8J5+PfKi0n2qqYAoy/YT+rY0jOxuaZO62zummHhW64yOGxGZTl2rXtJnQnRkmrgjIuCPFLZie+A0m0xVdAp1CO4B7+DYt/YrdajY6ixsNH9Q85KtkzMNy7Q5E6XGZgMioqPxYzQEaLouJG3PxvwmQqBUXpkUCAwEAAaNvMG0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMJMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGxZWALwsVYch4NUkOSBJKKWKoHxMB8GA1UdIwQYMBaAFAcDgORMarYq29tDGsEXaop0GzsUMA0GCSqGSIb3DQEBCwUAA4IBAQA8C/MMW+qxuR9X3ifT5XDNFGJVnczdQ/kzKwjqxXVX8a73xrBhVFauS/cgJULL18n3z6A+c+J9+WfICSN+sfpxGsQWuUjEpnZcY3bGSMkvRS4kSipHOrzoshZ7xnUjj6WdOQf4tOjBYCUYnKEWDywj6lq8tYiSXcC+QlGGY5hrNuG9rXdhrXHXNBQ4ng3J2qzFr7ZZTPGiDAdCUt5oTNyUtUNRhpgK8NS3QSlo1XWgvRKED+966rAK2UgWG+cw10vSH+ECp/j9XCu4CwVsFwkecGwJWwxfdtw36orofEBP+mN1qjc77O23V7ONKMkJwm9LNu/aUpYqVYd0XWlwAoZ+MIIENTCCAx2gAwIBAgIUANWaqV9QYvGd6dPC7O2yhIQDvKkwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdGdWt1b2thMRQwEgYDVQQHEwtGdWt1b2thLXNoaTEZMBcGA1UEChMQTWlubmEgQmFuaywgTHRkLjEjMCEGA1UECxMaRGlnaXRhbCBTZXJ2aWNlIE1hbmFnZW1lbnQxKTAnBgNVBAMTIHBzZXVkby1hcGkuYnMubWlubmEtbm8tZ2lua28uY29tMCAXDTIyMDIyNTA5MTUyNVoYDzIxMjIwMjAxMDkxNTI0WjCBoDELMAkGA1UEBhMCSlAxEDAOBgNVBAgTB0Z1a3Vva2ExFDASBgNVBAcTC0Z1a3Vva2Etc2hpMRkwFwYDVQQKExBNaW5uYSBCYW5rLCBMdGQuMSMwIQYDVQQLExpEaWdpdGFsIFNlcnZpY2UgTWFuYWdlbWVudDEpMCcGA1UEAxMgcHNldWRvLWFwaS5icy5taW5uYS1uby1naW5rby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKwGqK1IXkyLP6CVM9TYpNz1EoMdv69mOHQ5F6XzIGH0VBAMkF1aRHt+G7fRRylwCBxxdRq+lYwWhpljx4f15oGtiXpwYuVcF38FnohG0ASOhdZrWvNUH2D+P1VEdVdg5XiGJMiJp8xXUnGPvoDKMSM9O+mJZ28xnBqvA/ft5m5NcSlbFCZg03VO+xXgqKr93gFoLVHSxKc+jxsEU8ibnvExJq84OTH9h3+eGo5h/0gTKj72Ps4VgvfghGEmwJg9g4dob4nRm80IdJe3EHDvP7ewXHYwh8OETkPFt2UehCYURFVEHs5OwZMdi6B22d8t4x1pPyeExee561iyXoXTXrAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHA4DkTGq2KtvbQxrBF2qKdBs7FDAfBgNVHSMEGDAWgBQHA4DkTGq2KtvbQxrBF2qKdBs7FDANBgkqhkiG9w0BAQsFAAOCAQEAd2aKZNj3wiq0V+XC8qW5Qe7x+NJEaqjs5Hx7dvLa+AMp4VLt1PjMVKRM9S2eNITvxk44Qsh1DBTG6HA3Nw01aVI4DE/O+EllGCBCDmxeHG/iZt2KkSVjLAFDYBJtMO9Ab8+saGV6PKCl68KY0adIDlKGZGy0mQXD5bOESvNeaDhyupVX24g1CVSKXRt4daBGm60forewcIrq7Yp0S0H2gMO4mmMjMa38Pl8/bhDClDARJm7ELJGQN/ImdjKqhsLF0q4yLryqHtNDsDEgQledbNpyMGCqUxZtxFw0c/JZwwoq3yDJmv77WmGu2iTZTMmPBwIMeM2ezMfF71wZuKH99A==
key
MIIEpAIBAAKCAQEAvrNUimFt3+Nnnh0FqDT/acE07bIW6NruD4ZTYHUCKTrcKnD4D6mHrdlVahC3iZgEwTy361lkLKoCH1zLpQa51qZ7/7kOGc7eNx5Odk8O2nP10cU9dlOvqfhuLykXROJtFzqecvtp6Ca0PxKxqJIyo+FGMHkqJodsKQpywMqWz4s6zRBBV1gpvE3eCfwnn498qLSfaqpgCjL9hP6tjSM7G5pk7rbO6aYeFbrjI4bEZlOXate0mdCdGSauCMi4I8UtmJ74DSbTFV0CnUI7gHv4Ni39it1qNjqLGw0f1Dzkq2TMw3LtDkTpcZmAyKio/FjNARoui4kbc/G/CZCoFRemRQIDAQABAoIBAFv5MbTr+Ioaq0beyHOv29+th1F8qv/zVw21w1CqHji0Yqs1gO5M3VtDjqZxGZQK9YAdQLcJjf7cn9lwb+dPryGPeg6DugFIfHQo8b6tsoQ5mT1q25HOGtLnNn0YXFiku+iQJQtfplyJDjW9VmHu4O2ZILkQNvwOJGRG3cGN8950ehjkaNieMfwYHWYmnlsQ19ghnNDpj6fx5UrPnC3wuSe2mrjjGLY5/PQHNddwnFnNDoz5XToc3hDwp6s914iba3Lyqhn6z4J0a90cGS0ie19RtMMizVl8pmPx40n0y0erogmXHWFhbE9/HMEKob4WvP37Qru5pI54UOm3GSVRRQECgYEA8WNfaZ/zBittQiDaMIXX1E7qhRw859j1SSkrigYH4ErqzrSAhmr/2mOcP9LKG+sIAhRMTl9f9Ojhxmbw0u9RGnMEjRwHP93eWyRqPDIwdSkv66XSZ9dH4ti4DcrDBfz97dzHUYvh38iGhXyy6Lvtaqy2gbCL4ZiuXVzfBPgAaSkCgYEAyj58R+X9UXxzSjhHL2R+8IXm9e/G8e10SID6Be/WrkQV4FsD7O4z0B6uJBJJ0B2oK7U1dwvmta7zhNrhyUqWxXjxdaj32C3wL7iJSWt8wEQn1Cv+448jYhUrOEyJcVaM5ArQ30eQWOVN+WqcxENUz5kywArmrO3iY+0Isl6DS70CgYEAlJAzdd+ig+aQXQW5I+oMNrfHMNt7RLpL5JY5HL6vdETHlSaUf6Y1B6UM0l8aUuppSFZTzFx4w1PdOO28RCZURTIK2AorEAyuQGv+EkRVfJY3zxGEmLJvpNb7GEn1k6bsZcvexHqSLtfMqzVfK0wWR/Q6c0FEJjmA/yccf4NfRVkCgYBpVsh2znT192M5WjzBk4+Gicf1ezFdGzgA96TCaNyhofbfB6jwxFUaZpB/W0M08e2A7n5thjZhlUFjhnop1P7Y1hi2Fw8YezzqLizbn++3WQiBu3SkZA6i7LG5Piwsa08xC+0lDupBUxYc/gmvM/69rma/ni3uDm1nbLOl7BJo5QKBgQCSQJTsHEH7rBuED4J3RNeoozvbusGpFqhP65LpRtIzpPsr98EyxmgxZm42P1/WCXCZEiBV7UOdnrL1tFtc+C/zGcq0G9EvyPH1KRD35Db/gi/C731jONDCvWJpxUU5H/Fg0axEIuaywKEFiRQqWulF7BlZ7vDjHPshQCeGO9091A==
2022-06-22 01:44:31 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2022-06-22 01:44:31 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kid": "sim2",
      "kty": "EC",
      "d": "6UC3bRcjpPE5OPC3Qt8foeBf3tsmN1LXf61DwXQDJEw",
      "use": "sig",
      "crv": "P-256",
      "x": "sRME9wNc3susbqCjwcl5D4iv7qiByhFcPhgoncmh05s",
      "y": "0UTli1f5QJcB2hiDjPgH46yOfo31DUy1ijIivQ0RyGU",
      "alg": "ES256"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "sim2",
      "x": "sRME9wNc3susbqCjwcl5D4iv7qiByhFcPhgoncmh05s",
      "y": "0UTli1f5QJcB2hiDjPgH46yOfo31DUy1ijIivQ0RyGU",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2022-06-22 01:44:31 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-06-22 01:44:31 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "PS256",
  "ES256"
]
2022-06-22 01:44:31 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kid": "sim2",
      "kty": "EC",
      "d": "6UC3bRcjpPE5OPC3Qt8foeBf3tsmN1LXf61DwXQDJEw",
      "use": "sig",
      "crv": "P-256",
      "x": "sRME9wNc3susbqCjwcl5D4iv7qiByhFcPhgoncmh05s",
      "y": "0UTli1f5QJcB2hiDjPgH46yOfo31DUy1ijIivQ0RyGU",
      "alg": "ES256"
    }
  ]
}
2022-06-22 01:44:31 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2022-06-22 01:44:31 SUCCESS
ValidateClientPrivateKeysAreDifferent
Client signing JWKs have different thumbprints
jwk1
{
  "kty": "EC",
  "d": "xXXJLzvKN-6_4p6rLA-ytRH48QB-DJVRin4A1RbqCA0",
  "use": "sig",
  "crv": "P-256",
  "kid": "frUMU4gP42714FAq2CHp1QQwdiUFe-22B9_BulXICDM",
  "x": "F1ZD5v3aCdaGuLtNIG5kCHizAMHWXajNjOMlv48i75Q",
  "y": "-GLYrefPdl1CJVbmqm0FiPIf2bAnFDAWTtvKwaDvP_0",
  "alg": "ES256"
}
jwk2
{
  "kty": "EC",
  "d": "6UC3bRcjpPE5OPC3Qt8foeBf3tsmN1LXf61DwXQDJEw",
  "use": "sig",
  "crv": "P-256",
  "kid": "sim2",
  "x": "sRME9wNc3susbqCjwcl5D4iv7qiByhFcPhgoncmh05s",
  "y": "0UTli1f5QJcB2hiDjPgH46yOfo31DUy1ijIivQ0RyGU",
  "alg": "ES256"
}
2022-06-22 01:44:31 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://pseudo-api.bs.minna-no-ginko.com/accounts/v1
2022-06-22 01:44:31 SUCCESS
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
protected_resource_url
https://pseudo-api.bs.minna-no-ginko.com/accounts/v1
2022-06-22 01:44:31 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "pseudo-api.bs.minna-no-ginko.com",
  "testPort": 443
}
2022-06-22 01:44:31 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "pseudo-api.bs.minna-no-ginko.com",
  "testPort": 443
}
accounts_request_endpoint
{
  "testHost": "pseudo-api.bs.minna-no-ginko.com",
  "testPort": 443
}
2022-06-22 01:44:31
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Setup Done
Make request to authorization endpoint
2022-06-22 01:44:31 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp
redirect_uri
https://www.certification.openid.net/test/a/ZDF-test/callback
scope
accounts openid
2022-06-22 01:44:31 SUCCESS
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
authorization_endpoint_request
{
  "client_id": "WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp",
  "redirect_uri": "https://www.certification.openid.net/test/a/ZDF-test/callback",
  "scope": "accounts openid",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}
2022-06-22 01:44:31
CreateRandomStateValue
Created state value
requested_state_length
10
state
ValxTr83Dt
2022-06-22 01:44:31 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp
redirect_uri
https://www.certification.openid.net/test/a/ZDF-test/callback
scope
accounts openid
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
ValxTr83Dt
2022-06-22 01:44:31
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
uVMmGa96f3
2022-06-22 01:44:31 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp
redirect_uri
https://www.certification.openid.net/test/a/ZDF-test/callback
scope
accounts openid
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
ValxTr83Dt
nonce
uVMmGa96f3
2022-06-22 01:44:31 SUCCESS
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
client_id
WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp
redirect_uri
https://www.certification.openid.net/test/a/ZDF-test/callback
scope
accounts openid
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
ValxTr83Dt
nonce
uVMmGa96f3
response_type
code
2022-06-22 01:44:31 SUCCESS
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
client_id
WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp
redirect_uri
https://www.certification.openid.net/test/a/ZDF-test/callback
scope
accounts openid
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
ValxTr83Dt
nonce
uVMmGa96f3
response_type
code
response_mode
jwt
2022-06-22 01:44:31 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "client_id": "WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp",
  "redirect_uri": "https://www.certification.openid.net/test/a/ZDF-test/callback",
  "scope": "accounts openid",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "ValxTr83Dt",
  "nonce": "uVMmGa96f3",
  "response_type": "code",
  "response_mode": "jwt"
}
2022-06-22 01:44:31 SUCCESS
AddNbfValueIs70MinutesInPastToRequestObject
Added invalid nbf value to request object which is 70 minutes in the past
nbf_is_70_minutes_in_the_past
"Jun 22, 2022, 12:34:31 AM"
request_object_claims
{
  "client_id": "WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp",
  "redirect_uri": "https://www.certification.openid.net/test/a/ZDF-test/callback",
  "scope": "accounts openid",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "ValxTr83Dt",
  "nonce": "uVMmGa96f3",
  "response_type": "code",
  "response_mode": "jwt",
  "nbf": 1655858071
}
2022-06-22 01:44:31 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.655862571E9
2022-06-22 01:44:31 SUCCESS
AddAudToRequestObject
Added aud to request object claims
aud
https://pseudo-static.bs.minna-no-ginko.com
2022-06-22 01:44:31 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp
2022-06-22 01:44:31 SUCCESS
AddClientIdToRequestObject
Added client_id to request object claims
client_id
WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp
2022-06-22 01:44:31 SUCCESS
SignRequestObject
Signed the request object
claims
{
  "aud": "https://pseudo-static.bs.minna-no-ginko.com",
  "nbf": 1655858071,
  "scope": "accounts openid",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "iss": "WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp",
  "response_type": "code",
  "redirect_uri": "https://www.certification.openid.net/test/a/ZDF-test/callback",
  "state": "ValxTr83Dt",
  "exp": 1655862571,
  "nonce": "uVMmGa96f3",
  "client_id": "WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp",
  "response_mode": "jwt"
}
header
{
  "kid": "frUMU4gP42714FAq2CHp1QQwdiUFe-22B9_BulXICDM",
  "alg": "ES256"
}
request_object
eyJraWQiOiJmclVNVTRnUDQyNzE0RkFxMkNIcDFRUXdkaVVGZS0yMkI5X0J1bFhJQ0RNIiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJXbkdqUXlKQ2RZY1FQaFBBdDhxMk9HOHZhVDlxU2YyM2lEcFprR2x0bEV1SWFQc3AiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsIm5vbmNlIjoidVZNbUdhOTZmMyIsImNsaWVudF9pZCI6IlduR2pReUpDZFljUVBoUEF0OHEyT0c4dmFUOXFTZjIzaURwWmtHbHRsRXVJYVBzcCIsInJlc3BvbnNlX21vZGUiOiJqd3QiLCJhdWQiOiJodHRwczpcL1wvcHNldWRvLXN0YXRpYy5icy5taW5uYS1uby1naW5rby5jb20iLCJuYmYiOjE2NTU4NTgwNzEsInNjb3BlIjoiYWNjb3VudHMgb3BlbmlkIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJ2YWx1ZSI6InVybjptYWNlOmluY29tbW9uOmlhcDpzaWx2ZXIiLCJlc3NlbnRpYWwiOnRydWV9fX0sInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9aREYtdGVzdFwvY2FsbGJhY2siLCJzdGF0ZSI6IlZhbHhUcjgzRHQiLCJleHAiOjE2NTU4NjI1NzF9.LCcO5XcpTAnrD2gjhtieMvgY2vTNYdqiWzmL696zwg0WVBKqngM35cAte0svFfsiJgvpjtc2ZlfsMtRqNktwtg
key
{
  "kty": "EC",
  "d": "xXXJLzvKN-6_4p6rLA-ytRH48QB-DJVRin4A1RbqCA0",
  "use": "sig",
  "crv": "P-256",
  "kid": "frUMU4gP42714FAq2CHp1QQwdiUFe-22B9_BulXICDM",
  "x": "F1ZD5v3aCdaGuLtNIG5kCHizAMHWXajNjOMlv48i75Q",
  "y": "-GLYrefPdl1CJVbmqm0FiPIf2bAnFDAWTtvKwaDvP_0",
  "alg": "ES256"
}
2022-06-22 01:44:31 SUCCESS
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://pseudo-api.bs.minna-no-ginko.com/oauth2/v1/authorize?request=eyJraWQiOiJmclVNVTRnUDQyNzE0RkFxMkNIcDFRUXdkaVVGZS0yMkI5X0J1bFhJQ0RNIiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJXbkdqUXlKQ2RZY1FQaFBBdDhxMk9HOHZhVDlxU2YyM2lEcFprR2x0bEV1SWFQc3AiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsIm5vbmNlIjoidVZNbUdhOTZmMyIsImNsaWVudF9pZCI6IlduR2pReUpDZFljUVBoUEF0OHEyT0c4dmFUOXFTZjIzaURwWmtHbHRsRXVJYVBzcCIsInJlc3BvbnNlX21vZGUiOiJqd3QiLCJhdWQiOiJodHRwczpcL1wvcHNldWRvLXN0YXRpYy5icy5taW5uYS1uby1naW5rby5jb20iLCJuYmYiOjE2NTU4NTgwNzEsInNjb3BlIjoiYWNjb3VudHMgb3BlbmlkIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJ2YWx1ZSI6InVybjptYWNlOmluY29tbW9uOmlhcDpzaWx2ZXIiLCJlc3NlbnRpYWwiOnRydWV9fX0sInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9aREYtdGVzdFwvY2FsbGJhY2siLCJzdGF0ZSI6IlZhbHhUcjgzRHQiLCJleHAiOjE2NTU4NjI1NzF9.LCcO5XcpTAnrD2gjhtieMvgY2vTNYdqiWzmL696zwg0WVBKqngM35cAte0svFfsiJgvpjtc2ZlfsMtRqNktwtg&client_id=WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp&redirect_uri=https://www.certification.openid.net/test/a/ZDF-test/callback&scope=accounts%20openid&response_type=code
2022-06-22 01:44:31 REDIRECT
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Redirecting to authorization endpoint
redirect_to
https://pseudo-api.bs.minna-no-ginko.com/oauth2/v1/authorize?request=eyJraWQiOiJmclVNVTRnUDQyNzE0RkFxMkNIcDFRUXdkaVVGZS0yMkI5X0J1bFhJQ0RNIiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJXbkdqUXlKQ2RZY1FQaFBBdDhxMk9HOHZhVDlxU2YyM2lEcFprR2x0bEV1SWFQc3AiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsIm5vbmNlIjoidVZNbUdhOTZmMyIsImNsaWVudF9pZCI6IlduR2pReUpDZFljUVBoUEF0OHEyT0c4dmFUOXFTZjIzaURwWmtHbHRsRXVJYVBzcCIsInJlc3BvbnNlX21vZGUiOiJqd3QiLCJhdWQiOiJodHRwczpcL1wvcHNldWRvLXN0YXRpYy5icy5taW5uYS1uby1naW5rby5jb20iLCJuYmYiOjE2NTU4NTgwNzEsInNjb3BlIjoiYWNjb3VudHMgb3BlbmlkIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJ2YWx1ZSI6InVybjptYWNlOmluY29tbW9uOmlhcDpzaWx2ZXIiLCJlc3NlbnRpYWwiOnRydWV9fX0sInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9aREYtdGVzdFwvY2FsbGJhY2siLCJzdGF0ZSI6IlZhbHhUcjgzRHQiLCJleHAiOjE2NTU4NjI1NzF9.LCcO5XcpTAnrD2gjhtieMvgY2vTNYdqiWzmL696zwg0WVBKqngM35cAte0svFfsiJgvpjtc2ZlfsMtRqNktwtg&client_id=WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp&redirect_uri=https://www.certification.openid.net/test/a/ZDF-test/callback&scope=accounts%20openid&response_type=code
2022-06-22 01:44:31 REVIEW
ExpectRequestObjectWithNbfOver60ClaimErrorPage
If the server does not return an invalid_request_object error back to the client, it must show an error page saying the request object is invalid as it is using a 'nbf' value over 60 minutes in the past in the signed request object - upload a screenshot of the error page.
image_no_longer_required
true
2022-06-22 01:44:35 INCOMING
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Incoming HTTP request to /test/a/ZDF-test/callback
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,*/*;q\u003d0.8",
  "cookie": "JSESSIONID\u003d562606A08F11C9989ACB6F6F70432147; __utma\u003d201319536.1459471107.1630023990.1655706355.1655795275.41; __utmz\u003d201319536.1655706355.40.21.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided)",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15",
  "accept-language": "en-US,en;q\u003d0.9",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/ZDF-test/callback
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{
  "response": "eyJraWQiOiI3MDFmY2ExMy00OTYzLTQ1YzktYWRhMC1lOTgyODlhODE3YzkiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJXbkdqUXlKQ2RZY1FQaFBBdDhxMk9HOHZhVDlxU2YyM2lEcFprR2x0bEV1SWFQc3AiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IltBMTUwMzY1XSBUaGUgbGlmZXRpbWUgb2YgdGhlIHJlcXVlc3Qgb2JqZWN0IHBhc3NlZCBieSB0aGUgJ3JlcXVlc3QnIHBhcmFtZXRlciBleGNlZWRzIHRoZSBhbGxvd2VkIG1heGltdW0gdmFsdWUgKDM2MDAgc2Vjb25kcykuIiwiaXNzIjoiaHR0cHM6Ly9wc2V1ZG8tc3RhdGljLmJzLm1pbm5hLW5vLWdpbmtvLmNvbSIsInN0YXRlIjoiVmFseFRyODNEdCIsImVycm9yIjoiaW52YWxpZF9yZXF1ZXN0X29iamVjdCIsImVycm9yX3VyaSI6Imh0dHBzOi8vZG9jcy5hdXRobGV0ZS5jb20vI0ExNTAzNjUiLCJleHAiOjE2NTU4NjI4NzV9.y_SWjKQxKCqDanWcQjqx9WYmqcXwFanSgGfgR5XvblQNOXeWbyTPaPTsMubecoHREiMnS159Z8jlNJUPTJ5CKg"
}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES256-GCM-SHA384
incoming_body_json
2022-06-22 01:44:35 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/kdm3CDmJ7xIVPF9n5z3c",
  "fullUrl": "https://www.certification.openid.net/test/a/ZDF-test/implicit/kdm3CDmJ7xIVPF9n5z3c"
}
2022-06-22 01:44:35 OUTGOING
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Response to HTTP request to test instance UkvkwUKIO33KlIO
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/ZDF-test/implicit/kdm3CDmJ7xIVPF9n5z3c, returnUrl=/log-detail.html?log=UkvkwUKIO33KlIO}]
outgoing_path
callback
2022-06-22 01:44:36 INCOMING
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Incoming HTTP request to /test/a/ZDF-test/implicit/kdm3CDmJ7xIVPF9n5z3c
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15",
  "referer": "https://www.certification.openid.net/test/a/ZDF-test/callback?response\u003deyJraWQiOiI3MDFmY2ExMy00OTYzLTQ1YzktYWRhMC1lOTgyODlhODE3YzkiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJXbkdqUXlKQ2RZY1FQaFBBdDhxMk9HOHZhVDlxU2YyM2lEcFprR2x0bEV1SWFQc3AiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IltBMTUwMzY1XSBUaGUgbGlmZXRpbWUgb2YgdGhlIHJlcXVlc3Qgb2JqZWN0IHBhc3NlZCBieSB0aGUgJ3JlcXVlc3QnIHBhcmFtZXRlciBleGNlZWRzIHRoZSBhbGxvd2VkIG1heGltdW0gdmFsdWUgKDM2MDAgc2Vjb25kcykuIiwiaXNzIjoiaHR0cHM6Ly9wc2V1ZG8tc3RhdGljLmJzLm1pbm5hLW5vLWdpbmtvLmNvbSIsInN0YXRlIjoiVmFseFRyODNEdCIsImVycm9yIjoiaW52YWxpZF9yZXF1ZXN0X29iamVjdCIsImVycm9yX3VyaSI6Imh0dHBzOi8vZG9jcy5hdXRobGV0ZS5jb20vI0ExNTAzNjUiLCJleHAiOjE2NTU4NjI4NzV9.y_SWjKQxKCqDanWcQjqx9WYmqcXwFanSgGfgR5XvblQNOXeWbyTPaPTsMubecoHREiMnS159Z8jlNJUPTJ5CKg",
  "cookie": "JSESSIONID\u003d562606A08F11C9989ACB6F6F70432147; __utma\u003d201319536.1459471107.1630023990.1655706355.1655795275.41; __utmz\u003d201319536.1655706355.40.21.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided)",
  "connection": "close",
  "content-length": "0"
}
incoming_path
/test/a/ZDF-test/implicit/kdm3CDmJ7xIVPF9n5z3c
incoming_body_form_params
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES256-GCM-SHA384
incoming_body_json
2022-06-22 01:44:36 OUTGOING
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Response to HTTP request to test instance UkvkwUKIO33KlIO
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/kdm3CDmJ7xIVPF9n5z3c
2022-06-22 01:44:36 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2022-06-22 01:44:36 REDIRECT-IN
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Authorization endpoint response captured
url_query
{
  "response": "eyJraWQiOiI3MDFmY2ExMy00OTYzLTQ1YzktYWRhMC1lOTgyODlhODE3YzkiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJXbkdqUXlKQ2RZY1FQaFBBdDhxMk9HOHZhVDlxU2YyM2lEcFprR2x0bEV1SWFQc3AiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IltBMTUwMzY1XSBUaGUgbGlmZXRpbWUgb2YgdGhlIHJlcXVlc3Qgb2JqZWN0IHBhc3NlZCBieSB0aGUgJ3JlcXVlc3QnIHBhcmFtZXRlciBleGNlZWRzIHRoZSBhbGxvd2VkIG1heGltdW0gdmFsdWUgKDM2MDAgc2Vjb25kcykuIiwiaXNzIjoiaHR0cHM6Ly9wc2V1ZG8tc3RhdGljLmJzLm1pbm5hLW5vLWdpbmtvLmNvbSIsInN0YXRlIjoiVmFseFRyODNEdCIsImVycm9yIjoiaW52YWxpZF9yZXF1ZXN0X29iamVjdCIsImVycm9yX3VyaSI6Imh0dHBzOi8vZG9jcy5hdXRobGV0ZS5jb20vI0ExNTAzNjUiLCJleHAiOjE2NTU4NjI4NzV9.y_SWjKQxKCqDanWcQjqx9WYmqcXwFanSgGfgR5XvblQNOXeWbyTPaPTsMubecoHREiMnS159Z8jlNJUPTJ5CKg"
}
headers
{
  "host": "www.certification.openid.net",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,*/*;q\u003d0.8",
  "cookie": "JSESSIONID\u003d562606A08F11C9989ACB6F6F70432147; __utma\u003d201319536.1459471107.1630023990.1655706355.1655795275.41; __utmz\u003d201319536.1655706355.40.21.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided)",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15",
  "accept-language": "en-US,en;q\u003d0.9",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-proto": "https",
  "x-forwarded-port": "443",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Verify authorization endpoint response
2022-06-22 01:44:36 SUCCESS
ExtractJARMFromURLQuery
Found and parsed the jarm_response from callback_query_params
value
eyJraWQiOiI3MDFmY2ExMy00OTYzLTQ1YzktYWRhMC1lOTgyODlhODE3YzkiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJXbkdqUXlKQ2RZY1FQaFBBdDhxMk9HOHZhVDlxU2YyM2lEcFprR2x0bEV1SWFQc3AiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IltBMTUwMzY1XSBUaGUgbGlmZXRpbWUgb2YgdGhlIHJlcXVlc3Qgb2JqZWN0IHBhc3NlZCBieSB0aGUgJ3JlcXVlc3QnIHBhcmFtZXRlciBleGNlZWRzIHRoZSBhbGxvd2VkIG1heGltdW0gdmFsdWUgKDM2MDAgc2Vjb25kcykuIiwiaXNzIjoiaHR0cHM6Ly9wc2V1ZG8tc3RhdGljLmJzLm1pbm5hLW5vLWdpbmtvLmNvbSIsInN0YXRlIjoiVmFseFRyODNEdCIsImVycm9yIjoiaW52YWxpZF9yZXF1ZXN0X29iamVjdCIsImVycm9yX3VyaSI6Imh0dHBzOi8vZG9jcy5hdXRobGV0ZS5jb20vI0ExNTAzNjUiLCJleHAiOjE2NTU4NjI4NzV9.y_SWjKQxKCqDanWcQjqx9WYmqcXwFanSgGfgR5XvblQNOXeWbyTPaPTsMubecoHREiMnS159Z8jlNJUPTJ5CKg
header
{
  "kid": "701fca13-4963-45c9-ada0-e98289a817c9",
  "alg": "ES256"
}
claims
{
  "aud": "WnGjQyJCdYcQPhPAt8q2OG8vaT9qSf23iDpZkGltlEuIaPsp",
  "error_description": "[A150365] The lifetime of the request object passed by the \u0027request\u0027 parameter exceeds the allowed maximum value (3600 seconds).",
  "iss": "https://pseudo-static.bs.minna-no-ginko.com",
  "state": "ValxTr83Dt",
  "error": "invalid_request_object",
  "error_uri": "https://docs.authlete.com/#A150365",
  "exp": 1655862875
}
2022-06-22 01:44:36 SUCCESS
RejectNonJarmResponsesInUrlQuery
Authorization endpoint response only includes the JARM JWT.
2022-06-22 01:44:36 SUCCESS
ExtractAuthorizationEndpointResponseFromJARMResponse
Extracted the authorization response
error_description
[A150365] The lifetime of the request object passed by the 'request' parameter exceeds the allowed maximum value (3600 seconds).
iss
https://pseudo-static.bs.minna-no-ginko.com
state
ValxTr83Dt
error
invalid_request_object
error_uri
https://docs.authlete.com/#A150365
2022-06-22 01:44:36 SUCCESS
ValidateJARMResponse
JARM response standard JWT claims are valid
2022-06-22 01:44:36 SUCCESS
ValidateJARMExpRecommendations
JARM response 'exp' is less than 10 minutes
now
"Jun 22, 2022, 1:44:36 AM"
expiration
"Jun 22, 2022, 1:54:35 AM"
2022-06-22 01:44:36 SUCCESS
ValidateJARMSignatureUsingKid
jarm_response signature validated
jarm_response
eyJraWQiOiI3MDFmY2ExMy00OTYzLTQ1YzktYWRhMC1lOTgyODlhODE3YzkiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJXbkdqUXlKQ2RZY1FQaFBBdDhxMk9HOHZhVDlxU2YyM2lEcFprR2x0bEV1SWFQc3AiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IltBMTUwMzY1XSBUaGUgbGlmZXRpbWUgb2YgdGhlIHJlcXVlc3Qgb2JqZWN0IHBhc3NlZCBieSB0aGUgJ3JlcXVlc3QnIHBhcmFtZXRlciBleGNlZWRzIHRoZSBhbGxvd2VkIG1heGltdW0gdmFsdWUgKDM2MDAgc2Vjb25kcykuIiwiaXNzIjoiaHR0cHM6Ly9wc2V1ZG8tc3RhdGljLmJzLm1pbm5hLW5vLWdpbmtvLmNvbSIsInN0YXRlIjoiVmFseFRyODNEdCIsImVycm9yIjoiaW52YWxpZF9yZXF1ZXN0X29iamVjdCIsImVycm9yX3VyaSI6Imh0dHBzOi8vZG9jcy5hdXRobGV0ZS5jb20vI0ExNTAzNjUiLCJleHAiOjE2NTU4NjI4NzV9.y_SWjKQxKCqDanWcQjqx9WYmqcXwFanSgGfgR5XvblQNOXeWbyTPaPTsMubecoHREiMnS159Z8jlNJUPTJ5CKg
2022-06-22 01:44:36 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2022-06-22 01:44:36 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
ValxTr83Dt
2022-06-22 01:44:36 SUCCESS
EnsureErrorFromAuthorizationEndpointResponse
Authorization endpoint returned an error
error_description
[A150365] The lifetime of the request object passed by the 'request' parameter exceeds the allowed maximum value (3600 seconds).
iss
https://pseudo-static.bs.minna-no-ginko.com
state
ValxTr83Dt
error
invalid_request_object
error_uri
https://docs.authlete.com/#A150365
2022-06-22 01:44:36 SUCCESS
CheckForUnexpectedParametersInErrorResponseFromAuthorizationEndpoint
error response includes only expected parameters
error_description
[A150365] The lifetime of the request object passed by the 'request' parameter exceeds the allowed maximum value (3600 seconds).
iss
https://pseudo-static.bs.minna-no-ginko.com
state
ValxTr83Dt
error
invalid_request_object
error_uri
https://docs.authlete.com/#A150365
2022-06-22 01:44:36 SUCCESS
EnsureInvalidRequestObjectError
Authorization endpoint returned expected 'error' of 'invalid_request_object'
error
invalid_request_object
2022-06-22 01:44:36 FINISHED
fapi1-advanced-final-ensure-request-object-with-nbf-over-60-fails
Test has run to completion
testmodule_result
PASSED
2022-06-22 01:44:49
TEST-RUNNER
Alias has now been claimed by another test
alias
ZDF-test
new_test_id
3w9VACr7vxSFApA
Test Results