Test detail

Test Name	fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails
Variant	client_auth_type=private_key_jwt, fapi_auth_request_method=pushed, fapi_profile=plain_fapi, fapi_response_mode=plain_response
Test ID	9EKM42sWOJSJPFY https://www.certification.openid.net/log-detail.html?public=true&log=9EKM42sWOJSJPFY
Created	2022-08-03T08:47:40.657683Z
Description	plain_fapi
Test Version	4.1.45
Test Owner	101573011832388389706 https://accounts.google.com
Plan ID	lWTdHkThAMJqp https://www.certification.openid.net/plan-detail.html?public=true&plan=lWTdHkThAMJqp
Exported From	https://www.certification.openid.net
Exported By	101573011832388389706 https://accounts.google.com
Suite Version	5.0.0
Exported	2022-08-05 03:58:01 (UTC)

2022-08-03 08:47:40

(7) More

INFO

TEST-RUNNER

Test instance 9EKM42sWOJSJPFY created

baseUrl	https://www.certification.openid.net/test/a/ISVAOP_ZY
variant	{ "client_auth_type": "private_key_jwt", "fapi_auth_request_method": "pushed", "fapi_profile": "plain_fapi", "fapi_response_mode": "plain_response" }
alias	ISVAOP_ZY
description	plain_fapi
planId	lWTdHkThAMJqp
config	{ "alias": "ISVAOP_ZY", "automated_ciba_approval_url": "http://119.81.74.189:31811/authenticator/userResponse?action\u003d{action}\u0026token\u003d{auth_req_id}", "server": { "discoveryUrl": "https://isamfed.com:8743/oauth2/.well-known/openid-configuration" }, "client": { "client_id": "client04pwk", "scope": "openid email", "jwks": { "keys": [ { "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8", "kty": "RSA", "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE", "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ", "e": "AQAB", "use": "sig", "kid": "conformancetest", "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI", "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0", "alg": "PS256", "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE", "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw" } ] }, "hint_type": "login_hint", "hint_value": "testuser" }, "client2": { "client_id": "client05pwk", "scope": "openid", "jwks": { "keys": [ { "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M", "kty": "RSA", "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0", "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ", "e": "AQAB", "use": "sig", "kid": "ristrettotest", "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes", "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k", "alg": "PS256", "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0", "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw" } ] }, "acr_value": "urn:acr2" }, "resource": { "resourceUrl": "https://isamfed.com:8743/oauth2/open-banking/v3.1/aisp/accounts" }, "mtls": { "cert": "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQEL\nBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJ\nc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYD\nVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1ow\nazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2lu\nZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQD\nDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CI\nojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+\nfhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWy\nPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4\nNkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cw\nrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDR\nUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjij\nZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ\n2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA\n86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJ\nYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFK\noPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4\nflhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA\u003d\u003d\n-----END CERTIFICATE-----\n", "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQO\nZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+\njbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++\nA3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Nj\nd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqg\nDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABAoIBAEOmr/MnPlWdb41v\ntTyC9q5XB6sB6JR3fABUARhHj6MMTzWGZU9k2TE4TVWm0xiDPSXAwVADrWnJePlZ\nq0RdRd3MX9iO5daQPZnAEX3Iin9t44jHrZSmClEH6D4b0ur5osgLnMx2R/I3L+lP\nJfrd/fjpt1lMxjAHCz7Jb7INTnLMjBl8Lji9witoeQseo2+SRLanNckCw9t2/Wkq\nlpyTUnVg6icB9QLAh0ASE/zlMdFMYlo1llfxToRpZKQuE0zTXtvMqfkutqSUb8hL\nSBTYuMHOh8aycMB//JgiAMwrHVSVcRn2oMqnk5vm08i/sLK8TT8AGAf8Evn0GJJ8\n8kKHvqECgYEA2Xnd/4+98ZiEnLbkgRPVX7pWVa2ZqCAZ4Cf75cv+IlQ3crJniX0I\nEOpFS71fF8/Ei7DIAELe9zeopQvkUdfzMlC7Rg5AuhJzRIL+FaUFlLJOMz+S7eqi\nLeabclYGIbZrX+n8Xic01oQxRipgV1XMKj+D3MROUoRCWNMS1Xqghe0CgYEAxQbF\nsTjipyvk6ZvrpucqAZ1IVIGiVELGMlUEGmyJ8CgXd3gwmU88RahmwBes0GNzm5hw\ns9J+C/S/zt6gu1pP1g/lEpx4/yxg6MZk8AQEk3VG63Tg2rEzjEIQsz0fTXbO1AVS\nJvEuReB8VCgQEKNYMxrqdHXvpSFHOhQLbvebODkCgYEAgK7e0IjCkQF5fq2t+j69\nJD7DNUFayaPtC7k9EVWqk6+Xe7PbFfy42CF3TYDJkvJqz2mUfqsS+d+iV774pAEP\nM3eXyLVIUZH3SNPl+vLBoaH8KdD1ZPhQbK6mznneePZTBNcUcLXsSv6/lVAf362x\n+FHK+cfivGrsQ1jqLQ25jGUCgYBVrLY2dDgK3YlzE/wK3aZkgVI8fQprfYXVySY5\nn0z0A1sA9mCbqdrZp3rWuPTKwRQ6arVHXJa2+DyX5jMahREGUm8YAraSr2eMkQi/\nXd/nhy3JoU9NiZSSvv+oEUIVWz5g79djW6j1dcJajfk+Yuktf9zHu6jzs17XoHPA\nUydJ8QKBgQCreujKz7G5EEXkwdEqFFolM9A8ZMB2k3t6FaM4P/lEUs+nFkxYz2+r\nxI4HMCE0UOCw58ukQjNmXJhumAAB0HIC28gFVuk8FXPRI46ZRQ4uuqQcSCr3/0yP\nSrJe3uU+IC74iHff9XHmwiHwcpmgsDclyg4Ga5eCf1XNKmZLtu/4Xg\u003d\u003d\n-----END RSA PRIVATE KEY-----\n", "ca": "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQEL\nBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJ\nc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYD\nVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1ow\nazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2lu\nZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQD\nDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CI\nojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+\nfhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWy\nPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4\nNkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cw\nrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDR\nUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjij\nZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ\n2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA\n86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJ\nYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFK\noPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4\nflhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA\u003d\u003d\n-----END CERTIFICATE-----\n" }, "mtls2": { "cert": "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQEL\nBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJ\nc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYD\nVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlow\nazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2lu\nZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQD\nDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV\n37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMY\nC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRd\nLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79A\nsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsS\nnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClr\nEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/\nQODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTG\nfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn\n3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBq\nIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP\n2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrL\np5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ\u003d\u003d\n-----END CERTIFICATE-----\n", "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar\n+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420M\nIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyU\nRUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k\n+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7H\nOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABAoIBABZVROM5pCIa9qsu\nUxgvF3wXAktoAdahrRMjcnIstNQpQ9cT5Jyk5Sey3P9bLRQCjcj9sFuOUNksFa+n\nUGw6qKifVDI02eifZAN9CudMH+P/wu3e9rVtsRhOLNG/oz6+1CYbjam7N+FDSz5T\nFp018fCBoekctbofEVZ3BzJDaX+VrBn6TSBpzMzibDfnnfbkFkep+91okF9TTLIZ\n+Bjl/f1dVfbMZ6scs2rc7Slp52Od0HZ69gerc7l4IFxCiH2pMMbI6lRESYXlaf4j\n/mTJR/sFnDvbyET1UVU5paAhZ/TLGougAGzLtOEhlxLSjNv/5RfFIs1NPLW8iu68\nOgKL94ECgYEA6Ya6XBXydFof+aeHub7AlYdEA9qnQdqQR88AHlHcLIxkyNlVsPh+\n5/t0SrkJtrspBp233Ne9JTflQYk8/+wBE59NutnKJfzzV04ftm1bmW+gBHT36rZR\nW8WT2Kto73A9SLzhhQSp1a14ff9vULoRwQLtWpAANkqTCUD0Zwe4v+kCgYEA1zl7\nLSMmUpjjR1thITcfHnVtI+0U4ilqcDXUZzoaJsSQ4/oSr8Xc2EbF2KsxqPhq6HKO\nhINsPeN+iA1F0F3+oc32k4PI8NrQtIfLsVEvTQ2LuYsR4a8TNyGH/zk0i/XpRy63\n2BrKcYp6iyb3qQgGMdjsK+PW6PChTa6TaopUpFECgYAWozHTlWkQcGAjImNc1Sn0\nFM26FesaziYoX9+iEMtoIh/u/Gp7IkujD1Qhnjhb117NvmJBbURvpDB8HuKj6Gve\nTBYL4+rdrdyk/PTECWvUvuZjKDeUMCJI5ClF2q/sbhPyxiSScXZJOWyxwh43VCI+\ndJsvqT/sA2Sng/1tM2lsaQKBgGitkWZTuTjlGW3EWQpxp9YFoO6fSc/x+s3WsJcA\nYGXIpvvqzhnlr1MVoPaP1RhssnqZ9Q0oaoXzVsBPTExa2xTRewMmTp4unuGfRofY\nh5v/YZz9sdXFdCAVU/LjXNZR5YL0iwA1j48HnjB95Gi2+WRXMA7swsMK/jktFo/z\n9dTxAoGAYk2kwzCs7xwhsa3/xH5xJauvlclDqelC4R1cS2pzQI+MQIfjR4JccZ8x\nly7HMv+2D9vBModxo/msXGq3QJaAmDHzNhee2+OTuKcDLd7wlwSwqZ9EBvxHuLwI\n7/QZejw68iLHZWQMH57daNZL9X/8VwmF/C8tawAvXmflv+ra3Ec\u003d\n-----END RSA PRIVATE KEY-----\n", "ca": "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQEL\nBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJ\nc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYD\nVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlow\nazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2lu\nZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQD\nDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV\n37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMY\nC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRd\nLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79A\nsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsS\nnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClr\nEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/\nQODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTG\nfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn\n3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBq\nIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP\n2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrL\np5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ\u003d\u003d\n-----END CERTIFICATE-----\n" }, "consent": {}, "description": "plain_fapi" }
testName	fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails

2022-08-03 08:47:40

(1) More

SUCCESS

CreateRedirectUri

Created redirect URI

redirect_uri

https://www.certification.openid.net/test/a/ISVAOP_ZY/callback

2022-08-03 08:47:40

(4) More

GetDynamicServerConfiguration

HTTP request

request_uri	https://isamfed.com:8743/oauth2/.well-known/openid-configuration
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/+json, /*", "content-length": "0" }
request_body

2022-08-03 08:47:41

(4) More

RESPONSE

GetDynamicServerConfiguration

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "content-type": "application/json", "date": "Wed, 03 Aug 2022 08:47:41 GMT", "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"", "transfer-encoding": "chunked", "x-correlation-id": "CORR_ID-0e91cc2a-da2b-4850-9f61-af3be0ee8ef1", "strict-transport-security": "max-age\u003d31536000; includeSubDomains" }
response_body	{"authorization_endpoint":"https://isamfed.com:8743/oauth2/authorize","backchannel_authentication_endpoint":"https://isamfed.com:8743/oauth2/ciba","backchannel_authentication_request_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_user_code_parameter_supported":false,"claim_types_supported":["normal"],"claims_parameter_supported":true,"claims_supported":["iss","name","displayName"],"dpop_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"grant_types_supported":["authorization_code","implicit","password","client_credentials","refresh_token","urn:openid:params:grant-type:ciba"],"id_token_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"id_token_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"id_token_signing_alg_values_supported":["PS256"],"introspection_endpoint":"https://isamfed.com:8743/oauth2/introspect","issuer":"https://isamfed.com:8743/oauth2/","jwks_uri":"https://isamfed.com:8743/oauth2/jwks","mtls_endpoint_aliases":{"backchannel_authentication_endpoint":"https://isamfed.com:8743/oauth2/ciba","introspection_endpoint":"https://isamfed.com:8743/oauth2/introspect","pushed_authorization_request_endpoint":"https://isamfed.com:8743/oauth2/par","registration_endpoint":"https://isamfed.com:8743/oauth2/register","revocation_endpoint":"https://isamfed.com:8743/oauth2/revoke","token_endpoint":"https://isamfed.com:8743/oauth2/token"},"pushed_authorization_request_endpoint":"https://isamfed.com:8743/oauth2/par","registration_endpoint":"https://isamfed.com:8743/oauth2/register","request_object_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"request_object_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"request_object_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_pushed_authorization_requests":false,"require_request_uri_registration":false,"response_modes_supported":["query","fragment","form_post"],"response_types_supported":["none","code","token","id_token","code token","code id_token","token id_token","code token id_token"],"revocation_endpoint":"https://isamfed.com:8743/oauth2/revoke","scopes_supported":["openid","profile","email","phone","address"],"subject_types_supported":["public"],"tls_client_certificate_bound_access_tokens":true,"token_endpoint":"https://isamfed.com:8743/oauth2/token","token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","private_key_jwt","tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"userinfo_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"userinfo_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"userinfo_endpoint":"https://isamfed.com:8743/oauth2/userinfo","userinfo_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"]}

2022-08-03 08:47:41

(39) More

SUCCESS

GetDynamicServerConfiguration

Successfully parsed server configuration

authorization_endpoint	https://isamfed.com:8743/oauth2/authorize
backchannel_authentication_endpoint	https://isamfed.com:8743/oauth2/ciba
backchannel_authentication_request_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]
backchannel_token_delivery_modes_supported	[ "poll", "ping" ]
backchannel_user_code_parameter_supported	false
claim_types_supported	[ "normal" ]
claims_parameter_supported	true
claims_supported	[ "iss", "name", "displayName" ]
dpop_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]
grant_types_supported	[ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:openid:params:grant-type:ciba" ]
id_token_encryption_alg_values_supported	[ "none", "RSA-OAEP", "RSA-OAEP-256" ]
id_token_encryption_enc_values_supported	[ "none", "A128GCM", "A192GCM", "A256GCM" ]
id_token_signing_alg_values_supported	[ "PS256" ]
introspection_endpoint	https://isamfed.com:8743/oauth2/introspect
issuer	https://isamfed.com:8743/oauth2/
jwks_uri	https://isamfed.com:8743/oauth2/jwks
mtls_endpoint_aliases	{ "backchannel_authentication_endpoint": "https://isamfed.com:8743/oauth2/ciba", "introspection_endpoint": "https://isamfed.com:8743/oauth2/introspect", "pushed_authorization_request_endpoint": "https://isamfed.com:8743/oauth2/par", "registration_endpoint": "https://isamfed.com:8743/oauth2/register", "revocation_endpoint": "https://isamfed.com:8743/oauth2/revoke", "token_endpoint": "https://isamfed.com:8743/oauth2/token" }
pushed_authorization_request_endpoint	https://isamfed.com:8743/oauth2/par
registration_endpoint	https://isamfed.com:8743/oauth2/register
request_object_encryption_alg_values_supported	[ "none", "RSA-OAEP", "RSA-OAEP-256" ]
request_object_encryption_enc_values_supported	[ "none", "A128GCM", "A192GCM", "A256GCM" ]
request_object_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]
request_parameter_supported	true
request_uri_parameter_supported	false
require_pushed_authorization_requests	false
require_request_uri_registration	false
response_modes_supported	[ "query", "fragment", "form_post" ]
response_types_supported	[ "none", "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ]
revocation_endpoint	https://isamfed.com:8743/oauth2/revoke
scopes_supported	[ "openid", "profile", "email", "phone", "address" ]
subject_types_supported	[ "public" ]
tls_client_certificate_bound_access_tokens	true
token_endpoint	https://isamfed.com:8743/oauth2/token
token_endpoint_auth_methods_supported	[ "client_secret_basic", "client_secret_post", "private_key_jwt", "tls_client_auth" ]
token_endpoint_auth_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]
userinfo_encryption_alg_values_supported	[ "none", "RSA-OAEP", "RSA-OAEP-256" ]
userinfo_encryption_enc_values_supported	[ "none", "A128GCM", "A192GCM", "A256GCM" ]
userinfo_endpoint	https://isamfed.com:8743/oauth2/userinfo
userinfo_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]

2022-08-03 08:47:41	SUCCESS RFC8705-5	AddMTLSEndpointAliasesToEnvironment Added mtls_endpoint_aliases to environment

2022-08-03 08:47:41

(1) More

SUCCESS

CheckServerConfiguration

Found required server configuration keys

required

[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]

2022-08-03 08:47:41

(1) More

FetchServerKeys

Fetching server key

jwks_uri

https://isamfed.com:8743/oauth2/jwks

2022-08-03 08:47:41

(4) More

FetchServerKeys

HTTP request

request_uri	https://isamfed.com:8743/oauth2/jwks
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/+json, /*", "content-length": "0" }
request_body

2022-08-03 08:47:42

(4) More

RESPONSE

FetchServerKeys

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "content-type": "application/json", "date": "Wed, 03 Aug 2022 08:47:42 GMT", "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"", "transfer-encoding": "chunked", "x-correlation-id": "CORR_ID-eaaf1aff-fcde-49c0-bf9e-9861f37dadd9", "strict-transport-security": "max-age\u003d31536000; includeSubDomains" }
response_body	{"keys":[{"use":"sig","kty":"EC","kid":"es256","crv":"P-256","x":"2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58","y":"GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"},{"use":"sig","kty":"RSA","kid":"httpserver","n":"p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw","e":"AQAB"},{"use":"sig","kty":"RSA","kid":"mtls01","n":"ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw","e":"AQAB"},{"use":"sig","kty":"RSA","kid":"rsa256","n":"toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ","e":"AQAB"},{"use":"enc","kty":"EC","kid":"es256","crv":"P-256","x":"2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58","y":"GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"},{"use":"enc","kty":"RSA","kid":"httpserver","n":"p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw","e":"AQAB"},{"use":"enc","kty":"RSA","kid":"mtls01","n":"ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw","e":"AQAB"},{"use":"enc","kty":"RSA","kid":"rsa256","n":"toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ","e":"AQAB"}]}

2022-08-03 08:47:42

(1) More

FetchServerKeys

Found JWK set string

jwk_string

{"keys":[{"use":"sig","kty":"EC","kid":"es256","crv":"P-256","x":"2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58","y":"GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"},{"use":"sig","kty":"RSA","kid":"httpserver","n":"p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw","e":"AQAB"},{"use":"sig","kty":"RSA","kid":"mtls01","n":"ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw","e":"AQAB"},{"use":"sig","kty":"RSA","kid":"rsa256","n":"toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ","e":"AQAB"},{"use":"enc","kty":"EC","kid":"es256","crv":"P-256","x":"2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58","y":"GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"},{"use":"enc","kty":"RSA","kid":"httpserver","n":"p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw","e":"AQAB"},{"use":"enc","kty":"RSA","kid":"mtls01","n":"ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw","e":"AQAB"},{"use":"enc","kty":"RSA","kid":"rsa256","n":"toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ","e":"AQAB"}]}

2022-08-03 08:47:42

(1) More

SUCCESS

FetchServerKeys

Found server JWK set

server_jwks

{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "es256",
      "crv": "P-256",
      "x": "2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58",
      "y": "GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "httpserver",
      "n": "p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw",
      "e": "AQAB"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "mtls01",
      "n": "ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw",
      "e": "AQAB"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "rsa256",
      "n": "toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "EC",
      "kid": "es256",
      "crv": "P-256",
      "x": "2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58",
      "y": "GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "httpserver",
      "n": "p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "mtls01",
      "n": "ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "rsa256",
      "n": "toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ",
      "e": "AQAB"
    }
  ]
}

2022-08-03 08:47:42

(1) More

SUCCESS

CheckServerKeysIsValid

Server JWKs is valid

server_jwks

{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "es256",
      "crv": "P-256",
      "x": "2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58",
      "y": "GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "httpserver",
      "n": "p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw",
      "e": "AQAB"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "mtls01",
      "n": "ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw",
      "e": "AQAB"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "rsa256",
      "n": "toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "EC",
      "kid": "es256",
      "crv": "P-256",
      "x": "2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58",
      "y": "GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "httpserver",
      "n": "p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "mtls01",
      "n": "ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "rsa256",
      "n": "toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ",
      "e": "AQAB"
    }
  ]
}

2022-08-03 08:47:42	SUCCESS RFC7517-1.1	ValidateServerJWKs Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url

2022-08-03 08:47:42	SUCCESS OIDCC-10.1	CheckForKeyIdInServerJWKs All keys contain kids

2022-08-03 08:47:42	SUCCESS RFC7518-6.3.2.1	EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys Jwks does not contain any private or symmetric keys

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumServerKeyLength

Validated minimum key lengths for server_jwks

server_jwks

{
  "keys": [
    {
      "use": "sig",
      "kty": "EC",
      "kid": "es256",
      "crv": "P-256",
      "x": "2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58",
      "y": "GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "httpserver",
      "n": "p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw",
      "e": "AQAB"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "mtls01",
      "n": "ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw",
      "e": "AQAB"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "rsa256",
      "n": "toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "EC",
      "kid": "es256",
      "crv": "P-256",
      "x": "2eFMhRrJ32E2iMUd8yqTH1S1R0iUNeJVkpxEtEcAK58",
      "y": "GpCy6KiKO4cFyeuAz8wUpBUHQmx0SX0YnswvZaSKkEc"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "httpserver",
      "n": "p30DhlZ8sr5ZDi6prRvKL4M9ErQJ4ZYZST153m_xBP68ft-vuLOLLzl8pAXBW5IqR0YEchGQPJtUQjqE4j7ht-rqN2WQxLVzUdc9FGi2VDADdRvBncpBgSjueU-tSblcZ6LSF0UPeM2z5xTdMSgWRJ9xff_cvHJTpACdG2EWwe8u9a9yzVz_dqLbVugy415Cotp3DiZyIjHVEADvJY9Xlxk4E39lCKOMQlAFMPH76HnXCrVCi4MZeokCYHBzH_8ue29ImhLAZRE83F9r0mhfx37lAraut3rr6sRponY4wBRaEXpNrVlcTTNMyvL272TCkEZqtm4mwepVhNYj7Pxblw",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "mtls01",
      "n": "ppY9BFOF6YXRPSRv-p21I6l-9OiTF_JbjzQ3zbvkhwkQ8p30chePHLQVeBBev1oV5j_oGYzD2_hUkUcqueHETuOFTaZ8Z0VpN9c2HDXTZ4IeTUpPJPPWcqJ4ykWxtZdhgWbxjn5lROzupAUrsT9nJci4_8KgEu6vaTnIo-NLVwzFkNr9cMYRBcg7O20RL7V7LSgGyqw2vUK3jvBCgsCZSWRjjBQiYGQjEYkvGmAm22Omw2HmdJ0mFV4m7DpyY2WRhLqSAedzkwsYioTDPXqa-ts8DgBqUySPYp1ACSoeHxVO5gnKd6ukaCNyh5U7bui0zMRw_NKRGChA1nJN3cg1Mw",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "rsa256",
      "n": "toihHnUntP41DGJEpUQjHuzyWtb4NQEg5r38YoaCRVfnX7pmYOgn6zOU3jgUXuNqJefTHNLRq7_wxZT2zsCFrJvfg8ccl4Ds1Vp3Hur3mQVsqhXrKRqBvvsF_1pbJSbyLCk0_HkrcP9XRNP4Lq2MiofAtt89Lmya9ZlwbA4NLkEJFNtC-6wuq48kpA-TWXOcQXPUW-0RZS7t8DGgRlQpeUwj8-g6N_uUSk21hawGNlWmOYkrQ7w4kCIKO2U4Y6_2dygwNnESxiPA_61UuH9wVjWxo1XiyKJnpDGiYXGeihoGn6EcLMKeA8wACuR_1ah7BD3iKMQRW3DWEBfjp0LMyQ",
      "e": "AQAB"
    }
  ]
}

2022-08-03 08:47:42

(5) More

SUCCESS

GetStaticClientConfiguration

Found a static client object

client_id	client04pwk
scope	openid email
jwks	{ "keys": [ { "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8", "kty": "RSA", "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE", "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ", "e": "AQAB", "use": "sig", "kid": "conformancetest", "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI", "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0", "alg": "PS256", "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE", "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw" } ] }
hint_type	login_hint
hint_value	testuser

2022-08-03 08:47:42	SUCCESS	ValidateMTLSCertificatesHeader MTLS certificates header is valid

2022-08-03 08:47:42

(3) More

SUCCESS

ExtractMTLSCertificatesFromConfiguration

Mutual TLS authentication credentials loaded

cert

MIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1owazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjijZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFKoPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4flhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA==

key

MIIEpAIBAAKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABAoIBAEOmr/MnPlWdb41vtTyC9q5XB6sB6JR3fABUARhHj6MMTzWGZU9k2TE4TVWm0xiDPSXAwVADrWnJePlZq0RdRd3MX9iO5daQPZnAEX3Iin9t44jHrZSmClEH6D4b0ur5osgLnMx2R/I3L+lPJfrd/fjpt1lMxjAHCz7Jb7INTnLMjBl8Lji9witoeQseo2+SRLanNckCw9t2/WkqlpyTUnVg6icB9QLAh0ASE/zlMdFMYlo1llfxToRpZKQuE0zTXtvMqfkutqSUb8hLSBTYuMHOh8aycMB//JgiAMwrHVSVcRn2oMqnk5vm08i/sLK8TT8AGAf8Evn0GJJ88kKHvqECgYEA2Xnd/4+98ZiEnLbkgRPVX7pWVa2ZqCAZ4Cf75cv+IlQ3crJniX0IEOpFS71fF8/Ei7DIAELe9zeopQvkUdfzMlC7Rg5AuhJzRIL+FaUFlLJOMz+S7eqiLeabclYGIbZrX+n8Xic01oQxRipgV1XMKj+D3MROUoRCWNMS1Xqghe0CgYEAxQbFsTjipyvk6ZvrpucqAZ1IVIGiVELGMlUEGmyJ8CgXd3gwmU88RahmwBes0GNzm5hws9J+C/S/zt6gu1pP1g/lEpx4/yxg6MZk8AQEk3VG63Tg2rEzjEIQsz0fTXbO1AVSJvEuReB8VCgQEKNYMxrqdHXvpSFHOhQLbvebODkCgYEAgK7e0IjCkQF5fq2t+j69JD7DNUFayaPtC7k9EVWqk6+Xe7PbFfy42CF3TYDJkvJqz2mUfqsS+d+iV774pAEPM3eXyLVIUZH3SNPl+vLBoaH8KdD1ZPhQbK6mznneePZTBNcUcLXsSv6/lVAf362x+FHK+cfivGrsQ1jqLQ25jGUCgYBVrLY2dDgK3YlzE/wK3aZkgVI8fQprfYXVySY5n0z0A1sA9mCbqdrZp3rWuPTKwRQ6arVHXJa2+DyX5jMahREGUm8YAraSr2eMkQi/Xd/nhy3JoU9NiZSSvv+oEUIVWz5g79djW6j1dcJajfk+Yuktf9zHu6jzs17XoHPAUydJ8QKBgQCreujKz7G5EEXkwdEqFFolM9A8ZMB2k3t6FaM4P/lEUs+nFkxYz2+rxI4HMCE0UOCw58ukQjNmXJhumAAB0HIC28gFVuk8FXPRI46ZRQ4uuqQcSCr3/0yPSrJe3uU+IC74iHff9XHmwiHwcpmgsDclyg4Ga5eCf1XNKmZLtu/4Xg==

ca

MIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1owazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjijZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFKoPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4flhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA==

2022-08-03 08:47:42	SUCCESS RFC7517-1.1	ValidateClientJWKsPrivatePart Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url

2022-08-03 08:47:42

(2) More

SUCCESS

ExtractJWKsFromStaticClientConfiguration

Extracted client JWK

client_jwks

{
  "keys": [
    {
      "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8",
      "kty": "RSA",
      "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE",
      "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "conformancetest",
      "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI",
      "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0",
      "alg": "PS256",
      "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE",
      "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw"
    }
  ]
}

public_client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "conformancetest",
      "alg": "PS256",
      "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw"
    }
  ]
}

2022-08-03 08:47:42	SUCCESS OIDCC-10.1	CheckForKeyIdInClientJWKs All keys contain kids

2022-08-03 08:47:42

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Distinct 'kid' value in all keys of client_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-ADV-8.6

FAPICheckKeyAlgInClientJWKs

Keys in client JWKS all have permitted 'alg'

permitted

[
  "ES256",
  "PS256"
]

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumClientKeyLength

Validated minimum key lengths for client_jwks

client_jwks

{
  "keys": [
    {
      "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8",
      "kty": "RSA",
      "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE",
      "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "conformancetest",
      "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI",
      "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0",
      "alg": "PS256",
      "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE",
      "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw"
    }
  ]
}

2022-08-03 08:47:42	SUCCESS	ValidateMTLSCertificatesAsX509 Mutual TLS authentication cert validated as X.509

Verify configuration of second client

2022-08-03 08:47:42

(4) More

SUCCESS

GetStaticClient2Configuration

Found a static second client object

client_id	client05pwk
scope	openid
jwks	{ "keys": [ { "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M", "kty": "RSA", "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0", "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ", "e": "AQAB", "use": "sig", "kid": "ristrettotest", "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes", "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k", "alg": "PS256", "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0", "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw" } ] }
acr_value	urn:acr2

2022-08-03 08:47:42	SUCCESS	ValidateMTLSCertificates2Header MTLS certificates header is valid

2022-08-03 08:47:42

(3) More

SUCCESS

ExtractMTLSCertificates2FromConfiguration

Mutual TLS authentication credentials loaded

cert

MIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlowazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/QODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTGfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBqIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrLp5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ==

key

MIIEogIBAAKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABAoIBABZVROM5pCIa9qsuUxgvF3wXAktoAdahrRMjcnIstNQpQ9cT5Jyk5Sey3P9bLRQCjcj9sFuOUNksFa+nUGw6qKifVDI02eifZAN9CudMH+P/wu3e9rVtsRhOLNG/oz6+1CYbjam7N+FDSz5TFp018fCBoekctbofEVZ3BzJDaX+VrBn6TSBpzMzibDfnnfbkFkep+91okF9TTLIZ+Bjl/f1dVfbMZ6scs2rc7Slp52Od0HZ69gerc7l4IFxCiH2pMMbI6lRESYXlaf4j/mTJR/sFnDvbyET1UVU5paAhZ/TLGougAGzLtOEhlxLSjNv/5RfFIs1NPLW8iu68OgKL94ECgYEA6Ya6XBXydFof+aeHub7AlYdEA9qnQdqQR88AHlHcLIxkyNlVsPh+5/t0SrkJtrspBp233Ne9JTflQYk8/+wBE59NutnKJfzzV04ftm1bmW+gBHT36rZRW8WT2Kto73A9SLzhhQSp1a14ff9vULoRwQLtWpAANkqTCUD0Zwe4v+kCgYEA1zl7LSMmUpjjR1thITcfHnVtI+0U4ilqcDXUZzoaJsSQ4/oSr8Xc2EbF2KsxqPhq6HKOhINsPeN+iA1F0F3+oc32k4PI8NrQtIfLsVEvTQ2LuYsR4a8TNyGH/zk0i/XpRy632BrKcYp6iyb3qQgGMdjsK+PW6PChTa6TaopUpFECgYAWozHTlWkQcGAjImNc1Sn0FM26FesaziYoX9+iEMtoIh/u/Gp7IkujD1Qhnjhb117NvmJBbURvpDB8HuKj6GveTBYL4+rdrdyk/PTECWvUvuZjKDeUMCJI5ClF2q/sbhPyxiSScXZJOWyxwh43VCI+dJsvqT/sA2Sng/1tM2lsaQKBgGitkWZTuTjlGW3EWQpxp9YFoO6fSc/x+s3WsJcAYGXIpvvqzhnlr1MVoPaP1RhssnqZ9Q0oaoXzVsBPTExa2xTRewMmTp4unuGfRofYh5v/YZz9sdXFdCAVU/LjXNZR5YL0iwA1j48HnjB95Gi2+WRXMA7swsMK/jktFo/z9dTxAoGAYk2kwzCs7xwhsa3/xH5xJauvlclDqelC4R1cS2pzQI+MQIfjR4JccZ8xly7HMv+2D9vBModxo/msXGq3QJaAmDHzNhee2+OTuKcDLd7wlwSwqZ9EBvxHuLwI7/QZejw68iLHZWQMH57daNZL9X/8VwmF/C8tawAvXmflv+ra3Ec=

ca

MIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlowazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/QODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTGfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBqIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrLp5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ==

2022-08-03 08:47:42	SUCCESS RFC7517-1.1	ValidateClientJWKsPrivatePart Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url

2022-08-03 08:47:42

(2) More

SUCCESS

ExtractJWKsFromStaticClientConfiguration

Extracted client JWK

client_jwks

{
  "keys": [
    {
      "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M",
      "kty": "RSA",
      "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0",
      "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "ristrettotest",
      "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes",
      "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k",
      "alg": "PS256",
      "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0",
      "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw"
    }
  ]
}

public_client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "ristrettotest",
      "alg": "PS256",
      "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw"
    }
  ]
}

2022-08-03 08:47:42	SUCCESS OIDCC-10.1	CheckForKeyIdInClientJWKs All keys contain kids

2022-08-03 08:47:42

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Distinct 'kid' value in all keys of client_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-ADV-8.6

FAPICheckKeyAlgInClientJWKs

Keys in client JWKS all have permitted 'alg'

permitted

[
  "ES256",
  "PS256"
]

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumClientKeyLength

Validated minimum key lengths for client_jwks

client_jwks

{
  "keys": [
    {
      "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M",
      "kty": "RSA",
      "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0",
      "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "ristrettotest",
      "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes",
      "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k",
      "alg": "PS256",
      "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0",
      "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw"
    }
  ]
}

2022-08-03 08:47:42	SUCCESS	ValidateMTLSCertificatesAsX509 Mutual TLS authentication cert validated as X.509

2022-08-03 08:47:42

(2) More

SUCCESS

ValidateClientPrivateKeysAreDifferent

Client signing JWKs have different thumbprints

jwk1

{
  "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8",
  "kty": "RSA",
  "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE",
  "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ",
  "e": "AQAB",
  "use": "sig",
  "kid": "conformancetest",
  "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI",
  "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0",
  "alg": "PS256",
  "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE",
  "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw"
}

jwk2

{
  "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M",
  "kty": "RSA",
  "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0",
  "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ",
  "e": "AQAB",
  "use": "sig",
  "kid": "ristrettotest",
  "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes",
  "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k",
  "alg": "PS256",
  "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0",
  "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw"
}

2022-08-03 08:47:42

(1) More

SUCCESS

GetResourceEndpointConfiguration

Found a resource endpoint object

resourceUrl

https://isamfed.com:8743/oauth2/open-banking/v3.1/aisp/accounts

2022-08-03 08:47:42

(1) More

SUCCESS

SetProtectedResourceUrlToSingleResourceEndpoint

Set protected resource URL

protected_resource_url

https://isamfed.com:8743/oauth2/open-banking/v3.1/aisp/accounts

2022-08-03 08:47:42

(1) More

SUCCESS

ExtractTLSTestValuesFromResourceConfiguration

Extracted TLS information from resource endpoint

resource_endpoint

{
  "testHost": "isamfed.com",
  "testPort": 8743
}

2022-08-03 08:47:42

(2) More

SUCCESS

ExtractTLSTestValuesFromOBResourceConfiguration

Extracted TLS information from resource endpoint

accounts_resource_endpoint	{ "testHost": "isamfed.com", "testPort": 8743 }
accounts_request_endpoint	{ "testHost": "isamfed.com", "testPort": 8743 }

2022-08-03 08:47:42		fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails Setup Done

Make request to authorization endpoint

2022-08-03 08:47:42

(3) More

SUCCESS

CreateAuthorizationEndpointRequestFromClientInformation

Created authorization endpoint request

client_id	client04pwk
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP_ZY/callback
scope	openid email

2022-08-03 08:47:42

(1) More

SUCCESS

AddAcrClaimToAuthorizationEndpointRequest

Added acr claim to authorization_endpoint_request

authorization_endpoint_request

{
  "client_id": "client04pwk",
  "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP_ZY/callback",
  "scope": "openid email",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}

2022-08-03 08:47:42

(2) More

CreateRandomStateValue

Created state value

requested_state_length	10
state	MYpm04G0M0

2022-08-03 08:47:42

(5) More

SUCCESS

AddStateToAuthorizationEndpointRequest

Added state parameter to request

client_id	client04pwk
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP_ZY/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	MYpm04G0M0

2022-08-03 08:47:42

(2) More

CreateRandomNonceValue

Created nonce value

requested_nonce_length	10
nonce	ikTuPFT2S8

2022-08-03 08:47:42

(6) More

SUCCESS

AddNonceToAuthorizationEndpointRequest

Added nonce parameter to request

client_id	client04pwk
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP_ZY/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	MYpm04G0M0
nonce	ikTuPFT2S8

2022-08-03 08:47:42

(7) More

SUCCESS

SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken

Added response_type parameter to request

client_id	client04pwk
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP_ZY/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	MYpm04G0M0
nonce	ikTuPFT2S8
response_type	code id_token

2022-08-03 08:47:42

(1) More

CreateRandomCodeVerifier

Created code_verifier value

code_verifier

GJuHAhNS0qqoKz68-4sD73WHjGg8C5XhVimcQyCrmfjHjKD0SApu8-piLhpbdCD6TR99.pUOvPhJoXCORozojQ.H0ndoZ7e2Rr0k72~0OqGa.nt4WJxlUKgI1keeTu5z

2022-08-03 08:47:42

(1) More

CreateS256CodeChallenge

Created code_challenge value

code_challenge

xA1G0jUzP_AS2iR0S4HUv7-knxSia-v5ovVwrHTCuPI

2022-08-03 08:47:42

(9) More

SUCCESS

RFC7636-4.3

AddCodeChallengeToAuthorizationEndpointRequest

Added code_challenge and code_challenge_method parameters to request

client_id	client04pwk
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP_ZY/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	MYpm04G0M0
nonce	ikTuPFT2S8
response_type	code id_token
code_challenge	xA1G0jUzP_AS2iR0S4HUv7-knxSia-v5ovVwrHTCuPI
code_challenge_method	S256

2022-08-03 08:47:42

(1) More

SUCCESS

ConvertAuthorizationEndpointRequestToRequestObject

Created request object claims

request_object_claims

{
  "client_id": "client04pwk",
  "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP_ZY/callback",
  "scope": "openid email",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "MYpm04G0M0",
  "nonce": "ikTuPFT2S8",
  "response_type": "code id_token",
  "code_challenge": "xA1G0jUzP_AS2iR0S4HUv7-knxSia-v5ovVwrHTCuPI",
  "code_challenge_method": "S256"
}

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-ADV-5.2.2-17

AddNbfToRequestObject

Added nbf to request object claims

nbf	1.659516462E9

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-ADV-5.2.2-13

AddExpToRequestObject

Added exp to request object claims

exp	1.659516762E9

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-ADV-5.2.2-14

AddAudToRequestObject

Added aud to request object claims

aud	https://isamfed.com:8743/oauth2/

2022-08-03 08:47:42

(1) More

SUCCESS

OIDCC-6.1

AddIssToRequestObject

Added iss to request object claims

iss	client04pwk

2022-08-03 08:47:42

(1) More

SUCCESS

FAPI1-ADV-5.2.3-8

AddClientIdToRequestObject

Added client_id to request object claims

client_id

client04pwk

2022-08-03 08:47:42

(4) More

SUCCESS

SignRequestObject

Signed the request object

claims	{ "iss": "client04pwk", "response_type": "code id_token", "code_challenge_method": "S256", "nonce": "ikTuPFT2S8", "client_id": "client04pwk", "aud": "https://isamfed.com:8743/oauth2/", "nbf": 1659516462, "scope": "openid email", "claims": { "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }, "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP_ZY/callback", "state": "MYpm04G0M0", "exp": 1659516762, "code_challenge": "xA1G0jUzP_AS2iR0S4HUv7-knxSia-v5ovVwrHTCuPI" }
header	{ "kid": "conformancetest", "alg": "PS256" }
request_object	eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJjbGllbnQwNHB3ayIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsImNsaWVudF9pZCI6ImNsaWVudDA0cHdrIiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjg3NDNcL29hdXRoMlwvIiwibmJmIjoxNjU5NTE2NDYyLCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QX1pZXC9jYWxsYmFjayIsInN0YXRlIjoiTVlwbTA0RzBNMCIsImV4cCI6MTY1OTUxNjc2MiwiY29kZV9jaGFsbGVuZ2UiOiJ4QTFHMGpVelBfQVMyaVIwUzRIVXY3LWtueFNpYS12NW92VndySFRDdVBJIn0.tFh_eH_YhZiZtirHPulVUKcs7dRUF-HIM3xszjn78DD_i8RokemckefcLMvsM1P8KpezhIUUnRnqxt-UgTbMt1bx6G9t2nNdG-Se2MAJwIXFnhJEKyvScMx6wFaLjq5x5OcjGPOsI5DeahOYPZ2P37ikB7J5XYJFYTCxt-VOOcq8EZusmh5I6iEFlbbH1qk3OIOl-_9AeRjeRyu3R1T_7xGnwNFZh_dIEPz1RL2rJ_vxDuTFOgdMy6JyKl6K2r-voWPEsCJqWugWsoCnQUy8FiIGeN4-b3T6W5qfJAw-egziHnna5LUnQYe1SB6GIMCTDHUmJ9ChGGdRsSiW_L7V3w
key	{ "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8", "kty": "RSA", "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE", "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ", "e": "AQAB", "use": "sig", "kid": "conformancetest", "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI", "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0", "alg": "PS256", "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE", "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw" }

2022-08-03 08:47:42

(1) More

SUCCESS

BuildRequestObjectPostToPAREndpoint

request

eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJjbGllbnQwNHB3ayIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsImNsaWVudF9pZCI6ImNsaWVudDA0cHdrIiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjg3NDNcL29hdXRoMlwvIiwibmJmIjoxNjU5NTE2NDYyLCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QX1pZXC9jYWxsYmFjayIsInN0YXRlIjoiTVlwbTA0RzBNMCIsImV4cCI6MTY1OTUxNjc2MiwiY29kZV9jaGFsbGVuZ2UiOiJ4QTFHMGpVelBfQVMyaVIwUzRIVXY3LWtueFNpYS12NW92VndySFRDdVBJIn0.tFh_eH_YhZiZtirHPulVUKcs7dRUF-HIM3xszjn78DD_i8RokemckefcLMvsM1P8KpezhIUUnRnqxt-UgTbMt1bx6G9t2nNdG-Se2MAJwIXFnhJEKyvScMx6wFaLjq5x5OcjGPOsI5DeahOYPZ2P37ikB7J5XYJFYTCxt-VOOcq8EZusmh5I6iEFlbbH1qk3OIOl-_9AeRjeRyu3R1T_7xGnwNFZh_dIEPz1RL2rJ_vxDuTFOgdMy6JyKl6K2r-voWPEsCJqWugWsoCnQUy8FiIGeN4-b3T6W5qfJAw-egziHnna5LUnQYe1SB6GIMCTDHUmJ9ChGGdRsSiW_L7V3w

2022-08-03 08:47:42

(6) More

SUCCESS

CreateClientAuthenticationAssertionClaims

Created client assertion claims

iss	client04pwk
sub	client04pwk
aud	https://isamfed.com:8743/oauth2/token
jti	MrsP1Qso8JSJLJqCg2rj
iat	1659516462
exp	1659516522

2022-08-03 08:47:42

(6) More

SUCCESS

PAR-2

UpdateClientAuthenticationAssertionClaimsWithISSAud

Updated audience in client assertion claims

iss	client04pwk
sub	client04pwk
jti	MrsP1Qso8JSJLJqCg2rj
iat	1659516462
exp	1659516522
aud	https://isamfed.com:8743/oauth2/

2022-08-03 08:47:42

(1) More

SUCCESS

SignClientAuthenticationAssertion

Signed the client assertion

client_assertion

eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJjbGllbnQwNHB3ayIsImF1ZCI6Imh0dHBzOlwvXC9pc2FtZmVkLmNvbTo4NzQzXC9vYXV0aDJcLyIsImlzcyI6ImNsaWVudDA0cHdrIiwiZXhwIjoxNjU5NTE2NTIyLCJpYXQiOjE2NTk1MTY0NjIsImp0aSI6Ik1yc1AxUXNvOEpTSkxKcUNnMnJqIn0.l0yc_MZeFkPhR1krrefEEJZtFbsm7U4x-jc9bOYs8qSvbZKlw25_Jww3VGDjNynsIbmaiYKU3w0r5aXgAjLKacdBt9FUAo9BmpLiaeeUUuj_4YEE3OA0JHDtjlL5Ni2cJ4TMMd-LgvZHgJLXVMm3pvQjxB4LnXon0Sh2BUNqWjDDzQhTlV_EhJoLvFF7wPFcFbDs86yaRRBwprMj_UT50hF-x4qEfb_R2Ye6I9oboBJ4fByJSf0F9jdAen51oYCygPV3ofl7sIlFeiE3lpQum8yds1nSxBiY1VZdDrrHFWNlh3oyGa_JlP4PQgcS4wHgYjP3yAGY2BBcsfAUYoK3tA

2022-08-03 08:47:42

(1) More

SUCCESS

AddClientAssertionToPAREndpointParameters

Added client assertion to request

request

{
  "request": "eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJjbGllbnQwNHB3ayIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsImNsaWVudF9pZCI6ImNsaWVudDA0cHdrIiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjg3NDNcL29hdXRoMlwvIiwibmJmIjoxNjU5NTE2NDYyLCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QX1pZXC9jYWxsYmFjayIsInN0YXRlIjoiTVlwbTA0RzBNMCIsImV4cCI6MTY1OTUxNjc2MiwiY29kZV9jaGFsbGVuZ2UiOiJ4QTFHMGpVelBfQVMyaVIwUzRIVXY3LWtueFNpYS12NW92VndySFRDdVBJIn0.tFh_eH_YhZiZtirHPulVUKcs7dRUF-HIM3xszjn78DD_i8RokemckefcLMvsM1P8KpezhIUUnRnqxt-UgTbMt1bx6G9t2nNdG-Se2MAJwIXFnhJEKyvScMx6wFaLjq5x5OcjGPOsI5DeahOYPZ2P37ikB7J5XYJFYTCxt-VOOcq8EZusmh5I6iEFlbbH1qk3OIOl-_9AeRjeRyu3R1T_7xGnwNFZh_dIEPz1RL2rJ_vxDuTFOgdMy6JyKl6K2r-voWPEsCJqWugWsoCnQUy8FiIGeN4-b3T6W5qfJAw-egziHnna5LUnQYe1SB6GIMCTDHUmJ9ChGGdRsSiW_L7V3w",
  "client_assertion": "eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJjbGllbnQwNHB3ayIsImF1ZCI6Imh0dHBzOlwvXC9pc2FtZmVkLmNvbTo4NzQzXC9vYXV0aDJcLyIsImlzcyI6ImNsaWVudDA0cHdrIiwiZXhwIjoxNjU5NTE2NTIyLCJpYXQiOjE2NTk1MTY0NjIsImp0aSI6Ik1yc1AxUXNvOEpTSkxKcUNnMnJqIn0.l0yc_MZeFkPhR1krrefEEJZtFbsm7U4x-jc9bOYs8qSvbZKlw25_Jww3VGDjNynsIbmaiYKU3w0r5aXgAjLKacdBt9FUAo9BmpLiaeeUUuj_4YEE3OA0JHDtjlL5Ni2cJ4TMMd-LgvZHgJLXVMm3pvQjxB4LnXon0Sh2BUNqWjDDzQhTlV_EhJoLvFF7wPFcFbDs86yaRRBwprMj_UT50hF-x4qEfb_R2Ye6I9oboBJ4fByJSf0F9jdAen51oYCygPV3ofl7sIlFeiE3lpQum8yds1nSxBiY1VZdDrrHFWNlh3oyGa_JlP4PQgcS4wHgYjP3yAGY2BBcsfAUYoK3tA",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}

2022-08-03 08:47:42

(4) More

CallPAREndpoint

HTTP request

request_uri	https://isamfed.com:8743/oauth2/par
request_method	POST
request_headers	{ "accept": "application/json", "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8", "content-length": "1759" }
request_body	request=eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJjbGllbnQwNHB3ayIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsImNsaWVudF9pZCI6ImNsaWVudDA0cHdrIiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjg3NDNcL29hdXRoMlwvIiwibmJmIjoxNjU5NTE2NDYyLCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QX1pZXC9jYWxsYmFjayIsInN0YXRlIjoiTVlwbTA0RzBNMCIsImV4cCI6MTY1OTUxNjc2MiwiY29kZV9jaGFsbGVuZ2UiOiJ4QTFHMGpVelBfQVMyaVIwUzRIVXY3LWtueFNpYS12NW92VndySFRDdVBJIn0.tFh_eH_YhZiZtirHPulVUKcs7dRUF-HIM3xszjn78DD_i8RokemckefcLMvsM1P8KpezhIUUnRnqxt-UgTbMt1bx6G9t2nNdG-Se2MAJwIXFnhJEKyvScMx6wFaLjq5x5OcjGPOsI5DeahOYPZ2P37ikB7J5XYJFYTCxt-VOOcq8EZusmh5I6iEFlbbH1qk3OIOl-_9AeRjeRyu3R1T_7xGnwNFZh_dIEPz1RL2rJ_vxDuTFOgdMy6JyKl6K2r-voWPEsCJqWugWsoCnQUy8FiIGeN4-b3T6W5qfJAw-egziHnna5LUnQYe1SB6GIMCTDHUmJ9ChGGdRsSiW_L7V3w&client_assertion=eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJjbGllbnQwNHB3ayIsImF1ZCI6Imh0dHBzOlwvXC9pc2FtZmVkLmNvbTo4NzQzXC9vYXV0aDJcLyIsImlzcyI6ImNsaWVudDA0cHdrIiwiZXhwIjoxNjU5NTE2NTIyLCJpYXQiOjE2NTk1MTY0NjIsImp0aSI6Ik1yc1AxUXNvOEpTSkxKcUNnMnJqIn0.l0yc_MZeFkPhR1krrefEEJZtFbsm7U4x-jc9bOYs8qSvbZKlw25_Jww3VGDjNynsIbmaiYKU3w0r5aXgAjLKacdBt9FUAo9BmpLiaeeUUuj_4YEE3OA0JHDtjlL5Ni2cJ4TMMd-LgvZHgJLXVMm3pvQjxB4LnXon0Sh2BUNqWjDDzQhTlV_EhJoLvFF7wPFcFbDs86yaRRBwprMj_UT50hF-x4qEfb_R2Ye6I9oboBJ4fByJSf0F9jdAen51oYCygPV3ofl7sIlFeiE3lpQum8yds1nSxBiY1VZdDrrHFWNlh3oyGa_JlP4PQgcS4wHgYjP3yAGY2BBcsfAUYoK3tA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer

2022-08-03 08:47:43

(4) More

RESPONSE

CallPAREndpoint

HTTP response

response_status_code	201 CREATED
response_status_text	Created
response_headers	{ "content-length": "112", "content-type": "application/json;charset\u003dUTF-8", "date": "Wed, 03 Aug 2022 08:47:43 GMT", "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"", "cache-control": "no-store", "x-correlation-id": "CORR_ID-7049d27a-4002-444f-a0f7-79c6c64aab90", "strict-transport-security": "max-age\u003d31536000; includeSubDomains", "pragma": "no-cache" }
response_body	{"expires_in":600,"request_uri":"urn:ietf:params:oauth:request_uri:1GXQ2FLUoiMc-bC7TQ33B6B9_1v-hqZ40vbYTYC4IbA"}

2022-08-03 08:47:43

(2) More

SUCCESS

PAR-2.1

CallPAREndpoint

Parsed pushed authorization request endpoint response

expires_in	600
request_uri	urn:ietf:params:oauth:request_uri:1GXQ2FLUoiMc-bC7TQ33B6B9_1v-hqZ40vbYTYC4IbA

2022-08-03 08:47:43	SUCCESS PAR-2.2 PAR-2.3	CheckPAREndpointResponse201WithNoError pushed authorization request endpoint correct response.

2022-08-03 08:47:43

(1) More

SUCCESS

PAR-2.2

CheckForRequestUriValue

Found valid request_uri

request_uri

urn:ietf:params:oauth:request_uri:1GXQ2FLUoiMc-bC7TQ33B6B9_1v-hqZ40vbYTYC4IbA

2022-08-03 08:47:43

(1) More

SUCCESS

PAR-2.2

CheckForPARResponseExpiresIn

Found expires_in

expires_in

2022-08-03 08:47:43	SUCCESS	ExtractRequestUriFromPARResponse Extracted the request_uri: urn:ietf:params:oauth:request_uri:1GXQ2FLUoiMc-bC7TQ33B6B9_1v-hqZ40vbYTYC4IbA

2022-08-03 08:47:43

(3) More

SUCCESS

PAR-7.1 PAR-2.2 JAR-10.2

EnsureMinimumRequestUriEntropy

Calculated shannon entropy seems sufficient

actual	401.1584856482533
expected	128.0
value	urn:ietf:params:oauth:request_uri:1GXQ2FLUoiMc-bC7TQ33B6B9_1v-hqZ40vbYTYC4IbA

2022-08-03 08:47:43

(1) More

SUCCESS

PAR-4

BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint

Sending to authorization endpoint

redirect_to_authorization_endpoint

https://isamfed.com:8743/oauth2/authorize?request_uri=urn:ietf:params:oauth:request_uri:1GXQ2FLUoiMc-bC7TQ33B6B9_1v-hqZ40vbYTYC4IbA&client_id=client04pwk&redirect_uri=https://www.certification.openid.net/test/a/ISVAOP_ZY/callback&scope=openid%20email&response_type=code%20id_token

2022-08-03 08:47:43

(1) More

REDIRECT

fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails

Redirecting to authorization endpoint

redirect_to

https://isamfed.com:8743/oauth2/authorize?request_uri=urn:ietf:params:oauth:request_uri:1GXQ2FLUoiMc-bC7TQ33B6B9_1v-hqZ40vbYTYC4IbA&client_id=client04pwk&redirect_uri=https://www.certification.openid.net/test/a/ISVAOP_ZY/callback&scope=openid%20email&response_type=code%20id_token

2022-08-03 08:47:54

(11) More

INCOMING

fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails

Incoming HTTP request to /test/a/ISVAOP_ZY/callback

incoming_headers	{ "host": "www.certification.openid.net", "cache-control": "max-age\u003d0", "upgrade-insecure-requests": "1", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,/;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9", "sec-fetch-site": "cross-site", "sec-fetch-mode": "navigate", "sec-fetch-user": "?1", "sec-fetch-dest": "document", "sec-ch-ua": "\".Not/A)Brand\";v\u003d\"99\", \"Google Chrome\";v\u003d\"103\", \"Chromium\";v\u003d\"103\"", "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": "\"Windows\"", "referer": "https://isamfed.com:8743/", "accept-encoding": "gzip, deflate, br", "accept-language": "en-US,en;q\u003d0.9,pt-BR;q\u003d0.8,pt;q\u003d0.7,it-IT;q\u003d0.6,it;q\u003d0.5,zh-TW;q\u003d0.4,zh;q\u003d0.3,cs;q\u003d0.2,de;q\u003d0.1,fr-FR;q\u003d0.1,fr;q\u003d0.1,zh-CN;q\u003d0.1,es;q\u003d0.1,hu;q\u003d0.1,ja;q\u003d0.1,ko;q\u003d0.1,pl;q\u003d0.1,ru;q\u003d0.1", "cookie": "__utmc\u003d201319536; _ga\u003dGA1.2.1639795124.1655210323; __utmz\u003d201319536.1658851092.11.8.utmcsr\u003dgoogle\|utmccn\u003d(organic)\|utmcmd\u003dorganic\|utmctr\u003d(not%20provided); __utma\u003d201319536.1639795124.1655210323.1658851092.1658985428.12; JSESSIONID\u003d92AC5AAA3256EF30E6E6F8209F6D9604", "connection": "close" }
incoming_path	/test/a/ISVAOP_ZY/callback
incoming_body_form_params
incoming_method	GET
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{}
incoming_body
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_tls_cipher	ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json

2022-08-03 08:47:54

(1) More

SUCCESS

CreateRandomImplicitSubmitUrl

Created random implicit submission URL

implicit_submit

{
  "path": "implicit/f6u7JQJRgtJEofiBZtjI",
  "fullUrl": "https://www.certification.openid.net/test/a/ISVAOP_ZY/implicit/f6u7JQJRgtJEofiBZtjI"
}

2022-08-03 08:47:54

(2) More

OUTGOING

fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails

Response to HTTP request to test instance 9EKM42sWOJSJPFY

outgoing

ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/ISVAOP_ZY/implicit/f6u7JQJRgtJEofiBZtjI, returnUrl=/log-detail.html?log=9EKM42sWOJSJPFY}]

outgoing_path

callback

2022-08-03 08:47:55

(11) More

INCOMING

fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails

Incoming HTTP request to /test/a/ISVAOP_ZY/implicit/f6u7JQJRgtJEofiBZtjI

incoming_headers	{ "host": "www.certification.openid.net", "sec-ch-ua": "\".Not/A)Brand\";v\u003d\"99\", \"Google Chrome\";v\u003d\"103\", \"Chromium\";v\u003d\"103\"", "accept": "/", "content-type": "text/plain", "x-requested-with": "XMLHttpRequest", "sec-ch-ua-mobile": "?0", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36", "sec-ch-ua-platform": "\"Windows\"", "origin": "https://www.certification.openid.net", "sec-fetch-site": "same-origin", "sec-fetch-mode": "cors", "sec-fetch-dest": "empty", "referer": "https://www.certification.openid.net/test/a/ISVAOP_ZY/callback", "accept-encoding": "gzip, deflate, br", "accept-language": "en-US,en;q\u003d0.9,pt-BR;q\u003d0.8,pt;q\u003d0.7,it-IT;q\u003d0.6,it;q\u003d0.5,zh-TW;q\u003d0.4,zh;q\u003d0.3,cs;q\u003d0.2,de;q\u003d0.1,fr-FR;q\u003d0.1,fr;q\u003d0.1,zh-CN;q\u003d0.1,es;q\u003d0.1,hu;q\u003d0.1,ja;q\u003d0.1,ko;q\u003d0.1,pl;q\u003d0.1,ru;q\u003d0.1", "cookie": "__utmc\u003d201319536; _ga\u003dGA1.2.1639795124.1655210323; __utmz\u003d201319536.1658851092.11.8.utmcsr\u003dgoogle\|utmccn\u003d(organic)\|utmcmd\u003dorganic\|utmctr\u003d(not%20provided); __utma\u003d201319536.1639795124.1655210323.1658851092.1658985428.12; JSESSIONID\u003d92AC5AAA3256EF30E6E6F8209F6D9604", "connection": "close", "content-length": "998" }
incoming_path	/test/a/ISVAOP_ZY/implicit/f6u7JQJRgtJEofiBZtjI
incoming_body_form_params
incoming_method	POST
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{}
incoming_body	#code=NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A&id_token=eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYTI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXVkIjpbImNsaWVudDA0cHdrIl0sImF1dGhfdGltZSI6MTY1OTUxNTY3OSwiY19oYXNoIjoiOXVjTXZnSl9tN3lhcnFTU00xemI5dyIsImV4cCI6MTY1OTUyMDA3MywiaWF0IjoxNjU5NTE2NDczLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjg3NDMvb2F1dGgyLyIsImp0aSI6IjQzOGM2Y2E1LWUzYmYtNDU0YS04ZGYwLTQ1YmQ5ODVmY2IwNSIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsInJhdCI6MTY1OTUxNjQ2Mywic19oYXNoIjoiYU5jQTBTU2pUbmpwUUZjTUNwNXpGQSIsInN1YiI6InRlc3R1c2VyIn0.pBT--camZOc-LWya26-5Q08RncZ8LqeFKT5CIcKCJKAqB-7Zv4FA6wSwaUElLONhfFPMAHODtrG_7_5JXRxSsX7Ud_86IEiNUVr_9fOXTm-eaWNWcXg53GOPdea3z4i7cAlYHxvH6poltisfpdnzIVvpUFtbGpY3qB8xi3FzZZziAZASj4EbuNDwU68yBiVe9ezI4zkK8aNw_KmujOCk3p9ZPtKBrhwdrZPZ_3ASN_52Nmxp7XTvlp7d8XChWBGXUWWPC_7E_eVJTSpaJK94UoDBT900qp9qW6HcbtL2cGklwMrhi5ICkgs3_4P1ES-HbUY8WWDus2IOvSxGZ3bw7Q&state=MYpm04G0M0
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_tls_cipher	ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json

2022-08-03 08:47:55

(4) More

OUTGOING

fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails

Response to HTTP request to test instance 9EKM42sWOJSJPFY

outgoing_status_code	204
outgoing_headers	{}
outgoing_body
outgoing_path	implicit/f6u7JQJRgtJEofiBZtjI

2022-08-03 08:47:55

(1) More

ExtractImplicitHashToCallbackResponse

Extracted response from URL fragment

parameters

[
  {
    "name": "code",
    "value": "NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A"
  },
  {
    "name": "id_token",
    "value": "eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYTI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXVkIjpbImNsaWVudDA0cHdrIl0sImF1dGhfdGltZSI6MTY1OTUxNTY3OSwiY19oYXNoIjoiOXVjTXZnSl9tN3lhcnFTU00xemI5dyIsImV4cCI6MTY1OTUyMDA3MywiaWF0IjoxNjU5NTE2NDczLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjg3NDMvb2F1dGgyLyIsImp0aSI6IjQzOGM2Y2E1LWUzYmYtNDU0YS04ZGYwLTQ1YmQ5ODVmY2IwNSIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsInJhdCI6MTY1OTUxNjQ2Mywic19oYXNoIjoiYU5jQTBTU2pUbmpwUUZjTUNwNXpGQSIsInN1YiI6InRlc3R1c2VyIn0.pBT--camZOc-LWya26-5Q08RncZ8LqeFKT5CIcKCJKAqB-7Zv4FA6wSwaUElLONhfFPMAHODtrG_7_5JXRxSsX7Ud_86IEiNUVr_9fOXTm-eaWNWcXg53GOPdea3z4i7cAlYHxvH6poltisfpdnzIVvpUFtbGpY3qB8xi3FzZZziAZASj4EbuNDwU68yBiVe9ezI4zkK8aNw_KmujOCk3p9ZPtKBrhwdrZPZ_3ASN_52Nmxp7XTvlp7d8XChWBGXUWWPC_7E_eVJTSpaJK94UoDBT900qp9qW6HcbtL2cGklwMrhi5ICkgs3_4P1ES-HbUY8WWDus2IOvSxGZ3bw7Q"
  },
  {
    "name": "state",
    "value": "MYpm04G0M0"
  }
]

2022-08-03 08:47:55

(3) More

SUCCESS

ExtractImplicitHashToCallbackResponse

Extracted the hash values

code	NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A
id_token	eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYTI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXVkIjpbImNsaWVudDA0cHdrIl0sImF1dGhfdGltZSI6MTY1OTUxNTY3OSwiY19oYXNoIjoiOXVjTXZnSl9tN3lhcnFTU00xemI5dyIsImV4cCI6MTY1OTUyMDA3MywiaWF0IjoxNjU5NTE2NDczLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjg3NDMvb2F1dGgyLyIsImp0aSI6IjQzOGM2Y2E1LWUzYmYtNDU0YS04ZGYwLTQ1YmQ5ODVmY2IwNSIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsInJhdCI6MTY1OTUxNjQ2Mywic19oYXNoIjoiYU5jQTBTU2pUbmpwUUZjTUNwNXpGQSIsInN1YiI6InRlc3R1c2VyIn0.pBT--camZOc-LWya26-5Q08RncZ8LqeFKT5CIcKCJKAqB-7Zv4FA6wSwaUElLONhfFPMAHODtrG_7_5JXRxSsX7Ud_86IEiNUVr_9fOXTm-eaWNWcXg53GOPdea3z4i7cAlYHxvH6poltisfpdnzIVvpUFtbGpY3qB8xi3FzZZziAZASj4EbuNDwU68yBiVe9ezI4zkK8aNw_KmujOCk3p9ZPtKBrhwdrZPZ_3ASN_52Nmxp7XTvlp7d8XChWBGXUWWPC_7E_eVJTSpaJK94UoDBT900qp9qW6HcbtL2cGklwMrhi5ICkgs3_4P1ES-HbUY8WWDus2IOvSxGZ3bw7Q
state	MYpm04G0M0

2022-08-03 08:47:55

(5) More

REDIRECT-IN

fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails

Authorization endpoint response captured

url_query	{}
headers	{ "host": "www.certification.openid.net", "cache-control": "max-age\u003d0", "upgrade-insecure-requests": "1", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,/;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9", "sec-fetch-site": "cross-site", "sec-fetch-mode": "navigate", "sec-fetch-user": "?1", "sec-fetch-dest": "document", "sec-ch-ua": "\".Not/A)Brand\";v\u003d\"99\", \"Google Chrome\";v\u003d\"103\", \"Chromium\";v\u003d\"103\"", "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": "\"Windows\"", "referer": "https://isamfed.com:8743/", "accept-encoding": "gzip, deflate, br", "accept-language": "en-US,en;q\u003d0.9,pt-BR;q\u003d0.8,pt;q\u003d0.7,it-IT;q\u003d0.6,it;q\u003d0.5,zh-TW;q\u003d0.4,zh;q\u003d0.3,cs;q\u003d0.2,de;q\u003d0.1,fr-FR;q\u003d0.1,fr;q\u003d0.1,zh-CN;q\u003d0.1,es;q\u003d0.1,hu;q\u003d0.1,ja;q\u003d0.1,ko;q\u003d0.1,pl;q\u003d0.1,ru;q\u003d0.1", "cookie": "__utmc\u003d201319536; _ga\u003dGA1.2.1639795124.1655210323; __utmz\u003d201319536.1658851092.11.8.utmcsr\u003dgoogle\|utmccn\u003d(organic)\|utmcmd\u003dorganic\|utmctr\u003d(not%20provided); __utma\u003d201319536.1639795124.1655210323.1658851092.1658985428.12; JSESSIONID\u003d92AC5AAA3256EF30E6E6F8209F6D9604", "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256", "x-ssl-protocol": "TLSv1.2", "x-forwarded-proto": "https", "x-forwarded-port": "443", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
http_method	GET
url_fragment	{ "code": "NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A", "id_token": "eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYTI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXVkIjpbImNsaWVudDA0cHdrIl0sImF1dGhfdGltZSI6MTY1OTUxNTY3OSwiY19oYXNoIjoiOXVjTXZnSl9tN3lhcnFTU00xemI5dyIsImV4cCI6MTY1OTUyMDA3MywiaWF0IjoxNjU5NTE2NDczLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjg3NDMvb2F1dGgyLyIsImp0aSI6IjQzOGM2Y2E1LWUzYmYtNDU0YS04ZGYwLTQ1YmQ5ODVmY2IwNSIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsInJhdCI6MTY1OTUxNjQ2Mywic19oYXNoIjoiYU5jQTBTU2pUbmpwUUZjTUNwNXpGQSIsInN1YiI6InRlc3R1c2VyIn0.pBT--camZOc-LWya26-5Q08RncZ8LqeFKT5CIcKCJKAqB-7Zv4FA6wSwaUElLONhfFPMAHODtrG_7_5JXRxSsX7Ud_86IEiNUVr_9fOXTm-eaWNWcXg53GOPdea3z4i7cAlYHxvH6poltisfpdnzIVvpUFtbGpY3qB8xi3FzZZziAZASj4EbuNDwU68yBiVe9ezI4zkK8aNw_KmujOCk3p9ZPtKBrhwdrZPZ_3ASN_52Nmxp7XTvlp7d8XChWBGXUWWPC_7E_eVJTSpaJK94UoDBT900qp9qW6HcbtL2cGklwMrhi5ICkgs3_4P1ES-HbUY8WWDus2IOvSxGZ3bw7Q", "state": "MYpm04G0M0" }
post_body

Verify authorization endpoint response

2022-08-03 08:47:55	SUCCESS OAuth2-RT-5	RejectErrorInUrlQuery 'error' is not present in URL query returned from authorization endpoint

2022-08-03 08:47:55	SUCCESS OIDCC-3.3.2.5	RejectAuthCodeInUrlQuery Authorization code is not present in URL query returned from authorization endpoint

2022-08-03 08:47:55	SUCCESS	CheckMatchingCallbackParameters Callback parameters successfully verified

2022-08-03 08:47:55	SUCCESS OIDCC-3.3.2.5	RejectStateInUrlQueryForHybridFlow state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)

2022-08-03 08:47:55	SUCCESS	CheckIfAuthorizationEndpointError No error from authorization endpoint

2022-08-03 08:47:55

(3) More

SUCCESS

ValidateSuccessfulHybridResponseFromAuthorizationEndpoint

authorization endpoint response does not include unexpected parameters

code	NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A
id_token	eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYTI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXVkIjpbImNsaWVudDA0cHdrIl0sImF1dGhfdGltZSI6MTY1OTUxNTY3OSwiY19oYXNoIjoiOXVjTXZnSl9tN3lhcnFTU00xemI5dyIsImV4cCI6MTY1OTUyMDA3MywiaWF0IjoxNjU5NTE2NDczLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjg3NDMvb2F1dGgyLyIsImp0aSI6IjQzOGM2Y2E1LWUzYmYtNDU0YS04ZGYwLTQ1YmQ5ODVmY2IwNSIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsInJhdCI6MTY1OTUxNjQ2Mywic19oYXNoIjoiYU5jQTBTU2pUbmpwUUZjTUNwNXpGQSIsInN1YiI6InRlc3R1c2VyIn0.pBT--camZOc-LWya26-5Q08RncZ8LqeFKT5CIcKCJKAqB-7Zv4FA6wSwaUElLONhfFPMAHODtrG_7_5JXRxSsX7Ud_86IEiNUVr_9fOXTm-eaWNWcXg53GOPdea3z4i7cAlYHxvH6poltisfpdnzIVvpUFtbGpY3qB8xi3FzZZziAZASj4EbuNDwU68yBiVe9ezI4zkK8aNw_KmujOCk3p9ZPtKBrhwdrZPZ_3ASN_52Nmxp7XTvlp7d8XChWBGXUWWPC_7E_eVJTSpaJK94UoDBT900qp9qW6HcbtL2cGklwMrhi5ICkgs3_4P1ES-HbUY8WWDus2IOvSxGZ3bw7Q
state	MYpm04G0M0

2022-08-03 08:47:55

(1) More

SUCCESS

OIDCC-3.2.2.5 JARM-4.4-2

CheckStateInAuthorizationResponse

State in response correctly returned

state

MYpm04G0M0

2022-08-03 08:47:55		ValidateIssInAuthorizationResponse No 'iss' value in authorization response.

2022-08-03 08:47:55

(1) More

SUCCESS

ExtractAuthorizationCodeFromAuthorizationResponse

Found authorization code

code	NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A

2022-08-03 08:47:55

(2) More

SUCCESS

RFC6819-5.1.4.2-2 RFC6749-10.10

EnsureMinimumAuthorizationCodeLength

Authorization code is of sufficient length

actual	1040
required	128

2022-08-03 08:47:55

(3) More

SUCCESS

RFC6819-5.1.4.2-2 RFC6749-10.10

EnsureMinimumAuthorizationCodeEntropy

Calculated shannon entropy seems sufficient

actual	733.8749972167006
expected	96.0
value	NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A

2022-08-03 08:47:55

(3) More

SUCCESS

FAPI1-ADV-5.2.2.1-4

ExtractIdTokenFromAuthorizationResponse

Found and parsed the id_token from authorization_endpoint_response

value	eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYTI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXVkIjpbImNsaWVudDA0cHdrIl0sImF1dGhfdGltZSI6MTY1OTUxNTY3OSwiY19oYXNoIjoiOXVjTXZnSl9tN3lhcnFTU00xemI5dyIsImV4cCI6MTY1OTUyMDA3MywiaWF0IjoxNjU5NTE2NDczLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjg3NDMvb2F1dGgyLyIsImp0aSI6IjQzOGM2Y2E1LWUzYmYtNDU0YS04ZGYwLTQ1YmQ5ODVmY2IwNSIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsInJhdCI6MTY1OTUxNjQ2Mywic19oYXNoIjoiYU5jQTBTU2pUbmpwUUZjTUNwNXpGQSIsInN1YiI6InRlc3R1c2VyIn0.pBT--camZOc-LWya26-5Q08RncZ8LqeFKT5CIcKCJKAqB-7Zv4FA6wSwaUElLONhfFPMAHODtrG_7_5JXRxSsX7Ud_86IEiNUVr_9fOXTm-eaWNWcXg53GOPdea3z4i7cAlYHxvH6poltisfpdnzIVvpUFtbGpY3qB8xi3FzZZziAZASj4EbuNDwU68yBiVe9ezI4zkK8aNw_KmujOCk3p9ZPtKBrhwdrZPZ_3ASN_52Nmxp7XTvlp7d8XChWBGXUWWPC_7E_eVJTSpaJK94UoDBT900qp9qW6HcbtL2cGklwMrhi5ICkgs3_4P1ES-HbUY8WWDus2IOvSxGZ3bw7Q
header	{ "kid": "rsa256", "typ": "JWT", "alg": "PS256" }
claims	{ "acr": "urn:mace:incommon:iap:silver", "aud": "client04pwk", "c_hash": "9ucMvgJ_m7yarqSSM1zb9w", "sub": "testuser", "s_hash": "aNcA0SSjTnjpQFcMCp5zFA", "rat": 1659516463, "auth_time": 1659515679, "iss": "https://isamfed.com:8743/oauth2/", "exp": 1659520073, "iat": 1659516473, "nonce": "ikTuPFT2S8", "jti": "438c6ca5-e3bf-454a-8df0-45bd985fcb05" }

2022-08-03 08:47:55	SUCCESS OIDCC-3.1.3.7	ValidateIdToken ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks

2022-08-03 08:47:55		ValidateIdTokenStandardClaims sub is a string with content

2022-08-03 08:47:55		ValidateIdTokenStandardClaims Skipping unknown claim: rat

2022-08-03 08:47:55	SUCCESS OIDCC-5.1	ValidateIdTokenStandardClaims id_token claims are valid

2022-08-03 08:47:55

(1) More

SUCCESS

OIDCC-2

ValidateIdTokenNonce

Nonce values match

nonce

ikTuPFT2S8

2022-08-03 08:47:55

(2) More

SUCCESS

OIDCC-5.5.1.1

ValidateIdTokenACRClaimAgainstRequest

acr value in id_token is (one of) the requested values

actual	urn:mace:incommon:iap:silver
requested	[ "urn:mace:incommon:iap:silver" ]

2022-08-03 08:47:55

(1) More

SUCCESS

ValidateIdTokenSignature

id_token signature validated

id_token

eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYTI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXVkIjpbImNsaWVudDA0cHdrIl0sImF1dGhfdGltZSI6MTY1OTUxNTY3OSwiY19oYXNoIjoiOXVjTXZnSl9tN3lhcnFTU00xemI5dyIsImV4cCI6MTY1OTUyMDA3MywiaWF0IjoxNjU5NTE2NDczLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjg3NDMvb2F1dGgyLyIsImp0aSI6IjQzOGM2Y2E1LWUzYmYtNDU0YS04ZGYwLTQ1YmQ5ODVmY2IwNSIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsInJhdCI6MTY1OTUxNjQ2Mywic19oYXNoIjoiYU5jQTBTU2pUbmpwUUZjTUNwNXpGQSIsInN1YiI6InRlc3R1c2VyIn0.pBT--camZOc-LWya26-5Q08RncZ8LqeFKT5CIcKCJKAqB-7Zv4FA6wSwaUElLONhfFPMAHODtrG_7_5JXRxSsX7Ud_86IEiNUVr_9fOXTm-eaWNWcXg53GOPdea3z4i7cAlYHxvH6poltisfpdnzIVvpUFtbGpY3qB8xi3FzZZziAZASj4EbuNDwU68yBiVe9ezI4zkK8aNw_KmujOCk3p9ZPtKBrhwdrZPZ_3ASN_52Nmxp7XTvlp7d8XChWBGXUWWPC_7E_eVJTSpaJK94UoDBT900qp9qW6HcbtL2cGklwMrhi5ICkgs3_4P1ES-HbUY8WWDus2IOvSxGZ3bw7Q

2022-08-03 08:47:55

(1) More

SUCCESS

ValidateIdTokenSignatureUsingKid

id_token signature validated

id_token

eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYTI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiYXVkIjpbImNsaWVudDA0cHdrIl0sImF1dGhfdGltZSI6MTY1OTUxNTY3OSwiY19oYXNoIjoiOXVjTXZnSl9tN3lhcnFTU00xemI5dyIsImV4cCI6MTY1OTUyMDA3MywiaWF0IjoxNjU5NTE2NDczLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjg3NDMvb2F1dGgyLyIsImp0aSI6IjQzOGM2Y2E1LWUzYmYtNDU0YS04ZGYwLTQ1YmQ5ODVmY2IwNSIsIm5vbmNlIjoiaWtUdVBGVDJTOCIsInJhdCI6MTY1OTUxNjQ2Mywic19oYXNoIjoiYU5jQTBTU2pUbmpwUUZjTUNwNXpGQSIsInN1YiI6InRlc3R1c2VyIn0.pBT--camZOc-LWya26-5Q08RncZ8LqeFKT5CIcKCJKAqB-7Zv4FA6wSwaUElLONhfFPMAHODtrG_7_5JXRxSsX7Ud_86IEiNUVr_9fOXTm-eaWNWcXg53GOPdea3z4i7cAlYHxvH6poltisfpdnzIVvpUFtbGpY3qB8xi3FzZZziAZASj4EbuNDwU68yBiVe9ezI4zkK8aNw_KmujOCk3p9ZPtKBrhwdrZPZ_3ASN_52Nmxp7XTvlp7d8XChWBGXUWWPC_7E_eVJTSpaJK94UoDBT900qp9qW6HcbtL2cGklwMrhi5ICkgs3_4P1ES-HbUY8WWDus2IOvSxGZ3bw7Q

2022-08-03 08:47:55

(1) More

SUCCESS

OIDCC-2

CheckForSubjectInIdToken

Found 'sub' in id_token

sub

testuser

2022-08-03 08:47:55		EnsureIdTokenUpdatedAtValid id_token response does not contain 'updated_at'

2022-08-03 08:47:55

(3) More

INFO

OIDCC-10.2 OIDC-10.2.1

ValidateEncryptedIdTokenHasKid

Skipped evaluation due to missing required element: id_token jwe_header

path	jwe_header
mapped
object	id_token

2022-08-03 08:47:55

(1) More

SUCCESS

OIDCC-10.1

EnsureIdTokenContainsKid

kid was found in the ID token header

kid

rsa256

2022-08-03 08:47:55

(2) More

SUCCESS

FAPI1-ADV-8.6

FAPIValidateIdTokenSigningAlg

id_token was signed with a permitted algorithm

permitted	[ "ES256", "PS256" ]
alg	PS256

2022-08-03 08:47:55

(3) More

INFO

FAPI1-ADV-8.6.1-1

FAPIValidateIdTokenEncryptionAlg

Skipped evaluation due to missing required element: id_token jwe_header

path	jwe_header
mapped
object	id_token

2022-08-03 08:47:55

(2) More

SUCCESS

FAPI1-ADV-5.2.2.1-5

ExtractSHash

Extracted s_hash from ID Token

s_hash	aNcA0SSjTnjpQFcMCp5zFA
alg	PS256

2022-08-03 08:47:55

(3) More

SUCCESS

FAPI1-ADV-5.2.2.1-5

ValidateSHash

s_hash validated successfully

expected_hash	aNcA0SSjTnjpQFcMCp5zFA
unhashed_value	MYpm04G0M0
id_token_hash	aNcA0SSjTnjpQFcMCp5zFA

2022-08-03 08:47:55

(2) More

SUCCESS

OIDCC-3.3.2.11

ExtractCHash

Extracted c_hash from ID Token

c_hash	9ucMvgJ_m7yarqSSM1zb9w
alg	PS256

2022-08-03 08:47:55

(3) More

SUCCESS

OIDCC-3.3.2.11

ValidateCHash

c_hash validated successfully

expected_hash	9ucMvgJ_m7yarqSSM1zb9w
unhashed_value	NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A
id_token_hash	9ucMvgJ_m7yarqSSM1zb9w

2022-08-03 08:47:55

(3) More

SUCCESS

CreateTokenEndpointRequestForAuthorizationCodeGrant

Created token endpoint request

grant_type

authorization_code

code

NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A

redirect_uri

https://www.certification.openid.net/test/a/ISVAOP_ZY/callback

2022-08-03 08:47:55

(6) More

SUCCESS

CreateClientAuthenticationAssertionClaims

Created client assertion claims

iss	client04pwk
sub	client04pwk
aud	https://isamfed.com:8743/oauth2/token
jti	ZnW9C5pIf9MmCjkoAYkF
iat	1659516475
exp	1659516535

2022-08-03 08:47:55

(6) More

SUCCESS

AddExpIs5MinutesInPastToClientAssertionClaims

Added 'exp' is 5 minutes in the past to client_assertion_claims

iss	client04pwk
sub	client04pwk
aud	https://isamfed.com:8743/oauth2/token
jti	ZnW9C5pIf9MmCjkoAYkF
iat	1659516475
exp	1659516175

2022-08-03 08:47:55

(1) More

SUCCESS

SignClientAuthenticationAssertion

Signed the client assertion

client_assertion

eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJjbGllbnQwNHB3ayIsImF1ZCI6Imh0dHBzOlwvXC9pc2FtZmVkLmNvbTo4NzQzXC9vYXV0aDJcL3Rva2VuIiwiaXNzIjoiY2xpZW50MDRwd2siLCJleHAiOjE2NTk1MTYxNzUsImlhdCI6MTY1OTUxNjQ3NSwianRpIjoiWm5XOUM1cElmOU1tQ2prb0FZa0YifQ.Towf6jCHOCqhUTq0luUafCEjirFltmUxTZki_E8XYtBTROys0Tt1LzwLGDO6HkKqmRcWWvuusEmd-yXRnrVD9_bE2bmiVAs8ZMNVg9SDAQ5EbzAD7iHr0lX7f9xciLragztapH5LO6OMDLawCnSdcFzbcli9V-ziMq4VB7wUxboTwJVn9xwkjLfI8R6SkB9oIAerh_y3LSWaGxWLfVyo8y9I3lTyf8CYK5XAdhSOqqK3gYmU4pdVKPQ11TnZA1-KgdDv8p7C4wCG0mrq6-ZeIvYJFTtmRuzBWoHNXzt265W9jp5eQ1cRR_ZvjskSMI7IwS9eHCu1EiGlobklh23u7Q

2022-08-03 08:47:55

(5) More

AddClientAssertionToTokenEndpointRequest

Added client assertion

grant_type	authorization_code
code	NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP_ZY/callback
client_assertion	eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJjbGllbnQwNHB3ayIsImF1ZCI6Imh0dHBzOlwvXC9pc2FtZmVkLmNvbTo4NzQzXC9vYXV0aDJcL3Rva2VuIiwiaXNzIjoiY2xpZW50MDRwd2siLCJleHAiOjE2NTk1MTYxNzUsImlhdCI6MTY1OTUxNjQ3NSwianRpIjoiWm5XOUM1cElmOU1tQ2prb0FZa0YifQ.Towf6jCHOCqhUTq0luUafCEjirFltmUxTZki_E8XYtBTROys0Tt1LzwLGDO6HkKqmRcWWvuusEmd-yXRnrVD9_bE2bmiVAs8ZMNVg9SDAQ5EbzAD7iHr0lX7f9xciLragztapH5LO6OMDLawCnSdcFzbcli9V-ziMq4VB7wUxboTwJVn9xwkjLfI8R6SkB9oIAerh_y3LSWaGxWLfVyo8y9I3lTyf8CYK5XAdhSOqqK3gYmU4pdVKPQ11TnZA1-KgdDv8p7C4wCG0mrq6-ZeIvYJFTtmRuzBWoHNXzt265W9jp5eQ1cRR_ZvjskSMI7IwS9eHCu1EiGlobklh23u7Q
client_assertion_type	urn:ietf:params:oauth:client-assertion-type:jwt-bearer

2022-08-03 08:47:55

(6) More

AddCodeVerifierToTokenEndpointRequest

grant_type	authorization_code
code	NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP_ZY/callback
client_assertion	eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJjbGllbnQwNHB3ayIsImF1ZCI6Imh0dHBzOlwvXC9pc2FtZmVkLmNvbTo4NzQzXC9vYXV0aDJcL3Rva2VuIiwiaXNzIjoiY2xpZW50MDRwd2siLCJleHAiOjE2NTk1MTYxNzUsImlhdCI6MTY1OTUxNjQ3NSwianRpIjoiWm5XOUM1cElmOU1tQ2prb0FZa0YifQ.Towf6jCHOCqhUTq0luUafCEjirFltmUxTZki_E8XYtBTROys0Tt1LzwLGDO6HkKqmRcWWvuusEmd-yXRnrVD9_bE2bmiVAs8ZMNVg9SDAQ5EbzAD7iHr0lX7f9xciLragztapH5LO6OMDLawCnSdcFzbcli9V-ziMq4VB7wUxboTwJVn9xwkjLfI8R6SkB9oIAerh_y3LSWaGxWLfVyo8y9I3lTyf8CYK5XAdhSOqqK3gYmU4pdVKPQ11TnZA1-KgdDv8p7C4wCG0mrq6-ZeIvYJFTtmRuzBWoHNXzt265W9jp5eQ1cRR_ZvjskSMI7IwS9eHCu1EiGlobklh23u7Q
client_assertion_type	urn:ietf:params:oauth:client-assertion-type:jwt-bearer
code_verifier	GJuHAhNS0qqoKz68-4sD73WHjGg8C5XhVimcQyCrmfjHjKD0SApu8-piLhpbdCD6TR99.pUOvPhJoXCORozojQ.H0ndoZ7e2Rr0k72~0OqGa.nt4WJxlUKgI1keeTu5z

2022-08-03 08:47:55

(5) More

CallTokenEndpointAndReturnFullResponse

HTTP request

request_uri	https://isamfed.com:8743/oauth2/token
request_method	POST
request_headers	{ "accept": "application/json", "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8", "content-length": "1107" }
request_body	grant_type=authorization_code&code=NFP90JvvIyy6_hRqWGAt8ml-upi63rmKM6ovageYioY.c4DPkYKI5Bhs0uL5-JmXl1wg0AEgUDIKI_HhARj_jHxjoG2nQTBiCHKAsBEi0w1atUtPXvD-RtpZ18jJNKD_9A&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2FISVAOP_ZY%2Fcallback&client_assertion=eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJjbGllbnQwNHB3ayIsImF1ZCI6Imh0dHBzOlwvXC9pc2FtZmVkLmNvbTo4NzQzXC9vYXV0aDJcL3Rva2VuIiwiaXNzIjoiY2xpZW50MDRwd2siLCJleHAiOjE2NTk1MTYxNzUsImlhdCI6MTY1OTUxNjQ3NSwianRpIjoiWm5XOUM1cElmOU1tQ2prb0FZa0YifQ.Towf6jCHOCqhUTq0luUafCEjirFltmUxTZki_E8XYtBTROys0Tt1LzwLGDO6HkKqmRcWWvuusEmd-yXRnrVD9_bE2bmiVAs8ZMNVg9SDAQ5EbzAD7iHr0lX7f9xciLragztapH5LO6OMDLawCnSdcFzbcli9V-ziMq4VB7wUxboTwJVn9xwkjLfI8R6SkB9oIAerh_y3LSWaGxWLfVyo8y9I3lTyf8CYK5XAdhSOqqK3gYmU4pdVKPQ11TnZA1-KgdDv8p7C4wCG0mrq6-ZeIvYJFTtmRuzBWoHNXzt265W9jp5eQ1cRR_ZvjskSMI7IwS9eHCu1EiGlobklh23u7Q&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&code_verifier=GJuHAhNS0qqoKz68-4sD73WHjGg8C5XhVimcQyCrmfjHjKD0SApu8-piLhpbdCD6TR99.pUOvPhJoXCORozojQ.H0ndoZ7e2Rr0k72%7E0OqGa.nt4WJxlUKgI1keeTu5z
request_mutual_tls	{ "cert": "MIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1owazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjijZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFKoPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4flhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA\u003d\u003d", "key": "MIIEpAIBAAKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABAoIBAEOmr/MnPlWdb41vtTyC9q5XB6sB6JR3fABUARhHj6MMTzWGZU9k2TE4TVWm0xiDPSXAwVADrWnJePlZq0RdRd3MX9iO5daQPZnAEX3Iin9t44jHrZSmClEH6D4b0ur5osgLnMx2R/I3L+lPJfrd/fjpt1lMxjAHCz7Jb7INTnLMjBl8Lji9witoeQseo2+SRLanNckCw9t2/WkqlpyTUnVg6icB9QLAh0ASE/zlMdFMYlo1llfxToRpZKQuE0zTXtvMqfkutqSUb8hLSBTYuMHOh8aycMB//JgiAMwrHVSVcRn2oMqnk5vm08i/sLK8TT8AGAf8Evn0GJJ88kKHvqECgYEA2Xnd/4+98ZiEnLbkgRPVX7pWVa2ZqCAZ4Cf75cv+IlQ3crJniX0IEOpFS71fF8/Ei7DIAELe9zeopQvkUdfzMlC7Rg5AuhJzRIL+FaUFlLJOMz+S7eqiLeabclYGIbZrX+n8Xic01oQxRipgV1XMKj+D3MROUoRCWNMS1Xqghe0CgYEAxQbFsTjipyvk6ZvrpucqAZ1IVIGiVELGMlUEGmyJ8CgXd3gwmU88RahmwBes0GNzm5hws9J+C/S/zt6gu1pP1g/lEpx4/yxg6MZk8AQEk3VG63Tg2rEzjEIQsz0fTXbO1AVSJvEuReB8VCgQEKNYMxrqdHXvpSFHOhQLbvebODkCgYEAgK7e0IjCkQF5fq2t+j69JD7DNUFayaPtC7k9EVWqk6+Xe7PbFfy42CF3TYDJkvJqz2mUfqsS+d+iV774pAEPM3eXyLVIUZH3SNPl+vLBoaH8KdD1ZPhQbK6mznneePZTBNcUcLXsSv6/lVAf362x+FHK+cfivGrsQ1jqLQ25jGUCgYBVrLY2dDgK3YlzE/wK3aZkgVI8fQprfYXVySY5n0z0A1sA9mCbqdrZp3rWuPTKwRQ6arVHXJa2+DyX5jMahREGUm8YAraSr2eMkQi/Xd/nhy3JoU9NiZSSvv+oEUIVWz5g79djW6j1dcJajfk+Yuktf9zHu6jzs17XoHPAUydJ8QKBgQCreujKz7G5EEXkwdEqFFolM9A8ZMB2k3t6FaM4P/lEUs+nFkxYz2+rxI4HMCE0UOCw58ukQjNmXJhumAAB0HIC28gFVuk8FXPRI46ZRQ4uuqQcSCr3/0yPSrJe3uU+IC74iHff9XHmwiHwcpmgsDclyg4Ga5eCf1XNKmZLtu/4Xg\u003d\u003d", "ca": "MIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1owazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjijZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFKoPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4flhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA\u003d\u003d" }

2022-08-03 08:47:56

(4) More

RESPONSE

CallTokenEndpointAndReturnFullResponse

HTTP response

response_status_code	401 UNAUTHORIZED
response_status_text	Unauthorized
response_headers	{ "content-length": "104", "content-type": "application/json;charset\u003dUTF-8", "date": "Wed, 03 Aug 2022 08:47:56 GMT", "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"", "cache-control": "no-store", "x-correlation-id": "CORR_ID-9c7098bc-33eb-46dc-a35a-9e819ac2e7b0", "strict-transport-security": "max-age\u003d31536000; includeSubDomains", "pragma": "no-cache", "set-cookie": "PD-S-SESSION-ID\u003d1_2_1_xD7zcut-Pyys1hEk3PbXDx-s5toe0Gg4ACkFBJ9kcIdAYNaL; Path\u003d/; Secure; HttpOnly" }
response_body	{"error":"invalid_client","error_description":"Invalid claims in the client_assertion Token is expired"}

2022-08-03 08:47:56

(2) More

SUCCESS

FAPI1-BASE-5.2.2-19

CallTokenEndpointAndReturnFullResponse

Parsed token endpoint response

error	invalid_client
error_description	Invalid claims in the client_assertion Token is expired

2022-08-03 08:47:56	SUCCESS OIDCC-3.1.3.4	CheckTokenEndpointReturnedJsonContentType token_endpoint_response_headers Content-Type: header is application/json

2022-08-03 08:47:56

(1) More

SUCCESS

RFC6749-5.2

ValidateErrorFromTokenEndpointResponseError

Token endpoint response error returned valid 'error' field

error

invalid_client

2022-08-03 08:47:56

(1) More

SUCCESS

RFC6749-5.2

CheckErrorDescriptionFromTokenEndpointResponseErrorContainsCRLFTAB

token_endpoint_response 'error_description' field does not include CR/LF/TAB

error_description

Invalid claims in the client_assertion Token is expired

2022-08-03 08:47:56

(1) More

SUCCESS

RFC6749-5.2

ValidateErrorDescriptionFromTokenEndpointResponseError

token_endpoint_response error returned valid 'error_description' field

error_description

Invalid claims in the client_assertion Token is expired

2022-08-03 08:47:56	SUCCESS RFC6749-5.2	ValidateErrorUriFromTokenEndpointResponseError token_endpoint_response did not include optional 'error_uri' field

2022-08-03 08:47:56	SUCCESS RFC6749-5.2	CheckTokenEndpointHttpStatusIs400Allowing401ForInvalidClientError Token endpoint http status code was 401 for error 'invalid_client'

2022-08-03 08:47:56

(1) More

SUCCESS

RFC6749-5.2

CheckErrorFromTokenEndpointResponseErrorInvalidClientOrInvalidRequest

Token Endpoint response error returned expected 'error' of 'invalid_client'

expected

[
  "invalid_request",
  "invalid_client"
]

2022-08-03 08:47:56

(1) More

FINISHED

fapi1-advanced-final-ensure-client-assertion-with-exp-is-5-minutes-in-past-fails

Test has run to completion

testmodule_result

PASSED

2022-08-03 08:48:03

(2) More

TEST-RUNNER

Alias has now been claimed by another test

alias	ISVAOP_ZY
new_test_id	WzGAdRYy6K5iQkX

Test Summary

Test Results