Test Name | fapi1-advanced-final-ensure-mtls-holder-of-key-required |
---|---|
Variant | client_auth_type=mtls, fapi_auth_request_method=by_value, fapi_profile=openinsurance_brazil, fapi_response_mode=jarm |
Test ID | bdBmuyyt5a2it9A https://www.certification.openid.net/log-detail.html?public=true&log=bdBmuyyt5a2it9A |
Created | 2022-11-29T19:12:00.912373Z |
Description | FAPI profile test for MTLS with JARM and MTLS with PAR and JARM for Authlete |
Test Version | 5.0.7 |
Test Owner | 112001109630010514250 https://accounts.google.com |
Plan ID | WsLd1jXsRNkcp https://www.certification.openid.net/plan-detail.html?public=true&plan=WsLd1jXsRNkcp |
Exported From | https://www.certification.openid.net |
Exported By | 112001109630010514250 https://accounts.google.com |
Suite Version | 5.0.7 |
Exported | 2022-11-30 11:30:33 (UTC) |
Status: FINISHED Result: WARNING |
SUCCESS 105 FAILURE 0 WARNING 1 REVIEW 0 INFO 42 |
2022-11-29 19:12:00 |
INFO
|
TEST-RUNNER
Test instance bdBmuyyt5a2it9A created
|
||||||||||||||
|
2022-11-29 19:12:00 |
SUCCESS
|
CreateRedirectUri
Created redirect URI
|
||
|
2022-11-29 19:12:00 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2022-11-29 19:12:01 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2022-11-29 19:12:01 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2022-11-29 19:12:01 | SUCCESS |
AddMTLSEndpointAliasesToEnvironment
Added mtls_endpoint_aliases to environment
|
|
2022-11-29 19:12:01 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2022-11-29 19:12:01 |
|
FetchServerKeys
Fetching server key
|
||
|
2022-11-29 19:12:01 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2022-11-29 19:12:01 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2022-11-29 19:12:01 |
|
FetchServerKeys
Found JWK set string
|
||
|
2022-11-29 19:12:01 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2022-11-29 19:12:01 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2022-11-29 19:12:01 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2022-11-29 19:12:01 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2022-11-29 19:12:01 | SUCCESS |
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2022-11-29 19:12:01 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2022-11-29 19:12:01 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||||
|
2022-11-29 19:12:01 |
SUCCESS
|
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
|
|
2022-11-29 19:12:01 |
SUCCESS
|
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
|
||||||
|
2022-11-29 19:12:01 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2022-11-29 19:12:01 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2022-11-29 19:12:01 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2022-11-29 19:12:01 | SUCCESS |
FAPIBrazilCheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
|
||
|
2022-11-29 19:12:01 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2022-11-29 19:12:01 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
Verify configuration of second client |
2022-11-29 19:12:01 |
SUCCESS
|
GetStaticClient2Configuration
Found a static second client object
|
||||||
|
2022-11-29 19:12:01 |
SUCCESS
|
ValidateMTLSCertificates2Header
MTLS certificates header is valid
|
|
2022-11-29 19:12:01 |
SUCCESS
|
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
|
||||||
|
2022-11-29 19:12:01 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2022-11-29 19:12:01 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2022-11-29 19:12:01 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2022-11-29 19:12:01 | SUCCESS |
FAPIBrazilCheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
|
||
|
2022-11-29 19:12:01 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2022-11-29 19:12:01 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
2022-11-29 19:12:01 |
SUCCESS
|
ValidateClientPrivateKeysAreDifferent
Client signing JWKs have different thumbprints
|
||||
|
2022-11-29 19:12:01 |
SUCCESS
|
GetResourceEndpointConfiguration
Found a resource endpoint object
|
||||||||||||||
|
2022-11-29 19:12:01 |
SUCCESS
|
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
|
||
|
2022-11-29 19:12:01 |
SUCCESS
|
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
|
||
|
2022-11-29 19:12:01 |
SUCCESS
|
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
|
||||
|
2022-11-29 19:12:01 |
|
fapi1-advanced-final-ensure-mtls-holder-of-key-required
Setup Done
|
|
2022-11-29 19:12:01 |
SUCCESS
|
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
|
||||||||
|
Authorization endpoint TLS test |
2022-11-29 19:12:01 | SUCCESS |
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowTLS10
Server refused TLS 1.0 handshake
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowTLS11
Server refused TLS 1.1 handshake
|
||||
|
Token Endpoint TLS test |
2022-11-29 19:12:01 | SUCCESS |
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowTLS10
Server refused TLS 1.0 handshake
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowTLS11
Server refused TLS 1.1 handshake
|
||||
|
2022-11-29 19:12:01 |
|
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
|
||||
|
Userinfo Endpoint TLS test |
2022-11-29 19:12:01 | SUCCESS |
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowTLS10
Server refused TLS 1.0 handshake
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowTLS11
Server refused TLS 1.1 handshake
|
||||
|
2022-11-29 19:12:01 |
|
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
|
||||
|
Registration Endpoint TLS test |
2022-11-29 19:12:01 | SUCCESS |
EnsureTLS12WithFAPICiphers
Server agreed to TLS 1.2
|
||||
|
2022-11-29 19:12:01 | SUCCESS |
DisallowTLS10
Server refused TLS 1.0 handshake
|
||||
|
2022-11-29 19:12:02 | SUCCESS |
DisallowTLS11
Server refused TLS 1.1 handshake
|
||||
|
2022-11-29 19:12:02 |
|
DisallowInsecureCipher
Trying to connect with a non-permitted cipher (this is not exhaustive: check the server configuration manually to verify conformance)
|
||||
|
2022-11-29 19:12:02 | SUCCESS |
DisallowInsecureCipher
The TLS handshake was rejected when trying to connect with disallowed ciphers.
|
||||
|
Use client_credentials grant to obtain Brazil consent |
2022-11-29 19:12:02 |
SUCCESS
|
CreateTokenEndpointRequestForClientCredentialsGrant
Created token endpoint request
|
||||
|
2022-11-29 19:12:02 |
SUCCESS
|
SetConsentsScopeOnTokenEndpointRequest
Set scope parameter to 'consents'
|
||||
|
2022-11-29 19:12:02 |
|
AddClientIdToTokenEndpointRequest
|
||||||
|
2022-11-29 19:12:02 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2022-11-29 19:12:02 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-11-29 19:12:02 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||
|
2022-11-29 19:12:02 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-11-29 19:12:02 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2022-11-29 19:12:02 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-11-29 19:12:02 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-11-29 19:12:02 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-11-29 19:12:02 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2022-11-29 19:12:02 |
SUCCESS
|
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2022-11-29 19:12:02 |
SUCCESS
|
FAPIBrazilOpenInsuranceCreateConsentRequest
|
||
|
2022-11-29 19:12:02 |
SUCCESS
|
FAPIBrazilExtractClientMTLSCertificateSubject
Extracted subject from MTLS certificate
|
||||||||
|
2022-11-29 19:12:02 |
|
FAPIBrazilOpenInsuranceVerifyCertificateSubjectOrganizationIdentifier
Certificate organization identifier field contains expected OPIBR
|
||||
|
2022-11-29 19:12:02 |
SUCCESS
|
FAPIBrazilAddExpirationToConsentRequest
Added expiration time to consent request
|
||
|
2022-11-29 19:12:02 |
|
CallConsentEndpointWithBearerToken
HTTP request
|
||||||||||
|
2022-11-29 19:12:02 |
RESPONSE
|
CallConsentEndpointWithBearerToken
HTTP response
|
||||||||
|
2022-11-29 19:12:02 |
SUCCESS
|
CallConsentEndpointWithBearerToken
Got a response from the consent endpoint
|
||||||||||
|
2022-11-29 19:12:02 |
SUCCESS
|
EnsureHttpStatusCodeIs201
resource endpoint returned the expected http status
|
||||
|
2022-11-29 19:12:02 |
SUCCESS
|
EnsureContentTypeJson
endpoint_response Content-Type: header is application/json
|
|
2022-11-29 19:12:02 |
SUCCESS
|
FAPIBrazilConsentEndpointResponseValidatePermissions
Consent endpoint response contains expected permissions
|
||||
|
2022-11-29 19:12:02 |
SUCCESS
|
ExtractConsentIdFromConsentEndpointResponse
Extracted the consent id
|
||
|
2022-11-29 19:12:02 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2022-11-29 19:12:02 |
SUCCESS
|
FAPIBrazilAddConsentIdToClientScope
Added scope of 'openid consents customers consent:uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j' to client's scope
|
||||||||
|
Make request to authorization endpoint |
2022-11-29 19:12:02 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2022-11-29 19:12:02 |
|
CreateRandomStateValue
Created state value
|
||||
|
2022-11-29 19:12:02 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||
|
2022-11-29 19:12:02 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2022-11-29 19:12:02 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||
|
2022-11-29 19:12:02 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
|
||||||||||||
|
2022-11-29 19:12:02 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
|
||||||||||||||
|
2022-11-29 19:12:02 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2022-11-29 19:12:02 | SUCCESS |
AddNbfToRequestObject
Added nbf to request object claims
|
||
|
2022-11-29 19:12:02 | SUCCESS |
AddExpToRequestObject
Added exp to request object claims
|
||
|
2022-11-29 19:12:02 | SUCCESS |
AddAudToRequestObject
Added aud to request object claims
|
||
|
2022-11-29 19:12:02 | SUCCESS |
AddIssToRequestObject
Added iss to request object claims
|
||
|
2022-11-29 19:12:02 | SUCCESS |
AddClientIdToRequestObject
Added client_id to request object claims
|
||
|
2022-11-29 19:12:02 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2022-11-29 19:12:02 |
|
FAPIBrazilEncryptRequestObject
Encrypted the request object
|
||||||
|
2022-11-29 19:12:02 |
SUCCESS
|
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2022-11-29 19:12:02 |
REDIRECT
|
fapi1-advanced-final-ensure-mtls-holder-of-key-required
Redirecting to authorization endpoint
|
||
|
2022-11-29 19:12:02 |
|
WebRunner
Scripted browser HTTP request
|
||||||
|
2022-11-29 19:12:02 |
INFO
|
WebRunner
Request GET https://opin.authlete.app:8081/as/authorize?request=eyJraWQiOiJlbmMxIiwiY3R5IjoiSldUIiwiZW5jIjoiQTI1NkdDTSIsImFsZyI6IlJTQS1PQUVQIn0.HOJaaCSekSjr6Z4my_32n1qzMcKDeaSrsWNAirwrJrzTuEdFyOhnbrJXnkM_Hd7SVzARqs8lwLfV9lgMXNQ3uDlB1xu8nBp5dtQP2q3NvHW0kWJtGAiAccoqnXn6fs7Hn5ecqcTEsJom-XS1C9AxRuzhwx9tUH1-rCx3ZJnKIlkl-er-N_ATdz38HtuoRFUEmszVnBv3lImC6S0Bhrmk8GZj-QD7YBe-lT3TWR2wXebr31T_VpN43ye8W3NGN9HOtTpZjrmei5xTEtj9KgowbOIswIsfgJDwyrlnsm_IiyFH5yc82xgM2TNkjZ3c6jZvf8NSDnfn3YNk8i46Py8y_A.QfifJmIBlD09eqrJ.ehKkRH6OvVMNWFqga6HfMvOhM2u0mc6OglJ8a39v5GPMMfItuuJ4zfw0yKh0Ju80YHDC4_pERy90Dya6EFPZJrklS0o59OyI_F_QEHdSwvF4k3RrC1hoZ-dFvQnJLKVJUlvd1rZhXBfQ-ZP4R-O2lPLgmFBQqTvyL-TBW4YBIjlKV6RW11_ONI5AH9OLWTNTebJLeCasI5hsFmZR_dzOQvOZuE8bTVsIU2N1wBTU_hUR7wIlrk6cXiWLnIE0ONj-aQujrPo4TowPlucIYW7e0xNq142nRk6pK0rTpQctjkWbQ4OQSOFnSuoTdwzmRsjCPE2x0lkuIYVSAsvx3AUA3cnYz5l0GY4MpYghFkuHTkU6yIhTxdFl_nt_iLs9NHWI-xtneShAS9oi81KSWsinbcsZCtECqcG9HvJQXLzz6r8p74cEaVX5G0mnKemUfxs1-rY1LGKJF_tyS6-CNEpWo1HiuPReQr06D6KjoLqBxAS2MY3TF8spFcQCHopWSG5y6ty-zL8M7HiuBmYnKZ4sixNQBvIXK_fWd1sXrakAvfUp9hq86UFB2xJWw-SFSO8RvyRlPZOoHErzuLJ8pYm7z5gVf16rSXn8ESaeFhKAl1vT0M8HUi_CYaWbKWFz9XJjOFEyMxFGe8wDNEglNl--TYyfW4zEF9WZTPF94CxnndvkW5CmWC3VCKt68qlZyLf2Ue4TRCTz3zxM3rrCSbEZqbNbG_sEdm5frPiI_ckmBequeUjRnRyO6pB-WVs4vY89YFuGC1u1CjzMLDacN2dmi741kxTHASIhNslMCJgD8gyom-zTcUdMlqeNqMcmaT_LPBInS8g-JdooLTYrTFWEzl-RcswY7RwcFlhcShCSMiHEm24DiDA1CMmdZGK8DIorNbhqQcEupR47cvNdioL74lIUchH6V5-3y9W7IdHEJ9P9dn2oLEOzjHPQYcO9qfpMrYaq0u-YYX7uPy6BJJdFREyP8P0sP7m_AfmENxVo_g1BXuZ3aAuyQ1tMz-tWhCrqE92KZyj0afPC5NsK9yyZRsRFD1eMuEn54jwHlCA051ThoYVa-eM-IxVe_9pj3BKsHaE6cKBA5ccDR3_8kLAoIIrJc7VfpQBDYlrjACbdkCTMh_Wydlb-cUw4kyRbS3UuG5Nm1shc-3Uo6XTFS_vFCLpumYvt5llieEJQNgUkTXZDTKuqpwgcQxDEzs7aCwkYRInhgryOzumP0NPE_7gZw7Tv-kqhReURlDL3wegaejO2HnBa-KctXEY2uzat2Wr1q9NwYymxP49TNmZvzFf1cpjdJkg.m9bMmz4wyxOe0n2sEFRwdw&client_id=6835815855731428&redirect_uri=https://www.certification.openid.net/test/a/oidf-obbsb/callback&scope=openid%20consents%20customers%20consent:uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j&response_type=code
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 301 Moved Permanently GET https://opin.authlete.app:8081/as/authorize?request=eyJraWQiOiJlbmMxIiwiY3R5IjoiSldUIiwiZW5jIjoiQTI1NkdDTSIsImFsZyI6IlJTQS1PQUVQIn0.HOJaaCSekSjr6Z4my_32n1qzMcKDeaSrsWNAirwrJrzTuEdFyOhnbrJXnkM_Hd7SVzARqs8lwLfV9lgMXNQ3uDlB1xu8nBp5dtQP2q3NvHW0kWJtGAiAccoqnXn6fs7Hn5ecqcTEsJom-XS1C9AxRuzhwx9tUH1-rCx3ZJnKIlkl-er-N_ATdz38HtuoRFUEmszVnBv3lImC6S0Bhrmk8GZj-QD7YBe-lT3TWR2wXebr31T_VpN43ye8W3NGN9HOtTpZjrmei5xTEtj9KgowbOIswIsfgJDwyrlnsm_IiyFH5yc82xgM2TNkjZ3c6jZvf8NSDnfn3YNk8i46Py8y_A.QfifJmIBlD09eqrJ.ehKkRH6OvVMNWFqga6HfMvOhM2u0mc6OglJ8a39v5GPMMfItuuJ4zfw0yKh0Ju80YHDC4_pERy90Dya6EFPZJrklS0o59OyI_F_QEHdSwvF4k3RrC1hoZ-dFvQnJLKVJUlvd1rZhXBfQ-ZP4R-O2lPLgmFBQqTvyL-TBW4YBIjlKV6RW11_ONI5AH9OLWTNTebJLeCasI5hsFmZR_dzOQvOZuE8bTVsIU2N1wBTU_hUR7wIlrk6cXiWLnIE0ONj-aQujrPo4TowPlucIYW7e0xNq142nRk6pK0rTpQctjkWbQ4OQSOFnSuoTdwzmRsjCPE2x0lkuIYVSAsvx3AUA3cnYz5l0GY4MpYghFkuHTkU6yIhTxdFl_nt_iLs9NHWI-xtneShAS9oi81KSWsinbcsZCtECqcG9HvJQXLzz6r8p74cEaVX5G0mnKemUfxs1-rY1LGKJF_tyS6-CNEpWo1HiuPReQr06D6KjoLqBxAS2MY3TF8spFcQCHopWSG5y6ty-zL8M7HiuBmYnKZ4sixNQBvIXK_fWd1sXrakAvfUp9hq86UFB2xJWw-SFSO8RvyRlPZOoHErzuLJ8pYm7z5gVf16rSXn8ESaeFhKAl1vT0M8HUi_CYaWbKWFz9XJjOFEyMxFGe8wDNEglNl--TYyfW4zEF9WZTPF94CxnndvkW5CmWC3VCKt68qlZyLf2Ue4TRCTz3zxM3rrCSbEZqbNbG_sEdm5frPiI_ckmBequeUjRnRyO6pB-WVs4vY89YFuGC1u1CjzMLDacN2dmi741kxTHASIhNslMCJgD8gyom-zTcUdMlqeNqMcmaT_LPBInS8g-JdooLTYrTFWEzl-RcswY7RwcFlhcShCSMiHEm24DiDA1CMmdZGK8DIorNbhqQcEupR47cvNdioL74lIUchH6V5-3y9W7IdHEJ9P9dn2oLEOzjHPQYcO9qfpMrYaq0u-YYX7uPy6BJJdFREyP8P0sP7m_AfmENxVo_g1BXuZ3aAuyQ1tMz-tWhCrqE92KZyj0afPC5NsK9yyZRsRFD1eMuEn54jwHlCA051ThoYVa-eM-IxVe_9pj3BKsHaE6cKBA5ccDR3_8kLAoIIrJc7VfpQBDYlrjACbdkCTMh_Wydlb-cUw4kyRbS3UuG5Nm1shc-3Uo6XTFS_vFCLpumYvt5llieEJQNgUkTXZDTKuqpwgcQxDEzs7aCwkYRInhgryOzumP0NPE_7gZw7Tv-kqhReURlDL3wegaejO2HnBa-KctXEY2uzat2Wr1q9NwYymxP49TNmZvzFf1cpjdJkg.m9bMmz4wyxOe0n2sEFRwdw&client_id=6835815855731428&redirect_uri=https://www.certification.openid.net/test/a/oidf-obbsb/callback&scope=openid%20consents%20customers%20consent:uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j&response_type=code
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://opin.authlete.app:8081/auth/authenticate?authTicket=uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://opin.authlete.app:8081/auth/authenticate?authTicket=uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://opin.authlete.app:8081/auth/assets/signin.css
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://opin.authlete.app:8081/auth/assets/signin.css
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
|
||||
|
2022-11-29 19:12:03 |
|
BROWSER
Error during JavaScript execution
|
||
|
2022-11-29 19:12:03 |
RESPONSE
|
WebRunner
Scripted browser HTTP response
|
||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Waiting
|
||||||||||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Entering text
|
||||||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Entering text
|
||||||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Clicking an element
|
||||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request POST https://opin.authlete.app:8081/auth/authenticate?authTicket=uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 303 See Other POST https://opin.authlete.app:8081/auth/authenticate?authTicket=uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://opin.authlete.app:8081/ui/open-insurance/consents/v1/consents/authorize/uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j?session=6af2a4a1000532a3d9bd7e424c2a383a0911981f83a60df4d0cb82cdc79b0bc4
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://opin.authlete.app:8081/ui/open-insurance/consents/v1/consents/authorize/uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j?session=6af2a4a1000532a3d9bd7e424c2a383a0911981f83a60df4d0cb82cdc79b0bc4
|
||||
|
2022-11-29 19:12:03 |
|
BROWSER
Error during JavaScript execution
|
||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Completed processing of webpage
|
||||||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Clicking an element
|
||||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request POST https://opin.authlete.app:8081/ui/open-insurance/consents/v1/consents/authorize/uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j?session=6af2a4a1000532a3d9bd7e424c2a383a0911981f83a60df4d0cb82cdc79b0bc4#
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 303 See Other POST https://opin.authlete.app:8081/ui/open-insurance/consents/v1/consents/authorize/uri:authlete:opinconsent:2IEaJFiTgsSZ5nSydTzFn0f5E1j?session=6af2a4a1000532a3d9bd7e424c2a383a0911981f83a60df4d0cb82cdc79b0bc4#
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://www.certification.openid.net/test/a/oidf-obbsb/callback?response=eyJraWQiOiJteElaQWMtOTZoaTRpVVhqdlU2dkRwbnpfSDBaMUJ0T3FDaTVndlNpbE5NIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiI2ODM1ODE1ODU1NzMxNDI4IiwiY29kZSI6ImxqM2ZPcTVmd0RLdy1WVzlETVpXMW5hTUZSLWQ4UXd3Z09tOExhRlE5SUEiLCJpc3MiOiJodHRwczovL29waW4uYXV0aGxldGUuYXBwOjgwODEvYXMvIiwic3RhdGUiOiJSamtWTHBSTlAzIiwiZXhwIjoxNjY5NzQ5MTUzfQ.dNEMMH0PJjCCiRYW8lLJJywT7Je5ATEOGB383wHwsn8R9euNU7h67hUweMKGDs2k2ieEuKU4EJPombUEJlzHuGnZmog_8igN15NBQvKfsXi9D-bGuYoubIdJJYlAqps3L753fxcy_oWbICdRfpMg2XYz3r5HTcOImUOiFcm1CoxgPKD0LHkV98e1KzCNUPOY34fy411fx4cG4nvAjDmnlVZfRtD6_74Yt4cVl9bHJuHjtkvZlmrQf7_xl9a4ECfItq_iFAkZji6w9TNgNDwJu4JTeMpLnHIFsZ_1SjdTmaEQ67jOOZPHoQ3pscFP0eQYszAjVXVpjy6WuKcoJoTVAw
|
||||||
|
2022-11-29 19:12:03 |
INCOMING
|
fapi1-advanced-final-ensure-mtls-holder-of-key-required
Incoming HTTP request to /test/a/oidf-obbsb/callback
|
||||||||||||||||||||||
|
2022-11-29 19:12:03 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2022-11-29 19:12:03 |
OUTGOING
|
fapi1-advanced-final-ensure-mtls-holder-of-key-required
Response to HTTP request to test instance bdBmuyyt5a2it9A
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 GET https://www.certification.openid.net/test/a/oidf-obbsb/callback?response=eyJraWQiOiJteElaQWMtOTZoaTRpVVhqdlU2dkRwbnpfSDBaMUJ0T3FDaTVndlNpbE5NIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiI2ODM1ODE1ODU1NzMxNDI4IiwiY29kZSI6ImxqM2ZPcTVmd0RLdy1WVzlETVpXMW5hTUZSLWQ4UXd3Z09tOExhRlE5SUEiLCJpc3MiOiJodHRwczovL29waW4uYXV0aGxldGUuYXBwOjgwODEvYXMvIiwic3RhdGUiOiJSamtWTHBSTlAzIiwiZXhwIjoxNjY5NzQ5MTUzfQ.dNEMMH0PJjCCiRYW8lLJJywT7Je5ATEOGB383wHwsn8R9euNU7h67hUweMKGDs2k2ieEuKU4EJPombUEJlzHuGnZmog_8igN15NBQvKfsXi9D-bGuYoubIdJJYlAqps3L753fxcy_oWbICdRfpMg2XYz3r5HTcOImUOiFcm1CoxgPKD0LHkV98e1KzCNUPOY34fy411fx4cG4nvAjDmnlVZfRtD6_74Yt4cVl9bHJuHjtkvZlmrQf7_xl9a4ECfItq_iFAkZji6w9TNgNDwJu4JTeMpLnHIFsZ_1SjdTmaEQ67jOOZPHoQ3pscFP0eQYszAjVXVpjy6WuKcoJoTVAw
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://fonts.googleapis.com/css?family=PT+Sans
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://fonts.googleapis.com/css?family=PT+Sans
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://www.certification.openid.net/css/layout.css
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 GET https://www.certification.openid.net/css/layout.css
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request GET https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 200 OK GET https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
|
||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Completed processing of webpage
|
||||||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Request POST https://www.certification.openid.net/test/a/oidf-obbsb/implicit/gVCWjoF7QyVFre65PxJf
|
||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Waiting
|
||||||||||||||||
|
2022-11-29 19:12:03 |
INCOMING
|
fapi1-advanced-final-ensure-mtls-holder-of-key-required
Incoming HTTP request to /test/a/oidf-obbsb/implicit/gVCWjoF7QyVFre65PxJf
|
||||||||||||||||||||||
|
2022-11-29 19:12:03 |
OUTGOING
|
fapi1-advanced-final-ensure-mtls-holder-of-key-required
Response to HTTP request to test instance bdBmuyyt5a2it9A
|
||||||||
|
2022-11-29 19:12:03 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
|
|
2022-11-29 19:12:03 |
REDIRECT-IN
|
fapi1-advanced-final-ensure-mtls-holder-of-key-required
Authorization endpoint response captured
|
||||||||||
|
Verify authorization endpoint response |
2022-11-29 19:12:03 |
INFO
|
WebRunner
Response 204 POST https://www.certification.openid.net/test/a/oidf-obbsb/implicit/gVCWjoF7QyVFre65PxJf
|
||||
|
2022-11-29 19:12:03 | SUCCESS |
ExtractJARMFromURLQuery
Found and parsed the jarm_response from callback_query_params
|
||||||
|
2022-11-29 19:12:03 | SUCCESS |
RejectNonJarmResponsesInUrlQuery
Authorization endpoint response only includes the JARM JWT.
|
|
2022-11-29 19:12:03 |
SUCCESS
|
ExtractAuthorizationEndpointResponseFromJARMResponse
Extracted the authorization response
|
||||||
|
2022-11-29 19:12:03 | SUCCESS |
ValidateJARMResponse
JARM response standard JWT claims are valid
|
|
2022-11-29 19:12:03 |
SUCCESS
|
FAPI1ValidateJarmSigningAlg
JARM response was signed with a permitted algorithm
|
||||
|
2022-11-29 19:12:03 | SUCCESS |
ValidateJARMExpRecommendations
JARM response 'exp' is less than 10 minutes
|
||||
|
2022-11-29 19:12:03 | SUCCESS |
ValidateJARMSignatureUsingKid
jarm_response signature validated
|
||
|
2022-11-29 19:12:03 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2022-11-29 19:12:03 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
|
2022-11-29 19:12:03 | SUCCESS |
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
|
|
2022-11-29 19:12:03 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2022-11-29 19:12:03 |
SUCCESS
|
ValidateSuccessfulJARMResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
|
||||||
|
2022-11-29 19:12:03 | SUCCESS |
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2022-11-29 19:12:03 | SUCCESS |
ValidateIssInAuthorizationResponse
'iss' parameter in authorization response matches server's issuer value.
|
|
2022-11-29 19:12:03 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2022-11-29 19:12:03 | SUCCESS |
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
|
||||
|
2022-11-29 19:12:03 | SUCCESS |
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-29 19:12:03 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
|
||||||
|
2022-11-29 19:12:03 |
|
AddClientIdToTokenEndpointRequest
|
||||||||
|
2022-11-29 19:12:03 |
SUCCESS
|
RemoveMTLSCertificates
Removed mutual TLS authentication credentials
|
|
2022-11-29 19:12:03 |
|
CallTokenEndpointAllowingTLSFailure
HTTP request
|
||||||||
|
2022-11-29 19:12:03 |
INFO
|
WebRunner
Completed processing of webpage
|
||||||||||||
|
2022-11-29 19:12:04 |
RESPONSE
|
CallTokenEndpointAllowingTLSFailure
HTTP response
|
||||||||
|
2022-11-29 19:12:04 |
|
CallTokenEndpointAllowingTLSFailure
token endpoint response parsed but not valid JSON
|
|
2022-11-29 19:12:04 | SUCCESS |
CheckTokenEndpointHttpStatus400or401
Token endpoint http status code was 401
|
|
2022-11-29 19:12:04 | WARNING |
CheckTokenEndpointReturnedJsonContentType
Invalid content-type header in token_endpoint_response_headers
|
||||
|
2022-11-29 19:12:04 |
FINISHED
|
fapi1-advanced-final-ensure-mtls-holder-of-key-required
Test has run to completion
|
||
|
2022-11-29 19:12:06 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|