Test detail

Test Name	fapi1-advanced-final-user-rejects-authentication
Variant	client_auth_type=mtls, fapi_auth_request_method=pushed, fapi_profile=plain_fapi, fapi_response_mode=jarm
Test ID	hs79r6927Xu1PoH https://www.certification.openid.net/log-detail.html?public=true&log=hs79r6927Xu1PoH
Created	2022-11-17T06:56:04.086808Z
Description
Test Version	5.0.7
Test Owner	11547427 https://gitlab.com
Plan ID	MSTOCQmfu1DvE https://www.certification.openid.net/plan-detail.html?public=true&plan=MSTOCQmfu1DvE
Exported From	https://www.certification.openid.net
Exported By	11547427 https://gitlab.com
Suite Version	5.0.7
Exported	2022-11-17 08:40:08 (UTC)

2022-11-17 06:56:04

(7) More

INFO

TEST-RUNNER

Test instance hs79r6927Xu1PoH created

baseUrl	https://www.certification.openid.net/test/a/ISVAOP
variant	{ "client_auth_type": "mtls", "fapi_auth_request_method": "pushed", "fapi_profile": "plain_fapi", "fapi_response_mode": "jarm" }
alias	ISVAOP
description
planId	MSTOCQmfu1DvE
config	{ "alias": "ISVAOP", "automated_ciba_approval_url": "http://119.81.74.189:31811/authenticator/userResponse?action\u003d{action}\u0026token\u003d{auth_req_id}", "server": { "discoveryUrl": "https://isamfed.com:6443/isvaop/oauth2/.well-known/openid-configuration" }, "client": { "client_id": "client_mtls_jarm01", "scope": "openid email", "jwks": { "keys": [ { "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M", "kty": "RSA", "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0", "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ", "e": "AQAB", "use": "sig", "kid": "ristrettotest", "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes", "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k", "alg": "PS256", "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0", "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw" } ] }, "hint_type": "login_hint", "hint_value": "testuser" }, "client2": { "client_id": "client_mtls_jarm02", "scope": "openid", "jwks": { "keys": [ { "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8", "kty": "RSA", "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE", "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ", "e": "AQAB", "use": "sig", "kid": "conformancetest", "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI", "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0", "alg": "PS256", "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE", "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw" } ] }, "acr_value": "urn:acr2" }, "resource": { "resourceUrl": "https://isamfed.com:6443/isvaop/oauth2/open-banking/v3.1/aisp/accounts" }, "mtls": { "cert": "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQEL\nBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJ\nc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYD\nVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1ow\nazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2lu\nZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQD\nDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CI\nojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+\nfhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWy\nPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4\nNkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cw\nrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDR\nUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjij\nZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ\n2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA\n86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJ\nYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFK\noPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4\nflhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA\u003d\u003d\n-----END CERTIFICATE-----\n", "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQO\nZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+\njbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++\nA3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Nj\nd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqg\nDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABAoIBAEOmr/MnPlWdb41v\ntTyC9q5XB6sB6JR3fABUARhHj6MMTzWGZU9k2TE4TVWm0xiDPSXAwVADrWnJePlZ\nq0RdRd3MX9iO5daQPZnAEX3Iin9t44jHrZSmClEH6D4b0ur5osgLnMx2R/I3L+lP\nJfrd/fjpt1lMxjAHCz7Jb7INTnLMjBl8Lji9witoeQseo2+SRLanNckCw9t2/Wkq\nlpyTUnVg6icB9QLAh0ASE/zlMdFMYlo1llfxToRpZKQuE0zTXtvMqfkutqSUb8hL\nSBTYuMHOh8aycMB//JgiAMwrHVSVcRn2oMqnk5vm08i/sLK8TT8AGAf8Evn0GJJ8\n8kKHvqECgYEA2Xnd/4+98ZiEnLbkgRPVX7pWVa2ZqCAZ4Cf75cv+IlQ3crJniX0I\nEOpFS71fF8/Ei7DIAELe9zeopQvkUdfzMlC7Rg5AuhJzRIL+FaUFlLJOMz+S7eqi\nLeabclYGIbZrX+n8Xic01oQxRipgV1XMKj+D3MROUoRCWNMS1Xqghe0CgYEAxQbF\nsTjipyvk6ZvrpucqAZ1IVIGiVELGMlUEGmyJ8CgXd3gwmU88RahmwBes0GNzm5hw\ns9J+C/S/zt6gu1pP1g/lEpx4/yxg6MZk8AQEk3VG63Tg2rEzjEIQsz0fTXbO1AVS\nJvEuReB8VCgQEKNYMxrqdHXvpSFHOhQLbvebODkCgYEAgK7e0IjCkQF5fq2t+j69\nJD7DNUFayaPtC7k9EVWqk6+Xe7PbFfy42CF3TYDJkvJqz2mUfqsS+d+iV774pAEP\nM3eXyLVIUZH3SNPl+vLBoaH8KdD1ZPhQbK6mznneePZTBNcUcLXsSv6/lVAf362x\n+FHK+cfivGrsQ1jqLQ25jGUCgYBVrLY2dDgK3YlzE/wK3aZkgVI8fQprfYXVySY5\nn0z0A1sA9mCbqdrZp3rWuPTKwRQ6arVHXJa2+DyX5jMahREGUm8YAraSr2eMkQi/\nXd/nhy3JoU9NiZSSvv+oEUIVWz5g79djW6j1dcJajfk+Yuktf9zHu6jzs17XoHPA\nUydJ8QKBgQCreujKz7G5EEXkwdEqFFolM9A8ZMB2k3t6FaM4P/lEUs+nFkxYz2+r\nxI4HMCE0UOCw58ukQjNmXJhumAAB0HIC28gFVuk8FXPRI46ZRQ4uuqQcSCr3/0yP\nSrJe3uU+IC74iHff9XHmwiHwcpmgsDclyg4Ga5eCf1XNKmZLtu/4Xg\u003d\u003d\n-----END RSA PRIVATE KEY-----\n", "ca": "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQEL\nBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJ\nc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYD\nVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1ow\nazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2lu\nZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQD\nDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CI\nojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+\nfhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWy\nPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4\nNkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cw\nrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDR\nUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjij\nZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ\n2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA\n86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJ\nYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFK\noPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4\nflhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA\u003d\u003d\n-----END CERTIFICATE-----\n" }, "mtls2": { "cert": "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQEL\nBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJ\nc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYD\nVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlow\nazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2lu\nZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQD\nDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV\n37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMY\nC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRd\nLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79A\nsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsS\nnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClr\nEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/\nQODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTG\nfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn\n3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBq\nIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP\n2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrL\np5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ\u003d\u003d\n-----END CERTIFICATE-----\n", "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar\n+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420M\nIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyU\nRUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k\n+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7H\nOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABAoIBABZVROM5pCIa9qsu\nUxgvF3wXAktoAdahrRMjcnIstNQpQ9cT5Jyk5Sey3P9bLRQCjcj9sFuOUNksFa+n\nUGw6qKifVDI02eifZAN9CudMH+P/wu3e9rVtsRhOLNG/oz6+1CYbjam7N+FDSz5T\nFp018fCBoekctbofEVZ3BzJDaX+VrBn6TSBpzMzibDfnnfbkFkep+91okF9TTLIZ\n+Bjl/f1dVfbMZ6scs2rc7Slp52Od0HZ69gerc7l4IFxCiH2pMMbI6lRESYXlaf4j\n/mTJR/sFnDvbyET1UVU5paAhZ/TLGougAGzLtOEhlxLSjNv/5RfFIs1NPLW8iu68\nOgKL94ECgYEA6Ya6XBXydFof+aeHub7AlYdEA9qnQdqQR88AHlHcLIxkyNlVsPh+\n5/t0SrkJtrspBp233Ne9JTflQYk8/+wBE59NutnKJfzzV04ftm1bmW+gBHT36rZR\nW8WT2Kto73A9SLzhhQSp1a14ff9vULoRwQLtWpAANkqTCUD0Zwe4v+kCgYEA1zl7\nLSMmUpjjR1thITcfHnVtI+0U4ilqcDXUZzoaJsSQ4/oSr8Xc2EbF2KsxqPhq6HKO\nhINsPeN+iA1F0F3+oc32k4PI8NrQtIfLsVEvTQ2LuYsR4a8TNyGH/zk0i/XpRy63\n2BrKcYp6iyb3qQgGMdjsK+PW6PChTa6TaopUpFECgYAWozHTlWkQcGAjImNc1Sn0\nFM26FesaziYoX9+iEMtoIh/u/Gp7IkujD1Qhnjhb117NvmJBbURvpDB8HuKj6Gve\nTBYL4+rdrdyk/PTECWvUvuZjKDeUMCJI5ClF2q/sbhPyxiSScXZJOWyxwh43VCI+\ndJsvqT/sA2Sng/1tM2lsaQKBgGitkWZTuTjlGW3EWQpxp9YFoO6fSc/x+s3WsJcA\nYGXIpvvqzhnlr1MVoPaP1RhssnqZ9Q0oaoXzVsBPTExa2xTRewMmTp4unuGfRofY\nh5v/YZz9sdXFdCAVU/LjXNZR5YL0iwA1j48HnjB95Gi2+WRXMA7swsMK/jktFo/z\n9dTxAoGAYk2kwzCs7xwhsa3/xH5xJauvlclDqelC4R1cS2pzQI+MQIfjR4JccZ8x\nly7HMv+2D9vBModxo/msXGq3QJaAmDHzNhee2+OTuKcDLd7wlwSwqZ9EBvxHuLwI\n7/QZejw68iLHZWQMH57daNZL9X/8VwmF/C8tawAvXmflv+ra3Ec\u003d\n-----END RSA PRIVATE KEY-----\n", "ca": "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQEL\nBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJ\nc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYD\nVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlow\nazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2lu\nZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQD\nDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV\n37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMY\nC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRd\nLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79A\nsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsS\nnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClr\nEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/\nQODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTG\nfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn\n3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBq\nIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP\n2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrL\np5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ\u003d\u003d\n-----END CERTIFICATE-----\n" }, "consent": {} }
testName	fapi1-advanced-final-user-rejects-authentication

2022-11-17 06:56:04

(1) More

SUCCESS

CreateRedirectUri

Created redirect URI

redirect_uri

https://www.certification.openid.net/test/a/ISVAOP/callback

2022-11-17 06:56:04

(4) More

GetDynamicServerConfiguration

HTTP request

request_uri	https://isamfed.com:6443/isvaop/oauth2/.well-known/openid-configuration
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/+json, /*", "content-length": "0" }
request_body

2022-11-17 06:56:05

(4) More

RESPONSE

GetDynamicServerConfiguration

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "content-type": "application/json", "date": "Thu, 17 Nov 2022 06:56:05 GMT", "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"", "transfer-encoding": "chunked", "x-correlation-id": "CORR_ID-bb4283b5-7a1f-4455-b3b8-6cadb6c6de88", "strict-transport-security": "max-age\u003d31536000; includeSubDomains" }
response_body	{"authorization_encryption_alg_values_supported":["none","RSA-OAEP"],"authorization_encryption_enc_values_supported":["none","A256GCM"],"authorization_endpoint":"https://isamfed.com:6443/isvaop/oauth2/authorize","authorization_signing_alg_values_supported":["PS256"],"backchannel_authentication_endpoint":"https://isamfed.com:6443/isvaop/oauth2/ciba","backchannel_authentication_request_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_user_code_parameter_supported":false,"claim_types_supported":["normal"],"claims_parameter_supported":true,"claims_supported":["acr","openbanking_intent_id","sharing_duration"],"dpop_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"grant_types_supported":["authorization_code","implicit","password","client_credentials","refresh_token","urn:openid:params:grant-type:ciba"],"id_token_encryption_alg_values_supported":["none","RSA-OAEP"],"id_token_encryption_enc_values_supported":["none","A256GCM"],"id_token_signing_alg_values_supported":["PS256"],"introspection_endpoint":"https://isamfed.com:6443/isvaop/oauth2/introspect","issuer":"https://isamfed.com:6443/isvaop/oauth2","jwks_uri":"https://isamfed.com:6443/isvaop/oauth2/jwks","mtls_endpoint_aliases":{"backchannel_authentication_endpoint":"https://isamfed.com:6443/isvaop/oauth2/ciba","introspection_endpoint":"https://isamfed.com:6443/isvaop/oauth2/introspect","pushed_authorization_request_endpoint":"https://isamfed.com:6443/isvaop/oauth2/par","registration_endpoint":"https://isamfed.com:6443/isvaop/oauth2/register","revocation_endpoint":"https://isamfed.com:6443/isvaop/oauth2/revoke","token_endpoint":"https://isamfed.com:6443/isvaop/oauth2/token"},"pushed_authorization_request_endpoint":"https://isamfed.com:6443/isvaop/oauth2/par","registration_endpoint":"https://isamfed.com:6443/isvaop/oauth2/register","request_object_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"request_object_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"request_object_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_pushed_authorization_requests":true,"require_request_uri_registration":false,"response_modes_supported":["query","fragment","form_post","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["none","code","token","id_token","code token","code id_token","token id_token","code token id_token"],"revocation_endpoint":"https://isamfed.com:6443/isvaop/oauth2/revoke","scopes_supported":["openid","accounts"],"subject_types_supported":["public"],"tls_client_certificate_bound_access_tokens":true,"token_endpoint":"https://isamfed.com:6443/isvaop/oauth2/token","token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","private_key_jwt","tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"userinfo_encryption_alg_values_supported":["none","RSA-OAEP"],"userinfo_encryption_enc_values_supported":["none","A256GCM"],"userinfo_endpoint":"https://isamfed.com:6443/isvaop/oauth2/userinfo","userinfo_signing_alg_values_supported":["PS256"]}

2022-11-17 06:56:05

(42) More

SUCCESS

GetDynamicServerConfiguration

Successfully parsed server configuration

authorization_encryption_alg_values_supported	[ "none", "RSA-OAEP" ]
authorization_encryption_enc_values_supported	[ "none", "A256GCM" ]
authorization_endpoint	https://isamfed.com:6443/isvaop/oauth2/authorize
authorization_signing_alg_values_supported	[ "PS256" ]
backchannel_authentication_endpoint	https://isamfed.com:6443/isvaop/oauth2/ciba
backchannel_authentication_request_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]
backchannel_token_delivery_modes_supported	[ "poll", "ping" ]
backchannel_user_code_parameter_supported	false
claim_types_supported	[ "normal" ]
claims_parameter_supported	true
claims_supported	[ "acr", "openbanking_intent_id", "sharing_duration" ]
dpop_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]
grant_types_supported	[ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:openid:params:grant-type:ciba" ]
id_token_encryption_alg_values_supported	[ "none", "RSA-OAEP" ]
id_token_encryption_enc_values_supported	[ "none", "A256GCM" ]
id_token_signing_alg_values_supported	[ "PS256" ]
introspection_endpoint	https://isamfed.com:6443/isvaop/oauth2/introspect
issuer	https://isamfed.com:6443/isvaop/oauth2
jwks_uri	https://isamfed.com:6443/isvaop/oauth2/jwks
mtls_endpoint_aliases	{ "backchannel_authentication_endpoint": "https://isamfed.com:6443/isvaop/oauth2/ciba", "introspection_endpoint": "https://isamfed.com:6443/isvaop/oauth2/introspect", "pushed_authorization_request_endpoint": "https://isamfed.com:6443/isvaop/oauth2/par", "registration_endpoint": "https://isamfed.com:6443/isvaop/oauth2/register", "revocation_endpoint": "https://isamfed.com:6443/isvaop/oauth2/revoke", "token_endpoint": "https://isamfed.com:6443/isvaop/oauth2/token" }
pushed_authorization_request_endpoint	https://isamfed.com:6443/isvaop/oauth2/par
registration_endpoint	https://isamfed.com:6443/isvaop/oauth2/register
request_object_encryption_alg_values_supported	[ "none", "RSA-OAEP", "RSA-OAEP-256" ]
request_object_encryption_enc_values_supported	[ "none", "A128GCM", "A192GCM", "A256GCM" ]
request_object_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]
request_parameter_supported	true
request_uri_parameter_supported	false
require_pushed_authorization_requests	true
require_request_uri_registration	false
response_modes_supported	[ "query", "fragment", "form_post", "jwt", "query.jwt", "fragment.jwt", "form_post.jwt" ]
response_types_supported	[ "none", "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ]
revocation_endpoint	https://isamfed.com:6443/isvaop/oauth2/revoke
scopes_supported	[ "openid", "accounts" ]
subject_types_supported	[ "public" ]
tls_client_certificate_bound_access_tokens	true
token_endpoint	https://isamfed.com:6443/isvaop/oauth2/token
token_endpoint_auth_methods_supported	[ "client_secret_basic", "client_secret_post", "private_key_jwt", "tls_client_auth" ]
token_endpoint_auth_signing_alg_values_supported	[ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" ]
userinfo_encryption_alg_values_supported	[ "none", "RSA-OAEP" ]
userinfo_encryption_enc_values_supported	[ "none", "A256GCM" ]
userinfo_endpoint	https://isamfed.com:6443/isvaop/oauth2/userinfo
userinfo_signing_alg_values_supported	[ "PS256" ]

2022-11-17 06:56:05	SUCCESS RFC8705-5	AddMTLSEndpointAliasesToEnvironment Added mtls_endpoint_aliases to environment

2022-11-17 06:56:05

(1) More

SUCCESS

CheckServerConfiguration

Found required server configuration keys

required

[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]

2022-11-17 06:56:05

(1) More

FetchServerKeys

Fetching server key

jwks_uri

https://isamfed.com:6443/isvaop/oauth2/jwks

2022-11-17 06:56:05

(4) More

FetchServerKeys

HTTP request

request_uri	https://isamfed.com:6443/isvaop/oauth2/jwks
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/+json, /*", "content-length": "0" }
request_body

2022-11-17 06:56:06

(4) More

RESPONSE

FetchServerKeys

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "content-length": "827", "content-type": "application/json", "date": "Thu, 17 Nov 2022 06:56:06 GMT", "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"", "x-correlation-id": "CORR_ID-be3ea692-b8bc-4dc8-87d6-6e904a4e2aad", "strict-transport-security": "max-age\u003d31536000; includeSubDomains" }
response_body	{"keys":[{"use":"sig","kty":"RSA","kid":"httpserverkey","n":"3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ","e":"AQAB"},{"use":"enc","kty":"RSA","kid":"httpserverkey","n":"3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ","e":"AQAB"}]}

2022-11-17 06:56:06

(1) More

FetchServerKeys

Found JWK set string

jwk_string

{"keys":[{"use":"sig","kty":"RSA","kid":"httpserverkey","n":"3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ","e":"AQAB"},{"use":"enc","kty":"RSA","kid":"httpserverkey","n":"3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ","e":"AQAB"}]}

2022-11-17 06:56:06

(1) More

SUCCESS

FetchServerKeys

Found server JWK set

server_jwks

{
  "keys": [
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "httpserverkey",
      "n": "3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "httpserverkey",
      "n": "3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ",
      "e": "AQAB"
    }
  ]
}

2022-11-17 06:56:06

(1) More

SUCCESS

CheckServerKeysIsValid

Server JWKs is valid

server_jwks

{
  "keys": [
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "httpserverkey",
      "n": "3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "httpserverkey",
      "n": "3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ",
      "e": "AQAB"
    }
  ]
}

2022-11-17 06:56:06	SUCCESS RFC7517-1.1	ValidateServerJWKs Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url

2022-11-17 06:56:06	SUCCESS OIDCC-10.1	CheckForKeyIdInServerJWKs All keys contain kids

2022-11-17 06:56:06	SUCCESS RFC7518-6.3.2.1	EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys Jwks does not contain any private or symmetric keys

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumServerKeyLength

Validated minimum key lengths for server_jwks

server_jwks

{
  "keys": [
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "httpserverkey",
      "n": "3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ",
      "e": "AQAB"
    },
    {
      "use": "enc",
      "kty": "RSA",
      "kid": "httpserverkey",
      "n": "3H8uKbaU0gNgxIzNOI8z19pzicShxM4nd_cs4DqmQU9SCxtjfzyVHpxe-Arg8gr01YoEkIOrz2JJ1G12fNDu7Fepgyy_ZCfqqqstPCj7vmQFC7_XHrDi_xooPT2kfrzHgxUANMe1Kd0Ry2gVexQCrJyDHnLvuYGyA_wQwN3GTHhwB2SfECwnTL87-HICyviTfEqlIU3ymu3u3YeTB5J765i9uT2JtZco9VMtoiR4Hm_e5xSnQmNx3StTiUQrsMo28IxLFgNKAq-aUDvaZ0ulgOp9V-DOlGpBnxSd0G2I58otDC7J7oQ5xhkX6FB1RnMBHgiFSZ492fyJgILkxoUCwQ",
      "e": "AQAB"
    }
  ]
}

2022-11-17 06:56:06

(5) More

SUCCESS

GetStaticClientConfiguration

Found a static client object

client_id	client_mtls_jarm01
scope	openid email
jwks	{ "keys": [ { "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M", "kty": "RSA", "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0", "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ", "e": "AQAB", "use": "sig", "kid": "ristrettotest", "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes", "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k", "alg": "PS256", "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0", "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw" } ] }
hint_type	login_hint
hint_value	testuser

2022-11-17 06:56:06	SUCCESS	ValidateMTLSCertificatesHeader MTLS certificates header is valid

2022-11-17 06:56:06

(3) More

SUCCESS

ExtractMTLSCertificatesFromConfiguration

Mutual TLS authentication credentials loaded

cert

MIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1owazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjijZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFKoPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4flhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA==

key

MIIEpAIBAAKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABAoIBAEOmr/MnPlWdb41vtTyC9q5XB6sB6JR3fABUARhHj6MMTzWGZU9k2TE4TVWm0xiDPSXAwVADrWnJePlZq0RdRd3MX9iO5daQPZnAEX3Iin9t44jHrZSmClEH6D4b0ur5osgLnMx2R/I3L+lPJfrd/fjpt1lMxjAHCz7Jb7INTnLMjBl8Lji9witoeQseo2+SRLanNckCw9t2/WkqlpyTUnVg6icB9QLAh0ASE/zlMdFMYlo1llfxToRpZKQuE0zTXtvMqfkutqSUb8hLSBTYuMHOh8aycMB//JgiAMwrHVSVcRn2oMqnk5vm08i/sLK8TT8AGAf8Evn0GJJ88kKHvqECgYEA2Xnd/4+98ZiEnLbkgRPVX7pWVa2ZqCAZ4Cf75cv+IlQ3crJniX0IEOpFS71fF8/Ei7DIAELe9zeopQvkUdfzMlC7Rg5AuhJzRIL+FaUFlLJOMz+S7eqiLeabclYGIbZrX+n8Xic01oQxRipgV1XMKj+D3MROUoRCWNMS1Xqghe0CgYEAxQbFsTjipyvk6ZvrpucqAZ1IVIGiVELGMlUEGmyJ8CgXd3gwmU88RahmwBes0GNzm5hws9J+C/S/zt6gu1pP1g/lEpx4/yxg6MZk8AQEk3VG63Tg2rEzjEIQsz0fTXbO1AVSJvEuReB8VCgQEKNYMxrqdHXvpSFHOhQLbvebODkCgYEAgK7e0IjCkQF5fq2t+j69JD7DNUFayaPtC7k9EVWqk6+Xe7PbFfy42CF3TYDJkvJqz2mUfqsS+d+iV774pAEPM3eXyLVIUZH3SNPl+vLBoaH8KdD1ZPhQbK6mznneePZTBNcUcLXsSv6/lVAf362x+FHK+cfivGrsQ1jqLQ25jGUCgYBVrLY2dDgK3YlzE/wK3aZkgVI8fQprfYXVySY5n0z0A1sA9mCbqdrZp3rWuPTKwRQ6arVHXJa2+DyX5jMahREGUm8YAraSr2eMkQi/Xd/nhy3JoU9NiZSSvv+oEUIVWz5g79djW6j1dcJajfk+Yuktf9zHu6jzs17XoHPAUydJ8QKBgQCreujKz7G5EEXkwdEqFFolM9A8ZMB2k3t6FaM4P/lEUs+nFkxYz2+rxI4HMCE0UOCw58ukQjNmXJhumAAB0HIC28gFVuk8FXPRI46ZRQ4uuqQcSCr3/0yPSrJe3uU+IC74iHff9XHmwiHwcpmgsDclyg4Ga5eCf1XNKmZLtu/4Xg==

ca

MIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1owazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjijZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFKoPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4flhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA==

2022-11-17 06:56:06	SUCCESS RFC7517-1.1	ValidateClientJWKsPrivatePart Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url

2022-11-17 06:56:06

(2) More

SUCCESS

ExtractJWKsFromStaticClientConfiguration

Extracted client JWK

client_jwks

{
  "keys": [
    {
      "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M",
      "kty": "RSA",
      "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0",
      "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "ristrettotest",
      "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes",
      "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k",
      "alg": "PS256",
      "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0",
      "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw"
    }
  ]
}

public_client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "ristrettotest",
      "alg": "PS256",
      "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw"
    }
  ]
}

2022-11-17 06:56:06	SUCCESS OIDCC-10.1	CheckForKeyIdInClientJWKs All keys contain kids

2022-11-17 06:56:06

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Distinct 'kid' value in all keys of client_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-ADV-8.6

FAPICheckKeyAlgInClientJWKs

Keys in client JWKS all have permitted 'alg'

permitted

[
  "PS256",
  "ES256"
]

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumClientKeyLength

Validated minimum key lengths for client_jwks

client_jwks

{
  "keys": [
    {
      "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M",
      "kty": "RSA",
      "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0",
      "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "ristrettotest",
      "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes",
      "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k",
      "alg": "PS256",
      "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0",
      "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw"
    }
  ]
}

2022-11-17 06:56:06	SUCCESS	ValidateMTLSCertificatesAsX509 Mutual TLS authentication cert validated as X.509

Verify configuration of second client

2022-11-17 06:56:06

(4) More

SUCCESS

GetStaticClient2Configuration

Found a static second client object

client_id	client_mtls_jarm02
scope	openid
jwks	{ "keys": [ { "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8", "kty": "RSA", "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE", "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ", "e": "AQAB", "use": "sig", "kid": "conformancetest", "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI", "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0", "alg": "PS256", "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE", "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw" } ] }
acr_value	urn:acr2

2022-11-17 06:56:06	SUCCESS	ValidateMTLSCertificates2Header MTLS certificates header is valid

2022-11-17 06:56:06

(3) More

SUCCESS

ExtractMTLSCertificates2FromConfiguration

Mutual TLS authentication credentials loaded

cert

MIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlowazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/QODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTGfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBqIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrLp5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ==

key

MIIEogIBAAKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABAoIBABZVROM5pCIa9qsuUxgvF3wXAktoAdahrRMjcnIstNQpQ9cT5Jyk5Sey3P9bLRQCjcj9sFuOUNksFa+nUGw6qKifVDI02eifZAN9CudMH+P/wu3e9rVtsRhOLNG/oz6+1CYbjam7N+FDSz5TFp018fCBoekctbofEVZ3BzJDaX+VrBn6TSBpzMzibDfnnfbkFkep+91okF9TTLIZ+Bjl/f1dVfbMZ6scs2rc7Slp52Od0HZ69gerc7l4IFxCiH2pMMbI6lRESYXlaf4j/mTJR/sFnDvbyET1UVU5paAhZ/TLGougAGzLtOEhlxLSjNv/5RfFIs1NPLW8iu68OgKL94ECgYEA6Ya6XBXydFof+aeHub7AlYdEA9qnQdqQR88AHlHcLIxkyNlVsPh+5/t0SrkJtrspBp233Ne9JTflQYk8/+wBE59NutnKJfzzV04ftm1bmW+gBHT36rZRW8WT2Kto73A9SLzhhQSp1a14ff9vULoRwQLtWpAANkqTCUD0Zwe4v+kCgYEA1zl7LSMmUpjjR1thITcfHnVtI+0U4ilqcDXUZzoaJsSQ4/oSr8Xc2EbF2KsxqPhq6HKOhINsPeN+iA1F0F3+oc32k4PI8NrQtIfLsVEvTQ2LuYsR4a8TNyGH/zk0i/XpRy632BrKcYp6iyb3qQgGMdjsK+PW6PChTa6TaopUpFECgYAWozHTlWkQcGAjImNc1Sn0FM26FesaziYoX9+iEMtoIh/u/Gp7IkujD1Qhnjhb117NvmJBbURvpDB8HuKj6GveTBYL4+rdrdyk/PTECWvUvuZjKDeUMCJI5ClF2q/sbhPyxiSScXZJOWyxwh43VCI+dJsvqT/sA2Sng/1tM2lsaQKBgGitkWZTuTjlGW3EWQpxp9YFoO6fSc/x+s3WsJcAYGXIpvvqzhnlr1MVoPaP1RhssnqZ9Q0oaoXzVsBPTExa2xTRewMmTp4unuGfRofYh5v/YZz9sdXFdCAVU/LjXNZR5YL0iwA1j48HnjB95Gi2+WRXMA7swsMK/jktFo/z9dTxAoGAYk2kwzCs7xwhsa3/xH5xJauvlclDqelC4R1cS2pzQI+MQIfjR4JccZ8xly7HMv+2D9vBModxo/msXGq3QJaAmDHzNhee2+OTuKcDLd7wlwSwqZ9EBvxHuLwI7/QZejw68iLHZWQMH57daNZL9X/8VwmF/C8tawAvXmflv+ra3Ec=

ca

MIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlowazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/QODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTGfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBqIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrLp5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ==

2022-11-17 06:56:06	SUCCESS RFC7517-1.1	ValidateClientJWKsPrivatePart Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url

2022-11-17 06:56:06

(2) More

SUCCESS

ExtractJWKsFromStaticClientConfiguration

Extracted client JWK

client_jwks

{
  "keys": [
    {
      "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8",
      "kty": "RSA",
      "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE",
      "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "conformancetest",
      "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI",
      "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0",
      "alg": "PS256",
      "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE",
      "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw"
    }
  ]
}

public_client_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "conformancetest",
      "alg": "PS256",
      "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw"
    }
  ]
}

2022-11-17 06:56:06	SUCCESS OIDCC-10.1	CheckForKeyIdInClientJWKs All keys contain kids

2022-11-17 06:56:06

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Distinct 'kid' value in all keys of client_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-ADV-8.6

FAPICheckKeyAlgInClientJWKs

Keys in client JWKS all have permitted 'alg'

permitted

[
  "PS256",
  "ES256"
]

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-BASE-5.2.2-6 FAPI1-BASE-5.2.2-5

FAPIEnsureMinimumClientKeyLength

Validated minimum key lengths for client_jwks

client_jwks

{
  "keys": [
    {
      "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8",
      "kty": "RSA",
      "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE",
      "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "conformancetest",
      "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI",
      "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0",
      "alg": "PS256",
      "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE",
      "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw"
    }
  ]
}

2022-11-17 06:56:06	SUCCESS	ValidateMTLSCertificatesAsX509 Mutual TLS authentication cert validated as X.509

2022-11-17 06:56:06

(2) More

SUCCESS

ValidateClientPrivateKeysAreDifferent

Client signing JWKs have different thumbprints

jwk1

{
  "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M",
  "kty": "RSA",
  "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0",
  "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ",
  "e": "AQAB",
  "use": "sig",
  "kid": "ristrettotest",
  "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes",
  "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k",
  "alg": "PS256",
  "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0",
  "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw"
}

jwk2

{
  "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8",
  "kty": "RSA",
  "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE",
  "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ",
  "e": "AQAB",
  "use": "sig",
  "kid": "conformancetest",
  "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI",
  "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0",
  "alg": "PS256",
  "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE",
  "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw"
}

2022-11-17 06:56:06

(1) More

SUCCESS

GetResourceEndpointConfiguration

Found a resource endpoint object

resourceUrl

https://isamfed.com:6443/isvaop/oauth2/open-banking/v3.1/aisp/accounts

2022-11-17 06:56:06

(1) More

SUCCESS

SetProtectedResourceUrlToSingleResourceEndpoint

Set protected resource URL

protected_resource_url

https://isamfed.com:6443/isvaop/oauth2/open-banking/v3.1/aisp/accounts

2022-11-17 06:56:06

(1) More

SUCCESS

ExtractTLSTestValuesFromResourceConfiguration

Extracted TLS information from resource endpoint

resource_endpoint

{
  "testHost": "isamfed.com",
  "testPort": 6443
}

2022-11-17 06:56:06

(2) More

SUCCESS

ExtractTLSTestValuesFromOBResourceConfiguration

Extracted TLS information from resource endpoint

accounts_resource_endpoint	{ "testHost": "isamfed.com", "testPort": 6443 }
accounts_request_endpoint	{ "testHost": "isamfed.com", "testPort": 6443 }

2022-11-17 06:56:06		fapi1-advanced-final-user-rejects-authentication Setup Done

Make request to authorization endpoint

2022-11-17 06:56:06

(3) More

SUCCESS

CreateAuthorizationEndpointRequestFromClientInformation

Created authorization endpoint request

client_id	client_mtls_jarm01
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback
scope	openid email

2022-11-17 06:56:06

(1) More

SUCCESS

AddAcrClaimToAuthorizationEndpointRequest

Added acr claim to authorization_endpoint_request

authorization_endpoint_request

{
  "client_id": "client_mtls_jarm01",
  "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP/callback",
  "scope": "openid email",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}

2022-11-17 06:56:06

(2) More

CreateRandomStateValue

Created state value

requested_state_length	128
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3

2022-11-17 06:56:06

(5) More

SUCCESS

AddStateToAuthorizationEndpointRequest

Added state parameter to request

client_id	client_mtls_jarm01
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3

2022-11-17 06:56:06

(2) More

CreateRandomNonceValue

Created nonce value

requested_nonce_length	10
nonce	HErNwezfgu

2022-11-17 06:56:06

(6) More

SUCCESS

AddNonceToAuthorizationEndpointRequest

Added nonce parameter to request

client_id	client_mtls_jarm01
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3
nonce	HErNwezfgu

2022-11-17 06:56:06

(7) More

SUCCESS

SetAuthorizationEndpointRequestResponseTypeToCode

Added response_type parameter to request

client_id	client_mtls_jarm01
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3
nonce	HErNwezfgu
response_type	code

2022-11-17 06:56:06

(8) More

SUCCESS

SetAuthorizationEndpointRequestResponseModeToJWT

Added response_mode parameter to request

client_id	client_mtls_jarm01
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3
nonce	HErNwezfgu
response_type	code
response_mode	jwt

2022-11-17 06:56:06

(1) More

CreateRandomCodeVerifier

Created code_verifier value

code_verifier

80e-puLL9VoVAyIJxgY7DfwK4cHqNw5n_k4EQm7~giSVDfW4DVbKzKyDT0M1zUfK67A.9O._lleG5XTYOp47alka7lohHsZRToZr-V5uZ_A83S-V0J.NtIVBaO1oHtXI

2022-11-17 06:56:06

(1) More

CreateS256CodeChallenge

Created code_challenge value

code_challenge

aOSya2b_wltOJKfQEG2rSg8MJy3erOxkOHy85yC79-c

2022-11-17 06:56:06

(10) More

SUCCESS

RFC7636-4.3

AddCodeChallengeToAuthorizationEndpointRequest

Added code_challenge and code_challenge_method parameters to request

client_id	client_mtls_jarm01
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback
scope	openid email
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3
nonce	HErNwezfgu
response_type	code
response_mode	jwt
code_challenge	aOSya2b_wltOJKfQEG2rSg8MJy3erOxkOHy85yC79-c
code_challenge_method	S256

2022-11-17 06:56:06

(1) More

SUCCESS

ConvertAuthorizationEndpointRequestToRequestObject

Created request object claims

request_object_claims

{
  "client_id": "client_mtls_jarm01",
  "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP/callback",
  "scope": "openid email",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3",
  "nonce": "HErNwezfgu",
  "response_type": "code",
  "response_mode": "jwt",
  "code_challenge": "aOSya2b_wltOJKfQEG2rSg8MJy3erOxkOHy85yC79-c",
  "code_challenge_method": "S256"
}

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-ADV-5.2.2-17

AddNbfToRequestObject

Added nbf to request object claims

nbf	1.668668166E9

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-ADV-5.2.2-13

AddExpToRequestObject

Added exp to request object claims

exp	1.668668466E9

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-ADV-5.2.2-14

AddAudToRequestObject

Added aud to request object claims

aud	https://isamfed.com:6443/isvaop/oauth2

2022-11-17 06:56:06

(1) More

SUCCESS

OIDCC-6.1

AddIssToRequestObject

Added iss to request object claims

iss	client_mtls_jarm01

2022-11-17 06:56:06

(1) More

SUCCESS

FAPI1-ADV-5.2.3-8

AddClientIdToRequestObject

Added client_id to request object claims

client_id

client_mtls_jarm01

2022-11-17 06:56:06

(4) More

SUCCESS

SignRequestObject

Signed the request object

claims	{ "iss": "client_mtls_jarm01", "response_type": "code", "code_challenge_method": "S256", "nonce": "HErNwezfgu", "client_id": "client_mtls_jarm01", "response_mode": "jwt", "aud": "https://isamfed.com:6443/isvaop/oauth2", "nbf": 1668668166, "scope": "openid email", "claims": { "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }, "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP/callback", "state": "0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3", "exp": 1668668466, "code_challenge": "aOSya2b_wltOJKfQEG2rSg8MJy3erOxkOHy85yC79-c" }
header	{ "kid": "ristrettotest", "alg": "PS256" }
request_object	eyJraWQiOiJyaXN0cmV0dG90ZXN0IiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJub25jZSI6IkhFck53ZXpmZ3UiLCJjbGllbnRfaWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJyZXNwb25zZV9tb2RlIjoiand0IiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjY0NDNcL2lzdmFvcFwvb2F1dGgyIiwibmJmIjoxNjY4NjY4MTY2LCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QXC9jYWxsYmFjayIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMiLCJleHAiOjE2Njg2Njg0NjYsImNvZGVfY2hhbGxlbmdlIjoiYU9TeWEyYl93bHRPSktmUUVHMnJTZzhNSnkzZXJPeGtPSHk4NXlDNzktYyJ9.aWuEC9HtEyUvgu10eOmwMC-nXQpF0VoidofuU7wP0vvwQPOFVuDzGzFa6aHr4ynX3NCTBDbU9Kux3lOl2ChpqXUwzbaknKxVma5aTj-TfWIF3vOGyi70SEhUIX4N597x08LgQJ9ruSEiHnRGfunTAzRe-v42LDEw9DfnwvEhlc-kM7bPLmc2ZSXm1DLJIx71jEQVeDJqGYR4b7nqAHZyetkFg1Tb52DvscTwYXCqxVjp6DvEDWVdeUE7FMzDwxQlR1JFrpxyYraLMxr8zlNaD3ABFVkpKJgCDAbxyBL5sn1wUYtR-MwDhWIpJ2lvXV7pRMk6sIV6G3f8l3e9OBsOBw
key	{ "p": "5POsvBfNiTqioCBLGaWsOQwTCPkGAECgCeWXqQykp6Cfbfoi1mvbRDAbNPjoLP88bOOt9v528Tpsi8ZuwQRn9XiK8IyyuxIrDaGBvfZCLCK513R8rX3gj-raer-FMaEIpr1bYCTOKBhyhcP46nTwfXNxTwfKFY7O0H8sWcBfF_M", "kty": "RSA", "q": "oqadQZ4jqFife7hlA2viAEGjJMu8ZRRIx15U19XKw4LbgHYAs3p965WO2lHJqkRUwD1YXZwqOcapUs2samp8JmoZ9j3OavwuRV7qW68_xV3W5xG8lV41RfKLX0c1ny7jJhPWOAbuJzjp3okjqy3hUBZ8Y2B25A2u8fxuhf7U3x0", "d": "Z-mgweEYkai9vr_dBYL0LaaHcfVv4D0X638cQIl99VNzZ8h3GqwtLC_zN6kx89S9C8nprfP2NvTegKxs-2bh-FN08k16zolcx6jEkZSgmUOhMLlpmB0qhHWOnYT047y-h9rQ9rZCVxIClJu5Whh8pa_Xlm3BDlbgJBEZSZAwbuWojQ3a-1J6Z8dP6aGqICUxOofz8z2KGxfQnCTmDIyfdCePmBlx7zdFvgq7SI9fDywkfo0ReBmVA4UX9DIbeR2nShZ53Q54rAPzbBLdwD3NzGeGN7Fk53PT3uYVBUq8nNzIwtdaeTRJ7_QxBBy769uG6I2yKIEE3hHldQT0hTs5AQ", "e": "AQAB", "use": "sig", "kid": "ristrettotest", "qi": "uzQHF2KOelrHJhOYBmoHkbiQqczkA3AQXOwAQME3P32dFJgOOB6QdCfrg1C2JTobx8Q3EVoko1j96QE2XCrWEBs9oW-4gg4CPGaU7BmVFt0lB88-ZD6E2N0byg2mekYtdGR3ifispEZHdIBP7TxW82in3fn-nB08YMqQAqqIGes", "dp": "UcoLBxapwkBEIFfo_DyHDcoWcrojPqvXgDGYwDdYCtoCmlMlZtwY9H8K-R2CM7DqcSvU1cuJyhtI85XrsuBUEwkA-XYJ03JmFvR_WNFESmgNY76lW4UAV-laK0eH2XbhlE9I-Uusqf4xyz97CKbF0ssOy2DI_HKLx0fnHBjw36k", "alg": "PS256", "dq": "KSaoYMKm2N_bMc0cWXpBCrmQki2ts5EnPLHEG3tuunpwGJdCZCZYl3MWWmwY7qgtHRooMj7hfA6kJlv9BEt-r6VmfiNzByRYfJqgBqRXKRMt3PZi1ROpvNG5q1hz25tcQvT_3Nr8BBZlLTVbPeL0v3OA8w-j5N0FZxnryKEJsI0", "n": "kXc19SlD_vUPcIA9Rf43Nd2kyvaPmsF8_BnwmX3N8svnIFlpAcSMeDKRGjpSZpOaVnrHyTeq19CFoTgRt1DT5mUJp9JmsXSZumMbcQBzCiwQvBO988nFCiZAJedAyo05PpuFQgIP0kQInEAevcduDeRWedE7pdb1TGMGnsLl7C3A7KdNBzU0sYooA04OYUGtJAdGaja-tSkZpHUAit7ywS2cBOx5UuNc2_oqWDoE7S_RfxYqouoIV36o0nR_IukvhpdGQ3aX8JVXHSdiuAgOmu3v3X6JKem20f2rt8-mKG0kqBLIYbYHErTwPtaXbs2H6vtRECrTSPlRIbh_j95jhw" }

2022-11-17 06:56:06

(1) More

SUCCESS

BuildRequestObjectPostToPAREndpoint

request

eyJraWQiOiJyaXN0cmV0dG90ZXN0IiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJub25jZSI6IkhFck53ZXpmZ3UiLCJjbGllbnRfaWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJyZXNwb25zZV9tb2RlIjoiand0IiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjY0NDNcL2lzdmFvcFwvb2F1dGgyIiwibmJmIjoxNjY4NjY4MTY2LCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QXC9jYWxsYmFjayIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMiLCJleHAiOjE2Njg2Njg0NjYsImNvZGVfY2hhbGxlbmdlIjoiYU9TeWEyYl93bHRPSktmUUVHMnJTZzhNSnkzZXJPeGtPSHk4NXlDNzktYyJ9.aWuEC9HtEyUvgu10eOmwMC-nXQpF0VoidofuU7wP0vvwQPOFVuDzGzFa6aHr4ynX3NCTBDbU9Kux3lOl2ChpqXUwzbaknKxVma5aTj-TfWIF3vOGyi70SEhUIX4N597x08LgQJ9ruSEiHnRGfunTAzRe-v42LDEw9DfnwvEhlc-kM7bPLmc2ZSXm1DLJIx71jEQVeDJqGYR4b7nqAHZyetkFg1Tb52DvscTwYXCqxVjp6DvEDWVdeUE7FMzDwxQlR1JFrpxyYraLMxr8zlNaD3ABFVkpKJgCDAbxyBL5sn1wUYtR-MwDhWIpJ2lvXV7pRMk6sIV6G3f8l3e9OBsOBw

2022-11-17 06:56:06

(2) More

SUCCESS

AddClientIdToPAREndpointRequest

request

eyJraWQiOiJyaXN0cmV0dG90ZXN0IiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJub25jZSI6IkhFck53ZXpmZ3UiLCJjbGllbnRfaWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJyZXNwb25zZV9tb2RlIjoiand0IiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjY0NDNcL2lzdmFvcFwvb2F1dGgyIiwibmJmIjoxNjY4NjY4MTY2LCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QXC9jYWxsYmFjayIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMiLCJleHAiOjE2Njg2Njg0NjYsImNvZGVfY2hhbGxlbmdlIjoiYU9TeWEyYl93bHRPSktmUUVHMnJTZzhNSnkzZXJPeGtPSHk4NXlDNzktYyJ9.aWuEC9HtEyUvgu10eOmwMC-nXQpF0VoidofuU7wP0vvwQPOFVuDzGzFa6aHr4ynX3NCTBDbU9Kux3lOl2ChpqXUwzbaknKxVma5aTj-TfWIF3vOGyi70SEhUIX4N597x08LgQJ9ruSEiHnRGfunTAzRe-v42LDEw9DfnwvEhlc-kM7bPLmc2ZSXm1DLJIx71jEQVeDJqGYR4b7nqAHZyetkFg1Tb52DvscTwYXCqxVjp6DvEDWVdeUE7FMzDwxQlR1JFrpxyYraLMxr8zlNaD3ABFVkpKJgCDAbxyBL5sn1wUYtR-MwDhWIpJ2lvXV7pRMk6sIV6G3f8l3e9OBsOBw

client_id

client_mtls_jarm01

2022-11-17 06:56:06

(5) More

CallPAREndpoint

HTTP request

request_uri	https://isamfed.com:6443/isvaop/oauth2/par
request_method	POST
request_headers	{ "accept": "application/json", "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8", "content-length": "1283" }
request_body	request=eyJraWQiOiJyaXN0cmV0dG90ZXN0IiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJub25jZSI6IkhFck53ZXpmZ3UiLCJjbGllbnRfaWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJyZXNwb25zZV9tb2RlIjoiand0IiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjY0NDNcL2lzdmFvcFwvb2F1dGgyIiwibmJmIjoxNjY4NjY4MTY2LCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QXC9jYWxsYmFjayIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMiLCJleHAiOjE2Njg2Njg0NjYsImNvZGVfY2hhbGxlbmdlIjoiYU9TeWEyYl93bHRPSktmUUVHMnJTZzhNSnkzZXJPeGtPSHk4NXlDNzktYyJ9.aWuEC9HtEyUvgu10eOmwMC-nXQpF0VoidofuU7wP0vvwQPOFVuDzGzFa6aHr4ynX3NCTBDbU9Kux3lOl2ChpqXUwzbaknKxVma5aTj-TfWIF3vOGyi70SEhUIX4N597x08LgQJ9ruSEiHnRGfunTAzRe-v42LDEw9DfnwvEhlc-kM7bPLmc2ZSXm1DLJIx71jEQVeDJqGYR4b7nqAHZyetkFg1Tb52DvscTwYXCqxVjp6DvEDWVdeUE7FMzDwxQlR1JFrpxyYraLMxr8zlNaD3ABFVkpKJgCDAbxyBL5sn1wUYtR-MwDhWIpJ2lvXV7pRMk6sIV6G3f8l3e9OBsOBw&client_id=client_mtls_jarm01
request_mutual_tls	{ "cert": "MIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1owazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjijZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFKoPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4flhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA\u003d\u003d", "key": "MIIEpAIBAAKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABAoIBAEOmr/MnPlWdb41vtTyC9q5XB6sB6JR3fABUARhHj6MMTzWGZU9k2TE4TVWm0xiDPSXAwVADrWnJePlZq0RdRd3MX9iO5daQPZnAEX3Iin9t44jHrZSmClEH6D4b0ur5osgLnMx2R/I3L+lPJfrd/fjpt1lMxjAHCz7Jb7INTnLMjBl8Lji9witoeQseo2+SRLanNckCw9t2/WkqlpyTUnVg6icB9QLAh0ASE/zlMdFMYlo1llfxToRpZKQuE0zTXtvMqfkutqSUb8hLSBTYuMHOh8aycMB//JgiAMwrHVSVcRn2oMqnk5vm08i/sLK8TT8AGAf8Evn0GJJ88kKHvqECgYEA2Xnd/4+98ZiEnLbkgRPVX7pWVa2ZqCAZ4Cf75cv+IlQ3crJniX0IEOpFS71fF8/Ei7DIAELe9zeopQvkUdfzMlC7Rg5AuhJzRIL+FaUFlLJOMz+S7eqiLeabclYGIbZrX+n8Xic01oQxRipgV1XMKj+D3MROUoRCWNMS1Xqghe0CgYEAxQbFsTjipyvk6ZvrpucqAZ1IVIGiVELGMlUEGmyJ8CgXd3gwmU88RahmwBes0GNzm5hws9J+C/S/zt6gu1pP1g/lEpx4/yxg6MZk8AQEk3VG63Tg2rEzjEIQsz0fTXbO1AVSJvEuReB8VCgQEKNYMxrqdHXvpSFHOhQLbvebODkCgYEAgK7e0IjCkQF5fq2t+j69JD7DNUFayaPtC7k9EVWqk6+Xe7PbFfy42CF3TYDJkvJqz2mUfqsS+d+iV774pAEPM3eXyLVIUZH3SNPl+vLBoaH8KdD1ZPhQbK6mznneePZTBNcUcLXsSv6/lVAf362x+FHK+cfivGrsQ1jqLQ25jGUCgYBVrLY2dDgK3YlzE/wK3aZkgVI8fQprfYXVySY5n0z0A1sA9mCbqdrZp3rWuPTKwRQ6arVHXJa2+DyX5jMahREGUm8YAraSr2eMkQi/Xd/nhy3JoU9NiZSSvv+oEUIVWz5g79djW6j1dcJajfk+Yuktf9zHu6jzs17XoHPAUydJ8QKBgQCreujKz7G5EEXkwdEqFFolM9A8ZMB2k3t6FaM4P/lEUs+nFkxYz2+rxI4HMCE0UOCw58ukQjNmXJhumAAB0HIC28gFVuk8FXPRI46ZRQ4uuqQcSCr3/0yPSrJe3uU+IC74iHff9XHmwiHwcpmgsDclyg4Ga5eCf1XNKmZLtu/4Xg\u003d\u003d", "ca": "MIIDtzCCAp+gAwIBAgIUecoZmREQNgLwFH/TMEWLTwb1CB8wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMB4XDTIyMDEwNDA0MzE1M1oXDTQxMDkyMTA0MzE1M1owazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2CIojMF5NdBrY48wKHtvzUHUPlMcHSYgJM4wv67sDXVSCQOZd07spVW6VG4OdDLvCK+fhdX+EH5+jUkCfCxn1vCiyK/T6ArZJzdcsjFTtEbqAH+jbITYLa1Og38EI0ARvWyPbU4jRd53PKliCRYoZXoKHnEL2fz6voUlIgyBh+0Et++A3RLWPDUnFslJpwwDZl4NkttpTrAgbxMt07vyZuO9nmsiC/Ax9u9lFNrtUtX87Njd957IoLE+hOgEKpNp0cwrw/P8y0/Vk8HtdzHWf6mqmw4gxnmk9s2MIUxoYRJewqgDU4/f7ukY2Kl++ptLUDRUfCuTckS7r+aLIipxQIDAQABo1MwUTAdBgNVHQ4EFgQU/UtMjt5v2kVdyNfPDjijZi42WIQwHwYDVR0jBBgwFoAU/UtMjt5v2kVdyNfPDjijZi42WIQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWex3c0yfWkszPtF6B4cPUwwTMiwQ2GyQxxeV9iOuXoMQ6Nf7IBi3KijaWb17E690/Es4cS0P6WWyWa0pd9e/OWq/7HtA86TTiHUp8lkYM0Bc6317SjOYR3E0oIx53pHXtM/afK+ROzAux9xzztKjGyE13cNJYErSggLeMhW0kwUwRU3Wsl4DYwfqbuT62vvbya/Zf6u/lGvMGHoFozRTqPXtboFKoPLmQXzo92tw1UxRyPmeFiZfIjzee7gOShseCuD2dS59Ie+aD/ymI1FdElDB29J4flhKfJxQl0EQTjXaXR4kRw+zB4OzNIjv3FD2F4kq7qsxzyFb14z8bkp/gA\u003d\u003d" }

2022-11-17 06:56:07

(4) More

RESPONSE

CallPAREndpoint

HTTP response

response_status_code	201 CREATED
response_status_text	Created
response_headers	{ "content-length": "112", "content-type": "application/json;charset\u003dUTF-8", "date": "Thu, 17 Nov 2022 06:56:07 GMT", "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"", "cache-control": "no-store", "x-correlation-id": "CORR_ID-0e84e7e1-35f7-4a63-9594-7af6e47b41b9", "strict-transport-security": "max-age\u003d31536000; includeSubDomains", "pragma": "no-cache", "set-cookie": "PD-S-SESSION-ID\u003d1_2_1_Nqks+E9MZ204ftSMeRitNgPtv1AOVG7v9EeLv2T6FyLjl0ms; Path\u003d/; Secure; HttpOnly" }
response_body	{"expires_in":600,"request_uri":"urn:ietf:params:oauth:request_uri:_hkbU0ww9exrnKcl3SnHxlZMh4xZz7tLhJMFtH-rre0"}

2022-11-17 06:56:07

(2) More

SUCCESS

PAR-2.1

CallPAREndpoint

Parsed pushed authorization request endpoint response

expires_in	600
request_uri	urn:ietf:params:oauth:request_uri:_hkbU0ww9exrnKcl3SnHxlZMh4xZz7tLhJMFtH-rre0

2022-11-17 06:56:07	SUCCESS PAR-2.2 PAR-2.3	CheckPAREndpointResponse201WithNoError pushed authorization request endpoint correct response.

2022-11-17 06:56:07

(1) More

SUCCESS

PAR-2.2

CheckForRequestUriValue

Found valid request_uri

request_uri

urn:ietf:params:oauth:request_uri:_hkbU0ww9exrnKcl3SnHxlZMh4xZz7tLhJMFtH-rre0

2022-11-17 06:56:07

(1) More

SUCCESS

PAR-2.2

CheckForPARResponseExpiresIn

Found expires_in

expires_in

2022-11-17 06:56:07	SUCCESS	ExtractRequestUriFromPARResponse Extracted the request_uri: urn:ietf:params:oauth:request_uri:_hkbU0ww9exrnKcl3SnHxlZMh4xZz7tLhJMFtH-rre0

2022-11-17 06:56:07

(3) More

SUCCESS

PAR-7.1 PAR-2.2 JAR-10.2

EnsureMinimumRequestUriEntropy

Calculated shannon entropy seems sufficient

actual	379.79749524930327
expected	128.0
value	urn:ietf:params:oauth:request_uri:_hkbU0ww9exrnKcl3SnHxlZMh4xZz7tLhJMFtH-rre0

2022-11-17 06:56:07

(1) More

SUCCESS

PAR-4

BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint

Sending to authorization endpoint

redirect_to_authorization_endpoint

https://isamfed.com:6443/isvaop/oauth2/authorize?request_uri=urn:ietf:params:oauth:request_uri:_hkbU0ww9exrnKcl3SnHxlZMh4xZz7tLhJMFtH-rre0&client_id=client_mtls_jarm01&redirect_uri=https://www.certification.openid.net/test/a/ISVAOP/callback&scope=openid%20email&response_type=code

2022-11-17 06:56:07

(1) More

REDIRECT

fapi1-advanced-final-user-rejects-authentication

Redirecting to authorization endpoint

redirect_to

https://isamfed.com:6443/isvaop/oauth2/authorize?request_uri=urn:ietf:params:oauth:request_uri:_hkbU0ww9exrnKcl3SnHxlZMh4xZz7tLhJMFtH-rre0&client_id=client_mtls_jarm01&redirect_uri=https://www.certification.openid.net/test/a/ISVAOP/callback&scope=openid%20email&response_type=code

2022-11-17 06:56:16

(11) More

INCOMING

fapi1-advanced-final-user-rejects-authentication

Incoming HTTP request to /test/a/ISVAOP/callback

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,/;q\u003d0.8", "accept-language": "en,fr;q\u003d0.8,et;q\u003d0.5,en-US;q\u003d0.3", "accept-encoding": "gzip, deflate, br", "referer": "https://isamfed.com:6443/", "cookie": "__utma\u003d201319536.734078888.1579071622.1667207731.1667786646.55; __utmz\u003d201319536.1666849630.50.24.utmcsr\u003dcertification.openid.net\|utmccn\u003d(referral)\|utmcmd\u003dreferral\|utmcct\u003d/; _ga\u003dGA1.2.734078888.1579071622; JSESSIONID\u003d01B78A29AD6DAAFAE7082842F0441C85", "upgrade-insecure-requests": "1", "sec-fetch-dest": "document", "sec-fetch-mode": "navigate", "sec-fetch-site": "cross-site", "sec-fetch-user": "?1", "connection": "close" }
incoming_path	/test/a/ISVAOP/callback
incoming_body_form_params
incoming_method	GET
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{ "response": "eyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ3NiwiaWF0IjoxNjY4NjY4MTc2LCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6ImMxM2Y0MGEyLWNkZWEtNDJlYi1iYTAwLWI3ZTNkZmYzNTkzZCIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMifQ.oTkNlxkxIjMGHMxWpvYJjEUMCPbQr1PXFIfbMhmVhRZ6d7Fiut5mWBuTBVQtKfMQQ7jtTlY0WLVzhWCx0ly8KDgLh9eA2x5vXSzbARWID8uLOwLXGMf-hNP3UxHOjVGRk6tj_nE1jEzTFlczjYwMnayDr5m7IkygjOllRYGv32lMJD7vcpBXuKfnnqcw_TgWj-NC0EFwdT0TCklJzpCVTuRfy34Uz6g2AAgTM1OzxSeJIp77YWhuGmulERvv-g0bsPWKXSAoKIa3etiABwuzgyifYs-iTHMwC3uqQ7EoOy15Fx-JzAxUMA9d5oah3eZ0i6o9Rw89Sb29GDZ6pCQJxQ" }
incoming_body
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_tls_cipher	ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json

2022-11-17 06:56:16

(1) More

SUCCESS

CreateRandomImplicitSubmitUrl

Created random implicit submission URL

implicit_submit

{
  "path": "implicit/OkYM5rAIgJB1rJOKLbui",
  "fullUrl": "https://www.certification.openid.net/test/a/ISVAOP/implicit/OkYM5rAIgJB1rJOKLbui"
}

2022-11-17 06:56:16

(2) More

OUTGOING

fapi1-advanced-final-user-rejects-authentication

Response to HTTP request to test instance hs79r6927Xu1PoH

outgoing

ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/ISVAOP/implicit/OkYM5rAIgJB1rJOKLbui, returnUrl=/log-detail.html?log=hs79r6927Xu1PoH}]

outgoing_path

callback

2022-11-17 06:56:17

(11) More

INCOMING

fapi1-advanced-final-user-rejects-authentication

Incoming HTTP request to /test/a/ISVAOP/implicit/OkYM5rAIgJB1rJOKLbui

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0", "accept": "/", "accept-language": "en,fr;q\u003d0.8,et;q\u003d0.5,en-US;q\u003d0.3", "accept-encoding": "gzip, deflate, br", "content-type": "text/plain", "x-requested-with": "XMLHttpRequest", "origin": "https://www.certification.openid.net", "referer": "https://www.certification.openid.net/test/a/ISVAOP/callback?response\u003deyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ3NiwiaWF0IjoxNjY4NjY4MTc2LCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6ImMxM2Y0MGEyLWNkZWEtNDJlYi1iYTAwLWI3ZTNkZmYzNTkzZCIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMifQ.oTkNlxkxIjMGHMxWpvYJjEUMCPbQr1PXFIfbMhmVhRZ6d7Fiut5mWBuTBVQtKfMQQ7jtTlY0WLVzhWCx0ly8KDgLh9eA2x5vXSzbARWID8uLOwLXGMf-hNP3UxHOjVGRk6tj_nE1jEzTFlczjYwMnayDr5m7IkygjOllRYGv32lMJD7vcpBXuKfnnqcw_TgWj-NC0EFwdT0TCklJzpCVTuRfy34Uz6g2AAgTM1OzxSeJIp77YWhuGmulERvv-g0bsPWKXSAoKIa3etiABwuzgyifYs-iTHMwC3uqQ7EoOy15Fx-JzAxUMA9d5oah3eZ0i6o9Rw89Sb29GDZ6pCQJxQ", "cookie": "__utma\u003d201319536.734078888.1579071622.1667207731.1667786646.55; __utmz\u003d201319536.1666849630.50.24.utmcsr\u003dcertification.openid.net\|utmccn\u003d(referral)\|utmcmd\u003dreferral\|utmcct\u003d/; _ga\u003dGA1.2.734078888.1579071622; JSESSIONID\u003d01B78A29AD6DAAFAE7082842F0441C85", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "connection": "close", "content-length": "0" }
incoming_path	/test/a/ISVAOP/implicit/OkYM5rAIgJB1rJOKLbui
incoming_body_form_params
incoming_method	POST
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{}
incoming_body
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_tls_cipher	ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json

2022-11-17 06:56:17

(4) More

OUTGOING

fapi1-advanced-final-user-rejects-authentication

Response to HTTP request to test instance hs79r6927Xu1PoH

outgoing_status_code	204
outgoing_headers	{}
outgoing_body
outgoing_path	implicit/OkYM5rAIgJB1rJOKLbui

2022-11-17 06:56:17	SUCCESS	ExtractImplicitHashToCallbackResponse implicit_hash is empty

2022-11-17 06:56:17

(5) More

REDIRECT-IN

fapi1-advanced-final-user-rejects-authentication

Authorization endpoint response captured

url_query	{ "response": "eyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ3NiwiaWF0IjoxNjY4NjY4MTc2LCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6ImMxM2Y0MGEyLWNkZWEtNDJlYi1iYTAwLWI3ZTNkZmYzNTkzZCIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMifQ.oTkNlxkxIjMGHMxWpvYJjEUMCPbQr1PXFIfbMhmVhRZ6d7Fiut5mWBuTBVQtKfMQQ7jtTlY0WLVzhWCx0ly8KDgLh9eA2x5vXSzbARWID8uLOwLXGMf-hNP3UxHOjVGRk6tj_nE1jEzTFlczjYwMnayDr5m7IkygjOllRYGv32lMJD7vcpBXuKfnnqcw_TgWj-NC0EFwdT0TCklJzpCVTuRfy34Uz6g2AAgTM1OzxSeJIp77YWhuGmulERvv-g0bsPWKXSAoKIa3etiABwuzgyifYs-iTHMwC3uqQ7EoOy15Fx-JzAxUMA9d5oah3eZ0i6o9Rw89Sb29GDZ6pCQJxQ" }
headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,/;q\u003d0.8", "accept-language": "en,fr;q\u003d0.8,et;q\u003d0.5,en-US;q\u003d0.3", "accept-encoding": "gzip, deflate, br", "referer": "https://isamfed.com:6443/", "cookie": "__utma\u003d201319536.734078888.1579071622.1667207731.1667786646.55; __utmz\u003d201319536.1666849630.50.24.utmcsr\u003dcertification.openid.net\|utmccn\u003d(referral)\|utmcmd\u003dreferral\|utmcct\u003d/; _ga\u003dGA1.2.734078888.1579071622; JSESSIONID\u003d01B78A29AD6DAAFAE7082842F0441C85", "upgrade-insecure-requests": "1", "sec-fetch-dest": "document", "sec-fetch-mode": "navigate", "sec-fetch-site": "cross-site", "sec-fetch-user": "?1", "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256", "x-ssl-protocol": "TLSv1.2", "x-forwarded-proto": "https", "x-forwarded-port": "443", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
http_method	GET
url_fragment	{}
post_body

Verify authorization endpoint response

2022-11-17 06:56:17

(3) More

SUCCESS

FAPI1-ADV-5.2.3.2-1 JARM-4.3.4 JARM-4.3.1

ExtractJARMFromURLQuery

Found and parsed the jarm_response from callback_query_params

value	eyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ3NiwiaWF0IjoxNjY4NjY4MTc2LCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6ImMxM2Y0MGEyLWNkZWEtNDJlYi1iYTAwLWI3ZTNkZmYzNTkzZCIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMifQ.oTkNlxkxIjMGHMxWpvYJjEUMCPbQr1PXFIfbMhmVhRZ6d7Fiut5mWBuTBVQtKfMQQ7jtTlY0WLVzhWCx0ly8KDgLh9eA2x5vXSzbARWID8uLOwLXGMf-hNP3UxHOjVGRk6tj_nE1jEzTFlczjYwMnayDr5m7IkygjOllRYGv32lMJD7vcpBXuKfnnqcw_TgWj-NC0EFwdT0TCklJzpCVTuRfy34Uz6g2AAgTM1OzxSeJIp77YWhuGmulERvv-g0bsPWKXSAoKIa3etiABwuzgyifYs-iTHMwC3uqQ7EoOy15Fx-JzAxUMA9d5oah3eZ0i6o9Rw89Sb29GDZ6pCQJxQ
header	{ "kid": "httpserverkey", "typ": "JWT", "alg": "PS256" }
claims	{ "aud": "client_mtls_jarm01", "error_description": "CSIAQ0180E The user did not consent to access the protected resource.", "iss": "https://isamfed.com:6443/isvaop/oauth2", "state": "0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3", "error": "access_denied", "exp": 1668668476, "iat": 1668668176, "jti": "c13f40a2-cdea-42eb-ba00-b7e3dff3593d" }

2022-11-17 06:56:17	SUCCESS JARM-4.1	RejectNonJarmResponsesInUrlQuery Authorization endpoint response only includes the JARM JWT.

2022-11-17 06:56:17

(4) More

SUCCESS

ExtractAuthorizationEndpointResponseFromJARMResponse

Extracted the authorization response

error_description	CSIAQ0180E The user did not consent to access the protected resource.
iss	https://isamfed.com:6443/isvaop/oauth2
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3
error	access_denied

2022-11-17 06:56:17	SUCCESS JARM-4.4-5 JARM-4.4-4 JARM-4.4-3	ValidateJARMResponse JARM response standard JWT claims are valid

2022-11-17 06:56:17

(2) More

SUCCESS

FAPI1ValidateJarmSigningAlg

JARM response was signed with a permitted algorithm

permitted	[ "PS256", "ES256" ]
alg	PS256

2022-11-17 06:56:17

(2) More

SUCCESS

JARM-4.1

ValidateJARMExpRecommendations

JARM response 'exp' is less than 10 minutes

now	"Nov 17, 2022, 6:56:17 AM"
expiration	"Nov 17, 2022, 7:01:16 AM"

2022-11-17 06:56:17

(1) More

SUCCESS

JARM-4.4-6

ValidateJARMSignatureUsingKid

jarm_response signature validated

jarm_response

eyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDEiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ3NiwiaWF0IjoxNjY4NjY4MTc2LCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6ImMxM2Y0MGEyLWNkZWEtNDJlYi1iYTAwLWI3ZTNkZmYzNTkzZCIsInN0YXRlIjoiMEhzWHY3TWhKM0h2dG9WNzY4Y2w2a3hIa0JKMFB3SVo0Q2RWNmE0VmZQNnpUajJtVGlFU29qd2Zjeml2QmJiOFU2bkcyaUVvNkwxR241dlJ3M1hjYnhIMlVwVHVqVEtERGc2VHVLejV4UXVSZTNqdEFFWG83T2FKSFZxQTBnSzMifQ.oTkNlxkxIjMGHMxWpvYJjEUMCPbQr1PXFIfbMhmVhRZ6d7Fiut5mWBuTBVQtKfMQQ7jtTlY0WLVzhWCx0ly8KDgLh9eA2x5vXSzbARWID8uLOwLXGMf-hNP3UxHOjVGRk6tj_nE1jEzTFlczjYwMnayDr5m7IkygjOllRYGv32lMJD7vcpBXuKfnnqcw_TgWj-NC0EFwdT0TCklJzpCVTuRfy34Uz6g2AAgTM1OzxSeJIp77YWhuGmulERvv-g0bsPWKXSAoKIa3etiABwuzgyifYs-iTHMwC3uqQ7EoOy15Fx-JzAxUMA9d5oah3eZ0i6o9Rw89Sb29GDZ6pCQJxQ

2022-11-17 06:56:17	SUCCESS OIDCC-3.3.2.5	RejectAuthCodeInUrlQuery Authorization code is not present in URL query returned from authorization endpoint

2022-11-17 06:56:17

(1) More

SUCCESS

CheckStateInAuthorizationResponse

State in response correctly returned

state

0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3

2022-11-17 06:56:17

(4) More

SUCCESS

OIDCC-3.1.2.6

EnsureErrorFromAuthorizationEndpointResponse

Authorization endpoint returned an error

error_description	CSIAQ0180E The user did not consent to access the protected resource.
iss	https://isamfed.com:6443/isvaop/oauth2
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3
error	access_denied

2022-11-17 06:56:17

(4) More

SUCCESS

OIDCC-3.1.2.6

CheckForUnexpectedParametersInErrorResponseFromAuthorizationEndpoint

error response includes only expected parameters

error_description	CSIAQ0180E The user did not consent to access the protected resource.
iss	https://isamfed.com:6443/isvaop/oauth2
state	0HsXv7MhJ3HvtoV768cl6kxHkBJ0PwIZ4CdV6a4VfP6zTj2mTiESojwfczivBbb8U6nG2iEo6L1Gn5vRw3XcbxH2UpTujTKDDg6TuKz5xQuRe3jtAEXo7OaJHVqA0gK3
error	access_denied

2022-11-17 06:56:17	SUCCESS RFC6749-4.1.2.1 OIDCC-3.1.2.6	ExpectAccessDeniedErrorFromAuthorizationEndpointDueToUserRejectingRequest error parameter is correctly 'access_denied'

Second client: Setup

2022-11-17 06:56:17

(1) More

SUCCESS

RFC6749-3.1.2

AddRedirectUriQuerySuffix

Created redirect URI query suffix to test that query sections in the registered redirect url are handled correctly. The redirect url, including this suffix, must be registered for the client as per http://openid.net/certification/fapi_op_testing/

redirect_uri_suffix

?dummy1=lorem&dummy2=ipsum

2022-11-17 06:56:17

(1) More

CreateRedirectUri

Appending suffix to redirect URI

suffix

?dummy1=lorem&dummy2=ipsum

2022-11-17 06:56:17

(1) More

SUCCESS

RFC6749-3.1.2

CreateRedirectUri

Created redirect URI

redirect_uri

https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1=lorem&dummy2=ipsum

Second client: Make request to authorization endpoint

2022-11-17 06:56:17

(3) More

SUCCESS

CreateAuthorizationEndpointRequestFromClientInformation

Created authorization endpoint request

client_id	client_mtls_jarm02
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1=lorem&dummy2=ipsum
scope	openid

2022-11-17 06:56:17

(1) More

SUCCESS

AddAcrClaimToAuthorizationEndpointRequest

Added acr claim to authorization_endpoint_request

authorization_endpoint_request

{
  "client_id": "client_mtls_jarm02",
  "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1\u003dlorem\u0026dummy2\u003dipsum",
  "scope": "openid",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}

2022-11-17 06:56:17

(2) More

CreateRandomStateValue

Created state value

requested_state_length	128
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR

2022-11-17 06:56:17

(5) More

SUCCESS

AddStateToAuthorizationEndpointRequest

Added state parameter to request

client_id	client_mtls_jarm02
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1=lorem&dummy2=ipsum
scope	openid
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR

2022-11-17 06:56:17

(2) More

CreateRandomNonceValue

Created nonce value

requested_nonce_length	10
nonce	fY4gMGRDCV

2022-11-17 06:56:17

(6) More

SUCCESS

AddNonceToAuthorizationEndpointRequest

Added nonce parameter to request

client_id	client_mtls_jarm02
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1=lorem&dummy2=ipsum
scope	openid
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR
nonce	fY4gMGRDCV

2022-11-17 06:56:17

(7) More

SUCCESS

SetAuthorizationEndpointRequestResponseTypeToCode

Added response_type parameter to request

client_id	client_mtls_jarm02
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1=lorem&dummy2=ipsum
scope	openid
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR
nonce	fY4gMGRDCV
response_type	code

2022-11-17 06:56:17

(8) More

SUCCESS

SetAuthorizationEndpointRequestResponseModeToJWT

Added response_mode parameter to request

client_id	client_mtls_jarm02
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1=lorem&dummy2=ipsum
scope	openid
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR
nonce	fY4gMGRDCV
response_type	code
response_mode	jwt

2022-11-17 06:56:17

(1) More

CreateRandomCodeVerifier

Created code_verifier value

code_verifier

R.JXK4MmF3MdZliuCDvGtK.2NLJ_RAQl-a3JqDBpL5k5v6A-BLhw4BJwdlx18KF8jBef2RHG~htQEri09lo63SCvbNv-OfPFO7Ynb2AlODn7e7bVujFxln5l9EcJMgim

2022-11-17 06:56:17

(1) More

CreateS256CodeChallenge

Created code_challenge value

code_challenge

vb6_Zz-M7C3I_ER56NhW-rKG8ZRok5GCapAcGLq-CDI

2022-11-17 06:56:17

(10) More

SUCCESS

RFC7636-4.3

AddCodeChallengeToAuthorizationEndpointRequest

Added code_challenge and code_challenge_method parameters to request

client_id	client_mtls_jarm02
redirect_uri	https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1=lorem&dummy2=ipsum
scope	openid
claims	{ "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR
nonce	fY4gMGRDCV
response_type	code
response_mode	jwt
code_challenge	vb6_Zz-M7C3I_ER56NhW-rKG8ZRok5GCapAcGLq-CDI
code_challenge_method	S256

2022-11-17 06:56:17

(1) More

SUCCESS

ConvertAuthorizationEndpointRequestToRequestObject

Created request object claims

request_object_claims

{
  "client_id": "client_mtls_jarm02",
  "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1\u003dlorem\u0026dummy2\u003dipsum",
  "scope": "openid",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR",
  "nonce": "fY4gMGRDCV",
  "response_type": "code",
  "response_mode": "jwt",
  "code_challenge": "vb6_Zz-M7C3I_ER56NhW-rKG8ZRok5GCapAcGLq-CDI",
  "code_challenge_method": "S256"
}

2022-11-17 06:56:17

(1) More

SUCCESS

AddIatToRequestObject

Added iat to request object claims

iat	1.668668177E9

2022-11-17 06:56:17

(1) More

SUCCESS

FAPI1-ADV-5.2.2-17

AddNbfToRequestObject

Added nbf to request object claims

nbf	1.668668177E9

2022-11-17 06:56:17

(1) More

SUCCESS

FAPI1-ADV-5.2.2-13

AddExpToRequestObject

Added exp to request object claims

exp	1.668668477E9

2022-11-17 06:56:17

(1) More

SUCCESS

FAPI1-ADV-5.2.2-14

AddAudToRequestObject

Added aud to request object claims

aud	https://isamfed.com:6443/isvaop/oauth2

2022-11-17 06:56:17

(1) More

SUCCESS

OIDCC-6.1

AddIssToRequestObject

Added iss to request object claims

iss	client_mtls_jarm02

2022-11-17 06:56:17

(1) More

SUCCESS

FAPI1-ADV-5.2.3-8

AddClientIdToRequestObject

Added client_id to request object claims

client_id

client_mtls_jarm02

2022-11-17 06:56:17

(4) More

SUCCESS

SignRequestObject

Signed the request object

claims	{ "iss": "client_mtls_jarm02", "response_type": "code", "code_challenge_method": "S256", "nonce": "fY4gMGRDCV", "client_id": "client_mtls_jarm02", "response_mode": "jwt", "aud": "https://isamfed.com:6443/isvaop/oauth2", "nbf": 1668668177, "scope": "openid", "claims": { "id_token": { "acr": { "value": "urn:mace:incommon:iap:silver", "essential": true } } }, "redirect_uri": "https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1\u003dlorem\u0026dummy2\u003dipsum", "state": "2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR", "exp": 1668668477, "iat": 1668668177, "code_challenge": "vb6_Zz-M7C3I_ER56NhW-rKG8ZRok5GCapAcGLq-CDI" }
header	{ "kid": "conformancetest", "alg": "PS256" }
request_object	eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJub25jZSI6ImZZNGdNR1JEQ1YiLCJjbGllbnRfaWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJyZXNwb25zZV9tb2RlIjoiand0IiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjY0NDNcL2lzdmFvcFwvb2F1dGgyIiwibmJmIjoxNjY4NjY4MTc3LCJzY29wZSI6Im9wZW5pZCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QXC9jYWxsYmFjaz9kdW1teTE9bG9yZW0mZHVtbXkyPWlwc3VtIiwic3RhdGUiOiIydE1YNmpYZEhwZ3FqYmpwUEZia1NhNTh0NHQ5UkhOcGFzRzVQcEtBN1NXY01EdVp1MTlaQ0ZPS2tNdGRER2xFbk1NczdHd0cwSXdseExMN0F3U2E0OFl2TFpTZVZ4MThyM3lUV1RvODBYR0lPQlY2SEtJenZWMEpBYm8yNFpBUiIsImV4cCI6MTY2ODY2ODQ3NywiaWF0IjoxNjY4NjY4MTc3LCJjb2RlX2NoYWxsZW5nZSI6InZiNl9aei1NN0MzSV9FUjU2TmhXLXJLRzhaUm9rNUdDYXBBY0dMcS1DREkifQ.pamhKuVoRUNetIQGvH0qZOBg5pxotgQUwMoajmGT0jki7wJybtq46qeHBTxhGnZSPy3kkp3Qj1t9ikfRbOxkOsXVwgjGv9Q4YfYVggid18SYYMcYYp8LBDxNizpAy_-jtTh-eHxnLeXyhwoA_xcYw-YdBnAxhNfGZWC2yv9vOnmyZeNYFvP78zKzKZguXyS4Dah2LYrh2ZSwU98BIuaN-OE7j2XLO3c_QklpCdTVNClfZYxvTlyh5IRp1Q3srJ1NR7Lf26RfKvSk9I4FWccyZaQnlY4Dd7YM44AKTZ6WgtySq8k3UPMDxS98I914UUuwCOtKcJ-gJdy5YLkjEyZoAg
key	{ "p": "_a4hJlGIgqTgO5MjxTa4j4-rnui8ofinPAs2lh5D3YQEQfpVPrEYlv8eo_sPpwkeU1M-PXVT2U59Os56IiKzDhqdQgaIRbq6Si8fhPxPrI4ei-wXuihqF1QDbbAuXf7ZV8_Yx1XCPKadrRNa8TKZWO4vDR30EdDsjL2uhyxdcI8", "kty": "RSA", "q": "x4GpCUG5Kwo6xv6Wl5UWUuV817mccDDnWVSLqK7Msb58BSfcK7kLrdzSFxBuo_DoK4RYu5K34HbAIzoZuC4cRJXR5QDf6BKxuyyF0qMNrHWpoXSpQOXHR6UowPaNHKfa4pXhcRCj4yo47VkipXEm2tD9bdTB0ydVZTJXrRKw9IE", "d": "moWnAjS47_t0jdjYHaubEY3f0MI5lVKwZblDqbkKoYUVfguFTI55opUg6EUGJDX74SM1acfPRpe6P7V9Iet_PoGpunQ4TdD3H4yCetqLBniZPNDn8oeVKkhhj97v-GyLyAWumaEDntO0O566TGUL-a0GwrcfT63Z_A4e0-NCTNyrn-hyy5Ljlw17r9MehxwXhi6wZdZJnu7iPT2UJGYeO9R-qedE_UiBzPYsXCjXV6FrY4awDGvWAr4R24hkI9naj6hIcmJhL-34xh6_hWomFtCHtKkNRSVHjMcIP5HOeK4yUqlRssvr61xzDwxrtv32Tj5JCDFUCc-NM8YVYy3oAQ", "e": "AQAB", "use": "sig", "kid": "conformancetest", "qi": "ZIgXA-QKu5WscOoA4paq3INWIFNf34tPa1I2MTe30_fLShaDwwF3F_CzUscVd1k7Mbn_VpuKfK2C5Vqupoyj7uyk1gm-iuWtJYcxTkE61udn5vRq4lnjNzxtQCjHm48ZRnVmpFCMrSbcb2oJMzWFH1aM2vyCwuMcrSckR7YVVUI", "dp": "HSWmtWpkzu32vaGYWI6DAiu1wlpnYgzZ2jJHoVP05DzI6HPE26EpfB_v-1NbZwvLKjPEUPdsHOnBxcH3knh-Lj6slut9ONXNlbx4WKVM2jyyEc2cpE0Ec425nx7BFRe1DTvaYnzeBm32a-5vYos3x1oGmfE5G9rvcvRQW0OjsM0", "alg": "PS256", "dq": "XyYfkCKgRT6jubRB7hlUhESevePwEDHCpIAF-3UiesL2Mx9HijK-tzTRnd5gZh_HGroL96mJuKvqBuL20ThskulBKY65Ot1vlm0thb_uDYowVKhm8GSmHi1Ounjb5AbKBbalxl7BSt4gOFKCi5TjiwiRVYhayHHB8HmKByka7AE", "n": "xbLYBJ3SXWsNcLG03ieLj3UcqOQa0z4KHgjDSIytAv9GgKotTJU9skUvXWLJJuHlAh1MjI9rBZenMuUTqvaHvxMxMpDn5sc2GOLxmoM_dJBAPKmLWhNPNlKAJCVDAWHGcydBNLu8_ZkGCKaXbLStWjPl2djokKNU7gJLGEdv_PaT8-DUKH65xJ7sAaEqgsaFjXUuK7eLQG3Dxd64CLpfiCl9szHZldQkV3t44zfdB9KdaZyWiHwqRUe0mdc4Nn3-QZ7PhfY1z2q0fxEetcMyjr_5RLDWgOltneNmxyrbaxNHUMuiSnroemaRXZMxLyx_c8rDL8YRZ5VXToQw2q4EDw" }

2022-11-17 06:56:17

(1) More

SUCCESS

BuildRequestObjectPostToPAREndpoint

request

eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJub25jZSI6ImZZNGdNR1JEQ1YiLCJjbGllbnRfaWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJyZXNwb25zZV9tb2RlIjoiand0IiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjY0NDNcL2lzdmFvcFwvb2F1dGgyIiwibmJmIjoxNjY4NjY4MTc3LCJzY29wZSI6Im9wZW5pZCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QXC9jYWxsYmFjaz9kdW1teTE9bG9yZW0mZHVtbXkyPWlwc3VtIiwic3RhdGUiOiIydE1YNmpYZEhwZ3FqYmpwUEZia1NhNTh0NHQ5UkhOcGFzRzVQcEtBN1NXY01EdVp1MTlaQ0ZPS2tNdGRER2xFbk1NczdHd0cwSXdseExMN0F3U2E0OFl2TFpTZVZ4MThyM3lUV1RvODBYR0lPQlY2SEtJenZWMEpBYm8yNFpBUiIsImV4cCI6MTY2ODY2ODQ3NywiaWF0IjoxNjY4NjY4MTc3LCJjb2RlX2NoYWxsZW5nZSI6InZiNl9aei1NN0MzSV9FUjU2TmhXLXJLRzhaUm9rNUdDYXBBY0dMcS1DREkifQ.pamhKuVoRUNetIQGvH0qZOBg5pxotgQUwMoajmGT0jki7wJybtq46qeHBTxhGnZSPy3kkp3Qj1t9ikfRbOxkOsXVwgjGv9Q4YfYVggid18SYYMcYYp8LBDxNizpAy_-jtTh-eHxnLeXyhwoA_xcYw-YdBnAxhNfGZWC2yv9vOnmyZeNYFvP78zKzKZguXyS4Dah2LYrh2ZSwU98BIuaN-OE7j2XLO3c_QklpCdTVNClfZYxvTlyh5IRp1Q3srJ1NR7Lf26RfKvSk9I4FWccyZaQnlY4Dd7YM44AKTZ6WgtySq8k3UPMDxS98I914UUuwCOtKcJ-gJdy5YLkjEyZoAg

2022-11-17 06:56:17

(2) More

SUCCESS

AddClientIdToPAREndpointRequest

request

eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJub25jZSI6ImZZNGdNR1JEQ1YiLCJjbGllbnRfaWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJyZXNwb25zZV9tb2RlIjoiand0IiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjY0NDNcL2lzdmFvcFwvb2F1dGgyIiwibmJmIjoxNjY4NjY4MTc3LCJzY29wZSI6Im9wZW5pZCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QXC9jYWxsYmFjaz9kdW1teTE9bG9yZW0mZHVtbXkyPWlwc3VtIiwic3RhdGUiOiIydE1YNmpYZEhwZ3FqYmpwUEZia1NhNTh0NHQ5UkhOcGFzRzVQcEtBN1NXY01EdVp1MTlaQ0ZPS2tNdGRER2xFbk1NczdHd0cwSXdseExMN0F3U2E0OFl2TFpTZVZ4MThyM3lUV1RvODBYR0lPQlY2SEtJenZWMEpBYm8yNFpBUiIsImV4cCI6MTY2ODY2ODQ3NywiaWF0IjoxNjY4NjY4MTc3LCJjb2RlX2NoYWxsZW5nZSI6InZiNl9aei1NN0MzSV9FUjU2TmhXLXJLRzhaUm9rNUdDYXBBY0dMcS1DREkifQ.pamhKuVoRUNetIQGvH0qZOBg5pxotgQUwMoajmGT0jki7wJybtq46qeHBTxhGnZSPy3kkp3Qj1t9ikfRbOxkOsXVwgjGv9Q4YfYVggid18SYYMcYYp8LBDxNizpAy_-jtTh-eHxnLeXyhwoA_xcYw-YdBnAxhNfGZWC2yv9vOnmyZeNYFvP78zKzKZguXyS4Dah2LYrh2ZSwU98BIuaN-OE7j2XLO3c_QklpCdTVNClfZYxvTlyh5IRp1Q3srJ1NR7Lf26RfKvSk9I4FWccyZaQnlY4Dd7YM44AKTZ6WgtySq8k3UPMDxS98I914UUuwCOtKcJ-gJdy5YLkjEyZoAg

client_id

client_mtls_jarm02

2022-11-17 06:56:17

(5) More

CallPAREndpoint

HTTP request

request_uri	https://isamfed.com:6443/isvaop/oauth2/par
request_method	POST
request_headers	{ "accept": "application/json", "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8", "content-length": "1335" }
request_body	request=eyJraWQiOiJjb25mb3JtYW5jZXRlc3QiLCJhbGciOiJQUzI1NiJ9.eyJpc3MiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJub25jZSI6ImZZNGdNR1JEQ1YiLCJjbGllbnRfaWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJyZXNwb25zZV9tb2RlIjoiand0IiwiYXVkIjoiaHR0cHM6XC9cL2lzYW1mZWQuY29tOjY0NDNcL2lzdmFvcFwvb2F1dGgyIiwibmJmIjoxNjY4NjY4MTc3LCJzY29wZSI6Im9wZW5pZCIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvSVNWQU9QXC9jYWxsYmFjaz9kdW1teTE9bG9yZW0mZHVtbXkyPWlwc3VtIiwic3RhdGUiOiIydE1YNmpYZEhwZ3FqYmpwUEZia1NhNTh0NHQ5UkhOcGFzRzVQcEtBN1NXY01EdVp1MTlaQ0ZPS2tNdGRER2xFbk1NczdHd0cwSXdseExMN0F3U2E0OFl2TFpTZVZ4MThyM3lUV1RvODBYR0lPQlY2SEtJenZWMEpBYm8yNFpBUiIsImV4cCI6MTY2ODY2ODQ3NywiaWF0IjoxNjY4NjY4MTc3LCJjb2RlX2NoYWxsZW5nZSI6InZiNl9aei1NN0MzSV9FUjU2TmhXLXJLRzhaUm9rNUdDYXBBY0dMcS1DREkifQ.pamhKuVoRUNetIQGvH0qZOBg5pxotgQUwMoajmGT0jki7wJybtq46qeHBTxhGnZSPy3kkp3Qj1t9ikfRbOxkOsXVwgjGv9Q4YfYVggid18SYYMcYYp8LBDxNizpAy_-jtTh-eHxnLeXyhwoA_xcYw-YdBnAxhNfGZWC2yv9vOnmyZeNYFvP78zKzKZguXyS4Dah2LYrh2ZSwU98BIuaN-OE7j2XLO3c_QklpCdTVNClfZYxvTlyh5IRp1Q3srJ1NR7Lf26RfKvSk9I4FWccyZaQnlY4Dd7YM44AKTZ6WgtySq8k3UPMDxS98I914UUuwCOtKcJ-gJdy5YLkjEyZoAg&client_id=client_mtls_jarm02
request_mutual_tls	{ "cert": "MIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlowazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/QODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTGfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBqIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrLp5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ\u003d\u003d", "key": "MIIEogIBAAKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABAoIBABZVROM5pCIa9qsuUxgvF3wXAktoAdahrRMjcnIstNQpQ9cT5Jyk5Sey3P9bLRQCjcj9sFuOUNksFa+nUGw6qKifVDI02eifZAN9CudMH+P/wu3e9rVtsRhOLNG/oz6+1CYbjam7N+FDSz5TFp018fCBoekctbofEVZ3BzJDaX+VrBn6TSBpzMzibDfnnfbkFkep+91okF9TTLIZ+Bjl/f1dVfbMZ6scs2rc7Slp52Od0HZ69gerc7l4IFxCiH2pMMbI6lRESYXlaf4j/mTJR/sFnDvbyET1UVU5paAhZ/TLGougAGzLtOEhlxLSjNv/5RfFIs1NPLW8iu68OgKL94ECgYEA6Ya6XBXydFof+aeHub7AlYdEA9qnQdqQR88AHlHcLIxkyNlVsPh+5/t0SrkJtrspBp233Ne9JTflQYk8/+wBE59NutnKJfzzV04ftm1bmW+gBHT36rZRW8WT2Kto73A9SLzhhQSp1a14ff9vULoRwQLtWpAANkqTCUD0Zwe4v+kCgYEA1zl7LSMmUpjjR1thITcfHnVtI+0U4ilqcDXUZzoaJsSQ4/oSr8Xc2EbF2KsxqPhq6HKOhINsPeN+iA1F0F3+oc32k4PI8NrQtIfLsVEvTQ2LuYsR4a8TNyGH/zk0i/XpRy632BrKcYp6iyb3qQgGMdjsK+PW6PChTa6TaopUpFECgYAWozHTlWkQcGAjImNc1Sn0FM26FesaziYoX9+iEMtoIh/u/Gp7IkujD1Qhnjhb117NvmJBbURvpDB8HuKj6GveTBYL4+rdrdyk/PTECWvUvuZjKDeUMCJI5ClF2q/sbhPyxiSScXZJOWyxwh43VCI+dJsvqT/sA2Sng/1tM2lsaQKBgGitkWZTuTjlGW3EWQpxp9YFoO6fSc/x+s3WsJcAYGXIpvvqzhnlr1MVoPaP1RhssnqZ9Q0oaoXzVsBPTExa2xTRewMmTp4unuGfRofYh5v/YZz9sdXFdCAVU/LjXNZR5YL0iwA1j48HnjB95Gi2+WRXMA7swsMK/jktFo/z9dTxAoGAYk2kwzCs7xwhsa3/xH5xJauvlclDqelC4R1cS2pzQI+MQIfjR4JccZ8xly7HMv+2D9vBModxo/msXGq3QJaAmDHzNhee2+OTuKcDLd7wlwSwqZ9EBvxHuLwI7/QZejw68iLHZWQMH57daNZL9X/8VwmF/C8tawAvXmflv+ra3Ec\u003d", "ca": "MIIDtzCCAp+gAwIBAgIUWzVEE6ZzNUl6kwxJgrUgERqiDXkwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMB4XDTIyMDEwNDA0MzQxNloXDTQxMDkyMTA0MzQxNlowazELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCXNpbmdhcG9yZTESMBAGA1UEBwwJc2luZ2Fwb3JlMQwwCgYDVQQKDANJQk0xETAPBgNVBAsMCHNlY3VyaXR5MRMwEQYDVQQDDApjbGllbnRJRDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSV37045EHSIKgQ+yofftUN/Ym1kv17rx1G92uepLHgw1Ar+Qvoq2w6La1k9tGZuMMYC8RmlqT+7S6Z5LP4AjKByW+1vX6zJPN6xmEnDFDd420MIqC56cqs3JyfJEybhVRdLCgGvz3uZ7dewKm+oiLECOGAST0jzMc5szzxtvkN5jyURUAaYhLqjlsqpS2XM79AsJIRQy/XsYux1wf42CFvS1Ves3N/aTbO5N6VA5h4KA1k+7/F1HlP+J1rB2dk7zsSnwvsGLvV1r5Eb5XP8DphKZ+xtJmANNo3NiNONxuV0T7HOXzrqgp2VDt9tXuJOClrEJEJJnAUJ7cYXtn8uQIDAQABo1MwUTAdBgNVHQ4EFgQUAZeJHIZu9VunYouyoHf/QODzbREwHwYDVR0jBBgwFoAUAZeJHIZu9VunYouyoHf/QODzbREwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAft9Mp/WpGdRF1sCzVG2r7SHxaxTGfWC+iZJBVZfFTJcthDawCW3xIfQb0RUrtGWTKBgpCp8GSCxFYPuri/nZn2vRbujn3woK2siXWS64bYDUOJ3xHvt3/j0PPGRfQ3faSXjdvtkE7ayLRKdb132rBd2k7oBqIZkM3ezvXg49KupJfOYTaqNezA4TTXaLFL+7BbY8IFPYHE+t66K68DNbypr3Q8pP2ZCHE3YLS3RG+Ql2EYSGABKNbeRcipONYPvtsiZt4k44vCDRUC5DXdC6C9KeEjrLp5ycJYgdT+YqD34Rd89u/yjgvlo3Bcv0mhEO1sS4jaG3IRkZZsCoUEFSvQ\u003d\u003d" }

2022-11-17 06:56:18

(4) More

RESPONSE

CallPAREndpoint

HTTP response

response_status_code	201 CREATED
response_status_text	Created
response_headers	{ "content-length": "112", "content-type": "application/json;charset\u003dUTF-8", "date": "Thu, 17 Nov 2022 06:56:18 GMT", "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"", "cache-control": "no-store", "x-correlation-id": "CORR_ID-b1c08dd3-d92c-4399-88bf-0cf55bebab15", "strict-transport-security": "max-age\u003d31536000; includeSubDomains", "pragma": "no-cache", "set-cookie": "PD-S-SESSION-ID\u003d1_2_1_r7spWwkT2iLmS1ndVHZJmywN98VWXhcHFm1dQLv1z0ty5VFm; Path\u003d/; Secure; HttpOnly" }
response_body	{"expires_in":600,"request_uri":"urn:ietf:params:oauth:request_uri:DCF8PVM4in_K4e0eMG2rjnWvkFswx0V18VNVIdSQOt0"}

2022-11-17 06:56:18

(2) More

SUCCESS

PAR-2.1

CallPAREndpoint

Parsed pushed authorization request endpoint response

expires_in	600
request_uri	urn:ietf:params:oauth:request_uri:DCF8PVM4in_K4e0eMG2rjnWvkFswx0V18VNVIdSQOt0

2022-11-17 06:56:18	SUCCESS PAR-2.2 PAR-2.3	CheckPAREndpointResponse201WithNoError pushed authorization request endpoint correct response.

2022-11-17 06:56:18

(1) More

SUCCESS

PAR-2.2

CheckForRequestUriValue

Found valid request_uri

request_uri

urn:ietf:params:oauth:request_uri:DCF8PVM4in_K4e0eMG2rjnWvkFswx0V18VNVIdSQOt0

2022-11-17 06:56:18

(1) More

SUCCESS

PAR-2.2

CheckForPARResponseExpiresIn

Found expires_in

expires_in

2022-11-17 06:56:18	SUCCESS	ExtractRequestUriFromPARResponse Extracted the request_uri: urn:ietf:params:oauth:request_uri:DCF8PVM4in_K4e0eMG2rjnWvkFswx0V18VNVIdSQOt0

2022-11-17 06:56:18

(3) More

SUCCESS

PAR-7.1 PAR-2.2 JAR-10.2

EnsureMinimumRequestUriEntropy

Calculated shannon entropy seems sufficient

actual	389.9392046993797
expected	128.0
value	urn:ietf:params:oauth:request_uri:DCF8PVM4in_K4e0eMG2rjnWvkFswx0V18VNVIdSQOt0

2022-11-17 06:56:18

(1) More

SUCCESS

PAR-4

BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint

Sending to authorization endpoint

redirect_to_authorization_endpoint

https://isamfed.com:6443/isvaop/oauth2/authorize?request_uri=urn:ietf:params:oauth:request_uri:DCF8PVM4in_K4e0eMG2rjnWvkFswx0V18VNVIdSQOt0&client_id=client_mtls_jarm02&redirect_uri=https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1%3Dlorem%26dummy2%3Dipsum&scope=openid&response_type=code

2022-11-17 06:56:18

(1) More

REDIRECT

fapi1-advanced-final-user-rejects-authentication

Redirecting to authorization endpoint

redirect_to

https://isamfed.com:6443/isvaop/oauth2/authorize?request_uri=urn:ietf:params:oauth:request_uri:DCF8PVM4in_K4e0eMG2rjnWvkFswx0V18VNVIdSQOt0&client_id=client_mtls_jarm02&redirect_uri=https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1%3Dlorem%26dummy2%3Dipsum&scope=openid&response_type=code

2022-11-17 06:56:31

(11) More

INCOMING

fapi1-advanced-final-user-rejects-authentication

Incoming HTTP request to /test/a/ISVAOP/callback

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,/;q\u003d0.8", "accept-language": "en,fr;q\u003d0.8,et;q\u003d0.5,en-US;q\u003d0.3", "accept-encoding": "gzip, deflate, br", "referer": "https://isamfed.com:6443/", "cookie": "__utma\u003d201319536.734078888.1579071622.1667207731.1667786646.55; __utmz\u003d201319536.1666849630.50.24.utmcsr\u003dcertification.openid.net\|utmccn\u003d(referral)\|utmcmd\u003dreferral\|utmcct\u003d/; _ga\u003dGA1.2.734078888.1579071622; JSESSIONID\u003d01B78A29AD6DAAFAE7082842F0441C85", "upgrade-insecure-requests": "1", "sec-fetch-dest": "document", "sec-fetch-mode": "navigate", "sec-fetch-site": "cross-site", "sec-fetch-user": "?1", "connection": "close" }
incoming_path	/test/a/ISVAOP/callback
incoming_body_form_params
incoming_method	GET
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{ "dummy1": "lorem", "dummy2": "ipsum", "response": "eyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ5MCwiaWF0IjoxNjY4NjY4MTkwLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6IjYxMTgzNDBlLThlNmYtNGI2ZC05MDYyLWNlZTY5NmRkYWMyNCIsInN0YXRlIjoiMnRNWDZqWGRIcGdxamJqcFBGYmtTYTU4dDR0OVJITnBhc0c1UHBLQTdTV2NNRHVadTE5WkNGT0trTXRkREdsRW5NTXM3R3dHMEl3bHhMTDdBd1NhNDhZdkxaU2VWeDE4cjN5VFdUbzgwWEdJT0JWNkhLSXp2VjBKQWJvMjRaQVIifQ.uM34KTN7Y4tZc-KaC5jH2oM5rA1I_GOOpadoB1lvVgbvsvsm_R64QJV58-xRlqINpQe83_8LRImKDmzoIap4VyVM0KwvE9eAQk0N4Qqb3IGhh9Zk_pmmde57zkWkjBjzC-1JKuYR5Tr342qxP6GyYRCefGlZy7biP9MSCPBYWYH97b1wIaR-rGy9Vp5qlbuiJM7cp54pHqmC9c78rH2KXGmeXwjUTJQfroTwxo2VYzfqFYPe4W8fhcuKa_7wxzu10AbE3rbCRSNfbvFn2qdnd2q-MZt_EFqQdSBWorQ5DWwImmR7VZDjBk6FWQ3kitw9Au4B98BFWO2uS6hfTtbrSw" }
incoming_body
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_tls_cipher	ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json

2022-11-17 06:56:31

(1) More

SUCCESS

CreateRandomImplicitSubmitUrl

Created random implicit submission URL

implicit_submit

{
  "path": "implicit/TcBzpNGh5yw5vgBnycBe",
  "fullUrl": "https://www.certification.openid.net/test/a/ISVAOP/implicit/TcBzpNGh5yw5vgBnycBe"
}

2022-11-17 06:56:31

(2) More

OUTGOING

fapi1-advanced-final-user-rejects-authentication

Response to HTTP request to test instance hs79r6927Xu1PoH

outgoing

ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/ISVAOP/implicit/TcBzpNGh5yw5vgBnycBe, returnUrl=/log-detail.html?log=hs79r6927Xu1PoH}]

outgoing_path

callback

2022-11-17 06:56:31

(11) More

INCOMING

fapi1-advanced-final-user-rejects-authentication

Incoming HTTP request to /test/a/ISVAOP/implicit/TcBzpNGh5yw5vgBnycBe

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0", "accept": "/", "accept-language": "en,fr;q\u003d0.8,et;q\u003d0.5,en-US;q\u003d0.3", "accept-encoding": "gzip, deflate, br", "content-type": "text/plain", "x-requested-with": "XMLHttpRequest", "origin": "https://www.certification.openid.net", "referer": "https://www.certification.openid.net/test/a/ISVAOP/callback?dummy1\u003dlorem\u0026dummy2\u003dipsum\u0026response\u003deyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ5MCwiaWF0IjoxNjY4NjY4MTkwLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6IjYxMTgzNDBlLThlNmYtNGI2ZC05MDYyLWNlZTY5NmRkYWMyNCIsInN0YXRlIjoiMnRNWDZqWGRIcGdxamJqcFBGYmtTYTU4dDR0OVJITnBhc0c1UHBLQTdTV2NNRHVadTE5WkNGT0trTXRkREdsRW5NTXM3R3dHMEl3bHhMTDdBd1NhNDhZdkxaU2VWeDE4cjN5VFdUbzgwWEdJT0JWNkhLSXp2VjBKQWJvMjRaQVIifQ.uM34KTN7Y4tZc-KaC5jH2oM5rA1I_GOOpadoB1lvVgbvsvsm_R64QJV58-xRlqINpQe83_8LRImKDmzoIap4VyVM0KwvE9eAQk0N4Qqb3IGhh9Zk_pmmde57zkWkjBjzC-1JKuYR5Tr342qxP6GyYRCefGlZy7biP9MSCPBYWYH97b1wIaR-rGy9Vp5qlbuiJM7cp54pHqmC9c78rH2KXGmeXwjUTJQfroTwxo2VYzfqFYPe4W8fhcuKa_7wxzu10AbE3rbCRSNfbvFn2qdnd2q-MZt_EFqQdSBWorQ5DWwImmR7VZDjBk6FWQ3kitw9Au4B98BFWO2uS6hfTtbrSw", "cookie": "__utma\u003d201319536.734078888.1579071622.1667207731.1667786646.55; __utmz\u003d201319536.1666849630.50.24.utmcsr\u003dcertification.openid.net\|utmccn\u003d(referral)\|utmcmd\u003dreferral\|utmcct\u003d/; _ga\u003dGA1.2.734078888.1579071622; JSESSIONID\u003d01B78A29AD6DAAFAE7082842F0441C85", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "connection": "close", "content-length": "0" }
incoming_path	/test/a/ISVAOP/implicit/TcBzpNGh5yw5vgBnycBe
incoming_body_form_params
incoming_method	POST
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{}
incoming_body
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_tls_cipher	ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json

2022-11-17 06:56:31

(4) More

OUTGOING

fapi1-advanced-final-user-rejects-authentication

Response to HTTP request to test instance hs79r6927Xu1PoH

outgoing_status_code	204
outgoing_headers	{}
outgoing_body
outgoing_path	implicit/TcBzpNGh5yw5vgBnycBe

2022-11-17 06:56:31	SUCCESS	ExtractImplicitHashToCallbackResponse implicit_hash is empty

2022-11-17 06:56:31

(5) More

REDIRECT-IN

fapi1-advanced-final-user-rejects-authentication

Authorization endpoint response captured

url_query	{ "dummy1": "lorem", "dummy2": "ipsum", "response": "eyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ5MCwiaWF0IjoxNjY4NjY4MTkwLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6IjYxMTgzNDBlLThlNmYtNGI2ZC05MDYyLWNlZTY5NmRkYWMyNCIsInN0YXRlIjoiMnRNWDZqWGRIcGdxamJqcFBGYmtTYTU4dDR0OVJITnBhc0c1UHBLQTdTV2NNRHVadTE5WkNGT0trTXRkREdsRW5NTXM3R3dHMEl3bHhMTDdBd1NhNDhZdkxaU2VWeDE4cjN5VFdUbzgwWEdJT0JWNkhLSXp2VjBKQWJvMjRaQVIifQ.uM34KTN7Y4tZc-KaC5jH2oM5rA1I_GOOpadoB1lvVgbvsvsm_R64QJV58-xRlqINpQe83_8LRImKDmzoIap4VyVM0KwvE9eAQk0N4Qqb3IGhh9Zk_pmmde57zkWkjBjzC-1JKuYR5Tr342qxP6GyYRCefGlZy7biP9MSCPBYWYH97b1wIaR-rGy9Vp5qlbuiJM7cp54pHqmC9c78rH2KXGmeXwjUTJQfroTwxo2VYzfqFYPe4W8fhcuKa_7wxzu10AbE3rbCRSNfbvFn2qdnd2q-MZt_EFqQdSBWorQ5DWwImmR7VZDjBk6FWQ3kitw9Au4B98BFWO2uS6hfTtbrSw" }
headers	{ "host": "www.certification.openid.net", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,/;q\u003d0.8", "accept-language": "en,fr;q\u003d0.8,et;q\u003d0.5,en-US;q\u003d0.3", "accept-encoding": "gzip, deflate, br", "referer": "https://isamfed.com:6443/", "cookie": "__utma\u003d201319536.734078888.1579071622.1667207731.1667786646.55; __utmz\u003d201319536.1666849630.50.24.utmcsr\u003dcertification.openid.net\|utmccn\u003d(referral)\|utmcmd\u003dreferral\|utmcct\u003d/; _ga\u003dGA1.2.734078888.1579071622; JSESSIONID\u003d01B78A29AD6DAAFAE7082842F0441C85", "upgrade-insecure-requests": "1", "sec-fetch-dest": "document", "sec-fetch-mode": "navigate", "sec-fetch-site": "cross-site", "sec-fetch-user": "?1", "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256", "x-ssl-protocol": "TLSv1.2", "x-forwarded-proto": "https", "x-forwarded-port": "443", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
http_method	GET
url_fragment	{}
post_body

Second client: Verify authorization endpoint response

2022-11-17 06:56:31

(3) More

SUCCESS

FAPI1-ADV-5.2.3.2-1 JARM-4.3.4 JARM-4.3.1

ExtractJARMFromURLQuery

Found and parsed the jarm_response from callback_query_params

value	eyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ5MCwiaWF0IjoxNjY4NjY4MTkwLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6IjYxMTgzNDBlLThlNmYtNGI2ZC05MDYyLWNlZTY5NmRkYWMyNCIsInN0YXRlIjoiMnRNWDZqWGRIcGdxamJqcFBGYmtTYTU4dDR0OVJITnBhc0c1UHBLQTdTV2NNRHVadTE5WkNGT0trTXRkREdsRW5NTXM3R3dHMEl3bHhMTDdBd1NhNDhZdkxaU2VWeDE4cjN5VFdUbzgwWEdJT0JWNkhLSXp2VjBKQWJvMjRaQVIifQ.uM34KTN7Y4tZc-KaC5jH2oM5rA1I_GOOpadoB1lvVgbvsvsm_R64QJV58-xRlqINpQe83_8LRImKDmzoIap4VyVM0KwvE9eAQk0N4Qqb3IGhh9Zk_pmmde57zkWkjBjzC-1JKuYR5Tr342qxP6GyYRCefGlZy7biP9MSCPBYWYH97b1wIaR-rGy9Vp5qlbuiJM7cp54pHqmC9c78rH2KXGmeXwjUTJQfroTwxo2VYzfqFYPe4W8fhcuKa_7wxzu10AbE3rbCRSNfbvFn2qdnd2q-MZt_EFqQdSBWorQ5DWwImmR7VZDjBk6FWQ3kitw9Au4B98BFWO2uS6hfTtbrSw
header	{ "kid": "httpserverkey", "typ": "JWT", "alg": "PS256" }
claims	{ "aud": "client_mtls_jarm02", "error_description": "CSIAQ0180E The user did not consent to access the protected resource.", "iss": "https://isamfed.com:6443/isvaop/oauth2", "state": "2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR", "error": "access_denied", "exp": 1668668490, "iat": 1668668190, "jti": "6118340e-8e6f-4b6d-9062-cee696ddac24" }

2022-11-17 06:56:31	SUCCESS JARM-4.1	RejectNonJarmResponsesInUrlQuery Authorization endpoint response only includes the JARM JWT.

2022-11-17 06:56:31

(4) More

SUCCESS

ExtractAuthorizationEndpointResponseFromJARMResponse

Extracted the authorization response

error_description	CSIAQ0180E The user did not consent to access the protected resource.
iss	https://isamfed.com:6443/isvaop/oauth2
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR
error	access_denied

2022-11-17 06:56:31	SUCCESS JARM-4.4-5 JARM-4.4-4 JARM-4.4-3	ValidateJARMResponse JARM response standard JWT claims are valid

2022-11-17 06:56:31

(2) More

SUCCESS

FAPI1ValidateJarmSigningAlg

JARM response was signed with a permitted algorithm

permitted	[ "PS256", "ES256" ]
alg	PS256

2022-11-17 06:56:31

(2) More

SUCCESS

JARM-4.1

ValidateJARMExpRecommendations

JARM response 'exp' is less than 10 minutes

now	"Nov 17, 2022, 6:56:31 AM"
expiration	"Nov 17, 2022, 7:01:30 AM"

2022-11-17 06:56:31

(1) More

SUCCESS

JARM-4.4-6

ValidateJARMSignatureUsingKid

jarm_response signature validated

jarm_response

eyJhbGciOiJQUzI1NiIsImtpZCI6Imh0dHBzZXJ2ZXJrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJjbGllbnRfbXRsc19qYXJtMDIiLCJlcnJvciI6ImFjY2Vzc19kZW5pZWQiLCJlcnJvcl9kZXNjcmlwdGlvbiI6IkNTSUFRMDE4MEUgVGhlIHVzZXIgZGlkIG5vdCBjb25zZW50IHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlLiIsImV4cCI6MTY2ODY2ODQ5MCwiaWF0IjoxNjY4NjY4MTkwLCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjY0NDMvaXN2YW9wL29hdXRoMiIsImp0aSI6IjYxMTgzNDBlLThlNmYtNGI2ZC05MDYyLWNlZTY5NmRkYWMyNCIsInN0YXRlIjoiMnRNWDZqWGRIcGdxamJqcFBGYmtTYTU4dDR0OVJITnBhc0c1UHBLQTdTV2NNRHVadTE5WkNGT0trTXRkREdsRW5NTXM3R3dHMEl3bHhMTDdBd1NhNDhZdkxaU2VWeDE4cjN5VFdUbzgwWEdJT0JWNkhLSXp2VjBKQWJvMjRaQVIifQ.uM34KTN7Y4tZc-KaC5jH2oM5rA1I_GOOpadoB1lvVgbvsvsm_R64QJV58-xRlqINpQe83_8LRImKDmzoIap4VyVM0KwvE9eAQk0N4Qqb3IGhh9Zk_pmmde57zkWkjBjzC-1JKuYR5Tr342qxP6GyYRCefGlZy7biP9MSCPBYWYH97b1wIaR-rGy9Vp5qlbuiJM7cp54pHqmC9c78rH2KXGmeXwjUTJQfroTwxo2VYzfqFYPe4W8fhcuKa_7wxzu10AbE3rbCRSNfbvFn2qdnd2q-MZt_EFqQdSBWorQ5DWwImmR7VZDjBk6FWQ3kitw9Au4B98BFWO2uS6hfTtbrSw

2022-11-17 06:56:31	SUCCESS OIDCC-3.3.2.5	RejectAuthCodeInUrlQuery Authorization code is not present in URL query returned from authorization endpoint

2022-11-17 06:56:31

(1) More

SUCCESS

CheckStateInAuthorizationResponse

State in response correctly returned

state

2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR

2022-11-17 06:56:31

(4) More

SUCCESS

OIDCC-3.1.2.6

EnsureErrorFromAuthorizationEndpointResponse

Authorization endpoint returned an error

error_description	CSIAQ0180E The user did not consent to access the protected resource.
iss	https://isamfed.com:6443/isvaop/oauth2
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR
error	access_denied

2022-11-17 06:56:31

(4) More

SUCCESS

OIDCC-3.1.2.6

CheckForUnexpectedParametersInErrorResponseFromAuthorizationEndpoint

error response includes only expected parameters

error_description	CSIAQ0180E The user did not consent to access the protected resource.
iss	https://isamfed.com:6443/isvaop/oauth2
state	2tMX6jXdHpgqjbjpPFbkSa58t4t9RHNpasG5PpKA7SWcMDuZu19ZCFOKkMtdDGlEnMMs7GwG0IwlxLL7AwSa48YvLZSeVx18r3yTWTo80XGIOBV6HKIzvV0JAbo24ZAR
error	access_denied

2022-11-17 06:56:31	SUCCESS RFC6749-4.1.2.1 OIDCC-3.1.2.6	ExpectAccessDeniedErrorFromAuthorizationEndpointDueToUserRejectingRequest error parameter is correctly 'access_denied'

2022-11-17 06:56:31

(2) More

SUCCESS

CheckMatchingCallbackParameters

Callback parameters successfully verified

dummy1	lorem
dummy2	ipsum

2022-11-17 06:56:31

(1) More

FINISHED

fapi1-advanced-final-user-rejects-authentication

Test has run to completion

testmodule_result

PASSED

2022-11-17 06:56:40

(2) More

TEST-RUNNER

Alias has now been claimed by another test

alias	ISVAOP
new_test_id	ATIpa3ErYIlqyGK

Test Summary

Test Results