Test Summary

Test Results

Expand All Collapse All
All times are UTC
2022-11-16 08:03:34 INFO
TEST-RUNNER
Test instance DtfaXCFsT3dYoYf created
baseUrl
https://www.certification.openid.net/test/a/NC7000-3A-OC
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "by_value",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
NC7000-3A-OC
description
NC7000-3A-OC FAPI Final Conformance Test No2
planId
xNdNcYA4T9Voz
config
{
  "alias": "NC7000-3A-OC",
  "description": "NC7000-3A-OC FAPI Final Conformance Test No2",
  "server": {
    "discoveryUrl": "https://3a-rplib-test3.cloud-idauth.com/sso/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "OIDFCERT0001",
    "scope": "openid SCOPE0002 offline_access",
    "client_secret": "confidencial_client_es256_0003",
    "client_secret_jwt_alg": "HS256",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "alg": "ES256",
          "crv": "P-256",
          "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
          "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
          "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
          "kid": "kid2019040100008"
        }
      ]
    }
  },
  "resource": {
    "resourceUrl": "https://3a-rplib-test3.cloud-idauth.com/sso/accounts"
  },
  "client2": {
    "client_id": "OIDFCERT0002",
    "scope": "openid SCOPE0002 offline_access",
    "client_secret": "confidencial_client_es256_0004",
    "client_secret_jwt_alg": "HS256",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "alg": "ES256",
          "crv": "P-256",
          "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
          "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
          "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
          "kid": "kid2019040100009"
        }
      ]
    }
  },
  "mtls": {
    "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
    "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
  },
  "mtls2": {
    "cert": "MIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05FQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4XDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAKBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3w/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmOLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5Hv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2ATiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNOD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZYkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/wGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0dD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH41LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg\u003d\u003d",
    "key": "MIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCOY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3JyVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsdj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXALxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVYpLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfFJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFquf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvbk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3nHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiueG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6YZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDBviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0UWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMYChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0cFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FCTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehpcg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCzDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU\u003d"
  },
  "consent": {}
}
testName
fapi1-advanced-final-state-only-outside-request-object-not-used
2022-11-16 08:03:34 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
2022-11-16 08:03:34
GetDynamicServerConfiguration
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/sso/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-11-16 08:03:39 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Wed, 16 Nov 2022 08:03:35 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "2762",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"request_parameter_supported":true,"pushed_authorization_request_endpoint":"https://3a-rplib-test3.cloud-idauth.com/sso/PushedAuthorizationRequestEndpoint/","claims_parameter_supported":true,"scopes_supported":["openid","SCOPE0001","SCOPE0002"],"issuer":"https://3a-rplib-test3.cloud-idauth.com/sso/","id_token_encryption_enc_values_supported":["A128CBC-HS256","A256CBC-HS512"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A256CBC-HS512"],"authorization_endpoint":"https://3a-rplib-test3.cloud-idauth.com/sso/AuthorizationEndpoint/","request_object_encryption_enc_values_supported":["none","A128CBC-HS256","A256CBC-HS512"],"authorization_encryption_alg_values_supported":["RSA1_5","A128KW","A256KW"],"display_values_supported":["page","popup","touch","wap"],"userinfo_signing_alg_values_supported":["none","HS256","RS256","ES256","ES512"],"claims_supported":["id_token","acr"],"require_pushed_authorization_requests":false,"claim_types_supported":["normal"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt","tls_client_auth","self_signed_tls_client_auth"],"tls_client_certificate_bound_access_tokens":true,"response_modes_supported":["query.jwt","fragment.jwt","form_post.jwt","jwt","query","fragment"],"token_endpoint":"https://3a-rplib-test3.cloud-idauth.com/sso/TokenEndpoint/","response_types_supported":["code","id_token token","id_token","code id_token","code id_token token"],"authorization_encryption_enc_values_supported":["A128CBC-HS256","A256CBC-HS512"],"request_uri_parameter_supported":true,"userinfo_encryption_alg_values_supported":["RSA1_5","A128KW","A256KW"],"grant_types_supported":["authorization_code","refresh_token","password","urn:ietf:params:oauth:grant-type:uma-ticket","client_credentials","urn:ietf:params:oauth:grant-type:device_code","urn:openid:params:grant-type:ciba"],"ui_locales_supported":["en-US","en-GB","en-CA","fr-FR","fr-CA"],"userinfo_endpoint":"https://3a-rplib-test3.cloud-idauth.com/sso/UserInfoEndpoint/","token_endpoint_auth_signing_alg_values_supported":["none","HS256","RS256","ES256"],"require_request_uri_registration":true,"id_token_encryption_alg_values_supported":["RSA1_5","A128KW","A256KW"],"jwks_uri":"https://3a-rplib-test3.cloud-idauth.com/sso/JwksEndpoint/","subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["none","HS256","RS256","ES256","ES512"],"authorization_signing_alg_values_supported":["none","HS256","RS256","ES256","ES512"],"claims_locales_supported":["en-US","en-GB","en-CA","fr-FR","fr-CA"],"request_object_signing_alg_values_supported":["none","HS256","RS256","ES256","ES512"],"request_object_encryption_alg_values_supported":["none","RSA1_5","A128KW","A256KW"]}
2022-11-16 08:03:39 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
request_parameter_supported
true
pushed_authorization_request_endpoint
https://3a-rplib-test3.cloud-idauth.com/sso/PushedAuthorizationRequestEndpoint/
claims_parameter_supported
true
scopes_supported
[
  "openid",
  "SCOPE0001",
  "SCOPE0002"
]
issuer
https://3a-rplib-test3.cloud-idauth.com/sso/
id_token_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A256CBC-HS512"
]
userinfo_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A256CBC-HS512"
]
authorization_endpoint
https://3a-rplib-test3.cloud-idauth.com/sso/AuthorizationEndpoint/
request_object_encryption_enc_values_supported
[
  "none",
  "A128CBC-HS256",
  "A256CBC-HS512"
]
authorization_encryption_alg_values_supported
[
  "RSA1_5",
  "A128KW",
  "A256KW"
]
display_values_supported
[
  "page",
  "popup",
  "touch",
  "wap"
]
userinfo_signing_alg_values_supported
[
  "none",
  "HS256",
  "RS256",
  "ES256",
  "ES512"
]
claims_supported
[
  "id_token",
  "acr"
]
require_pushed_authorization_requests
false
claim_types_supported
[
  "normal"
]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt",
  "tls_client_auth",
  "self_signed_tls_client_auth"
]
tls_client_certificate_bound_access_tokens
true
response_modes_supported
[
  "query.jwt",
  "fragment.jwt",
  "form_post.jwt",
  "jwt",
  "query",
  "fragment"
]
token_endpoint
https://3a-rplib-test3.cloud-idauth.com/sso/TokenEndpoint/
response_types_supported
[
  "code",
  "id_token token",
  "id_token",
  "code id_token",
  "code id_token token"
]
authorization_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A256CBC-HS512"
]
request_uri_parameter_supported
true
userinfo_encryption_alg_values_supported
[
  "RSA1_5",
  "A128KW",
  "A256KW"
]
grant_types_supported
[
  "authorization_code",
  "refresh_token",
  "password",
  "urn:ietf:params:oauth:grant-type:uma-ticket",
  "client_credentials",
  "urn:ietf:params:oauth:grant-type:device_code",
  "urn:openid:params:grant-type:ciba"
]
ui_locales_supported
[
  "en-US",
  "en-GB",
  "en-CA",
  "fr-FR",
  "fr-CA"
]
userinfo_endpoint
https://3a-rplib-test3.cloud-idauth.com/sso/UserInfoEndpoint/
token_endpoint_auth_signing_alg_values_supported
[
  "none",
  "HS256",
  "RS256",
  "ES256"
]
require_request_uri_registration
true
id_token_encryption_alg_values_supported
[
  "RSA1_5",
  "A128KW",
  "A256KW"
]
jwks_uri
https://3a-rplib-test3.cloud-idauth.com/sso/JwksEndpoint/
subject_types_supported
[
  "public",
  "pairwise"
]
id_token_signing_alg_values_supported
[
  "none",
  "HS256",
  "RS256",
  "ES256",
  "ES512"
]
authorization_signing_alg_values_supported
[
  "none",
  "HS256",
  "RS256",
  "ES256",
  "ES512"
]
claims_locales_supported
[
  "en-US",
  "en-GB",
  "en-CA",
  "fr-FR",
  "fr-CA"
]
request_object_signing_alg_values_supported
[
  "none",
  "HS256",
  "RS256",
  "ES256",
  "ES512"
]
request_object_encryption_alg_values_supported
[
  "none",
  "RSA1_5",
  "A128KW",
  "A256KW"
]
2022-11-16 08:03:39 SUCCESS
AddMTLSEndpointAliasesToEnvironment
Added mtls_endpoint_aliases to environment
2022-11-16 08:03:39 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2022-11-16 08:03:39
FetchServerKeys
Fetching server key
jwks_uri
https://3a-rplib-test3.cloud-idauth.com/sso/JwksEndpoint/
2022-11-16 08:03:39
FetchServerKeys
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/sso/JwksEndpoint/
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-11-16 08:03:40 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Wed, 16 Nov 2022 08:03:40 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d957D9CB1FC639838281C752F70A8A199; Path\u003d/sso; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "232",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body

{"keys":
  [
    {
      "kty":"EC",
      "crv":"P-256",
      "x":"ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y":"AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid":"kid2019040100001"
    }
  ]
}
2022-11-16 08:03:40
FetchServerKeys
Found JWK set string
jwk_string

{"keys":
  [
    {
      "kty":"EC",
      "crv":"P-256",
      "x":"ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y":"AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid":"kid2019040100001"
    }
  ]
}
2022-11-16 08:03:40 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2022-11-16 08:03:40 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2022-11-16 08:03:40 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2022-11-16 08:03:40 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2022-11-16 08:03:40 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2022-11-16 08:03:40 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2022-11-16 08:03:40 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
OIDFCERT0001
scope
openid SCOPE0002 offline_access
client_secret
confidencial_client_es256_0003
client_secret_jwt_alg
HS256
jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
2022-11-16 08:03:40
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2022-11-16 08:03:40 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2022-11-16 08:03:40
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2022-11-16 08:03:40 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg==
key
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg=
2022-11-16 08:03:40 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2022-11-16 08:03:40 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "kid": "kid2019040100008",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "alg": "ES256"
    }
  ]
}
2022-11-16 08:03:40 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2022-11-16 08:03:40 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-11-16 08:03:40 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "PS256",
  "ES256"
]
2022-11-16 08:03:40 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
2022-11-16 08:03:40 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
Verify configuration of second client
2022-11-16 08:03:40 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
OIDFCERT0002
scope
openid SCOPE0002 offline_access
client_secret
confidencial_client_es256_0004
client_secret_jwt_alg
HS256
jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
2022-11-16 08:03:40
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
2022-11-16 08:03:40 SUCCESS
ValidateMTLSCertificates2Header
MTLS certificates header is valid
2022-11-16 08:03:40
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
2022-11-16 08:03:40 SUCCESS
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05FQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4XDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAKBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3w/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmOLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5Hv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2ATiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNOD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZYkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/wGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0dD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH41LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg==
key
MIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCOY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3JyVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsdj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXALxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVYpLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfFJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFquf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvbk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3nHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiueG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6YZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDBviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0UWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMYChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0cFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FCTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehpcg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCzDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU=
2022-11-16 08:03:40 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2022-11-16 08:03:40 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "kid": "kid2019040100009",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "alg": "ES256"
    }
  ]
}
2022-11-16 08:03:40 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2022-11-16 08:03:40 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-11-16 08:03:40 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "PS256",
  "ES256"
]
2022-11-16 08:03:40 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
2022-11-16 08:03:40 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2022-11-16 08:03:40 SUCCESS
ValidateClientPrivateKeysAreDifferent
Client signing JWKs have different thumbprints
jwk1
{
  "kty": "EC",
  "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
  "crv": "P-256",
  "kid": "kid2019040100008",
  "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
  "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
  "alg": "ES256"
}
jwk2
{
  "kty": "EC",
  "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
  "crv": "P-256",
  "kid": "kid2019040100009",
  "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
  "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
  "alg": "ES256"
}
2022-11-16 08:03:40 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://3a-rplib-test3.cloud-idauth.com/sso/accounts
2022-11-16 08:03:40 SUCCESS
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
protected_resource_url
https://3a-rplib-test3.cloud-idauth.com/sso/accounts
2022-11-16 08:03:40 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
2022-11-16 08:03:40 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
accounts_request_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
2022-11-16 08:03:40
fapi1-advanced-final-state-only-outside-request-object-not-used
Setup Done
Make request to authorization endpoint
2022-11-16 08:03:40 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
OIDFCERT0001
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
2022-11-16 08:03:40 SUCCESS
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
authorization_endpoint_request
{
  "client_id": "OIDFCERT0001",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}
2022-11-16 08:03:40
CreateRandomStateValue
Created state value
requested_state_length
10
state
IA9zbpD6Bn
2022-11-16 08:03:40
AddStateToAuthorizationEndpointRequest
NOT adding state to request object
2022-11-16 08:03:40
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
WcyJzpZD9u
2022-11-16 08:03:40 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
OIDFCERT0001
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
nonce
WcyJzpZD9u
2022-11-16 08:03:40 SUCCESS
SetAuthorizationEndpointRequestResponseTypeToCode
Added response_type parameter to request
client_id
OIDFCERT0001
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
nonce
WcyJzpZD9u
response_type
code
2022-11-16 08:03:40 SUCCESS
SetAuthorizationEndpointRequestResponseModeToJWT
Added response_mode parameter to request
client_id
OIDFCERT0001
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
nonce
WcyJzpZD9u
response_type
code
response_mode
jwt
2022-11-16 08:03:40 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "client_id": "OIDFCERT0001",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "nonce": "WcyJzpZD9u",
  "response_type": "code",
  "response_mode": "jwt"
}
2022-11-16 08:03:40 SUCCESS
AddNbfToRequestObject
Added nbf to request object claims
nbf
1.66858582E9
2022-11-16 08:03:40 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.66858612E9
2022-11-16 08:03:40 SUCCESS
AddAudToRequestObject
Added aud to request object claims
aud
https://3a-rplib-test3.cloud-idauth.com/sso/
2022-11-16 08:03:40 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
OIDFCERT0001
2022-11-16 08:03:40 SUCCESS
AddClientIdToRequestObject
Added client_id to request object claims
client_id
OIDFCERT0001
2022-11-16 08:03:40 SUCCESS
SignRequestObject
Signed the request object
claims
{
  "aud": "https://3a-rplib-test3.cloud-idauth.com/sso/",
  "nbf": 1668585820,
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "iss": "OIDFCERT0001",
  "response_type": "code",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "exp": 1668586120,
  "nonce": "WcyJzpZD9u",
  "client_id": "OIDFCERT0001",
  "response_mode": "jwt"
}
header
{
  "kid": "kid2019040100008",
  "alg": "ES256"
}
request_object
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvc3NvXC8iLCJuYmYiOjE2Njg1ODU4MjAsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDEiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwiZXhwIjoxNjY4NTg2MTIwLCJub25jZSI6IldjeUp6cFpEOXUiLCJjbGllbnRfaWQiOiJPSURGQ0VSVDAwMDEiLCJyZXNwb25zZV9tb2RlIjoiand0In0.Kvcd3Z_z_xf77ShGzrfWqLcudcefgkzJJhBkNezwuRmCNk4jF2Tgvgj7PXRBIiTvfS4PYdDX47uv6ItD2g__QA
key
{
  "kty": "EC",
  "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
  "crv": "P-256",
  "kid": "kid2019040100008",
  "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
  "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
  "alg": "ES256"
}
2022-11-16 08:03:40 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
OIDFCERT0001
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
nonce
WcyJzpZD9u
response_type
code
response_mode
jwt
state
IA9zbpD6Bn
2022-11-16 08:03:40 SUCCESS
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://3a-rplib-test3.cloud-idauth.com/sso/AuthorizationEndpoint/?request=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvc3NvXC8iLCJuYmYiOjE2Njg1ODU4MjAsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDEiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwiZXhwIjoxNjY4NTg2MTIwLCJub25jZSI6IldjeUp6cFpEOXUiLCJjbGllbnRfaWQiOiJPSURGQ0VSVDAwMDEiLCJyZXNwb25zZV9tb2RlIjoiand0In0.Kvcd3Z_z_xf77ShGzrfWqLcudcefgkzJJhBkNezwuRmCNk4jF2Tgvgj7PXRBIiTvfS4PYdDX47uv6ItD2g__QA&client_id=OIDFCERT0001&redirect_uri=https://www.certification.openid.net/test/a/NC7000-3A-OC/callback&scope=openid%20SCOPE0002%20offline_access&response_type=code&state=IA9zbpD6Bn
2022-11-16 08:03:40 REDIRECT
fapi1-advanced-final-state-only-outside-request-object-not-used
Redirecting to authorization endpoint
redirect_to
https://3a-rplib-test3.cloud-idauth.com/sso/AuthorizationEndpoint/?request=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvc3NvXC8iLCJuYmYiOjE2Njg1ODU4MjAsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDEiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwiZXhwIjoxNjY4NTg2MTIwLCJub25jZSI6IldjeUp6cFpEOXUiLCJjbGllbnRfaWQiOiJPSURGQ0VSVDAwMDEiLCJyZXNwb25zZV9tb2RlIjoiand0In0.Kvcd3Z_z_xf77ShGzrfWqLcudcefgkzJJhBkNezwuRmCNk4jF2Tgvgj7PXRBIiTvfS4PYdDX47uv6ItD2g__QA&client_id=OIDFCERT0001&redirect_uri=https://www.certification.openid.net/test/a/NC7000-3A-OC/callback&scope=openid%20SCOPE0002%20offline_access&response_type=code&state=IA9zbpD6Bn
2022-11-16 08:03:40 REVIEW
ExpectRequestObjectMissingStateErrorPage
If the server does not return an invalid_request_object error back to the client, it must show an error page saying the request object is invalid as it is missing the 'state' claim - upload a screenshot of the error page.
image_no_longer_required
true
2022-11-16 08:03:46 INCOMING
fapi1-advanced-final-state-only-outside-request-object-not-used
Incoming HTTP request to /test/a/NC7000-3A-OC/callback
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "JSESSIONID\u003dC1311EBCD3E1333B1BCF322786F79A1C",
  "connection": "close"
}
incoming_path
/test/a/NC7000-3A-OC/callback
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{
  "response": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJhdWQiOiJPSURGQ0VSVDAwMDEiLCJjb2RlIjoiZEdaeTBjazZGV2IxbjFrS2FpbXR4V0poRUlMNEdqM2kiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvc3NvXC8iLCJleHAiOjE2Njg1ODY0MjZ9.OUtcADM1w-eE0FRXwMR2roHEPgajgSbWuNpOMlBbz0-0kod4cjq5Zr9uSSz47WUdX_Y7g1cp408O2ITnKf9gmw"
}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES256-GCM-SHA384
incoming_body_json
2022-11-16 08:03:46 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/4IXpXB1ESG4zRWniPbSH",
  "fullUrl": "https://www.certification.openid.net/test/a/NC7000-3A-OC/implicit/4IXpXB1ESG4zRWniPbSH"
}
2022-11-16 08:03:46 OUTGOING
fapi1-advanced-final-state-only-outside-request-object-not-used
Response to HTTP request to test instance DtfaXCFsT3dYoYf
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/NC7000-3A-OC/implicit/4IXpXB1ESG4zRWniPbSH, returnUrl=/log-detail.html?log=DtfaXCFsT3dYoYf}]
outgoing_path
callback
2022-11-16 08:03:47 INCOMING
fapi1-advanced-final-state-only-outside-request-object-not-used
Incoming HTTP request to /test/a/NC7000-3A-OC/implicit/4IXpXB1ESG4zRWniPbSH
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "accept": "*/*",
  "content-type": "text/plain",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "sec-ch-ua-platform": "\"Windows\"",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?response\u003deyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJhdWQiOiJPSURGQ0VSVDAwMDEiLCJjb2RlIjoiZEdaeTBjazZGV2IxbjFrS2FpbXR4V0poRUlMNEdqM2kiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvc3NvXC8iLCJleHAiOjE2Njg1ODY0MjZ9.OUtcADM1w-eE0FRXwMR2roHEPgajgSbWuNpOMlBbz0-0kod4cjq5Zr9uSSz47WUdX_Y7g1cp408O2ITnKf9gmw",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "JSESSIONID\u003dC1311EBCD3E1333B1BCF322786F79A1C",
  "connection": "close",
  "content-length": "0"
}
incoming_path
/test/a/NC7000-3A-OC/implicit/4IXpXB1ESG4zRWniPbSH
incoming_body_form_params
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES256-GCM-SHA384
incoming_body_json
2022-11-16 08:03:47 OUTGOING
fapi1-advanced-final-state-only-outside-request-object-not-used
Response to HTTP request to test instance DtfaXCFsT3dYoYf
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/4IXpXB1ESG4zRWniPbSH
2022-11-16 08:03:47 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2022-11-16 08:03:47 REDIRECT-IN
fapi1-advanced-final-state-only-outside-request-object-not-used
Authorization endpoint response captured
url_query
{
  "response": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJhdWQiOiJPSURGQ0VSVDAwMDEiLCJjb2RlIjoiZEdaeTBjazZGV2IxbjFrS2FpbXR4V0poRUlMNEdqM2kiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvc3NvXC8iLCJleHAiOjE2Njg1ODY0MjZ9.OUtcADM1w-eE0FRXwMR2roHEPgajgSbWuNpOMlBbz0-0kod4cjq5Zr9uSSz47WUdX_Y7g1cp408O2ITnKf9gmw"
}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "JSESSIONID\u003dC1311EBCD3E1333B1BCF322786F79A1C",
  "connection": "close",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-proto": "https",
  "x-forwarded-port": "443",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Verify authorization endpoint response
2022-11-16 08:03:47 SUCCESS
ExtractJARMFromURLQuery
Found and parsed the jarm_response from callback_query_params
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJhdWQiOiJPSURGQ0VSVDAwMDEiLCJjb2RlIjoiZEdaeTBjazZGV2IxbjFrS2FpbXR4V0poRUlMNEdqM2kiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvc3NvXC8iLCJleHAiOjE2Njg1ODY0MjZ9.OUtcADM1w-eE0FRXwMR2roHEPgajgSbWuNpOMlBbz0-0kod4cjq5Zr9uSSz47WUdX_Y7g1cp408O2ITnKf9gmw
header
{
  "kid": "kid2019040100001",
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "aud": "OIDFCERT0001",
  "code": "dGZy0ck6FWb1n1kKaimtxWJhEIL4Gj3i",
  "iss": "https://3a-rplib-test3.cloud-idauth.com/sso/",
  "exp": 1668586426
}
2022-11-16 08:03:47 SUCCESS
RejectNonJarmResponsesInUrlQuery
Authorization endpoint response only includes the JARM JWT.
2022-11-16 08:03:47 SUCCESS
ExtractAuthorizationEndpointResponseFromJARMResponse
Extracted the authorization response
code
dGZy0ck6FWb1n1kKaimtxWJhEIL4Gj3i
iss
https://3a-rplib-test3.cloud-idauth.com/sso/
2022-11-16 08:03:47 SUCCESS
ValidateJARMResponse
JARM response standard JWT claims are valid
2022-11-16 08:03:47 SUCCESS
FAPI1ValidateJarmSigningAlg
JARM response was signed with a permitted algorithm
permitted
[
  "PS256",
  "ES256"
]
alg
ES256
2022-11-16 08:03:47 SUCCESS
ValidateJARMExpRecommendations
JARM response 'exp' is less than 10 minutes
now
"Nov 16, 2022, 8:03:47 AM"
expiration
"Nov 16, 2022, 8:13:46 AM"
2022-11-16 08:03:47 SUCCESS
ValidateJARMSignatureUsingKid
jarm_response signature validated
jarm_response
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJhdWQiOiJPSURGQ0VSVDAwMDEiLCJjb2RlIjoiZEdaeTBjazZGV2IxbjFrS2FpbXR4V0poRUlMNEdqM2kiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvc3NvXC8iLCJleHAiOjE2Njg1ODY0MjZ9.OUtcADM1w-eE0FRXwMR2roHEPgajgSbWuNpOMlBbz0-0kod4cjq5Zr9uSSz47WUdX_Y7g1cp408O2ITnKf9gmw
2022-11-16 08:03:47 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2022-11-16 08:03:47 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2022-11-16 08:03:47 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2022-11-16 08:03:47 SUCCESS
VerifyNoStateInAuthorizationResponse
Authorization endpoint response is correctly missing 'state'
2022-11-16 08:03:47 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
dGZy0ck6FWb1n1kKaimtxWJhEIL4Gj3i
2022-11-16 08:03:47 SUCCESS
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
actual
256
required
128
2022-11-16 08:03:47 SUCCESS
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
actual
150.0
expected
96.0
value
dGZy0ck6FWb1n1kKaimtxWJhEIL4Gj3i
Call token endpoint
2022-11-16 08:03:47 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
grant_type
authorization_code
code
dGZy0ck6FWb1n1kKaimtxWJhEIL4Gj3i
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
2022-11-16 08:03:47
AddClientIdToTokenEndpointRequest
grant_type
authorization_code
code
dGZy0ck6FWb1n1kKaimtxWJhEIL4Gj3i
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
client_id
OIDFCERT0001
2022-11-16 08:03:47
CallTokenEndpoint
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/sso/TokenEndpoint/
request_method
POST
request_headers
{
  "accept": "application/json",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "183"
}
request_body
grant_type=authorization_code&code=dGZy0ck6FWb1n1kKaimtxWJhEIL4Gj3i&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2FNC7000-3A-OC%2Fcallback&client_id=OIDFCERT0001
request_mutual_tls
{
  "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
  "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
}
2022-11-16 08:03:48 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Wed, 16 Nov 2022 08:03:47 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d4B4621E6D9901D866FD1EFAF60D2D804; Path\u003d/sso; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "628",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"57zt9IC262K2Skd9lZ9fM2Bk6wVRzip2","refresh_token":"DOWmjlDYzz6k95sVee8SVCuYca43Adzc","scope":"SCOPE0002","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAxIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMSIsImFtciI6WyJBVVRIX09QIl0sImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9zc29cLyIsImV4cCI6MTY2ODU4OTQyOCwiaWF0IjoxNjY4NTg1ODI4LCJub25jZSI6IldjeUp6cFpEOXUifQ.Ehv_b375TjNotjbB7ZzjN5ijTWCVmKD26X03VjbB4NaMNTZCTn-O2_iqZnjpy0WpMsW11Ftsj1kT-06SAVJBXQ","token_type":"Bearer","expires_in":3600}
2022-11-16 08:03:48 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
57zt9IC262K2Skd9lZ9fM2Bk6wVRzip2
refresh_token
DOWmjlDYzz6k95sVee8SVCuYca43Adzc
scope
SCOPE0002
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAxIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMSIsImFtciI6WyJBVVRIX09QIl0sImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9zc29cLyIsImV4cCI6MTY2ODU4OTQyOCwiaWF0IjoxNjY4NTg1ODI4LCJub25jZSI6IldjeUp6cFpEOXUifQ.Ehv_b375TjNotjbB7ZzjN5ijTWCVmKD26X03VjbB4NaMNTZCTn-O2_iqZnjpy0WpMsW11Ftsj1kT-06SAVJBXQ
token_type
Bearer
expires_in
3600
Verify token endpoint response
2022-11-16 08:03:48 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2022-11-16 08:03:48 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
57zt9IC262K2Skd9lZ9fM2Bk6wVRzip2
2022-11-16 08:03:48 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
57zt9IC262K2Skd9lZ9fM2Bk6wVRzip2
type
Bearer
2022-11-16 08:03:48 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
3600
2022-11-16 08:03:48 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
3600
2022-11-16 08:03:48 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
DOWmjlDYzz6k95sVee8SVCuYca43Adzc
2022-11-16 08:03:48 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
256
required
128
2022-11-16 08:03:48 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
145.24511249783654
expected
96.0
value
DOWmjlDYzz6k95sVee8SVCuYca43Adzc
2022-11-16 08:03:48 SUCCESS
EnsureMinimumAccessTokenLength
Access token is of sufficient length
actual
256
required
128
2022-11-16 08:03:48 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
137.6354720233997
expected
96.0
value
57zt9IC262K2Skd9lZ9fM2Bk6wVRzip2
2022-11-16 08:03:48 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAxIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMSIsImFtciI6WyJBVVRIX09QIl0sImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9zc29cLyIsImV4cCI6MTY2ODU4OTQyOCwiaWF0IjoxNjY4NTg1ODI4LCJub25jZSI6IldjeUp6cFpEOXUifQ.Ehv_b375TjNotjbB7ZzjN5ijTWCVmKD26X03VjbB4NaMNTZCTn-O2_iqZnjpy0WpMsW11Ftsj1kT-06SAVJBXQ
header
{
  "kid": "kid2019040100001",
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "sub": "1",
  "aud": "OIDFCERT0001",
  "acr": "urn:mace:incommon:iap:silver",
  "azp": "OIDFCERT0001",
  "amr": [
    "AUTH_OP"
  ],
  "iss": "https://3a-rplib-test3.cloud-idauth.com/sso/",
  "exp": 1668589428,
  "iat": 1668585828,
  "nonce": "WcyJzpZD9u"
}
2022-11-16 08:03:48 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2022-11-16 08:03:48
ValidateIdTokenStandardClaims
sub is a string with content
2022-11-16 08:03:48 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2022-11-16 08:03:48 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
WcyJzpZD9u
2022-11-16 08:03:48 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
actual
urn:mace:incommon:iap:silver
requested
[
  "urn:mace:incommon:iap:silver"
]
2022-11-16 08:03:48 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAxIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMSIsImFtciI6WyJBVVRIX09QIl0sImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9zc29cLyIsImV4cCI6MTY2ODU4OTQyOCwiaWF0IjoxNjY4NTg1ODI4LCJub25jZSI6IldjeUp6cFpEOXUifQ.Ehv_b375TjNotjbB7ZzjN5ijTWCVmKD26X03VjbB4NaMNTZCTn-O2_iqZnjpy0WpMsW11Ftsj1kT-06SAVJBXQ
2022-11-16 08:03:48 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZDIwMTkwNDAxMDAwMDEifQ.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAxIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMSIsImFtciI6WyJBVVRIX09QIl0sImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9zc29cLyIsImV4cCI6MTY2ODU4OTQyOCwiaWF0IjoxNjY4NTg1ODI4LCJub25jZSI6IldjeUp6cFpEOXUifQ.Ehv_b375TjNotjbB7ZzjN5ijTWCVmKD26X03VjbB4NaMNTZCTn-O2_iqZnjpy0WpMsW11Ftsj1kT-06SAVJBXQ
2022-11-16 08:03:48 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
1
2022-11-16 08:03:48
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2022-11-16 08:03:48 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2022-11-16 08:03:48 SUCCESS
EnsureIdTokenContainsKid
kid was found in the ID token header
kid
kid2019040100001
2022-11-16 08:03:48 SUCCESS
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
permitted
[
  "PS256",
  "ES256"
]
alg
ES256
2022-11-16 08:03:48 INFO
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2022-11-16 08:03:48 INFO
ExtractCHash
Couldn't find c_hash in ID token
2022-11-16 08:03:48 INFO
ExtractSHash
Couldn't find s_hash in ID token
2022-11-16 08:03:48 INFO
ExtractAtHash
Couldn't find at_hash in ID token
2022-11-16 08:03:48 INFO
ValidateCHash
Skipped evaluation due to missing required object: c_hash
expected
c_hash
mapped
2022-11-16 08:03:48 INFO
ValidateSHash
Skipped evaluation due to missing required object: s_hash
expected
s_hash
mapped
2022-11-16 08:03:48 INFO
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
expected
at_hash
mapped
Resource server endpoint tests
2022-11-16 08:03:48
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
resource_endpoint_request_headers
{}
2022-11-16 08:03:48 SUCCESS
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
resource_endpoint_request_headers
{
  "x-fapi-auth-date": "Wed, 16 Nov 2022 08:03:48 GMT"
}
2022-11-16 08:03:48
AddIpV4FapiCustomerIpAddressToResourceEndpointRequest
Added x-fapi-customer-ip-address containing IPv4 address to resource endpoint request headers
resource_endpoint_request_headers
{
  "x-fapi-auth-date": "Wed, 16 Nov 2022 08:03:48 GMT",
  "x-fapi-customer-ip-address": "198.51.100.119"
}
2022-11-16 08:03:48
CreateRandomFAPIInteractionId
Created interaction ID
fapi_interaction_id
abc31902-d813-4696-997e-e92dfca8fefe
2022-11-16 08:03:48 SUCCESS
AddFAPIInteractionIdToResourceEndpointRequest
Added x-fapi-interaction-id to resource endpoint request headers
resource_endpoint_request_headers
{
  "x-fapi-auth-date": "Wed, 16 Nov 2022 08:03:48 GMT",
  "x-fapi-customer-ip-address": "198.51.100.119",
  "x-fapi-interaction-id": "abc31902-d813-4696-997e-e92dfca8fefe"
}
2022-11-16 08:03:48
CallProtectedResource
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/sso/accounts
request_method
GET
request_headers
{
  "accept": "application/json",
  "authorization": "Bearer 57zt9IC262K2Skd9lZ9fM2Bk6wVRzip2",
  "x-fapi-auth-date": "Wed, 16 Nov 2022 08:03:48 GMT",
  "x-fapi-customer-ip-address": "198.51.100.119",
  "x-fapi-interaction-id": "abc31902-d813-4696-997e-e92dfca8fefe",
  "content-length": "0"
}
request_body

                                
request_mutual_tls
{
  "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
  "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
}
2022-11-16 08:03:49 RESPONSE
CallProtectedResource
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Wed, 16 Nov 2022 08:03:49 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d7FB278617D9BD73A4959DB3C556A8D89; Path\u003d/sso; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "x-fapi-interaction-id": "abc31902-d813-4696-997e-e92dfca8fefe",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "27",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{
   "scope2":"2"
}

2022-11-16 08:03:49 SUCCESS
CallProtectedResource
Got a response from the resource endpoint
status
200
endpoint_name
resource
headers
{
  "date": "Wed, 16 Nov 2022 08:03:49 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d7FB278617D9BD73A4959DB3C556A8D89; Path\u003d/sso; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "x-fapi-interaction-id": "abc31902-d813-4696-997e-e92dfca8fefe",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "27",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
body
{
   "scope2":"2"
}

2022-11-16 08:03:49 SUCCESS
EnsureHttpStatusCodeIs200or201
resource endpoint http status code was 200
2022-11-16 08:03:49 SUCCESS
CheckForDateHeaderInResourceResponse
Date header present and validated
date
Wed, 16 Nov 2022 08:03:49 GMT
skew
158
2022-11-16 08:03:49 SUCCESS
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
interaction_id
abc31902-d813-4696-997e-e92dfca8fefe
2022-11-16 08:03:49 SUCCESS
EnsureMatchingFAPIInteractionId
Interaction ID matched
fapi_interaction_id
abc31902-d813-4696-997e-e92dfca8fefe
2022-11-16 08:03:49 SUCCESS
EnsureResourceResponseReturnedJsonContentType
Response content type is json
content_type
application/json;charset=UTF-8
2022-11-16 08:03:49 FINISHED
fapi1-advanced-final-state-only-outside-request-object-not-used
Test has run to completion
testmodule_result
PASSED
2022-11-16 08:04:51
TEST-RUNNER
Alias has now been claimed by another test
alias
NC7000-3A-OC
new_test_id
22N8lQysmIqUS7r
Test Results