[Openid-specs-ab] Issue #76: expected behavior for OP-request_uri-Unsigned when request_uri_parameter_supported is false? (openid/certification)

Brian Campbell issues-reply at bitbucket.org
Thu Mar 5 20:48:38 UTC 2015


New issue 76: expected behavior for OP-request_uri-Unsigned when request_uri_parameter_supported is false?
https://bitbucket.org/openid/certification/issue/76/expected-behavior-for-op-request_uri

Brian Campbell:

Pretty much the same as #75 but for request_uri and request_uri_parameter_supported rather than request and request_parameter_supported. 

Though similar, the test ends a little different than #75 and kinda suggests that the test tool doesn't know about the request_uri_not_supported error code.

http://openid.net/specs/openid-connect-core-1_0.html#RequestUriParameter
http://openid.net/specs/openid-connect-core-1_0.html#AuthError

```
#!text


Test info
Profile: {'profile': 'C', 'sub': 'none', 'register': False, 'discover': True, 'extra': False}
Test ID: OP-request_uri-Unsigned
Issuer: https://gold.pinglabs.net
Test output


__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
[-]
	status: ERROR
	info: request_uri_not_supported

Trace output


0.000247 ------------ DiscoveryRequest ------------
0.000258 Provider info discover from 'https://gold.pinglabs.net/'
0.000265 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
1.320615 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "claims_supported": [
    "address",
    "birthdate",
    "email",
    "email_verified",
    "family_name",
    "gender",
    "given_name",
    "locale",
    "middle_name",
    "name",
    "nickname",
    "phone_number",
    "picture",
    "preferred_username",
    "profile",
    "sub",
    "website",
    "zoneinfo"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512"
  ],
  "issuer": "https://gold.pinglabs.net",
  "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
  "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
  "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "require_request_uri_registration": true,
  "response_modes_supported": [
    "fragment",
    "query",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token"
  ],
  "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
  "scopes_supported": [
    "product",
    "phone",
    "pingone-native-application",
    "address",
    "email",
    "admin",
    "edit",
    "openid",
    "profile"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
  "version": "3.0"
}
1.865426 JWKS: {
  "keys": [
    {
      "crv": "P-521",
      "kid": "co4n9",
      "kty": "EC",
      "use": "sig",
      "x": "ARnqMCX2Sfil25tYE4UQgEcQNh03GF2mMq28wxrWyj31iMl8BMmAlXyQXMfO02uliZg98btrPTKbhzT2srITZR5A",
      "y": "AYOcsIIGOOcJcf2JOxgc-mh1HgbSXz-YUbs0yig2W6MuaFYmza76pplu0NyF5XcFnB5TYchCmNyOHgkRMAjZqgdR"
    },
    {
      "crv": "P-384",
      "kid": "co4na",
      "kty": "EC",
      "use": "sig",
      "x": "XI8DDInnvj1gizZ7nqLWmYH2czZPX245Lp1UMLcV07szcCQINQT85fWmxgmNeGED",
      "y": "0YAhSbTCYYaTwgUAKdwGZG0PWQjW8h8dNoM_Bhn9cAnISTxrY-uSueQ9N2-lLxKj"
    },
    {
      "crv": "P-256",
      "kid": "co4nb",
      "kty": "EC",
      "use": "sig",
      "x": "_trh7hHHjJdmjjDzqwmkcPZlsUqxuE6w2_QPmW5XtiQ",
      "y": "M9PDnUsEewr5Ffz9NOdTf2tzP4FxoBrmxI72Cy4l_Ew"
    },
    {
      "e": "AQAB",
      "kid": "co4nc",
      "kty": "RSA",
      "n": "ozu0NGL_oDdqj3alpRCxfIElHOtgZe4G7Sd0ZP7ELkYd2JhKKc2DhY8yd4arK_7xyuTy_36VNttyd7tEiZ3n95ZK8oyftvEabcL2Z1jbHZRGrH2yVfXM-rjBLsiYlfI1b5b8F1ufmHbQn3YAo90HLQWtygMPy8H02vUtYGIrtOxKlkiMiByKsQCDYhVhfqCq_pEZQn3VQdoXBn26cumyr3fDnBmN9fB9EP-LmKe0kdphb8qf2FX0GqTkXkfgmkdIP94YdYfr_5bN_0__QqbnOhcipF44lF-_tO7myUSVYsqlRXOamZz4ze3wu_d3HflNLk-fd29MDoPbU8_ADaKVkw",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "kid": "co4nd",
      "kty": "EC",
      "use": "sig",
      "x": "ACSKiUJ06yMqTrWzUAFMwGPUQEcGY1uqe5tDjQ12dpnp8LGVAWCBe562qDNlKpgPN8OhpeQQ4hfuUeSGoE6a-Ivt",
      "y": "AZi9SiH9KCgb5X_-0_Jz6UO9Wb7r7nSm-keUPJB7ADhnTz1J6Hey86fkN0kUIzY4HekqoqCdO0nH2wnPUG_yWTLI"
    },
    {
      "crv": "P-384",
      "kid": "co4ne",
      "kty": "EC",
      "use": "sig",
      "x": "mdoSHMMbvKO0k5WUtl7i4oAP0x6X_gdbMmswAbbmI-rdiapCOAxnJlcf6rcnOvCQ",
      "y": "pWPfYhrqWRrh-q5wW2TPd7g0QxmQD2Sv4RW0OG-ts0R0B_E0MyNaSiao7SFFGqOX"
    },
    {
      "crv": "P-256",
      "kid": "co4nf",
      "kty": "EC",
      "use": "sig",
      "x": "IGQYliwph36H_OpnGySnAbUD6-vOp4ca_7yQ0Wgw6FA",
      "y": "lSzTm_mTQjdgESMUSX9LXiM8R08yiQ40xFQdk9RpCM4"
    },
    {
      "e": "AQAB",
      "kid": "co4ng",
      "kty": "RSA",
      "n": "hxDN-256T23rgaQFh5Pmg5A26eLLI0_u5_z1Gn_hb1bZAnhgwgmevRKSjxkQhb-UeiRgTLXmUxt-5Io04pTxXaVTL5xTPeYSwMZDBg9OM2Y1jWHSXa5g1mzaefWQQ-T0N6-BTZRa8gpEigbIQwlcHGnZpzb_qbcSAQhppUF4hvDHWF4hkCbKQR2dmzWhL7u2XP0XkjwRhBQfYIwgETVlDgGl4EuLU_Q121m_Zi2JYAYgONEpWnl3cE9ktrimcS7Nm5eB2ZVPxVRCi6U0Z921v_GDpQ2f-wEtLo_jPzz_P-a1z3PATQbZHOKBV8PjHhqZtKgPgNp81AWyHS4sBUFMsQ",
      "use": "sig"
    }
  ]
}
1.866195 ------------ AuthorizationRequest ------------
1.866942 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?scope=openid&state=nYnxdZRE6Y7Mc9tv&response_type=code&client_id=__c&request_uri=https%3A%2F%2Fop.certification.openid.net%3A60211%2Fexport%2FKtfbXFyX9F.jwt
1.866950 --> BODY: None
2.881531 <-- error=request_uri_not_supported&state=nYnxdZRE6Y7Mc9tv&error_description=processing+of+the+request_uri+parameter+is+unsupported
2.882408 [ERROR] NotAllowedValue:request_uri_not_supported

Result
FAILED

```





More information about the Openid-specs-ab mailing list