[Openid-specs-ab] RP Testing: regressions since december, service availability

Mike Jones Michael.Jones at microsoft.com
Wed Mar 29 12:32:25 UTC 2017


Thanks for doing the regression testing, Filip.  That’s very useful!

                                                       -- Mike

From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Filip Skokan via Openid-specs-ab
Sent: Wednesday, March 29, 2017 2:26 AM
To: Roland Hedberg <roland at catalogix.se>; openid-specs-ab at lists.openid.net Ab <openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] RP Testing: regressions since december, service availability

That did it Roland! Thank you. None are failing now https://travis-ci.org/panva/openid-client-conformance-tests

I've incorporated new available tests that popped up since december, namely the following, and they pass too.

- rp-discovery-webfinger-unknown-member
- rp-discovery-webfinger-http-href
- rp-id_token-sig+enc-a128kw
- rp-id_token-missing-c_hash
- rp-id_token-missing-at_hash
- rp-key-rotation-op-sign-key-native

Travis is now configured to run via a daily cron, when tests fail notifications will be sent out so we'll find out sooner that something's amiss.

Best,
Filip Skokan

On Wed, Mar 29, 2017 at 9:14 AM, Roland Hedberg <roland at catalogix.se<mailto:roland at catalogix.se>> wrote:
Updated the code and restarted the server.
Could you check if I’ve fixed the problems ?

28 mars 2017 kl. 22:59 skrev Filip Skokan <panva.ip at gmail.com<mailto:panva.ip at gmail.com>>:

rp-discovery-webfinger-url fails because it does not account for <https://github.com/rohe/oidctest/blob/793f7dcd5dbf89c22865b949b38fb0d0da710ce6/src/oidctest/cp/op.py#L100> URL syntax with i.e. /joe at the end of the subject<https://github.com/rohe/oidctest/blob/793f7dcd5dbf89c22865b949b38fb0d0da710ce6/src/oidctest/cp/op.py#L100>.

parse_resource returns array with three members which is too much for only op_id and test_id unpack, resulting in ValueError: too many values to unpack and then the aforementioned 400.

To confirm I changed my test to just submit https://rp.certification.openid.net:8080/node-openid-client/rp-discovery-webfinger-url as resource value, the test passes, but it should actually be https://rp.certification.openid.net:8080/node-openid-client/rp-discovery-webfinger-url/joe and maybe it should even account for a trailing '/', therefore parse_resource returning 4 members.

Hope it helps. rp-userinfo-bearer-body is still a mystery to me...

Best,
Filip Skokan

On Tue, Mar 28, 2017 at 8:50 PM, Roland Hedberg <roland at catalogix.se<mailto:roland at catalogix.se>> wrote:
I’ll have look at the failing tests tomorrow.

28 mars 2017 kl. 20:05 skrev Filip Skokan <panva.ip at gmail.com<mailto:panva.ip at gmail.com>>:

Roland, Hans,

thank you, the service is now back online, the regressions are still present.

Build<https://travis-ci.org/panva/openid-client-conformance-tests/builds/215597596>, suite [1]<https://github.com/panva/openid-client-conformance-tests/blob/bc2d9168f291d249c986bd070968fc133006ae55/test/userinfo-endpoint.js#L42-L61>, [2]<https://github.com/panva/openid-client-conformance-tests/blob/master/test/discovery.js#L23-L30>.

Best,
Filip Skokan

On Tue, Mar 28, 2017 at 5:43 PM, Roland Hedberg <roland at catalogix.se<mailto:roland at catalogix.se>> wrote:
I’ll look at this as soon as I can.
Have been at a conference the whole day.

— Roland

28 mars 2017 kl. 15:47 skrev Hans Zandbelt via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>:

it looks like there were modifications done to pyoidc on the RP machine itself that did not cleanly merge with an update [1] and that led to a syntax error in src/oic/utils/keyio.py so the restart that was done after the modifications failed [2], all of which was done yesterday Mar 27 11:44 by Roland [3]

I'll have to refer to Roland (the one with the smoking gun in his hand.. ;-)) to fix this as I'm not sure why the local modifications were done in the first place.

Hans.

[1]
oictest at openid-www2:~/projects/pyoidc$ git status
On branch master
Your branch and 'origin/master' have diverged,
and have 13 and 10 different commits each, respectively.
  (use "git pull" to merge the remote branch into yours)
You have unmerged paths.
  (fix conflicts and run "git commit")

Changes to be committed:

...

Unmerged paths:
  (use "git add <file>..." to mark resolution)

both modified:   src/oic/utils/keyio.py

Untracked files:
  (use "git add <file>..." to include in what will be committed)

src/oic/utils/authn/client.py.local

[2]
Traceback (most recent call last):
  File "server.py", line 9, in <module>
    from oidctest.cp import dump_log
  File "/usr/local/lib/python3.5/dist-packages/oidctest-0.7.0-py3.5.egg/oidctest/cp/__init__.py", line 6, in <module>
    from otest.events import Events
  File "/usr/local/lib/python3.5/dist-packages/otest-0.7.0-py3.5.eg<http://otest-0.7.0-py3.5.eg>g/otest/__init__.py", line 19, in <module>
    from oic.oauth2 import HttpError
  File "/usr/local/lib/python3.5/dist-packages/oic-0.9.5.1-py3.5.eg<http://oic-0.9.5.1-py3.5.eg>g/oic/oauth2/__init__.py", line 10, in <module>
    from oic.oauth2.message import ASConfigurationResponse
  File "/usr/local/lib/python3.5/dist-packages/oic-0.9.5.1-py3.5.eg<http://oic-0.9.5.1-py3.5.eg>g/oic/oauth2/message.py", line 25, in <module>
    from oic.utils.keyio import key_summary
  File "/usr/local/lib/python3.5/dist-packages/oic-0.9.5.1-py3.5.eg<http://oic-0.9.5.1-py3.5.eg>g/oic/utils/keyio.py", line 12
    <<<<<<< HEAD
     ^
SyntaxError: invalid syntax

[3]
Mar 27 11:43:42 openid-www2 sudo: pam_unix(sudo:session): session opened for user root by roland_hedberg(uid=0)
Mar 27 11:43:44 openid-www2 sudo: pam_unix(sudo:session): session closed for user root
Mar 27 11:44:38 openid-www2 sudo:  oictest : TTY=pts/2 ; PWD=/home/oictest/oidf/oidc_cp_rplib ; USER=root ; COMMAND=/bin/kill 58924
Mar 27 11:44:38 openid-www2 sudo: pam_unix(sudo:session): session opened for user root by roland_hedberg(uid=0)

On Tue, Mar 28, 2017 at 2:18 PM, Filip Skokan via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
Hello,

I am attempting to set a daily run of the conformance test suite to account for and test with library's and dependencies updates.

While running the same RP test suite as in december two tests are now failing. If i recall correctly there was a big update in the testing software right around january.

1) rp-userinfo-bearer-body
i get 200 OK status code with error body {"error": "invalid_request", "error_description": "Token is malformed"}, i should get a userinfo response with a valid subject, this test's behavior was correct in december. Logs from december show a received body bearer, logs from few days ago do not, as if the body was never parsed.

2) rp-discovery-webfinger-url
Returns a 400 HTML page instead of a well-known webfinger response now, this test's behavior was correct in december.

Did anyone pass these tests recently? If so, i would like to get in touch to find out what's different.

the testing service over at https://rp.certification.openid.net:8080/ is also not available at this time

Best,
Filip

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab



--
hans.zandbelt at zmartzone.eu<mailto:hans.zandbelt at zmartzone.eu>
ZmartZone IAM - www.zmartzone.eu<http://www.zmartzone.eu/>
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170329/fa72e1b1/attachment-0001.html>


More information about the Openid-specs-ab mailing list