[Openid-specs-ab] Third-party login certification tests ready to test

Mike Jones Michael.Jones at microsoft.com
Thu Feb 21 21:19:58 UTC 2019

Hans Zandbelt has implemented certification tests for the third-party login functionality of OpenID Connect<https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin>.  These tests are now ready to test.  If you’ve implemented this part of the spec, please give these new tests a try and let us know what your experience is with them.  Here’s Hans description of how to use these new tests:

OP tests:

The (2) 3rd-party-init SSO OP tests are enabled by selecting support for "extra" tests and "dynamic client registration" in the OP test instance setup.

- OP-3rd_party-init-login

The test suite dynamically registers a client with the "initiate_login_uri" claim set in the registration request and verifies that this claim is echo-ed back in the dynamic client registration response generated by the OP.

- OP-3rd_party-init-login-nohttps

The test suite dynamically register a client with the "initiate_login_uri" claim set in the registration request to a plain http (i.e. non-https) URL value and verifies that the OP returns a Client Registration Error Response as defined in https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError

RP tests:

- rp-3rd_party-init-login

Exposes a third-party initiated login endpoint that 3rd parties can use to start the SSO process. This test is initiated by the tester by accessing: https://<rp_test_host>:<rp_test_port>/rp/<rp_id>/rp-3rd_party-init-login/<client_id<https://%3crp_test_host%3e:%3crp_test_port%3e/rp/%3crp_id%3e/rp-3rd_party-init-login/%3cclient_id>>. This will in its turn redirect the tester's browser/client to the 3rd-party-init SSO endpoint of the RP which should then start the login towards the OP. The test is successful when an Authentication Request has been sent to the OP triggered by accessing the third-party initiated login URL.

We’ll add this information to the certification testing instructions at openid.net/certification shortly.  After a few of you have tested the tests, we’ll consider them to be in pilot mode and offer certifications against the new “3rd Party OP” and “3rd Party RP” profiles to members at no cost during the pilot phase.

                                                                -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190221/468f47bf/attachment-0001.html>

More information about the Openid-specs-ab mailing list