[Openid-specs-ab] Issue #25: OP-B-04 & OP-B-05 Not requesting max-age in the request. (openid/certification)
John Bradley
issues-reply at bitbucket.org
Sun Jan 25 22:16:38 UTC 2015
New issue 25: OP-B-04 & OP-B-05 Not requesting max-age in the request.
https://bitbucket.org/openid/certification/issue/25/op-b-04-op-b-05-not-requesting-max-age-in
John Bradley:
Two issues
1 max_age is not in the authorization request.
2 auth_time is not in the id_token response and the test is shown to pass.
test info for OP-B-04
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[check-http-response]
status: OK
description: Checks that the HTTP response status is within the 200 or 300 range
Trace output
0.000106 ------------ DiscoveryRequest ------------
0.000114 Provider info discover from 'https://gold.pinglabs.net/'
0.732633 ProviderConfigurationResponse: {'authorization_endpoint': u'https://gold.pinglabs.net/as/authorization.oauth2', 'userinfo_endpoint': u'https://gold.pinglabs.net/idp/userinfo.openid', u'revocation_endpoint': u'https://gold.pinglabs.net/as/revoke_token.oauth2', 'jwks_uri': u'https://gold.pinglabs.net/pf/JWKS', 'token_endpoint': u'https://gold.pinglabs.net/as/token.oauth2', 'require_request_uri_registration': True, 'scopes_supported': [u'product', u'phone', u'pingone-native-application', u'address', u'email', u'admin', u'edit', u'openid', u'profile'], u'ping_revoked_sris_endpoint': u'https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris', 'subject_types_supported': [u'public'], 'token_endpoint_auth_methods_supported': [u'client_secret_basic', u'client_secret_post'], 'request_uri_parameter_supported': False, 'id_token_signing_alg_values_supported': [u'none', u'HS256', u'HS384', u'HS512', u'RS256', u'RS384', u'RS512', u'ES256', u'ES384', u'ES512'], 'version': u'3.0
', u'ping_end_session_endpoint': u'https://gold.pinglabs.net/idp/startSLO.ping', 'grant_types_supported': ['authorization_code', 'implicit'], 'response_types_supported': [u'code', u'token', u'id_token', u'code token', u'code id_token', u'token id_token', u'code token id_token'], 'claims_parameter_supported': False, 'request_parameter_supported': False, 'claim_types_supported': [u'normal'], 'issuer': u'https://gold.pinglabs.net'}
1.477931 JWKS: {"keys":[{"kty":"EC","kid":"omtz1","use":"sig","x":"MfyquBGmMiaJjPobXeGv23X5xxhzsbe1j2bZTclDb9Eg1mBatNQWo-8wiefHAL1Ip4e29CKbkF7NS8azLEWCQiU","y":"AYMViNhimlhQM0eSKVGA0jrc8he1HmWzBx0QiTz6klMmEH4Y60bMf9rdk-a8Gnv4puCPl0PIR3Hiu7id27Z3qJR3","crv":"P-521"},{"kty":"EC","kid":"omtz0","use":"sig","x":"uIJ2DaZ2KkuOw56ZNylsZblWvx222DsZeBYIKTN0Dj_E0fJtlUBjmgBJrDVwLre1","y":"woLKDlgn-ql_BZp6msXAgT0-5b6-ZLv3gdEeYRm3v3oNYMhd71m9OhIwo2C9myL_","crv":"P-384"},{"kty":"EC","kid":"omtyz","use":"sig","x":"khzqOQ62hbFldLE62MP1onxb2-LqCdhQJIVz8FdtoZk","y":"vOqI3_uVNvC3lnTPAC4COwkv-mKPbAf_ru14ssexR0E","crv":"P-256"},{"kty":"RSA","kid":"omtyy","use":"sig","n":"kayq6tT7O-zDs5fKB07Kc3_4g15kZmyNcu6FWo6O-SRHKL8KJP0artj5paaUh_MGAmbTV0GDv59ueDBLJDehrS8L89KGFE9hA0ewa_UvpI1-L4GzVL6fNuw_Pcki0aZABNJxr41sBsLQLRjMgrcO44zCDihG6RLKWtaWPLTYFaojktJXF-g4sugn0rtMp-y4MWWTyD1z0ALHEmM6a0FY8HxmlBjJDihIyE1q67ZdPvBzp30-kY6NjgWjDsL_V2JU3Rxmae2-7mTb0j1gh3cg4z6y-AxsbIz5A5U2lQNhwd68AnEU0zdIrNsXL3FWUgaNay9zxCrXnZzN
Wt84eZV6uQ","e":"AQAB"},{"kty":"EC","kid":"omtyx","use":"sig","x":"W5a7xlmwOYNrB7oTj4CLNXs8YcUymtb0kBmm9hb06ogwiMf-YBFI9ONpGAg0u-l84NIOXe-GgHpgL4rmVAdaaO8","y":"AfzRDUxyNnDyKs7m1gJaw7rZEGY4iUDgqlAQjTdoYpKm7VcBKgxRNgtyG28RCfL6_9Sk1PQ-zA8D8l-pr-YI-V7v","crv":"P-521"},{"kty":"EC","kid":"omtyw","use":"sig","x":"-m-8FO-SZpveBTBlaHWWixBigQX2NRwfj4xogvmUHOsQYfDwyOk8O87vA43OwSE6","y":"FFvYDZFWVGITfFCn0Lv9oJWfAdhNz0aMCEypkSLur0eswgISUiOS5wBWgBapIasa","crv":"P-384"},{"kty":"EC","kid":"omtyv","use":"sig","x":"GGVfBAPtdXyukzh50aiD_fQ-7k8Sh9uA6nurbrjJInc","y":"4T-YmEbU3L-_CPt6_HomDx_JzXD8Wz8Yqpu5D9ww96Q","crv":"P-256"},{"kty":"RSA","kid":"omtyu","use":"sig","n":"hVF3cL1DbRVYNMI8OvLlfKAvJSjplzq3BXQDrM495_diuEWzT2X7QjBM14OT8wV6lZ0i_Kr_9yztg02xqI-HiuZT7kjRyjxNv5_NP8E4FA1VQht1XMOtHHjnvUNiy8v6jTKvTdN78v4ygNHbwrEaWJZdPDJ3L74ZT98xLxRBrj0Phwsx1aFAgPnPDFMmQa2dAY7OaDQwZPSWtN0HpB13hGHuCb64gT8WR3Y2ARU1Tq9jakoCWXWStwWBzHaOoqqM_6eR_mAc2SwjDYjnwXnGWZ_ic_4fbTYfWDd5jGgfglnfTXqjZZebNzyCPAGdswXLW3NB7mg5xLm
dMjIIfzktDw","e":"AQAB"},{"kty":"EC","kid":"omtyt","use":"sig","x":"AUTSgNV66OzJpOC2eMwnGRL-FjOrSh5Po_Ap00qML0evOf9zG1bGXi7VIozlU0AN56ZfFQHXPaKiPL7vPm4eP-Y1","y":"L3KWRGlfw4Q98dteh9Gx7ySBRU0hWScgDURS8Vol-VARvNe0YssK98qAO8tag8y65Y2SXcWfe4LxHbb_HAJ1fVQ","crv":"P-521"},{"kty":"EC","kid":"omtys","use":"sig","x":"Y-6LE85pAa1OjX9kH-KIMYSvKKq39GGH0iIxSfHawGcLDcmea7EIRMVA_4XbufkG","y":"3w8Uo4CrhAb722g6B5kiJd54KJGx0dfQlkNImIRgOCpbK3tax-tG2aXGlqq6PPS4","crv":"P-384"},{"kty":"EC","kid":"omtyr","use":"sig","x":"LI887jJ7HROpbsF1CkpKjck-DrJBvD0ODg-8qTkM9M4","y":"Ma7sbDShR9vOr3Ip4BJUbbg32PgO2fBPZTVMdzg3cd0","crv":"P-256"},{"kty":"RSA","kid":"omtyq","use":"sig","n":"qbiNT15XckRxgFIfySebARAGNcUiG3BEhOyVW8z8ghNBNE_eU2E0amN44E7Ad6M0-44YLkDTZJtWtwKWT_-67UjN8cCN82Eal45MXB5pjQoOQxNMZB8yXAOesP3bhR4wcUDgpQlPyyvOAJ3n7XiSlZjTDNZr9nrWz8A12WmI8JvfL_qpFgdRgu_N1mprkrZ0cJRnOwnkdMxnXfLbqd5lIye58Q_AD8IE8brZGZy0AwGT1lJe3DDzIF2QX_o1flyU6HugrEX7S6IZjdPaj98a-erC4tRfRoZ3ffjoaJ5ze0eadF5qcNqRB8ooc_Db_ZR1NaprRI02A5
VdMl-IAGq7uQ","e":"AQAB"}]}
1.478681 ------------ AuthorizationRequest ------------
1.479142 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?nonce=e4OBmpvZPSM8&state=ceDaPH72HfMv4zbG&redirect_uri=https%3A%2F%2Foictest.umdc.umu.se%3A8094%2Fauthz_cb&response_type=id_token+token&client_id=oictest&scope=openid
1.479151 --> BODY: None
19.010184 <-- state=ceDaPH72HfMv4zbG&token_type=Bearer&expires_in=7199&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6Im9tdHl1In0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Im9pY3Rlc3QiLCJqdGkiOiJUT0UyMzlmOEJWcWlpQ2hUMVp2SkUxIiwiaXNzIjoiaHR0cHM6XC9cL2dvbGQucGluZ2xhYnMubmV0IiwiaWF0IjoxNDIyMjIzNDI2LCJleHAiOjE0MjIyMjM3MjYsIm5vbmNlIjoiZTRPQm1wdlpQU004IiwiYXRfaGFzaCI6InAzYm5rcWRxeXpLaDRDcXFoMmJkcFEifQ.fxhb1SbUUpc4nNvIvwD39BVWKI77WgWNKBHqCKyqwg5pJ30xvUUOGQbIKmMPrzS7eYwoU9Rbn-5KyFP2hvTa4-EbQYqgq9s3KBVNXxjHvT2v9bBipkBXvI9dP8b-nZtJvzOGUutl-5xXCzT7N8-EzfJb9Bry_IzixX0pHzsb6_ULhtqXuzvHXVj-kpyp-GSbUULFCgp2k69lEOHRKyeTTdTljz6oab6U94ER0vwUI4eVxy_Qa7HIxVoRqReDM80Ntp26jX62T433buD49ui5h585QOaoZs2gQLAQ3VY9-BUiHGWvG55V2KbBYanEiMC0hZw9ZAtn6lfXh2b4nmMXJg&access_token=iSTnnrAOQsrk7Ire6NZUMeAuYl8q
19.777850 AuthorizationResponse: {'token_type': 'Bearer', 'id_token': {'nonce': u'e4OBmpvZPSM8', 'sub': u'jbradley', 'iss': u'https://gold.pinglabs.net', 'at_hash': u'p3bnkqdqyzKh4Cqqh2bdpQ', u'jti': u'TOE239f8BVqiiChT1ZvJE1', 'exp': 1422223726, 'iat': 1422223426, 'aud': [u'oictest']}, 'state': 'ceDaPH72HfMv4zbG', 'access_token': 'iSTnnrAOQsrk7Ire6NZUMeAuYl8q', 'expires_in': 7199}
35.190972 ------------ AuthorizationRequest ------------
35.191270 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?nonce=torIxsnbpSNL&max_age=1&state=AdSrPJ75LwTYexuo&redirect_uri=https%3A%2F%2Foictest.umdc.umu.se%3A8094%2Fauthz_cb&response_type=id_token+token&client_id=oictest&scope=openid
35.191277 --> BODY: None
47.095672 <-- state=AdSrPJ75LwTYexuo&token_type=Bearer&expires_in=7199&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6Im9tdHl1In0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Im9pY3Rlc3QiLCJqdGkiOiJzTTJiNklmdnkwVXV0N1d4a25Sd0l6IiwiaXNzIjoiaHR0cHM6XC9cL2dvbGQucGluZ2xhYnMubmV0IiwiaWF0IjoxNDIyMjIzNDU2LCJleHAiOjE0MjIyMjM3NTYsIm5vbmNlIjoidG9ySXhzbmJwU05MIiwiYXRfaGFzaCI6IkM0RXExN3pudkV0QXdFbWRQYWVrSkEifQ.OaXGGwD_Ex19oSIC1Brfm717WdQQZKS2RYu1f02P5mOGk-AXHY4c89qOK1zCbhtBq54ISRJGN5bFHwuIY0INImxJvrqpsu07oalBXmucoXaH25TaBWIuqdAvCbFaGz44KOHW9aPBw4NPo-bzMxmS7AA0J0c09Sq7WAlX7U1kLrNn3vvnTOeN31IM-EODmGn1Pw9YDKCQVMR4FFTyJo7KJZc7vf2KzrtzNwv9t_cTsaD2zlfn7LrFx2B-SRj6qYmslCaD8fCAkbX1OXYQ7CT3-rB7QmxZCK7nqkxvJ4GXYpeG1kmLcz191xp8v6x7BRW7YM1MAkAaBA9QH3qJAiQwsA&access_token=UmVNY4ZewtM2ih4B6ZVXceWhrpfN
47.097381 AuthorizationResponse: {'token_type': 'Bearer', 'id_token': {'nonce': u'torIxsnbpSNL', 'sub': u'jbradley', 'iss': u'https://gold.pinglabs.net', 'at_hash': u'C4Eq17znvEtAwEmdPaekJA', u'jti': u'sM2b6Ifvy0Uut7WxknRwIz', 'exp': 1422223756, 'iat': 1422223456, 'aud': [u'oictest']}, 'state': 'AdSrPJ75LwTYexuo', 'access_token': 'UmVNY4ZewtM2ih4B6ZVXceWhrpfN', 'expires_in': 7199}
Responsible: Rohe
More information about the Openid-specs-ab
mailing list