[Openid-specs-ab] Issue #41: OP-H-06 Providing preferred acr_values (openid/certification)
John Bradley
issues-reply at bitbucket.org
Thu Jan 29 23:00:22 UTC 2015
New issue 41: OP-H-06 Providing preferred acr_values
https://bitbucket.org/openid/certification/issue/41/op-h-06-providing-preferred-acr_values
John Bradley:
The test should be sending acr_values=3 2 1 or something more realistic.
acr=1 is defiantly wrong.
test info for OP-H-06
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[check-http-response]
status: OK
description: Checks that the HTTP response status is within the 200 or 300 range
Trace output
0.000156 ------------ DiscoveryRequest ------------
0.000164 Provider info discover from 'https://gold.pinglabs.net/'
0.792412 ProviderConfigurationResponse: {'authorization_endpoint': u'https://gold.pinglabs.net/as/authorization.oauth2', 'userinfo_endpoint': u'https://gold.pinglabs.net/idp/userinfo.openid', 'response_modes_supported': [u'fragment', u'query', u'form_post'], 'jwks_uri': u'https://gold.pinglabs.net/pf/JWKS', 'token_endpoint': u'https://gold.pinglabs.net/as/token.oauth2', 'require_request_uri_registration': True, 'scopes_supported': [u'product', u'phone', u'pingone-native-application', u'address', u'email', u'admin', u'edit', u'openid', u'profile'], u'ping_revoked_sris_endpoint': u'https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris', 'subject_types_supported': [u'public'], 'token_endpoint_auth_methods_supported': [u'client_secret_basic', u'client_secret_post'], 'request_uri_parameter_supported': False, 'id_token_signing_alg_values_supported': [u'none', u'HS256', u'HS384', u'HS512', u'RS256', u'RS384', u'RS512', u'ES256', u'ES384', u'ES512'], 'version': u'3.0', u'revoc
ation_endpoint': u'https://gold.pinglabs.net/as/revoke_token.oauth2', 'grant_types_supported': ['authorization_code', 'implicit'], 'response_types_supported': [u'code', u'token', u'id_token', u'code token', u'code id_token', u'token id_token', u'code token id_token'], u'ping_end_session_endpoint': u'https://gold.pinglabs.net/idp/startSLO.ping', 'claims_parameter_supported': False, 'request_parameter_supported': False, 'claim_types_supported': [u'normal'], 'issuer': u'https://gold.pinglabs.net'}
1.558919 JWKS: {"keys":[{"kty":"EC","kid":"gbwve","use":"sig","x":"AYqj9qzqV2NCe1akLRNPHrVc9_S7eKvRQRtIRhzGxi1IhzHzUasVlRvuOoWuWuRIUy03kdW2NK5hR3wfiZZhEkoW","y":"AL83O28e3OjB0Y1iJpugvlcDsYuLXzFBu3mFLsgKR36BxNZRQLSa7l9Dgcoq6J9o0Sy5Sy2UidP5rbBkyGNx4HMF","crv":"P-521"},{"kty":"EC","kid":"gbwvf","use":"sig","x":"W7-PiFlDMAzxCqtdxR3PXBRuET50vpWJmc_LwhZisCJgKJHABqhX03kebC5hlcSb","y":"_lGZLYAhl3fwHvfZoVVgAhA4Fbfhd-NqoH4iLtBYpN-9wr70b2KdtCf2gHzK2fxS","crv":"P-384"},{"kty":"EC","kid":"gbwvg","use":"sig","x":"KLVmhNp0qdddjYzRo0XaJLsSvBSQqQIEOKFZtqM-gno","y":"xrHczI4O2gQdR4W-XJLWfQX_jbmr9Kb3ein73WF9exE","crv":"P-256"},{"kty":"RSA","kid":"gbwvh","use":"sig","n":"jC4wSC_HibQMmSaffCHoPhQQCP37cc1rpuIal61c6vEsHP3CkUNf48Ld6LYEXkX6-KVoLsyCWdpPG7sygVQcQ7mqfXan3evFHDdeq0gqXQggU6utWiJXuA0Z2L9gaOyd4e7hTqAt3MMaRDX50Qw20KMAfhVALvbWK1PWYTpqRN4SbZoLffP30W_IXSB0DnDgQ6IHd-fVXKATcdarUe-pRet62_uQ0uXAvFkmrDqtVpRq8NEkufYZ4fITW1TOsVf0FtDBdFnJPR81bXwMMzEVWFRAImCyLg6MZbg6jG4l-g_5SbRrBOBYD4triqreBx4NwmkNUbNVPtZ
twU04BNGhkw","e":"AQAB"},{"kty":"EC","kid":"gbwvi","use":"sig","x":"ANPVqCPYLkJkd-_b4nHXYomDjiw70zoRgUU-sB1B072gxBSVuCqIF3RW2W8Vz1hIr_1_4JADSdg_2YVJB8EQL7LH","y":"AQfK1CYQBkUx7v_ctmznj-z_5PJorts9_8QlLouwIgomSC4hAO2BBwHfRlgFgSQpBvyfUvaviiQsBRFKJihwZf2c","crv":"P-521"},{"kty":"EC","kid":"gbwvj","use":"sig","x":"3AdxyY2BFxTOcUCu7wjWDFnHiBo1pm4Uqmrmi7JYyStIwlHqi15mXYWw2aPo1sXq","y":"SqpcYqpR498CAOxw6z4LHUXD5ovFlpRsr0URyrQCBfI9xn_l90ugHPzov0iaiO8Y","crv":"P-384"},{"kty":"EC","kid":"gbwvk","use":"sig","x":"iCUEVPwvl1K6XlkfVtLVPRGswTCmt9K0cu3YEUqlgLs","y":"shDGsg-b6lx-J6PEp7_yjcB_psZB-p8mTOIp9yrCU7U","crv":"P-256"},{"kty":"RSA","kid":"gbwvl","use":"sig","n":"lZoM_XVOJo7B5QGxl92yTxrt0kWFlrz4vSS1a6qmXObIBoa0IhfsNzZ9knDAWr9x9meRt7lRne6vudIoYiQqkNafDLhzvgYQ2-2IEQudX35TpCvnuvzevTwXb9vafz_q6dA19KJNDvNN3MWkFXgsPUZvaNBJ5iAGn3aSZir9CqSxM23wU0222zVQnorDfZFNLEfe2P6bdGl5zw5IdlgXZgMYhzOwswpO2MHnux5IVmq6axl3_CJXkI2THzqe2OB1uROxZhl5TM0tw6wSr3EF17QO6kwfji7LlbWbjpnNkZsepTW5QG-x2EyHVcaxF8TzyggH5rO-_
ceLndsGfrHYYw","e":"AQAB"},{"kty":"EC","kid":"gbwvm","use":"sig","x":"Abkd0k5TY2KznoTiLFyxF5iQtFjmAosSrNmrQedTUNpqTF5g9AMR9DLS-3JyOXHRlrX2pfxYkLIL1pNPUoxwPxK3","y":"ABSKTbBppZcf3ZOYsYfAmIeLO2Swlrl5OiD-2wE27kVilS2uo6qIDCbhOh83y0ASo0wd34k-DHq69MoS5Ey3AjRN","crv":"P-521"},{"kty":"EC","kid":"gbwvn","use":"sig","x":"cY5vhATcRxbWkkwUylU55LTcyqep3Tb6vt36WiLlZsGXXdZziJpKpNSfRzO1OCbx","y":"XkOvfqyVD01dSLNUucy7J5tQ4ezq-d3-SOcmjfr-KIxe7KGsDwX5v-whEnx-Rouq","crv":"P-384"},{"kty":"EC","kid":"gbwvo","use":"sig","x":"ZRb4GE3CfEmc0sS0VLd_Q0lYKg9Vzd-tXoYAop293XE","y":"uDmaZ0jsaTEX2nqipzUb94nt4S1KBkr2dXYcHGUs408","crv":"P-256"},{"kty":"RSA","kid":"gbwvp","use":"sig","n":"njCIpcbAtkmHnEmLdsuTF8qrfwzUML7EyZ2rRq1EHjcQzDJCPUAtHaWxZ9EYytJcDbH2zClhGKJPNiHMZKvVOYiRZYYX98RH5luflnLVGVMUBSpgNj8tMTfKo2GyWsEYUvr7Xh38rWZ7xAaBaGvvCAIPx1yFVoAgHfn_DRqH6O1aShuUNObeyA6SEQdf5Le-7x3MHnPsRPKXzfY09x9jNEBa40hdbEb1zWDTwZl55ohxCl2cNxEGq4ex9mJlGVHFpU6AIVAQXdFXoTWJqxdp-opzM4KgQb-jnLRHsm2awLGVhpJvri8dapE4T93xV_-kLwsw1BB
vpUA5UsSA-BT_0Q","e":"AQAB"}]}
1.559496 ------------ AuthorizationRequest ------------
1.559775 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?acr=1&state=2jRuIrXFjSdiUFjj&redirect_uri=https%3A%2F%2Foictest.umdc.umu.se%3A8094%2Fauthz_cb&response_type=code&client_id=oictest&scope=openid
1.559780 --> BODY: None
8.816038 <-- state=2jRuIrXFjSdiUFjj&code=yWlnp2WZgHb6hHc541c0pKUgNSA6NxKmuo04N9Op
8.816238 AuthorizationResponse: {'state': '2jRuIrXFjSdiUFjj', 'code': 'yWlnp2WZgHb6hHc541c0pKUgNSA6NxKmuo04N9Op'}
8.816339 ------------ AccessTokenRequest ------------
8.816561 --> URL: https://gold.pinglabs.net/as/token.oauth2
8.816566 --> BODY: code=yWlnp2WZgHb6hHc541c0pKUgNSA6NxKmuo04N9Op&grant_type=authorization_code&redirect_uri=https%3A%2F%2Foictest.umdc.umu.se%3A8094%2Fauthz_cb
8.816572 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic b2ljdGVzdDoxUURnV1NwTA=='}
9.662982 <-- STATUS: 200
9.663024 <-- BODY: {"token_type":"Bearer","expires_in":7200,"refresh_token":"vGG08E5F5BAJW172eXMIzOyG2mFmDrYS9ZOBgI9TCl","id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imdid3ZsIn0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Im9pY3Rlc3QiLCJqdGkiOiJPZ21keHR2YXVVT1Y1TUlvUlpqSGw3IiwiaXNzIjoiaHR0cHM6XC9cL2dvbGQucGluZ2xhYnMubmV0IiwiaWF0IjoxNDIyNTcyMDMzLCJleHAiOjE0MjI1NzIzMzN9.kxselbatW8kCGyioXCo80jVsyhN15MUKY8Zfgu9J1zm_Aywc1tJIHsPJmdR-gq0QKqCd8bseZ_1_pLTWjq1vBTJLZa2LOywLqRooMGomCfSV9Q1ewTE16A2SsNjDdBjOdwJsL2cpO5DhWZXX0I2drg_oRfEBJsjZ-WBf9rLC9SYP7w_8Lj6JAZKfkowR_-AQvd-qfYr4yHcdiv75E4RITYtAblbxkjsDjAZ5AB18DW2ZW29LNcMCFVjyJRPsYG7ACS1VKMBD_RxH-2CnLY0FvA_Pc-a2Dk1u9cevBzAP2MGPXAprr2-nDaNUiSpYowAirbyXLJ2OQSnSWsBzMdGAQw","access_token":"BQzq8q9wzUQ6QBa3YRLnOvXd3vNN"}
10.415216 IdToken JWT header: {u'alg': u'RS256', u'kid': u'gbwvl'}
10.415225 AccessTokenResponse: {'token_type': u'Bearer', 'id_token': {'sub': u'jbradley', 'iss': u'https://gold.pinglabs.net', u'jti': u'OgmdxtvauUOV5MIoRZjHl7', 'exp': 1422572333, 'iat': 1422572033, 'aud': [u'oictest']}, 'access_token': u'BQzq8q9wzUQ6QBa3YRLnOvXd3vNN', 'expires_in': 7200, 'refresh_token': u'vGG08E5F5BAJW172eXMIzOyG2mFmDrYS9ZOBgI9TCl'}
Responsible: Rohe
More information about the Openid-specs-ab
mailing list