[Openid-specs-ab] Issue #76: expected behavior for OP-request_uri-Unsigned when request_uri_parameter_supported is false? (openid/certification)
Brian Campbell
issues-reply at bitbucket.org
Thu Mar 5 20:48:38 UTC 2015
New issue 76: expected behavior for OP-request_uri-Unsigned when request_uri_parameter_supported is false?
https://bitbucket.org/openid/certification/issue/76/expected-behavior-for-op-request_uri
Brian Campbell:
Pretty much the same as #75 but for request_uri and request_uri_parameter_supported rather than request and request_parameter_supported.
Though similar, the test ends a little different than #75 and kinda suggests that the test tool doesn't know about the request_uri_not_supported error code.
http://openid.net/specs/openid-connect-core-1_0.html#RequestUriParameter
http://openid.net/specs/openid-connect-core-1_0.html#AuthError
```
#!text
Test info
Profile: {'profile': 'C', 'sub': 'none', 'register': False, 'discover': True, 'extra': False}
Test ID: OP-request_uri-Unsigned
Issuer: https://gold.pinglabs.net
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
[-]
status: ERROR
info: request_uri_not_supported
Trace output
0.000247 ------------ DiscoveryRequest ------------
0.000258 Provider info discover from 'https://gold.pinglabs.net/'
0.000265 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
1.320615 ProviderConfigurationResponse: {
"authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"claims_supported": [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"picture",
"preferred_username",
"profile",
"sub",
"website",
"zoneinfo"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"issuer": "https://gold.pinglabs.net",
"jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
"ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
"ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"require_request_uri_registration": true,
"response_modes_supported": [
"fragment",
"query",
"form_post"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
"scopes_supported": [
"product",
"phone",
"pingone-native-application",
"address",
"email",
"admin",
"edit",
"openid",
"profile"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
"version": "3.0"
}
1.865426 JWKS: {
"keys": [
{
"crv": "P-521",
"kid": "co4n9",
"kty": "EC",
"use": "sig",
"x": "ARnqMCX2Sfil25tYE4UQgEcQNh03GF2mMq28wxrWyj31iMl8BMmAlXyQXMfO02uliZg98btrPTKbhzT2srITZR5A",
"y": "AYOcsIIGOOcJcf2JOxgc-mh1HgbSXz-YUbs0yig2W6MuaFYmza76pplu0NyF5XcFnB5TYchCmNyOHgkRMAjZqgdR"
},
{
"crv": "P-384",
"kid": "co4na",
"kty": "EC",
"use": "sig",
"x": "XI8DDInnvj1gizZ7nqLWmYH2czZPX245Lp1UMLcV07szcCQINQT85fWmxgmNeGED",
"y": "0YAhSbTCYYaTwgUAKdwGZG0PWQjW8h8dNoM_Bhn9cAnISTxrY-uSueQ9N2-lLxKj"
},
{
"crv": "P-256",
"kid": "co4nb",
"kty": "EC",
"use": "sig",
"x": "_trh7hHHjJdmjjDzqwmkcPZlsUqxuE6w2_QPmW5XtiQ",
"y": "M9PDnUsEewr5Ffz9NOdTf2tzP4FxoBrmxI72Cy4l_Ew"
},
{
"e": "AQAB",
"kid": "co4nc",
"kty": "RSA",
"n": "ozu0NGL_oDdqj3alpRCxfIElHOtgZe4G7Sd0ZP7ELkYd2JhKKc2DhY8yd4arK_7xyuTy_36VNttyd7tEiZ3n95ZK8oyftvEabcL2Z1jbHZRGrH2yVfXM-rjBLsiYlfI1b5b8F1ufmHbQn3YAo90HLQWtygMPy8H02vUtYGIrtOxKlkiMiByKsQCDYhVhfqCq_pEZQn3VQdoXBn26cumyr3fDnBmN9fB9EP-LmKe0kdphb8qf2FX0GqTkXkfgmkdIP94YdYfr_5bN_0__QqbnOhcipF44lF-_tO7myUSVYsqlRXOamZz4ze3wu_d3HflNLk-fd29MDoPbU8_ADaKVkw",
"use": "sig"
},
{
"crv": "P-521",
"kid": "co4nd",
"kty": "EC",
"use": "sig",
"x": "ACSKiUJ06yMqTrWzUAFMwGPUQEcGY1uqe5tDjQ12dpnp8LGVAWCBe562qDNlKpgPN8OhpeQQ4hfuUeSGoE6a-Ivt",
"y": "AZi9SiH9KCgb5X_-0_Jz6UO9Wb7r7nSm-keUPJB7ADhnTz1J6Hey86fkN0kUIzY4HekqoqCdO0nH2wnPUG_yWTLI"
},
{
"crv": "P-384",
"kid": "co4ne",
"kty": "EC",
"use": "sig",
"x": "mdoSHMMbvKO0k5WUtl7i4oAP0x6X_gdbMmswAbbmI-rdiapCOAxnJlcf6rcnOvCQ",
"y": "pWPfYhrqWRrh-q5wW2TPd7g0QxmQD2Sv4RW0OG-ts0R0B_E0MyNaSiao7SFFGqOX"
},
{
"crv": "P-256",
"kid": "co4nf",
"kty": "EC",
"use": "sig",
"x": "IGQYliwph36H_OpnGySnAbUD6-vOp4ca_7yQ0Wgw6FA",
"y": "lSzTm_mTQjdgESMUSX9LXiM8R08yiQ40xFQdk9RpCM4"
},
{
"e": "AQAB",
"kid": "co4ng",
"kty": "RSA",
"n": "hxDN-256T23rgaQFh5Pmg5A26eLLI0_u5_z1Gn_hb1bZAnhgwgmevRKSjxkQhb-UeiRgTLXmUxt-5Io04pTxXaVTL5xTPeYSwMZDBg9OM2Y1jWHSXa5g1mzaefWQQ-T0N6-BTZRa8gpEigbIQwlcHGnZpzb_qbcSAQhppUF4hvDHWF4hkCbKQR2dmzWhL7u2XP0XkjwRhBQfYIwgETVlDgGl4EuLU_Q121m_Zi2JYAYgONEpWnl3cE9ktrimcS7Nm5eB2ZVPxVRCi6U0Z921v_GDpQ2f-wEtLo_jPzz_P-a1z3PATQbZHOKBV8PjHhqZtKgPgNp81AWyHS4sBUFMsQ",
"use": "sig"
}
]
}
1.866195 ------------ AuthorizationRequest ------------
1.866942 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?scope=openid&state=nYnxdZRE6Y7Mc9tv&response_type=code&client_id=__c&request_uri=https%3A%2F%2Fop.certification.openid.net%3A60211%2Fexport%2FKtfbXFyX9F.jwt
1.866950 --> BODY: None
2.881531 <-- error=request_uri_not_supported&state=nYnxdZRE6Y7Mc9tv&error_description=processing+of+the+request_uri+parameter+is+unsupported
2.882408 [ERROR] NotAllowedValue:request_uri_not_supported
Result
FAILED
```
More information about the Openid-specs-ab
mailing list