[Openid-specs-ab] Issue #93: getting "[ERROR] str:OP couldn't match preference:request_object_signing_alg" w/ ["none"] (openid/certification)
Brian Campbell
issues-reply at bitbucket.org
Fri Mar 13 22:38:40 UTC 2015
New issue 93: getting "[ERROR] str:OP couldn't match preference:request_object_signing_alg" w/ ["none"]
https://bitbucket.org/openid/certification/issue/93/getting-error-str-op-couldnt-match
Brian Campbell:
All tests are failing now with something like the below.
I'm guessing this is because of the "request_object_signing_alg_values_supported":["none"] that's been added to my https://gold.pinglabs.net/.well-known/openid-configuration, which I did because I started adding request object and uri support to try and pass tests that were failing on that stuff. But I've only added none for now. it's a valid alg. And OP-request_uri-Unsigned and OP-request-Unsigned even use it.
But maybe my guess is wrong...
```
#!text
Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'static'}
Test description: Authorization request missing the response_type parameter [Basic, Implicit, Hybrid]
Test ID: OP-Response-Missing
Issuer: https://gold.pinglabs.net
Test output
[-]
status: ERROR
info: OP couldn't match preference:request_object_signing_alg
Trace output
0.000288 ------------ DiscoveryRequest ------------
0.000301 Provider info discover from 'https://gold.pinglabs.net/'
0.000307 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.306304 ProviderConfigurationResponse: {
"authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"claims_supported": [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"picture",
"preferred_username",
"profile",
"sub",
"website",
"zoneinfo"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"issuer": "https://gold.pinglabs.net",
"jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
"ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
"ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
"request_object_signing_alg_values_supported": [
"none"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"fragment",
"query",
"form_post"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
"scopes_supported": [
"product",
"phone",
"pingone-native-application",
"address",
"email",
"admin",
"edit",
"openid",
"profile"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
"version": "3.0"
}
0.307641 [ERROR] str:OP couldn't match preference:request_object_signing_alg
Result
PARTIAL RESULT
```
More information about the Openid-specs-ab
mailing list