[Openid-specs-ab] Issue #131: "Can rollover OP signing key [Config, Dynamic] (OP-Rollover-OP-Sig)" now fails when no JWKS change but should be WARNING (openid/certification)
Brian Campbell
issues-reply at bitbucket.org
Thu Mar 26 23:37:03 UTC 2015
New issue 131: "Can rollover OP signing key [Config, Dynamic] (OP-Rollover-OP-Sig)" now fails when no JWKS change but should be WARNING
https://bitbucket.org/openid/certification/issue/131/can-rollover-op-signing-key-config-dynamic
Brian Campbell:
The change to address #128 seems to have gone a touch too far. When there's no change in the JWKS, the test is now reporting a FAILED. I was under the impression that that should be a WARNING.
Test info below from https://op.certification.openid.net:60050
```
#!text
Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'dynamic'}
Timestamp: 2015-03-26T23:20:32Z
Test description: Can rotate OP signing keys [Dynamic]
Test ID: OP-Rotation-OP-Sig
Issuer: https://gold.pinglabs.net
Test output
__After completing the test flow:__
[check-http-response]
status: OK
description: Checks that the HTTP response status is within the 200 or 300 range
[new-signing-keys]
status: ERROR
description: Verifies that two set of signing keys are not the same
__X:==== END ====__
Trace output
0.000311 ------------ DiscoveryRequest ------------
0.000323 Provider info discover from 'https://gold.pinglabs.net'
0.000329 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.281867 ProviderConfigurationResponse: {
"authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"claims_supported": [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"phone_number_verified",
"picture",
"preferred_username",
"profile",
"sub",
"updated_at",
"website",
"zoneinfo"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"issuer": "https://gold.pinglabs.net",
"jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
"ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
"ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
"registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
"request_object_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"fragment",
"query",
"form_post"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
"scopes_supported": [
"product",
"phone",
"pingone-native-application",
"email",
"address",
"admin",
"edit",
"openid",
"profile"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"none",
"client_secret_jwt",
"private_key_jwt"
],
"userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
"version": "3.0"
}
0.579723 JWKS: {
"keys": [
{
"crv": "P-521",
"kid": "93xyw",
"kty": "EC",
"use": "sig",
"x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
"y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
},
{
"crv": "P-384",
"kid": "93xyv",
"kty": "EC",
"use": "sig",
"x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
"y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
},
{
"crv": "P-256",
"kid": "93xyu",
"kty": "EC",
"use": "sig",
"x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
"y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
},
{
"e": "AQAB",
"kid": "93xyt",
"kty": "RSA",
"n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
"use": "sig"
},
{
"crv": "P-521",
"kid": "93xys",
"kty": "EC",
"use": "sig",
"x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
"y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
},
{
"crv": "P-384",
"kid": "93xyr",
"kty": "EC",
"use": "sig",
"x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
"y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
},
{
"crv": "P-256",
"kid": "93xyq",
"kty": "EC",
"use": "sig",
"x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
"y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
},
{
"e": "AQAB",
"kid": "93xyp",
"kty": "RSA",
"n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
"use": "sig"
}
]
}
2.922419 ------------ DiscoveryRequest ------------
2.922436 Provider info discover from 'https://gold.pinglabs.net'
2.922442 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
3.205350 ProviderConfigurationResponse: {
"authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"claims_supported": [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"phone_number_verified",
"picture",
"preferred_username",
"profile",
"sub",
"updated_at",
"website",
"zoneinfo"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"issuer": "https://gold.pinglabs.net",
"jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
"ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
"ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
"registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
"request_object_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"fragment",
"query",
"form_post"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
"scopes_supported": [
"product",
"phone",
"pingone-native-application",
"email",
"address",
"admin",
"edit",
"openid",
"profile"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"none",
"client_secret_jwt",
"private_key_jwt"
],
"userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
"version": "3.0"
}
3.461731 JWKS: {
"keys": [
{
"crv": "P-521",
"kid": "93xyw",
"kty": "EC",
"use": "sig",
"x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
"y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
},
{
"crv": "P-384",
"kid": "93xyv",
"kty": "EC",
"use": "sig",
"x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
"y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
},
{
"crv": "P-256",
"kid": "93xyu",
"kty": "EC",
"use": "sig",
"x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
"y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
},
{
"e": "AQAB",
"kid": "93xyt",
"kty": "RSA",
"n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
"use": "sig"
},
{
"crv": "P-521",
"kid": "93xys",
"kty": "EC",
"use": "sig",
"x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
"y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
},
{
"crv": "P-384",
"kid": "93xyr",
"kty": "EC",
"use": "sig",
"x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
"y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
},
{
"crv": "P-256",
"kid": "93xyq",
"kty": "EC",
"use": "sig",
"x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
"y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
},
{
"e": "AQAB",
"kid": "93xyp",
"kty": "RSA",
"n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
"use": "sig"
}
]
}
3.724098 JWKS: {
"keys": [
{
"crv": "P-521",
"kid": "93xyw",
"kty": "EC",
"use": "sig",
"x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
"y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
},
{
"crv": "P-384",
"kid": "93xyv",
"kty": "EC",
"use": "sig",
"x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
"y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
},
{
"crv": "P-256",
"kid": "93xyu",
"kty": "EC",
"use": "sig",
"x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
"y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
},
{
"e": "AQAB",
"kid": "93xyt",
"kty": "RSA",
"n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
"use": "sig"
},
{
"crv": "P-521",
"kid": "93xys",
"kty": "EC",
"use": "sig",
"x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
"y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
},
{
"crv": "P-384",
"kid": "93xyr",
"kty": "EC",
"use": "sig",
"x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
"y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
},
{
"crv": "P-256",
"kid": "93xyq",
"kty": "EC",
"use": "sig",
"x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
"y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
},
{
"e": "AQAB",
"kid": "93xyp",
"kty": "RSA",
"n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
"use": "sig"
}
]
}
4.016197 ==== END ====
Result
FAILED
```
FWIW, a change in keys does give a pass.
```
#!text
Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'dynamic'}
Timestamp: 2015-03-26T23:16:26Z
Test description: Can rotate OP signing keys [Dynamic]
Test ID: OP-Rotation-OP-Sig
Issuer: https://gold.pinglabs.net
Test output
__After completing the test flow:__
[check-http-response]
status: OK
description: Checks that the HTTP response status is within the 200 or 300 range
[new-signing-keys]
status: OK
description: Verifies that two set of signing keys are not the same
__X:==== END ====__
Trace output
0.000305 ------------ DiscoveryRequest ------------
0.000317 Provider info discover from 'https://gold.pinglabs.net'
0.000323 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.302242 ProviderConfigurationResponse: {
"authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"claims_supported": [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"phone_number_verified",
"picture",
"preferred_username",
"profile",
"sub",
"updated_at",
"website",
"zoneinfo"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"issuer": "https://gold.pinglabs.net",
"jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
"ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
"ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
"registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
"request_object_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"fragment",
"query",
"form_post"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
"scopes_supported": [
"product",
"phone",
"pingone-native-application",
"email",
"address",
"admin",
"edit",
"openid",
"profile"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"none",
"client_secret_jwt",
"private_key_jwt"
],
"userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
"version": "3.0"
}
0.627696 JWKS: {
"keys": [
{
"crv": "P-521",
"kid": "ze5p7",
"kty": "EC",
"use": "sig",
"x": "AMoOUiZgFipI6dvJSR-7WFdEiP2Kv9KVJDRdwKb6j-5utSCri_NE4BZrSBnFs9ONH1YUTxfBpVFOfMazgixnkpfV",
"y": "AScHRVYRGQqtlXnmzSLmFhCggdKzrZnu0owM7ZHFKtiSLNQ_kddDtBQ1Umq2ycJ0waStjVV6FgDTzSMT4hegEdnb"
},
{
"crv": "P-384",
"kid": "ze5p6",
"kty": "EC",
"use": "sig",
"x": "fJb6IP_nSm4A9meQtOtcTr5nXjdEROGmBW0UtU10GWvnh1yF8LNxf6Belk7F3Zar",
"y": "F9d5eQ8_9xJ2b5Qw9D6BdfSaaArVfzmhUunfZupyZpmVGG7wGWl0Z2pIBDImrAss"
},
{
"crv": "P-256",
"kid": "ze5p5",
"kty": "EC",
"use": "sig",
"x": "opCcGbfUNd0TXDB5iBcgI_DkVyHawukPqo0UoUdB6v4",
"y": "dph3KP6_wxnXXWYoCzqXk7zc6WC6ERCmNJY9CDHLIJQ"
},
{
"e": "AQAB",
"kid": "ze5p4",
"kty": "RSA",
"n": "gEbVKe0SEAXatFZaL9i2g1Ao6oyhTygkG-FeXjHjpowi_2COJgsYRn_SvmUuT1cberyQPlRM0VzmQ_d2ZGNwp7XpMH1gYSSWdgpYjfXrR-hKZocd7LrFyS254KNwEAPig2S-dFo_ApuffDdf53u8lAGxFUfb19_Ti2d7_VZ8lfnL3G63mupk31RayHyP1jrrvojYK76iWdEIJL11RAbpwhR7E2NinxG1hRqW_ilzfwn7NfUznAWV4eanzbjnut14-wioxIaoEYMheenJ0Ze70RdTC5pyiZ_dmv8SX5tTg3bMvEjecPP9x3NGTPONV4GHyOIsAvddxJ-HobN0NJlS9w",
"use": "sig"
},
{
"crv": "P-521",
"kid": "ze5p3",
"kty": "EC",
"use": "sig",
"x": "AXIgtVHJrGF0_ioZNbZS5piEMpp_Yb2az9v10sw1BxvDG0cKzW-54mgB37KuPVPyYD2vXw2-4oUXycx5eIJypyN3",
"y": "AOvGjUi07kuRyo5sIp6OJnUsoT9IiGBQBUQncEMXrJLj40XkQziRuDGX6eSYiKxh7Hac2Bat8YxE3Wh2LQdoYUB0"
},
{
"crv": "P-384",
"kid": "ze5p2",
"kty": "EC",
"use": "sig",
"x": "DTxGZwi0q17q0JPMng1Ls-2e7nXNMPMgAQea0ScEJ3yPZ3kUzgMYgSzFGQXxhc2x",
"y": "0pqQlt8VzMMLx-i7GW3ZYiXKNckG9wSYX0PhRzoeAMMkmdDem-G0q0BCDBeJy-4r"
},
{
"crv": "P-256",
"kid": "ze5p1",
"kty": "EC",
"use": "sig",
"x": "SS6OvvBmxjnyDwbFu3AxJzihONmprGWUpO7D6CHWHN0",
"y": "ZdO-Hl72Pynty2Q6Opyp6e80kBfsJvxoQYTz4csGE-8"
},
{
"e": "AQAB",
"kid": "ze5p0",
"kty": "RSA",
"n": "jRsHRlcagNoVjriUThbJIG-PzMaXw3_sY_oa737Wuu4kn220c43MIv8vcojhPfPuPfd6v17DdxGhbaMbScIWvmJUF0zS_TFpEkYZMH6TF8PhTnNcSoZaXqbUDlJBSRpiO_iT5YKbkQ_8scMZQ4vBNPE5s2bQQgGqnWFWq6URFP9idMBhIwZ7y9t1SZlsoUc62z4-TGyJKRb8O37RbLm-4OshkjmvOY-xkrYMyVsJHkOdZ2JxXOsl3-QzFCfKfUGcSBzeSZgi5D2QsVQdxKKv7o4YQbrmjy6IQ8zmKtgpMo3__mUBVfUgxfZjJhm0_MNDBovnUzEQtLd7KGI_yFRpvw",
"use": "sig"
},
{
"crv": "P-521",
"kid": "ze5oz",
"kty": "EC",
"use": "sig",
"x": "AKRsVS4ejxqq7kgFogEfIN09DT-I2cQELwoa0H6PmKpVF0FCm7iEC4s9WT6AP6RrBn3cXUIBTtCQPIOpLs0fNCZo",
"y": "AWVixRQY0BllWVARzgbYxHMqAFpPVBdT7OmYv_4XrjJoJDqWCxbIDspuYtE-jzQ3h--TkHM1_XqOKsE7x35aGdD8"
},
{
"crv": "P-384",
"kid": "ze5oy",
"kty": "EC",
"use": "sig",
"x": "qGW6qG9I5ZjLS-OjcDt7YKcW31udHPfWh8u2STKRiulGFdro0ntGRfgxDUGlxQEz",
"y": "tbYil8deDGvNjtFskwXTY1UislNpAGVg0mhufFCBd7H-c0LopF_4nJselUX1TI0P"
},
{
"crv": "P-256",
"kid": "ze5ox",
"kty": "EC",
"use": "sig",
"x": "cpIuqjYIuoqQ82MKbPnEerkd3zZTBeoAy5VfroVNuBA",
"y": "LoniR_R5XFvlkPxeZizQj6MQS2o5FJJPtLAjIFzeEVQ"
},
{
"e": "AQAB",
"kid": "ze5ow",
"kty": "RSA",
"n": "h_gag4LEVEoDQt69JfFci108-X9V1ywh9U4ifL98tKpVpeLiJUIfRcQIlf6B_LLfytw40aSpH8Q62VHORCahUPMk1DzttMezrnazkoTtKWWoKSbSv_-oPwepo6IekLzJwh2Cji38uS_MzklomRfVEnLPrUMtpCJOxlHdODgjcr3MyHo87zcQAvbb7ZSHVfkHbrdh7biMJMjsdNMIps9vGdlzIP1Mn4bkw1hevdQw6znhOwSdxEVfTxxtjNxiJW-eoMHGWOdlm9BS4ZVy6xL9YvyjsKXe8bFJYq_cTYvW0463PCFkSr0zmACwz4yLmvVX7QPujnxouSOBKiHlPei-uQ",
"use": "sig"
}
]
}
64.275099 ------------ DiscoveryRequest ------------
64.275113 Provider info discover from 'https://gold.pinglabs.net'
64.275120 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
65.227276 ProviderConfigurationResponse: {
"authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"claims_supported": [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"phone_number_verified",
"picture",
"preferred_username",
"profile",
"sub",
"updated_at",
"website",
"zoneinfo"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"issuer": "https://gold.pinglabs.net",
"jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
"ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
"ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
"registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
"request_object_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"fragment",
"query",
"form_post"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
"scopes_supported": [
"product",
"phone",
"pingone-native-application",
"email",
"address",
"admin",
"edit",
"openid",
"profile"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"none",
"client_secret_jwt",
"private_key_jwt"
],
"userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
"version": "3.0"
}
65.492497 JWKS: {
"keys": [
{
"crv": "P-521",
"kid": "93xyw",
"kty": "EC",
"use": "sig",
"x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
"y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
},
{
"crv": "P-384",
"kid": "93xyv",
"kty": "EC",
"use": "sig",
"x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
"y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
},
{
"crv": "P-256",
"kid": "93xyu",
"kty": "EC",
"use": "sig",
"x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
"y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
},
{
"e": "AQAB",
"kid": "93xyt",
"kty": "RSA",
"n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
"use": "sig"
},
{
"crv": "P-521",
"kid": "93xys",
"kty": "EC",
"use": "sig",
"x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
"y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
},
{
"crv": "P-384",
"kid": "93xyr",
"kty": "EC",
"use": "sig",
"x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
"y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
},
{
"crv": "P-256",
"kid": "93xyq",
"kty": "EC",
"use": "sig",
"x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
"y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
},
{
"e": "AQAB",
"kid": "93xyp",
"kty": "RSA",
"n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
"use": "sig"
}
]
}
65.751702 JWKS: {
"keys": [
{
"crv": "P-521",
"kid": "93xyw",
"kty": "EC",
"use": "sig",
"x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
"y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
},
{
"crv": "P-384",
"kid": "93xyv",
"kty": "EC",
"use": "sig",
"x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
"y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
},
{
"crv": "P-256",
"kid": "93xyu",
"kty": "EC",
"use": "sig",
"x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
"y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
},
{
"e": "AQAB",
"kid": "93xyt",
"kty": "RSA",
"n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
"use": "sig"
},
{
"crv": "P-521",
"kid": "93xys",
"kty": "EC",
"use": "sig",
"x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
"y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
},
{
"crv": "P-384",
"kid": "93xyr",
"kty": "EC",
"use": "sig",
"x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
"y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
},
{
"crv": "P-256",
"kid": "93xyq",
"kty": "EC",
"use": "sig",
"x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
"y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
},
{
"e": "AQAB",
"kid": "93xyp",
"kty": "RSA",
"n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
"use": "sig"
}
]
}
66.041907 ==== END ====
Result
PASSED
```
More information about the Openid-specs-ab
mailing list