[Openid-specs-ab] Issue #131: "Can rollover OP signing key [Config, Dynamic] (OP-Rollover-OP-Sig)" now fails when no JWKS change but should be WARNING (openid/certification)
Roland Hedberg
roland.hedberg at umu.se
Fri Mar 27 07:32:07 UTC 2015
Fixed!
The code on op.certification.openid.net is updated and the test tool instances are restarted.
> 27 mar 2015 kl. 00:37 skrev Brian Campbell <issues-reply at bitbucket.org>:
>
> New issue 131: "Can rollover OP signing key [Config, Dynamic] (OP-Rollover-OP-Sig)" now fails when no JWKS change but should be WARNING
> https://bitbucket.org/openid/certification/issue/131/can-rollover-op-signing-key-config-dynamic
>
> Brian Campbell:
>
> The change to address #128 seems to have gone a touch too far. When there's no change in the JWKS, the test is now reporting a FAILED. I was under the impression that that should be a WARNING.
>
> Test info below from https://op.certification.openid.net:60050
> ```
> #!text
>
>
> Test info
> Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'dynamic'}
> Timestamp: 2015-03-26T23:20:32Z
> Test description: Can rotate OP signing keys [Dynamic]
> Test ID: OP-Rotation-OP-Sig
> Issuer: https://gold.pinglabs.net
> Test output
>
>
> __After completing the test flow:__
> [check-http-response]
> status: OK
> description: Checks that the HTTP response status is within the 200 or 300 range
> [new-signing-keys]
> status: ERROR
> description: Verifies that two set of signing keys are not the same
> __X:==== END ====__
>
> Trace output
>
>
> 0.000311 ------------ DiscoveryRequest ------------
> 0.000323 Provider info discover from 'https://gold.pinglabs.net'
> 0.000329 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
> 0.281867 ProviderConfigurationResponse: {
> "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
> "claim_types_supported": [
> "normal"
> ],
> "claims_parameter_supported": false,
> "claims_supported": [
> "address",
> "birthdate",
> "email",
> "email_verified",
> "family_name",
> "gender",
> "given_name",
> "locale",
> "middle_name",
> "name",
> "nickname",
> "phone_number",
> "phone_number_verified",
> "picture",
> "preferred_username",
> "profile",
> "sub",
> "updated_at",
> "website",
> "zoneinfo"
> ],
> "grant_types_supported": [
> "authorization_code",
> "implicit"
> ],
> "id_token_signing_alg_values_supported": [
> "none",
> "HS256",
> "HS384",
> "HS512",
> "RS256",
> "RS384",
> "RS512",
> "ES256",
> "ES384",
> "ES512"
> ],
> "issuer": "https://gold.pinglabs.net",
> "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
> "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
> "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
> "registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
> "request_object_signing_alg_values_supported": [
> "none",
> "HS256",
> "HS384",
> "HS512",
> "RS256",
> "RS384",
> "RS512",
> "ES256",
> "ES384",
> "ES512"
> ],
> "request_parameter_supported": true,
> "request_uri_parameter_supported": true,
> "require_request_uri_registration": true,
> "response_modes_supported": [
> "fragment",
> "query",
> "form_post"
> ],
> "response_types_supported": [
> "code",
> "token",
> "id_token",
> "code token",
> "code id_token",
> "token id_token",
> "code token id_token"
> ],
> "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
> "scopes_supported": [
> "product",
> "phone",
> "pingone-native-application",
> "email",
> "address",
> "admin",
> "edit",
> "openid",
> "profile"
> ],
> "subject_types_supported": [
> "public"
> ],
> "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
> "token_endpoint_auth_methods_supported": [
> "client_secret_basic",
> "client_secret_post",
> "none",
> "client_secret_jwt",
> "private_key_jwt"
> ],
> "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
> "version": "3.0"
> }
> 0.579723 JWKS: {
> "keys": [
> {
> "crv": "P-521",
> "kid": "93xyw",
> "kty": "EC",
> "use": "sig",
> "x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
> "y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
> },
> {
> "crv": "P-384",
> "kid": "93xyv",
> "kty": "EC",
> "use": "sig",
> "x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
> "y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
> },
> {
> "crv": "P-256",
> "kid": "93xyu",
> "kty": "EC",
> "use": "sig",
> "x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
> "y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
> },
> {
> "e": "AQAB",
> "kid": "93xyt",
> "kty": "RSA",
> "n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
> "use": "sig"
> },
> {
> "crv": "P-521",
> "kid": "93xys",
> "kty": "EC",
> "use": "sig",
> "x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
> "y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
> },
> {
> "crv": "P-384",
> "kid": "93xyr",
> "kty": "EC",
> "use": "sig",
> "x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
> "y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
> },
> {
> "crv": "P-256",
> "kid": "93xyq",
> "kty": "EC",
> "use": "sig",
> "x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
> "y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
> },
> {
> "e": "AQAB",
> "kid": "93xyp",
> "kty": "RSA",
> "n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
> "use": "sig"
> }
> ]
> }
> 2.922419 ------------ DiscoveryRequest ------------
> 2.922436 Provider info discover from 'https://gold.pinglabs.net'
> 2.922442 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
> 3.205350 ProviderConfigurationResponse: {
> "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
> "claim_types_supported": [
> "normal"
> ],
> "claims_parameter_supported": false,
> "claims_supported": [
> "address",
> "birthdate",
> "email",
> "email_verified",
> "family_name",
> "gender",
> "given_name",
> "locale",
> "middle_name",
> "name",
> "nickname",
> "phone_number",
> "phone_number_verified",
> "picture",
> "preferred_username",
> "profile",
> "sub",
> "updated_at",
> "website",
> "zoneinfo"
> ],
> "grant_types_supported": [
> "authorization_code",
> "implicit"
> ],
> "id_token_signing_alg_values_supported": [
> "none",
> "HS256",
> "HS384",
> "HS512",
> "RS256",
> "RS384",
> "RS512",
> "ES256",
> "ES384",
> "ES512"
> ],
> "issuer": "https://gold.pinglabs.net",
> "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
> "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
> "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
> "registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
> "request_object_signing_alg_values_supported": [
> "none",
> "HS256",
> "HS384",
> "HS512",
> "RS256",
> "RS384",
> "RS512",
> "ES256",
> "ES384",
> "ES512"
> ],
> "request_parameter_supported": true,
> "request_uri_parameter_supported": true,
> "require_request_uri_registration": true,
> "response_modes_supported": [
> "fragment",
> "query",
> "form_post"
> ],
> "response_types_supported": [
> "code",
> "token",
> "id_token",
> "code token",
> "code id_token",
> "token id_token",
> "code token id_token"
> ],
> "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
> "scopes_supported": [
> "product",
> "phone",
> "pingone-native-application",
> "email",
> "address",
> "admin",
> "edit",
> "openid",
> "profile"
> ],
> "subject_types_supported": [
> "public"
> ],
> "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
> "token_endpoint_auth_methods_supported": [
> "client_secret_basic",
> "client_secret_post",
> "none",
> "client_secret_jwt",
> "private_key_jwt"
> ],
> "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
> "version": "3.0"
> }
> 3.461731 JWKS: {
> "keys": [
> {
> "crv": "P-521",
> "kid": "93xyw",
> "kty": "EC",
> "use": "sig",
> "x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
> "y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
> },
> {
> "crv": "P-384",
> "kid": "93xyv",
> "kty": "EC",
> "use": "sig",
> "x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
> "y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
> },
> {
> "crv": "P-256",
> "kid": "93xyu",
> "kty": "EC",
> "use": "sig",
> "x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
> "y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
> },
> {
> "e": "AQAB",
> "kid": "93xyt",
> "kty": "RSA",
> "n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
> "use": "sig"
> },
> {
> "crv": "P-521",
> "kid": "93xys",
> "kty": "EC",
> "use": "sig",
> "x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
> "y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
> },
> {
> "crv": "P-384",
> "kid": "93xyr",
> "kty": "EC",
> "use": "sig",
> "x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
> "y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
> },
> {
> "crv": "P-256",
> "kid": "93xyq",
> "kty": "EC",
> "use": "sig",
> "x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
> "y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
> },
> {
> "e": "AQAB",
> "kid": "93xyp",
> "kty": "RSA",
> "n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
> "use": "sig"
> }
> ]
> }
> 3.724098 JWKS: {
> "keys": [
> {
> "crv": "P-521",
> "kid": "93xyw",
> "kty": "EC",
> "use": "sig",
> "x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
> "y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
> },
> {
> "crv": "P-384",
> "kid": "93xyv",
> "kty": "EC",
> "use": "sig",
> "x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
> "y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
> },
> {
> "crv": "P-256",
> "kid": "93xyu",
> "kty": "EC",
> "use": "sig",
> "x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
> "y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
> },
> {
> "e": "AQAB",
> "kid": "93xyt",
> "kty": "RSA",
> "n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
> "use": "sig"
> },
> {
> "crv": "P-521",
> "kid": "93xys",
> "kty": "EC",
> "use": "sig",
> "x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
> "y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
> },
> {
> "crv": "P-384",
> "kid": "93xyr",
> "kty": "EC",
> "use": "sig",
> "x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
> "y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
> },
> {
> "crv": "P-256",
> "kid": "93xyq",
> "kty": "EC",
> "use": "sig",
> "x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
> "y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
> },
> {
> "e": "AQAB",
> "kid": "93xyp",
> "kty": "RSA",
> "n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
> "use": "sig"
> }
> ]
> }
> 4.016197 ==== END ====
>
> Result
> FAILED
>
> ```
>
>
>
> FWIW, a change in keys does give a pass.
> ```
> #!text
>
>
> Test info
> Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'dynamic'}
> Timestamp: 2015-03-26T23:16:26Z
> Test description: Can rotate OP signing keys [Dynamic]
> Test ID: OP-Rotation-OP-Sig
> Issuer: https://gold.pinglabs.net
> Test output
>
>
> __After completing the test flow:__
> [check-http-response]
> status: OK
> description: Checks that the HTTP response status is within the 200 or 300 range
> [new-signing-keys]
> status: OK
> description: Verifies that two set of signing keys are not the same
> __X:==== END ====__
>
> Trace output
>
>
> 0.000305 ------------ DiscoveryRequest ------------
> 0.000317 Provider info discover from 'https://gold.pinglabs.net'
> 0.000323 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
> 0.302242 ProviderConfigurationResponse: {
> "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
> "claim_types_supported": [
> "normal"
> ],
> "claims_parameter_supported": false,
> "claims_supported": [
> "address",
> "birthdate",
> "email",
> "email_verified",
> "family_name",
> "gender",
> "given_name",
> "locale",
> "middle_name",
> "name",
> "nickname",
> "phone_number",
> "phone_number_verified",
> "picture",
> "preferred_username",
> "profile",
> "sub",
> "updated_at",
> "website",
> "zoneinfo"
> ],
> "grant_types_supported": [
> "authorization_code",
> "implicit"
> ],
> "id_token_signing_alg_values_supported": [
> "none",
> "HS256",
> "HS384",
> "HS512",
> "RS256",
> "RS384",
> "RS512",
> "ES256",
> "ES384",
> "ES512"
> ],
> "issuer": "https://gold.pinglabs.net",
> "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
> "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
> "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
> "registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
> "request_object_signing_alg_values_supported": [
> "none",
> "HS256",
> "HS384",
> "HS512",
> "RS256",
> "RS384",
> "RS512",
> "ES256",
> "ES384",
> "ES512"
> ],
> "request_parameter_supported": true,
> "request_uri_parameter_supported": true,
> "require_request_uri_registration": true,
> "response_modes_supported": [
> "fragment",
> "query",
> "form_post"
> ],
> "response_types_supported": [
> "code",
> "token",
> "id_token",
> "code token",
> "code id_token",
> "token id_token",
> "code token id_token"
> ],
> "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
> "scopes_supported": [
> "product",
> "phone",
> "pingone-native-application",
> "email",
> "address",
> "admin",
> "edit",
> "openid",
> "profile"
> ],
> "subject_types_supported": [
> "public"
> ],
> "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
> "token_endpoint_auth_methods_supported": [
> "client_secret_basic",
> "client_secret_post",
> "none",
> "client_secret_jwt",
> "private_key_jwt"
> ],
> "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
> "version": "3.0"
> }
> 0.627696 JWKS: {
> "keys": [
> {
> "crv": "P-521",
> "kid": "ze5p7",
> "kty": "EC",
> "use": "sig",
> "x": "AMoOUiZgFipI6dvJSR-7WFdEiP2Kv9KVJDRdwKb6j-5utSCri_NE4BZrSBnFs9ONH1YUTxfBpVFOfMazgixnkpfV",
> "y": "AScHRVYRGQqtlXnmzSLmFhCggdKzrZnu0owM7ZHFKtiSLNQ_kddDtBQ1Umq2ycJ0waStjVV6FgDTzSMT4hegEdnb"
> },
> {
> "crv": "P-384",
> "kid": "ze5p6",
> "kty": "EC",
> "use": "sig",
> "x": "fJb6IP_nSm4A9meQtOtcTr5nXjdEROGmBW0UtU10GWvnh1yF8LNxf6Belk7F3Zar",
> "y": "F9d5eQ8_9xJ2b5Qw9D6BdfSaaArVfzmhUunfZupyZpmVGG7wGWl0Z2pIBDImrAss"
> },
> {
> "crv": "P-256",
> "kid": "ze5p5",
> "kty": "EC",
> "use": "sig",
> "x": "opCcGbfUNd0TXDB5iBcgI_DkVyHawukPqo0UoUdB6v4",
> "y": "dph3KP6_wxnXXWYoCzqXk7zc6WC6ERCmNJY9CDHLIJQ"
> },
> {
> "e": "AQAB",
> "kid": "ze5p4",
> "kty": "RSA",
> "n": "gEbVKe0SEAXatFZaL9i2g1Ao6oyhTygkG-FeXjHjpowi_2COJgsYRn_SvmUuT1cberyQPlRM0VzmQ_d2ZGNwp7XpMH1gYSSWdgpYjfXrR-hKZocd7LrFyS254KNwEAPig2S-dFo_ApuffDdf53u8lAGxFUfb19_Ti2d7_VZ8lfnL3G63mupk31RayHyP1jrrvojYK76iWdEIJL11RAbpwhR7E2NinxG1hRqW_ilzfwn7NfUznAWV4eanzbjnut14-wioxIaoEYMheenJ0Ze70RdTC5pyiZ_dmv8SX5tTg3bMvEjecPP9x3NGTPONV4GHyOIsAvddxJ-HobN0NJlS9w",
> "use": "sig"
> },
> {
> "crv": "P-521",
> "kid": "ze5p3",
> "kty": "EC",
> "use": "sig",
> "x": "AXIgtVHJrGF0_ioZNbZS5piEMpp_Yb2az9v10sw1BxvDG0cKzW-54mgB37KuPVPyYD2vXw2-4oUXycx5eIJypyN3",
> "y": "AOvGjUi07kuRyo5sIp6OJnUsoT9IiGBQBUQncEMXrJLj40XkQziRuDGX6eSYiKxh7Hac2Bat8YxE3Wh2LQdoYUB0"
> },
> {
> "crv": "P-384",
> "kid": "ze5p2",
> "kty": "EC",
> "use": "sig",
> "x": "DTxGZwi0q17q0JPMng1Ls-2e7nXNMPMgAQea0ScEJ3yPZ3kUzgMYgSzFGQXxhc2x",
> "y": "0pqQlt8VzMMLx-i7GW3ZYiXKNckG9wSYX0PhRzoeAMMkmdDem-G0q0BCDBeJy-4r"
> },
> {
> "crv": "P-256",
> "kid": "ze5p1",
> "kty": "EC",
> "use": "sig",
> "x": "SS6OvvBmxjnyDwbFu3AxJzihONmprGWUpO7D6CHWHN0",
> "y": "ZdO-Hl72Pynty2Q6Opyp6e80kBfsJvxoQYTz4csGE-8"
> },
> {
> "e": "AQAB",
> "kid": "ze5p0",
> "kty": "RSA",
> "n": "jRsHRlcagNoVjriUThbJIG-PzMaXw3_sY_oa737Wuu4kn220c43MIv8vcojhPfPuPfd6v17DdxGhbaMbScIWvmJUF0zS_TFpEkYZMH6TF8PhTnNcSoZaXqbUDlJBSRpiO_iT5YKbkQ_8scMZQ4vBNPE5s2bQQgGqnWFWq6URFP9idMBhIwZ7y9t1SZlsoUc62z4-TGyJKRb8O37RbLm-4OshkjmvOY-xkrYMyVsJHkOdZ2JxXOsl3-QzFCfKfUGcSBzeSZgi5D2QsVQdxKKv7o4YQbrmjy6IQ8zmKtgpMo3__mUBVfUgxfZjJhm0_MNDBovnUzEQtLd7KGI_yFRpvw",
> "use": "sig"
> },
> {
> "crv": "P-521",
> "kid": "ze5oz",
> "kty": "EC",
> "use": "sig",
> "x": "AKRsVS4ejxqq7kgFogEfIN09DT-I2cQELwoa0H6PmKpVF0FCm7iEC4s9WT6AP6RrBn3cXUIBTtCQPIOpLs0fNCZo",
> "y": "AWVixRQY0BllWVARzgbYxHMqAFpPVBdT7OmYv_4XrjJoJDqWCxbIDspuYtE-jzQ3h--TkHM1_XqOKsE7x35aGdD8"
> },
> {
> "crv": "P-384",
> "kid": "ze5oy",
> "kty": "EC",
> "use": "sig",
> "x": "qGW6qG9I5ZjLS-OjcDt7YKcW31udHPfWh8u2STKRiulGFdro0ntGRfgxDUGlxQEz",
> "y": "tbYil8deDGvNjtFskwXTY1UislNpAGVg0mhufFCBd7H-c0LopF_4nJselUX1TI0P"
> },
> {
> "crv": "P-256",
> "kid": "ze5ox",
> "kty": "EC",
> "use": "sig",
> "x": "cpIuqjYIuoqQ82MKbPnEerkd3zZTBeoAy5VfroVNuBA",
> "y": "LoniR_R5XFvlkPxeZizQj6MQS2o5FJJPtLAjIFzeEVQ"
> },
> {
> "e": "AQAB",
> "kid": "ze5ow",
> "kty": "RSA",
> "n": "h_gag4LEVEoDQt69JfFci108-X9V1ywh9U4ifL98tKpVpeLiJUIfRcQIlf6B_LLfytw40aSpH8Q62VHORCahUPMk1DzttMezrnazkoTtKWWoKSbSv_-oPwepo6IekLzJwh2Cji38uS_MzklomRfVEnLPrUMtpCJOxlHdODgjcr3MyHo87zcQAvbb7ZSHVfkHbrdh7biMJMjsdNMIps9vGdlzIP1Mn4bkw1hevdQw6znhOwSdxEVfTxxtjNxiJW-eoMHGWOdlm9BS4ZVy6xL9YvyjsKXe8bFJYq_cTYvW0463PCFkSr0zmACwz4yLmvVX7QPujnxouSOBKiHlPei-uQ",
> "use": "sig"
> }
> ]
> }
> 64.275099 ------------ DiscoveryRequest ------------
> 64.275113 Provider info discover from 'https://gold.pinglabs.net'
> 64.275120 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
> 65.227276 ProviderConfigurationResponse: {
> "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
> "claim_types_supported": [
> "normal"
> ],
> "claims_parameter_supported": false,
> "claims_supported": [
> "address",
> "birthdate",
> "email",
> "email_verified",
> "family_name",
> "gender",
> "given_name",
> "locale",
> "middle_name",
> "name",
> "nickname",
> "phone_number",
> "phone_number_verified",
> "picture",
> "preferred_username",
> "profile",
> "sub",
> "updated_at",
> "website",
> "zoneinfo"
> ],
> "grant_types_supported": [
> "authorization_code",
> "implicit"
> ],
> "id_token_signing_alg_values_supported": [
> "none",
> "HS256",
> "HS384",
> "HS512",
> "RS256",
> "RS384",
> "RS512",
> "ES256",
> "ES384",
> "ES512"
> ],
> "issuer": "https://gold.pinglabs.net",
> "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
> "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
> "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
> "registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
> "request_object_signing_alg_values_supported": [
> "none",
> "HS256",
> "HS384",
> "HS512",
> "RS256",
> "RS384",
> "RS512",
> "ES256",
> "ES384",
> "ES512"
> ],
> "request_parameter_supported": true,
> "request_uri_parameter_supported": true,
> "require_request_uri_registration": true,
> "response_modes_supported": [
> "fragment",
> "query",
> "form_post"
> ],
> "response_types_supported": [
> "code",
> "token",
> "id_token",
> "code token",
> "code id_token",
> "token id_token",
> "code token id_token"
> ],
> "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
> "scopes_supported": [
> "product",
> "phone",
> "pingone-native-application",
> "email",
> "address",
> "admin",
> "edit",
> "openid",
> "profile"
> ],
> "subject_types_supported": [
> "public"
> ],
> "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
> "token_endpoint_auth_methods_supported": [
> "client_secret_basic",
> "client_secret_post",
> "none",
> "client_secret_jwt",
> "private_key_jwt"
> ],
> "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
> "version": "3.0"
> }
> 65.492497 JWKS: {
> "keys": [
> {
> "crv": "P-521",
> "kid": "93xyw",
> "kty": "EC",
> "use": "sig",
> "x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
> "y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
> },
> {
> "crv": "P-384",
> "kid": "93xyv",
> "kty": "EC",
> "use": "sig",
> "x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
> "y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
> },
> {
> "crv": "P-256",
> "kid": "93xyu",
> "kty": "EC",
> "use": "sig",
> "x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
> "y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
> },
> {
> "e": "AQAB",
> "kid": "93xyt",
> "kty": "RSA",
> "n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
> "use": "sig"
> },
> {
> "crv": "P-521",
> "kid": "93xys",
> "kty": "EC",
> "use": "sig",
> "x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
> "y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
> },
> {
> "crv": "P-384",
> "kid": "93xyr",
> "kty": "EC",
> "use": "sig",
> "x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
> "y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
> },
> {
> "crv": "P-256",
> "kid": "93xyq",
> "kty": "EC",
> "use": "sig",
> "x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
> "y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
> },
> {
> "e": "AQAB",
> "kid": "93xyp",
> "kty": "RSA",
> "n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
> "use": "sig"
> }
> ]
> }
> 65.751702 JWKS: {
> "keys": [
> {
> "crv": "P-521",
> "kid": "93xyw",
> "kty": "EC",
> "use": "sig",
> "x": "AYgVYJ2NyZmUyykYqCr1DXW_pP2IqMW7flgbyn_HiwfRiEHy7LYD1U2A_ZdCtrRV8OWJ0b0pNlhxFcxID9l_6-Nc",
> "y": "AP1NLHCg2BQpFQ9n7jAq5HX5ealwYeLr0sspHBLy8wGFPKKrq1Nt9v0DZW0xsNlMCTke56sgj0gu3udc72rclSPB"
> },
> {
> "crv": "P-384",
> "kid": "93xyv",
> "kty": "EC",
> "use": "sig",
> "x": "N4awXVSQLd-LaIsm1CMq9h8fx4uztpnIJB-UsmavlbPkLX6JLF_MuzLHhhoiNMWy",
> "y": "JJzhxROASS9qEQvN9Dwpv-D7oEfPCS4QpvAPvB-FB66WO1Gzisi77Ub9yvSGvqm0"
> },
> {
> "crv": "P-256",
> "kid": "93xyu",
> "kty": "EC",
> "use": "sig",
> "x": "XUx5lePchMs3O5Vp2oRXaI_aFIHxZb7PZePVH_Z4WCE",
> "y": "Lmk_jpSAi32aaGBX1unicKLDDAam1sxB2qnCCdszCYE"
> },
> {
> "e": "AQAB",
> "kid": "93xyt",
> "kty": "RSA",
> "n": "gMUdN7DFujEFMVF86jXMuPdHcUb2Se2jD-8H7JpejGJGWpMUMDF7qhdJCeoAoUGOIuv-wCv_ybC8dHvK_4ObQLkkKnea8axmJD4Y9L1LbgmBUyxtiURwKP3DvIBbE2eZDon5-F6f6FKuznA-_6MJrIl_rzmXNHqJdPVf7PAQj_-wwKhS6H6h-Q349xrS8gJuA_jG4c6OIVo6aND4W_DECFxNwdNKiPwKQDOKDV8dq_z4M24Pcl_InpynSASwv2boM8omkNzbM7s_7Bf0NV-_nYgOvafZZipuWabuwe2sWdpdfT3ZKjr6XC8GlmH1GmUasfN75BrzHPhYlfAwBY24kw",
> "use": "sig"
> },
> {
> "crv": "P-521",
> "kid": "93xys",
> "kty": "EC",
> "use": "sig",
> "x": "AX31Pl52T7LVxp3mRQg17cxpCkmVOYxqGTkRUnFiRjRo81WDYt3zOTEGg6Xj_coOgKdMeTFYK_mGfcJeGVwgZqCV",
> "y": "ABJByTfRDCVcWMZ8a55BWgKEeZQZGxmv5huEkg7q3r17ewYsfDRRFjpyVLJ4O0Th3HSvN0LHwjS1AkIxEwc2vtCh"
> },
> {
> "crv": "P-384",
> "kid": "93xyr",
> "kty": "EC",
> "use": "sig",
> "x": "y4f8I9Oz57fGQOZhA93R23rbhvl_SwUdvVM6jsWF9iYNG6tu4ylKmM56QSI_iEqr",
> "y": "cZ2emKVvO9QijlzEs6CplnScLzKajkgXOnQW9cQbHDLrxzdnNDvEG9md53XXT-gF"
> },
> {
> "crv": "P-256",
> "kid": "93xyq",
> "kty": "EC",
> "use": "sig",
> "x": "B7Bt-xO4YjrnRshy0knPs5iQbtIW1p-WZc7A1sLypvU",
> "y": "zQSDa0hsGssm72R2KdWYZ-UUyYZkAZleD67vBMNUSSA"
> },
> {
> "e": "AQAB",
> "kid": "93xyp",
> "kty": "RSA",
> "n": "hE3g78jX-RptVWin0j9TQAY3Pld7hIx81esjhJtSGK6r5cZskbQPnxUFl-IWr-6BsS9vnHLnwwDisDU655fKyd6W9nwl1Cx76abJNA7iQtEpX4c3Mgls_mC0NtfWJD2KVRRlrpDYCuvLKNq4uI47Bp1al4mQsvC9tN3n7Eab1B1gnn7O7mpq_M5VctCoBgsdr6rcmIw9_oHAvaQFjWONY1SMQPCsMIEx9-Ubo9sUx1thnAXskr1BYPCzSXSoIw-Lp-HSdpK_C0qSqfuRBOxSCfDPhli6hIu4fRsI7YaSKx8negn757oQw_XZL_AIlks8evokX9_TvpnbDJ-em9qGIw",
> "use": "sig"
> }
> ]
> }
> 66.041907 ==== END ====
>
> Result
> PASSED
>
> ```
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
- Roland
"It is the consequence of humanity. We are all formed of frailty and error; let us pardon reciprocally each others’ folly - that is the first law of nature.” - Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150327/a8d2def8/attachment.asc>
More information about the Openid-specs-ab
mailing list