[Openid-specs-ab] OP logout tests: OP-Session-RpInitLogout

[Vladimir Dzhuvinov]

First, our thanks to everyone for the new logout cert tests. It took us
an hour to setup a server and run them, so if there are people still
wondering whether to give them a try, there are 13 tests in total and it
takes little time to cycle through them.

I have a question about OP-Session-RpInitLogout - the last one from the
suite ("Uses RP initiated logout to end a Session at the OP. The RP uses
session management to register the session state change").

What does this test actually do? After the IdP login screen the browser
is directed to a page on the cert domain

> https://op.certification.openid.net:60533/authz_cb?code=-3YoTPwuXenTtrGbcbrdbw.Wx3k3trWIeht9FYf6hPIAg&state=JQfN9tCIGgz5ErBp&session_state=-D8nmOMzRg4EYddgM3xSZ14HRoYdhUZp9OEiaLUZF5s.lHXF6TaaBVCWL_-jaVQX_A

which displays the following message

> Session verification
>
> Checking that the session hasn't changed!

There was no further progress or redirection.

Going back to the test list displays the test icon as "The test has not
been run yet" and there is no test information / debugging info to check
what might have gone wrong.

Thanks,

Vladimir



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4007 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20191128/9cf6667d/attachment.p7s>