[Openid-specs-ab] Issue #93: getting "[ERROR] str:OP couldn't match preference:request_object_signing_alg" w/ ["none"] (openid/certification)

Brian Campbell issues-reply at bitbucket.org
Fri Mar 13 22:38:40 UTC 2015


New issue 93: getting "[ERROR] str:OP couldn't match preference:request_object_signing_alg" w/ ["none"]
https://bitbucket.org/openid/certification/issue/93/getting-error-str-op-couldnt-match

Brian Campbell:

All tests are failing now with something like the below. 

I'm guessing this is because of the "request_object_signing_alg_values_supported":["none"] that's been added to my https://gold.pinglabs.net/.well-known/openid-configuration, which I did because I started adding request object and uri support to try and pass tests that were failing on that stuff. But I've only added none for now. it's a valid alg. And OP-request_uri-Unsigned and OP-request-Unsigned even use it.

But maybe my guess is wrong...

```
#!text


Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'static'}
Test description: Authorization request missing the response_type parameter [Basic, Implicit, Hybrid]
Test ID: OP-Response-Missing
Issuer: https://gold.pinglabs.net
Test output


[-]
	status: ERROR
	info: OP couldn't match preference:request_object_signing_alg

Trace output


0.000288 ------------ DiscoveryRequest ------------
0.000301 Provider info discover from 'https://gold.pinglabs.net/'
0.000307 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.306304 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "claims_supported": [
    "address",
    "birthdate",
    "email",
    "email_verified",
    "family_name",
    "gender",
    "given_name",
    "locale",
    "middle_name",
    "name",
    "nickname",
    "phone_number",
    "picture",
    "preferred_username",
    "profile",
    "sub",
    "website",
    "zoneinfo"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512"
  ],
  "issuer": "https://gold.pinglabs.net",
  "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
  "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
  "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
  "request_object_signing_alg_values_supported": [
    "none"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "response_modes_supported": [
    "fragment",
    "query",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token"
  ],
  "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
  "scopes_supported": [
    "product",
    "phone",
    "pingone-native-application",
    "address",
    "email",
    "admin",
    "edit",
    "openid",
    "profile"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
  "version": "3.0"
}
0.307641 [ERROR] str:OP couldn't match preference:request_object_signing_alg

Result
PARTIAL RESULT

```





More information about the Openid-specs-ab mailing list