Test Summary

Test Results

Expand All Collapse All
All times are UTC
2022-05-26 12:56:17 INFO
TEST-RUNNER
Test instance lJzzwCW8t1xfDI9 created
baseUrl
https://localhost.emobix.co.uk:8443/test/a/aas-test
variant
{
  "server_metadata": "discovery",
  "client_registration": "static_client"
}
alias
aas-test
description
GAIA-X AAS
planId
vyAZcHAb0KSvi
config
{
  "alias": "aas-test",
  "description": "GAIA-X AAS",
  "publish": "everything",
  "server": {
    "discoveryUrl": "http://78.138.66.128:9009/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "aas-app-oidc",
    "client_secret": "secret"
  },
  "client2": {
    "client_id": "aas-app-siop",
    "client_secret": "secret2"
  }
}
testName
oidcc-discovery-endpoint-verification
2022-05-26 12:56:18
GetDynamicServerConfiguration
HTTP request
request_uri
http://78.138.66.128:9009/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-05-26 12:56:18 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text

                                
response_headers
{
  "x-content-type-options": "nosniff",
  "x-xss-protection": "1; mode\u003dblock",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "pragma": "no-cache",
  "expires": "0",
  "x-frame-options": "DENY",
  "content-type": "application/json",
  "transfer-encoding": "chunked",
  "date": "Thu, 26 May 2022 12:56:18 GMT",
  "keep-alive": "timeout\u003d60",
  "connection": "keep-alive"
}
response_body
{"issuer":"http://78.138.66.128:9009","authorization_endpoint":"http://78.138.66.128:9009/oauth2/authorize","token_endpoint":"http://78.138.66.128:9009/oauth2/token","jwks_uri":"http://78.138.66.128:9009/oauth2/jwks","userinfo_endpoint":"http://78.138.66.128:9009/userinfo","token_endpoint_auth_methods_supported":["client_secret_basic"],"response_types_supported":["code"],"grant_types_supported":["authorization_code"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"scopes_supported":["openid","profile","email","protected"],"userinfo_signing_alg_values_supported":["RS256"],"display_values_supported":["page"],"claims_supported":["auth_time","birthdate","email","email_verified","family_name","gender","given_name","iss","middle_name","name","preferred_username","read_access","sub","updated_at","write_access"],"claims_locales_supported":["en"],"ui_locales_supported":["en","de","fr","ru","sk"]}
2022-05-26 12:56:18 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
issuer
http://78.138.66.128:9009
authorization_endpoint
http://78.138.66.128:9009/oauth2/authorize
token_endpoint
http://78.138.66.128:9009/oauth2/token
jwks_uri
http://78.138.66.128:9009/oauth2/jwks
userinfo_endpoint
http://78.138.66.128:9009/userinfo
token_endpoint_auth_methods_supported
[
  "client_secret_basic"
]
response_types_supported
[
  "code"
]
grant_types_supported
[
  "authorization_code"
]
subject_types_supported
[
  "public"
]
id_token_signing_alg_values_supported
[
  "RS256"
]
scopes_supported
[
  "openid",
  "profile",
  "email",
  "protected"
]
userinfo_signing_alg_values_supported
[
  "RS256"
]
display_values_supported
[
  "page"
]
claims_supported
[
  "auth_time",
  "birthdate",
  "email",
  "email_verified",
  "family_name",
  "gender",
  "given_name",
  "iss",
  "middle_name",
  "name",
  "preferred_username",
  "read_access",
  "sub",
  "updated_at",
  "write_access"
]
claims_locales_supported
[
  "en"
]
ui_locales_supported
[
  "en",
  "de",
  "fr",
  "ru",
  "sk"
]
2022-05-26 12:56:18 SUCCESS
EnsureDiscoveryEndpointResponseStatusCodeIs200
discovery_endpoint_response returned http 200 as expected
http_status
200
2022-05-26 12:56:18 SUCCESS
CheckDiscoveryEndpointReturnedJsonContentType
discovery_endpoint_response Content-Type: header is application/json
2022-05-26 12:56:18
oidcc-discovery-endpoint-verification
Setup Done
2022-05-26 12:56:18 SUCCESS
OIDCCCheckDiscEndpointResponseTypesSupported
Contents of 'response_types_supported' in discovery document matches expectations.
actual
[
  "code"
]
expected
[
  "code",
  "code id_token",
  "id_token",
  "token id_token",
  "code id_token token",
  "code token"
]
minimum_matches_required
1
2022-05-26 12:56:18 FAILURE
CheckDiscEndpointDiscoveryUrl
Expected https protocol for server.discoveryUrl
actual
http
expected
https
2022-05-26 12:56:18 SUCCESS
CheckDiscEndpointIssuer
issuer is consistent with the discovery endpoint
2022-05-26 12:56:18 SUCCESS
OIDCCCheckDiscEndpointSubjectTypesSupported
Contents of 'subject_types_supported' in discovery document matches expectations.
actual
[
  "public"
]
expected
[
  "public",
  "pairwise"
]
minimum_matches_required
1
2022-05-26 12:56:18 SUCCESS
OIDCCCheckDiscEndpointIdTokenSigningAlgValuesSupported
Contents of 'id_token_signing_alg_values_supported' in discovery document matches expectations.
actual
[
  "RS256"
]
expected
[
  "RS256"
]
minimum_matches_required
1
2022-05-26 12:56:18 SUCCESS
OIDCCCheckDiscEndpointUserinfoSigningAlgValuesSupported
Contents of 'userinfo_signing_alg_values_supported' in discovery document matches expectations.
actual
[
  "RS256"
]
expected
[]
minimum_matches_required
0
2022-05-26 12:56:18 FAILURE
CheckDiscEndpointAuthorizationEndpoint
Expected https protocol for authorization_endpoint
actual
http://78.138.66.128:9009/oauth2/authorize
required
https
2022-05-26 12:56:18 FAILURE
CheckDiscEndpointTokenEndpoint
Expected https protocol for token_endpoint
actual
http://78.138.66.128:9009/oauth2/token
required
https
2022-05-26 12:56:18 FAILURE
CheckDiscEndpointUserinfoEndpoint
Expected https protocol for userinfo_endpoint
actual
http://78.138.66.128:9009/userinfo
required
https
2022-05-26 12:56:18 INFO
CheckDiscEndpointRegistrationEndpoint
Skipped evaluation due to missing required element: server registration_endpoint
path
registration_endpoint
mapped
object
server
2022-05-26 12:56:18 FAILURE
CheckJwksUri
Expected https protocol for jwks_uri
actual
http://78.138.66.128:9009/oauth2/jwks
required
https
2022-05-26 12:56:18
FetchServerKeys
Fetching server key
jwks_uri
http://78.138.66.128:9009/oauth2/jwks
2022-05-26 12:56:18
FetchServerKeys
HTTP request
request_uri
http://78.138.66.128:9009/oauth2/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-05-26 12:56:18 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text

                                
response_headers
{
  "x-content-type-options": "nosniff",
  "x-xss-protection": "1; mode\u003dblock",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "pragma": "no-cache",
  "expires": "0",
  "x-frame-options": "DENY",
  "content-type": "application/json;charset\u003dISO-8859-1",
  "content-length": "599",
  "date": "Thu, 26 May 2022 12:56:18 GMT",
  "keep-alive": "timeout\u003d60",
  "connection": "keep-alive"
}
response_body
{"keys":[{"kty":"RSA","e":"AQAB","kid":"96ec048e-c640-4cfd-bc82-6571810a9d0f","n":"hz9alcCFBuc4Rr6xt_rVkeHhN9oK9bmbLtnnFO-asGj-7NOuCgOyP3fMbTOK9ipMT6VGV4_IRcqpZWQRZHWz6_pf9S1tOTyx8Srze5LPwltt7lYeN6kTnGrw7YUgtUHbDE7pEFcXQKDV15V6ZWEabc4yOQnMDV1GU7nY4t3g6I7McIVZw_bJqq8-JN8zHc9JGLXqFYC9br6KpiU7GbXwIlABh0SAJnhS4cdt5rd-MWDfa-CMtnNOWRBHrefS2m8Gmp25y2W22yin71IyN9bjHOs6pnJaz56JbgWt2N7ahB6nBcDvH2f4JLF0UGIVa7gJVQGECcfaBHrMIS8qMdsU0fJ7-AwyMI0WwXnUVAgSDE91gHFPK782dBx1wZ5m9xRsFNtQ8V_djf_oig-pJYeApGvHIyFX7ReeEaI4f5hhGhVuJsKzoNDJDmDL9BzYIAkmsjEQKUriZPou0Ttvim4Buvd_qnJzwWG_d5sVd3aXJRBlFq11bICRhcQLviqEPdn7"}]}
2022-05-26 12:56:18
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","e":"AQAB","kid":"96ec048e-c640-4cfd-bc82-6571810a9d0f","n":"hz9alcCFBuc4Rr6xt_rVkeHhN9oK9bmbLtnnFO-asGj-7NOuCgOyP3fMbTOK9ipMT6VGV4_IRcqpZWQRZHWz6_pf9S1tOTyx8Srze5LPwltt7lYeN6kTnGrw7YUgtUHbDE7pEFcXQKDV15V6ZWEabc4yOQnMDV1GU7nY4t3g6I7McIVZw_bJqq8-JN8zHc9JGLXqFYC9br6KpiU7GbXwIlABh0SAJnhS4cdt5rd-MWDfa-CMtnNOWRBHrefS2m8Gmp25y2W22yin71IyN9bjHOs6pnJaz56JbgWt2N7ahB6nBcDvH2f4JLF0UGIVa7gJVQGECcfaBHrMIS8qMdsU0fJ7-AwyMI0WwXnUVAgSDE91gHFPK782dBx1wZ5m9xRsFNtQ8V_djf_oig-pJYeApGvHIyFX7ReeEaI4f5hhGhVuJsKzoNDJDmDL9BzYIAkmsjEQKUriZPou0Ttvim4Buvd_qnJzwWG_d5sVd3aXJRBlFq11bICRhcQLviqEPdn7"}]}
2022-05-26 12:56:18 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "96ec048e-c640-4cfd-bc82-6571810a9d0f",
      "n": "hz9alcCFBuc4Rr6xt_rVkeHhN9oK9bmbLtnnFO-asGj-7NOuCgOyP3fMbTOK9ipMT6VGV4_IRcqpZWQRZHWz6_pf9S1tOTyx8Srze5LPwltt7lYeN6kTnGrw7YUgtUHbDE7pEFcXQKDV15V6ZWEabc4yOQnMDV1GU7nY4t3g6I7McIVZw_bJqq8-JN8zHc9JGLXqFYC9br6KpiU7GbXwIlABh0SAJnhS4cdt5rd-MWDfa-CMtnNOWRBHrefS2m8Gmp25y2W22yin71IyN9bjHOs6pnJaz56JbgWt2N7ahB6nBcDvH2f4JLF0UGIVa7gJVQGECcfaBHrMIS8qMdsU0fJ7-AwyMI0WwXnUVAgSDE91gHFPK782dBx1wZ5m9xRsFNtQ8V_djf_oig-pJYeApGvHIyFX7ReeEaI4f5hhGhVuJsKzoNDJDmDL9BzYIAkmsjEQKUriZPou0Ttvim4Buvd_qnJzwWG_d5sVd3aXJRBlFq11bICRhcQLviqEPdn7"
    }
  ]
}
2022-05-26 12:56:18 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2022-05-26 12:56:18 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2022-05-26 12:56:18 INFO
CheckDiscEndpointRequestParameterSupported
'request_parameter_supported' should be 'true', but is absent and the default value is 'false'.
discovery_metadata_key
request_parameter_supported
actual
expected
true
2022-05-26 12:56:18 SUCCESS
CheckDiscEndpointRequestUriParameterSupported
request_uri_parameter_supported has correct value
request_uri_parameter_supported
2022-05-26 12:56:18 INFO
CheckDiscEndpointRequestObjectSigningAlgValuesSupportedIncludesRS256
Skipped evaluation due to missing required element: server request_object_signing_alg_values_supported
path
request_object_signing_alg_values_supported
mapped
object
server
2022-05-26 12:56:18 INFO
CheckDiscEndpointClaimsParameterSupported
'claims_parameter_supported' should be 'true', but is absent and the default value is 'false'.
discovery_metadata_key
claims_parameter_supported
actual
expected
true
2022-05-26 12:56:18 SUCCESS
OIDCCCheckDiscEndpointClaimsSupported
Contents of 'claims_supported' in discovery document matches expectations.
actual
[
  "auth_time",
  "birthdate",
  "email",
  "email_verified",
  "family_name",
  "gender",
  "given_name",
  "iss",
  "middle_name",
  "name",
  "preferred_username",
  "read_access",
  "sub",
  "updated_at",
  "write_access"
]
expected
[]
minimum_matches_required
0
2022-05-26 12:56:18 SUCCESS
OIDCCCheckDiscEndpointGrantTypesSupported
grant_types_supported is a non-empty array.
grant_types_supported
[
  "authorization_code"
]
2022-05-26 12:56:18 SUCCESS
CheckDiscEndpointScopesSupportedContainsOpenId
Contents of 'scopes_supported' in discovery document matches expectations.
actual
[
  "openid",
  "profile",
  "email",
  "protected"
]
expected
[
  "openid"
]
minimum_matches_required
1
2022-05-26 12:56:18 FAILURE
CheckDiscEndpointAllEndpointsAreHttps
Expected https protocol for authorization_endpoint
actual
http://78.138.66.128:9009/oauth2/authorize
required
https
2022-05-26 12:56:18 FINISHED
oidcc-discovery-endpoint-verification
Test has run to completion
testmodule_result
FAILED
Test Results