OIDC RP testing – hands on
OpenID Connect RP Certification Hands-On
Wednesday 4D
Convener: Roland Hedberg
Notes-taker(s): Mike Jones
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
RP Certification Hands-On Session - Roland Hedberg - IIW - 28-Oct-15 Roland Hedberg
Edmund Jay
Mike Jones
Sascha Preibisch
Sampo Kellomäki
William Denniss
Nov Matake
Sarah Squire
Mark Mucha
Greg Haverkamp
Roland went over the RP testing tool and how to use it Documentation is at https://www.dirg.org.umu.se/static/oictest/how_to_use_rp_test.html The code is at https://www.github.com/rohe/oidctest/.html
Can only test RPs that can use OP configuration discovery information
Path specifies behavior of test OP
Uses IP address of RP as correlation handle for requests
Logs at /log/
Logs are currently just appended to and not cleared
William Denniss asked for a way to clear a log
test_rp/rp/cflows.py - Test configuration for Roland's RP code that he is using to test the tests test_rp/op/static/pathmap.py - Paths defining tests to run Edmund Jay showed us running RP tests for his implementation His test tool is at https://www.connect.openid4.us:5443/phpRp A redirect_uri used by his RP:
https://www.connect.openid4.us:5443/phpRp/index.php/implicit A log: https://www.rp.certification.openid.net:8080/log/67.180.145.30/rp-id_token-bad_asym_sig_rs256
An issuer: https://www.rp.certification.openid.net:8080/rp-id_token-bad_asym_sig_rs256