I5:FeatureTest-Rejects No-Encryption Association Sessions over http

From OSIS Open Source Identity Systems
Revision as of 10:50, 30 March 2009 by Ve7jtb (Talk | contribs)

Jump to: navigation, search

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|FeatureTest-Rejects No-Encryption Association Sessions over http}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:OpenID Provider support for Attribute Exchange|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=FeatureTest,from={{#var:page}},namespace=I5|copy]]  [[Special:Call/DT Articles list XML,type=FeatureTest,title={{#var:page}},namespace=I5|as XML]]  edit
{{#if:|Feature Test |Feature Test }}   OpenID Provider support for Attribute Exchange
Test Type   bgcolor={{{color}}}}}|OpenID Authentication
Identifier   bgcolor={{{color}}}}}|FTR-op-auth-7  
Description   bgcolor={{{color}}}}}|Tests OpenID OP Rejects No-Encryption Association Sessions over http  
Role tested   bgcolor={{{color}}}}}|OpenID Identity Provider  
Known Successful Reference Solution(s)   bgcolor={{{color}}}}}|{{ #if: |
[[I5:]]}}{{ #if: |
[[I5:]]}} {{ #if: |
}} {{ #if: |
Success Criteria   bgcolor={{{color}}}}}|OpenID authentication succeeds with transfer of Attribute Exchange info  
Failure Criteria   bgcolor={{{color}}}}}|OpenID not accepted or other failures  

Features Proven


 |noresultsheader= {|\n|bgcolor=#eeeeee|No matching Feature found.\n|}\n
 |linksto=I5:FeatureTest-Rejects No-Encryption Association Sessions over http
 |nottitlematch = Feature.edit
 |includematch=/FeatureTest-Rejects No-Encryption Association Sessions over http/s



  1. Open the result page for your solution and this test.
  2. Go to the "OP rejects HTTP no-encryption" test endpoint at Test-ID https://test-id.org/OP/AssociateHttpNoEncryption.aspx
  3. Enter an OpenID from the OpenID 2.0 OP you are testing into the "OpenID Identifier" login field of the page.
  4. After you submit the OpenID in the login box, you should be given a pass or fail response.
    1. If in details you get "Redirects on POST requests that are to untrusted servers is not supported." you have a http: version of your OP endpoint URI that redirects. This prevents the test from making the association. If you get this error you have passed the test.
  5. Set outcome in the results page:
    1. If the success criteria was met, set the outcome to "Works".
    2. If the test failed, set the outcome to "Failed" and enter information about the failure in the Notes section.
    3. If other issues occurred set the result to "Issues" and describe them in the Notes section.
  6. Add either four tilde ~~~~ signs or a text name into the "Tested by" parameter.
  7. Update the Date Tested, Browser, and Operating System lines of the results page.