Difference between revisions of "OC5:MITREid Connect"

From OSIS Open Source Identity Systems
Jump to: navigation, search
m (1 revision: Cloning for OC5 Interop)
(Added RP endpoint)
Line 6: Line 6:
 
   |summary          = Mitre OpenID Connect Implementation in Java on top of Spring and Spring Security
 
   |summary          = Mitre OpenID Connect Implementation in Java on top of Spring and Spring Security
 
   |homepage          = https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/
 
   |homepage          = https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/
   |instructions      = Accounts on this system will only be available to MITRE personnel, but we plan to have it set up to talk to all RPs. At the moment, we've got to register the RPs by hand, but it should be enough to start the interop testing.
+
   |instructions      = Accounts on the OP will only be available to MITRE personnel, but we plan to have it set up to talk to all RPs. At the moment, we've got to register the RPs by hand, but it should be enough to start the interop testing.  The way the RP works, you hit the home page and you're not logged in, but click the "user" link on the bottom to be put through the login process (because that page requires "user" level access). You'll then be prompted to enter your webfinger id, and the system should take over from there.
 
   |latestversion    =  
 
   |latestversion    =  
 
   |latestreleasedate =  
 
   |latestreleasedate =  
Line 12: Line 12:
 
   |solutionrole1    = OP
 
   |solutionrole1    = OP
 
   |solutionendpoint1 = https://id.mitre.org/connect/
 
   |solutionendpoint1 = https://id.mitre.org/connect/
   |solutionrole2    =  
+
   |solutionrole2    = RP
   |solutionendpoint2 =  
+
   |solutionendpoint2 = http://rivers.richer.org:8080/simple-web-app/
 
   |solutionrole3    =
 
   |solutionrole3    =
 
   |solutionendpoint3 =  
 
   |solutionendpoint3 =  

Revision as of 15:51, 24 June 2013

{{#vardefine:DtArticleSortKey|}}

Mitre Test

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Mitre Test|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=OC5 Solution,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=OC5 Solution,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|OC5 Solution |OC5 Solution }}   Mitre Test
Identifier   bgcolor={{{color}}}}}|mitretest  
Description   bgcolor={{{color}}}}}|Mitre OpenID Connect Implementation in Java on top of Spring and Spring Security  
Product Page   bgcolor={{{color}}}}}|https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/  
Project or solution logo (if different than Participant logo)   bgcolor={{{color}}}}}|
Latest Version   bgcolor={{{color}}}}}| 
Latest Release Date   bgcolor={{{color}}}}}| 
Installation/Operation Instructions   bgcolor={{{color}}}}}|Accounts on the OP will only be available to MITRE personnel, but we plan to have it set up to talk to all RPs. At the moment, we've got to register the RPs by hand, but it should be enough to start the interop testing. The way the RP works, you hit the home page and you're not logged in, but click the "user" link on the bottom to be put through the login process (because that page requires "user" level access). You'll then be prompted to enter your webfinger id, and the system should take over from there.  
Operated by   bgcolor={{{color}}}}}|Mitre
Interop Roles   bgcolor={{{color}}}}}|OP {{ #if: https://id.mitre.org/connect/ |: https://id.mitre.org/connect/ |}}  
  bgcolor={{{color}}}}}|RP {{ #if: http://rivers.richer.org:8080/simple-web-app/ |: http://rivers.richer.org:8080/simple-web-app/ |}}  
  bgcolor={{{color}}}}}|{{ #if: |: |}}  
  bgcolor={{{color}}}}}|{{ #if: |: |}}  

Click here for help populating this chart.

{{ #if: OP | {{#vardefine:DtArticleSortKey|}}

OC5 OP FeatureTest List

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Mitre Test|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=OP_FeatureTest_List,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=OP_FeatureTest_List,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|Feature Tests for |Feature Tests for }}   Mitre Test
{{#if:|OpenID Provider Features |OpenID Provider Features }}    
{{#if:|Response Type & Response Mode|Response Type & Response Mode}}    
Support code Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-code-x-Mitre Test |noresultsheader = Not Tested }}
Support id_token Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-idt-x-Mitre Test |noresultsheader = Not Tested }}
Support Combination of id_token token Response Types   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-idttoken-x-Mitre Test |noresultsheader = Not Tested }}
Support Combination of id_token code Response Types   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-idtcode-x-Mitre Test |noresultsheader = Not Tested }}
Support Combination of code token Response Types   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-codetoken-x-Mitre Test |noresultsheader = Not Tested }}
Support Combination of code id_token token Response Types   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-codeidttoken-x-Mitre Test |noresultsheader = Not Tested }}
Reject Request Without response_type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-none-x-Mitre Test |noresultsheader = Not Tested }}
Support form_post Response Mode   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rmod-form-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|ID Token|ID Token}}    
ID Token has Issuer   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-iss-x-Mitre Test |noresultsheader = Not Tested }}
ID Token has Subject   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-sub-x-Mitre Test |noresultsheader = Not Tested }}
ID Token has Audience   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-aud-x-Mitre Test |noresultsheader = Not Tested }}
ID Token has Key ID   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-kid-x-Mitre Test |noresultsheader = Not Tested }}
Support Requests Containing nonce   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-nonce-present-x-Mitre Test |noresultsheader = Not Tested }}
Includes at_hash in ID Token when Implicit Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-hash-at-x-Mitre Test |noresultsheader = Not Tested }}
Includes c_hash in ID Token when Code Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-hash-c-x-Mitre Test |noresultsheader = Not Tested }}
Uses Asymmetric ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-alg-rs256-x-Mitre Test |noresultsheader = Not Tested }}
Can Provide Unsecured ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-uns-x-Mitre Test |noresultsheader = Not Tested }}
Uses Symmetric ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-alg-hs256-x-Mitre Test |noresultsheader = Not Tested }}
Support Elliptic Curve ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-ec-x-Mitre Test |noresultsheader = Not Tested }}
Can Provide Signed and Encrypted ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-signenc-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|UserInfo Endpoint|UserInfo Endpoint}}    
UserInfo Endpoint   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-userinfo-x-Mitre Test |noresultsheader = Not Tested }}
UserInfo Endpoint Access with Header Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-hdr-x-Mitre Test |noresultsheader = Not Tested }}
UserInfo Endpoint Access with Form-Encoded Body Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-body-x-Mitre Test |noresultsheader = Not Tested }}
UserInfo has Subject   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-userinfo-sub-x-Mitre Test |noresultsheader = Not Tested }}
Can Provide Signed UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-sign-x-Mitre Test |noresultsheader = Not Tested }}
Can Provide Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-enc-x-Mitre Test |noresultsheader = Not Tested }}
Can Provide Signed and Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-signenc-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|nonce Request Parameter|nonce Request Parameter}}    
Support Requests Without nonce   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-nonce-notused-x-Mitre Test |noresultsheader = Not Tested }}
Reject Requests Without nonce Using Implicit Flow   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-nonce-missing-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|scope Request Parameter|scope Request Parameter}}    
Support scope Requesting No Specific Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-openid-x-Mitre Test |noresultsheader = Not Tested }}
Support scope Requesting profile Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-prof-x-Mitre Test |noresultsheader = Not Tested }}
Support scope Requesting email Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-email-x-Mitre Test |noresultsheader = Not Tested }}
Support scope Requesting address Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-addr-x-Mitre Test |noresultsheader = Not Tested }}
Support scope Requesting phone Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-phone-x-Mitre Test |noresultsheader = Not Tested }}
Support scope Requesting All Basic Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-all-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|display Request Parameter|display Request Parameter}}    
Support display value page   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-dsp-page-x-Mitre Test |noresultsheader = Not Tested }}
Support display value popup   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-dsp-popup-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|prompt Request Parameter|prompt Request Parameter}}    
Support prompt value none   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-pro-none-x-Mitre Test |noresultsheader = Not Tested }}
Support prompt value login   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-pro-login-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Misc Request Parameters|Misc Request Parameters}}    
Providing ID Token with max_age Restriction   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-maxage-x-Mitre Test |noresultsheader = Not Tested }}
Support id_token_hint Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-idthint-x-Mitre Test |noresultsheader = Not Tested }}
Ignores Extra Query Component in Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-extquery-x-Mitre Test |noresultsheader = Not Tested }}
Rejects Second Use of Access Code   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-code-2nd-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|OAuth Behaviors|OAuth Behaviors}}    
Second Use of Access Code Revokes Previously Issued Access Token   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-code-2nd-revokes-x-Mitre Test |noresultsheader = Not Tested }}
Reject redirect_uri Not Matching a Registered redirect_uri   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-notreg-x-Mitre Test |noresultsheader = Not Tested }}
Reject Request Without redirect_uri when Multiple Registered   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-nonebad-x-Mitre Test |noresultsheader = Not Tested }}
Accept Request Without redirect_uri when One Registered   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-noneok-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|redirect_uri|redirect_uri}}    
Preserves Query Parameter in redirect_uri   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-query-x-Mitre Test |noresultsheader = Not Tested }}
Preserves Query Parameter in Registered redirect_uri   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-regquery-x-Mitre Test |noresultsheader = Not Tested }}
Rejects redirect_uri when Query Parameter Does Not Match   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-noqmatch-x-Mitre Test |noresultsheader = Not Tested }}
Reject Registration of redirect_uri with Fragment   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-regfrag-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Client Authentication|Client Authentication}}    
Support Authentication to Token Endpoint using HTTP Basic with POST   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-tok-basicpost-x-Mitre Test |noresultsheader = Not Tested }}
Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-tok-cspost-x-Mitre Test |noresultsheader = Not Tested }}
Support Authentication to Token Endpoint with Asymmetrically Signed JWTs   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-tok-pkjwt-x-Mitre Test |noresultsheader = Not Tested }}
Support Authentication to Token Endpoint with Symmetrically Signed JWTs   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-tok-csjwt-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Discovery|Discovery}}    
Support WebFinger Discovery   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-discovery-x-Mitre Test |noresultsheader = Not Tested }}
Publish openid-configuration Discovery Information   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-disc-config-x-Mitre Test |noresultsheader = Not Tested }}
Discovered issuer Matches openid-configuration Path Prefix   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-disc-issuer-x-Mitre Test |noresultsheader = Not Tested }}
Discovered issuer Matches ID Token iss Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-iss-issuer-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Dynamic Client Registration|Dynamic Client Registration}}    
Enables Dynamic Registration   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-registration-x-Mitre Test |noresultsheader = Not Tested }}
Support Registration Read   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-reg-read-x-Mitre Test |noresultsheader = Not Tested }}
Uses Keys Registered with jwks_uri Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-keys-jwks_uri-x-Mitre Test |noresultsheader = Not Tested }}
Uses Keys Registered with jwks Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-keys-jwks-x-Mitre Test |noresultsheader = Not Tested }}
Providing public sub Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-id-public-x-Mitre Test |noresultsheader = Not Tested }}
Providing pairwise sub Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-id-pairwise-x-Mitre Test |noresultsheader = Not Tested }}
Public and pairwise sub Values Differ   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-id-differ-x-Mitre Test |noresultsheader = Not Tested }}
Supports using Sector Identifier for Pairwise sub Values   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-sector-id-x-Mitre Test |noresultsheader = Not Tested }}
Rejects Sector Identifier Not Containing Registered redirect_uri Values   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-sector-bad-x-Mitre Test |noresultsheader = Not Tested }}
Displays Logo in Login Page   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-disp-logo-x-Mitre Test |noresultsheader = Not Tested }}
Displays Policy URI in Login Page   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-disp-policy-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Key Rollover|Key Rollover}}    
Can Rollover OP Signing Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-roll-op-sig-x-Mitre Test |noresultsheader = Not Tested }}
Support RP Signing Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-roll-rp-sig-x-Mitre Test |noresultsheader = Not Tested }}
Can Rollover OP Encryption Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-roll-op-enc-x-Mitre Test |noresultsheader = Not Tested }}
Support RP Encryption Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-roll-rp-enc-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|request_uri Request Parameter|request_uri Request Parameter}}    
Support request_uri Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-reqfile-x-Mitre Test |noresultsheader = Not Tested }}
Support request_uri Request Parameter with Signed Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-sig-x-Mitre Test |noresultsheader = Not Tested }}
Support request_uri Request Parameter with Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-enc-x-Mitre Test |noresultsheader = Not Tested }}
Support request_uri Request Parameter with Signed and Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-sigenc-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|request Request Parameter|request Request Parameter}}    
Support request Request Parameter with Signed Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-sig-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|claims Request Parameter|claims Request Parameter}}    
Support claims Request Specifying sub Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-userid-x-Mitre Test |noresultsheader = Not Tested }}
Support claims Request Specifying sub Value when prompt none Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-userid-none-x-Mitre Test |noresultsheader = Not Tested }}
Supports Returning Claims in ID Token   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-idt-x-Mitre Test |noresultsheader = Not Tested }}
Supports Returning Different Claims in ID Token and UserInfo Endpoint   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-split-x-Mitre Test |noresultsheader = Not Tested }}
Supports Combining Claims Requested with scope and claims Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-combined-x-Mitre Test |noresultsheader = Not Tested }}
Providing Individually Requested Essential Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-essential-x-Mitre Test |noresultsheader = Not Tested }}
Providing Individually Requested Voluntary Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-voluntary-x-Mitre Test |noresultsheader = Not Tested }}
Providing Individually Requested Essential and Voluntary Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-essandvol-x-Mitre Test |noresultsheader = Not Tested }}
Providing ID Token with Essential auth_time Claim   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-atime-essential-x-Mitre Test |noresultsheader = Not Tested }}
Providing ID Token with Essential acr Claim   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-acr-essential-x-Mitre Test |noresultsheader = Not Tested }}
Providing ID Token with Voluntary acr Claim   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-acr-voluntary-x-Mitre Test |noresultsheader = Not Tested }}
Support Request for acr Value of 1   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-acr-1-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Third Party Initiated Login|Third Party Initiated Login}}    
Can Request OP Initiated Login   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-init-login-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Session Management|Session Management}}    
Logout Initiated by OP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-logout-init-x-Mitre Test |noresultsheader = Not Tested }}
Logout Received by OP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-logout-received-x-Mitre Test |noresultsheader = Not Tested }}
State Change Other than Logout Communicated   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-change-init-x-Mitre Test |noresultsheader = Not Tested }}


|

}}

{{ #if: RP | {{#vardefine:DtArticleSortKey|}}

OC5 RP FeatureTest List

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Mitre Test|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=RP_FeatureTest_List,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=RP_FeatureTest_List,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|Feature Tests for |Feature Tests for }}   Mitre Test
{{#if:|Relying Party Features |Relying Party Features }}    
{{#if:|Response Type & Response Mode|Response Type & Response Mode}}    
Can Make Request with code Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-code-x-Mitre Test |noresultsheader = Not Tested }}
Can Make Request with id_token Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-id_token-x-Mitre Test |noresultsheader = Not Tested }}
Can Make Request with id_token token Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-id_token-token-x-Mitre Test |noresultsheader = Not Tested }}
Can Use Self-Issued OP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-selfissued-x-Mitre Test |noresultsheader = Not Tested }}
Can Make Request with form_post Response Mode   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rmod-form-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|ID Token|ID Token}}    
Rejects ID Token with Invalid Audience   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-aud-x-Mitre Test |noresultsheader = Not Tested }}
Rejects Incorrect at_hash when Implicit Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-hash-badat-x-Mitre Test |noresultsheader = Not Tested }}
Rejects Incorrect c_hash when Code Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-hash-badc-x-Mitre Test |noresultsheader = Not Tested }}
Reject Invalid Asymmetric ID Token Signature   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-rs256-x-Mitre Test |noresultsheader = Not Tested }}
Can Request and Use Unsecured ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-uns-x-Mitre Test |noresultsheader = Not Tested }}
Reject Invalid Symmetric ID Token Signature   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-hs256-x-Mitre Test |noresultsheader = Not Tested }}
Can Use Elliptic Curve ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-ec-x-Mitre Test |noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-signenc-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|UserInfo Endpoint|UserInfo Endpoint}}    
Accesses UserInfo Endpoint with Header Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-hdr-x-Mitre Test |noresultsheader = Not Tested }}
Does Not Access UserInfo Endpoint with Query Parameter Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-not-query-x-Mitre Test |noresultsheader = Not Tested }}
Rejects UserInfo with Invalid Subject   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-userinfo-sub-x-Mitre Test |noresultsheader = Not Tested }}
Can Request and Use Signed UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-sign-x-Mitre Test |noresultsheader = Not Tested }}
Can Request and Use Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-enc-x-Mitre Test |noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-signenc-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|scope Request Parameter|scope Request Parameter}}    
Requesting UserInfo Claims with scope Values   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-scope-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Client Authentication|Client Authentication}}    
Can Make Access Token Request with client_secret_basic Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-csbasic-x-Mitre Test |noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_post Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-cspost-x-Mitre Test |noresultsheader = Not Tested }}
Can Make Access Token Request with private_key_jwt Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-pkjwt-x-Mitre Test |noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_jwt Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-csjwt-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Discovery|Discovery}}    
Uses WebFinger Discovery   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-discovery-x-Mitre Test |noresultsheader = Not Tested }}
Can Discover Identifiers using E-Mail Syntax   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ids-email-x-Mitre Test |noresultsheader = Not Tested }}
Can Discover Identifiers using URL Syntax   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ids-url-x-Mitre Test |noresultsheader = Not Tested }}
Uses openid-configuration Discovery Information   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-disc-config-x-Mitre Test |noresultsheader = Not Tested }}
Rejects Discovered issuer Not Matching openid-configuration Path Prefix   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-disc-issuer-x-Mitre Test |noresultsheader = Not Tested }}
Rejects ID Token with iss Not Matching Discovered issuer   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-iss-issuer-x-Mitre Test |noresultsheader = Not Tested }}
Uses Keys Discovered with jwks_uri Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-keys-jwks_uri-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Dynamic Client Registration|Dynamic Client Registration}}    
Uses Dynamic Registration   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-registration-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Key Rollover|Key Rollover}}    
Support OP Signing Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-op-sig-x-Mitre Test |noresultsheader = Not Tested }}
Can Rollover RP Signing Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-rp-sig-x-Mitre Test |noresultsheader = Not Tested }}
Support OP Encryption Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-op-enc-x-Mitre Test |noresultsheader = Not Tested }}
Can Rollover RP Encryption Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-rp-enc-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|request_uri Request Parameter|request_uri Request Parameter}}    
Can Use request_uri Request Parameter with Unsecured Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-uns-x-Mitre Test |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-sig-x-Mitre Test |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-enc-x-Mitre Test |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed and Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-sigenc-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|claims Request Parameter|claims Request Parameter}}    
Requesting UserInfo Claims with claims Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-reqobj-x-Mitre Test |noresultsheader = Not Tested }}
Can Request and Use Claims in id_token   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-idt-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Third Party Initiated Login|Third Party Initiated Login}}    
Support Third-Party Initiated Login   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-3rd-login-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Claim Types|Claim Types}}    
Uses Aggregated Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-aggreg-x-Mitre Test |noresultsheader = Not Tested }}
Uses Distributed Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-dist-x-Mitre Test |noresultsheader = Not Tested }}
{{#if:|Session Management|Session Management}}    
Logout Initiated by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-logout-init-x-Mitre Test |noresultsheader = Not Tested }}
Logout Received by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-logout-received-x-Mitre Test |noresultsheader = Not Tested }}
State Change Other than Logout Received by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-change-received-x-Mitre Test |noresultsheader = Not Tested }}


|

}}

{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 FeatureTest List

Template:OC5 FeatureTest List | }}


{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 Feature Test List

Template:OC5 Feature Test List | }} {{ #if: OP | | }} {{ #if: RP | | }} {{ #if: | | }} {{ #if: | | }}