Difference between revisions of "OC5:MITREid Connect"

Revision as of 15:51, 24 June 2013

Mitre Test

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Mitre Test|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||

{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}}

{{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=OC5 Solution,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=OC5 Solution,title={{#var:page}},namespace=OC5|as XML]] edit

}}

{{#if:\|OC5 Solution \|OC5 Solution }}	Mitre Test
Identifier	bgcolor={{{color}}}}}\|mitretest
Description	bgcolor={{{color}}}}}\|Mitre OpenID Connect Implementation in Java on top of Spring and Spring Security
Product Page	bgcolor={{{color}}}}}\|https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/
Project or solution logo (if different than Participant logo)	bgcolor={{{color}}}}}\|
Latest Version	bgcolor={{{color}}}}}\|
Latest Release Date	bgcolor={{{color}}}}}\|
Installation/Operation Instructions	bgcolor={{{color}}}}}\|Accounts on the OP will only be available to MITRE personnel, but we plan to have it set up to talk to all RPs. At the moment, we've got to register the RPs by hand, but it should be enough to start the interop testing. The way the RP works, you hit the home page and you're not logged in, but click the "user" link on the bottom to be put through the login process (because that page requires "user" level access). You'll then be prompted to enter your webfinger id, and the system should take over from there.
Operated by	bgcolor={{{color}}}}}\|Mitre
Interop Roles	bgcolor={{{color}}}}}\|OP {{ #if: https://id.mitre.org/connect/ \|: https://id.mitre.org/connect/ \|}}
	bgcolor={{{color}}}}}\|RP {{ #if: http://rivers.richer.org:8080/simple-web-app/ \|: http://rivers.richer.org:8080/simple-web-app/ \|}}
	bgcolor={{{color}}}}}\|{{ #if: \|: \|}}
	bgcolor={{{color}}}}}\|{{ #if: \|: \|}}

Click here for help populating this chart.

{{ #if: OP | {{#vardefine:DtArticleSortKey|}}

OC5 OP FeatureTest List

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Mitre Test|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||

{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}}

{{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=OP_FeatureTest_List,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=OP_FeatureTest_List,title={{#var:page}},namespace=OC5|as XML]] edit

}}

{{#if:\|Feature Tests for \|Feature Tests for }}	Mitre Test
{{#if:\|OpenID Provider Features \|OpenID Provider Features }}
{{#if:\|Response Type & Response Mode\|Response Type & Response Mode}}
Support code Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-code-x-Mitre Test \|noresultsheader = Not Tested }}
Support id_token Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-idt-x-Mitre Test \|noresultsheader = Not Tested }}
Support Combination of id_token token Response Types	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-idttoken-x-Mitre Test \|noresultsheader = Not Tested }}
Support Combination of id_token code Response Types	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-idtcode-x-Mitre Test \|noresultsheader = Not Tested }}
Support Combination of code token Response Types	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-codetoken-x-Mitre Test \|noresultsheader = Not Tested }}
Support Combination of code id_token token Response Types	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-codeidttoken-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Request Without response_type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-none-x-Mitre Test \|noresultsheader = Not Tested }}
Support form_post Response Mode	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rmod-form-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|ID Token\|ID Token}}
ID Token has Issuer	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-iss-x-Mitre Test \|noresultsheader = Not Tested }}
ID Token has Subject	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-sub-x-Mitre Test \|noresultsheader = Not Tested }}
ID Token has Audience	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-aud-x-Mitre Test \|noresultsheader = Not Tested }}
ID Token has Key ID	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-kid-x-Mitre Test \|noresultsheader = Not Tested }}
Support Requests Containing nonce	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-nonce-present-x-Mitre Test \|noresultsheader = Not Tested }}
Includes at_hash in ID Token when Implicit Flow Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-hash-at-x-Mitre Test \|noresultsheader = Not Tested }}
Includes c_hash in ID Token when Code Flow Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-hash-c-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Asymmetric ID Token Signatures	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-alg-rs256-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Unsecured ID Token Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-uns-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Symmetric ID Token Signatures	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-alg-hs256-x-Mitre Test \|noresultsheader = Not Tested }}
Support Elliptic Curve ID Token Signatures	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-ec-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Signed and Encrypted ID Token Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-signenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|UserInfo Endpoint\|UserInfo Endpoint}}
UserInfo Endpoint	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-userinfo-x-Mitre Test \|noresultsheader = Not Tested }}
UserInfo Endpoint Access with Header Method	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-hdr-x-Mitre Test \|noresultsheader = Not Tested }}
UserInfo Endpoint Access with Form-Encoded Body Method	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-body-x-Mitre Test \|noresultsheader = Not Tested }}
UserInfo has Subject	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-userinfo-sub-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Signed UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-sign-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Encrypted UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Signed and Encrypted UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-signenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|nonce Request Parameter\|nonce Request Parameter}}
Support Requests Without nonce	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-nonce-notused-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Requests Without nonce Using Implicit Flow	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-nonce-missing-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|scope Request Parameter\|scope Request Parameter}}
Support scope Requesting No Specific Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-openid-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting profile Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-prof-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting email Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-email-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting address Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-addr-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting phone Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-phone-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting All Basic Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-all-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|display Request Parameter\|display Request Parameter}}
Support display value page	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-dsp-page-x-Mitre Test \|noresultsheader = Not Tested }}
Support display value popup	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-dsp-popup-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|prompt Request Parameter\|prompt Request Parameter}}
Support prompt value none	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-pro-none-x-Mitre Test \|noresultsheader = Not Tested }}
Support prompt value login	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-pro-login-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Misc Request Parameters\|Misc Request Parameters}}
Providing ID Token with max_age Restriction	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-maxage-x-Mitre Test \|noresultsheader = Not Tested }}
Support id_token_hint Request Parameter	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-idthint-x-Mitre Test \|noresultsheader = Not Tested }}
Ignores Extra Query Component in Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-extquery-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Second Use of Access Code	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-code-2nd-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|OAuth Behaviors\|OAuth Behaviors}}
Second Use of Access Code Revokes Previously Issued Access Token	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-code-2nd-revokes-x-Mitre Test \|noresultsheader = Not Tested }}
Reject redirect_uri Not Matching a Registered redirect_uri	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-notreg-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Request Without redirect_uri when Multiple Registered	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-nonebad-x-Mitre Test \|noresultsheader = Not Tested }}
Accept Request Without redirect_uri when One Registered	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-noneok-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|redirect_uri\|redirect_uri}}
Preserves Query Parameter in redirect_uri	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-query-x-Mitre Test \|noresultsheader = Not Tested }}
Preserves Query Parameter in Registered redirect_uri	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-regquery-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects redirect_uri when Query Parameter Does Not Match	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-noqmatch-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Registration of redirect_uri with Fragment	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-regfrag-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Client Authentication\|Client Authentication}}
Support Authentication to Token Endpoint using HTTP Basic with POST	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-tok-basicpost-x-Mitre Test \|noresultsheader = Not Tested }}
Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-tok-cspost-x-Mitre Test \|noresultsheader = Not Tested }}
Support Authentication to Token Endpoint with Asymmetrically Signed JWTs	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-tok-pkjwt-x-Mitre Test \|noresultsheader = Not Tested }}
Support Authentication to Token Endpoint with Symmetrically Signed JWTs	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-tok-csjwt-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Discovery\|Discovery}}
Support WebFinger Discovery	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-discovery-x-Mitre Test \|noresultsheader = Not Tested }}
Publish openid-configuration Discovery Information	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-disc-config-x-Mitre Test \|noresultsheader = Not Tested }}
Discovered issuer Matches openid-configuration Path Prefix	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-disc-issuer-x-Mitre Test \|noresultsheader = Not Tested }}
Discovered issuer Matches ID Token iss Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-iss-issuer-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Dynamic Client Registration\|Dynamic Client Registration}}
Enables Dynamic Registration	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-registration-x-Mitre Test \|noresultsheader = Not Tested }}
Support Registration Read	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-reg-read-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Keys Registered with jwks_uri Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-keys-jwks_uri-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Keys Registered with jwks Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-keys-jwks-x-Mitre Test \|noresultsheader = Not Tested }}
Providing public sub Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-id-public-x-Mitre Test \|noresultsheader = Not Tested }}
Providing pairwise sub Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-id-pairwise-x-Mitre Test \|noresultsheader = Not Tested }}
Public and pairwise sub Values Differ	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-id-differ-x-Mitre Test \|noresultsheader = Not Tested }}
Supports using Sector Identifier for Pairwise sub Values	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-sector-id-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Sector Identifier Not Containing Registered redirect_uri Values	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-sector-bad-x-Mitre Test \|noresultsheader = Not Tested }}
Displays Logo in Login Page	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-disp-logo-x-Mitre Test \|noresultsheader = Not Tested }}
Displays Policy URI in Login Page	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-disp-policy-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Key Rollover\|Key Rollover}}
Can Rollover OP Signing Key	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-roll-op-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Support RP Signing Key Rollover	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-roll-rp-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Can Rollover OP Encryption Key	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-roll-op-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Support RP Encryption Key Rollover	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-roll-rp-enc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|request_uri Request Parameter\|request_uri Request Parameter}}
Support request_uri Request Parameter	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-reqfile-x-Mitre Test \|noresultsheader = Not Tested }}
Support request_uri Request Parameter with Signed Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Support request_uri Request Parameter with Encrypted Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Support request_uri Request Parameter with Signed and Encrypted Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-sigenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|request Request Parameter\|request Request Parameter}}
Support request Request Parameter with Signed Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-sig-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|claims Request Parameter\|claims Request Parameter}}
Support claims Request Specifying sub Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-userid-x-Mitre Test \|noresultsheader = Not Tested }}
Support claims Request Specifying sub Value when prompt none Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-userid-none-x-Mitre Test \|noresultsheader = Not Tested }}
Supports Returning Claims in ID Token	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-idt-x-Mitre Test \|noresultsheader = Not Tested }}
Supports Returning Different Claims in ID Token and UserInfo Endpoint	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-split-x-Mitre Test \|noresultsheader = Not Tested }}
Supports Combining Claims Requested with scope and claims Request Parameter	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-combined-x-Mitre Test \|noresultsheader = Not Tested }}
Providing Individually Requested Essential Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-essential-x-Mitre Test \|noresultsheader = Not Tested }}
Providing Individually Requested Voluntary Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-voluntary-x-Mitre Test \|noresultsheader = Not Tested }}
Providing Individually Requested Essential and Voluntary Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-essandvol-x-Mitre Test \|noresultsheader = Not Tested }}
Providing ID Token with Essential auth_time Claim	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-atime-essential-x-Mitre Test \|noresultsheader = Not Tested }}
Providing ID Token with Essential acr Claim	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-acr-essential-x-Mitre Test \|noresultsheader = Not Tested }}
Providing ID Token with Voluntary acr Claim	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-acr-voluntary-x-Mitre Test \|noresultsheader = Not Tested }}
Support Request for acr Value of 1	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-acr-1-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Third Party Initiated Login\|Third Party Initiated Login}}
Can Request OP Initiated Login	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-init-login-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Session Management\|Session Management}}
Logout Initiated by OP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-logout-init-x-Mitre Test \|noresultsheader = Not Tested }}
Logout Received by OP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-logout-received-x-Mitre Test \|noresultsheader = Not Tested }}
State Change Other than Logout Communicated	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-change-init-x-Mitre Test \|noresultsheader = Not Tested }}

}}

{{ #if: RP | {{#vardefine:DtArticleSortKey|}}

OC5 RP FeatureTest List

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Mitre Test|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||

{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}}

{{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=RP_FeatureTest_List,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=RP_FeatureTest_List,title={{#var:page}},namespace=OC5|as XML]] edit

}}

{{#if:\|Feature Tests for \|Feature Tests for }}	Mitre Test
{{#if:\|Relying Party Features \|Relying Party Features }}
{{#if:\|Response Type & Response Mode\|Response Type & Response Mode}}
Can Make Request with code Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-rtyp-code-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Request with id_token Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-rtyp-id_token-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Request with id_token token Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-rtyp-id_token-token-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use Self-Issued OP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-selfissued-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Request with form_post Response Mode	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-rmod-form-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|ID Token\|ID Token}}
Rejects ID Token with Invalid Audience	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-aud-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Incorrect at_hash when Implicit Flow Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-hash-badat-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Incorrect c_hash when Code Flow Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-hash-badc-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Invalid Asymmetric ID Token Signature	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-rs256-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Unsecured ID Token Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-idt-uns-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Invalid Symmetric ID Token Signature	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-hs256-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use Elliptic Curve ID Token Signatures	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-idt-ec-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted ID Token Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-idt-signenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|UserInfo Endpoint\|UserInfo Endpoint}}
Accesses UserInfo Endpoint with Header Method	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-hdr-x-Mitre Test \|noresultsheader = Not Tested }}
Does Not Access UserInfo Endpoint with Query Parameter Method	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-not-query-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects UserInfo with Invalid Subject	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-userinfo-sub-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Signed UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-sign-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Encrypted UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-signenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|scope Request Parameter\|scope Request Parameter}}
Requesting UserInfo Claims with scope Values	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-scope-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Client Authentication\|Client Authentication}}
Can Make Access Token Request with client_secret_basic Authentication	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-tok-csbasic-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_post Authentication	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-tok-cspost-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Access Token Request with private_key_jwt Authentication	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-tok-pkjwt-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_jwt Authentication	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-tok-csjwt-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Discovery\|Discovery}}
Uses WebFinger Discovery	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-discovery-x-Mitre Test \|noresultsheader = Not Tested }}
Can Discover Identifiers using E-Mail Syntax	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ids-email-x-Mitre Test \|noresultsheader = Not Tested }}
Can Discover Identifiers using URL Syntax	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ids-url-x-Mitre Test \|noresultsheader = Not Tested }}
Uses openid-configuration Discovery Information	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-disc-config-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Discovered issuer Not Matching openid-configuration Path Prefix	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-disc-issuer-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects ID Token with iss Not Matching Discovered issuer	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-iss-issuer-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Keys Discovered with jwks_uri Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-keys-jwks_uri-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Dynamic Client Registration\|Dynamic Client Registration}}
Uses Dynamic Registration	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-registration-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Key Rollover\|Key Rollover}}
Support OP Signing Key Rollover	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-roll-op-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Can Rollover RP Signing Key	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-roll-rp-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Support OP Encryption Key Rollover	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-roll-op-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Can Rollover RP Encryption Key	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-roll-rp-enc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|request_uri Request Parameter\|request_uri Request Parameter}}
Can Use request_uri Request Parameter with Unsecured Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ruri-uns-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ruri-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Encrypted Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ruri-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed and Encrypted Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ruri-sigenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|claims Request Parameter\|claims Request Parameter}}
Requesting UserInfo Claims with claims Request Parameter	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-reqobj-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Claims in id_token	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-clm-idt-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Third Party Initiated Login\|Third Party Initiated Login}}
Support Third-Party Initiated Login	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-3rd-login-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Claim Types\|Claim Types}}
Uses Aggregated Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-clm-aggreg-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Distributed Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-clm-dist-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Session Management\|Session Management}}
Logout Initiated by RP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-logout-init-x-Mitre Test \|noresultsheader = Not Tested }}
Logout Received by RP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-logout-received-x-Mitre Test \|noresultsheader = Not Tested }}
State Change Other than Logout Received by RP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-change-received-x-Mitre Test \|noresultsheader = Not Tested }}

}}

{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 FeatureTest List

Template:OC5 FeatureTest List | }}

{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 Feature Test List

Template:OC5 Feature Test List | }} {{ #if: OP | | }} {{ #if: RP | | }} {{ #if: | | }} {{ #if: | | }}

@@ Line 6: / Line 6: @@
    |summary           = Mitre OpenID Connect Implementation in Java on top of Spring and Spring Security
    |homepage          = https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/
-   |instructions      = Accounts on this system will only be available to MITRE personnel, but we plan to have it set up to talk to all RPs. At the moment, we've got to register the RPs by hand, but it should be enough to start the interop testing.
+   |instructions      = Accounts on the OP will only be available to MITRE personnel, but we plan to have it set up to talk to all RPs. At the moment, we've got to register the RPs by hand, but it should be enough to start the interop testing.  The way the RP works, you hit the home page and you're not logged in, but click the "user" link on the bottom to be put through the login process (because that page requires "user" level access). You'll then be prompted to enter your webfinger id, and the system should take over from there.
    |latestversion     =
    |latestreleasedate =
@@ Line 12: / Line 12: @@
    |solutionrole1     = OP
    |solutionendpoint1 = https://id.mitre.org/connect/
-   |solutionrole2     =
+   |solutionrole2     = RP
-   |solutionendpoint2 =
+   |solutionendpoint2 = http://rivers.richer.org:8080/simple-web-app/
    |solutionrole3     =
    |solutionendpoint3 =

{{#if:\|OC5 Solution \|OC5 Solution }}	Mitre Test
Identifier	bgcolor={{{color}}}}}\|mitretest
Description	bgcolor={{{color}}}}}\|Mitre OpenID Connect Implementation in Java on top of Spring and Spring Security
Product Page	bgcolor={{{color}}}}}\|https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/
Project or solution logo (if different than Participant logo)	bgcolor={{{color}}}}}\|
Latest Version	bgcolor={{{color}}}}}\|
Latest Release Date	bgcolor={{{color}}}}}\|
Installation/Operation Instructions	bgcolor={{{color}}}}}\|Accounts on the OP will only be available to MITRE personnel, but we plan to have it set up to talk to all RPs. At the moment, we've got to register the RPs by hand, but it should be enough to start the interop testing. The way the RP works, you hit the home page and you're not logged in, but click the "user" link on the bottom to be put through the login process (because that page requires "user" level access). You'll then be prompted to enter your webfinger id, and the system should take over from there.
Operated by	bgcolor={{{color}}}}}\|Mitre
Interop Roles	bgcolor={{{color}}}}}\|OP {{ #if: https://id.mitre.org/connect/ \|: https://id.mitre.org/connect/ \|}}
	bgcolor={{{color}}}}}\|RP {{ #if: http://rivers.richer.org:8080/simple-web-app/ \|: http://rivers.richer.org:8080/simple-web-app/ \|}}
	bgcolor={{{color}}}}}\|{{ #if: \|: \|}}
	bgcolor={{{color}}}}}\|{{ #if: \|: \|}}

{{#if:\|Feature Tests for \|Feature Tests for }}	Mitre Test
{{#if:\|OpenID Provider Features \|OpenID Provider Features }}
{{#if:\|Response Type & Response Mode\|Response Type & Response Mode}}
Support code Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-code-x-Mitre Test \|noresultsheader = Not Tested }}
Support id_token Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-idt-x-Mitre Test \|noresultsheader = Not Tested }}
Support Combination of id_token token Response Types	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-idttoken-x-Mitre Test \|noresultsheader = Not Tested }}
Support Combination of id_token code Response Types	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-idtcode-x-Mitre Test \|noresultsheader = Not Tested }}
Support Combination of code token Response Types	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-codetoken-x-Mitre Test \|noresultsheader = Not Tested }}
Support Combination of code id_token token Response Types	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-codeidttoken-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Request Without response_type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rtyp-none-x-Mitre Test \|noresultsheader = Not Tested }}
Support form_post Response Mode	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-rmod-form-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|ID Token\|ID Token}}
ID Token has Issuer	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-iss-x-Mitre Test \|noresultsheader = Not Tested }}
ID Token has Subject	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-sub-x-Mitre Test \|noresultsheader = Not Tested }}
ID Token has Audience	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-aud-x-Mitre Test \|noresultsheader = Not Tested }}
ID Token has Key ID	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-kid-x-Mitre Test \|noresultsheader = Not Tested }}
Support Requests Containing nonce	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-nonce-present-x-Mitre Test \|noresultsheader = Not Tested }}
Includes at_hash in ID Token when Implicit Flow Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-hash-at-x-Mitre Test \|noresultsheader = Not Tested }}
Includes c_hash in ID Token when Code Flow Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-hash-c-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Asymmetric ID Token Signatures	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-alg-rs256-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Unsecured ID Token Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-uns-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Symmetric ID Token Signatures	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-alg-hs256-x-Mitre Test \|noresultsheader = Not Tested }}
Support Elliptic Curve ID Token Signatures	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-ec-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Signed and Encrypted ID Token Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-idt-signenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|UserInfo Endpoint\|UserInfo Endpoint}}
UserInfo Endpoint	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-userinfo-x-Mitre Test \|noresultsheader = Not Tested }}
UserInfo Endpoint Access with Header Method	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-hdr-x-Mitre Test \|noresultsheader = Not Tested }}
UserInfo Endpoint Access with Form-Encoded Body Method	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-body-x-Mitre Test \|noresultsheader = Not Tested }}
UserInfo has Subject	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-userinfo-sub-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Signed UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-sign-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Encrypted UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Can Provide Signed and Encrypted UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ui-signenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|nonce Request Parameter\|nonce Request Parameter}}
Support Requests Without nonce	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-nonce-notused-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Requests Without nonce Using Implicit Flow	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-nonce-missing-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|scope Request Parameter\|scope Request Parameter}}
Support scope Requesting No Specific Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-openid-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting profile Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-prof-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting email Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-email-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting address Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-addr-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting phone Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-phone-x-Mitre Test \|noresultsheader = Not Tested }}
Support scope Requesting All Basic Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-scp-all-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|display Request Parameter\|display Request Parameter}}
Support display value page	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-dsp-page-x-Mitre Test \|noresultsheader = Not Tested }}
Support display value popup	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-dsp-popup-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|prompt Request Parameter\|prompt Request Parameter}}
Support prompt value none	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-pro-none-x-Mitre Test \|noresultsheader = Not Tested }}
Support prompt value login	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-pro-login-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Misc Request Parameters\|Misc Request Parameters}}
Providing ID Token with max_age Restriction	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-maxage-x-Mitre Test \|noresultsheader = Not Tested }}
Support id_token_hint Request Parameter	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-idthint-x-Mitre Test \|noresultsheader = Not Tested }}
Ignores Extra Query Component in Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-extquery-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Second Use of Access Code	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-code-2nd-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|OAuth Behaviors\|OAuth Behaviors}}
Second Use of Access Code Revokes Previously Issued Access Token	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-code-2nd-revokes-x-Mitre Test \|noresultsheader = Not Tested }}
Reject redirect_uri Not Matching a Registered redirect_uri	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-notreg-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Request Without redirect_uri when Multiple Registered	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-nonebad-x-Mitre Test \|noresultsheader = Not Tested }}
Accept Request Without redirect_uri when One Registered	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-noneok-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|redirect_uri\|redirect_uri}}
Preserves Query Parameter in redirect_uri	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-query-x-Mitre Test \|noresultsheader = Not Tested }}
Preserves Query Parameter in Registered redirect_uri	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-regquery-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects redirect_uri when Query Parameter Does Not Match	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-noqmatch-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Registration of redirect_uri with Fragment	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-regfrag-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Client Authentication\|Client Authentication}}
Support Authentication to Token Endpoint using HTTP Basic with POST	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-tok-basicpost-x-Mitre Test \|noresultsheader = Not Tested }}
Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-tok-cspost-x-Mitre Test \|noresultsheader = Not Tested }}
Support Authentication to Token Endpoint with Asymmetrically Signed JWTs	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-tok-pkjwt-x-Mitre Test \|noresultsheader = Not Tested }}
Support Authentication to Token Endpoint with Symmetrically Signed JWTs	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-tok-csjwt-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Discovery\|Discovery}}
Support WebFinger Discovery	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-discovery-x-Mitre Test \|noresultsheader = Not Tested }}
Publish openid-configuration Discovery Information	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-disc-config-x-Mitre Test \|noresultsheader = Not Tested }}
Discovered issuer Matches openid-configuration Path Prefix	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-disc-issuer-x-Mitre Test \|noresultsheader = Not Tested }}
Discovered issuer Matches ID Token iss Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-iss-issuer-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Dynamic Client Registration\|Dynamic Client Registration}}
Enables Dynamic Registration	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-registration-x-Mitre Test \|noresultsheader = Not Tested }}
Support Registration Read	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-reg-read-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Keys Registered with jwks_uri Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-keys-jwks_uri-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Keys Registered with jwks Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-keys-jwks-x-Mitre Test \|noresultsheader = Not Tested }}
Providing public sub Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-id-public-x-Mitre Test \|noresultsheader = Not Tested }}
Providing pairwise sub Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-id-pairwise-x-Mitre Test \|noresultsheader = Not Tested }}
Public and pairwise sub Values Differ	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-id-differ-x-Mitre Test \|noresultsheader = Not Tested }}
Supports using Sector Identifier for Pairwise sub Values	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-sector-id-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Sector Identifier Not Containing Registered redirect_uri Values	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-sector-bad-x-Mitre Test \|noresultsheader = Not Tested }}
Displays Logo in Login Page	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-disp-logo-x-Mitre Test \|noresultsheader = Not Tested }}
Displays Policy URI in Login Page	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-disp-policy-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Key Rollover\|Key Rollover}}
Can Rollover OP Signing Key	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-roll-op-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Support RP Signing Key Rollover	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-roll-rp-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Can Rollover OP Encryption Key	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-roll-op-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Support RP Encryption Key Rollover	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-roll-rp-enc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|request_uri Request Parameter\|request_uri Request Parameter}}
Support request_uri Request Parameter	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-reqfile-x-Mitre Test \|noresultsheader = Not Tested }}
Support request_uri Request Parameter with Signed Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Support request_uri Request Parameter with Encrypted Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Support request_uri Request Parameter with Signed and Encrypted Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-ruri-sigenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|request Request Parameter\|request Request Parameter}}
Support request Request Parameter with Signed Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-sig-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|claims Request Parameter\|claims Request Parameter}}
Support claims Request Specifying sub Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-userid-x-Mitre Test \|noresultsheader = Not Tested }}
Support claims Request Specifying sub Value when prompt none Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-req-userid-none-x-Mitre Test \|noresultsheader = Not Tested }}
Supports Returning Claims in ID Token	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-idt-x-Mitre Test \|noresultsheader = Not Tested }}
Supports Returning Different Claims in ID Token and UserInfo Endpoint	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-split-x-Mitre Test \|noresultsheader = Not Tested }}
Supports Combining Claims Requested with scope and claims Request Parameter	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-combined-x-Mitre Test \|noresultsheader = Not Tested }}
Providing Individually Requested Essential Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-essential-x-Mitre Test \|noresultsheader = Not Tested }}
Providing Individually Requested Voluntary Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-voluntary-x-Mitre Test \|noresultsheader = Not Tested }}
Providing Individually Requested Essential and Voluntary Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-clm-essandvol-x-Mitre Test \|noresultsheader = Not Tested }}
Providing ID Token with Essential auth_time Claim	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-atime-essential-x-Mitre Test \|noresultsheader = Not Tested }}
Providing ID Token with Essential acr Claim	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-acr-essential-x-Mitre Test \|noresultsheader = Not Tested }}
Providing ID Token with Voluntary acr Claim	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-acr-voluntary-x-Mitre Test \|noresultsheader = Not Tested }}
Support Request for acr Value of 1	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-acr-1-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Third Party Initiated Login\|Third Party Initiated Login}}
Can Request OP Initiated Login	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-init-login-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Session Management\|Session Management}}
Logout Initiated by OP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-logout-init-x-Mitre Test \|noresultsheader = Not Tested }}
Logout Received by OP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-logout-received-x-Mitre Test \|noresultsheader = Not Tested }}
State Change Other than Logout Communicated	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-op-change-init-x-Mitre Test \|noresultsheader = Not Tested }}

{{#if:\|Feature Tests for \|Feature Tests for }}	Mitre Test
{{#if:\|Relying Party Features \|Relying Party Features }}
{{#if:\|Response Type & Response Mode\|Response Type & Response Mode}}
Can Make Request with code Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-rtyp-code-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Request with id_token Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-rtyp-id_token-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Request with id_token token Response Type	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-rtyp-id_token-token-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use Self-Issued OP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-selfissued-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Request with form_post Response Mode	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-rmod-form-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|ID Token\|ID Token}}
Rejects ID Token with Invalid Audience	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-aud-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Incorrect at_hash when Implicit Flow Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-hash-badat-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Incorrect c_hash when Code Flow Used	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-hash-badc-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Invalid Asymmetric ID Token Signature	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-rs256-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Unsecured ID Token Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-idt-uns-x-Mitre Test \|noresultsheader = Not Tested }}
Reject Invalid Symmetric ID Token Signature	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-hs256-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use Elliptic Curve ID Token Signatures	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-idt-ec-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted ID Token Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-idt-signenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|UserInfo Endpoint\|UserInfo Endpoint}}
Accesses UserInfo Endpoint with Header Method	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-hdr-x-Mitre Test \|noresultsheader = Not Tested }}
Does Not Access UserInfo Endpoint with Query Parameter Method	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-not-query-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects UserInfo with Invalid Subject	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-userinfo-sub-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Signed UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-sign-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Encrypted UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted UserInfo Response	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ui-signenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|scope Request Parameter\|scope Request Parameter}}
Requesting UserInfo Claims with scope Values	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-scope-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Client Authentication\|Client Authentication}}
Can Make Access Token Request with client_secret_basic Authentication	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-tok-csbasic-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_post Authentication	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-tok-cspost-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Access Token Request with private_key_jwt Authentication	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-tok-pkjwt-x-Mitre Test \|noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_jwt Authentication	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-tok-csjwt-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Discovery\|Discovery}}
Uses WebFinger Discovery	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-discovery-x-Mitre Test \|noresultsheader = Not Tested }}
Can Discover Identifiers using E-Mail Syntax	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ids-email-x-Mitre Test \|noresultsheader = Not Tested }}
Can Discover Identifiers using URL Syntax	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ids-url-x-Mitre Test \|noresultsheader = Not Tested }}
Uses openid-configuration Discovery Information	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-disc-config-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects Discovered issuer Not Matching openid-configuration Path Prefix	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-disc-issuer-x-Mitre Test \|noresultsheader = Not Tested }}
Rejects ID Token with iss Not Matching Discovered issuer	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-bad-iss-issuer-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Keys Discovered with jwks_uri Value	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-keys-jwks_uri-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Dynamic Client Registration\|Dynamic Client Registration}}
Uses Dynamic Registration	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-registration-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Key Rollover\|Key Rollover}}
Support OP Signing Key Rollover	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-roll-op-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Can Rollover RP Signing Key	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-roll-rp-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Support OP Encryption Key Rollover	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-roll-op-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Can Rollover RP Encryption Key	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-roll-rp-enc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|request_uri Request Parameter\|request_uri Request Parameter}}
Can Use request_uri Request Parameter with Unsecured Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ruri-uns-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ruri-sig-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Encrypted Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ruri-enc-x-Mitre Test \|noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed and Encrypted Request	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-ruri-sigenc-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|claims Request Parameter\|claims Request Parameter}}
Requesting UserInfo Claims with claims Request Parameter	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-reqobj-x-Mitre Test \|noresultsheader = Not Tested }}
Can Request and Use Claims in id_token	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-clm-idt-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Third Party Initiated Login\|Third Party Initiated Login}}
Support Third-Party Initiated Login	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-3rd-login-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Claim Types\|Claim Types}}
Uses Aggregated Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-clm-aggreg-x-Mitre Test \|noresultsheader = Not Tested }}
Uses Distributed Claims	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-clm-dist-x-Mitre Test \|noresultsheader = Not Tested }}
{{#if:\|Session Management\|Session Management}}
Logout Initiated by RP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-logout-init-x-Mitre Test \|noresultsheader = Not Tested }}
Logout Received by RP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-logout-received-x-Mitre Test \|noresultsheader = Not Tested }}
State Change Other than Logout Received by RP	bgcolor={{{color}}}}}\|{{#dpl: \|include = {OC5 Result}:outcome \|title = OC5:FTR-rp-change-received-x-Mitre Test \|noresultsheader = Not Tested }}

Difference between revisions of "OC5:MITREid Connect"

Revision as of 15:51, 24 June 2013

Mitre Test

OC5 OP FeatureTest List

OC5 RP FeatureTest List

OC5 FeatureTest List

OC5 Feature Test List

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools