Difference between revisions of "OC5:MITREid Connect"

From OSIS Open Source Identity Systems
Jump to: navigation, search
(Added RP endpoint)
(Correct solutionowner field so that it refers to the MITRE participant record)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{DT Article|index=}}
 
{{DT Article|index=}}
== Mitre Test ==
+
== MITREid Connect ==
 
{{OC5 Solution
 
{{OC5 Solution
   |name              = Mitre Test
+
   |name              = MITREid Connect
   |identifier        = mitretest
+
   |identifier        = mitreid
   |summary          = Mitre OpenID Connect Implementation in Java on top of Spring and Spring Security
+
   |summary          = MITRE OpenID Connect Implementation in Java on top of Spring and Spring Security
 
   |homepage          = https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/
 
   |homepage          = https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/
   |instructions      = Accounts on the OP will only be available to MITRE personnel, but we plan to have it set up to talk to all RPs. At the moment, we've got to register the RPs by hand, but it should be enough to start the interop testing.  The way the RP works, you hit the home page and you're not logged in, but click the "user" link on the bottom to be put through the login process (because that page requires "user" level access). You'll then be prompted to enter your webfinger id, and the system should take over from there.
+
   |instructions      = Test user at server is "user" with password "password". RP login is triggered by clicking on the "User" link (which is a protected page). Both handle discovery and dynamic registration.
 
   |latestversion    =  
 
   |latestversion    =  
 
   |latestreleasedate =  
 
   |latestreleasedate =  
   |solutionowner    = Mitre
+
   |solutionowner    = MITRE
 
   |solutionrole1    = OP
 
   |solutionrole1    = OP
   |solutionendpoint1 = https://id.mitre.org/connect/
+
   |solutionendpoint1 = https://mitreid.org/
 
   |solutionrole2    = RP
 
   |solutionrole2    = RP
   |solutionendpoint2 = http://rivers.richer.org:8080/simple-web-app/
+
   |solutionendpoint2 = https://mitreid.org/rp/
 
   |solutionrole3    =
 
   |solutionrole3    =
 
   |solutionendpoint3 =  
 
   |solutionendpoint3 =  

Latest revision as of 04:12, 31 July 2013

{{#vardefine:DtArticleSortKey|}}

MITREid Connect

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:MITREid Connect|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=OC5 Solution,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=OC5 Solution,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|OC5 Solution |OC5 Solution }}   MITREid Connect
Identifier   bgcolor={{{color}}}}}|mitreid  
Description   bgcolor={{{color}}}}}|MITRE OpenID Connect Implementation in Java on top of Spring and Spring Security  
Product Page   bgcolor={{{color}}}}}|https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/  
Project or solution logo (if different than Participant logo)   bgcolor={{{color}}}}}|
Latest Version   bgcolor={{{color}}}}}| 
Latest Release Date   bgcolor={{{color}}}}}| 
Installation/Operation Instructions   bgcolor={{{color}}}}}|Test user at server is "user" with password "password". RP login is triggered by clicking on the "User" link (which is a protected page). Both handle discovery and dynamic registration.  
Operated by   bgcolor={{{color}}}}}|MITRE
Interop Roles   bgcolor={{{color}}}}}|OP {{ #if: https://mitreid.org/ |: https://mitreid.org/ |}}  
  bgcolor={{{color}}}}}|RP {{ #if: https://mitreid.org/rp/ |: https://mitreid.org/rp/ |}}  
  bgcolor={{{color}}}}}|{{ #if: |: |}}  
  bgcolor={{{color}}}}}|{{ #if: |: |}}  

Click here for help populating this chart.

{{ #if: OP | {{#vardefine:DtArticleSortKey|}}

OC5 OP FeatureTest List

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:MITREid Connect|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=OP_FeatureTest_List,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=OP_FeatureTest_List,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|Feature Tests for |Feature Tests for }}   MITREid Connect
{{#if:|OpenID Provider Features |OpenID Provider Features }}    
{{#if:|Response Type & Response Mode|Response Type & Response Mode}}    
Support code Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-code-x-MITREid Connect |noresultsheader = Not Tested }}
Support id_token Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-idt-x-MITREid Connect |noresultsheader = Not Tested }}
Support Combination of id_token token Response Types   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-idttoken-x-MITREid Connect |noresultsheader = Not Tested }}
Support Combination of id_token code Response Types   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-idtcode-x-MITREid Connect |noresultsheader = Not Tested }}
Support Combination of code token Response Types   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-codetoken-x-MITREid Connect |noresultsheader = Not Tested }}
Support Combination of code id_token token Response Types   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-codeidttoken-x-MITREid Connect |noresultsheader = Not Tested }}
Reject Request Without response_type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rtyp-none-x-MITREid Connect |noresultsheader = Not Tested }}
Support form_post Response Mode   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-rmod-form-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|ID Token|ID Token}}    
ID Token has Issuer   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-iss-x-MITREid Connect |noresultsheader = Not Tested }}
ID Token has Subject   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-sub-x-MITREid Connect |noresultsheader = Not Tested }}
ID Token has Audience   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-aud-x-MITREid Connect |noresultsheader = Not Tested }}
ID Token has Key ID   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-kid-x-MITREid Connect |noresultsheader = Not Tested }}
Support Requests Containing nonce   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-nonce-present-x-MITREid Connect |noresultsheader = Not Tested }}
Includes at_hash in ID Token when Implicit Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-hash-at-x-MITREid Connect |noresultsheader = Not Tested }}
Includes c_hash in ID Token when Code Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-hash-c-x-MITREid Connect |noresultsheader = Not Tested }}
Uses Asymmetric ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-alg-rs256-x-MITREid Connect |noresultsheader = Not Tested }}
Can Provide Unsecured ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-uns-x-MITREid Connect |noresultsheader = Not Tested }}
Uses Symmetric ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-alg-hs256-x-MITREid Connect |noresultsheader = Not Tested }}
Support Elliptic Curve ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-ec-x-MITREid Connect |noresultsheader = Not Tested }}
Can Provide Signed and Encrypted ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-idt-signenc-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|UserInfo Endpoint|UserInfo Endpoint}}    
UserInfo Endpoint   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-userinfo-x-MITREid Connect |noresultsheader = Not Tested }}
UserInfo Endpoint Access with Header Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-hdr-x-MITREid Connect |noresultsheader = Not Tested }}
UserInfo Endpoint Access with Form-Encoded Body Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-body-x-MITREid Connect |noresultsheader = Not Tested }}
UserInfo has Subject   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-userinfo-sub-x-MITREid Connect |noresultsheader = Not Tested }}
Can Provide Signed UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-sign-x-MITREid Connect |noresultsheader = Not Tested }}
Can Provide Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-enc-x-MITREid Connect |noresultsheader = Not Tested }}
Can Provide Signed and Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ui-signenc-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|nonce Request Parameter|nonce Request Parameter}}    
Support Requests Without nonce   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-nonce-notused-x-MITREid Connect |noresultsheader = Not Tested }}
Reject Requests Without nonce Using Implicit Flow   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-nonce-missing-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|scope Request Parameter|scope Request Parameter}}    
Support scope Requesting No Specific Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-openid-x-MITREid Connect |noresultsheader = Not Tested }}
Support scope Requesting profile Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-prof-x-MITREid Connect |noresultsheader = Not Tested }}
Support scope Requesting email Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-email-x-MITREid Connect |noresultsheader = Not Tested }}
Support scope Requesting address Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-addr-x-MITREid Connect |noresultsheader = Not Tested }}
Support scope Requesting phone Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-phone-x-MITREid Connect |noresultsheader = Not Tested }}
Support scope Requesting All Basic Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-scp-all-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|display Request Parameter|display Request Parameter}}    
Support display value page   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-dsp-page-x-MITREid Connect |noresultsheader = Not Tested }}
Support display value popup   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-dsp-popup-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|prompt Request Parameter|prompt Request Parameter}}    
Support prompt value none   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-pro-none-x-MITREid Connect |noresultsheader = Not Tested }}
Support prompt value login   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-pro-login-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Misc Request Parameters|Misc Request Parameters}}    
Providing ID Token with max_age Restriction   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-maxage-x-MITREid Connect |noresultsheader = Not Tested }}
Support id_token_hint Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-idthint-x-MITREid Connect |noresultsheader = Not Tested }}
Ignores Extra Query Component in Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-extquery-x-MITREid Connect |noresultsheader = Not Tested }}
Rejects Second Use of Access Code   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-code-2nd-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|OAuth Behaviors|OAuth Behaviors}}    
Second Use of Access Code Revokes Previously Issued Access Token   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-code-2nd-revokes-x-MITREid Connect |noresultsheader = Not Tested }}
Reject redirect_uri Not Matching a Registered redirect_uri   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-notreg-x-MITREid Connect |noresultsheader = Not Tested }}
Reject Request Without redirect_uri when Multiple Registered   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-nonebad-x-MITREid Connect |noresultsheader = Not Tested }}
Accept Request Without redirect_uri when One Registered   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-noneok-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|redirect_uri|redirect_uri}}    
Preserves Query Parameter in redirect_uri   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-query-x-MITREid Connect |noresultsheader = Not Tested }}
Preserves Query Parameter in Registered redirect_uri   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-regquery-x-MITREid Connect |noresultsheader = Not Tested }}
Rejects redirect_uri when Query Parameter Does Not Match   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-noqmatch-x-MITREid Connect |noresultsheader = Not Tested }}
Reject Registration of redirect_uri with Fragment   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-regfrag-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Client Authentication|Client Authentication}}    
Support Authentication to Token Endpoint using HTTP Basic with POST   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-tok-basicpost-x-MITREid Connect |noresultsheader = Not Tested }}
Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-tok-cspost-x-MITREid Connect |noresultsheader = Not Tested }}
Support Authentication to Token Endpoint with Asymmetrically Signed JWTs   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-tok-pkjwt-x-MITREid Connect |noresultsheader = Not Tested }}
Support Authentication to Token Endpoint with Symmetrically Signed JWTs   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-tok-csjwt-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Discovery|Discovery}}    
Support WebFinger Discovery   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-discovery-x-MITREid Connect |noresultsheader = Not Tested }}
Publish openid-configuration Discovery Information   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-disc-config-x-MITREid Connect |noresultsheader = Not Tested }}
Discovered issuer Matches openid-configuration Path Prefix   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-disc-issuer-x-MITREid Connect |noresultsheader = Not Tested }}
Discovered issuer Matches ID Token iss Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-iss-issuer-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Dynamic Client Registration|Dynamic Client Registration}}    
Enables Dynamic Registration   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-registration-x-MITREid Connect |noresultsheader = Not Tested }}
Support Registration Read   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-reg-read-x-MITREid Connect |noresultsheader = Not Tested }}
Uses Keys Registered with jwks_uri Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-keys-jwks_uri-x-MITREid Connect |noresultsheader = Not Tested }}
Uses Keys Registered with jwks Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-keys-jwks-x-MITREid Connect |noresultsheader = Not Tested }}
Providing public sub Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-id-public-x-MITREid Connect |noresultsheader = Not Tested }}
Providing pairwise sub Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-id-pairwise-x-MITREid Connect |noresultsheader = Not Tested }}
Public and pairwise sub Values Differ   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-id-differ-x-MITREid Connect |noresultsheader = Not Tested }}
Supports using Sector Identifier for Pairwise sub Values   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-sector-id-x-MITREid Connect |noresultsheader = Not Tested }}
Rejects Sector Identifier Not Containing Registered redirect_uri Values   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-sector-bad-x-MITREid Connect |noresultsheader = Not Tested }}
Displays Logo in Login Page   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-disp-logo-x-MITREid Connect |noresultsheader = Not Tested }}
Displays Policy URI in Login Page   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-disp-policy-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Key Rollover|Key Rollover}}    
Can Rollover OP Signing Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-roll-op-sig-x-MITREid Connect |noresultsheader = Not Tested }}
Support RP Signing Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-roll-rp-sig-x-MITREid Connect |noresultsheader = Not Tested }}
Can Rollover OP Encryption Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-roll-op-enc-x-MITREid Connect |noresultsheader = Not Tested }}
Support RP Encryption Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-roll-rp-enc-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|request_uri Request Parameter|request_uri Request Parameter}}    
Support request_uri Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-reqfile-x-MITREid Connect |noresultsheader = Not Tested }}
Support request_uri Request Parameter with Signed Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-sig-x-MITREid Connect |noresultsheader = Not Tested }}
Support request_uri Request Parameter with Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-enc-x-MITREid Connect |noresultsheader = Not Tested }}
Support request_uri Request Parameter with Signed and Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-ruri-sigenc-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|request Request Parameter|request Request Parameter}}    
Support request Request Parameter with Signed Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-sig-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|claims Request Parameter|claims Request Parameter}}    
Support claims Request Specifying sub Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-userid-x-MITREid Connect |noresultsheader = Not Tested }}
Support claims Request Specifying sub Value when prompt none Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-req-userid-none-x-MITREid Connect |noresultsheader = Not Tested }}
Supports Returning Claims in ID Token   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-idt-x-MITREid Connect |noresultsheader = Not Tested }}
Supports Returning Different Claims in ID Token and UserInfo Endpoint   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-split-x-MITREid Connect |noresultsheader = Not Tested }}
Supports Combining Claims Requested with scope and claims Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-combined-x-MITREid Connect |noresultsheader = Not Tested }}
Providing Individually Requested Essential Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-essential-x-MITREid Connect |noresultsheader = Not Tested }}
Providing Individually Requested Voluntary Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-voluntary-x-MITREid Connect |noresultsheader = Not Tested }}
Providing Individually Requested Essential and Voluntary Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-clm-essandvol-x-MITREid Connect |noresultsheader = Not Tested }}
Providing ID Token with Essential auth_time Claim   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-atime-essential-x-MITREid Connect |noresultsheader = Not Tested }}
Providing ID Token with Essential acr Claim   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-acr-essential-x-MITREid Connect |noresultsheader = Not Tested }}
Providing ID Token with Voluntary acr Claim   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-acr-voluntary-x-MITREid Connect |noresultsheader = Not Tested }}
Support Request for acr Value of 1   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-acr-1-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Third Party Initiated Login|Third Party Initiated Login}}    
Can Request OP Initiated Login   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-init-login-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Session Management|Session Management}}    
Logout Initiated by OP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-logout-init-x-MITREid Connect |noresultsheader = Not Tested }}
Logout Received by OP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-logout-received-x-MITREid Connect |noresultsheader = Not Tested }}
State Change Other than Logout Communicated   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-op-change-init-x-MITREid Connect |noresultsheader = Not Tested }}


|

}}

{{ #if: RP | {{#vardefine:DtArticleSortKey|}}

OC5 RP FeatureTest List

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|MITREid Connect}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:MITREid Connect|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=RP_FeatureTest_List,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=RP_FeatureTest_List,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|Feature Tests for |Feature Tests for }}   MITREid Connect
{{#if:|Relying Party Features |Relying Party Features }}    
{{#if:|Response Type & Response Mode|Response Type & Response Mode}}    
Can Make Request with code Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-code-x-MITREid Connect |noresultsheader = Not Tested }}
Can Make Request with id_token Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-id_token-x-MITREid Connect |noresultsheader = Not Tested }}
Can Make Request with id_token token Response Type   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rtyp-id_token-token-x-MITREid Connect |noresultsheader = Not Tested }}
Can Use Self-Issued OP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-selfissued-x-MITREid Connect |noresultsheader = Not Tested }}
Can Make Request with form_post Response Mode   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-rmod-form-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|ID Token|ID Token}}    
Rejects ID Token with Invalid Audience   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-aud-x-MITREid Connect |noresultsheader = Not Tested }}
Rejects Incorrect at_hash when Implicit Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-hash-badat-x-MITREid Connect |noresultsheader = Not Tested }}
Rejects Incorrect c_hash when Code Flow Used   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-hash-badc-x-MITREid Connect |noresultsheader = Not Tested }}
Reject Invalid Asymmetric ID Token Signature   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-rs256-x-MITREid Connect |noresultsheader = Not Tested }}
Can Request and Use Unsecured ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-uns-x-MITREid Connect |noresultsheader = Not Tested }}
Reject Invalid Symmetric ID Token Signature   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-hs256-x-MITREid Connect |noresultsheader = Not Tested }}
Can Use Elliptic Curve ID Token Signatures   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-ec-x-MITREid Connect |noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted ID Token Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-idt-signenc-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|UserInfo Endpoint|UserInfo Endpoint}}    
Accesses UserInfo Endpoint with Header Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-hdr-x-MITREid Connect |noresultsheader = Not Tested }}
Does Not Access UserInfo Endpoint with Query Parameter Method   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-not-query-x-MITREid Connect |noresultsheader = Not Tested }}
Rejects UserInfo with Invalid Subject   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-userinfo-sub-x-MITREid Connect |noresultsheader = Not Tested }}
Can Request and Use Signed UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-sign-x-MITREid Connect |noresultsheader = Not Tested }}
Can Request and Use Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-enc-x-MITREid Connect |noresultsheader = Not Tested }}
Can Request and Use Signed and Encrypted UserInfo Response   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ui-signenc-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|scope Request Parameter|scope Request Parameter}}    
Requesting UserInfo Claims with scope Values   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-scope-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Client Authentication|Client Authentication}}    
Can Make Access Token Request with client_secret_basic Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-csbasic-x-MITREid Connect |noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_post Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-cspost-x-MITREid Connect |noresultsheader = Not Tested }}
Can Make Access Token Request with private_key_jwt Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-pkjwt-x-MITREid Connect |noresultsheader = Not Tested }}
Can Make Access Token Request with client_secret_jwt Authentication   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-tok-csjwt-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Discovery|Discovery}}    
Uses WebFinger Discovery   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-discovery-x-MITREid Connect |noresultsheader = Not Tested }}
Can Discover Identifiers using E-Mail Syntax   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ids-email-x-MITREid Connect |noresultsheader = Not Tested }}
Can Discover Identifiers using URL Syntax   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ids-url-x-MITREid Connect |noresultsheader = Not Tested }}
Uses openid-configuration Discovery Information   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-disc-config-x-MITREid Connect |noresultsheader = Not Tested }}
Rejects Discovered issuer Not Matching openid-configuration Path Prefix   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-disc-issuer-x-MITREid Connect |noresultsheader = Not Tested }}
Rejects ID Token with iss Not Matching Discovered issuer   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-bad-iss-issuer-x-MITREid Connect |noresultsheader = Not Tested }}
Uses Keys Discovered with jwks_uri Value   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-keys-jwks_uri-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Dynamic Client Registration|Dynamic Client Registration}}    
Uses Dynamic Registration   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-registration-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Key Rollover|Key Rollover}}    
Support OP Signing Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-op-sig-x-MITREid Connect |noresultsheader = Not Tested }}
Can Rollover RP Signing Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-rp-sig-x-MITREid Connect |noresultsheader = Not Tested }}
Support OP Encryption Key Rollover   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-op-enc-x-MITREid Connect |noresultsheader = Not Tested }}
Can Rollover RP Encryption Key   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-roll-rp-enc-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|request_uri Request Parameter|request_uri Request Parameter}}    
Can Use request_uri Request Parameter with Unsecured Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-uns-x-MITREid Connect |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-sig-x-MITREid Connect |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-enc-x-MITREid Connect |noresultsheader = Not Tested }}
Can Use request_uri Request Parameter with Signed and Encrypted Request   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-ruri-sigenc-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|claims Request Parameter|claims Request Parameter}}    
Requesting UserInfo Claims with claims Request Parameter   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-reqobj-x-MITREid Connect |noresultsheader = Not Tested }}
Can Request and Use Claims in id_token   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-idt-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Third Party Initiated Login|Third Party Initiated Login}}    
Support Third-Party Initiated Login   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-3rd-login-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Claim Types|Claim Types}}    
Uses Aggregated Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-aggreg-x-MITREid Connect |noresultsheader = Not Tested }}
Uses Distributed Claims   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-clm-dist-x-MITREid Connect |noresultsheader = Not Tested }}
{{#if:|Session Management|Session Management}}    
Logout Initiated by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-logout-init-x-MITREid Connect |noresultsheader = Not Tested }}
Logout Received by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-logout-received-x-MITREid Connect |noresultsheader = Not Tested }}
State Change Other than Logout Received by RP   bgcolor={{{color}}}}}|{{#dpl: |include = {OC5 Result}:outcome |title = OC5:FTR-rp-change-received-x-MITREid Connect |noresultsheader = Not Tested }}


|

}}

{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 FeatureTest List

Template:OC5 FeatureTest List | }}


{{ #if: | {{#vardefine:DtArticleSortKey|}}

OC5 Feature Test List

Template:OC5 Feature Test List | }} {{ #if: OP | | }} {{ #if: RP | | }} {{ #if: | | }} {{ #if: | | }}