I4:FeatureTest-OpenID Provider redirects http URLs to https URLs for discovery
From OSIS Open Source Identity Systems
| list help copy as XML edit |
| Feature Test | OpenID Provider redirects http URLs to https URLs for discovery |
| Test Type | OpenID Security |
| Identifier | FTR-op-sec-1 |
| Description | Tests OpenID Provider's support for consistant URI normalisation of the scheme and path. |
| Role tested | OpenID Identity Provider |
| Known Successful Reference Solution(s) | I4:Yahoo OpenID Provider I4:mixi.jp |
| Success Criteria | http redirect to https: version of openID and the X-XRDS-Location, X-YADIS-Location headers contain https URI |
| Failure Criteria | No redirect to https or headers contain http: URI |
Features Proven
| Feature | feature_type | solution_role |
|---|---|---|
| OpenID Provider redirects http URLs to https URLs for discovery | OpenID Identity Provider | interop |
Instructions
- Open the result page for your solution and for this test.
- Enter the http: version of the test openID in the browser
- You should be directed to a openID identity page.
- Check to see if the URI in the browser bar has changed to https:
- Look at the page source.
- Verify that the Meta-Data contined in the page has the XRDS documents retreved via https: URI look for X-XRDS-Location and X-YADIS-Location
- Set outcome:
- If the success criteria was met, set the outcome to "Works".
- If the test failed, set the outcome to "Failed" and enter information about the failure in the Notes section.
- If other issues occurred set the result to "Issues" and describe them in the Notes section.
- Add either four tilde ~~~~ signs or a text name into the "Tested by" parameter.
- Update the Date Tested, Browser, and Operating System lines of the results page.
