I5:FeatureTest-OpenID Relying Party validates an assertion with the same openid.response nonce has not already been processed

From OSIS Open Source Identity Systems
Jump to: navigation, search

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|FeatureTest-OpenID Relying Party validates an assertion with the same openid.response nonce has not already been processed}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:OpenID Relying Party validates an assertion with the same openid.response nonce has not already been processed|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=FeatureTest,from={{#var:page}},namespace=I5|copy]]  [[Special:Call/DT Articles list XML,type=FeatureTest,title={{#var:page}},namespace=I5|as XML]]  edit
}}
{{#if:|Feature Test |Feature Test }}   OpenID Relying Party validates an assertion with the same openid.response nonce has not already been processed
Test Type   bgcolor={{{color}}}}}|OpenID Authentication
Identifier   bgcolor={{{color}}}}}|FTR-orp-sec-5  
Description   bgcolor={{{color}}}}}|Tests OpenID RP's verification of response nonce for replay  
Role tested   bgcolor={{{color}}}}}|OpenID Identity Relying Party  
Known Successful Reference Solution(s)   bgcolor={{{color}}}}}|{{ #if: JanRain PHP |
I5:JanRain PHP}}{{ #if: Plaxo Signin |
I5:Plaxo Signin}} {{ #if: |
}} {{ #if: |
}}  
Success Criteria   bgcolor={{{color}}}}}|The RP detects the replay and rejects asertions with duplicate nonces  
Failure Criteria   bgcolor={{{color}}}}}|The RP allows multiple logins with the same nonce  

Features Proven

{{#dpl:debug=1

 |resultsheader=\n
 |noresultsheader= {|\n|bgcolor=#eeeeee|No matching Feature found.\n|}\n
 |category=Feature
 |namespace=I5
 |linksto=I5:FeatureTest-OpenID Relying Party validates an assertion with the same openid.response nonce has not already been processed
 |nottitlematch = Feature.edit
 |include={Feature}.viewfromtest
 |includematch=/FeatureTest-OpenID Relying Party validates an assertion with the same openid.response nonce has not already been processed/s
 |table=class=sortable,-,Feature,feature_type,solution_role

}}

Instructions

  1. Open the result page for your solution and this test.
  2. Open the OpenID login page for your relying party.
  3. Enter http://test-id.org/RP/ResponseNonceCheck.aspx into the OpenID login field of the page.
    1. You will not be prompted for authentication.
  4. Click on the login button on the OP page.
  5. make certain you are successfully logged in to the RP
  6. Select the browsers back button to return to the test page.
  7. Click on the login button
  8. You are returned to the RP with the same nonce.
  9. Success is the RP rejecting the second login.
  10. Failure is the RP allowing the second login
  11. Set outcome in the results page:
    1. If the success criteria was met, set the outcome to "Works".
    2. If the test failed, set the outcome to "Failed" and enter information about the failure in the Notes section.
    3. If other issues occurred set the result to "Issues" and describe them in the Notes section.
  12. Add either four tilde ~~~~ signs or a text name into the "Tested by" parameter.
  13. Update the Date Tested, Browser, and Operating System lines of the results page.