I5:FeatureTest-OpenID Relying Party validates positive assertions against Discovered Information

From OSIS Open Source Identity Systems
Jump to: navigation, search

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|FeatureTest-OpenID Relying Party validates positive assertions against Discovered Information}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:OpenID Relying Party validates positive assertions against Discovered Information|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=FeatureTest,from={{#var:page}},namespace=I5|copy]]  [[Special:Call/DT Articles list XML,type=FeatureTest,title={{#var:page}},namespace=I5|as XML]]  edit
}}
{{#if:|Feature Test |Feature Test }}   OpenID Relying Party validates positive assertions against Discovered Information
Test Type   bgcolor={{{color}}}}}|OpenID Authentication
Identifier   bgcolor={{{color}}}}}|FTR-orp-sec-4  
Description   bgcolor={{{color}}}}}|Tests OpenID Relying Party validates positive assertions against Discovered Information  
Role tested   bgcolor={{{color}}}}}|OpenID Identity Relying Party  
Known Successful Reference Solution(s)   bgcolor={{{color}}}}}|{{ #if: JanRain PHP |
I5:JanRain PHP}}{{ #if: |
[[I5:]]}} {{ #if: |
}} {{ #if: |
}}  
Success Criteria   bgcolor={{{color}}}}}|The RP validates all the required fields against the discovered information  
Failure Criteria   bgcolor={{{color}}}}}|The RP allows one of the 7 tests that should result in a failure to log in or rejects one of the two tests that should pass.  

Features Proven

{{#dpl:debug=1

 |resultsheader=\n
 |noresultsheader= {|\n|bgcolor=#eeeeee|No matching Feature found.\n|}\n
 |category=Feature
 |namespace=I5
 |linksto=I5:FeatureTest-OpenID Relying Party validates positive assertions against Discovered Information
 |nottitlematch = Feature.edit
 |include={Feature}.viewfromtest
 |includematch=/FeatureTest-OpenID Relying Party validates positive assertions against Discovered Information/s
 |table=class=sortable,-,Feature,feature_type,solution_role

}}

Instructions

  1. Open the result page for your solution and this test.
  2. Open the OpenID login page for your relying party.
  3. Enter http://test-id.org/RP/VerifyAssertionDiscovery.aspx into the OpenID login field of the page.
  4. Once you are redirected to the OP you can select a kind of tampering technique to apply to the returned assertion
    1. There are 9 sub test that must fail authentication Your RP MUST detect and reject all 7 types of tampering attacks.
    2. There are 2 sub test that must pass authentication Your RP MUST allow those 2 tests
  5. Failure is a incorrect result for any of the 9 sub tests
  6. Set outcome in the results page:
    1. If the success criteria was met, set the outcome to "Works".
    2. If the test failed, set the outcome to "Failed" and enter information about the failure in the Notes section.
    3. If other issues occurred set the result to "Issues" and describe them in the Notes section.
  7. Add either four tilde ~~~~ signs or a text name into the "Tested by" parameter.
  8. Update the Date Tested, Browser, and Operating System lines of the results page.