I5:FeatureTest-OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed
From OSIS Open Source Identity Systems
| list help copy as XML edit |
| Feature Test | OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed |
| Test Type | OpenID Authentication |
| Identifier | FTR-orp-sec-7 |
| Description | Tests OpenID RP's verification of response signature |
| Role tested | OpenID Identity Relying Party |
| Known Successful Reference Solution(s) | I5:Plaxo Signin |
| Success Criteria | The RP detects the replay and rejects asertions with duplicate nonces |
| Failure Criteria | The RP allows multiple logins with the same nonce |
Features Proven
| Feature | feature_type | solution_role |
|---|---|---|
| OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed | OpenID Relying Party | interop |
- Open the result page for your solution and this test.
- Open the OpenID login page for your relying party.
- Enter http://test-id.org/RP/SignatureCheck20.aspx into the OpenID login field of the page.
- You will not be prompted for authentication.
- There are 8 sub tests
- Click on the the buttons to perform each of the tampering tests in turn.
- When you are returned to the RP enter http://test-id.org/RP/SignatureCheck20.aspx to procede with the next test.
- Success is the RP rejecting all 4 login attempts.
- Failure is the RP allowing a login
- Set outcome in the results page:
- If the success criteria was met, set the outcome to "Works".
- If the test failed, set the outcome to "Failed" and enter information about the failure in the Notes section.
- If other issues occurred set the result to "Issues" and describe them in the Notes section.
- Add either four tilde ~~~~ signs or a text name into the "Tested by" parameter.
- Update the Date Tested, Browser, and Operating System lines of the results page.
