I5:FeatureTest-OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed

From OSIS Open Source Identity Systems
Jump to: navigation, search

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|FeatureTest-OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=FeatureTest,from={{#var:page}},namespace=I5|copy]]  [[Special:Call/DT Articles list XML,type=FeatureTest,title={{#var:page}},namespace=I5|as XML]]  edit
}}
{{#if:|Feature Test |Feature Test }}   OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed
Test Type   bgcolor={{{color}}}}}|OpenID Authentication
Identifier   bgcolor={{{color}}}}}|FTR-orp-sec-7  
Description   bgcolor={{{color}}}}}|Tests OpenID RP's verification of response signature  
Role tested   bgcolor={{{color}}}}}|OpenID Identity Relying Party  
Known Successful Reference Solution(s)   bgcolor={{{color}}}}}|{{ #if: |
[[I5:]]}}{{ #if: Plaxo Signin |
I5:Plaxo Signin}} {{ #if: |
}} {{ #if: |
}}  
Success Criteria   bgcolor={{{color}}}}}|The RP detects the replay and rejects asertions with duplicate nonces  
Failure Criteria   bgcolor={{{color}}}}}|The RP allows multiple logins with the same nonce  

Features Proven

{{#dpl:debug=1

 |resultsheader=\n
 |noresultsheader= {|\n|bgcolor=#eeeeee|No matching Feature found.\n|}\n
 |category=Feature
 |namespace=I5
 |linksto=I5:FeatureTest-OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed
 |nottitlematch = Feature.edit
 |include={Feature}.viewfromtest
 |includematch=/FeatureTest-OpenID Relying Party validates the 2.0 signature on the assertion is valid and all fields that are required to be signed are signed/s
 |table=class=sortable,-,Feature,feature_type,solution_role

}}

Instructions

  1. Open the result page for your solution and this test.
  2. Open the OpenID login page for your relying party.
  3. Enter http://test-id.org/RP/SignatureCheck20.aspx into the OpenID login field of the page.
    1. You will not be prompted for authentication.
    2. There are 8 sub tests
    3. Click on the the buttons to perform each of the tampering tests in turn.
  4. When you are returned to the RP enter http://test-id.org/RP/SignatureCheck20.aspx to procede with the next test.
  5. Success is the RP rejecting all 4 login attempts.
  6. Failure is the RP allowing a login
  7. Set outcome in the results page:
    1. If the success criteria was met, set the outcome to "Works".
    2. If the test failed, set the outcome to "Failed" and enter information about the failure in the Notes section.
    3. If other issues occurred set the result to "Issues" and describe them in the Notes section.
  8. Add either four tilde ~~~~ signs or a text name into the "Tested by" parameter.
  9. Update the Date Tested, Browser, and Operating System lines of the results page.