I5:FeatureTest-RP Rejection of Tokens Outside Reasonable Validity Windows
From OSIS Open Source Identity Systems
|list help copy as XML edit|
|Feature Test||RP Rejection of Tokens Outside Reasonable Validity Windows|
|Test Type||Token Validation|
|Description||Tests that a Relying Party will not accept either a very old or a very futuristic token. Our definition of being outside a reasonable validity window is either plus or minus 30 days.|
|Role tested||Information Card Relying Party|
|Known Successful Reference Solution(s)|
I5:CardSpace .NET Framework 3.5
|Success Criteria||Relying party rejects token gracefully|
|Failure Criteria||Relying party crashes or continues|
|Token with out-of-range SAML notBefore or notOnOrAfter elements||Information Card Relying Party Features||condition|
- Open the result page for the Solution being tested with this FeatureTest.
- If you don't already have it, import the test card from the file (sts-munge) into the Selector being tested.
- Open the relying party site
- Invoke the selector and select the "I5 STS Munge Tests" Card
- When prompted for the username, type "future" as the username (password doesn't matter)
- Note success/failure
- Return to the Relying Party
- Invoke the selector again and select the "I5 STS Munge Tests" Card
- When prompted for username, type "past" as the username
- Note Success/Failure
- Set outcome:
- If both tokens were rejected gracefully by the relying party, set outcome to "Works".
- If both tokens were accepted by the relying party, set outcome to "Failed".
- If other issues occurred set the result to "Issues" and describe them in the Notes section.
- Enter either four tilde ~~~~ signs or your name into the "testedby" parameter.
- Update the date tested, operating systems, and tested solutions parameters of the results page.