OC5:XR-Apache mod oidc-x-OpenAM

From OSIS Open Source Identity Systems
Jump to: navigation, search

{{#vardefine:DtArticleSortKey|}}

XR-Apache mod auth openidc-x-OpenAM

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|XR-Apache mod oidc-x-OpenAM}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:XR-Apache mod auth openidc-x-OpenAM|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=XResult,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=XResult,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
{{#if:|Cross Solution Result |Cross Solution Result }}   XR-Apache mod auth openidc-x-OpenAM
Identifier   bgcolor={{{color}}}}}|XR-Apache mod auth openidc-x-OpenAM
Date Tested   bgcolor={{{color}}}}}|2 September 2014
Outcome (Must be one of:)
* Works
* Issues
* Failed
* N/A
* Not Tested
 
bgcolor={{{color}}}}}|Issues
Tested By   bgcolor={{{color}}}}}|Zandbelt 13:00, 2 September 2014 (UTC)
Solutions Involved   bgcolor={{{color}}}}}|{{#if: Apache mod auth openidc | OC5:Apache mod auth openidc |   }}
  bgcolor={{{color}}}}}|{{#if: OpenAM | OC5:OpenAM |   }}
Other Solutions Involved   bgcolor={{{color}}}}}|
Operating System   bgcolor={{{color}}}}}|
Browser   bgcolor={{{color}}}}}|
Notes   bgcolor={{{color}}}}}|1. server certificate is a StartCom certificate that is not trusted by default JVM or openssl; also the server does not return the certificate chain but only the server cert

2. client registration needs to be done with previously obtained access_token

3. the OP advertises support for "token id_token", "code token id_token" and "code token" flows, but returns "unsupported_response_type" when used by the client

4. when "code id_token" flow is used (which does not fail like at 3.), no "c_hash" is returned as part of the id_token

5. RP initiated logout with an id_token_hint parameter according to Session Management draft 21 fails with:

 {"error":"bad_request","error_description":"The endSession endpoint requires an id_token parameter"}

Click here for help populating this chart.

Back To

{{#dpl: namespace = OC5 | linksto = OC5:XR-Apache mod oidc-x-OpenAM }}