Supporting a conformance test whose spacification is as follows:
Operation: Manual
Conformance Test: FAPI2-SP-ID2
Conformance Suite: release-v5.22
Keycloak: 26.0.5
Test Profile:
This test ensures that all endpoints comply with the TLS version/cipher limitations and that the token endpoint returns an error if a valid request is sent without a holder of key mechanism (i.e. without DPoP / MTLS).
According to Section 5.2 of RFC 6749, Keycloak needs to return "invalid_request" or "invalid_grant" from Token Endpoint without DPOP proof
Supporting a conformance test whose spacification is as follows:
Operation: Manual
Conformance Test: FAPI2-SP-ID2
Conformance Suite: release-v5.22
Keycloak: 26.0.5
Test Profile:
tnorimat
commented
2 weeks ago
Describe the bug
Supporting a conformance test whose spacification is as follows: Operation: Manual Conformance Test: FAPI2-SP-ID2 Conformance Suite: release-v5.22 Keycloak: 26.0.5 Test Profile:
This test ensures that all endpoints comply with the TLS version/cipher limitations and that the token endpoint returns an error if a valid request is sent without a holder of key mechanism (i.e. without DPoP / MTLS).
According to Section 5.2 of RFC 6749, Keycloak needs to return "invalid_request" or "invalid_grant" from Token Endpoint without DPOP proof
Version
keycloak: 26.0.5, conformace-suite: release-v5.1.22
Expected behavior
invalid_request or invalid_grant
Actual behavior
invalid_dpop_proof
How to Reproduce?
Supporting a conformance test whose spacification is as follows: Operation: Manual Conformance Test: FAPI2-SP-ID2 Conformance Suite: release-v5.22 Keycloak: 26.0.5 Test Profile:
Anything else?
No response