search

openid-certification / oidctest

THE CERTIFICATION TEST SUITE HAS BEEN MIGRATED TO A NEW SERVICE https://www.certificatinon.openid.net
Other
49 stars 15 forks source link

No iss parameter in rp-3rd_party-init-login test #219

Open jborgland opened 4 years ago

jborgland commented 4 years ago

I've tried to execute the rp-3rd_party-init-login test and after hitting the URL that is supposed to initiate the test (in my case https://rp.certification.openid.net:8080/rp/jbd/rp-3rd_party-init-login/kXuRePwN8axr) the browser does get redirected to the login initiation endpoint of my server, but without the iss parameter (which according to the specification is required).

The certification log only shows:

1583142933 init ========== Test tool version:1.2.3 ========== 1583142933 http request { "endpoint": "/jbd/rp-3rd_party-init-login/kXuRePwN8axr", "method": "GET" }

zandbelt commented 4 years ago

you are correct and I'm not sure how this came about but I think you can get around it by adding the "iss" parameter and value to the "initiate_login_uri" that you register for your client; can you confirm?

jborgland commented 4 years ago

I can confirm that. But in that case the test doesn't at all utilize the ability it has to verify that the RP behaves as expected (by checking that it actually gets a request back, and with the right login_hint, if it provides one, etc).

zandbelt commented 4 years ago

I agree and we will aim to improve that in a future release.