Open travisspencer opened 4 years ago
They should definitely assert that the values are true
.
There are tests in there for this. Don't know why they don't work.
If you only support backchannel and/or frontchannel logout you don't need to support session management. So no there should not be a check for end_session_endpoint
och check_session_iframe
for that matter.
I have an OP that doesn't support back- or front-channel logout, yet
OP-BackChannel-Discovery
andOP-FrontChannel-Discovery
pass. Here's the salient parts of the metadata of the OP under test (as reported on theProviderConfigurationResponse
step of that tests):Do these test pass simply because those fields are in the JSON object? Shouldn't they also assert that the values are
true
?Also, there's no check for
end_session_endpoint
in the metadata. Shouldn't there be one?As a point of comparison, the test
OP-Session-Discovery
also fails on this OP with this error: