JARM FAPI Test Failed: fapi1-advanced-final-ensure-request-object-signature-algorithm-is-not-none #310
Labels
comp-jans-auth-server
Component affected by issue or PR
effort-2
Relative effort required for completion of issue or PR
kind-enhancement
Issue or PR is an enhancement to an existing functionality
priority-4
Minor issue or PR is not relevant to core functions, or relates to the usability of system
triaged
Issue or PR is fully triaged
fapi1-advanced-final-ensure-request-object-signature-algorithm-is-not-none: https://www.certification.openid.net/log-detail.html?log=CTASTrHrHeRsAvk&public=true
Expected Result:
This test should end with the authorization server showing an error message that the request object is invalid (a screenshot of which should be uploaded) or with the user being redirected back to the conformance suite with a correct error response.
Actual Result:
This test also fails with ExtractJARMFromURLQuery: Couldn't find response in callback_query_params. When I see the logs it says nbf is null as:
jans-auth.log for the reference :
jans-auth.log
Debugging Hints
There has to be something wrong here during computing jwe (jweDecrypter.decrypt(encodedJwt)) in these lines https://github.com/JanssenProject/jans-auth-server/blob/master/server/src/main/java/io/jans/as/server/model/authorize/JwtAuthorizationRequest.java#L141-L160
nbf and other fields are NULL in loadPayload method of JwtAuthorizationRequest. (please see the debugging screenshot debug point was on line https://github.com/JanssenProject/jans-auth-server/blob/master/server/src/main/java/io/jans/as/server/model/authorize/JwtAuthorizationRequest.java#L307),
whereas nbf is not null in request jwt (please see screenshot of request from jwt.io)
https://github.com/JanssenProject/jans-auth-server/blob/master/server/src/main/java/io/jans/as/server/model/authorize/JwtAuthorizationRequest.java#L215-L307
The text was updated successfully, but these errors were encountered: