This guide summarizes how to run the OpenID Foundation conformance tests against this module, both locally and using the hosted service.
- Run conformance tests locally
- Run hosted tests
This approach is best when you want to test changes without deploying.
Clone, build, and run the conformance test suite:
git clone https://gitlab.com/openid/conformance-suite.git
cd conformance-suite
git checkout release-v5.1.39
MAVEN_CACHE=./m2 docker-compose -f builder-compose.yml run builder
docker-compose upThis starts the Java conformance app and a MongoDB server. Then:
- Visit https://localhost:8443/
- Create a new plan: "OpenID Connect Core: Basic Certification Profile Authorization server test"
- Click the JSON tab and paste
conformance-tests/conformance-basic-local.jsonfrom this repo.
Next, run your SSP OIDC image.
Run SSP with OIDC on the same Docker network as the conformance tests so containers can communicate. See the "Docker Compose" section in the README for details.
The tests are interactive and will ask you to authenticate. Some tests
require clearing cookies to confirm a scenario; others require existing
session cookies. You may be redirected to
https://localhost.emobix.co.uk:8443/ (the Java app). Accept SSL
warnings as needed.
Once manual tests pass, you can automate the browser portion.
From the simplesamlphp-module-oidc directory:
# Adjust to your conformance-suite installation path
OIDC_MODULE_FOLDER=.
# Basic profile
conformance-suite/scripts/run-test-plan.py \
--expected-failures-file ${OIDC_MODULE_FOLDER}/conformance-tests/basic-warnings.json \
--expected-skips-file ${OIDC_MODULE_FOLDER}/conformance-tests/basic-skips.json \
"oidcc-basic-certification-test-plan[server_metadata=discovery][client_registration=static_client]" \
${OIDC_MODULE_FOLDER}/conformance-tests/conformance-basic-ci.json
# Implicit profile
conformance-suite/scripts/run-test-plan.py \
--expected-failures-file ${OIDC_MODULE_FOLDER}/conformance-tests/implicit-warnings.json \
--expected-skips-file ${OIDC_MODULE_FOLDER}/conformance-tests/implicit-skips.json \
"oidcc-implicit-certification-test-plan[server_metadata=discovery][client_registration=static_client]" \
${OIDC_MODULE_FOLDER}/conformance-tests/conformance-implicit-ci.json
# RP initiated back-channel logout
conformance-suite/scripts/run-test-plan.py \
"oidcc-backchannel-rp-initiated-logout-certification-test-plan[response_type=code][client_registration=static_client]" \
${OIDC_MODULE_FOLDER}/conformance-tests/conformance-back-channel-logout-ci.json
# RP initiated logout
conformance-suite/scripts/run-test-plan.py \
"oidcc-rp-initiated-logout-certification-test-plan[response_type=code][client_registration=static_client]" \
${OIDC_MODULE_FOLDER}/conformance-tests/conformance-rp-initiated-logout-ci.jsonPrerequisites: run the docker deploy image for conformance tests (see README) and the conformance test image first.
The OpenID Foundation hosts the conformance testing software. Your OIDC OP must be publicly accessible on the internet.
Use the docker image described in the README. It contains a SQLite DB pre-populated with data for the tests. Build and run the image.
Visit https://openid.net/certification/instructions/.
Use the json configs under conformance-tests to configure your cloud
instances. Update discoveryUrl to the deployed location. Adjust alias
if it conflicts with existing test suites (it is used in redirect URIs).