Recent logs Source: [Page] [Test] [DotNetOpenAuth]

OSIS I5 OpenID Interop testing

Warning: all operations on this page are logged for public viewing. Do not share personally identifiable information.

RP verifies return_to URL

Instructions

  1. Log into the RP to be tested using this identifier: http://test-id.net/RP/VerifyReturnTo.aspx
  2. Upon being redirected to this page for authentication, select a kind of return_to tampering technique to apply.
  3. Record whether the RP rejects the authentication.
  4. Restart from step 1, until all return_to tampering techniques have been tested. Do not simply click the Back button to select another tampering technique. You must reinitiate the authentication from the RP to guarantee the RP fails for return_to verification reasons rather than request_nonce invalidation.

Passing criteria

The RP passes if every way to tamper with the return_to URL generates a failed authentication at the RP.