OAuth diagnoserun
Edulas · Servermodus
OAuth/PKI-connectiviteit mislukt
Uitgevoerd op 17-04-2026 14:07 met basis-URL
https://tst-beheer.edulas.nl/oauth2/token.Uitgevoerd door: Dennis Bloemendaal
JWKS-endpoint: https://tst-beheer.edulas.nl/jwks.json
Vertrouwde rootcertificaten: Niet geconfigureerd
Simulatie-endpoints servermodus
Deel deze endpoints met de deelnemer zodat die verbinding kan maken met de OAuth-simulatie van het testlab.
- Basis-URL simulatie
http://testersuite.gerritbergsma.nl/oauth- OpenID-configuratie
http://testersuite.gerritbergsma.nl/oauth/.well-known/openid-configuration- Authorization-endpoint
http://testersuite.gerritbergsma.nl/oauth/authorize- Token-endpoint
http://testersuite.gerritbergsma.nl/oauth/token- JWKS-endpoint
http://testersuite.gerritbergsma.nl/oauth/.well-known/jwks.json
Bevindingen
23 items| Code | Beschrijving | Impact |
|---|---|---|
server.session.ready |
Standalone server-mode OAuth/PKI simulation is ready. Share the published authorization, token, and JWKS endpoints with the supplier and wait for the supplier to connect. | Informatief |
server.authorization.received |
No authorization request was captured. The shared OAuth token endpoint was used directly. | Informatief |
server.client_certificate.missing |
The supplier did not present a client certificate on the inbound server-mode request. This is recorded for diagnostics, but the primary client authentication is validated through private_key_jwt and JWKS. | Informatief |
global.opentime |
Global - Opentime: The token endpoint responded within the standalone server-mode request lifetime. | Informatief |
request.formdata |
Request - FormData: The request contained form data. | Informatief |
request.grant.type |
Request - Grant type: Received grant_type 'client_credentials'. | Informatief |
request.scope |
Request - Scope: Received scope ''. | Informatief |
request.client.id |
Request - Client ID: Received client_id '9c13aeef-b6cd-4442-99e1-c34ef5512fcf'. | Informatief |
request.client.assertion.type |
Request - Client assertion type: The token request did not include client_assertion_type. | Blokkerend |
request.client.assertion |
Request - Client assertion: Received client_assertion. | Informatief |
validation.grant.type |
Validation - Grant type: The token request used the expected client_credentials grant type. | Informatief |
validation.scope |
Validation - Scope: Expected scope 'openid profile' but received ''. | Blokkerend |
validation.client.id |
Validation - Client ID: The token request used the configured expected OAuth client ID. | Informatief |
validation.client.assertion.type |
Validation - Client assertion type: Expected client_assertion_type 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer' but received '<missing>'. | Blokkerend |
validation.client.assertion |
Validation - Client assertion: The token request carried a JWT client_assertion. | Informatief |
validation.keystore |
Validation - keystore: The testlab server keystore certificate is loaded and has a private key. | Informatief |
validation.jwks |
Validation - jwks: Loaded supplier JWKS from 'https://tst-beheer.edulas.nl/jwks.json'. | Informatief |
validation.client.assertion.claims |
Validation - client assertion claims: The client_assertion claims were not accepted because JWT validation failed. | Blokkerend |
validation.certificate.kvk |
Validation - certificate kvk: The supplier certificate chain could not be validated because the client_assertion failed JWT validation. | Blokkerend |
validation.message.signing |
Validation - message signing: The client_assertion failed JWT validation: IDX10214: Audience validation failed. See https://aka.ms/identitymodel/app-context-switches | Blokkerend |
validation.certificate.valid |
Validation - certificate valid: The supplier did not present a client certificate to the token endpoint; private_key_jwt validation is used as the primary client authentication path. | Informatief |
validation.certificate.kvk |
Validation - certificate kvk: The supplier certificate chain could not be validated because the client_assertion failed JWT validation. | Blokkerend |
validation.message.signing |
Validation - message signing: The client_assertion failed JWT validation: IDX10214: Audience validation failed. See https://aka.ms/identitymodel/app-context-switches | Blokkerend |