Validating FAPI with PingGateway
Validate your FAPI deployment using the two API clients you registered and the FAPI conformance test suite.
The FAPI conformance tests use DNS to access PingGateway URLs. Make sure the PingGateway deployment is accessible over the internet. |
Before you begin
Before you begin, make sure you have:
-
Configured CORS settings in the PingOne Advanced Identity Cloud tenant
-
Configured access management settings in the PingOne Advanced Identity Cloud tenant
-
Configured identity management settings in the PingOne Advanced Identity Cloud tenant
-
Completed DCR for two API clients using the test trusted directory
-
Saved the DCR responses for both API clients
-
Saved the PEM-format certificates and private keys for both API clients
-
Saved the PEM-format CA certificate for the test trusted directory
Review the test documentation
The OpenID foundation provides conformance tests accessible online through a Google or GitLab account.
Read the instructions for the conformance tests.
This tutorial focuses on FAPI 1.0 Part 2 Advanced Final tests.
Prepare the test plan
-
Sign on with your Google or GitLab account.
-
Create a test plan.
-
Add the high-level settings:
Setting Use Test Plan
FAPI1-Advanced-Final: Authorization server test
Client Authentication Type
private_key_jwt
Request Object Method
by_value
FAPI Profile
plain_fapi
FAPI Response Mode
plain_response
-
Configure the specific settings for your deployment using the hints provided in the test plan page.
Use the following additional hints to complete the configuration:
Setting Use alias
The alias you chose to customize the client
software_redirect_uris
.discoveryUrl
The OpenID Provider well-known endpoint accessed through PingGateway,
https://<gateway-host:port>/am/oauth2/realms/root/realms/alpha/.well-known/openid-configuration
.Client settings
The fields in the DCR responses and the PEM-format certificates and private keys you saved.
resourceUrl
The OpenID Provider well-known endpoint accessed through PingGateway,
https://<gateway-host:port>/rs/fapi/api
.
-
-
Click Create Test Plan to access the tests.