PingGateway

Validating FAPI with PingGateway

Validate your FAPI deployment using the two API clients you registered and the FAPI conformance test suite.

The FAPI conformance tests use DNS to access PingGateway URLs.

Make sure the PingGateway deployment is accessible over the internet.

Before you begin

Before you begin, make sure you have:

Review the test documentation

The OpenID foundation provides conformance tests accessible online through a Google or GitLab account.

This tutorial focuses on FAPI 1.0 Part 2 Advanced Final tests.

Prepare the test plan

  1. Go to the OpenID certification site.

  2. Sign on with your Google or GitLab account.

  3. Create a test plan.

    1. Add the high-level settings:

      Setting Use

      Test Plan

      FAPI1-Advanced-Final: Authorization server test

      Client Authentication Type

      private_key_jwt

      Request Object Method

      by_value

      FAPI Profile

      plain_fapi

      FAPI Response Mode

      plain_response

    2. Configure the specific settings for your deployment using the hints provided in the test plan page.

      Use the following additional hints to complete the configuration:

      Setting Use

      alias

      The alias you chose to customize the client software_redirect_uris.

      discoveryUrl

      The OpenID Provider well-known endpoint accessed through PingGateway, https://<gateway-host:port>/am/oauth2/realms/root/realms/alpha/.well-known/openid-configuration.

      Client settings

      The fields in the DCR responses and the PEM-format certificates and private keys you saved.

      resourceUrl

      The OpenID Provider well-known endpoint accessed through PingGateway, https://<gateway-host:port>/rs/fapi/api.

  4. Click Create Test Plan to access the tests.

Run the tests

Run each test in the plan and correct any issues that arise.

You have successfully demonstrated FAPI compliance using PingGateway.