Running OIDC Conformance Suite Locally with WSO2 Identity Server

3 min readNov 8, 2020

OpenID connect provides an authentication layer on top of OAuth 2.0 authorization framework which gives the ability for clients to verify the end-user’s identity based on the authentication provided by an authorization server. OpenID foundation developed the OIDC conformance suite which can be used to test OpenID providers(OP) and relying parties(RP) for compliance against OIDC specifications. This blog will guide you through the process of configuring OIDC conformance suite to run locally with wso2 identity server on a Linux host machine.

Prerequisites

Java 11
Git
Maven
Docker

1. Clone the conformance suite repository

Clone the conformance suite repository to your local machine and CD into that directory

git clone https://gitlab.com/openid/conformance-suite.git
cd conformance-suite

2. Build the java code

Run the following code to compile and package the conformance suite

mvn clean package

3. Configure docker to resolve internal host name of wso2 identity server

Find out the IP address of your host machine with ifconfig
Add the following lines to docker-compose-dev.yml file

version: '3'
services:
  mongodb:
    image: mongo:4.2
    volumes:
     - ./mongo/data:/data/db
    extra_hosts:
     - "localhost.com:<HOST_MACHINE_IP>"httpd:
    build:
      context: ./httpd
      dockerfile: Dockerfile-static
    ports:
     - "8443:8443"
    extra_hosts:
     - "localhost.com:<HOST_MACHINE_IP>"volumes:
     - ./src/main/resources/:/usr/local/apache2/htdocs/
    depends_on:
     - server
  server:
    build:
      context: ./server-dev
    ports:
     - "9999:9999"
    extra_hosts:
     - "localhost.com:<HOST_MACHINE_IP>"    volumes:
     - ./target/:/server/
    command: >
      java
      -Xdebug -Xrunjdwp:transport=dt_socket,address=*:9999,server=y,suspend=n
      -jar /server/fapi-test-suite.jar
      --fintechlabs.base_url=https://localhost.emobix.co.uk:8443
      --fintechlabs.devmode=true
      --fintechlabs.startredir=true
    links:
     - mongodb:mongodb
    depends_on:
     - mongodb
    logging:
      # limit logs retained on host
      driver: "json-file"
      options:
        max-size: "500k"
        max-file: "5"

4. Start docker container

Start the conformance suite in development mode by running the following command

docker-compose -f docker-compose-dev.yml up

conformance suite will run on https://localhost:8443

5. Start wso2 identity server

Cd into <IS_HOME>/bin folder and start wso2 identity server using the following command

sh wso2server.sh

6. Configure the conformance suite

Open https://localhost:8443 using a web browser to access the local instance of the conformance suite
Click on create new test plan

Select the basic certification profile as the test plan

Configure server endpoints as following

Then click create test plan and you will be given a redirect URL
Use that redirect URL to register conformance suite as a service provider in the identity server

7. Create service providers in the wso2 identity server

Navigate to the identity server admin dashboard and click add under service providers
Provide a name and register a service provider
Under Inbound Authentication Configuration -> OAuth/OpenID Configuration click configure
Add the callback URL given by the conformance suite to finish registering the service provider
Then you will get the client id and secret

8. Add client ID and secret in the conformance suite

Add the client id and the secret you got in the previous step to the test plan you created
Basic certification test plan requires you to create two clients in the identity server