views:

131

answers:

2

Hello,

I'm currently working on an authentication system derived of OpenID.
I work in Ruby and I use the ruby-openid library.

Currently, for my tests, I use fakeweb to fake an openid consumer and server and check everything works well. But I don't like the way I do it. And I'm sure there'd be a much better way to do so.

So my question : does anyone has already written tests for an openid server? What have you used ?

+2  A: 

They're not yet available offline, but a great battery of tests for both providers and relying parties exist at http://test-id.org. The OpenID Foundation sponsored the development of many of these tests. They test interop and some security.

Andrew Arnott
Yeah. But I don't have a fully compliant OpenID server.And relying on a third party for my tests isn't something I'd be willing to do.I was more hoping for some kind of library that would fake a consumer and allow me to check my server replies correctly when asked.
Damien MATHIEU
Fair enough. I suspected you were looking for an offline set of tests. Nevertheless, you should consider running through these tests on your OP at least manually once so you have an idea of where you're at security-wise.
Andrew Arnott
+1  A: 

I'm not sure about a mock OpenID client library. But, one other place you could look for examples would be Hancock's OpenID specs.

BaroqueBobcat