PrOfESSOS Client Verifier

About PrOfESSOS

PrOfESSOS (Practical Offensive Evaluation of Single Sign-On Services) is an open source tool for fully automated Evaluation-as-a-Service of OpenID Connect clients. The tool has been developed for the research paper SoK: Single Sign-On Security – An Evaluation of OpenID Connect, EuroS&P 2017.

The source code of PrOfESSOS can be found at GitHub.
https://github.com/RUB-NDS/PrOfESSOS

Prerequisite to use PrOfESSOS

As a safeguard to prevent illegitimate usage of the PrOfESSOS service, the RP operator must install a file named .professos at the root directory of the webserver (see Login-Site URL below) containing the base URL of the PrOfESSOS service (<PrOfESSOS-URI>). See http://www.honestsp.de:8080/.professos for an example of such a file.

How to use the Demo Site?

  1. Click on the Load Demo Config button.
  2. Cick on the button Learn
  3. Cick on the button Run all Tests to complete Stage 3.

Legend

NOT_RUN
Test not run
PASS
Test passed
FAIL
Test failed (Attack succeeded)
UNDETERMINED
Test outcome undetermined

Stage 1: Setup - Client Parameters

OP Parameters

Test ID: not-loaded
Honest OP Identity: not-loaded
Evil OP Identity: not-loaded

Client Parameters

Stage 2: Configuration Evaluation

Learning Log NOT_RUN

Stage 3: Tests and Attacks