Dynamic Client Registration - Onboarding with valid, but non OB or FR certificate should return error

Question

Dynamic Client Registration - Onboarding with valid, but non OB or FR certificate should return error

Closed this issue 3 years ago · 0 comments

ZD: 59775

When callign the /register endpoint doing a dynamic client registration it looks like it may be possible to provide any valid certificate. Other endpoints, such as the token endpoint appear to check that the provided cert is no only valid, but that it is signed by either the OB or FR cert issuer.

If a TPP attempts to onboard with an SSL certificate that is not either signed by the valid OB Test Directory Root Cert or the FR self signed obri-external-ca then an error should be raised.