The service OrPhEUS or the OIDC ProvidEr featUre Support portal is a system to compare different OpenID Connect providers, check which functionality is supported by these, and investigate how certain OpenID Connect flows work.
Orpheus can be used to compare different OpenID Connect providers and check which functionality is supported by each of the providers. It can also be seen as a universal and extensible test suite for OpenID Connect providers. Orpheus does not only give information about a provider that is available from the provider's configuration endpoint, but with the help of the community orpheus is also capable of testing other features. So orpheus can answer questions such as:
So orpheus can also be used to find discrepancies between what a provider says it supports and what it actually supports.
The comparison view gives a list with many different features and if / how these features are supported by each provider. The list is extensible and we like to hear you ideas. Requests can be send to m-contact@lists.kit.edu. The comparison view has filters for searching for specific features and filtering the values for each provider. It is also possible to collapse categorized features. You can also define your own comparison view with only the features you need with the exact ordering and grouping you want.
These are features or properties that can be tested dynamically. Orpheus will test these features regularly for all providers. The time when properties were checked the last time for a provider is given at the bottom of the comparison table.
An example would be to check if the Registration Endpoint is advertised in the provider's openid configuration document.These are features that cannot be checked automatically by orpheus alone, but it requires the help of the community. This category contains all features / properties that are related to tokens or if a certain flow is currently working correctly. Because such checks require user interaction, these can only be done with the help of the community. The values for these features will be updated everytime a user performs a flow where that feature can be checked. For all of the providers each of these features has its one timestamp indicating when it was checked the last time for this provider. If you feel that this time was too long ago, just perform the relevant flow and the value will be updated.
An example would be to check if the Authorization Code Flow is correctly working or if the access token is a JWT.These are properties that neither can be checked fully-automatically nor semi-automatically with the help of the community, but only manually. These properties do not have a time associated when they were checked the last time. We try to keep this properties up to date. However, because these features require manual testing, it is always possible that a value might get outdated. If you notice that a value is outdated, please contact us at m-contact@lists.kit.edu.
An example would be the information whether there is a web interface for registering clients.Orpheus can also be used to investigate some OpenID Connect flows. This might be useful
The information about a performed flow can also be shared with others for a limited amount of time, so it can also be used to help with debugging OIDC related problems.