Page History
...
Det er den samme service, der skal anvendes til begge typer af billetter, men indholdet af requesten vil være forskellige. I afsnittet nedenfor med eksempler på requests vil der gives eksempler på begge typer af requests. For Bruger Idkort vil der yderligere være eksempler på udstedelse til brugere med og uden sundhedsfaglig autorisation.
Snitfladebeskrivelser
Afhængig af miljø udstilles tjenesten på:
...
http://<sts-host>:<port>/sts/services/NewSecurityTokenService
Det Idkort der genereres af anvendersystemet og indgår i requestet til STS kan indeholde en mængde attributter, som vil være at opfatte som claims (påstande) om den pågældende bruger. Følgende attributter er interessante i forhold til validering af STS:
- medcom:UserCivilRegistrationNumber: Brugerens CPR nummer. Dette kan valideres af STS vha OCES service til validering af RID-CPR (RID står i certifikatet)
- medcom:UserRole: Kan indeholde enten en uddannelseskode (for sundhedsfaglige) eller en national (SEB) rolle eller lokal rolle for brugere uden sundhedsfaglig autorisation. Uddannelseskode for sundhedsfaglige kan valideres i autorisationsregisteret udfra CPR nummer (se ovenfor). Nationale roller kan valideres i Stamdata (roller) og lokale roller kopieres blot uden validering.
- medcom:UserAuthorizationCode: Kun relevant for sundhedsfaglige brugere. Valideres af STS ved hjælp af autorisationsregisteret.
Snitfladebeskrivelser
Afhængig af miljø udstilles tjenesten på:
|
Der findes endvidere en ældre udgave placeret under /sts/services/SecurityTokenService, men ovennævnte endpoint anbefales til alle nye anvendelser.
Eksempler på requests
I det følgende gives eksempler på følgende typer af requests:
- Udstedelse af System Idkort
- Udstedelse af Bruger Idkort (med sundhedsfaglig autorisation)
- Udstedelse af Bruger Idkort (uden sundhedsfaglig autorisation men med national rolle)
Udstedelse af System Idkort
Udstedelse af System Idkort sker på baggrund af
Der findes endvidere en ældre udgave placeret under /sts/services/SecurityTokenService, men ovennævnte endpoint anbefales til alle nye anvendelser.
Eksempler på requests
I det følgende gives eksempler på følgende typer af requests:
- Udstedelse af System Idkort
- Udstedelse af Bruger Idkort (med sundhedsfaglig autorisation)
- Udstedelse af Bruger Idkort (uden sundhedsfaglig autorisation men med national rolle)
Udstedelse af System Idkort
Udstedelse af System Idkort sker på baggrund af et VOCES/FOCES certifikat. Et System Idkort identificerer som navnet antyder et anvendersystem, der ønsker at kalde services på NSP. Det kunne f.eks. være et anvendersystem, der i batch overfører data til MinLog fra en patientjournal.
Udstedelse af Bruger Idkort (med sundhedsfaglig autorisation)
For at få udstedt et Bruger Idkort med oplysninger om brugerens sundhedsfaglige autorisation, så må anvender systemet opbygge et request, der indeholder de claims (påstande) vedrørende autorsationsoplysninger (og cprnummer) for den pågældende bruger. I dette eksempel anvendes et MOCES certifikat, der tilhører en person, der er i besiddelse af en lægefaglig autorisation.
der i batch overfører data til MinLog fra en patientjournal.
Udstedelse af Bruger Idkort (med sundhedsfaglig autorisation)
For at få udstedt et Bruger Idkort med oplysninger om brugerens sundhedsfaglige autorisation, så må anvender systemet opbygge et request, der indeholder de claims (påstande) vedrørende autorsationsoplysninger (og cprnummer) for den pågældende bruger. I dette eksempel anvendes et MOCES certifikat, der tilhører en person, der er i besiddelse af en lægefaglig autorisation.
Det i eksemplet anvendte MOCES certifikat ser således ud (bemærk, at certifikatet indeholder RID og CVR nummer, men ikke oplysninger om hverken CPR nummer eller autorisationsid):
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1495058808 (0x591cc978)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DK, O=TRUST2408, CN=TRUST2408 Systemtest XXII CA
Validity
Not Before: Aug 30 12:38:36 2018 GMT
Not After : Aug 30 12:37:22 2021 GMT
Subject: C=DK, O=LAKESIDE A/S // CVR:25450442, CN=Casper Rasmussen/serialNumber=CVR:25450442-RID:40252666
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8f:1b:7d:37:d7:72:4b:5a:cc:e8:d6:b0:fa:12:
d2:9f:bd:fd:c9:be:b1:02:bb:fc:67:a7:c9:97:4c:
a9:25:0d:5c:69:a7:fc:2e:9d:13:3f:04:42:61:87:
18:13:8f:8b:d5:23:0e:99:3c:02:be:5d:4a:fd:10:
ab:aa:3a:80:96:74:65:8d:1f:9a:78:15:80:2d:48:
28:89:f5:80:71:3e:38:2d:47:6e:19:a9:b8:fd:2b:
ff:f7:d9:a1:cb:2a:8f:a9:99:55:bf:27:70:55:4f:
21:99:17:eb:08:bd:3d:d3:93:4e:1a:37:86:32:74:
a0:03:20:11:ec:a8:99:1c:38:c4:9c:30:8b:c7:73:
bc:1a:91:9e:38:4f:83:51:4a:ca:f1:10:b3:3c:75:
aa:8b:88:e2:89:d4:41:48:fb:e2:75:78:82:9e:94:
93:62:5e:a9:47:c4:6d:4f:44:df:5b:78:b5:1d:51:
8b:1b:31:d5:24:dd:ae:41:65:e9:3e:88:e3:97:97:
df:ee:ba:06:1c:6b:dc:59:7c:91:fa:ce:f1:17:54:
75:10:e2:fc:77:a7:a4:a2:9f:f8:d0:b0:0c:ad:44:
61:0a:2f:c4:30:57:64:03:a3:9f:34:fe:8b:e0:4c:
f0:21:b2:ee:2f:27:c7:4b:41:ef:09:98:fa:9b:dd:
a9:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement
Authority Information Access:
OCSP - URI:http://ocsp.systemtest22.trust2408.com/responder
CA Issuers - URI:http://m.aia.systemtest22.trust2408.com/systemtest22-ca.cer
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.31313.2.4.6.2.5
CPS: http://www.trust2408.com/repository
User Notice:
Organization: DanID
Number: 1
Explicit Text: DanID test certifikater fra denne CA udstedes under OID 1.3.6.1.4.1.31313.2.4.6.2.5. DanID test certificates from this CA are issued under OID 1.3.6.1.4.1.31313.2.4.6.2.5.
X509v3 Subject Alternative Name:
email:anni@lakeside.dk
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.systemtest22.trust2408.com/systemtest221.crl
Full Name:
DirName: C = DK, O = TRUST2408, CN = TRUST2408 Systemtest XXII CA, CN = CRL76
X509v3 Authority Key Identifier:
keyid:AB:A8:01:44:19:B0:B3:43:99:DA:FA:7C:CC:D2:00:18:03:E7:3C:BF
X509v3 Subject Key Identifier:
EB:4F:3B:90:5C:91:87:11:FB:3F:2D:A2:A7:01:69:97:B6:5D:7C:EE
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
73:75:90:8f:c8:ab:4e:67:e3:58:e5:74:57:6e:fb:40:c9:93:
0e:c7:7b:a2:e2:e9:9b:ab:b2:2c:76:bd:38:85:01:5f:e9:4d:
a0:8c:aa:f4:a0:42:71:26:71:2a:dc:88:15:a4:b4:4e:bd:1d:
18:f5:e6:1a:fe:09:05:13:92:6b:1f:13:9d:8a:ba:8d:33:a4:
58:22:b6:a6:57:70:6e:de:4b:23:62:65:ce:06:c3:0a:4b:5b:
9a:64:fb:18:a1:0f:94:57:98:90:b5:d5:2a:5d:b3:0f:bc:b8:
84:a0:81:c9:d4:39:d0:39:06:a6:48:35:b4:57:17:05:1a:4c:
02:ff:b8:9e:c0:83:be:98:88:25:c7:cc:12:36:ed:11:55:2a:
0e:35:cc:66:bf:fc:8f:9c:8f:86:57:ee:9c:57:38:90:38:35:
15:4e:dd:c9:e9:53:45:ba:4b:6e:88:26:12:5b:5f:5b:1d:7c:
58:fe:ef:65:51:24:85:e1:eb:de:f5:ff:91:5d:eb:e0:ec:3a:
46:db:73:82:a5:84:b0:e8:e7:69:93:ae:61:02:04:19:33:56:
28:f6:b5:20:d2:3f:52:a8:8a:a6:62:cd:8f:c5:b6:35:02:81:
16:fb:c4:df:d5:2f:5c:5f:38:e9:8d:67:57:7d:eb:19:0f:7f:
3e:a5:6a:8b |
Selve requestet til STS ser således ud (bemærk især claims om brugeren 'medcom:UserCivilRegistrationNumber' og 'medcom:UserAuthorizationCode', der angiver autorisationskoden samt 'medcom:UserRole', der angiver den tilhørende uddannelseskode):
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Envelope">
<soapenv:Header>
<wsse:Security id="AAABdiJ5Tp5qHUF3ucrocFNPU0k=">
<wsu:Timestamp>
<wsu:Created>2020-12-02T08:02:24Z</wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<wst:RequestSecurityToken Context="www.sosi.dk">
<wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion:</wst:TokenType>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wst:Claims>
<saml:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2020-12-02T07:57:24Z" Version="2.0" id="IDCard">
<saml:Issuer>TheSOSILibrary</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:cprnumber">0804569723</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-02T07:57:24Z" NotOnOrAfter="2020-12-03T07:57:24Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>bkRCjUrGv397gdbh9FvqDg==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:OCESCertHash">
<saml:AttributeValue>RIQsET5XYrNoH/CVyZdYqa7GvYQ=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>0804569723</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Casper</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Rasmussen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserEmailAddress">
<saml:AttributeValue>casper56@hotdocs.dk</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>Læge</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>CBNH1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserOccupation">
<saml:AttributeValue>Læge</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>25450442</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>LAKESIDE A/S</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>crGwfhPSXjudjc9vCMFFfpy24W0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Fm9MAXQFMfMlWZT3UXPLwMVRL9sBt9IPo1STf8Cvyvva1xahuPR7fIarFjOui5y2JI+COYwx5saUhWKzvFyTuKQcVWsWJ9iS1mxxHmWF6KtSVLEpisTh7+MyLe/Ko98PD0nDc7/Vx4jnv+NIMdOeBnyIBI5TjTw8wfG2OKjtagdR/dwcfJad33Iy5DZP+v1+lKOmpS3vgcMlYJy/HSlSNejwdJGx5vr5LZav7/44QDll6ulewIKFe5hJGGh7c9EDv0VBxNXGp/vIYqOAV/bnsspThhtsuuS+b7rxlwvWF/j63OlNss5O3UBkFH2sh1WSX4ilMSFNuThXx5oA51zxTw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGIjCCBQqgAwIBAgIEWRzJeDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE4MDgzMDEyMzgzNloXDTIxMDgzMDEyMzcyMlowcTELMAkGA1UEBhMCREsxJTAjBgNVBAoMHExBS0VTSURFIEEvUyAvLyBDVlI6MjU0NTA0NDIxOzAXBgNVBAMMEENhc3BlciBSYXNtdXNzZW4wIAYDVQQFExlDVlI6MjU0NTA0NDItUklEOjQwMjUyNjY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxt9N9dyS1rM6Naw+hLSn739yb6xArv8Z6fJl0ypJQ1caaf8Lp0TPwRCYYcYE4+L1SMOmTwCvl1K/RCrqjqAlnRljR+aeBWALUgoifWAcT44LUduGam4/Sv/99mhyyqPqZlVvydwVU8hmRfrCL0905NOGjeGMnSgAyAR7KiZHDjEnDCLx3O8GpGeOE+DUUrK8RCzPHWqi4jiidRBSPvidXiCnpSTYl6pR8RtT0TfW3i1HVGLGzHVJN2uQWXpPojjl5ff7roGHGvcWXyR+s7xF1R1EOL8d6ekop/40LAMrURhCi/EMFdkA6OfNP6L4EzwIbLuLyfHS0HvCZj6m92pFwIDAQABo4IC6TCCAuUwDgYDVR0PAQH/BAQDAgP4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vbS5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYCBTCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjIuNS4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjIuNS4wGwYDVR0RBBQwEoEQYW5uaUBsYWtlc2lkZS5kazCBrAYDVR0fBIGkMIGhMD2gO6A5hjdodHRwOi8vY3JsLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QyMjEuY3JsMGCgXqBcpFowWDELMAkGA1UEBhMCREsxEjAQBgNVBAoMCVRSVVNUMjQwODElMCMGA1UEAwwcVFJVU1QyNDA4IFN5c3RlbXRlc3QgWFhJSSBDQTEOMAwGA1UEAwwFQ1JMNzYwHwYDVR0jBBgwFoAUq6gBRBmws0OZ2vp8zNIAGAPnPL8wHQYDVR0OBBYEFOtPO5BckYcR+z8toqcBaZe2XXzuMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAHN1kI/Iq05n41jldFdu+0DJkw7He6Li6Zursix2vTiFAV/pTaCMqvSgQnEmcSrciBWktE69HRj15hr+CQUTkmsfE52Kuo0zpFgitqZXcG7eSyNiZc4GwwpLW5pk+xihD5RXmJC11Spdsw+8uISggcnUOdA5BqZINbRXFwUaTAL/uJ7Ag76YiCXHzBI27RFVKg41zGa//I+cj4ZX7pxXOJA4NRVO3cnpU0W6S26IJhJbX1sdfFj+72VRJIXh6971/5Fd6+DsOkbbc4KlhLDo52mTrmECBBkzVij2tSDSP1KoiqZizY/FtjUCgRb7xN/VL1xfOOmNZ1d96xkPfz6laos=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:Claims>
<wst:Issuer>
<wsa:Address>TheSOSILibrary</wsa:Address>
</wst:Issuer>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
En succesfuld validering af requestet i STS resulterer i et succesfuldt response (bemærk, at det udstedte Bruger Idkort er signeret af 'SOSI Test Federation (funktionscertifikat)' og indeholder de nu af STS validerede claims fra requestet):
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" id="Envelope">
<soapenv:Header>
<wsse:Security id="AAABdiJ5Tp5qHUF3ucrocFNPU0k=">
<wsu:Timestamp>
<wsu:Created>2020-12-02T08:02:30Z</wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<wst:RequestSecurityTokenResponse Context="www.sosi.dk">
<wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion:</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion IssueInstant="2020-12-02T07:57:30Z" Version="2.0" id="IDCard">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">SubjectDN={CN=Casper Rasmussen + SERIALNUMBER=CVR:25450442-RID:40252666, O=LAKESIDE A/S // CVR:25450442, C=DK},IssuerDN={CN=TRUST2408 Systemtest XXII CA, O=TRUST2408, C=DK},CertSerial={1495058808}</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-02T07:57:30Z" NotOnOrAfter="2020-12-03T07:57:30Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>uqU7WoiYXI0usmYQ5GvBsA==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:OCESCertHash">
<saml:AttributeValue>RIQsET5XYrNoH/CVyZdYqa7GvYQ=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>0804569723</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Casper</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Rasmussen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserEmailAddress">
<saml:AttributeValue>casper56@hotdocs.dk</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>CBNH1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserOccupation">
<saml:AttributeValue>Læge</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>25450442</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>LAKESIDE A/S</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>7rGpBft4x09fFey3Ny/ygbSmRI4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>e14AkKe/qygk07YrDjzdEzOs7TN0mVPjN4yioh8trDsKhSmx9hO8Sg/zzpRewA4FweLVh+muBSwNR//By6XoLA4nUC7aBqHQ14maBCojwzYH5dmgua2VMAYBECk/fi/3WrMo1qd6EGCHjUOnFnaiyRLQgSc99vF6dHGmW/AeyVdAv7miJcTWNnu4MbtrcBNNnJeClBHJlpAu1708+wjoDSkDcB7BvUYkWqKNuXNdxecYbR6TBjo4S4FrT0Yt7qsXpLRIBxXLBia5BbA/XXzYLcDYPxP7USbSJ47jq18M65llXG56dhxihJzt4WVLFXfBit9oPkhnfF2QfSjZzy6l3g==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wst:Status>
<wst:Code>http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid</wst:Code>
</wst:Status>
<wst:Issuer>
<wsa:Address>TEST1-NSP-STS</wsa:Address>
</wst:Issuer>
</wst:RequestSecurityTokenResponse>
</soapenv:Body>
</soapenv:Envelope>
|
Udstedelse af Bruger Idkort (uden sundhedsfaglig autorisation, men med national rolle)
I dette eksempel anvendes et MOCES certifikat for en bruger uden sundhedsfaglig autorisation.Det i eksemplet anvendte MOCES certifikat ser således ud (bemærk, at certifikatet indeholder RID og CVR nummer, men ikke oplysninger om hverken CPR nummer eller autorisationsid):
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14950588081537912428 (0x591cc9780x5baaae6c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DK, O=TRUST2408, CN=TRUST2408 Systemtest XXII CA
Validity
Not Before: AugDec 3019 1209:3817:3640 2018 GMT
Not After : AugDec 3019 1209:3717:2205 2021 GMT
Subject: C=DK, O=LAKESIDE A/S // CVR:25450442, CN=CasperPeter Rasmussen/serialNumber=CVR:25450442-RID:4025266615467395
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8fae:1b6c:7dd5:37c1:d7db:7265:4b:5a84:cc65:e8ea:d6c0:b011:fac0:1220:
d2c1:9f68:bd68:fdee:c9ee:bed7:b1a9:0256:bb2d:fcf1:6759:a746:c911:97bf:4c6f:
a954:256d:0d63:5c0b:6945:a7ed:fc43:2eef:9ddf:137c:3f8f:0469:4263:615e:8771:
18c7:13ef:8faa:8b59:d505:231e:0e3b:9957:3cc3:024e:bedc:5d9d:4af8:fd9d:1000:
abb1:aaa0:3a69:8002:9610:747c:653c:8d9e:1fc5:9ad1:78e5:1552:802f:2d0c:4811:
28a3:89f4:f53b:801c:71f4:3e43:383b:2d5d:476f:6ea7:194c:a970:b806:fd0e:2b96:
ff76:f742:d96d:a167:cbbd:2ae1:8f08:a952:9978:557f:bf8f:27f5:7084:5550:4f5d:
2197:9952:1757:ebca:0803:bd49:3d15:d3bb:93dd:4ec0:1abc:37dc:866c:324a:741c:
a069:0321:20bd:11c0:ecdd:a8c3:99f3:1c32:380b:c4ac:9ce3:305a:8b15:c7ba:730b:
bcf7:1a6b:91fa:9eec:382a:4f82:833b:513c:4ac5:ca6d:f1ff:103b:b388:3cdc:75cc:
aa90:8bf1:8856:e2cb:8903:d4fe:4114:4865:fb00:e2d5:756b:786c:8261:9e8c:9444:
9313:624b:5e59:a97f:47f8:c4c2:6d4e:4fbd:44d2:df29:5b3c:7876:b556:1d42:5124:
8b03:1ba9:3168:d54f:24fe:dd7e:aef0:417c:6596:e942:3ef6:8856:e3db:979e:97f6:
dfd2:ee28:ba38:06e3:1c0b:6b83:dc5d:598c:7cb2:91c0:fa93:ce93:f100:174f:5406:
75f1:101b:e22f:fcfa:7724:a747:a423:a264:9fd4:f8c4:d0f7:b05c:0cc2:adca:44a6:
6148:0a3f:2fab:c458:309d:576c:64d0:0337:a331:9fbe:34ea:fe27:8ba3:e029:4c14:
f0cc:21d8:b2fc:ee9a:2f21:2756:c799:4b33:4103:ef6f:09a7:9833:fa86:9bb5:dd64:
a95e:1763
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement
Authority Information Access:
OCSP - URI:http://ocsp.systemtest22.trust2408.com/responder
CA Issuers - URI:http://m.aia.systemtest22.trust2408.com/systemtest22-ca.cer
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.31313.2.4.6.2.5
CPS: http://www.trust2408.com/repository
User Notice:
Organization: DanID
Number: 1
Explicit Text: DanID test certifikater fra denne CA udstedes under OID 1.3.6.1.4.1.31313.2.4.6.2.5. DanID test certificates from this CA are issued under OID 1.3.6.1.4.1.31313.2.4.6.2.5.
X509v3 Subject Alternative Name:
email:anni@lakesidesmi@lakeside.dk
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.systemtest22.trust2408.com/systemtest221.crl
Full Name:
DirName: C = DK, O = TRUST2408, CN = TRUST2408 Systemtest XXII CA, CN = CRL76CRL105
X509v3 Authority Key Identifier:
keyid:AB:A8:01:44:19:B0:B3:43:99:DA:FA:7C:CC:D2:00:18:03:E7:3C:BF
X509v3 Subject Key Identifier:
EB0A:4FB6:3B21:9006:5C8D:9181:87C7:1133:FB38:3FB0:2DC4:A265:A759:0142:69DE:97B7:B6BA:5D10:7C11:EE63
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
73c5:7511:90e9:8fde:c8c5:abca:4e6d:673b:e3a5:5874:e5ac:74fc:57fe:6efc:fb6d:402d:c9f5:931b:
0eac:c730:7bea:a2e6:e27f:e9d2:9bf6:abe3:b2cd:2c0e:7630:bd02:387e:8583:0191:5f2d:e9ca:4d57:
a05f:8cd7:aad8:f477:a079:4244:714e:2628:71a2:2afa:dc9a:8824:1500:a480:b45a:4e2a:bdec:1d27:
183a:f5f9:e6f9:1a2b:fef2:09a6:05f7:1320:92cd:6b0f:1f13:1346:9da2:8a2f:ba4e:8d6b:33ee:a4c0:
580c:22a7:b627:a6e8:57ee:707c:6e20:dec1:4b9f:235e:62db:6567:ce99:06d2:c346:0a52:4bc6:5ba2:
9a82:64db:fb4a:18a0:a165:0f6c:942a:57c6:9825:905c:b57d:d52f:2aeb:5dd0:b31a:0f40:bc7c:b81b:
8457:a096:812b:c921:d476:3919:d0a3:3985:06bf:a616:48dd:35b6:b45e:57ed:1716:0595:1a88:4cbe:
0283:ffa2:b841:9e4c:c092:831d:be7a:9800:8808:2532:c7b1:ccd5:1250:3674:edc8:1174:55cc:2a34:
0e6b:3592:ccda:66dc:bfb4:fc0b:8fc9:9c68:8f1a:86c7:57bf:ee83:9c60:5720:387d:903a:3874:3583:
15c0:4e37:ddf7:c9d4:e9ef:5333:45eb:baa4:4b85:6eb9:885e:2623:126a:5bdb:5f1e:5bd9:1d8f:7c26:
5880:9f:fe7e:efea:65da:5106:24a3:85df:e1d4:eb:de47:f595:ff62:91b3:5dcf:ebbc:e051:ec27:3a:
46d9:db72:73e7:8223:a52d:847c:b0be:e8e2:e70a:69d4:93c5:aed2:61d0:02c2:043c:199e:3398:56d5:
289b:f619:b57a:20ff:d29c:3f97:52e7:a834:8ae8:a64a:62b2:cdc8:8fb3:c557:b6d6:355e:02fc:81f5:
16fc:fbd8:c4c5:df2e:d5b1:2fc2:5c54:5f16:38d8:e9f6:8d4a:67f9:570c:7d0a:ebf5:192f:0f62:7fe1:
3eea:a573:6a79:8b42 |
Selve requestet til STS ser således ud (bemærk især claims om brugeren 'medcom:UserCivilRegistrationNumber' og 'medcom:UserAuthorizationCode'UserRole', der udpeger en national rolle):
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Envelope">
<soapenv:Header>
<wsse:Security id="AAABdiJ5Tp5qHUF3ucrocFNPU0kAAABdiOJLQLCKRtsExEt5lNPU0k=">
<wsu:Timestamp>
<wsu:Created>2020-12-02T0802T12:0259:24Z<21Z</wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<wst:RequestSecurityToken Context="www.sosi.dk">
<wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion:</wst:TokenType>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wst:Claims>
<saml:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2020-12-02T0702T12:5754:24Z21Z" Version="2.0" id="IDCard">
<saml:Issuer>TheSOSILibrary</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:cprnumber">0804569723<>0112709169</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-02T0702T12:5754:24Z21Z" NotOnOrAfter="2020-12-03T0703T12:5754:24Z21Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>bkRCjUrGv397gdbh9FvqDgAttributeValue>pevuDgRPbuLMgJCGYlEFdQ==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:OCESCertHash">
<saml:AttributeValue>RIQsET5XYrNoH/CVyZdYqa7GvYQAttributeValue>WiEtM2flJxiqUguE7Xz2YwZ7Vdo=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>0804569723<AttributeValue>0112709169</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Casper<AttributeValue>Peter</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Rasmussen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserEmailAddress">
<saml:AttributeValue>casper56@hotdocsAttributeValue>p@rasser.dk</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>Læge<AttributeValue>nspSundAssistR1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>CBNH1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserOccupation">
<saml:AttributeValue>Læge<AttributeValue>Test</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>25450442</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>LAKESIDE A/S</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>crGwfhPSXjudjc9vCMFFfpy24W0DigestValue>XS1znoTDRVDY/gpcAuhZtSsq99U=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Fm9MAXQFMfMlWZT3UXPLwMVRL9sBt9IPo1STf8Cvyvva1xahuPR7fIarFjOui5y2JI+COYwx5saUhWKzvFyTuKQcVWsWJ9iS1mxxHmWF6KtSVLEpisTh7+MyLe/Ko98PD0nDc7/Vx4jnv+NIMdOeBnyIBI5TjTw8wfG2OKjtagdR/dwcfJad33Iy5DZP+v1+lKOmpS3vgcMlYJy/HSlSNejwdJGx5vr5LZav7/44QDll6ulewIKFe5hJGGh7c9EDv0VBxNXGp/vIYqOAV/bnsspThhtsuuS+b7rxlwvWF/j63OlNss5O3UBkFH2sh1WSX4ilMSFNuThXx5oA51zxTwSignatureValue>kFS/v3qvwcg7TZ8ftxnjwjzrcxX+BLsldsN/9S5/Cq/FQWj8JMhmhrEK/4KwYmeuLKWBq35HRRX5CYFZ0M7tkKQXiwTcBxIe0jOQjDz6MoJQ+JhDAXbIoZyeAg6UYAuu3NX370JQP1eKjMBBOYD8idUCRqaMtzmairqbveJKpdp0h6wF+fE95MKeVP+62ucvutXFDm1SmjDvB+WW7eIQFSgtCldNkTdCPZHU+xRcCEPjvwA287DaEmfR0jh0nWiWK7Cv/CSxlkksQZp2yJx/NfwQgYplV1JgO9jpv550P3cZgfXAYmUrJf+BnjFK6zGYi2PsVwX/1pwQqnTvZsT+zw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGIjCCBQqgAwIBAgIEWRzJeDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE4MDgzMDEyMzgzNloXDTIxMDgzMDEyMzcyMlowcTELMAkGA1UEBhMCREsxJTAjBgNVBAoMHExBS0VTSURFIEEvUyAvLyBDVlI6MjU0NTA0NDIxOzAXBgNVBAMMEENhc3BlciBSYXNtdXNzZW4wIAYDVQQFExlDVlI6MjU0NTA0NDItUklEOjQwMjUyNjY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxt9N9dyS1rM6Naw+hLSn739yb6xArv8Z6fJl0ypJQ1caaf8Lp0TPwRCYYcYE4+L1SMOmTwCvl1K/RCrqjqAlnRljR+aeBWALUgoifWAcT44LUduGam4/Sv/99mhyyqPqZlVvydwVU8hmRfrCL0905NOGjeGMnSgAyAR7KiZHDjEnDCLx3O8GpGeOE+DUUrK8RCzPHWqi4jiidRBSPvidXiCnpSTYl6pR8RtT0TfW3i1HVGLGzHVJN2uQWXpPojjl5ff7roGHGvcWXyR+s7xF1R1EOL8d6ekop/40LAMrURhCi/EMFdkA6OfNP6L4EzwIbLuLyfHS0HvCZj6m92pFwIDAQABo4IC6TCCAuUwDgYDVR0PAQH/BAQDAgP4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vbS5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYCBTCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjIuNS4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjIuNS4wGwYDVR0RBBQwEoEQYW5uaUBsYWtlc2lkZS5kazCBrAYDVR0fBIGkMIGhMD2gO6A5hjdodHRwOi8vY3JsLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QyMjEuY3JsMGCgXqBcpFowWDELMAkGA1UEBhMCREsxEjAQBgNVBAoMCVRSVVNUMjQwODElMCMGA1UEAwwcVFJVU1QyNDA4IFN5c3RlbXRlc3QgWFhJSSBDQTEOMAwGA1UEAwwFQ1JMNzYwHwYDVR0jBBgwFoAUq6gBRBmws0OZ2vp8zNIAGAPnPL8wHQYDVR0OBBYEFOtPO5BckYcR+z8toqcBaZe2XXzuMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAHN1kI/Iq05n41jldFdu+0DJkw7He6Li6Zursix2vTiFAV/pTaCMqvSgQnEmcSrciBWktE69HRj15hr+CQUTkmsfE52Kuo0zpFgitqZXcG7eSyNiZc4GwwpLW5pk+xihD5RXmJC11Spdsw+8uISggcnUOdA5BqZINbRXFwUaTAL/uJ7Ag76YiCXHzBI27RFVKg41zGa//I+cj4ZX7pxXOJA4NRVO3cnpU0W6S26IJhJbX1sdfFj+72VRJIXh6971/5Fd6+DsOkbbc4KlhLDo52mTrmECBBkzVij2tSDSP1KoiqZizY/FtjUCgRb7xN/VL1xfOOmNZ1d96xkPfz6laosX509Certificate>MIIGITCCBQmgAwIBAgIEW6qubDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE4MTIxOTA5MTc0MFoXDTIxMTIxOTA5MTcwNVowcDELMAkGA1UEBhMCREsxJTAjBgNVBAoMHExBS0VTSURFIEEvUyAvLyBDVlI6MjU0NTA0NDIxOjAWBgNVBAMMD1BldGVyIFJhc211c3NlbjAgBgNVBAUTGUNWUjoyNTQ1MDQ0Mi1SSUQ6MTU0NjczOTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCubNXB22VLhGXqwBHAIMFoaO7u16lWLfFZRhG/b1RtYwtF7UPv33yPaWNeccfvqlkFHjtXw07cnfidALGgaQIQfDyexdHlUi8MEaP0Oxz0Qztdb6dMcAYOlnZCbWe94QhSeH+P9YRQXZdSV8oDSRW73cC83GxKHGkhvcDdw/MyC6zjWhW6C/dr+uwqgjs8xW3/O4jczJDxVssD/hRlANVrbGGMRBNLWX/4wk690ik8dlZCJAOpaE/+fvB8lkL2Vtue9tIoOOMLg12MssCTkwBPBvEbL/okRyNk1MT3XMLKpkg/q1idbNA3Mb7qJ6MpFMzY/JohVpkzA2+nM4a1ZF5jAgMBAAGjggLpMIIC5TAOBgNVHQ8BAf8EBAMCA/gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9tLmFpYS5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjItY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgIFMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuMi41LiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuMi41LjAaBgNVHREEEzARgQ9zbWlAbGFrZXNpZGUuZGswga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDEwNTAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUCrYhBo2BxzM4sMRlWULet7oQEWMwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAxRHp3sXKbTuldKz8/vxtLfUbrDDq5n/S9uPNDjACfoORLcpXX9fYd3lETiii+pokAIBaKuwnOvn5K/Km9yDNDxNGoi9Oa+7ADKcn6O58IMGfXttnmdJGUsaigttKoGVsKsYlXH0v69AaQHwbV5YrIXYZo4W/Ft22Xu0WlYi+g6JBTJIdegAIMrHVUHTIdMw0a5La3LQLyWgax7+DYCB9OnSDwDf31O8z66SFuV4jatse2Y8mgJ9+6toGo9/U60eVYrPPvFEn2XLnIy18vuIK1MXS0MI8npjVmxl6/5yX5zToSrLIs1fWXvz1/NjFLrHCVBbY9kr5DAr1L2Lh6nN5Qg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:Claims>
<wst:Issuer>
<wsa:Address>TheSOSILibrary</wsa:Address>
</wst:Issuer>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" id="Envelope">
<soapenv:Header>
<wsse:Security id="AAABdiJ5Tp5qHUF3ucrocFNPU0kAAABdiOJLQLCKRtsExEt5lNPU0k=">
<wsu:Timestamp>
<wsu:Created>2020-12-02T0802T12:0259:30Z</wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<wst:RequestSecurityTokenResponse Context="www.sosi.dk">
<wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion:</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion IssueInstant="2020-12-02T0702T12:5754:30Z" Version="2.0" id="IDCard">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">SubjectDN={CN=CasperPeter Rasmussen + SERIALNUMBER=CVR:25450442-RID:4025266615467395, O=LAKESIDE A/S // CVR:25450442, C=DK},IssuerDN={CN=TRUST2408 Systemtest XXII CA, O=TRUST2408, C=DK},CertSerial={14950588081537912428}</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-02T0702T12:5754:30Z" NotOnOrAfter="2020-12-03T0703T12:5754:30Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>uqU7WoiYXI0usmYQ5GvBsAAttributeValue>2v9vhP7vCvqb+ecgaHfxAQ==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:OCESCertHash">
<saml:AttributeValue>RIQsET5XYrNoH/CVyZdYqa7GvYQAttributeValue>WiEtM2flJxiqUguE7Xz2YwZ7Vdo=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>0804569723<AttributeValue>0112709169</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Casper<AttributeValue>Peter</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Rasmussen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserEmailAddress">
<saml:AttributeValue>casper56@hotdocsAttributeValue>p@rasser.dk</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>CBNH1<AttributeValue>urn:dk:healthcare:national-federation-role:code:41001:value:SundAssistR1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserOccupation">
<saml:AttributeValue>Læge<AttributeValue>Test</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>25450442</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>LAKESIDE A/S</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>7rGpBft4x09fFey3Ny/ygbSmRI4DigestValue>Mnd1o9kSuZRLoI0Aep95HruozN4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>e14AkKe/qygk07YrDjzdEzOs7TN0mVPjN4yioh8trDsKhSmx9hO8Sg/zzpRewA4FweLVh+muBSwNR//By6XoLA4nUC7aBqHQ14maBCojwzYH5dmgua2VMAYBECk/fi/3WrMo1qd6EGCHjUOnFnaiyRLQgSc99vF6dHGmW/AeyVdAv7miJcTWNnu4MbtrcBNNnJeClBHJlpAu1708+wjoDSkDcB7BvUYkWqKNuXNdxecYbR6TBjo4S4FrT0Yt7qsXpLRIBxXLBia5BbA/XXzYLcDYPxP7USbSJ47jq18M65llXG56dhxihJzt4WVLFXfBit9oPkhnfF2QfSjZzy6l3gSignatureValue>fWky1+83mI3N0R47naGAjUE9fm31LsR2wXfuIsaBZ350A1pube5YM2e5V+BXr69syP6fCBB7KLy33wajKHU6dLYrlpa6THKebixRw1Yaq7XWD4Eq8oh5trFcTQ1t82jTBirPy8J15I/pqTFfkzoRtEeQa4ytpoGkDfQGjuJMcnRgrWoJoXVrJiqesmV3TzK4aj8G2FkDKl/hfVjR7oWdWNTJJIxW4Urq2ssfEFX9KU8eY4CWHQl/Y4eKswstKKqecEMacX5Tw9T7LtWTWYAUZ/+O1c6AauMzkdyHC45tJSwdpeXDwvtAF7fenKb70BNT/7F9EDi4lSSDu2Oxdcrg4g==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wst:Status>
<wst:Code>http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid</wst:Code>
</wst:Status>
<wst:Issuer>
<wsa:Address>TEST1-NSP-STS</wsa:Address>
</wst:Issuer>
</wst:RequestSecurityTokenResponse>
</soapenv:Body>
</soapenv:Envelope>
|
...