Page History
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Envelope">
<soapenv:Header>
<wsse:Security>
<wsu:Timestamp>
<wsu:Created>2020-02-21T13:37:40Z</wsu:Created>
</wsu:Timestamp>
<saml:Assertion IssueInstant="2020-02-21T13:32:33Z" Version="2.0" id="IDCard">
<saml:Issuer>CSTAG-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">SubjectDN={SERIALNUMBER=CVR:30808460-UID:25351738
+ CN=NETS DANID A/S - TU VOCES gyldig, O=NETS DANID A/S // CVR:30808460,
C=DK},IssuerDN={CN=TRUST2408 Systemtest XXII CA, O=TRUST2408,
C=DK},CertSerial={1538079460}</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-02-21T13:32:33Z"
NotOnOrAfter="2020-02-22T13:32:33Z" />
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>+Z/Pwyh53J8NNTFy+lil/g==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>system</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:OCESCertHash">
<saml:AttributeValue>6FrE4qXtnOTM/vQvP53h5KUhzd0=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>SOSITEST</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>30808460</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>orgName</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ISAWquDPx9zE1U+o5mW4R7w+hLA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
wspDBdACGNRFaRtVumj4jWq3BD3fcPcTsB7vJx/6vFlb1CPpcXLdozOPCSDy0Yio8X4UQK49g6FZrb+TK9mkgvR7lyUEe8hLd+FRkF03uOmo1BoFuL/2mHsGgeQJdPLtjlmrYTXWqpqK2T5XS84fFWEIqFWljtV2bXWSR2u6Y+8xutgWdtSa0gBeGKHHwnWDXH8x7Zr6ooslFB2/FbaysrUEj8Q6kpyQ9QO4gh1AvMp8bVAMc7Z8EOsybbiMBfxBzT0RcMLGrG546x+SvdrYIY60jW+QyPMowmQumlsvDt5HnJmYYq+y81EwrBDGtpbXxRyPNQIK3wyE/wuFCa/Kqw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wsse:Security>
<medcom:Header>
<medcom:SecurityLevel>3</medcom:SecurityLevel>
<medcom:Linking>
<medcom:MessageID>AAABcGf313k2LiC/mzg5OVNPU0k=</medcom:MessageID>
</medcom:Linking>
<medcom:RequireNonRepudiationReceipt>no</medcom:RequireNonRepudiationReceipt>
</medcom:Header>
</soapenv:Header>
<soapenv:Body>
<ml:ListLogStatementsRequest xmlns:ml="http://nsi.dk/minlog/2014/05/23/">
<cprNR xsi:type="II" root="B2E25F59-46A7-4E28-BF49-8D334E2AA756"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">1410772120</cprNR>
<pageSize>30</pageSize>
</ml:ListLogStatementsRequest>
</soapenv:Body>
</soapenv:Envelope> |
Resulterende sikkerhedsmodel:
...
Hvis Content-Type for requestet indeholder "JSON", så håndteres det som en JTP-H token, da det pt. er det eneste der er understøttet i NSP Access Handler.
Eksempel på JTP-H token:
Resulterende sikkerhedsmodel:
| Ticket | Audience | http://audience.nspop.dk/test | |
| Validity | true | ||
| Message | Identifier | ||
| ConversationIdentifier | |||
| Action | |||
| ActingUser | UserType | Citizen | |
| IdentifierFormat | CPR | ||
| Identifier | 1234567890 | ||
| GivenName | Ove | ||
| SurName | Ditlevsen | ||
| Credentials | AuthorizationCode | ||
| EducationCode | |||
| NationalRole | |||
| UnverifiedRole | |||
| PowerOfAttorneyPrivileges | |||
| PersistentUniqueKey | e7c3a3db-d397-4c43-bf50-b31cc1a46dbf | ||
| PrincipalUser | UserType | ||
| IdentifierFormat | |||
| Identifier | |||
| GivenName | |||
| SurName | |||
| Credentials | AuthorizationCode | ||
| EducataionCode | |||
| NationalRole | |||
| UnverifiedRole | |||
| PowerOfAttorneyPrivileges | |||
| PersistentUniqueKey | |||
| Organisation | IdentifierFormat | ||
| Identifier | |||
| Name | |||
| Client | Name | ||
| PersistentUniqueKey | MyTestSystem |
Ansvarsfordeling mellem komponent og NSP Security API
...