Page History
...
Brugertypen Borger (sundhed.dk) | Verifikation | Mapning til DDS ServiceActor | ||
| SecurityContext | Ticket | Audience | Verificeres ikke - må gerne være der | |
| Validity | Er valid | |||
| Message | Verificeres ikke - må gerne være der | |||
| ActingUser | UserType | Må ikke være der | ||
| PrincipalUser | UserType | Må ikke være der | ||
| Organisation | IdentifierFormat | Skal være CVR | ||
| Identifier | Skal være der og skal være "niveau 3" whitelistet | |||
| Name | Verificeres ikke - må gerne være der | |||
| Client | Verificeres ikke - må gerne være der | |||
HSUID Header | Det verificeres, at HSUID headeren findes, og at den modellerer en borger. NB. I praksis bør HSUID Headeren foldes ud, hvis den bruges, og anvendelsen af de enkelte egenskaber beskrives på samme måde som ovenstående egenskaber fra NSP Security API. | Brugertypen: Borger PersonIdentifier | ||
Eksempel på DGWS billet
Hvis billetten indeholder denne SAML attribut, så er der tale om en DGWS billet:
| Code Block | ||
|---|---|---|
| ||
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute> |
Note: Både DGWS version 1.0 og 1.0.1 er understøttet i NSP Access Handler.
DGWS request:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Envelope">
<soapenv:Header>
<wsse:Security>
<wsu:Timestamp>
<wsu:Created>2025-06-19T11:52:36Z</wsu:Created>
</wsu:Timestamp>
<saml:Assertion IssueInstant="2025-06-19T11:47:36Z" Version="2.0" id="IDCard"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">urn:uuid:30609219-f56d-430f-a9c2-9da7484146bb</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2025-06-19T11:47:36Z"
NotOnOrAfter="2025-06-20T11:47:36Z" />
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>e3iEGSXf41Zbfh+RoTABPA==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>0911809931</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Edgar</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Codd</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>
urn:dk:healthcare:national-federation-role:code:41008:value:SpaerAdminR8</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Service Consumer Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>33257872</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Sundhedsdatastyrelsen</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>dM+zngXyLFh5QFRVzbCbhJwP5Yg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
VRAZOjMrCSXaD6K/ne/yp8YZt4c6iBzaPlPrISKrXep3pD/LZztSt1q4XvFJAVl4GiO67zERPiSY89kQ/XJqFLebo80dMorv/+BTOcLaAJC6zbY/9gYAkzERXZwkfQMxnMLmyZF6SBmfOcpt2s2pi7qBQXev3ubpDIadIbC3EAm7oR6nU4upomU71wlZVBVyRnxKMbLDxYXwjFh+ITVaihgFCoiHzmj32doRi1CO5qbmBlM0ekBckKfulhRAOYXPF8IfKpKzZjCSMYRnNsNNT9N5If3BL7MctIbUdfPzZ9Uit+ss7iliLuhArOGRzGX+abVOphzmih87QhXvUXUULa7ekTv+onlB3qKUgHZu89EwT3sbj5Vy4UkwvleqzXQzosfAQLpDzyuRshizLuNoczJ4VG4nmVj6sRbS+2deM9BU6R2PW+1D3thfdwc8F3XNb6PsTJJAX1Y2v5lwZKu/d5ft2N39EtzBpybHvi7P1GheqQO/XhAEv/lUHAaZuVHd</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUR5IfpZdXnxp/UHxA0KWAcKzWcm4wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMzA1MTIxMTIzMDFaFw0yNjA1MTExMTIzMDBaMIGeMR0wGwYDVQQDDBRTT1NJIFRlc3QgRmVkZXJhdGlvbjE3MDUGA1UEBRMuVUk6REstTzpHOjU4ZjEwNDNkLTNkMmYtNGRlZC1hYjUwLTk0MGRiNDc3NmExODEeMBwGA1UECgwVU3VuZGhlZHNkYXRhc3R5cmVsc2VuMRcwFQYDVQRhDA5OVFJESy0zMzI1Nzg3MjELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCDqOcDXr2tsBXp3QqYpoZCyJAJQ4+rEtmOLJL/Qyol+5e2NyBOqIGdpXdcSI6hCTYEQu/67EDFRcO9yU6yD/u7xOcy+t3eCqx1ydOy20AZCdcKwRmxBzyQN5er+mBErG2+iprTWJdpwCw0mwjNt5edusm7Nwufk0AkN5nxvEEynwesTdTqgLzL99Jk1zdg0uokROg1s13CCvpenYks8+yXwgddO/36WmUn9V8N+1MIu+UpwsULB9zsNCU8qlDzlgg1u6nr8nnKTBBwT2mXl4xCOF2EEJF5lGUaJ+NOu/ljI2WN2pEUsiqpZPvsI14teJKucH4zCV2y7PhyCBacuti7rEZjuZ6ELeTiUvgs+TqqTFGn3dxCq6FOgz5z5N2ypPTPzg/ntBH0CqkjFn+loh5GIBcA8ff5AHNjqM3Ygu/u1p+BwszeGJLAwk0AUtp67aB4QBGuh73vWsaeERwg4Hc1HeNldv/I4iyMQFlp1qsZoAC6cApeoM6umihYcTfi7rMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQoPAINYQR2GfgN1KAQMauutePL6jAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQC31Dtgc8+hxB0v+/RL1N3SsyfIxKNVJBhkl2Rfihn700Or5E+0ETyP8mV8MadraDBDYbwMkd3TNOzuF6Ct8c4X5mv+XKr8m0eDPlh7I7mMZ5zzpVw5Co4Wiwwiv9Hb59P/c182FaSPAA1bpmko9AH+duPcquiQELoSRfqW23B2cejACd95XbyXQVFdbCdhyCGAexbJ4egChJsXPU2zAOXq1/pa5bNSmJMsJgqP36bTbA6r+mjv0FArkrL76W1kmchpj6F4tSuDaaJlUmKvmzzBomwhlQRr/vxZc0FOamnJ8is9wC49tOaEMUx2l2iSWZKXMh4C6LQC8hQsjiXnYsERAWgeqwzqtVE3iKaGhOv+W7ECKFndGjYM95bdVK8x9BymTrPun63BCiVGqhMzsEc2RkvbKgBpb7L+Ont0EAahwcTshBzfe0jhA2thWHNGFxXpNqI0ZaAo/NKJpHK3I0EACAB0/VjiQZ/inSKtPnof1/nQZ32QWX3ij0VkX2mE2Pw=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wsse:Security>
<medcom:Header>
<medcom:SecurityLevel>4</medcom:SecurityLevel>
<medcom:Linking>
<medcom:FlowID>0d4c8217-fd48-4c43-a85d-c9f1a48eaec6</medcom:FlowID>
<medcom:MessageID>346d3126-e1e5-47a0-bd4f-8e3735910d62</medcom:MessageID>
</medcom:Linking>
<medcom:RequireNonRepudiationReceipt>no</medcom:RequireNonRepudiationReceipt>
</medcom:Header>
</soapenv:Header>
<soapenv:Body>
<ns3:ConsentAddConstraint
xmlns:ns3="http://sundhedsdatastyrelsen.dk/minspaerring/2022/02/07"
xmlns:ns2="urn:dk:nsi:consentservices:types">
<ConsentAdds>
<ns2:citizenCPR>0505785556</ns2:citizenCPR>
<ns2:what>
<ns2:includeSubOrganizations>false</ns2:includeSubOrganizations>
<ns2:organizationIdentifier>91331000016003</ns2:organizationIdentifier>
<ns2:referralEnd>2025-06-20T00:00:00+02:00</ns2:referralEnd>
<ns2:referralStart>2025-06-19T13:52:34+02:00</ns2:referralStart>
</ns2:what>
<ns2:validFromDate>2025-06-19T13:52:34+02:00</ns2:validFromDate>
</ConsentAdds>
</ns3:ConsentAddConstraint>
</soapenv:Body>
</soapenv:Envelope> |
Resulterende sikkerhedsmodel:
| Ticket | isValid | true | |
| Federation | Test | ||
| Audience | |||
| Created | 2025-06-19T11:52:36Z | ||
| ValidFrom | 2025-06-19T11:47:36Z | ||
| ValidTo | 2025-06-20T11:47:36Z | ||
| Message | Identifier | 346d3126-e1e5-47a0-bd4f-8e3735910d62 | |
| ConversationIdentifier | 0d4c8217-fd48-4c43-a85d-c9f1a48eaec6 | ||
| Action | |||
| ActingUser | Type | HealthcareProfessional | |
| IdentifierFormat | CPR | ||
| Identifier | 0911809931 | ||
| GivenName | Edgar | ||
| SurName | Codd | ||
| Credentials | AuthorizationCode | ||
| EducationCode | |||
| NationalRole | urn:dk:healthcare:national-federation-role:code:41008:value:SpaerAdminR8 | ||
| UnverifiedRole | |||
| PowerOfAttorneyPrivileges | |||
| Age | |||
| Relation | |||
| Organisation | IdentifierFormat | CVR | |
| Identifier | 33257872 | ||
| Name | Sundhedsdatastyrelsen | ||
| Client | Name | Service Consumer Test | |
| PersistentUniqueKey |
Eksempel på IDWS billet
Hvis billetten indeholder denne SAML attribut, så er der tale om en IDWS billet:
| Code Block | ||
|---|---|---|
| ||
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute> |
IDWS request:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:sbf="urn:liberty:sb" xmlns:sbfprofile="urn:liberty:sb:profile"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2025-06-19T11:40:33Z</wsu:Created>
</wsu:Timestamp>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
ID="_ec8cceba-dec8-4a2e-9297-dbf4a4586998" IssueInstant="2025-06-19T11:40:33Z"
Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_ec8cceba-dec8-4a2e-9297-dbf4a4586998">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>jexkOGctE6bcSMRT4TqMjAd8FoY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
R7BXDl2KnCekfIKJhdsbgrC6jSSOQTCKjqEET+9wpFuNAs+zYprN25bOJvDKgoViyFFQ3m71kHAPlJDoRcx1pUtBP7JWJ+YtoQzXce6Vg5iGYgZXWwAlvcotBGfQ8pkV/cPRBuTLG6pWBf8Y82tWpsimtjaQSgfka2zZxK+YGn578Tt5xMl2+nPjKefTTuaZJ/CiYK+WuLra7x4NN+f5reqVXUb96BJkK8JKlBlI/tdb2hpCqszh04sEOZ6NI/rIUh7g33r3vqOO410jWODhgD0HtyZ0+NyvqFnsX7nFIFiGsZDagZzxgO+5bE6ME8CZbDQwOCo33DMKrEgUAStp04AXj5yEW+5NNRsyYAvTXVbRne2EO+jap3vx74tyAWUViZkE/gm5so0pXZ3xyR8TZGJOkUwIqBlSFgL5IADMix5XWUEMHuv/5W6lGj7PAH+lQdsmBPZktCBrm0gx3AJUB+WyjP+001uIduKBjZDz234DGXt6fEGcHDMIOWwvZ+LQ</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUR5IfpZdXnxp/UHxA0KWAcKzWcm4wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMzA1MTIxMTIzMDFaFw0yNjA1MTExMTIzMDBaMIGeMR0wGwYDVQQDDBRTT1NJIFRlc3QgRmVkZXJhdGlvbjE3MDUGA1UEBRMuVUk6REstTzpHOjU4ZjEwNDNkLTNkMmYtNGRlZC1hYjUwLTk0MGRiNDc3NmExODEeMBwGA1UECgwVU3VuZGhlZHNkYXRhc3R5cmVsc2VuMRcwFQYDVQRhDA5OVFJESy0zMzI1Nzg3MjELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCDqOcDXr2tsBXp3QqYpoZCyJAJQ4+rEtmOLJL/Qyol+5e2NyBOqIGdpXdcSI6hCTYEQu/67EDFRcO9yU6yD/u7xOcy+t3eCqx1ydOy20AZCdcKwRmxBzyQN5er+mBErG2+iprTWJdpwCw0mwjNt5edusm7Nwufk0AkN5nxvEEynwesTdTqgLzL99Jk1zdg0uokROg1s13CCvpenYks8+yXwgddO/36WmUn9V8N+1MIu+UpwsULB9zsNCU8qlDzlgg1u6nr8nnKTBBwT2mXl4xCOF2EEJF5lGUaJ+NOu/ljI2WN2pEUsiqpZPvsI14teJKucH4zCV2y7PhyCBacuti7rEZjuZ6ELeTiUvgs+TqqTFGn3dxCq6FOgz5z5N2ypPTPzg/ntBH0CqkjFn+loh5GIBcA8ff5AHNjqM3Ygu/u1p+BwszeGJLAwk0AUtp67aB4QBGuh73vWsaeERwg4Hc1HeNldv/I4iyMQFlp1qsZoAC6cApeoM6umihYcTfi7rMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQoPAINYQR2GfgN1KAQMauutePL6jAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQC31Dtgc8+hxB0v+/RL1N3SsyfIxKNVJBhkl2Rfihn700Or5E+0ETyP8mV8MadraDBDYbwMkd3TNOzuF6Ct8c4X5mv+XKr8m0eDPlh7I7mMZ5zzpVw5Co4Wiwwiv9Hb59P/c182FaSPAA1bpmko9AH+duPcquiQELoSRfqW23B2cejACd95XbyXQVFdbCdhyCGAexbJ4egChJsXPU2zAOXq1/pa5bNSmJMsJgqP36bTbA6r+mjv0FArkrL76W1kmchpj6F4tSuDaaJlUmKvmzzBomwhlQRr/vxZc0FOamnJ8is9wC49tOaEMUx2l2iSWZKXMh4C6LQC8hQsjiXnYsERAWgeqwzqtVE3iKaGhOv+W7ECKFndGjYM95bdVK8x9BymTrPun63BCiVGqhMzsEc2RkvbKgBpb7L+Ont0EAahwcTshBzfe0jhA2thWHNGFxXpNqI0ZaAo/NKJpHK3I0EACAB0/VjiQZ/inSKtPnof1/nQZ32QWX3ij0VkX2mE2Pw=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
dk:gov:saml:attribute:CprNumberIdentifier:0606786666</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData NotOnOrAfter="2025-06-19T11:45:33Z"
Recipient="https://audience.nspop.dk/minspaerring">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2025-06-19T11:35:33Z"
NotOnOrAfter="2025-06-19T11:45:33Z">
<saml:AudienceRestriction>
<saml:Audience>https://audience.nspop.dk/minspaerring</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">0606786666</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<wsse:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd"
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
wsu:Id="str">
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">
_ec8cceba-dec8-4a2e-9297-dbf4a4586998</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>epbtquIxtP3WLvq5LA9g34ppHH8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>eV/t3qZZi3KIN8b6c8nEVk4tYo4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#str">
<ds:Transforms>
<ds:Transform
Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>jSy1ZmT7UXWQ0CX95A646d3kKs0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>JxENTjL5EN9cABoD0gQGcN/M9HE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>QwkYIg+CjKd2Gf5dGezYdZeyiSY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#sbf">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>DrMuEoWp7Uik1KTUOuvtisxvpXA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
biF8u9LC9jy9F1hz8coeDT6rYCav8bXUHpS7Pms+2kt8FskDql0tQ3E4DPV7err9qdzDG8Y+E+31f/Fwbtmwdd6cfONMNozZXHk9D0ZEWkmgb+wtdYbQAmXZrTUR+RdGzevE+4Vct2uR1Xt9oe/fxO9TOAcTYoq33LhCC1TozNMxDMlN1lBLlNPpR9GkQgkVKG3WRWMSYy8naozBoEeMR5JBJdk8Cj1U0BN28iJ212DhhkIHCmlXRmbPx2iETIoh1aJeWKPtHnBRyBGNDjWjQP+u6W0aaIwk/ARY8QaRSyzQPRHgmhassxZZ+NGc8Cwxor9boVU5ypCGgI6DOA9Of9Nhug5citgKLUQCc+efIGM8cs/D+cABHUBLnod19Mj0O8ApDJtcvPWAL7dlJrZVSo3kqfOGaparKe8rkk1ku4Bk8LWyKrg6+ptDb23cHMBh3OYlGsJgGOCrpNYduwi/fa+Tuy4v4n3a/EqeyKyB75fAikmriUXvLXSQ+tppRJcd</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd"
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
wsu:Id="sigStr">
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">
_ec8cceba-dec8-4a2e-9297-dbf4a4586998</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:MessageID wsu:Id="messageID">fdbaaa66-102a-469a-bd96-c63db7b950e9</wsa:MessageID>
<wsa:Action wsu:Id="action">urn:dk:nsi:consentservices:administration:service:1#ConsentAdd</wsa:Action>
<sbf:Framework sbfprofile:profile="urn:liberty:sb:profile:basic" version="2.0" wsu:Id="sbf" />
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<ns3:ConsentAdd xmlns:ns3="urn:dk:nsi:consentservices:administration:service:1"
xmlns:ns2="urn:dk:nsi:consentservices:types">
<ConsentAdds>
<ns2:citizenCPR>0606786666</ns2:citizenCPR>
<ns2:positiveConsent>false</ns2:positiveConsent>
<ns2:validFromDate>2025-06-19T13:40:32+02:00</ns2:validFromDate>
</ConsentAdds>
</ns3:ConsentAdd>
</soapenv:Body>
</soapenv:Envelope> |
Resulterende sikkerhedsmodel:
| Ticket | isValid | true |
| Federation | Test | |
| Audience | https://audience.nspop.dk/minspaerring | |
| Created | 2025-06-19T11:43Z | |
| ValidFrom | 2025-06-19T11:38Z | |
| ValidTo | 2025-06-19T11:48Z | |
| Message | Identifier | 7e2a1f0e-7fe8-4467-b81b-b305199462ea |
| ConversationIdentifier | ||
| Action | urn:dk:nsi:consentservices:administration:service:1#ConsentAdd | |
| ActingUser | Type | Citizen |
| IdentifierFormat | CPR | |
| Identifier | 0606786666 | |
| GivenName | ||
| SurName | ||
| Age | ||
| Relation | ||
| Client | Name | MyTestSystem |
| PersistentUniqueKey | UI:DK-O:G:8d3fa047-c77e-47e4-bdd2-e91488610ce6 |
Eksempel på JTP-H token
Hvis Content-Type for requestet indeholder "JSON", så håndteres det som en JTP-H token, da det pt. er det eneste der er understøttet i NSP Access Handler.
Eksempel på JTP-H token:
Resulterende sikkerhedsmodel:
| Ticket | Audience | http://audience.nspop.dk/test |
| Validity | true | |
| Created | 2025-06-19T11:14:48+02:00 | |
| ValidFrom | 2025-06-19T11:14:48+02:00 | |
| ValidTo | 2025-06-19T11:16:48+02:00 | |
| Message | Identifier | |
| ConversationIdentifier | ||
| Action | ||
| ActingUser | Type | Citizen |
| IdentifierFormat | CPR | |
| Identifier | 1234567890 | |
| GivenName | Henning | |
| SurName | Thomsen | |
| Age | ||
| Relation | ChildCustodyHolder | |
| PersistentUniqueKey | 46f8cb60-4e29-42ba-8d08-501a34375b6b | |
| PrincipalUser | Type | Citizen |
| IdentifierFormat | CPR | |
| Identifier | 0987654321 | |
| GivenName | ||
| SurName | ||
| Age | ||
| Relation | Child | |
| Client | Name | MyTestSystem |
Implementation af validering og mapning af brugertyper
...