Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Denne omveksling kan modtage et OIO Bootstrap token og returnere et medarbejder DGWS ID kort.

Et OIO Bootstrap token er en SAML 2.0 Assertion der repræsentere en bruger. Det udstedes af en Identity Provider (IdP). Det er muligt at opbygge et OIO Bootstrap token vha. Seal.Java, men det typisk kun til testformål. Et OIO Bootstrap token kan valideres ved at tjekke det audience der er udstedt til, er det gyldigt i tid og er signaturen valid. DGWS står for Den Gode WebService og er en SOAP-webservice profil, der fastlægger standarder for autentifikation og kommunikation af fælles sundhedsfaglige
oplysninger mellem sundhedssektorens parter. Den gør det muligt at kommunikere personhenførbare sundhedsoplysninger på en sikker og fleksibel måde. Et medarbejder DGWS ID kort er angivet til at have sikkerhedsniveau 4 og det er signeret med et MOCES OCES3 certifikat.

Den indlejrede SAML 2.0 Assertion er signeret og signeringscertifikatet er indlejret, så modtageren kan validere signaturen af et OIO Bootstrap Token.
Det samlede request der sendes til en STS er signeret af en troværdig tredjepart, der enten kan være lokal IdP eller SEB. Det samlede request kan valideres vha. det Holder Of Key certifikat der er indlejret i OIO Bootstrap Token.

Et DGWS ID kort er en sikkerhedsbillet defineret af DGWS standarden. DGWS står for Den Gode WebService og er en SOAP-webservice profil, der fastlægger standarder for autentifikation og kommunikation af fælles sundhedsfaglige
oplysninger mellem sundhedssektorens parter. Den gør det muligt at kommunikere personhenførbare sundhedsoplysninger på en sikker og fleksibel måde. Et medarbejder DGWS ID kort er angivet til at have sikkerhedsniveau 4 og det er signeret med et MOCES OCES3 certifikat.

I det følgende vises nogle stykker I det følgende vises nogle stykker kode der viser hvordan man som anvender skal bruge Seal.Java til denne omveksling.

Der findes et komplet eksempel (incl. STS omveksling) sidst på siden der virker uden at det kræver tilretning.

Eksempel

STS Request

Request som stream

Bootstrap Token

Læs OIOSAMLAssertion fra IdP

bla bla bla

Opbyg OIOSAMLAssertion

Seal.Java kan anvendes til at opbygge en OIOSAMLAssertion. Dette vil typisk ske i forbindelse med test.

så skal man starte med at sætte CredentialVault op og lave en instans af den factory der skal anvendesEn consumer vil typisk have et NSP OIO SAML Bootstrap Token som en stream der kan sendes direkte til en STS. Dette vil man selv kunne deserialisere hvis man vil se indholdet:

Code Block
// AnvenderCredentialVault harog etFactory CredentialVault XMLsigningVault dokument indeholdende NSP OIO SAML Bootstrap Token request: String consumerStsRequestXml = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" ... </soapenv:Envelope>"; Document requestDocument = XmlUtil.readXml(new Properties(), consumerStsRequestXml, false); OIOBootstrapToIdentityTokenRequest request = factory.createOIOBootstrapToIdentityTokenRequestModelBuilder().build(requestDocument);

Code Block

// AnvenderCredentialVault harog etFactory
CredentialVault XMLsigningVault dokument indeholdende NSP OIO SAML Bootstrap Token request:
String consumerStsRequestXml = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" ... </soapenv:Envelope>";

Document requestDocument = XmlUtil.readXml(new Properties(), consumerStsRequestXml, false);
OIOBootstrapToIdentityTokenRequest request = factory.createOIOBootstrapToIdentityTokenRequestModelBuilder().build(requestDocument);

Det er nu muligt at se indholdet af requestet.

Opbygge request til testformål

= CredentialVaultTestUtil.getVoces3CredentialVault();
CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();
OIOSAMLFactory factory = new OIOSAMLFactory();

STS Request

Request som stream

En consumer vil typisk have et NSP OIO SAML Bootstrap Token som en stream der kan sendes direkte til en STS. Dette vil man selv kunne deserialisere hvis man vil se indholdetNår en consumer vil anvende denne omveksling, så skal man starte med at sætte CredentialVault op og lave en instans af den factory der skal anvendes:

Code Block
// CredentialVault og Factory CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault(); CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault(); OIOSAMLFactory factory = new OIOSAMLFactory();

Code Block

// CredentialVault og Factory
CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();
OIOSAMLFactory factory = new OIOSAMLFactory();

Her efter kan man opbygge en signeret OIO SAML Assertion der skal medsendes i det samlede request:

 Anvender har et XML dokument indeholdende NSP OIO SAML Bootstrap Token request:
String consumerStsRequestXml = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" ... </soapenv:Envelope>";

Document requestDocument = XmlUtil.readXml(new Properties(), consumerStsRequestXml, false);
OIOBootstrapToIdentityTokenRequest request = factory.createOIOBootstrapToIdentityTokenRequestModelBuilder().build(requestDocument);

Det er nu muligt at se indholdet af requestet.

Opbygge request til testformål

Når en consumer vil anvende denne omveksling, så skal man starte med at sætte CredentialVault op og lave en instans af den factory der skal anvendes:

Her efter kan man opbygge en signeret OIO SAML Assertion der skal medsendes i det samlede request:

Code Block
// Byg OIOBSTSAMLAssertion OIO3BSTSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIO3BSTSAMLAssertionBuilder(); oiosamlAssertionBuilder.setIssuer("https://oio3bst-issuer.dk"); oiosamlAssertionBuilder.setNameId("
// Byg OIOBSTSAMLAssertion OIO3BSTSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIO3BSTSAMLAssertionBuilder(); oiosamlAssertionBuilder.setIssuer("https://oio3bst-issuer.dk"); oiosamlAssertionBuilder.setNameId("KorsbaekKommune\\MSK"); oiosamlAssertionBuilder.setAudience("http://fmk-online.dk"); oiosamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter); oiosamlAssertionBuilder.setCvr("20301823"); oiosamlAssertionBuilder.setOrganizationName("Korsbæk Kommune"); oiosamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKey.getSystemCredentialPair().getCertificate()); oiosamlAssertionBuilder.setSigningVault(signingVault); OIOBSTSAMLAssertion oiosamlAssertion = oiosamlAssertionBuilder.build();

Code Block

// Byg OIOBSTSAMLAssertion
OIO3BSTSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIO3BSTSAMLAssertionBuilder();
oiosamlAssertionBuilder.setIssuer("https://oio3bst-issuer.dk");
oiosamlAssertionBuilder.setNameId("

Code Block

// Byg OIOBSTSAMLAssertion
OIO3BSTSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIO3BSTSAMLAssertionBuilder();
oiosamlAssertionBuilder.setIssuer("https://oio3bst-issuer.dk");
oiosamlAssertionBuilder.setNameId("KorsbaekKommune\\MSK");
oiosamlAssertionBuilder.setAudience("http://fmk-online.dk");
oiosamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
oiosamlAssertionBuilder.setCvr("20301823");
oiosamlAssertionBuilder.setOrganizationName("Korsbæk Kommune");
oiosamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKey.getSystemCredentialPair().getCertificate());
oiosamlAssertionBuilder.setSigningVault(signingVault);
OIOBSTSAMLAssertion oiosamlAssertion = oiosamlAssertionBuilder.build();

...

Nu vil en STS kunne modtage det og veksle det til en NSP OIO IDWS sikkerhedsbillet. Eksempel på hvordan Seal.Java kan anvendes til denne omveksling findes her: Seal.Java - Guide til anvendere (STS) - Bootstrap Token til DGWS id-kort

STS Response

Når consumeren modtager svaret fra STS, så skal det først indlæses i et Document:

Code Block
// Konverter XML svaret fra STS til Document

...


consumerStsResponseDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsResponseXml, false);

Man kan nu deserialisere svaret til et OIOBSTSAMLAssertionToIDCardResponse modelobjekt:

Code Block
// Deserialiser STS svaret til modelobjekt OIOBSTSAMLAssertionToIDCardResponse consumerStsResponse = factory.createOIOBSTSAMLAssertionToIDCardResponseModelBuilder().build(consumerStsResponseDocument)

Her efter kan man hente ID kortet ud og verificere attributterne:

Code Block
// Hent Identity Token fra STS svar IDCard idCardResponse = consumerStsResponse.getIDCard(); // Verificer at det er et DGWS ID kort token samt at værdierne for de to attributter AuthenticationLevel og Alternative Identifier er som forventet: Assert.assertEquals("1.0.1", idCardResponse.getVersion()); Assert.assertEquals(AuthenticationLevel.MOCES_TRUSTED_USER, idCardResponse.getAuthenticationLevel()); Assert.assertEquals("hans@dampf.dk", idCardResponse.getAlternativeIdentifier());

Code Block

// Hent Identity Token fra STS svar
IDCard idCardResponse = consumerStsResponse.getIDCard();

// Verificer at det er et DGWS ID kort token samt at værdierne for de to attributter AuthenticationLevel og Alternative Identifier er som forventet:
Assert.assertEquals("1.0.1", idCardResponse.getVersion());
Assert.assertEquals(AuthenticationLevel.MOCES_TRUSTED_USER, idCardResponse.getAuthenticationLevel());
Assert.assertEquals("hans@dampf.dk", idCardResponse.getAlternativeIdentifier());

Service Request

Når vi har STS svaret kan service requestet opbygges:

Code Block
// CredentialVault og Factory CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault(); SOSIFactory sosiFactory = new SOSIFactory(signingVault, new java.util.Properties()); Request serviceConsumerRequest = sosiFactory.createNewRequest(false, UUID.randomUUID().toString()); serviceConsumerRequest.setMessageID(messageIdSupplier.get()); serviceConsumerRequest.setIDCard(userIDCard); serviceConsumerRequest.setBody(body); Document serviceConsumerRequestDocument = serviceConsumerRequest.serialize2DOMDocument();

Code Block

// CredentialVault og Factory
CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
SOSIFactory sosiFactory = new SOSIFactory(signingVault, new java.util.Properties());

Request serviceConsumerRequest = sosiFactory.createNewRequest(false, UUID.randomUUID().toString());
serviceConsumerRequest.setMessageID(messageIdSupplier.get());
serviceConsumerRequest.setIDCard(userIDCard);
serviceConsumerRequest.setBody(body);

Document serviceConsumerRequestDocument = serviceConsumerRequest.serialize2DOMDocument();

Det samlede request kommer til at se sådan ud, hvor body delen her er tom:

Code Block
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Envelope"> <soapenv:Header> <wsse:Security> <wsu:Timestamp> <wsu:Created>2025-08-11T12:21:17Z</wsu:Created> </wsu:Timestamp> <saml:Assertion IssueInstant="2025-08-11T12:16:17Z" Version="2.0" id="IDCard"

Code Block

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd"
    xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Envelope">
    <soapenv:Header>
        <wsse:Security>
            <wsu:Timestamp>
                <wsu:Created>2025-08-11T12:21:17Z</wsu:Created>
            </wsu:Timestamp>
            <saml:Assertion IssueInstant="2025-08-11T12:16:17Z" Version="2.0" id="IDCard"

Code Block
// Konverter XML svaret fra STS til Document consumerStsResponseDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsResponseXml, false);

Man kan nu deserialisere svaret til et OIOBSTSAMLAssertionToIDCardResponse modelobjekt:

Code Block
// Deserialiser STS svaret til modelobjekt OIOBSTSAMLAssertionToIDCardResponse consumerStsResponse = factory.createOIOBSTSAMLAssertionToIDCardResponseModelBuilder().build(consumerStsResponseDocument)

Her efter kan man hente ID kortet ud og verificere attributterne:

Code Block
// Hent Identity Token fra STS svar IDCard idCardResponse = consumerStsResponse.getIDCard(); // Verificer at det er et DGWS ID kort token samt at værdierne for de to attributter AuthenticationLevel og Alternative Identifier er som forventet: Assert.assertEquals("1.0.1", idCardResponse.getVersion()); Assert.assertEquals(AuthenticationLevel.MOCES_TRUSTED_USER, idCardResponse.getAuthenticationLevel()); Assert.assertEquals("hans@dampf.dk", idCardResponse.getAlternativeIdentifier());

Code Block

// Hent Identity Token fra STS svar
IDCard idCardResponse = consumerStsResponse.getIDCard();

// Verificer at det er et DGWS ID kort token samt at værdierne for de to attributter AuthenticationLevel og Alternative Identifier er som forventet:
Assert.assertEquals("1.0.1", idCardResponse.getVersion());
Assert.assertEquals(AuthenticationLevel.MOCES_TRUSTED_USER, idCardResponse.getAuthenticationLevel());
Assert.assertEquals("hans@dampf.dk", idCardResponse.getAlternativeIdentifier());

Service Request

Når vi har STS svaret kan service requestet opbygges:

Code Block
// CredentialVault og Factory CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault(); SOSIFactory sosiFactory = new SOSIFactory(signingVault, new java.util.Properties()); Request serviceConsumerRequest = sosiFactory.createNewRequest(false, UUID.randomUUID().toString()); serviceConsumerRequest.setMessageID(messageIdSupplier.get()); serviceConsumerRequest.setIDCard(userIDCard); serviceConsumerRequest.setBody(body); Document serviceConsumerRequestDocument = serviceConsumerRequest.serialize2DOMDocument();

Code Block

// CredentialVault og Factory
CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
SOSIFactory sosiFactory = new SOSIFactory(signingVault, new java.util.Properties());

Request serviceConsumerRequest = sosiFactory.createNewRequest(false, UUID.randomUUID().toString());
serviceConsumerRequest.setMessageID(messageIdSupplier.get());
serviceConsumerRequest.setIDCard(userIDCard);
serviceConsumerRequest.setBody(body);

Document serviceConsumerRequestDocument = serviceConsumerRequest.serialize2DOMDocument();

Det samlede request kommer til at se sådan ud, hvor body delen her er tom:

Code Block
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"<saml:Issuer>TEST1-NSP-STS</saml:Issuer> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Envelope"> <soapenv:Header> <saml:Subject> <saml:NameID Format="medcom:other">urn:uuid:53767053-0628-4176-b66f-0da3a0b6e868</saml:NameID> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod> <wsse<saml:Security>SubjectConfirmationData> <wsu:Timestamp> <wsu:Created>2025-08-11T12:21:17Z</wsu:Created> <ds:KeyInfo> </wsu:Timestamp> <saml:Assertion IssueInstant="2025-08-11T12:16:17Z" Version="2.0" id="IDCard" <ds:KeyName>OCESSignature</ds:KeyName> xmlns:ds="http://www.w3.org/2000/09/xmldsig#" </ds:KeyInfo> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> </saml:SubjectConfirmationData> <saml:Issuer>TEST1-NSP-STS<</saml:Issuer>SubjectConfirmation> <saml</saml:Subject> <saml:NameIDConditions FormatNotBefore="medcom:other">urn:uuid:53767053-0628-4176-b66f-0da3a0b6e868</saml:NameID>2025-08-11T12:16:17Z" <saml:SubjectConfirmation>NotOnOrAfter="2025-08-12T12:16:17Z" /> <saml:AttributeStatement id="IDCardData"> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod> <saml:Attribute Name="sosi:IDCardID"> <saml:SubjectConfirmationData>:AttributeValue>EIuKqjSeANgrk+jfO9wsTQ==</saml:AttributeValue> </saml:Attribute> <ds:KeyInfo> <saml:Attribute Name="sosi:IDCardVersion"> <ds:KeyName>OCESSignature</ds:KeyName> <saml:AttributeValue>1.0.1</saml:AttributeValue> </dssaml:KeyInfo>Attribute> <saml:Attribute Name="sosi:IDCardType"> </saml:SubjectConfirmationData> <<saml:AttributeValue>user</saml:SubjectConfirmation>AttributeValue> </saml:Subject>Attribute> <saml:ConditionsAttribute NotBeforeName="2025-08-11T12:16:17Z"sosi:AuthenticationLevel"> NotOnOrAfter="2025-08-12T12:16:17Z" /> <saml:AttributeValue>4</saml:AttributeValue> <saml:AttributeStatement id="IDCardData"> </saml:Attribute> <saml:Attribute Name="sosi:IDCardID"></saml:AttributeStatement> <saml:AttributeStat Request serviceConsumerRequest = <saml:AttributeValue>EIuKqjSeANgrk+jfO9wsTQ==</saml:AttributeValue> </saml:Attribute>sosiFactory.createNewRequest(false, UUID.randomUUID().toString()); serviceConsumerRequest.setMessageID(messageIdSupplier.get()); serviceConsumerRequest.setIDCard(userIDCard); serviceConsumerRequest.setBody(body); Document serviceConsumerRequestDocument = serviceConsumerRequest.serialize2DOMDocument(); ement id="UserLog"> <saml:Attribute Name="sosimedcom:IDCardVersionUserCivilRegistrationNumber"> <saml:AttributeValue>1.0.1<AttributeValue>1511800494</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="sosimedcom:IDCardTypeUserGivenName"> <saml:AttributeValue>user<AttributeValue>Margaret</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="sosimedcom:AuthenticationLevelUserSurName"> <saml:AttributeValue>4<AttributeValue>Hamilton</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement><saml:Attribute Name="medcom:UserRole"> <saml:AttributeValue>7170</saml:AttributeStat Request serviceConsumerRequest = sosiFactory.createNewRequest(false, UUID.randomUUID().toString()); serviceConsumerRequest.setMessageID(messageIdSupplier.get()); serviceConsumerRequest.setIDCard(userIDCard); serviceConsumerRequest.setBody(body); Document serviceConsumerRequestDocument = serviceConsumerRequest.serialize2DOMDocument(); ement id="UserLog">AttributeValue> </saml:Attribute> <saml:Attribute Name="medcom:UserCivilRegistrationNumber"> :UserAuthorizationCode"> <saml:AttributeValue>MJP84</saml:AttributeValue> </saml:Attribute> <saml:AttributeValue>1511800494< </saml:AttributeValue>AttributeStatement> </saml:Attribute><saml:AttributeStatement id="SystemLog"> <saml:Attribute Name="medcom:UserGivenNameITSystemName"> <saml:AttributeValue>Margaret<AttributeValue>Service Consumer Test</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="medcom:UserSurNameCareProviderID" NameFormat="medcom:cvrnumber"> <saml:AttributeValue>Hamilton<AttributeValue>33257872</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="medcom:UserRoleCareProviderName"> <saml:AttributeValue>7170<AttributeValue>Sundhedsdatastyrelsen</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <saml<ds:AttributeSignature Nameid="medcom:UserAuthorizationCodeOCESSignature"> <ds:SignedInfo> <saml:AttributeValue>MJP84</saml:AttributeValue> </saml<ds:Attribute>CanonicalizationMethod </saml:AttributeStatement> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <saml:AttributeStatement id="SystemLog"> <saml:Attribute Name="medcom:ITSystemName"<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <saml<ds:AttributeValue>Service Consumer Test</saml:AttributeValue>Reference URI="#IDCard"> </saml:Attribute> <ds:Transforms> <saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber"> <saml:AttributeValue>33257872</saml:AttributeValue> <ds:Transform </saml:Attribute> <saml:Attribute NameAlgorithm="medcom:CareProviderName"> http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <saml:AttributeValue>Sundhedsdatastyrelsen</saml:AttributeValue> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </saml:Attribute> </ds:Transforms> </saml:AttributeStatement> <ds:SignatureDigestMethod idAlgorithm="OCESSignature"http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:SignedInfo> <ds:DigestValue>0uO9vMgjBQnHjhYGnjm6mpiicL4=</ds:DigestValue> <ds:CanonicalizationMethod </ds:Reference> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:SignedInfo> <ds:SignatureValue> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> a2Gm/RDwDPYSyMDU1qod2UemInSBnjmqcRP3YkttWP4VptDtg7NVwRrTBZzT4L5dKBsg98eBWQOA7IyIGdUu69r8Puv18YcJfgbqpxcY8Re+kI5shCCcjOKcubtb4xpepPKlTBdEdlYed04xajk4q6+pi6tre6lfiFtAZqek97obKGgYEmiSpnSs6HdbeEX7DzBeHa6NCH3t+oi1sbrlw5kAxHdfln2au22qLU+a9tLGGINEdnVFgeICHUh3ibVv7N9hHS1UTcIcJDo3AlNoPstqBJYqe2ypZtPW8Ryt0N9Q/Ij23iM/CMAGZe4VLTVg42nltceUILyXIqqA6AEzNBATroXkYF2kgzrbQjSiTYbiyJO3jHf3wrhNraJhd0OYY7xH0xbDq99seoipq4b7Ju2+v9N5SR0v/5VW7q6wZ9hOYr5wSGPSING99RBWD3jXcCyUPFyfxp7yS3hUqliidy8XHyJSt/GyCNDdq2uyra1Y2bA58hDkOhFZalT9J6Uu</ds:SignatureValue> <ds:Reference URI="#IDCard"> <ds:KeyInfo> <ds:Transforms> <ds:X509Data> <ds:Transform <ds:X509Certificate> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />MIIGiDCCBLygAwIBAgIUR5IfpZdXnxp/UHxA0KWAcKzWcm4wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMzA1MTIxMTIzMDFaFw0yNjA1MTExMTIzMDBaMIGeMR0wGwYDVQQDDBRTT1NJIFRlc3QgRmVkZXJhdGlvbjE3MDUGA1UEBRMuVUk6REstTzpHOjU4ZjEwNDNkLTNkMmYtNGRlZC1hYjUwLTk0MGRiNDc3NmExODEeMBwGA1UECgwVU3VuZGhlZHNkYXRhc3R5cmVsc2VuMRcwFQYDVQRhDA5OVFJESy0zMzI1Nzg3MjELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCDqOcDXr2tsBXp3QqYpoZCyJAJQ4+rEtmOLJL/Qyol+5e2NyBOqIGdpXdcSI6hCTYEQu/67EDFRcO9yU6yD/u7xOcy+t3eCqx1ydOy20AZCdcKwRmxBzyQN5er+mBErG2+iprTWJdpwCw0mwjNt5edusm7Nwufk0AkN5nxvEEynwesTdTqgLzL99Jk1zdg0uokROg1s13CCvpenYks8+yXwgddO/36WmUn9V8N+1MIu+UpwsULB9zsNCU8qlDzlgg1u6nr8nnKTBBwT2mXl4xCOF2EEJF5lGUaJ+NOu/ljI2WN2pEUsiqpZPvsI14teJKucH4zCV2y7PhyCBacuti7rEZjuZ6ELeTiUvgs+TqqTFGn3dxCq6FOgz5z5N2ypPTPzg/ntBH0CqkjFn+loh5GIBcA8ff5AHNjqM3Ygu/u1p+BwszeGJLAwk0AUtp67aB4QBGuh73vWsaeERwg4Hc1HeNldv/I4iyMQFlp1qsZoAC6cApeoM6umihYcTfi7rMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQoPAINYQR2GfgN1KAQMauutePL6jAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQC31Dtgc8+hxB0v+/RL1N3SsyfIxKNVJBhkl2Rfihn700Or5E+0ETyP8mV8MadraDBDYbwMkd3TNOzuF6Ct8c4X5mv+XKr8m0eDPlh7I7mMZ5zzpVw5Co4Wiwwiv9Hb59P/c182FaSPAA1bpmko9AH+duPcquiQELoSRfqW23B2cejACd95XbyXQVFdbCdhyCGAexbJ4egChJsXPU2zAOXq1/pa5bNSmJMsJgqP36bTbA6r+mjv0FArkrL76W1kmchpj6F4tSuDaaJlUmKvmzzBomwhlQRr/vxZc0FOamnJ8is9wC49tOaEMUx2l2iSWZKXMh4C6LQC8hQsjiXnYsERAWgeqwzqtVE3iKaGhOv+W7ECKFndGjYM95bdVK8x9BymTrPun63BCiVGqhMzsEc2RkvbKgBpb7L+Ont0EAahwcTshBzfe0jhA2thWHNGFxXpNqI0ZaAo/NKJpHK3I0EACAB0/VjiQZ/inSKtPnof1/nQZ32QWX3ij0VkX2mE2Pw=</ds:X509Certificate> </ds:X509Data> </ds:Transforms>KeyInfo> </ds:Signature> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /></saml:Assertion> </wsse:Security> <medcom:Header> <ds<medcom:DigestValue>0uO9vMgjBQnHjhYGnjm6mpiicL4=<SecurityLevel>4</dsmedcom:DigestValue>SecurityLevel> <medcom:Linking> </ds:Reference> <medcom:FlowID>a42cae4b-b55a-4e5f-90c3-56ae8cd063b4</medcom:FlowID> <medcom:MessageID>52515936-695c-410c-8570-4ed141756a28</medcom:MessageID> </ds:SignedInfo> </medcom:Linking> <ds:SignatureValue><medcom:RequireNonRepudiationReceipt>no</medcom:RequireNonRepudiationReceipt> </medcom:Header> </soapenv:Header> <soapenv:Body> ... a2Gm/RDwDPYSyMDU1qod2UemInSBnjmqcRP3YkttWP4VptDtg7NVwRrTBZzT4L5dKBsg98eBWQOA7IyIGdUu69r8Puv18YcJfgbqpxcY8Re+kI5shCCcjOKcubtb4xpepPKlTBdEdlYed04xajk4q6+pi6tre6lfiFtAZqek97obKGgYEmiSpnSs6HdbeEX7DzBeHa6NCH3t+oi1sbrlw5kAxHdfln2au22qLU+a9tLGGINEdnVFgeICHUh3ibVv7N9hHS1UTcIcJDo3AlNoPstqBJYqe2ypZtPW8Ryt0N9Q/Ij23iM/CMAGZe4VLTVg42nltceUILyXIqqA6AEzNBATroXkYF2kgzrbQjSiTYbiyJO3jHf3wrhNraJhd0OYY7xH0xbDq99seoipq4b7Ju2+v9N5SR0v/5VW7q6wZ9hOYr5wSGPSING99RBWD3jXcCyUPFyfxp7yS3hUqliidy8XHyJSt/GyCNDdq2uyra1Y2bA58hDkOhFZalT9J6Uu</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUR5IfpZdXnxp/UHxA0KWAcKzWcm4wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMzA1MTIxMTIzMDFaFw0yNjA1MTExMTIzMDBaMIGeMR0wGwYDVQQDDBRTT1NJIFRlc3QgRmVkZXJhdGlvbjE3MDUGA1UEBRMuVUk6REstTzpHOjU4ZjEwNDNkLTNkMmYtNGRlZC1hYjUwLTk0MGRiNDc3NmExODEeMBwGA1UECgwVU3VuZGhlZHNkYXRhc3R5cmVsc2VuMRcwFQYDVQRhDA5OVFJESy0zMzI1Nzg3MjELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCDqOcDXr2tsBXp3QqYpoZCyJAJQ4+rEtmOLJL/Qyol+5e2NyBOqIGdpXdcSI6hCTYEQu/67EDFRcO9yU6yD/u7xOcy+t3eCqx1ydOy20AZCdcKwRmxBzyQN5er+mBErG2+iprTWJdpwCw0mwjNt5edusm7Nwufk0AkN5nxvEEynwesTdTqgLzL99Jk1zdg0uokROg1s13CCvpenYks8+yXwgddO/36WmUn9V8N+1MIu+UpwsULB9zsNCU8qlDzlgg1u6nr8nnKTBBwT2mXl4xCOF2EEJF5lGUaJ+NOu/ljI2WN2pEUsiqpZPvsI14teJKucH4zCV2y7PhyCBacuti7rEZjuZ6ELeTiUvgs+TqqTFGn3dxCq6FOgz5z5N2ypPTPzg/ntBH0CqkjFn+loh5GIBcA8ff5AHNjqM3Ygu/u1p+BwszeGJLAwk0AUtp67aB4QBGuh73vWsaeERwg4Hc1HeNldv/I4iyMQFlp1qsZoAC6cApeoM6umihYcTfi7rMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQoPAINYQR2GfgN1KAQMauutePL6jAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQC31Dtgc8+hxB0v+/RL1N3SsyfIxKNVJBhkl2Rfihn700Or5E+0ETyP8mV8MadraDBDYbwMkd3TNOzuF6Ct8c4X5mv+XKr8m0eDPlh7I7mMZ5zzpVw5Co4Wiwwiv9Hb59P/c182FaSPAA1bpmko9AH+duPcquiQELoSRfqW23B2cejACd95XbyXQVFdbCdhyCGAexbJ4egChJsXPU2zAOXq1/pa5bNSmJMsJgqP36bTbA6r+mjv0FArkrL76W1kmchpj6F4tSuDaaJlUmKvmzzBomwhlQRr/vxZc0FOamnJ8is9wC49tOaEMUx2l2iSWZKXMh4C6LQC8hQsjiXnYsERAWgeqwzqtVE3iKaGhOv+W7ECKFndGjYM95bdVK8x9BymTrPun63BCiVGqhMzsEc2RkvbKgBpb7L+Ont0EAahwcTshBzfe0jhA2thWHNGFxXpNqI0ZaAo/NKJpHK3I0EACAB0/VjiQZ/inSKtPnof1/nQZ32QWX3ij0VkX2mE2Pw=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </saml:Assertion> </wsse:Security> <medcom:Header> <medcom:SecurityLevel>4</medcom:SecurityLevel> <medcom:Linking> <medcom:FlowID>a42cae4b-b55a-4e5f-90c3-56ae8cd063b4</medcom:FlowID> <medcom:MessageID>52515936-695c-410c-8570-4ed141756a28</medcom:MessageID></soapenv:Body> </soapenv:Envelope>

Code Block

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:medcom="http://www.medcom.dk/dgws/2006/04/dgws-1.0.xsd/xmldsig#"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
    xmlns:sosi="http://www.sosi.dk/sosi/2006/04/sosi-1.0.xsd"
            xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Envelope">
    <soapenv:Header>
            <saml:Subject>
                    <saml:NameID Format="medcom:other">urn:uuid:53767053-0628-4176-b66f-0da3a0b6e868</saml:NameID>
                    <saml:SubjectConfirmation>
                        <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
                        <wsse<saml:Security>SubjectConfirmationData>
            <wsu:Timestamp>
                <wsu:Created>2025-08-11T12:21:17Z</wsu:Created>
<ds:KeyInfo>
               </wsu:Timestamp>
                <saml:Assertion IssueInstant="2025-08-11T12:16:17Z" Version="2.0" id="IDCard"
 <ds:KeyName>OCESSignature</ds:KeyName>
                            xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
</ds:KeyInfo>
                       xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
 </saml:SubjectConfirmationData>
                    <saml:Issuer>TEST1-NSP-STS<</saml:Issuer>SubjectConfirmation>
                <saml</saml:Subject>
                    <saml:NameIDConditions FormatNotBefore="medcom:other">urn:uuid:53767053-0628-4176-b66f-0da3a0b6e868</saml:NameID>2025-08-11T12:16:17Z"
                    <saml:SubjectConfirmation>NotOnOrAfter="2025-08-12T12:16:17Z" />
                <saml:AttributeStatement id="IDCardData">
              <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>      <saml:Attribute Name="sosi:IDCardID">
                        <saml:SubjectConfirmationData>:AttributeValue>EIuKqjSeANgrk+jfO9wsTQ==</saml:AttributeValue>
                    </saml:Attribute>
        <ds:KeyInfo>
            <saml:Attribute Name="sosi:IDCardVersion">
                   <ds:KeyName>OCESSignature</ds:KeyName>
      <saml:AttributeValue>1.0.1</saml:AttributeValue>
                       </dssaml:KeyInfo>Attribute>
                    <saml:Attribute Name="sosi:IDCardType">
   </saml:SubjectConfirmationData>
                     <<saml:AttributeValue>user</saml:SubjectConfirmation>AttributeValue>
                    </saml:Subject>Attribute>
                    <saml:ConditionsAttribute NotBeforeName="2025-08-11T12:16:17Z"sosi:AuthenticationLevel">
                    NotOnOrAfter="2025-08-12T12:16:17Z" />    <saml:AttributeValue>4</saml:AttributeValue>
                <saml:AttributeStatement id="IDCardData">
   </saml:Attribute>
                 <saml:Attribute Name="sosi:IDCardID"></saml:AttributeStatement>
                <saml:AttributeStat

Request serviceConsumerRequest =      <saml:AttributeValue>EIuKqjSeANgrk+jfO9wsTQ==</saml:AttributeValue>
                    </saml:Attribute>sosiFactory.createNewRequest(false, UUID.randomUUID().toString());
serviceConsumerRequest.setMessageID(messageIdSupplier.get());
serviceConsumerRequest.setIDCard(userIDCard);
serviceConsumerRequest.setBody(body);

Document serviceConsumerRequestDocument = serviceConsumerRequest.serialize2DOMDocument();
ement id="UserLog">
                    <saml:Attribute Name="sosimedcom:IDCardVersionUserCivilRegistrationNumber">
                        <saml:AttributeValue>1.0.1<AttributeValue>1511800494</saml:AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="sosimedcom:IDCardTypeUserGivenName">
                        <saml:AttributeValue>user<AttributeValue>Margaret</saml:AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="sosimedcom:AuthenticationLevelUserSurName">
                        <saml:AttributeValue>4<AttributeValue>Hamilton</saml:AttributeValue>
                    </saml:Attribute>
                    </saml:AttributeStatement><saml:Attribute Name="medcom:UserRole">
                        <saml:AttributeValue>7170</saml:AttributeStat

Request serviceConsumerRequest = sosiFactory.createNewRequest(false, UUID.randomUUID().toString());
serviceConsumerRequest.setMessageID(messageIdSupplier.get());
serviceConsumerRequest.setIDCard(userIDCard);
serviceConsumerRequest.setBody(body);

Document serviceConsumerRequestDocument = serviceConsumerRequest.serialize2DOMDocument();
ement id="UserLog">AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="medcom:UserCivilRegistrationNumber">
:UserAuthorizationCode">
                        <saml:AttributeValue>MJP84</saml:AttributeValue>
                    </saml:Attribute>
             <saml:AttributeValue>1511800494<   </saml:AttributeValue>AttributeStatement>
                    </saml:Attribute><saml:AttributeStatement id="SystemLog">
                    <saml:Attribute Name="medcom:UserGivenNameITSystemName">
                        <saml:AttributeValue>Margaret<AttributeValue>Service Consumer Test</saml:AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="medcom:UserSurNameCareProviderID" NameFormat="medcom:cvrnumber">
                        <saml:AttributeValue>Hamilton<AttributeValue>33257872</saml:AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="medcom:UserRoleCareProviderName">
                        <saml:AttributeValue>7170<AttributeValue>Sundhedsdatastyrelsen</saml:AttributeValue>
                    </saml:Attribute>
                </saml:AttributeStatement>
                <saml<ds:AttributeSignature Nameid="medcom:UserAuthorizationCodeOCESSignature">
                    <ds:SignedInfo>
    <saml:AttributeValue>MJP84</saml:AttributeValue>
                    </saml<ds:Attribute>CanonicalizationMethod
                </saml:AttributeStatement>
            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    <saml:AttributeStatement id="SystemLog">
                    <saml:Attribute Name="medcom:ITSystemName"<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                        <saml<ds:AttributeValue>Service Consumer Test</saml:AttributeValue>Reference URI="#IDCard">
                    </saml:Attribute>
        <ds:Transforms>
            <saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
                        <saml:AttributeValue>33257872</saml:AttributeValue>
     <ds:Transform
               </saml:Attribute>
                    <saml:Attribute NameAlgorithm="medcom:CareProviderName">
http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                              <saml:AttributeValue>Sundhedsdatastyrelsen</saml:AttributeValue>
   <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                     </saml:Attribute>
       </ds:Transforms>
            </saml:AttributeStatement>
                <ds:SignatureDigestMethod idAlgorithm="OCESSignature"http://www.w3.org/2000/09/xmldsig#sha1" />
                    <ds:SignedInfo>
        <ds:DigestValue>0uO9vMgjBQnHjhYGnjm6mpiicL4=</ds:DigestValue>
                <ds:CanonicalizationMethod
        </ds:Reference>
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      </ds:SignedInfo>
                    <ds:SignatureValue>
     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                 a2Gm/RDwDPYSyMDU1qod2UemInSBnjmqcRP3YkttWP4VptDtg7NVwRrTBZzT4L5dKBsg98eBWQOA7IyIGdUu69r8Puv18YcJfgbqpxcY8Re+kI5shCCcjOKcubtb4xpepPKlTBdEdlYed04xajk4q6+pi6tre6lfiFtAZqek97obKGgYEmiSpnSs6HdbeEX7DzBeHa6NCH3t+oi1sbrlw5kAxHdfln2au22qLU+a9tLGGINEdnVFgeICHUh3ibVv7N9hHS1UTcIcJDo3AlNoPstqBJYqe2ypZtPW8Ryt0N9Q/Ij23iM/CMAGZe4VLTVg42nltceUILyXIqqA6AEzNBATroXkYF2kgzrbQjSiTYbiyJO3jHf3wrhNraJhd0OYY7xH0xbDq99seoipq4b7Ju2+v9N5SR0v/5VW7q6wZ9hOYr5wSGPSING99RBWD3jXcCyUPFyfxp7yS3hUqliidy8XHyJSt/GyCNDdq2uyra1Y2bA58hDkOhFZalT9J6Uu</ds:SignatureValue>
       <ds:Reference URI="#IDCard">
            <ds:KeyInfo>
                <ds:Transforms>
        <ds:X509Data>
                        <ds:Transform
    <ds:X509Certificate>
                                Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />MIIGiDCCBLygAwIBAgIUR5IfpZdXnxp/UHxA0KWAcKzWcm4wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMzA1MTIxMTIzMDFaFw0yNjA1MTExMTIzMDBaMIGeMR0wGwYDVQQDDBRTT1NJIFRlc3QgRmVkZXJhdGlvbjE3MDUGA1UEBRMuVUk6REstTzpHOjU4ZjEwNDNkLTNkMmYtNGRlZC1hYjUwLTk0MGRiNDc3NmExODEeMBwGA1UECgwVU3VuZGhlZHNkYXRhc3R5cmVsc2VuMRcwFQYDVQRhDA5OVFJESy0zMzI1Nzg3MjELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCDqOcDXr2tsBXp3QqYpoZCyJAJQ4+rEtmOLJL/Qyol+5e2NyBOqIGdpXdcSI6hCTYEQu/67EDFRcO9yU6yD/u7xOcy+t3eCqx1ydOy20AZCdcKwRmxBzyQN5er+mBErG2+iprTWJdpwCw0mwjNt5edusm7Nwufk0AkN5nxvEEynwesTdTqgLzL99Jk1zdg0uokROg1s13CCvpenYks8+yXwgddO/36WmUn9V8N+1MIu+UpwsULB9zsNCU8qlDzlgg1u6nr8nnKTBBwT2mXl4xCOF2EEJF5lGUaJ+NOu/ljI2WN2pEUsiqpZPvsI14teJKucH4zCV2y7PhyCBacuti7rEZjuZ6ELeTiUvgs+TqqTFGn3dxCq6FOgz5z5N2ypPTPzg/ntBH0CqkjFn+loh5GIBcA8ff5AHNjqM3Ygu/u1p+BwszeGJLAwk0AUtp67aB4QBGuh73vWsaeERwg4Hc1HeNldv/I4iyMQFlp1qsZoAC6cApeoM6umihYcTfi7rMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQoPAINYQR2GfgN1KAQMauutePL6jAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQC31Dtgc8+hxB0v+/RL1N3SsyfIxKNVJBhkl2Rfihn700Or5E+0ETyP8mV8MadraDBDYbwMkd3TNOzuF6Ct8c4X5mv+XKr8m0eDPlh7I7mMZ5zzpVw5Co4Wiwwiv9Hb59P/c182FaSPAA1bpmko9AH+duPcquiQELoSRfqW23B2cejACd95XbyXQVFdbCdhyCGAexbJ4egChJsXPU2zAOXq1/pa5bNSmJMsJgqP36bTbA6r+mjv0FArkrL76W1kmchpj6F4tSuDaaJlUmKvmzzBomwhlQRr/vxZc0FOamnJ8is9wC49tOaEMUx2l2iSWZKXMh4C6LQC8hQsjiXnYsERAWgeqwzqtVE3iKaGhOv+W7ECKFndGjYM95bdVK8x9BymTrPun63BCiVGqhMzsEc2RkvbKgBpb7L+Ont0EAahwcTshBzfe0jhA2thWHNGFxXpNqI0ZaAo/NKJpHK3I0EACAB0/VjiQZ/inSKtPnof1/nQZ32QWX3ij0VkX2mE2Pw=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:Transforms>KeyInfo>
                </ds:Signature>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /></saml:Assertion>
        </wsse:Security>
        <medcom:Header>
            <ds<medcom:DigestValue>0uO9vMgjBQnHjhYGnjm6mpiicL4=<SecurityLevel>4</dsmedcom:DigestValue>SecurityLevel>
            <medcom:Linking>
             </ds:Reference>   <medcom:FlowID>a42cae4b-b55a-4e5f-90c3-56ae8cd063b4</medcom:FlowID>
                <medcom:MessageID>52515936-695c-410c-8570-4ed141756a28</medcom:MessageID>
    </ds:SignedInfo>
        </medcom:Linking>
            <ds:SignatureValue><medcom:RequireNonRepudiationReceipt>no</medcom:RequireNonRepudiationReceipt>
        </medcom:Header>
    </soapenv:Header>
    <soapenv:Body>
    ...
     a2Gm/RDwDPYSyMDU1qod2UemInSBnjmqcRP3YkttWP4VptDtg7NVwRrTBZzT4L5dKBsg98eBWQOA7IyIGdUu69r8Puv18YcJfgbqpxcY8Re+kI5shCCcjOKcubtb4xpepPKlTBdEdlYed04xajk4q6+pi6tre6lfiFtAZqek97obKGgYEmiSpnSs6HdbeEX7DzBeHa6NCH3t+oi1sbrlw5kAxHdfln2au22qLU+a9tLGGINEdnVFgeICHUh3ibVv7N9hHS1UTcIcJDo3AlNoPstqBJYqe2ypZtPW8Ryt0N9Q/Ij23iM/CMAGZe4VLTVg42nltceUILyXIqqA6AEzNBATroXkYF2kgzrbQjSiTYbiyJO3jHf3wrhNraJhd0OYY7xH0xbDq99seoipq4b7Ju2+v9N5SR0v/5VW7q6wZ9hOYr5wSGPSING99RBWD3jXcCyUPFyfxp7yS3hUqliidy8XHyJSt/GyCNDdq2uyra1Y2bA58hDkOhFZalT9J6Uu</ds:SignatureValue>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>
                                MIIGiDCCBLygAwIBAgIUR5IfpZdXnxp/UHxA0KWAcKzWcm4wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMzA1MTIxMTIzMDFaFw0yNjA1MTExMTIzMDBaMIGeMR0wGwYDVQQDDBRTT1NJIFRlc3QgRmVkZXJhdGlvbjE3MDUGA1UEBRMuVUk6REstTzpHOjU4ZjEwNDNkLTNkMmYtNGRlZC1hYjUwLTk0MGRiNDc3NmExODEeMBwGA1UECgwVU3VuZGhlZHNkYXRhc3R5cmVsc2VuMRcwFQYDVQRhDA5OVFJESy0zMzI1Nzg3MjELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCDqOcDXr2tsBXp3QqYpoZCyJAJQ4+rEtmOLJL/Qyol+5e2NyBOqIGdpXdcSI6hCTYEQu/67EDFRcO9yU6yD/u7xOcy+t3eCqx1ydOy20AZCdcKwRmxBzyQN5er+mBErG2+iprTWJdpwCw0mwjNt5edusm7Nwufk0AkN5nxvEEynwesTdTqgLzL99Jk1zdg0uokROg1s13CCvpenYks8+yXwgddO/36WmUn9V8N+1MIu+UpwsULB9zsNCU8qlDzlgg1u6nr8nnKTBBwT2mXl4xCOF2EEJF5lGUaJ+NOu/ljI2WN2pEUsiqpZPvsI14teJKucH4zCV2y7PhyCBacuti7rEZjuZ6ELeTiUvgs+TqqTFGn3dxCq6FOgz5z5N2ypPTPzg/ntBH0CqkjFn+loh5GIBcA8ff5AHNjqM3Ygu/u1p+BwszeGJLAwk0AUtp67aB4QBGuh73vWsaeERwg4Hc1HeNldv/I4iyMQFlp1qsZoAC6cApeoM6umihYcTfi7rMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQoPAINYQR2GfgN1KAQMauutePL6jAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQC31Dtgc8+hxB0v+/RL1N3SsyfIxKNVJBhkl2Rfihn700Or5E+0ETyP8mV8MadraDBDYbwMkd3TNOzuF6Ct8c4X5mv+XKr8m0eDPlh7I7mMZ5zzpVw5Co4Wiwwiv9Hb59P/c182FaSPAA1bpmko9AH+duPcquiQELoSRfqW23B2cejACd95XbyXQVFdbCdhyCGAexbJ4egChJsXPU2zAOXq1/pa5bNSmJMsJgqP36bTbA6r+mjv0FArkrL76W1kmchpj6F4tSuDaaJlUmKvmzzBomwhlQRr/vxZc0FOamnJ8is9wC49tOaEMUx2l2iSWZKXMh4C6LQC8hQsjiXnYsERAWgeqwzqtVE3iKaGhOv+W7ECKFndGjYM95bdVK8x9BymTrPun63BCiVGqhMzsEc2RkvbKgBpb7L+Ont0EAahwcTshBzfe0jhA2thWHNGFxXpNqI0ZaAo/NKJpHK3I0EACAB0/VjiQZ/inSKtPnof1/nQZ32QWX3ij0VkX2mE2Pw=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                </ds:Signature>
            </saml:Assertion>
        </wsse:Security>
        <medcom:Header>
            <medcom:SecurityLevel>4</medcom:SecurityLevel>
            <medcom:Linking>
                <medcom:FlowID>a42cae4b-b55a-4e5f-90c3-56ae8cd063b4</medcom:FlowID>
                <medcom:MessageID>52515936-695c-410c-8570-4ed141756a28</medcom:MessageID></soapenv:Body>
</soapenv:Envelope>

Bemærk man kan se det er et DGWS request ud fra SAML attributten "IDCardVersion" der har værdien "1.0.1".

Man kan også se det er et medarbejder ID kort ud fra SAML attributten "AuthenticationLevel" når den har værdien "4".

Service requestet kan nu sendes til servicen over netværket:

Code Block
// Konverter til XML så det kan sendes over netværket String serviceConsumerRequestXml = XmlUtil.node2String(serviceConsumerRequestDocument, false, true);

Service Response

Seal.Java kan nu benyttes til at validere det samlede response fra servicen. Ved kald til en DGWS service kan man vha. kald til Seal.Java tjekke om svaret indeholder en fejl og evt. fejlbesked og fejlkode.

Eksempel på dette hvor vi antager at vi har svaret som XML streng i variablen serviceConsumerResponseXml:

Code Block
// CredentialVault og Factory CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault(); SOSIFactory sosiFactory = new SOSIFactory(signingVault, new java.util.Properties()); Reply reply = sosiFactory.deserializeReply(serviceConsumerResponseXml); // Verify DGWS service response for errors if (reply.isFault()) { log.error("Response error: " + reply.getFaultString() + ", error code: " + reply.getFaultCode()); return false; } return true;

Code Block

// CredentialVault og Factory
CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
SOSIFactory sosiFactory = new SOSIFactory(signingVault, new java.util.Properties());

Reply reply = sosiFactory.deserializeReply(serviceConsumerResponseXml);

// Verify DGWS service response for errors
if (reply.isFault()) {
   log.error("Response error: " + reply.getFaultString() + ", error code: " + reply.getFaultCode());
   return false;
}
return true;

Komplet eksempel (incl. STS delen)

Code Block

collapse	true

public class TestFactoryFlow {

private static final String EXPECTED_AUTHORIZATIONCODE = "004PT";
    private static final String EXPECTED_CPR = "2702681273";
    private static final String EXPECTED_CVR = "20688092";
    private static final String EXPECTED_EMAIL = "jens@email.dk";
    private static final String EXPECTED_GIVENNAME = "Jens Sundbye";
    private static final String EXPECTED_ITSYSTEMNAME = "Harmoni/EMS";
    private static final String EXPECTED_OCCUPATION = "overlæge";
    private static final String EXPECTED_ORGANIZATION = "Lægehuset på bakken";
    private static final String EXPECTED_SURNAME = "Poulsen";
    private static final String EXPECTED_USEREDUCATIONCODE = "7170";

    private static final Date notOnOrAfter = d(10);

    @Test
    public void testBST2SOSI() {

        /**
         * Consumer sender </medcom:Linking>request
            <medcom:RequireNonRepudiationReceipt>no</medcom:RequireNonRepudiationReceipt>*/

        </medcom:Header>// CredentialVault og Factory
    </soapenv:Header>
    <soapenv:Body>
CredentialVault signingVault =  ...
    </soapenv:Body>
</soapenv:Envelope>

Bemærk man kan se det er et DGWS request ud fra SAML attributten "IDCardVersion" der har værdien "1.0.1".

Man kan også se det er et medarbejder ID kort ud fra SAML attributten "AuthenticationLevel" når den har værdien "4".

Service requestet kan nu sendes til servicen over netværket:

Code Block
// Konverter til XML så det kan sendes over netværket String serviceConsumerRequestXml = XmlUtil.node2String(serviceConsumerRequestDocument, false, true);

Service Response

Eksempel på dette hvor vi antager at vi har svaret som XML streng i variablen serviceConsumerResponseXml:

Code Block
// CredentialVault og Factory CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault(); SOSIFactory sosiFactory = new SOSIFactory(signingVault, new java.util.Properties()); Reply reply = sosiFactory.deserializeReply(serviceConsumerResponseXml); // Verify DGWS service response for errors if (reply.isFault()) { log.error("Response error: " + reply.getFaultString() + ", error code: " + reply.getFaultCode()); return false; } return true;

Code Block

// CredentialVault og Factory
CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
SOSIFactory sosiFactory = new SOSIFactory(signingVault, new java.util.Properties());

Reply reply = sosiFactory.deserializeReply(serviceConsumerResponseXml);

// Verify DGWS service response for errors
if (reply.isFault()) {
   log.error("Response error: " + reply.getFaultString() + ", error code: " + reply.getFaultCode());
   return false;
}
return true;

Komplet eksempel (incl. STS delen)

Code Block

collapse	true

public class TestFactoryFlow extends AbstractUserIDCardTest {

    @Test
    public void testBST2SOSI() {

CredentialVaultTestUtil.getMoces3CredentialVault();
        CredentialVault holderOfKey = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();
        OIOSAMLFactory factory = new OIOSAMLFactory();

        OIO3BSTSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIO3BSTSAMLAssertionBuilder();
        oiosamlAssertionBuilder.setIssuer("https://oio3bst-issuer.dk");
        oiosamlAssertionBuilder.setNameId("KorsbaekKommune\\MSK");
        oiosamlAssertionBuilder.setAudience("http://fmk-online.dk");
        oiosamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
        oiosamlAssertionBuilder.setCvr("20301823");
        oiosamlAssertionBuilder.setOrganizationName("Korsbæk Kommune");
        oiosamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKey.getSystemCredentialPair().getCertificate());
        oiosamlAssertionBuilder.setSigningVault(signingVault);
        OIOBSTSAMLAssertion oiosamlAssertion = oiosamlAssertionBuilder.build();

        OIOBSTSAMLAssertionToIDCardRequestDOMBuilder requestBuilder = factory.createOIOBSTSAMLAssertionToIDCardRequestDOMBuilder();
        /**requestBuilder.setAudience("http://fmk-online.dk");
         * Consumer sender requestrequestBuilder.setITSystemName("Korsbæk Kommunes IT systemer");
         */

requestBuilder.setSubjectNameID("Mads_Skjern");
        // CredentialVault og FactoryrequestBuilder.setSigningVault(signingVault);
        CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault(requestBuilder.setOIOBSTSAMLAssertion(oiosamlAssertion);

        CredentialVaultDocument holderOfKeyconsumerStsRequestDocument = CredentialVaultTestUtilrequestBuilder.getVocesHolderOfKeyCredentialVaultbuild();

        OIOSAMLFactory factory = new OIOSAMLFactory();

/**
         * OIO3BSTSAMLAssertionBuilderSend oiosamlAssertionBuilderrequest = factory.createOIO3BSTSAMLAssertionBuilder();over netværk
        oiosamlAssertionBuilder.setIssuer("https://oio3bst-issuer.dk");
 */
        String consumerStsRequestXml = oiosamlAssertionBuilderXmlUtil.setNameId("KorsbaekKommune\\MSK"node2String(consumerStsRequestDocument, false, false);
        oiosamlAssertionBuilder.setAudience("http://fmk-online.dk");
        oiosamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
consumerStsRequestDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsRequestXml, false);

        oiosamlAssertionBuilder.setCvr("20301823");/**
        oiosamlAssertionBuilder.setOrganizationName("Korsbæk Kommune");
 *  STS modtager  request
   oiosamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKey.getSystemCredentialPair().getCertificate());
        oiosamlAssertionBuilder.setSigningVault(signingVault);*/
        OIOBSTSAMLAssertionOIOBSTSAMLAssertionToIDCardRequest oiosamlAssertionstsRequest = oiosamlAssertionBuilderfactory.createOIOBSTSAMLAssertionToIDCardRequestModelBuilder().build(consumerStsRequestDocument);


        // Her vil OIOBSTSAMLAssertionToIDCardRequestDOMBuilderSTS'en requestBuilderverificere =ID factorykortet.createOIOBSTSAMLAssertionToIDCardRequestDOMBuilder();
 I dette eksempel verificeres følgende   requestBuilder.setAudience("http://fmk-online.dk");tre attributter:
        requestBuilder.setITSystemName("Korsbæk Kommunes IT systemer"OIOBSTSAMLAssertion oiobstsamlAssertion = stsRequest.getOIOBSTSAMLAssertion();
        requestBuilderAssert.setSubjectNameIDassertEquals("Mads_Skjern");
        requestBuilder.setSigningVault(signingVaultOIO-SAML-3.0", oiobstsamlAssertion.getSpecVersion());
        requestBuilder.setOIOBSTSAMLAssertion(oiosamlAssertion);
Assert.assertEquals("20301823", oiobstsamlAssertion.getCvrNumberIdentifier());
        Document consumerStsRequestDocument = requestBuilder.build()Assert.assertEquals("http://fmk-online.dk", oiobstsamlAssertion.getAudienceRestriction());

        /**
         * Send requestSTS overbygger netværkresponse
         */
        String consumerStsRequestXmlUserIDCard uidc = createUserIDCard(signingVault);

        OIOBSTSAMLAssertionToIDCardResponseDOMBuilder responseBuilder = XmlUtilfactory.node2String(consumerStsRequestDocument, false, falsecreateOIOBSTSAMLAssertionToIDCardResponseDOMBuilder();
        consumerStsRequestDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsRequestXml, falseresponseBuilder.setAudienceRestriction("http://fmk-online.dk");

        /**responseBuilder.setIDCard(uidc);
         *responseBuilder.setSigningVault(signingVault);
      STS modtager request
  responseBuilder.setContext("context");
        */responseBuilder.setRelatesTo("relatesTo");

        OIOBSTSAMLAssertionToIDCardRequestDocument stsRequestconsumerStsResponseDocument = factoryresponseBuilder.createOIOBSTSAMLAssertionToIDCardRequestModelBuilder().build(consumerStsRequestDocument);

        //**
 Her vil STS'en verificere ID kortet. I dette eksempel verificeres* følgende treSend attributter:
response        OIOBSTSAMLAssertion oiobstsamlAssertion = stsRequest.getOIOBSTSAMLAssertion();
    over netværk
    Assert.assertEquals("OIO-SAML-3.0", oiobstsamlAssertion.getSpecVersion());     */
        Assert.assertEquals("20301823", oiobstsamlAssertion.getCvrNumberIdentifier()String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);
        consumerStsResponseDocument = AssertXmlUtil.assertEquals("http://fmk-online.dk", oiobstsamlAssertion.getAudienceRestriction()readXml(new java.util.Properties(), consumerStsResponseXml, false);

        /**
         *  STSConsumer byggermodtager response
         */
        UserIDCardOIOBSTSAMLAssertionToIDCardResponse uidcconsumerStsResponse = createUserIDCard(factory.createOIOBSTSAMLAssertionToIDCardResponseModelBuilder().build(consumerStsResponseDocument);

        OIOBSTSAMLAssertionToIDCardResponseDOMBuilderIDCard responseBuilderidCardResponse = factoryconsumerStsResponse.createOIOBSTSAMLAssertionToIDCardResponseDOMBuildergetIDCard();
        responseBuilderAssert.setAudienceRestrictionassertEquals("http://fmk-online.dk");
1.0.1", idCardResponse.getVersion());
         responseBuilder.setIDCard(uidcAssert.assertEquals(AuthenticationLevel.MOCES_TRUSTED_USER, idCardResponse.getAuthenticationLevel());
        responseBuilderAssert.setSigningVault(signingVault);
        responseBuilder.setContext("context"assertEquals("hans@dampf.dk", idCardResponse.getAlternativeIdentifier());
    }

    responseBuilder.setRelatesTo("relatesTo");
private UserIDCard createUserIDCard(CredentialVault signingVault) {
        DocumentSOSIFactory consumerStsResponseDocumentfactory = responseBuilder.build new SOSIFactory(signingVault, new java.util.Properties());

        /**
CareProvider careProvider = new CareProvider(NameSpaces.NS_MEDCOM + ":cvrnumber", EXPECTED_CVR, EXPECTED_ORGANIZATION);
    *  Send response overUserInfo netværk
userInfo = new UserInfo(EXPECTED_CPR, EXPECTED_GIVENNAME, EXPECTED_SURNAME, EXPECTED_EMAIL, EXPECTED_OCCUPATION,  */EXPECTED_USEREDUCATIONCODE, EXPECTED_AUTHORIZATIONCODE);
        StringUserIDCard consumerStsResponseXmlidcard = XmlUtilfactory.node2String(consumerStsResponseDocument, false, falsecreateNewUserIDCard(EXPECTED_ITSYSTEMNAME, userInfo, careProvider, AuthenticationLevel.MOCES_TRUSTED_USER, null, null, null, "hans@dampf.dk");
        consumerStsResponseDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsResponseXml, false);
return new UserIDCard(idcard, "newIssuer");
    }

    /**
private static Date d(int minutesFromNow) {
    *  Consumer modtager response
long l = minutesFromNow * 60L    */* 1000L;
        OIOBSTSAMLAssertionToIDCardResponse consumerStsResponse = factory.createOIOBSTSAMLAssertionToIDCardResponseModelBuilder().build(consumerStsResponseDocumentreturn d(l);

    }

    IDCardprivate idCardResponsestatic =Date consumerStsResponse.getIDCard();
d(long milliSecondsFromNow) {
         Assert.assertEquals("1.0.1", idCardResponse.getVersion())Calendar now = Calendar.getInstance();
        Assertnow.assertEqualsset(AuthenticationLevel.MOCES_TRUSTED_USER, idCardResponse.getAuthenticationLevel());
Calendar.MILLISECOND, 0);

         Assert.assertEquals("hans@dampf.dk", idCardResponse.getAlternativeIdentifier()return new Date(now.getTimeInMillis() + milliSecondsFromNow);
    }


}

Content

Space Tools

Versions Compared

Old Version 11

New Version 12

Key

Eksempel

STS Request

Request som stream

Bootstrap Token

Læs OIOSAMLAssertion fra IdP

Opbyg OIOSAMLAssertion

Opbygge request til testformål

STS Request

Request som stream

Opbygge request til testformål

STS Response

Service Request

Service Request

Service Response

Komplet eksempel (incl. STS delen)

Service Response

Komplet eksempel (incl. STS delen)