Edit profile

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Denne omveksling kan modtage et JSON Web Token og omveksle det til en en NSP OIO IDWS sikkerhedsbillet.

...

Code Block
// CredentialVault og Factory CredentialVault signingVault = new ClasspathCredentialVault(null, "Filnavn på PKCS#12 Medarbejdercertifikat", "Kodeord til Medarbejdercertifikat"); CredentialVault holderOfKeyVault = new ClasspathCredentialVault(null, "Filnavn på PKCS#12 Holder of key certifikat", "Kodeord til Holder of key certifikat"); OIOSAMLFactory factory = new OIOSAMLFactory();

Code Block

// CredentialVault og Factory
CredentialVault signingVault = new ClasspathCredentialVault(null, "Filnavn på PKCS#12 Medarbejdercertifikat", "Kodeord til Medarbejdercertifikat");
CredentialVault holderOfKeyVault = new ClasspathCredentialVault(null, "Filnavn på PKCS#12 Holder of key certifikat", "Kodeord til Holder of key certifikat");
OIOSAMLFactory factory = new OIOSAMLFactory();

Et signeret JWT Token (JTP-H profil) opbygges vha. Seal.Java på denne måde:

Code Block

STS Request

STS Response

Service Request

...

String audience = "http://audience.nspoop.dk/dds";

String sub = "urn:dk:healthcare:eid:uuid:global:person:594f7fc0-30cf-4b83-8521-4d3f810b3107";
String acr = "https://data.gov.dk/concept/core/nsis/loa/Substantial";
String cpr = "1111901113";

JwtBuilder builder = Jwts.builder();
String jtph = builder.header()
                .keyId("test_foces3_2027")
                .and().claims()
                .issuer("http://sts-tester")
                .id(UUID.randomUUID().toString())
                .audience().add(audience).and()
                .issuedAt(notBefore)
                .expiration(notOnOrAfter)
                .subject(sub)
                .add("scope", "clear sosi-sts ignoredScope")
                .add("system_name", "MyTestSystem")
                .add("auth_time", String.valueOf(notBefore))
                .add("acr", acr)
                .add("iss-policy", "urn:dk:sundhed:oidc:policy_strict")
                .add("cpr", cpr)
                .add("cpr_uuid", "594f7fc0-30cf-4b83-8521-4d3f810b3107")
                .add("over_15", "true")
                .and().signWith(SignatureAlgorithm.RS256, signingVault.getSystemCredentialPair().getPrivateKey())
                .compact();

STS Request

Det samlede STS request med et JWT Token (JTP-H profil) opbygges på denne måde.

Code Block
// JTW Token (JTP-H profil) findes i denne variabel: String jtph = .... JWTToIdentityTokenRequestDOMBuilder requestBuilder = factory.createJWTToIdentityTokenRequestDOMBuilder(); requestBuilder.setCPRNumberClaim(cpr); requestBuilder.setJWTToken(jtph); requestBuilder.setSigningVault(signingVault); requestBuilder.setAudience(audience); Document consumerStsRequestDocument = requestBuilder.build();

Code Block

// JTW Token (JTP-H profil) findes i denne variabel:
String jtph = ....

JWTToIdentityTokenRequestDOMBuilder requestBuilder = factory.createJWTToIdentityTokenRequestDOMBuilder();

requestBuilder.setCPRNumberClaim(cpr);
requestBuilder.setJWTToken(jtph);
requestBuilder.setSigningVault(signingVault);
requestBuilder.setAudience(audience);

Document consumerStsRequestDocument = requestBuilder.build();

Når requestet sendes over netværket skal det konverteres til XML:

Code Block
String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false);

Nu vil en STS kunne modtage det og veksle det til et NSP OIO IDWS Identity Token. Eksempel på hvordan Seal.Java kan anvendes til denne omveksling findes her: Seal.Java - Guide til anvendere (STS) - JSON Web token (JWT) til OIO IDWS token

Request som stream

En consumer vil typisk have et JWT Token som en stream der kan sendes direkte til en STS. Dette vil man selv kunne deserialisere hvis man vil se indholdet:

Code Block
// Anvender har et XML dokument indeholdende JSON Web Token request: String consumerStsRequestXml = "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" ... <soapenv:Body wsu:Id="body"> <wst:RequestSecurityToken Context="urn:uuid:2fe494b3-7e86-4b34-8bb5-172869244234"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst14:ActAs> <wsse:BinarySecurityToken ValueType="urn:ietf:params:oauth:token-type:jwt"> eyJraWQiOiJ0ZXN0X2ZvY2VzM18yMDI3IiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vc3RzLXRlc3RlciIsImp0aSI6IjkyN2U0NTA2LTk1ZDAtNDg1Zi1hNGUzLTcyNDNkMTBiMmZjMiIsImF1ZCI6WyJodHRwOi8vYXVkaWVuY2UubnNwb29wLmRrL2RkcyJdLCJpYXQiOjE3NTkzMDM1NTQsImV4cCI6MTc1OTMwNDc1NCwic3ViIjoidXJuOmRrOmhlYWx0aGNhcmU6ZWlkOnV1aWQ6Z2xvYmFsOnBlcnNvbjo1OTRmN2ZjMC0zMGNmLTRiODMtODUyMS00ZDNmODEwYjMxMDciLCJzY29wZSI6ImNsZWFyIHNvc2ktc3RzIGlnbm9yZWRTY29wZSIsInN5c3RlbV9uYW1lIjoiTXlUZXN0U3lzdGVtIiwiYXV0aF90aW1lIjoiV2VkIE9jdCAwMSAwOToyNTo1NCBDRVNUIDIwMjUiLCJhY3IiOiJodHRwczovL2RhdGEuZ292LmRrL2NvbmNlcHQvY29yZS9uc2lzL2xvYS9TdWJzdGFudGlhbCIsImlzcy1wb2xpY3kiOiJ1cm46ZGs6c3VuZGhlZDpvaWRjOnBvbGljeV9zdHJpY3QiLCJjcHIiOiIxMTExOTAxMTEzIiwiY3ByX3V1aWQiOiI1OTRmN2ZjMC0zMGNmLTRiODMtODUyMS00ZDNmODEwYjMxMDciLCJvdmVyXzE1IjoidHJ1ZSJ9.sZSfXzLyzxM_63T1ZGTExV47_ggvIN49aKvQI0af-98ZcVBb01I3N7MeRI3ZTf9NkfSMw3B8gFBMqB1Qoy3EDwfFzObvMNakcdDcRL0Dw-Eolg5XApNxrgxzny5fRSeU41zZtPhdGoXTc61yzeIAusmGDx6ZURePy0pE_ScatcGQAx5tFte-RV307NZcO4Smhpxj5EwhjTdOJG-Iz_ngxiJ9Ns8aEmmoYGXe6Zellpj464Eay9kxG0xdcL0KnieHsxyYxuYEpXmZU56d2bixxhlB5-lzZXTP64QUnkVfPtTS-4sXF6YdQ7CDh9xTbYP4PrHLg_YKr8owmRopLgIs2KUASROFw9qHqTmJNihZ3YeUr8DNUvd2O7C_bdFoJ1X3ffukU9i6lSsdW0kuq3frcTJdJAlQx-PaQaAX4ii0GZosTkOI2Fwx_DCSXcyfUAZJm0ug4QJVucbZ0QqG4GhXdiYgyqJc4Y2-FIpmKxWqAthRzJ1Oywg1KHAMiPfocp8L</wsse:BinarySecurityToken> </wst14:ActAs> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>http://audience.nspoop.dk/dds</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims"> <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier"> <auth:Value>1111901113</auth:Value> </auth:ClaimType> </wst:Claims> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope>" Document requestDocument = XmlUtil.readXml(new Properties(), consumerStsRequestXml, false); JWTToIdentityTokenRequest stsRequest = factory.createJWTToIdentityTokenRequestModelBuilder().build(requestDocument);

Code Block

// Anvender har et XML dokument indeholdende JSON Web Token request:
String consumerStsRequestXml = "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                                ...
                                   <soapenv:Body wsu:Id="body">
                                      <wst:RequestSecurityToken Context="urn:uuid:2fe494b3-7e86-4b34-8bb5-172869244234">
                                         <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
                                         <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
                                         <wst14:ActAs>
                                               <wsse:BinarySecurityToken ValueType="urn:ietf:params:oauth:token-type:jwt">             eyJraWQiOiJ0ZXN0X2ZvY2VzM18yMDI3IiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vc3RzLXRlc3RlciIsImp0aSI6IjkyN2U0NTA2LTk1ZDAtNDg1Zi1hNGUzLTcyNDNkMTBiMmZjMiIsImF1ZCI6WyJodHRwOi8vYXVkaWVuY2UubnNwb29wLmRrL2RkcyJdLCJpYXQiOjE3NTkzMDM1NTQsImV4cCI6MTc1OTMwNDc1NCwic3ViIjoidXJuOmRrOmhlYWx0aGNhcmU6ZWlkOnV1aWQ6Z2xvYmFsOnBlcnNvbjo1OTRmN2ZjMC0zMGNmLTRiODMtODUyMS00ZDNmODEwYjMxMDciLCJzY29wZSI6ImNsZWFyIHNvc2ktc3RzIGlnbm9yZWRTY29wZSIsInN5c3RlbV9uYW1lIjoiTXlUZXN0U3lzdGVtIiwiYXV0aF90aW1lIjoiV2VkIE9jdCAwMSAwOToyNTo1NCBDRVNUIDIwMjUiLCJhY3IiOiJodHRwczovL2RhdGEuZ292LmRrL2NvbmNlcHQvY29yZS9uc2lzL2xvYS9TdWJzdGFudGlhbCIsImlzcy1wb2xpY3kiOiJ1cm46ZGs6c3VuZGhlZDpvaWRjOnBvbGljeV9zdHJpY3QiLCJjcHIiOiIxMTExOTAxMTEzIiwiY3ByX3V1aWQiOiI1OTRmN2ZjMC0zMGNmLTRiODMtODUyMS00ZDNmODEwYjMxMDciLCJvdmVyXzE1IjoidHJ1ZSJ9.sZSfXzLyzxM_63T1ZGTExV47_ggvIN49aKvQI0af-98ZcVBb01I3N7MeRI3ZTf9NkfSMw3B8gFBMqB1Qoy3EDwfFzObvMNakcdDcRL0Dw-Eolg5XApNxrgxzny5fRSeU41zZtPhdGoXTc61yzeIAusmGDx6ZURePy0pE_ScatcGQAx5tFte-RV307NZcO4Smhpxj5EwhjTdOJG-Iz_ngxiJ9Ns8aEmmoYGXe6Zellpj464Eay9kxG0xdcL0KnieHsxyYxuYEpXmZU56d2bixxhlB5-lzZXTP64QUnkVfPtTS-4sXF6YdQ7CDh9xTbYP4PrHLg_YKr8owmRopLgIs2KUASROFw9qHqTmJNihZ3YeUr8DNUvd2O7C_bdFoJ1X3ffukU9i6lSsdW0kuq3frcTJdJAlQx-PaQaAX4ii0GZosTkOI2Fwx_DCSXcyfUAZJm0ug4QJVucbZ0QqG4GhXdiYgyqJc4Y2-FIpmKxWqAthRzJ1Oywg1KHAMiPfocp8L</wsse:BinarySecurityToken>
                                         </wst14:ActAs>
                                         <wsp:AppliesTo>
                                            <wsa:EndpointReference>
                                               <wsa:Address>http://audience.nspoop.dk/dds</wsa:Address>
                                            </wsa:EndpointReference>
                                         </wsp:AppliesTo>
                                         <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
                                            <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier">
                                               <auth:Value>1111901113</auth:Value>
                                            </auth:ClaimType>
                                         </wst:Claims>
                                      </wst:RequestSecurityToken>
                                   </soapenv:Body>
                                </soapenv:Envelope>"

Document requestDocument = XmlUtil.readXml(new Properties(), consumerStsRequestXml, false);
JWTToIdentityTokenRequest stsRequest = factory.createJWTToIdentityTokenRequestModelBuilder().build(requestDocument);

Værdien af BinarySecurityToken indeholder JWT Token og indholdet af det kan ses vha. https://www.jwt.io/.

STS Response

Når consumeren modtager svaret fra STS, så skal det først indlæses i et W3C Document:

Code Block
// Konverter XML svaret fra STS til Document Document consumerStsResponseDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsResponseXml, false);

Man kan nu deserialisere svaret til et JWTToIdentityTokenResponse modelobjekt:

Code Block
// Deserialiser STS svaret til modelobjekt JWTToIdentityTokenResponse consumerStsResponse = factory.createJWTToIdentityTokenResponseModelBuilder().build(consumerStsResponseDocument);

Her efter kan man hente NSP IDWS Identity Token ud og verificere attributterne:

Code Block
// Hent Identity Token fra STS svar IdentityToken identityTokenResponse = consumerStsResponse.getIdentityToken(); // Verificer at det er et IDWS Identity Token samt at værdierne for de to attributter AudienceRestriction og Cpr er som forventet: Assert.assertEquals("DK-SAML-2.0", identityTokenResponse.getSpecVersion()); Assert.assertEquals("http://audience.nspoop.dk/dds", identityTokenResponse.getAudienceRestriction()); Assert.assertEquals(cpr, identityTokenResponse.getCpr());

Code Block

// Hent Identity Token fra STS svar
IdentityToken identityTokenResponse = consumerStsResponse.getIdentityToken();

// Verificer at det er et IDWS Identity Token samt at værdierne for de to attributter AudienceRestriction og Cpr er som forventet:
Assert.assertEquals("DK-SAML-2.0", identityTokenResponse.getSpecVersion());
Assert.assertEquals("http://audience.nspoop.dk/dds", identityTokenResponse.getAudienceRestriction());
Assert.assertEquals(cpr, identityTokenResponse.getCpr());

Service Request

Når vi har STS svaret kan service requestet opbygges:

Code Block
// Factory OIOSAMLFactory factory = new OIOSAMLFactory(); // Identity Token findes her: IdentityToken identityTokenResponse = ...; // serviceConsumerRequestDocument er et W3C Document indeholdende body-delen og den er ikke relevant her. LibertyRequestDOMEnhancer enhancer = factory.createRequestDOMEnhancer(serviceConsumerRequestDocument); enhancer.setIdentityToken(identityTokenResponse); enhancer.setWSAddressingMessageID(messageIdSupplier.get()); enhancer.setWSAddressingAction(soapAction); enhancer.enhanceAndSign();

Code Block

// Factory
OIOSAMLFactory factory = new OIOSAMLFactory();

// Identity Token findes her:
IdentityToken identityTokenResponse = ...;

// serviceConsumerRequestDocument er et W3C Document indeholdende body-delen og den er ikke relevant her.
LibertyRequestDOMEnhancer enhancer = factory.createRequestDOMEnhancer(serviceConsumerRequestDocument);

enhancer.setIdentityToken(identityTokenResponse);
enhancer.setWSAddressingMessageID(messageIdSupplier.get());
enhancer.setWSAddressingAction(soapAction);
enhancer.enhanceAndSign();

Det samlede request kommer til at se sådan ud, hvor body delen her er tom:

Code Block
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:sbf="urn:liberty:sb" xmlns:sbfprofile="urn:liberty:sb:profile" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2025-10-01T08:22:32Z</wsu:Created> </wsu:Timestamp> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_e4a54ff4-105c-4182-9774-4b19cb874694" IssueInstant="2025-10-01T08:15:08Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml:Issuer>TEST1-NSP-STS</saml:Issuer> <ds:Signature Id="OCESSignature"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#_e4a54ff4-105c-4182-9774-4b19cb874694"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>t4wqMk/MRNJ1xydWLiqKNpBlmHc=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> NqvsqcfcxsvnupApj+gwHgQ7eQWA5puAqvk4FCFOedhfpu6Pd9vMlEW6NSEXBsOBHGQnHgcgRyWGXdPOggjSVuF21h4LcP2QTZ+IVyQEnKANInqmZ9pvVtYowA9yGZizRRAvdVDizcrb/vBfPozrqfGE0hoVeGWJgs9CycOZgNWibRR/0wv+VLHaLF5ihnuv1FJHkC+gS5M0bNL/3547fB9U5Kjj3ViV/I2pH5gB3kh9nZSmyDtB5+XndNioQgH4nx86rjSVIU4JuTsRUTMBtEkA7T5IRuD6etjaz2TRxDLOURxDA7SakVzi3bEowrMi9Pq8qJ5NxIxaYUzIYNHxYkzj8Ora26bNOH7YMI38s2N6D8ZXQHunQ1wzZwKbSafftASRU+wDHYb0IlTuswgCbXb9vSRYU357ZnEBWDsRiK9EpH1tpGspS3CcKMEbq7akeLr+gFhtFoPbGMZRiH0QxRi3Tkys0robLF+4UBawA/JAfNy8TmofD6gJhg50iJzO</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUR5IfpZdXnxp/UHxA0KWAcKzWcm4wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMzA1MTIxMTIzMDFaFw0yNjA1MTExMTIzMDBaMIGeMR0wGwYDVQQDDBRTT1NJIFRlc3QgRmVkZXJhdGlvbjE3MDUGA1UEBRMuVUk6REstTzpHOjU4ZjEwNDNkLTNkMmYtNGRlZC1hYjUwLTk0MGRiNDc3NmExODEeMBwGA1UECgwVU3VuZGhlZHNkYXRhc3R5cmVsc2VuMRcwFQYDVQRhDA5OVFJESy0zMzI1Nzg3MjELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCDqOcDXr2tsBXp3QqYpoZCyJAJQ4+rEtmOLJL/Qyol+5e2NyBOqIGdpXdcSI6hCTYEQu/67EDFRcO9yU6yD/u7xOcy+t3eCqx1ydOy20AZCdcKwRmxBzyQN5er+mBErG2+iprTWJdpwCw0mwjNt5edusm7Nwufk0AkN5nxvEEynwesTdTqgLzL99Jk1zdg0uokROg1s13CCvpenYks8+yXwgddO/36WmUn9V8N+1MIu+UpwsULB9zsNCU8qlDzlgg1u6nr8nnKTBBwT2mXl4xCOF2EEJF5lGUaJ+NOu/ljI2WN2pEUsiqpZPvsI14teJKucH4zCV2y7PhyCBacuti7rEZjuZ6ELeTiUvgs+TqqTFGn3dxCq6FOgz5z5N2ypPTPzg/ntBH0CqkjFn+loh5GIBcA8ff5AHNjqM3Ygu/u1p+BwszeGJLAwk0AUtp67aB4QBGuh73vWsaeERwg4Hc1HeNldv/I4iyMQFlp1qsZoAC6cApeoM6umihYcTfi7rMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQoPAINYQR2GfgN1KAQMauutePL6jAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQC31Dtgc8+hxB0v+/RL1N3SsyfIxKNVJBhkl2Rfihn700Or5E+0ETyP8mV8MadraDBDYbwMkd3TNOzuF6Ct8c4X5mv+XKr8m0eDPlh7I7mMZ5zzpVw5Co4Wiwwiv9Hb59P/c182FaSPAA1bpmko9AH+duPcquiQELoSRfqW23B2cejACd95XbyXQVFdbCdhyCGAexbJ4egChJsXPU2zAOXq1/pa5bNSmJMsJgqP36bTbA6r+mjv0FArkrL76W1kmchpj6F4tSuDaaJlUmKvmzzBomwhlQRr/vxZc0FOamnJ8is9wC49tOaEMUx2l2iSWZKXMh4C6LQC8hQsjiXnYsERAWgeqwzqtVE3iKaGhOv+W7ECKFndGjYM95bdVK8x9BymTrPun63BCiVGqhMzsEc2RkvbKgBpb7L+Ont0EAahwcTshBzfe0jhA2thWHNGFxXpNqI0ZaAo/NKJpHK3I0EACAB0/VjiQZ/inSKtPnof1/nQZ32QWX3ij0VkX2mE2Pw=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> dk:gov:saml:attribute:CprNumberIdentifier:0311800590</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData NotOnOrAfter="2025-10-01T09:05:08Z" Recipient="https://fsk"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2025-10-01T08:10:08Z" NotOnOrAfter="2025-10-01T09:05:08Z"> <saml:AudienceRestriction> <saml:Audience>https://fsk</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AttributeStatement> <saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">0311800590</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> <wsse:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" wsu:Id="str"> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID"> _e4a54ff4-105c-4182-9774-4b19cb874694</wsse:KeyIdentifier> </wsse:SecurityTokenReference> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>yk1iAXsw+8ZSLDSlnTBOEJEM+Gc=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>sTpOwvgImpB/toJAiVXXKeqJsO0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#str"> <ds:Transforms> <ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"> <wsse:TransformationParameters> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </wsse:TransformationParameters> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>7zf4yqsN62tK01yUYc/CQ3M6SDE=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>bJqALBV6n3SdL2q4IUc4OcTY4rY=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>EPsXDrW02TuinvrWfcD9St3Tprc=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#sbf"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>DrMuEoWp7Uik1KTUOuvtisxvpXA=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> jDGK+H6wI66iDjACIvk7t8H/kuYuhvQyOHOveKMRSnjx2GiRiu3Op/apOuN20rlXO4SPdIqEVq5+4k0T01ME/YKm+lMr/+WX4laiq3A8nTOXGW/WxcAdpAifAExPcv0P3CSSrJEIDe+99J8rIG+5jYmNJwYRx2JLl4vKiCwOLkpFQDyNy6msP1timt7e0UG9RWu7tg6gxsMk11RfIQcKiqsqFwWappfc2iBvYZ6TCp7nfn2AWWKkcyU9w6KPex+EU4AsIwxmFMgVrnZ4C2hXF6nXQ60/YJBLAfcX8cWQLtjpb0uu8AIe/5rylrd+GBm6ds0qmFe6gsrJlAfGaL25zoYih36eRakpMX0qq+gppMdzLjXP6WxokG1VLs9z1rNrZw4mPiGQf48znFYlHIxlkbMm8RYFboKMCzELtWxlJzU7AE5ZGPtTOPUv+lWp3p1KPC/eMzyMYYToL4ntPcjF7A3OuGMQdUo9sQuAG54g4oLEOIzO08JM08hugBrlpH97</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" wsu:Id="sigStr"> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID"> _e4a54ff4-105c-4182-9774-4b19cb874694</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:MessageID wsu:Id="messageID">d3a32a85-63d2-4e53-8067-3ce144b83180</wsa:MessageID> <wsa:Action wsu:Id="action"> http://sundhedsdatastyrelsen.dk/fsk/2019/08/01#GetPersonalDataCard</wsa:Action> <sbf:Framework sbfprofile:profile="urn:liberty:sb:profile:basic" version="2.0" wsu:Id="sbf" /> </soapenv:Header> <soapenv:Body wsu:Id="body"> ... </soapenv:Body> </soapenv:Envelope>

Code Block

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:sbf="urn:liberty:sb" xmlns:sbfprofile="urn:liberty:sb:profile"
    xmlns:wsa="http://www.w3.org/2005/08/addressing"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Header>
        <wsse:Security mustUnderstand="1" wsu:Id="security">
            <wsu:Timestamp wsu:Id="ts">
                <wsu:Created>2025-10-01T08:22:32Z</wsu:Created>
            </wsu:Timestamp>
            <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
                ID="_e4a54ff4-105c-4182-9774-4b19cb874694" IssueInstant="2025-10-01T08:15:08Z"
                Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <saml:Issuer>TEST1-NSP-STS</saml:Issuer>
                <ds:Signature Id="OCESSignature">
                    <ds:SignedInfo>
                        <ds:CanonicalizationMethod
                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                        <ds:Reference URI="#_e4a54ff4-105c-4182-9774-4b19cb874694">
                            <ds:Transforms>
                                <ds:Transform
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <ds:DigestValue>t4wqMk/MRNJ1xydWLiqKNpBlmHc=</ds:DigestValue>
                        </ds:Reference>
                    </ds:SignedInfo>
                    <ds:SignatureValue>
                        NqvsqcfcxsvnupApj+gwHgQ7eQWA5puAqvk4FCFOedhfpu6Pd9vMlEW6NSEXBsOBHGQnHgcgRyWGXdPOggjSVuF21h4LcP2QTZ+IVyQEnKANInqmZ9pvVtYowA9yGZizRRAvdVDizcrb/vBfPozrqfGE0hoVeGWJgs9CycOZgNWibRR/0wv+VLHaLF5ihnuv1FJHkC+gS5M0bNL/3547fB9U5Kjj3ViV/I2pH5gB3kh9nZSmyDtB5+XndNioQgH4nx86rjSVIU4JuTsRUTMBtEkA7T5IRuD6etjaz2TRxDLOURxDA7SakVzi3bEowrMi9Pq8qJ5NxIxaYUzIYNHxYkzj8Ora26bNOH7YMI38s2N6D8ZXQHunQ1wzZwKbSafftASRU+wDHYb0IlTuswgCbXb9vSRYU357ZnEBWDsRiK9EpH1tpGspS3CcKMEbq7akeLr+gFhtFoPbGMZRiH0QxRi3Tkys0robLF+4UBawA/JAfNy8TmofD6gJhg50iJzO</ds:SignatureValue>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>
                                MIIGiDCCBLygAwIBAgIUR5IfpZdXnxp/UHxA0KWAcKzWcm4wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMzA1MTIxMTIzMDFaFw0yNjA1MTExMTIzMDBaMIGeMR0wGwYDVQQDDBRTT1NJIFRlc3QgRmVkZXJhdGlvbjE3MDUGA1UEBRMuVUk6REstTzpHOjU4ZjEwNDNkLTNkMmYtNGRlZC1hYjUwLTk0MGRiNDc3NmExODEeMBwGA1UECgwVU3VuZGhlZHNkYXRhc3R5cmVsc2VuMRcwFQYDVQRhDA5OVFJESy0zMzI1Nzg3MjELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCDqOcDXr2tsBXp3QqYpoZCyJAJQ4+rEtmOLJL/Qyol+5e2NyBOqIGdpXdcSI6hCTYEQu/67EDFRcO9yU6yD/u7xOcy+t3eCqx1ydOy20AZCdcKwRmxBzyQN5er+mBErG2+iprTWJdpwCw0mwjNt5edusm7Nwufk0AkN5nxvEEynwesTdTqgLzL99Jk1zdg0uokROg1s13CCvpenYks8+yXwgddO/36WmUn9V8N+1MIu+UpwsULB9zsNCU8qlDzlgg1u6nr8nnKTBBwT2mXl4xCOF2EEJF5lGUaJ+NOu/ljI2WN2pEUsiqpZPvsI14teJKucH4zCV2y7PhyCBacuti7rEZjuZ6ELeTiUvgs+TqqTFGn3dxCq6FOgz5z5N2ypPTPzg/ntBH0CqkjFn+loh5GIBcA8ff5AHNjqM3Ygu/u1p+BwszeGJLAwk0AUtp67aB4QBGuh73vWsaeERwg4Hc1HeNldv/I4iyMQFlp1qsZoAC6cApeoM6umihYcTfi7rMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQoPAINYQR2GfgN1KAQMauutePL6jAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQC31Dtgc8+hxB0v+/RL1N3SsyfIxKNVJBhkl2Rfihn700Or5E+0ETyP8mV8MadraDBDYbwMkd3TNOzuF6Ct8c4X5mv+XKr8m0eDPlh7I7mMZ5zzpVw5Co4Wiwwiv9Hb59P/c182FaSPAA1bpmko9AH+duPcquiQELoSRfqW23B2cejACd95XbyXQVFdbCdhyCGAexbJ4egChJsXPU2zAOXq1/pa5bNSmJMsJgqP36bTbA6r+mjv0FArkrL76W1kmchpj6F4tSuDaaJlUmKvmzzBomwhlQRr/vxZc0FOamnJ8is9wC49tOaEMUx2l2iSWZKXMh4C6LQC8hQsjiXnYsERAWgeqwzqtVE3iKaGhOv+W7ECKFndGjYM95bdVK8x9BymTrPun63BCiVGqhMzsEc2RkvbKgBpb7L+Ont0EAahwcTshBzfe0jhA2thWHNGFxXpNqI0ZaAo/NKJpHK3I0EACAB0/VjiQZ/inSKtPnof1/nQZ32QWX3ij0VkX2mE2Pw=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                </ds:Signature>
                <saml:Subject>
                    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
                        dk:gov:saml:attribute:CprNumberIdentifier:0311800590</saml:NameID>
                    <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                        <saml:SubjectConfirmationData NotOnOrAfter="2025-10-01T09:05:08Z"
                            Recipient="https://fsk">
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>
                                        MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                        </saml:SubjectConfirmationData>
                    </saml:SubjectConfirmation>
                </saml:Subject>
                <saml:Conditions NotBefore="2025-10-01T08:10:08Z"
                    NotOnOrAfter="2025-10-01T09:05:08Z">
                    <saml:AudienceRestriction>
                        <saml:Audience>https://fsk</saml:Audience>
                    </saml:AudienceRestriction>
                </saml:Conditions>
                <saml:AttributeStatement>
                    <saml:Attribute Name="dk:gov:saml:attribute:SpecVer"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                        <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                        <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                        <saml:AttributeValue xsi:type="xs:string">0311800590</saml:AttributeValue>
                    </saml:Attribute>
                </saml:AttributeStatement>
            </saml:Assertion>
            <wsse:SecurityTokenReference
                xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd"
                wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
                wsu:Id="str">
                <wsse:KeyIdentifier
                    ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">
                    _e4a54ff4-105c-4182-9774-4b19cb874694</wsse:KeyIdentifier>
            </wsse:SecurityTokenReference>
            <ds:Signature>
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <ds:Reference URI="#body">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>yk1iAXsw+8ZSLDSlnTBOEJEM+Gc=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#ts">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>sTpOwvgImpB/toJAiVXXKeqJsO0=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#str">
                        <ds:Transforms>
                            <ds:Transform
                                Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
                                <wsse:TransformationParameters>
                                    <ds:CanonicalizationMethod
                                        Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                                </wsse:TransformationParameters>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>7zf4yqsN62tK01yUYc/CQ3M6SDE=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#messageID">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>bJqALBV6n3SdL2q4IUc4OcTY4rY=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#action">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>EPsXDrW02TuinvrWfcD9St3Tprc=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#sbf">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>DrMuEoWp7Uik1KTUOuvtisxvpXA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>
                    jDGK+H6wI66iDjACIvk7t8H/kuYuhvQyOHOveKMRSnjx2GiRiu3Op/apOuN20rlXO4SPdIqEVq5+4k0T01ME/YKm+lMr/+WX4laiq3A8nTOXGW/WxcAdpAifAExPcv0P3CSSrJEIDe+99J8rIG+5jYmNJwYRx2JLl4vKiCwOLkpFQDyNy6msP1timt7e0UG9RWu7tg6gxsMk11RfIQcKiqsqFwWappfc2iBvYZ6TCp7nfn2AWWKkcyU9w6KPex+EU4AsIwxmFMgVrnZ4C2hXF6nXQ60/YJBLAfcX8cWQLtjpb0uu8AIe/5rylrd+GBm6ds0qmFe6gsrJlAfGaL25zoYih36eRakpMX0qq+gppMdzLjXP6WxokG1VLs9z1rNrZw4mPiGQf48znFYlHIxlkbMm8RYFboKMCzELtWxlJzU7AE5ZGPtTOPUv+lWp3p1KPC/eMzyMYYToL4ntPcjF7A3OuGMQdUo9sQuAG54g4oLEOIzO08JM08hugBrlpH97</ds:SignatureValue>
                <ds:KeyInfo>
                    <wsse:SecurityTokenReference
                        xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd"
                        wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
                        wsu:Id="sigStr">
                        <wsse:KeyIdentifier
                            ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">
                            _e4a54ff4-105c-4182-9774-4b19cb874694</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
        <wsa:MessageID wsu:Id="messageID">d3a32a85-63d2-4e53-8067-3ce144b83180</wsa:MessageID>
        <wsa:Action wsu:Id="action">
            http://sundhedsdatastyrelsen.dk/fsk/2019/08/01#GetPersonalDataCard</wsa:Action>
        <sbf:Framework sbfprofile:profile="urn:liberty:sb:profile:basic" version="2.0" wsu:Id="sbf" />
    </soapenv:Header>
    <soapenv:Body wsu:Id="body">
        ...
    </soapenv:Body>
</soapenv:Envelope>

Service Response

Seal.Java kan nu benyttes til at validere det samlede response fra servicen. Ved kald til en IDWS service kan man vha. kald til Seal.Java tjekke om svaret indeholder en fejl og evt. fejlbesked og fejlkode.

Eksempel på dette hvor vi antager at vi har svaret som et Document i variablen serviceConsumerResponseDocument:

Code Block
Federation federation = new SOSITestFederation(new Properties()); OIOBootstrapToIdentityTokenResponse response = new OIOBootstrapToIdentityTokenResponseModelBuilder().build(serviceConsumerResponseDocument); // Verify IDWS service response for errors if (response.isFault()) { log.error("Response error: " + response.getFaultString() + ", error code: " + response.getFaultCode()); return false; } // Validate IDWS service response try { response.validateSignature(); response.validateSignatureAndTrust(federation); } catch (ModelBuildException e) { log.error("Validation error: " + e.getMessage()); return false; } return true;

Code Block

Federation federation = new SOSITestFederation(new Properties());

OIOBootstrapToIdentityTokenResponse response = new OIOBootstrapToIdentityTokenResponseModelBuilder().build(serviceConsumerResponseDocument);

// Verify IDWS service response for errors
if (response.isFault()) {
   log.error("Response error: " + response.getFaultString() + ", error code: " + response.getFaultCode());
   return false;
}

// Validate IDWS service response
try {
   response.validateSignature();
   response.validateSignatureAndTrust(federation);
} catch (ModelBuildException e) {
   log.error("Validation error: " + e.getMessage());
   return false;
}

return true;

Komplet eksempel (incl. STS delen)

...

Content

Space Tools

Versions Compared

Old Version 7

New Version 8

Key

STS Request

STS Response

Service Request

STS Request

Request som stream

STS Response

Service Request

Service Response

Komplet eksempel (incl. STS delen)