Versions Compared

Old Version 11

changes.mady.by.user Thomas Stougaard Lange

Saved on

compared with

New Version Current

changes.mady.by.user Thomas Kilden Nielsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduktion

Formål med dokumentet

Formålet med dette dokument er at give en detaljeret beskrivelse af de konkrete services, der udbydes af STS i forbindelse med anvendelsesområdet Borgeromvekslinger.

Læsevejledning

Dokumentet henvender sig primært til udviklere, der skal i gang med at anvende de konkrete borgervekslingssnitflader udbudt af STS.

Dokumentet bygger i høj grad på den overordnede STS - Guide til anvendere, som giver et overblik over STS og leverer i denne sammenhæng et mere dybdegående teknisk beskrivelse af de services i STS, der ligger i anvendelsesområdet borgeromvekslinger.

Overblik over services og anvendelse

Som beskrevet i STS - Guide til anvendere, så findes der i STS følgende services indenfor anvendelsesområdet borger:

/sts/services/Bst2Idws
Niveau 5

Omveksler OIO Saml bootstrap token til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring.

Typen af bootstrap token kan enten være OIO3BST_CITIZEN, OIO2BST_CITIZEN eller OIO2BST_LEGACY.

Bemærk, at bootstrap token skal være signeret af troværdig tredjepart (fx SEB IdP, NemLog-in IdP eller NemLog-in STS).

/sts/services/JWT2Idws
Niveau 5

Ombytter JSON Web token (JWT) til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring.

Bemærk, at JWT tokenet skal være signeret af troværdig tredjepart (pt. en

OID connector

OpenID Connect provider)

/sts/services/JWT2OIOSaml
Niveau 5

Omveksler JSON Web token (JWT) til OIO Saml sikkerhedsbillet rettet mod et specifikt audience, f.eks. forløbsplaner.dk.

Billetten er krypteret og er tænkt benyttet til sikker-browseropstart (SBO)

Bemærk, at JWT tokenet skal være signeret af troværdig tredjepart (pt. en

OID connector

OpenID Connect provider)

 



De to services Bst2Idws og JWT2Idws minder om hinanden i opbygning af requests, understøttede claims og valideringer. Disse beskrives derfor under et i afsnittet om claims og valideringer. JWT2OIOSaml beskrives for sig selv.

 BST tokens

Bst2Idws servicen tager imod 3 typer af BST tokens. For hver token udsteder (issuer), konfigureres token typen i tabellen sts_audconf.trustedIdpCitizenConfiguration.

Nedenfor ses en oversigt over de 3 tokens og deres attributter.

...

Attribut

...

OIO2BST

...

OIO2BST-LEGACY

...

OIO3BST

...

Issuer (IdP/STS der har udstedt tokenet)

...

Ja

...

Ja

...

Ja

...

LoA (Sikringsniveau/AssuranceLevel angivet som NSIS- eller NIST-niveau) 

...

Ja (NIST)

...

Ja (NIST)

...

Ja (NSIS)

...

PID

...

Nej

...

Ja

...

Nej

...

CPR

...

Ja

...

Nej

...

Ja

...

Common Name (CN)

...

Nej

...

Nej (per 14/6)

...

Nej

...

Audience/scope

...

’SOSI-STS’

...

’NL STS’

...

’SOSI-STS’

Claims og valideringer for veksling til IDWS tokens (Bst2Idws og JWT2Idws)

I forhold til berigelse af det udstedte IDWS token er der mulighed for at medsende følgende claims til:

  • dk:gov:saml:attribute:CprNumberIdentifier: Obligatorisk (for bst2idws) angivelse af brugerens CPR nummer.
  • dk:healthcare:saml:attribute:OnBehalfOf: Optionel angivelse af et CPR nummer på en anden borger, som man ønsker at agere udfra fuldmagtstildelinger som.

Udover claims, skal der i forespørgslen angives et audience (som beskriver hvilken service det udstedte IDWS token skal bruges til). I NSP sammenhæng opereres der med følgende audiences:

  • https://audience.nspop.dk/dds: Dokumentdelingsservicen
  • https://audience.nspop.dk/minspaerring: MinSpærring
  • https://audience.nspop.dk/minlog: MinLog2
  • https://fmk: FMK

Der bliver desuden valideret at borgerens alder opfylder kravet for den minimale alder der er konfigureret i STS'en for borgeromvekslinger.

I eksemplerne nedenfor vises der eksempler på vekslinger af bootstraptoken til Idws og JWT til Idws. I eksemplet med bootstraptoken er der ydermere vist eksempler på anvendelsen af claims til både CPR for den kaldende bruger samt fuldmagt.

Service Endpoints

Afhængig af miljø udstilles tjenesten på:

http://<sts-host>:<port>/sts/services/Bst2Idws

http://<sts-host>:<port>/sts/services/JWT2Idws
http://<sts-host>:<port>/sts/services/JWT2OIOSaml

Eksempler på requests

I det følgende gives eksempler på følgende typer af requests:

  • Omveksling af borger bootstrap token til IDWS token (med angivelse af anden borgers CPR nummer for fuldmagtstildelinger)
  • Omveksling af borger JWT til IDWS token: Mangler for nuværende
  • Omveksling af borger JWT til OIO Saml Token: Mangler for nuværende

Omveksling af borger bootstrap token til IDWS token

Her vises eksempler på requests til servicen Bst2IDWS. Bemærk både claim 'dk:gov:saml:attribute:CprNumberIdentifier' i forhold til borgerens eget CPR nummer med claims i forhold til anden borgers CPR nummer.

OIO3BST_CITIZEN - udstedes (på sigt) af NemLog-in STS

Request

Code Block
languagexml
title(Borgeromveksling) BST2IDWS Request til STS
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  xmlns:wsa="http://www.w3.org/2005/08/addressing"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
  xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802"
  xmlns:wsu

Claims og valideringer for veksling til IDWS tokens

I forhold til berigelse af det udstedte IDWS token er der mulighed for at medsende følgende claims til:

  • dk:gov:saml:attribute:CprNumberIdentifier: Brugerens CPR nummer. Dette kan valideres af STS vha OCES service til validering af PID-CPR (PID står i bootstraptokenet)
  • dk:healthcare:saml:attribute:OnBehalfOf: Optionel angivelse af et CPR nummer på en anden borger, som man ønsker at agere udfra fuldmagtstildelinger som.

Udover claims, skal der i forespørgslen defineres et audience (som beskriver hvilken service det udstedte IDWS token skal bruges til). I NSP sammenhæng opereres der med følgende audiences:

  • https://audience.nspop.dk/dds: Dokumentdelingsservicen
  • https://audience.nspop.dk/minspaerring: MinSpærring
  • https://audience.nspop.dk/minlog: MinLog2
  • https://fmk: FMK

I eksemplerne neden vises der eksempler på vekslinger af bootstraptoken til Idws og JWT til Idws. I eksemplet med bootstraptoken er der ydermere vist eksempler på anvendelsen af claims til både CPR for den kaldende bruger samt fuldmagt.

Snitfladebeskrivelser

Afhængig af miljø udstilles tjenesten på:

...

http://<sts-host>:<port>/sts/services/Bst2Idws

...

Eksempler på requests

I det følgende gives eksempler på følgende typer af requests:

  • Omveksling af borger bootstrap token (OIO2BST-LEGACY) til IDWS token (med angivelse af anden borgers CPR nummer for fuldmagtstildelinger)
    • OIO2BST assertion
    • OIO3BST assertion
  • Omveksling af borger JWT til IDWS token: Mangler for nuværende
  • Omveksling af borger JWT til OIO Saml Token: Mangler for nuværende

Eksempel: Omveksling af borger bootstrap token til IDWS token

I dette eksempel vises eksempel på request til servicen Bst2IDWS med en OIO2BST-LEGACY token. Bemærk både claim 'dk:gov:saml:attribute:CprNumberIdentifier' i forhold til borgerens eget CPR nummer med claims i forhold til anden borgers CPR nummer.

Code Block
languagexml
title(Borgeromveksling) BST2IDWS Request til STS
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfedwss/2004/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <soapenv:Header>
    <wsse:Security mustUnderstand="1" wsu:Id="security">
      <wsu:Timestamp wsu:Id="ts">
        <wsu:Created>2023-12-28T10:57:48Z</wsu:Created>
      </wsu:Timestamp>
      <ds:Signature>
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/20052001/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse10/xml-exc-c14n#" />
          <ds:SignatureMethod Algorithm="http://docswww.oasis-openw3.org/wss2000/200409/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14xmldsig#rsa-sha1" />
          <ds:Reference URI="#body">
            <ds:Transforms>
              <ds:Transform Algorithm="http://docswww.oasis-openw3.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <soapenv:Header>
    <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
    <wsa:MessageID wsu:Id="messageID">urn:uuid:3b222db7-5922-477c-b815-4ea35cba6574</wsa:MessageID>
    <wsse:Security mustUnderstand="1" wsu:Id="security">
      <wsu:Timestamp wsu:Id="ts">
2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>fCllw3Lagb/vujh2A3HIuRC8WFg=</ds:DigestValue>
          </ds:Reference>
          <wsu:Created>2020-12-07T09:04:30Z</wsu:Created><ds:Reference URI="#ts">
      </wsu:Timestamp>
      <ds:Signature>Transforms>
        <ds:SignedInfo>
          <ds:CanonicalizationMethodTransform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:SignatureMethodDigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1xmldsig#sha1" />
            <ds:DigestValue>IiN77aYXPnvGOCphzQ1GrEAscc0=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#messageID">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>qy1OEXC66wBsvGKipiai5kbgtVUDigestValue>8J2ljhLBY8bo4rMRuVW2x1/c/sQ=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#action">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
  <ds:Reference URI="#ts">
            <ds:Transforms>SignatureValue>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
    eCvtUXg+AeOiC/WMSK3/ew6M5ux79l14dZnn3Qql/Ygoxk64Rhsv0EQtpeO6n0LozT5diuH2HUOzE8TH0roqbcUnayPrRiqT0ONTCTETsWrmAQyAurrxcnofye8kUlDGSHXt72QQvnj1+1QSiMOrqeegHRa3YQV/Rd++0NIvQwdeX6HN+JHw1Tj7Y2UniUk7a7f6azyGhrv2DGj7E3a+nlHtfQWIZyAkFPniTRCgfTInBMMGi/HEevzCMt4YR9/1SEpcPWBbCnIPxqeWDy8TVMCGu2yKC/OH+q3kYDGEyhjovKYiaVXVeu2J3fZcPw1qtALrv6bxWHkI8SKQPM9yi6pz3FQwfI0PmWouBoS4BXnN35CKotpHYmswPxS3uG3Cn+gPxnGYH1TutO5wVCWYEXUrnyclj4ORXkRiGKGZxqrCcssDj3BgBCw0fZuIEQXGEsPzRPvO+t+huTmOOy9rKFljZ8i1qSsxEla+zENxxTcYDGuqpND1p9bt0gHfKg2E</ds:SignatureValue>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>KeyInfo>
            <ds:DigestValue>7U5J5GxULihSf9aMnTKZIBML9Rc=</ds:DigestValue>
X509Data>
            </ds<ds:Reference>X509Certificate>
          <ds:Reference URI="#body">
    MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
          <ds</ds:Transforms>X509Data>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:KeyInfo>
           </ds:Transforms>Signature>
    </wsse:Security>
        <ds:DigestMethod Algorithm="http<wsa:Action wsu:Id="action">http://wwwdocs.w3oasis-open.org/2000/09/xmldsig#sha1"/>/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
            <ds:DigestValue>pQiXI/9WJDEelRO2N9GJiUop5lE=</ds:DigestValue>
          </ds:Reference><wsa:MessageID wsu:Id="messageID">urn:uuid:1cf8e82e-5741-4bb9-a831-f0f89c83578a</wsa:MessageID>
  </soapenv:Header>
  <soapenv:Body wsu:Id="body">
    <wst:RequestSecurityToken Context="urn:uuid:cf8a55b7-9d5f-4fce-aced-7769c4ca2de2">
        </ds:SignedInfo><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
        <ds:SignatureValue>WBwK3D7bMq8Dm6ns6eJmIPICAoa92+fRWGzoKbDcKwSNkdTlRBBnw3okSHPDlvQ7P5cuKYCLfvgYG+/705aYDUQiyL7HexTJvBKMW+TR/fkvGeqB/mQcOVypaV7wYfS7mY0eZUuTWFLf6RGxEa3OkqD7r+HT9lqsdFDZbjxpUkBBpsWwMH1OOr1u5p+cY8thwCT4h38hDOupU3NsGz36nvlODqke1DtOAaiNeteN3rLDDf3FEIl3zqfiVix/vlrZee9mK/RgFdgIC9OFVkqQhYAWlGTNmcGKTjZ0ED07qtZVi5uGsMortCtIchr0KnW6uo+yBc7zdeO4aYb0ItM78g==</ds:SignatureValue><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
        <ds<wst14:KeyInfo>ActAs>
          <ds:X509Data><saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
            <ds:X509Certificate>MIIGNDCCBRygAwIBAgIEXOg9yTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzQ3NTdaFw0yMzAyMTMxMzQzMzBaMIGeMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFfMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDo3OTY4MDA0NTA7BgNVBAMMNFRFU1Qgd2hpdGVsaXN0ZWQgU1AgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNWtWKpMlLgD5Er0SgRjNCKXlwU39x3DTPvqE/r09j96B+pwbzHjhnbV5HPwCNzoeUolcvnPmJrsOucIHsoKebPgfLEnhfjWnl0Z8ivPy/3iQfHyhJoB3shBcfLwH+FwZzEqw3hsabflVJHTq+9u2bLes9UM7r2Hy0mlynux28nFKB8dqkYVS1MjAid2cID4vbbavlFO+N+BSIt8M+MA8A1FVwhUEc/vyD+Ha8Alo3nYLZV9SqYlzeeGR+umiyQ7lhVOzv2CO2ULBSpX28mxGJ4N8CmCUrZgbSnPwkw3Mkq93bzMRUB4X9Bu/hWIpQZooKDM6wxE8dYn1yrAliw+ujAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFCe0e26va9zqyshyZoXec/52Pl5RMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnG/H/WeWIPAbnuPMZ/p2sSulgesmt6N1fK5mupYlVmLQ/7fuBIh/ER8zK3ya6yuQBAfSwIYib8iFWm+VBPc+CeS8KE/z4LRZKs3tsFkyEPlee3KpyQ4BQEawwLZjb0ZHS6ghI846SFOy+nYV8HpLvws5/vTNlGaRbBlrDVFzL/ZGois0EJe6wd3xnglwEIKjCxv30zzAnCOrmEzGIaojm07F7rnpQkaCmGNDfsSWl6Mi8SZ8jhFZHdybG9mjr6BXc1wJl2C6hQVuo7wvaIhVgJpV5BkG61mcCBniZhGr7uCJyjQ1vheKDEDle4IIzyVajjM+x5F3BWb6JQxujEHOU=</ds:X509Certificate>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          </ds:X509Data>
 ID="_593cdbbb-e23d-4be5-8a6d-676187e4dd9c" IssueInstant="2023-12-28T10:57:48Z"
       </ds:KeyInfo>
      </ds:Signature>Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    </wsse:Security>
   </soapenv:Header>
  <soapenv:Body wsuxmlns:Idsaml="bodyurn:oasis:names:tc:SAML:2.0:assertion">
    <wst:RequestSecurityToken Context="urn:uuid:b501bee1-e6ef-4bda-9877-ce43d8637354">
      <wst<saml:TokenType>httpIssuer>https://docs.oasisoio3bst-openissuer.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>dk</saml:Issuer>
      <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
    <ds:Signature Id="OCESSignature">
          <wst14  <ds:ActAs>SignedInfo>
        <saml:Assertion xmlns:xs      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/XMLSchema" xmlns:xsi10/xml-exc-c14n#" />
              <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/XMLSchemaxmldsig-more#rsa-instancesha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_17433b24-cff4-4e22-ae47-4eefa07664a7" IssueInstant="2020-12-07T09:04:30Z" Version="2.0">
/>
              <ds:Reference URI="#_593cdbbb-e23d-4be5-8a6d-676187e4dd9c">
              <saml:Issuer>TEST trusted IdP</saml<ds:Issuer>Transforms>
          <ds:Signature Id="OCESSignature">
       <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    <ds:SignedInfo>
              <ds:CanonicalizationMethodTransform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </ds:Transforms>
                <ds:SignatureMethodDigestMethod Algorithm="http://www.w3.org/20002001/0904/xmldsig#rsa-sha1xmlenc#sha256" />
                <ds:Reference URI="#_17433b24-cff4-4e22-ae47-4eefa07664a7">DigestValue>gNWtK4XYXVkkTSzxwdyxuhUrvIMzD8IQwRwbzX2sgGI=</ds:DigestValue>
                <ds:Transforms></ds:Reference>
            </ds:SignedInfo>
      <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
     <ds:SignatureValue>
             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> YT3dO6StVswfqgJL39yVgSq7Kn/dEmCyXKt0fWN5niKCa2WpPNVAyfVzcXIBEYGZ7UOLlCuXkk8bELXiJwJQ2NpbbdPRYE7g1O4w91mvYl0xs3cYxXFTKDbX7xxW7gxSF0GLGWATqHYmsmo47bi2pXqKUrEF7C3mQogEo6p0ssi4n44E5mFOO6aUJcTelJK+hoUhTmLXgZ754lhzrNZ34TomKMmFsoEpERdGXDiV2uNsUChpFLOSDWLDVdeXxAZ4QoR87CAkvoutCWICw1EdbbD+HOwq9PJjOI5UuSeMtTW+Q3/oiYVEGx1w5P6zjnX3FpPuu12kOaFIgUB6qqMhT6zNSsusEgaMQjGSeW7wOwTzKHnjDakoqjuPVsMghho2tsZi5nc6NWXAi787nU7oxLn85//dhWK22UU8y/Hlc/enufs1UG+EngTTLRXt3DBQ96gJntRygSf/bz3/9Bpcw1FMrDSS2qJS2WxtOBL8IgSCE8cgW5k8WLao8OMTiKqw</ds:SignatureValue>
            <ds:KeyInfo>
      </ds:Transforms>        <ds:X509Data>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>X509Certificate>
                <ds:DigestValue>4jgrBp2Qz+1jWqwv4EPDwvnoeOU  MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:DigestValue>X509Certificate>
              </ds:Reference>X509Data>
            </ds:SignedInfo>KeyInfo>
            <ds:SignatureValue>P0SXvO1fqVHbZIe/tcnlU7ppFHzxeb23F3YTdVjBR6U6U5xPKfn8NVaTYSJsqh6OGuxAXBrnAAYAd5wyP5E6Z8R62Q2z9Mog9qk+EM95kGfbqvJsAEQFDp6DEpAVyasKXpVdzqQv5b5/J2fG2X7ZHDUGeiIEHq9Cp/EWeFToOcEvx13eMU7MX2jhqdnc+aEGqjVHPsPrgSSy7z3zyg+5PQ476KmfuWxdKgxoKFtK1eMjbTk4bY1aEhDDQTcZNTgmg4qQVbOmMzRi3AWTl++HaMC1g8dXpuzNKWYnVc91a+vIRxghg3j6bzWDS+gET0vSyRAvlcFBl34/PdQlik8CCA==</ds:SignatureValue>Signature>
            <ds<saml:KeyInfo>Subject>
              <ds:X509Data><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
                <ds:X509Certificate>MIIGMTCCBRmgAwIBAgIEXOg9zDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzUwNDhaFw0yMzAyMTMxMzQ5NDFaMIGbMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFcMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoyMjI0OTczMjA4BgNVBAMMMVRFU1QgdHJ1c3RlZCBJZFAgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxgR6YyL1auIQJtCyq6HpB3y5FtrFWigZsmbOXvhcxrmvjhqahlfvke2Vub5AfCPslTsbSgwg9sqhU7Hq2T96QZtLqa+UZP3PVzIqyfXwgXpOFvb2UGbXwQ5SPtSAhoo8z6cFPkBUdIGxL99DV7GPWw4kIk9ynV2YY/XulY049wePaHQFLuW4A5F+Nl6coXFpqn55fG0XNRxOPZUX3DUlnKT7aJKU4xA/1gIm+v4DbbIKN97SV1msXfQq+9Fdpz07dTQEINa9JzmBN1zPkT7hJEOHttqhtFwSxJhMA5V5k0ZbVj1b6WRgJZKUEtGSNOmyZUlcmwUgzz4PwGuMc85PHAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFN7fNS/56t+ZyVIxR6T6W0S7yS5JMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAANWrGs4jCmcvQX34e5h29UhxVegt8Jg02WWBzGB9/kH5YOVnSEp7CCIc4Qut0+C0QlvcDvCre12fOsII5ZlYjKIOXwXzjO2lsNmPKRom3+2syL5aWRQLsh3viVIvVLn4E5bZiEEX8P5KkXI8Exh9OlYEro5KpVyF8Bi2r7uJDmglCYl+BSc/zozgegXJ9KP4l+08mKVWPwwfw5qwp13PWbNNOVPpdIMVzN0YQCTUvPRfNqVfx265+zmx96HF2PvHCzTL95mKfWMs+SZEVpfek4Xl9priAOI6hhmcAZR1wwAklmI7KC4I3m0gFzUOPcZycXNg3G02gXvcmlwMcrdOek=</ds:X509Certificate>dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
              </ds:X509Data><saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
            </ds    <ds:KeyInfo>
            </ds:Signature>      <ds:X509Data>
          <saml:Subject>
          <ds:X509Certificate>
                <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503</saml:NameID>
      MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
              <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">    </ds:X509Data>
              <saml:SubjectConfirmationData NotOnOrAfter="2020-12-07T09:09:29Z" Recipient="https://sosi"/>  </ds:KeyInfo>
              </saml:SubjectConfirmationData>
            </saml:SubjectConfirmation>
          </saml:Subject>
          <saml:Conditions NotBefore="2020-12-07T09:04:24Z" NotOnOrAfter="20202023-12-07T0928T12:0957:29Z48Z">
            <saml:AudienceRestriction>
              <saml:Audience/>Audience>http://audience/clear</saml:Audience>
            </saml:AudienceRestriction>
          </saml:Conditions>
        </saml:Assertion>
      </wst14:ActAs>
  <saml:AttributeStatement>
    <wsp:AppliesTo>
        <wsa<saml:EndpointReference>
          <wsa:Address>https://fmk</wsa:Address>Attribute Name="https://data.gov.dk/model/core/specVersion"
        </wsa:EndpointReference>
      </wsp:AppliesTo>
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
         <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">     <saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue>
        <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier">    </saml:Attribute>
          <auth:Value>0501792275</auth:Value>  <saml:Attribute Name="https://data.gov.dk/concept/core/nsis/loa"
        </auth:ClaimType>
        <auth:ClaimType UriNameFormat="dk:healthcare:saml:attribute:OnBehalfOfurn:oasis:names:tc:SAML:2.0:attrname-format:uri">
          <auth:Value>urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040</auth:Value>    <saml:AttributeValue xsi:type="xs:string">Substantial</saml:AttributeValue>
            </authsaml:ClaimType>Attribute>
      </wst:Claims>
    </wst:RequestSecurityToken>
  </soapenv:Body>
</soapenv:Envelope>

Svaret fra STS ser således ud:

Code Block
languagexml
title(Borgeromveksling) BST2IDWS Response fra STS
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml<saml:Attribute Name="https://data.gov.dk/model/core/eid/cprNumber"
              NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsuuri">
              <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
            </saml:Attribute>
          </saml:AttributeStatement>
        </saml:Assertion>
      </wst14:ActAs>
      <wsp:AppliesTo>
        <wsa:EndpointReference>
          <wsa:Address>http://audience/clear</wsa:Address>
        </wsa:EndpointReference>
      </wsp:AppliesTo>
      <wst:Claims Dialect="http://docs.oasis-open.org/wsswsfed/2004authorization/01/oasis-200401-wss-wssecurity-utility-1.0.xsd200706/authclaims">
    <soapenv:Header>
    <wsa<auth:ActionClaimType wsu:IdUri="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>dk:gov:saml:attribute:CprNumberIdentifier">
    <wsa:MessageID wsu:Id="messageID">urn:uuid:bde6ee0c-06a9-4dd7-9ae0-3bf29b6280e3</wsa:MessageID>
    <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:3b222db7-5922-477c-b815-4ea35cba6574</wsa:RelatesTo><auth:Value>0501792275</auth:Value>
    <wsse:Security mustUnderstand="1" wsu:Id="security">    </auth:ClaimType>
      <wsu:Timestamp wsu:Id="ts"></wst:Claims>
    </wst:RequestSecurityToken>
  </soapenv:Body>
</soapenv:Envelope>

Svar fra STS

Code Block
languagexml
title(Borgeromveksling) BST2IDWS Response fra STS
collapsetrue
<soapenv:Envelope xmlns:soapenv  <wsu:Created>2020-12-07T09:06:39Z</wsu:Created>
      </wsu:Timestamp>
      <ds:Signature>
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://wwwschemas.w3xmlsoap.org/2001soap/10envelope/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm xmlns:ds="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>0101603040
          <ds:Reference URI="#messageID">
            <ds:Transforms>
              <ds:Transform Algorithmxmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/20012005/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm08/addressing" xmlns:wsp="http://wwwschemas.w3xmlsoap.org/2000ws/2004/09/xmldsig#sha1policy"/>
            <ds:DigestValue>5YUEr9PKYYu2iyvY0XhKxHE6NFk=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#action xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <soapenv:Header>
    <wsse:Security mustUnderstand="1" wsu:Id="security">
      <wsu:Timestamp wsu:Id="ts">
     <ds:Transforms>   <wsu:Created>2023-01-17T10:01:42Z</wsu:Created>
      </wsu:Timestamp>
       <ds:Signature>
        <ds:SignedInfo>
          <ds:TransformCanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethodSignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1xmldsig#rsa-sha1"/>
            <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#relatesTo#body">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>OoDigestValue>Dd3Fopf+c5AT3Gky7Q2+jevrnjtKkbhIKztciG0Ov2fyIFYV3bI=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#ts">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>/DWD2fll+qjDeFmjYb4i4TTQcJEDigestValue>QcufgSZuMyIqGDQRgzo2qhV9bPQ=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#body#messageID">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>TOdMnbhE5vN9Q9/01qfrGKKKJP0DigestValue>nu4c0NaE3eq9OGITv84JBSas6KE=</ds:DigestValue>
          </ds:Reference>
          </ds:SignedInfo><ds:Reference URI="#relatesTo">
        <ds:SignatureValue>Or2nuZl8pyU4t6h90FP50MwghnBaQo0hGr/uOrDxkQo3lUXXxa5P2S4Vs5I8NzvgHGx22Piq19D2S7Z9NVMxPgRQC+kyhxIUehYFWv4ZlEX6L8Qn0N2T+44UA9pUZgJYH4BbUF0fXY79KZAiD5JGa6sc0ZKZTnO5eusR6ef6+m1jTGDOXEjH2J+qQ6i23VJPIYB0yxNU53n79d05rknhipWCQYfthE6eNKyfMy1jvkm1Wyux1bZUhwL+1WOZIbXTN7LbgN1I0x1IxFFe6yJ6ccIiSOoSzyEp00sVcTVoBLzfF2GmYVFijJo3kjjOXwnDTjxXCPCUE22ND4rjrmb2Zg==</ds:SignatureValue>    <ds:Transforms>
        <ds:KeyInfo>      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:X509Data>  </ds:Transforms>
            <ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>9UwERB5xBRhppAfnRukLWgcivl0=</ds:X509Data>DigestValue>
          </ds:KeyInfo>Reference>
      </ds:Signature>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body wsu:Id="body<ds:Reference URI="#action">
      <wst:RequestSecurityTokenResponseCollection>
      <wst<ds:RequestSecurityTokenResponse Context="urn:uuid:b501bee1-e6ef-4bda-9877-ce43d8637354">
Transforms>
              <wst:TokenType>http<ds:Transform Algorithm="http://docswww.oasis-openw3.org/2001/wss10/oasisxml-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>exc-c14n#"/>
        <wst:RequestedSecurityToken>    </ds:Transforms>
          <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#xmldsig#sha1" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_fa311122-026e-4049-8ddf-cdbd84304d7c" IssueInstant="2020-12-07T09:06:39Z" Version="2.0">
    />
            <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
          </ds:Reference>
        <saml:Issuer>TEST2-NSP-STS</saml:Issuer></ds:SignedInfo>
            <ds:Signature Id="OCESSignature"><ds:SignatureValue>jxKRTZ71YH+mfL4K5DyJy9Knvq12VmyklrREWzIUkiKPzbyvjyK2nXL152Sv3BY7/se+3aepmAhBGiQ7v+DHOjhCRDsGQZvs7J19tvSxLEYrdpVZdz93ZF0p5mKT9+Oqrx/nHSrcMkaBqf6/yWSoRivoJgRAJstJRfrjecNobYLowibqJJhLiGUYfucK3rde8FBTazzKwEjWdjrwCdJ3XeJanbRRY7L0z2NQahlt3HlSnT+3m0VJOBRL6dpKdOIlCi/pGcxkiXVZFXGQJhJpyaR8+QWj2Cs1rc/4/KrrGGdZX292s4UEnXsEaVcFKcvbb4Ggb4JZ1WATM9DeLABB2A==</ds:SignatureValue>
        <ds:KeyInfo>
      <ds:SignedInfo>
    <ds:X509Data>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
X509Certificate>MIIGRzCCBS+gAwIBAgIEX51MYTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMTA4MTYwNjQ4MjJaFw0yNDA4MTYwNjQ3MjNaMIGOMQswCQYDVQQGEwJESzEvMC0GA1UECgwmU3RhdGVucyBTZXJ1bSBJbnN0aXR1dCAvLyBDVlI6NDY4Mzc0MjgxTjAgBgNVBAUTGUNWUjo0NjgzNzQyOC1VSUQ6Mjc5MTAxMzUwKgYDVQQDDCNTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC0gVGVzdCBWT0NFUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo3h9gnQBKbiJriTMg/QLuuJFNONeRl9F8T9RE+HEOdBhhb64afks3ztVjXQ15r8KNu0YwBkOVFOe0wz7w0uT7OSFxf5Zejl1BO7VxIkcYEfq5GjryNcHb50sB7G2CisfKtdN5DRSShJyQXgZ3cflVazP+ZrYfi9gy79GBVYi3mTxN4yJtSOkKIMh8knGiBgHVqS3fkOO+K5dmV9qImFYQvCpSf8XgN96d5+mTvuZ2Yu+8GaFCSU93CxlnfODkqAWkATYnV0I6hd9l7qrGjIT0flDaVm2ruJwKEW+CkeaG9W9yDYBNLNw6WqioUckslMkVUwSUD6rQ8MLrvxfmQ+WsCAwEAAaOCAu8wggLrMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuMCAGA1UdEQQZMBeBFXRlc3RjZXJ0aWZpa2F0QHNzaS5kazCBrQYDVR0fBIGlMIGiMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYqBgoF6kXDBaMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEPMA0GA1UEAwwGQ1JMMTk1MB8GA1UdIwQYMBaAFM1saJc5chmkNatk6vQRo4GH+Gk7MB0GA1UdDgQWBBTXaIm8KGHSJc24Q3sCwFiMXb5M3jAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCA26TOPUHHxffo7ajqZkZhNfDZzBl8XlcgQPbhrAZINCKD/cKesZGnJwElGHtexRfyUh073kkww1wP2EmZf+9m5Kry73hHKyUkawtO1/R2ib04OKpIZd8M3F9YfyOusZVxuTcYYty20xEfJO8HygzXNIrFFA1qorrMjuxiXZRnUDhjzUFVDAu/Rgt8cIR3pTvU1KizLBRUC6Q+8itJizvwMHVB+tRdENbUw+ElkXbLpFt+pc+C5wDFkVudv5B/46jU/ceGNdcmkvUt6F/ey3Uc3Pc30JzpYc4KDHKc6wOttYCNtxWAnpvhOS5HUuV6GpWVww28x3Ykhv0rfYXlZo4W</ds:X509Certificate>
          </ds:X509Data>
       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
    <wsa:Action  <ds:Reference URI="#_fa311122-026e-4049-8ddf-cdbd84304d7c">wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
                  <ds:Transforms><wsa:MessageID wsu:Id="messageID">urn:uuid:886d0eb8-d70b-43fa-97ce-8d814342f306</wsa:MessageID>
    <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:ebc3c28e-1fb4-48f3-8d70-ba71b778e12c</wsa:RelatesTo>
  </soapenv:Header>
  <soapenv:Body wsu:Id="body">
    <wst:RequestSecurityTokenResponseCollection>
      <ds<wst:TransformRequestSecurityTokenResponse Algorithm="httpContext="urn:uuid:bc96d4e7-3427-46f8-a349-1dc33429f4f1">
        <wst:TokenType>http://wwwdocs.w3oasis-open.org/2000/09/xmldsig#enveloped-signature"/>wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
        <wst:RequestedSecurityToken>
          <saml:Assertion  <ds:Transform Algorithmxmlns:xs="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    /XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_3fb99f0a-4da0-4157-accd-789b1ac78e14" IssueInstant="2023-01-17T10:01:42Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
              </ds:Transforms>
   <saml:Issuer>TESTSTS</saml:Issuer>
               <ds:DigestMethodSignature AlgorithmId="http://www.w3.org/2000/09/xmldsig#sha1"/OCESSignature">
              <ds:SignedInfo>
      <ds:DigestValue>GOIAqcYUFLnazqyu7B4AL2vpV5o=</ds:DigestValue>
                 </ds:Reference><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:SignedInfo>
              <ds:SignatureValue>sM1Nl1ehU0k4WwrNyIJaRn/VDH9JbriFlDKaRzd/iwYtiF6rCA+NQMMHYqAjjzPewjamKuueIqx7MTt0ElEN3mUcdBaSqaohdhmTTM9U2IB76B+sWNxpGdCXQ8N1lYjVqBYkCn6uAvzG89fADpTNkBct8ekWuj/UT06h/O8KLxybhK7I0HNOWkJ45BAhOIJTOc7Vg4qyIk3PJIh+8TzpyUY9L2WuBg8YKzgAd+8uCKRFn223ePRL6GtRlJJqsXm/x/82CNj6lGHdCFXsPcZrrYvKCmZu8FSFEqQrLjyE/ULnbTQVfe+gAPhIzAh01n1SvlWoQ0omyzjiWCAA2Sketw==</ds:SignatureValue><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <ds:KeyInfo>
Reference URI="#_3fb99f0a-4da0-4157-accd-789b1ac78e14">
                  <ds:X509Data>Transforms>
                    <ds:Transform Algorithm="http:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
/www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </ds:X509Data>Transforms>
              </ds:KeyInfo>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>kJE9hhP9+/xweTiQukBiZipAjhQ=</ds:Signature>DigestValue>
            <saml:Subject>    </ds:Reference>
              <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503</saml:NameID>
</ds:SignedInfo>
                <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><ds:SignatureValue>UcLkNItCKooUYVERRLUkeJvkPKXa5XGyim8/QY3bz20LsgO2J2FNUwREsLLk79cB0V7DZsB3MDulLBXiApYglI/ZPsX0lnr40fKFHBS8AOUrKidMVKbWVzQLqzIduwrgcIZCx2iwkuvXxlocuPlRmlochjAOCpNF6X/ZCaMOZTI8cnVrRptzsesXhhz+Hkuj/snUmzOT6sqPXq9RcqYkKD+ucHBnn7u0altrvng7mKzshNjd73Djrn7Edsj/J2Z69P9NYSv+32Ai7Uxe3d9G9vkqjjRg6Zh7bKm4cT//tjF8Zbq+F8hbdF1vM/t0iqCLln3OaMsRVJ0jZhLvN99HJg==</ds:SignatureValue>
                <saml:SubjectConfirmationData NotOnOrAfter="2020-12-07T09:09:29Z" Recipient="https://fmk"><ds:KeyInfo>
                  <ds:KeyInfo>X509Data>
                    <ds:X509Data>
                      <ds:X509Certificate>MIIGNDCCBRygAwIBAgIEXOg9yTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzQ3NTdaFw0yMzAyMTMxMzQzMzBaMIGeMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFfMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDo3OTY4MDA0NTA7BgNVBAMMNFRFU1Qgd2hpdGVsaXN0ZWQgU1AgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNWtWKpMlLgD5Er0SgRjNCKXlwU39x3DTPvqE/r09j96B+pwbzHjhnbV5HPwCNzoeUolcvnPmJrsOucIHsoKebPgfLEnhfjWnl0Z8ivPy/3iQfHyhJoB3shBcfLwH+FwZzEqw3hsabflVJHTq+9u2bLes9UM7r2Hy0mlynux28nFKB8dqkYVS1MjAid2cID4vbbavlFO+N+BSIt8M+MA8A1FVwhUEc/vyD+Ha8Alo3nYLZV9SqYlzeeGR+umiyQ7lhVOzv2CO2ULBSpX28mxGJ4N8CmCUrZgbSnPwkw3Mkq93bzMRUB4X9Bu/hWIpQZooKDM6wxE8dYn1yrAliw+ujAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFCe0e26va9zqyshyZoXec/52Pl5RMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnG/H/WeWIPAbnuPMZ/p2sSulgesmt6N1fK5mupYlVmLQ/7fuBIh/ER8zK3ya6yuQBAfSwIYib8iFWm+VBPc+CeS8KE/z4LRZKs3tsFkyEPlee3KpyQ4BQEawwLZjb0ZHS6ghI846SFOy+nYV8HpLvws5/vTNlGaRbBlrDVFzL/ZGois0EJe6wd3xnglwEIKjCxv30zzAnCOrmEzGIaojm07F7rnpQkaCmGNDfsSWl6Mi8SZ8jhFZHdybG9mjr6BXc1wJl2C6hQVuo7wvaIhVgJpV5BkG61mcCBniZhGr7uCJyjQ1vheKDEDle4IIzyVajjM+x5F3BWb6JQxujEHOU=<<ds:X509Certificate>MIIGRzCCBS+gAwIBAgIEX51MYTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMTA4MTYwNjQ4MjJaFw0yNDA4MTYwNjQ3MjNaMIGOMQswCQYDVQQGEwJESzEvMC0GA1UECgwmU3RhdGVucyBTZXJ1bSBJbnN0aXR1dCAvLyBDVlI6NDY4Mzc0MjgxTjAgBgNVBAUTGUNWUjo0NjgzNzQyOC1VSUQ6Mjc5MTAxMzUwKgYDVQQDDCNTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC0gVGVzdCBWT0NFUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo3h9gnQBKbiJriTMg/QLuuJFNONeRl9F8T9RE+HEOdBhhb64afks3ztVjXQ15r8KNu0YwBkOVFOe0wz7w0uT7OSFxf5Zejl1BO7VxIkcYEfq5GjryNcHb50sB7G2CisfKtdN5DRSShJyQXgZ3cflVazP+ZrYfi9gy79GBVYi3mTxN4yJtSOkKIMh8knGiBgHVqS3fkOO+K5dmV9qImFYQvCpSf8XgN96d5+mTvuZ2Yu+8GaFCSU93CxlnfODkqAWkATYnV0I6hd9l7qrGjIT0flDaVm2ruJwKEW+CkeaG9W9yDYBNLNw6WqioUckslMkVUwSUD6rQ8MLrvxfmQ+WsCAwEAAaOCAu8wggLrMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuMCAGA1UdEQQZMBeBFXRlc3RjZXJ0aWZpa2F0QHNzaS5kazCBrQYDVR0fBIGlMIGiMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYqBgoF6kXDBaMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEPMA0GA1UEAwwGQ1JMMTk1MB8GA1UdIwQYMBaAFM1saJc5chmkNatk6vQRo4GH+Gk7MB0GA1UdDgQWBBTXaIm8KGHSJc24Q3sCwFiMXb5M3jAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCA26TOPUHHxffo7ajqZkZhNfDZzBl8XlcgQPbhrAZINCKD/cKesZGnJwElGHtexRfyUh073kkww1wP2EmZf+9m5Kry73hHKyUkawtO1/R2ib04OKpIZd8M3F9YfyOusZVxuTcYYty20xEfJO8HygzXNIrFFA1qorrMjuxiXZRnUDhjzUFVDAu/Rgt8cIR3pTvU1KizLBRUC6Q+8itJizvwMHVB+tRdENbUw+ElkXbLpFt+pc+C5wDFkVudv5B/46jU/ceGNdcmkvUt6F/ey3Uc3Pc30JzpYc4KDHKc6wOttYCNtxWAnpvhOS5HUuV6GpWVww28x3Ykhv0rfYXlZo4W</ds:X509Certificate>
                    </ds:X509Data>
                  </ds:KeyInfo>
                </samlds:SubjectConfirmationData>Signature>
              </saml:SubjectConfirmation><saml:Subject>
            </saml:Subject>
            <saml:ConditionsNameID NotBeforeFormat="2020-12-07T09:01:39Z" NotOnOrAfter="2020-12-07T09:09:29Z">urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID>
              <saml:AudienceRestriction>:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                <saml:Audience>httpsSubjectConfirmationData NotOnOrAfter="2023-01-17T10:06:42Z" Recipient="http://fmk</saml:Audience>
audience/clear">
                </saml:AudienceRestriction>  <ds:KeyInfo>
            </saml:Conditions>
        <ds:X509Data>
    <saml:AttributeStatement>
                <saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
 <ds:X509Certificate>MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                 <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>   </ds:X509Data>
                  </samlds:Attribute>KeyInfo>
              <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic  </saml:SubjectConfirmationData>
              </saml:SubjectConfirmation>
            </saml:Subject>
            <saml:Conditions NotBefore="2023-01-17T09:56:42Z" NotOnOrAfter="2023-01-17T10:06:42Z">
              <saml:AudienceRestriction>
                <saml:AttributeValue xsi:type="xs:string">3<Audience>http://audience/clear</saml:AttributeValue>Audience>
              </saml:Attribute>AudienceRestriction>
            </saml:Conditions>
            <saml:AttributeStatement>
              <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifierSpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue xsi:type="xs:string">0501792275</>DK-SAML-2.0</saml:AttributeValue>
              </saml:Attribute>
              <saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediateAssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue xsi:type="xs:string">PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2l0c3QuZGsvb2lvc2FtbC9iYXNpY19wcml2aWxlZ2VfcHJvZmlsZSI+PGJwcDpQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOmRrOmhlYWx0aGNhcmU6c2FtbDphY3RUaHJvdWdoUHJvY3VyYXRpb25CeTpjcHJOdW1iZXJJZGVudGlmaWVyOjAxMDE2MDMwNDAiPjxicHA6UHJpdmlsZWdlPnVybjpkazpuc3BvcDpzdHM6ZGR2OnJlYWQ8L2JwcDpQcml2aWxlZ2U+PGJwcDpQcml2aWxlZ2U+dXJuOmRrOm5zcG9wOnN0czpkZHY6d3JpdGU8L2JwcDpQcml2aWxlZ2U+PGJwcDpQcml2aWxlZ2U+dXJuOmRrOm5zcG9wOnN0czpmbWs6cmVhZDwvYnBwOlByaXZpbGVnZT48YnBwOlByaXZpbGVnZT51cm46ZGs6bnNwb3A6c3RzOmZtazp3cml0ZTwvYnBwOlByaXZpbGVnZT48L2JwcDpQcml2aWxlZ2VHcm91cD48L2JwcDpQcml2aWxlZ2VMaXN0Pg==<">3</saml:AttributeValue>
              </saml:Attribute>
              <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
              </saml:Attribute>
            </saml:AttributeStatement>
          </saml:Assertion>
        </wst:RequestedSecurityToken>
        <wsp:AppliesTo>
          <wsa:EndpointReference>
            <wsa:Address>httpsAddress>http://fmk<audience/clear</wsa:Address>
          </wsa:EndpointReference>
        </wsp:AppliesTo>
        <wst:Lifetime>
          <wsu:Created>2020Created>2023-1201-07T0917T09:0156:39Z<42Z</wsu:Created>
          <wsu:Expires>2020Expires>2023-1201-07T0917T10:0906:29Z<42Z</wsu:Expires>
        </wst:Lifetime>
      </wst:RequestSecurityTokenResponse>
    </wst:RequestSecurityTokenResponseCollection>
  </soapenv:Body>
</soapenv:Envelope>

OIO2BST_CITIZEN - udstedes af SEB IdP

RequestBemærk returværdien fra STS, der indeholder attributten 'dk:gov:saml:attribute:Privileges_intermediate'. Værdien er base64 encoded. Efter en decode ser det således ud (bemærk, at strukturen både indeholder det CPR nummer, som borgeren ønsker at arbejde på vegne af samt listen af de privilegier, der rent faktisk er tildelt fra denne borger til den kaldende borger):

Code Block
languagexml
titleDecoded dk:gov:saml:attribute:Privileges_intermediate(Borgeromveksling) BST2IDWS Request til STS
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<bpp<soapenv:PrivilegeListEnvelope xmlns:bppsoapenv="http://itst.dk/oiosaml/basic_privilege_profile">schemas.xmlsoap.org/soap/envelope/"
  <bpp:PrivilegeGroup Scope  xmlns:auth="urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040">
    <bpp:Privilege>urn:dk:nspop:sts:ddv:read</bpp:Privilege>http://docs.oasis-open.org/wsfed/authorization/200706"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    <bpp:Privilege>urn:dk:nspop:sts:ddv:write</bpp:Privilege>xmlns:wsa="http://www.w3.org/2005/08/addressing"
    <bpp:Privilege>urn:dk:nspop:sts:fmk:read</bpp:Privilege>xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    <bpp:Privilege>urn:dk:nspop:sts:fmk:write</bpp:Privilege>
  </bpp:PrivilegeGroup>
</bpp:PrivilegeList>

 OIO2BST assertion

Code Block
languagexml
titleoio2bst citizen assertion
collapsetrue
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_f3070cce-b0ce-4025-b374-ada158cb137c" IssueInstant="2020-11-13T10:22:50.027Z" Version="2.0">
    <!--  Udstederen af bootstraptokenet (her SEB IdP)  -->
    <Issuer>https://seblogin.nsi.dk/runtime/</Issuer>
    <ds:Signature xmlns:dsxmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
    xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802"
    xmlns:wsu="http://wwwdocs.w3oasis-open.org/2000wss/2004/09/xmldsig#">
01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <soapenv:Header>
         <ds:SignedInfo><wsse:Security mustUnderstand="1" wsu:Id="security">
            <ds<wsu:CanonicalizationMethodTimestamp Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/wsu:Id="ts">
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>    <wsu:Created>2024-02-23T09:20:36Z</wsu:Created>
            <ds:Reference URI="#_f3070cce-b0ce-4025-b374-ada158cb137c"></wsu:Timestamp>
            <ds:Signature>
                <ds:Transforms>SignedInfo>
                    <ds:TransformCanonicalizationMethod Algorithm="http://www.w3.org/20002001/0910/xmldsig#envelopedxml-exc-signaturec14n#" />
                    <ds:TransformSignatureMethod Algorithm="http://www.w3.org/20012000/1009/xmlxmldsig#rsa-exc-c14n#sha1" />
                  </ds  <ds:Reference URI="#body">
                        <ds:Transforms>
                            <ds:DigestMethodTransform Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"10/xml-exc-c14n#" />
                <ds:DigestValue>mLOzno5qLFEcRB7wZ803T+63ZuUdWFETQm1DH0uLgxE=</ds:DigestValue>
            </ds:Reference>Transforms>
        </ds:SignedInfo>
        <ds:SignatureValue>cam+piuM1GFsBWP2cyTnKCkSYFMYjwKawizCLXw2F8fpD2UioxDtbFOJLG8ca03lh5881RRxrqkwK0Q/QAgKACB8t7NXuYOnMZK0hm2Ys9wibGVqS2De7UImO7BA/RvL9QjRuOHqM3/BWeNG1hteIFzDsVmYGu6CRH6giuLx7uoI6mF69Jb3v3DrztjaCRqWXU8lJo6bNY/ET/hu5/10Xfegb/7qNWb34cW7WQE2qAWRJaLyj1/apQX5BpsdjS0V2uvTsQYx+Dob8cTKqY9nPbuUR5pgcsEg6jle82GhpsiT5hHyC7R2BlP2ZFknkAMg8orogOIhe0tYTIzMD6d2DQ==</ds:SignatureValue>
        <KeyInfo<ds:DigestMethod xmlnsAlgorithm="http://www.w3.org/2000/09/xmldsig#xmldsig#sha1" />
            <X509Data>
                <!--  Certifikat som har signeret bootstraptokenet (her SEB IdP)  -->
  <ds:DigestValue>K6NblQLm29GnlaOTpaoqPbtcLHg=</ds:DigestValue>
                         <X509Certificate>MIIGRTCCBS2gAwIBAgIEUw8DszANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTQwNTA1MTMzNTU4WhcNMTcwNTA1MTMzNTEyWjCBljELMAkGA1UEBhMCREsxMTAvBgNVBAoMKERpZ2l0YWxpc2VyaW5nc3N0eXJlbHNlbiAvLyBDVlI6MzQwNTExNzgxVDAgBgNVBAUTGUNWUjozNDA1MTE3OC1VSUQ6ODMzODQ5NzAwMAYDVQQDDClEaWdpdGFsaXNlcmluZ3NzdHlyZWxzZW4gLSBOZW1Mb2ctaW4gVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnCmDRMztjDckSupQBLcEzrRRJnAFxzEFdB7Cj6ApMQ/YxqKzfL/TSIr3v2mdgQNnsJGz91YbAteDPRHR/K1W3kqoIX/qH2uXDzHK+qi4YD9D8s4MnHAt02x6t0TgKQGjn1XO6lgLQ563DjtgD2fdPm9USV2Lkxe5ofNRG7yvWowBWjXKia8D64k6zSzoHKdPz6GCy9S0NmwIyJE0sJavcfwxT3/ia0g63/xD77SteT4H/OR/DLis7FLnfkLp8yrd5xAk4nEGizmjrg2OVJmIMMPK6PQdw+/lqSdgaPDxMD6yoIwWshux5Rup1+piMLg852odHR6EhUzjEsi9DnWWcCAwEAAaOCAucwggLjMA4GA1UdDwEB/wQEAwIEsDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwQwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjQuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjQuMBwGA1UdEQQVMBOBEW5lbWxvZ2luQGRpZ3N0LmRrMIGpBgNVHR8EgaEwgZ4wPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDE5LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDE5LmNybDBeoFygWqRYMFYxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJDAiBgNVBAMMG1RSVVNUMjQwOCBTeXN0ZW10ZXN0IFhJWCBDQTENMAsGA1UEAwwEQ1JMMjAfBgNVHSMEGDAWgBTMAlUM5IF0ryBU1REUV5yRUjh/oDAdBgNVHQ4EFgQUwm9c3oUHE/zZ/43g4RUhswnMVAowCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEACLh3Ovvljv4b/Ywf/8WxoB2y50Oqt8rpwXZp+no4d5tLqIMTSAlQxL0lAf4Qm4e6tF5m/55+dLwxw5/Dqwa0bQXHt98vJjSBYLQH6rwfDzNmVGimO1n84k4MMYY449ykjqRNDfCS3+5+zV/An4CH9eUhvB0AHHWbD6eALw39sPGxc5kHADTOdJ5SboSm9DHYdLLt9k8HyxrHIkcJApLWPgyFmkE0+8jtuQQluN62F5+j5d53oTKinHEd7adM0ea537vNf5uBGu6h9OTXlhZwM9tlnrsTYQTTAIzdxGPlpD9Zvo5nmJHwILdRonm8rZf3vAm59/U6+Cht4+X2l5zxyg==</X509Certificate></ds:Reference>
            </X509Data>
        </KeyInfo><ds:Reference URI="#ts">
    </ds:Signature>
     <Subject>
        <!--  NameID indeholder en unik ID for<ds:Transforms>
 borgeren  -->
        <!--  TODO: Hvad skal SEB sætte her?  -->
        <NameID<ds:Transform FormatAlgorithm="’urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">dk:gov:saml:attribute:CprNumberIdentifier:1802602810</NameID>http://www.w3.org/2001/10/xml-exc-c14n#" />
        <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
               <SubjectConfirmationData xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:type="KeyInfoConfirmationDataType">
</ds:Transforms>
                        <KeyInfo<ds:DigestMethod xmlnsAlgorithm="http://www.w3.org/2000/09/xmldsig#xmldsig#sha1" />
                    <X509Data>
    <ds:DigestValue>/OQpEg3nog5DimJhhsBbCmCYrnU=</ds:DigestValue>
                    <!--/ds:Reference>
  Holder-of-key certifikatet - dvs. certifikat for det system/SOSI-STS-klient som kan veksle bootstraptokenet til et IDWS-identitytoken -->
   <ds:Reference URI="#messageID">
                    <X509Certificate>MIIGIzCCBQugAwIBAgIEUw/NqTANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTUwNDIwMDcyNTQyWhcNMTgwNDIwMDcyMzM3WjCBkTELMAkGA1UEBhMCREsxMTAvBgNVBAoMKERpZ2l0YWxpc2VyaW5nc3N0eXJlbHNlbiAvLyBDVlI6MzQwNTExNzgxTzAgBgNVBAUTGUNWUjozNDA1MTE3OC1GSUQ6NjkyMjEwNTAwKwYDVQQDDCRKYXZhIHJlZi4gVEVTVCAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsZhc0L2r7+KF2FtqJxtBI/KKneBo6ojLQf8ZgaXa6eFK15lyI4nGM3xZ/OgC8/vjsw2XWQE08vL09W8SKiujEt6xs967Z/Y4rNl1S8hZa5TVmBTlOEwEbmIzGB8tckVj14KnZ6kcZGvygb8FT5gvMGpueMj3OzvhvkShfGvuG/9yrr8hj7590vu3X0EkeI5dQAFPG41sUqzjDMZhZol5zhHCqkxXf0C+H+1gYYvNvEYGc1WXfaK0j3i66RcKAWJvozgf6jDQfwHsV7qswndxbvIhoZ6W7cBxzs4ajDQ5QeHS5JtWKopgmz0hXgcgXChJ4ZVvyhpatXLuldJeINrlHAgMBAAGjggLKMIICxjAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MTkudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MTkudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MTktY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQCMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4yLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4yLjCBqgYDVR0fBIGiMIGfMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS5jcmwwX6BdoFukWTBXMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0ExDjAMBgNVBAMMBUNSTDI4MB8GA1UdIwQYMBaAFMwCVQzkgXSvIFTVERRXnJFSOH+gMB0GA1UdDgQWBBRUEhCFm3sj4tGyEI3OkBYnKKSOFDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB9r7wKMTPCxGmQYFu7M+CyGrxSWaFqe8FH6YGyh9SaCjZUSbayamCqjhxM+7cLZtSBXySMYkcUImj5tWzED3BUIX6vbhzXvAsvyBuyXH9iRrBq3hLUOL18dBOMOY98TghF9jqJQBoq3Ikctob3/ikfpws86/jLnoKvA5q3IGYJIiwZssj85kcXmbhOpi1x9SjCRqgXldDVqiSEBVcuU8WKqvDVhIoFJzpsDbWvjeGnlgXtU0mK55tJYvm9i0leaoaAEKesRd2MdG9yZ4yhDFcvzUaTlQULvBxoNgXGPOGPxIEr2euiDhBcdrx/zbC8tjok6eBwu4FvGqyrpm11xjQs</X509Certificate>
     <ds:Transforms>
               </X509Data>
             <ds:Transform   </KeyInfo>Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </SubjectConfirmationData>
        </SubjectConfirmation>
    </Subject>ds:Transforms>
    <Conditions NotOnOrAfter="2020-11-13T12:22:50.027Z">
        <!--  Aftageren som  omveksle dette bootstraptoken (her SOSI-STS'en)   -->
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
          <AudienceRestriction>
              <Audience>https://sts.sosi.dk/</Audience><ds:DigestValue>0EpRuLcuAoWm8+cuLdJGMBkBWVo=</ds:DigestValue>
        </AudienceRestriction>
            </Conditions>ds:Reference>
     <AttributeStatement>
        <!--  Angivelse af profil og version (konstanten 'DK-SAML-2.0')  --<ds:Reference URI="#action">
        <Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <AttributeValue>DK-SAML-2.0</AttributeValue>
  <ds:Transforms>
      </Attribute>
        <!--  Sikringsniveau udtrykt efter NIST/ITT  -->
        <Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
              <AttributeValue>3</AttributeValue>
          </Attribute>ds:Transforms>
        <!--    borgerens CPR-nummer  -->
        <Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <AttributeValue>1802602810</AttributeValue>
            <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
                    </Attribute>ds:Reference>
                </AttributeStatement>
</Assertion>

 OIO3BST assertion

Code Block
languagexml
titleoio3bst citizen assertion
collapsetrue
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_f3070cce-b0ce-4025-b374-ada158cb137c" IssueInstant="2020-11-13T10:22:50.027Z" Version="2.0">
    <!--  Udstederen af bootstraptokenet (her NemLog-in3 STS)  -->
    <Issuer>https://sts.nemlog-in.dk</Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
ds:SignedInfo>
                <ds:SignatureValue>
                    <ds:SignedInfo>YUhbJ+uMu87Tj7TP1PYSflr1fTVUrf5ao6C5t+wtt06y9hn4QDtAovzPG3QAS7Cx79chxFcwKHWfGB2eBsKmj3VRr69d9C9JN62kpOSXDhdqKPcZETMvGU0iw1n29oI1JoR8UW55glppoRU07sGkssut1mm42PWg0P3xjXbUYofD0VMznHDLXF2iGtBv1vjXHXuin5UXYy1zL/SXl8Hvl9WWN1Cxg46VEGhvFcRRvoHknzDrWYJMbvVyVqzbRRTYDOUSaY+ECsGK/Gxn8NcVjbuHXa9kcs87h5GKHc+8wnV5dorDVo+SikpIuOrMPNwzW85Y8e2O68vK8NLa2SyrP2NaYFi50KoXluUOePGla8IFX1PxdVBCQLg+twFAosV3Ta1Ma7Ssdj/dSINs/lU9tcBvsNvnNPIxZVVBUZvMZ3K39AwoUDChSFZuv7o1FWHCXdJkI+3NZepFG2QL8ah3k4tq58MSFAAE8IW48F0thxyzjVxVvCRysD6J0hdo6JgD</ds:SignatureValue>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
   <ds:KeyInfo>
         <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f3070cce-b0ce-4025-b374-ada158cb137c">X509Data>
                <ds:Transforms>
        <ds:X509Certificate>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                 <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>   </ds:X509Data>
                <ds:DigestValue>mLOzno5qLFEcRB7wZ803T+63ZuUdWFETQm1DH0uLgxE=</ds:DigestValue>KeyInfo>
            </ds:Reference>Signature>
        </dswsse:SignedInfo>Security>
         <ds:SignatureValue>cam+piuM1GFsBWP2cyTnKCkSYFMYjwKawizCLXw2F8fpD2UioxDtbFOJLG8ca03lh5881RRxrqkwK0Q/QAgKACB8t7NXuYOnMZK0hm2Ys9wibGVqS2De7UImO7BA/RvL9QjRuOHqM3/BWeNG1hteIFzDsVmYGu6CRH6giuLx7uoI6mF69Jb3v3DrztjaCRqWXU8lJo6bNY/ET/hu5/10Xfegb/7qNWb34cW7WQE2qAWRJaLyj1/apQX5BpsdjS0V2uvTsQYx+Dob8cTKqY9nPbuUR5pgcsEg6jle82GhpsiT5hHyC7R2BlP2ZFknkAMg8orogOIhe0tYTIzMD6d2DQ==</ds:SignatureValue><wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><wsa:MessageID wsu:Id="messageID">urn:uuid:8f55fcc0-6939-4a08-a6f7-35dfe686573e</wsa:MessageID>
    </soapenv:Header>
        <X509Data><soapenv:Body wsu:Id="body">
                <!--  Certifikat som har signeret bootstraptokenet (her NemLog-in3 STS)  --<wst:RequestSecurityToken Context="urn:uuid:edd62a55-4408-45ca-8dc5-b215d49c9797">
                <X509Certificate>MIIGRTCCBS2gAwIBAgIEUw8DszANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTQwNTA1MTMzNTU4WhcNMTcwNTA1MTMzNTEyWjCBljELMAkGA1UEBhMCREsxMTAvBgNVBAoMKERpZ2l0YWxpc2VyaW5nc3N0eXJlbHNlbiAvLyBDVlI6MzQwNTExNzgxVDAgBgNVBAUTGUNWUjozNDA1MTE3OC1VSUQ6ODMzODQ5NzAwMAYDVQQDDClEaWdpdGFsaXNlcmluZ3NzdHlyZWxzZW4gLSBOZW1Mb2ctaW4gVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnCmDRMztjDckSupQBLcEzrRRJnAFxzEFdB7Cj6ApMQ/YxqKzfL/TSIr3v2mdgQNnsJGz91YbAteDPRHR/K1W3kqoIX/qH2uXDzHK+qi4YD9D8s4MnHAt02x6t0TgKQGjn1XO6lgLQ563DjtgD2fdPm9USV2Lkxe5ofNRG7yvWowBWjXKia8D64k6zSzoHKdPz6GCy9S0NmwIyJE0sJavcfwxT3/ia0g63/xD77SteT4H/OR/DLis7FLnfkLp8yrd5xAk4nEGizmjrg2OVJmIMMPK6PQdw+/lqSdgaPDxMD6yoIwWshux5Rup1+piMLg852odHR6EhUzjEsi9DnWWcCAwEAAaOCAucwggLjMA4GA1UdDwEB/wQEAwIEsDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwQwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjQuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjQuMBwGA1UdEQQVMBOBEW5lbWxvZ2luQGRpZ3N0LmRrMIGpBgNVHR8EgaEwgZ4wPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDE5LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDE5LmNybDBeoFygWqRYMFYxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJDAiBgNVBAMMG1RSVVNUMjQwOCBTeXN0ZW10ZXN0IFhJWCBDQTENMAsGA1UEAwwEQ1JMMjAfBgNVHSMEGDAWgBTMAlUM5IF0ryBU1REUV5yRUjh/oDAdBgNVHQ4EFgQUwm9c3oUHE/zZ/43g4RUhswnMVAowCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEACLh3Ovvljv4b/Ywf/8WxoB2y50Oqt8rpwXZp+no4d5tLqIMTSAlQxL0lAf4Qm4e6tF5m/55+dLwxw5/Dqwa0bQXHt98vJjSBYLQH6rwfDzNmVGimO1n84k4MMYY449ykjqRNDfCS3+5+zV/An4CH9eUhvB0AHHWbD6eALw39sPGxc5kHADTOdJ5SboSm9DHYdLLt9k8HyxrHIkcJApLWPgyFmkE0+8jtuQQluN62F5+j5d53oTKinHEd7adM0ea537vNf5uBGu6h9OTXlhZwM9tlnrsTYQTTAIzdxGPlpD9Zvo5nmJHwILdRonm8rZf3vAm59/U6+Cht4+X2l5zxyg==</X509Certificate><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
            </X509Data><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
        </KeyInfo>
    </ds<wst14:Signature>ActAs>
    <Subject>
         <!--  NameID indeholder en persistent UUID for borgeren  -->
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
              <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">https://data.gov.dk/model/core/eid/person/uuid/123e4567-e89b-12d3-a456-426655440000</NameID>      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
            <SubjectConfirmationData xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:type="KeyInfoConfirmationDataType">ID="_247b7481-a132-491b-aab9-187bdb90383c" IssueInstant="2024-02-23T09:20:36Z"
                <KeyInfo    Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <X509Data>
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
                    <saml:Issuer>https://oio2bst-issuer.dk</saml:Issuer>
                    <ds:Signature Id="OCESSignature">
    <!--   Holder-of-key certifikatet - dvs. certifikat for det system/SOSI-STS-klient som kan veksle bootstraptokenet til et IDWS token  --><ds:SignedInfo>
                        <X509Certificate>MIIGIzCCBQugAwIBAgIEUw/NqTANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTUwNDIwMDcyNTQyWhcNMTgwNDIwMDcyMzM3WjCBkTELMAkGA1UEBhMCREsxMTAvBgNVBAoMKERpZ2l0YWxpc2VyaW5nc3N0eXJlbHNlbiAvLyBDVlI6MzQwNTExNzgxTzAgBgNVBAUTGUNWUjozNDA1MTE3OC1GSUQ6NjkyMjEwNTAwKwYDVQQDDCRKYXZhIHJlZi4gVEVTVCAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsZhc0L2r7+KF2FtqJxtBI/KKneBo6ojLQf8ZgaXa6eFK15lyI4nGM3xZ/OgC8/vjsw2XWQE08vL09W8SKiujEt6xs967Z/Y4rNl1S8hZa5TVmBTlOEwEbmIzGB8tckVj14KnZ6kcZGvygb8FT5gvMGpueMj3OzvhvkShfGvuG/9yrr8hj7590vu3X0EkeI5dQAFPG41sUqzjDMZhZol5zhHCqkxXf0C+H+1gYYvNvEYGc1WXfaK0j3i66RcKAWJvozgf6jDQfwHsV7qswndxbvIhoZ6W7cBxzs4ajDQ5QeHS5JtWKopgmz0hXgcgXChJ4ZVvyhpatXLuldJeINrlHAgMBAAGjggLKMIICxjAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MTkudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MTkudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MTktY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQCMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4yLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4yLjCBqgYDVR0fBIGiMIGfMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS5jcmwwX6BdoFukWTBXMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0ExDjAMBgNVBAMMBUNSTDI4MB8GA1UdIwQYMBaAFMwCVQzkgXSvIFTVERRXnJFSOH+gMB0GA1UdDgQWBBRUEhCFm3sj4tGyEI3OkBYnKKSOFDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB9r7wKMTPCxGmQYFu7M+CyGrxSWaFqe8FH6YGyh9SaCjZUSbayamCqjhxM+7cLZtSBXySMYkcUImj5tWzED3BUIX6vbhzXvAsvyBuyXH9iRrBq3hLUOL18dBOMOY98TghF9jqJQBoq3Ikctob3/ikfpws86/jLnoKvA5q3IGYJIiwZssj85kcXmbhOpi1x9SjCRqgXldDVqiSEBVcuU8WKqvDVhIoFJzpsDbWvjeGnlgXtU0mK55tJYvm9i0leaoaAEKesRd2MdG9yZ4yhDFcvzUaTlQULvBxoNgXGPOGPxIEr2euiDhBcdrx/zbC8tjok6eBwu4FvGqyrpm11xjQs</X509Certificate>    <ds:CanonicalizationMethod
                    </X509Data>
                </KeyInfo>
            </SubjectConfirmationData>
        </SubjectConfirmation>
    </Subject>
    <Conditions NotOnOrAfter="2020-11-13T12:22:50.027Z">
        <!--  Aftageren som må omveksle dette bootstraptoken (her SOSI-STS'en)   -->
        <AudienceRestriction>
            <Audience>https://sts.sosi.dk/</Audience>
        </AudienceRestriction>
    </Conditions>
    <AttributeStatement>
        <!--  Angivelse af profil og version (konstanten 'OIO-SAML-3.0')  -->
        <Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <AttributeValue>OIO-SAML-3.0</AttributeValue>
        </Attribute>
        <!--  Sikringsniveau udtrykt efter NSIS  -->
        <Attribute Name="https://data.gov.dk/concept/core/nsis/loa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <AttributeValue>Substantial</AttributeValue>
        </Attribute>
        <!--  borgerens CPR-nummer  -->
        <Attribute Name="https://data.gov.dk/model/core/eid/cprNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <AttributeValue>1802602810</AttributeValue>
        </Attribute>
    </AttributeStatement>
</Assertion>

...

            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            <ds:SignatureMethod
                                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
                            <ds:Reference URI="#_247b7481-a132-491b-aab9-187bdb90383c">
                                <ds:Transforms>
                                    <ds:Transform
                                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                                    <ds:Transform
                                        Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                                </ds:Transforms>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                                <ds:DigestValue>KeyC0zlzgeHD5vDYBaivdYgfKi/2cnhpW31VXUoV65k=</ds:DigestValue>
                            </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue>
                            Tr5Puq+s+4X1SHRTjK4od5/lQN2qhhz6TpSKxR4jbsZOtP/ngPdi2uR/i9XVjyWanBCgsd+FYsX9qeyHXw4fwlcOTTw6NWYxzTJhM+QNHhZcr9+nzgAy3uX3etqIiF6CTSQn52ZSFtVyKJzXzi3yNsaHR6HCJO4O2e8qSXyONsFlbsoVz/BBxze/uAKmwZG/5EsrWGJMQRjBd6Ik8vQ1WN/2yFPxGqAbsh7l0oEQqT8e/St/CuP4pLzvRMkRvQ9VuL9jaUAbtNDh2uFNWqy//l6t2EmRLB1yNdpFnThOkV66kx9F4yC9VPYcfkaB/dr+WbAGmMILuu+d14RvZPw5fe9eommtxRqT4ALH3JTKQDoXAkunXAEiAXtQEa+0IHip0Jwg6KzSZSNTxy+e1qh+aA57+QCZLzm7I5tkS1jUxT2AsaYP6iYnspRohTiiKM0AGfcXzW8dilriQX8W92fqEqCzpkZ0eNbnTCNvj9SP6+fq5BRraHKccb/VDRkVscmu</ds:SignatureValue>
                        <ds:KeyInfo>
                            <ds:X509Data>
                                <ds:X509Certificate>
                                    MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                            </ds:X509Data>
                        </ds:KeyInfo>
                    </ds:Signature>
                    <saml:Subject>
                        <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
                            dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID>
                        <saml:SubjectConfirmation
                            Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                            <saml:SubjectConfirmationData
                                xsi:type="saml:KeyInfoConfirmationDataType">
                                <ds:KeyInfo>
                                    <ds:X509Data>
                                        <ds:X509Certificate>
                                            MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                                    </ds:X509Data>
                                </ds:KeyInfo>
                            </saml:SubjectConfirmationData>
                        </saml:SubjectConfirmation>
                    </saml:Subject>
                    <saml:Conditions NotOnOrAfter="2024-02-23T11:20:35Z">
                        <saml:AudienceRestriction>
                            <saml:Audience>http://audience/clear</saml:Audience>
                        </saml:AudienceRestriction>
                    </saml:Conditions>
                    <saml:AttributeStatement>
                        <saml:Attribute Name="dk:gov:saml:attribute:SpecVer"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                            <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
                        </saml:Attribute>
                        <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                            <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
                        </saml:Attribute>
                        <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                            <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
                        </saml:Attribute>
                    </saml:AttributeStatement>
                </saml:Assertion>
            </wst14:ActAs>
            <wsp:AppliesTo>
                <wsa:EndpointReference>
                    <wsa:Address>http://audience/clear</wsa:Address>
                </wsa:EndpointReference>
            </wsp:AppliesTo>
            <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
                <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier">
                    <auth:Value>0501792275</auth:Value>
                </auth:ClaimType>
            </wst:Claims>
        </wst:RequestSecurityToken>
    </soapenv:Body>
</soapenv:Envelope>

Svar fra STS

Code Block
languagexml
title(Borgeromveksling) BST2IDWS Response fra STS
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:wsa="http://www.w3.org/2005/08/addressing"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <soapenv:Header>
        <wsse:Security mustUnderstand="1" wsu:Id="security">
            <wsu:Timestamp wsu:Id="ts">
                <wsu:Created>2024-02-23T09:20:36Z</wsu:Created>
            </wsu:Timestamp>
            <ds:Signature>
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <ds:Reference URI="#body">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>MX56m7Zlnfh3wUIqhO2cUcVYPZo=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#ts">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>/OQpEg3nog5DimJhhsBbCmCYrnU=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#messageID">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>Svg8kNvCmu7pVJgK+XnUIZmuwmo=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#relatesTo">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>6811BMZG6WN0RxCj46QkgkGQ04A=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#action">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>
                    DTKTeVwgSBy5JVzReLpWwTR3VHTdZ8OMoT81O6rE8e0gAfzbxWiDXXjOe//d1DJ/lcuMjgx3d0Q34Hjx133Jm/neFoD04fgYk2PIO8bj/k0C/LUXz/53kvyzDU7wWRCVwFgBdJl4FwIxqrnAAEG+ILvPiIPZd1buVLiKgv9KJi4eN4xLtU+korApF5o95xAVbTKyFQJVATRHAMHRna416FffBxYTEffIY4x9UxWBrYxMvdbZ03hLrCkRqTYGCWb2oxOAtnB4vKwP1Q9jwMir8GgGy4JHdyF4cTxHLK5u1xVuN16BO3PFM4lv2hQGW45WZqSqGGXfeGfulvYH5St2nxGlPCA419V0n8GtoYhkDZjo12fVDxwU5897UbP/ewvJ/7B7P4kMmIidtNxo3f+JiGqUzE9KwFh4ofNevauKwciObIWp0EkAxmQttqTSScqv8ovZEw2dii1Xz6NXsAHavtk8fIDCLrLdKQhDDK8Go6e36VmzHpMdGX3WuSgI3UGg</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>
                            MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
        <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
        <wsa:MessageID wsu:Id="messageID">urn:uuid:47fa9dab-7fbc-417a-ad0d-dd2c82dccf70</wsa:MessageID>
        <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:8f55fcc0-6939-4a08-a6f7-35dfe686573e</wsa:RelatesTo>
    </soapenv:Header>
    <soapenv:Body wsu:Id="body">
        <wst:RequestSecurityTokenResponseCollection>
            <wst:RequestSecurityTokenResponse
                Context="urn:uuid:edd62a55-4408-45ca-8dc5-b215d49c9797">
                <wst:TokenType>
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
                <wst:RequestedSecurityToken>
                    <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        ID="_f355a920-4da2-4d1c-8e17-f974accb1413"
                        IssueInstant="2024-02-23T09:20:36Z" Version="2.0"
                        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
                        <saml:Issuer>TESTSTS</saml:Issuer>
                        <ds:Signature Id="OCESSignature">
                            <ds:SignedInfo>
                                <ds:CanonicalizationMethod
                                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                                <ds:SignatureMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                                <ds:Reference URI="#_f355a920-4da2-4d1c-8e17-f974accb1413">
                                    <ds:Transforms>
                                        <ds:Transform
                                            Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                                        <ds:Transform
                                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                                    </ds:Transforms>
                                    <ds:DigestMethod
                                        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                                    <ds:DigestValue>PX0vREuRydy5Mod7TU8FWeEUyqg=</ds:DigestValue>
                                </ds:Reference>
                            </ds:SignedInfo>
                            <ds:SignatureValue>
                                bv8FCelnJYIBmqHMhIrOTlaklZfv7YWlxfOhb2Mo5v1m/89pZJYDRWOLD8XphD6oEZZEKUIxNWimSceaL3vhv1cHplvulxDPgMUQv40c7exFbF7QRcZRY+NOrohTi0DFrzaFNEkNAXh5pHS1JB56kquHWsXfK26+7QyM9wDeLxPZO4P0baWP7VNO2m06Ah4Ru3B/hqNYxv4DcAKPibpgRQFYyT952INHMai21l8BAwHL1gmFxjVxrSLSj+Qo2FDCHLB2ldkPAZy3Ar/+fDHHxlDrqJIfUQXonsQZ01GGHGlcTIdbPbFZoPQVNn+aTWYgTFdJFIsQyUFIMM5dr2UUI6J7tx11t+kI6DMi4akhLFv+rD+N23NQlZSHZqpPnbe0OCt7DOebDwtxDZatd9oshrS4jw4MM70iiT6as9UZTv/31tzwhVf6tCd+zGaUdFSZ/+HDfqC1rAVWMdXf0tTaIQ8p20HuzrxZ+xyR/tjF4m6yx+4yS9k6fZXbc6uXduAs</ds:SignatureValue>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>
                                        MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                        </ds:Signature>
                        <saml:Subject>
                            <saml:NameID
                                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
                                dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID>
                            <saml:SubjectConfirmation
                                Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                                <saml:SubjectConfirmationData NotOnOrAfter="2024-02-23T09:25:36Z"
                                    Recipient="http://audience/clear">
                                    <ds:KeyInfo>
                                        <ds:X509Data>
                                            <ds:X509Certificate>
                                                MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                                        </ds:X509Data>
                                    </ds:KeyInfo>
                                </saml:SubjectConfirmationData>
                            </saml:SubjectConfirmation>
                        </saml:Subject>
                        <saml:Conditions NotBefore="2024-02-23T09:15:36Z"
                            NotOnOrAfter="2024-02-23T09:25:36Z">
                            <saml:AudienceRestriction>
                                <saml:Audience>http://audience/clear</saml:Audience>
                            </saml:AudienceRestriction>
                        </saml:Conditions>
                        <saml:AttributeStatement>
                            <saml:Attribute Name="dk:gov:saml:attribute:SpecVer"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
                            </saml:Attribute>
                            <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
                            </saml:Attribute>
                            <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
                            </saml:Attribute>
                        </saml:AttributeStatement>
                    </saml:Assertion>
                </wst:RequestedSecurityToken>
                <wsp:AppliesTo>
                    <wsa:EndpointReference>
                        <wsa:Address>http://audience/clear</wsa:Address>
                    </wsa:EndpointReference>
                </wsp:AppliesTo>
                <wst:Lifetime>
                    <wsu:Created>2024-02-23T09:15:36Z</wsu:Created>
                    <wsu:Expires>2024-02-23T09:25:36Z</wsu:Expires>
                </wst:Lifetime>
            </wst:RequestSecurityTokenResponse>
        </wst:RequestSecurityTokenResponseCollection>
    </soapenv:Body>
</soapenv:Envelope>

OIO2BST_LEGACY - udstedes af NemLog-in IdP

Request

Code Block
languagexml
title(Borgeromveksling) BST2IDWS Request til STS
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:wsa="http://www.w3.org/2005/08/addressing"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
    xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <soapenv:Header>
        <wsse:Security mustUnderstand="1" wsu:Id="security">
            <wsu:Timestamp wsu:Id="ts">
                <wsu:Created>2024-02-22T13:19:27Z</wsu:Created>
            </wsu:Timestamp>
            <ds:Signature>
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <ds:Reference URI="#body">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>+PQJ+2kwDcJxXYE8iUenERzGeI4=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#ts">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>TThCBOCpnyZAloTBcWlyRTYupNM=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#messageID">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>N2ZemMQczU42xX24fGmGmyNxxog=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#action">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>
                    CdwfolKMiOq1bj3fCctMQCNVAIQRaU+oQ9kDrJ9eDkT4kNPI52gXwlaYc3YFYEAAvTIccTn3cxEJOTRtz7O3I4Q9vv1loFEf9rkiDoHqVotgggxTcDzXM2F8BfSBMv3Cn4cvIbCBgal9Deiwkk0PPpMZ2TkRrevPcSPlxcaZzgCMTYoIupC/OazGccUUEGQ86PWAzUXXL+Ae7FNeKhB8MNCE7kPy9pHrOWGoASlKoKhcX1lZgsMhBC4NZRhRFJD7aT781V44ozKlXoLpmvgb5JtKiBC/+dQ7UUhtgRL4QX/esdt3xRT+m0SMtU2Qkym/uP1KEon6IyGKarHNOWGanhaNYKuKtaspP6qotYqDZdLETw6ZbQwqgCewmyhHxhsEcGLS/k+PEJQAqFj/kLb8dZL+YqRAT90XJNmRcBD2AmoXFuXmKb8OFgz4EpbVhvcEiCIiYS9gf53jFae1ggVZl4zaKukizZcejYWPXEw7ZwM3i95rgVHcnjScDji9PYdk</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>
                            MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
        <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
        <wsa:MessageID wsu:Id="messageID">urn:uuid:1bb8ec36-9f6e-4414-aa38-f24e461d1444</wsa:MessageID>
    </soapenv:Header>
    <soapenv:Body wsu:Id="body">
        <wst:RequestSecurityToken Context="urn:uuid:bc4558fb-83dc-4a7d-ac91-b02f48cfa602">
            <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
            <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
            <wst14:ActAs>
                <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    ID="_025f66d8-0d7b-4e0b-8f53-21f2d475719b" IssueInstant="2024-02-22T13:19:27Z"
                    Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
                    <saml:Issuer>https://oio2bst-legacy-issuer.dk</saml:Issuer>
                    <ds:Signature Id="OCESSignature">
                        <ds:SignedInfo>
                            <ds:CanonicalizationMethod
                                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            <ds:SignatureMethod
                                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
                            <ds:Reference URI="#_025f66d8-0d7b-4e0b-8f53-21f2d475719b">
                                <ds:Transforms>
                                    <ds:Transform
                                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                                    <ds:Transform
                                        Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                                </ds:Transforms>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                                <ds:DigestValue>jpSuVLJ294+i3yyNtxCXCkpyux1/Y/7b3tfmtvxW6TY=</ds:DigestValue>
                            </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue>
                            jKSKaKZYtBbJwFYrhLHqkX6ao5OeCUZLojxc3zLcsFK6aCV5kVYU53plxkIcG3M5SzES3hhwgjiOu9M95IlHe2dNJvQzCRECzWSiPHnJL+X008ouTMwNfZlWfgVX6FlBeIIl1sfs8lcvDL/1fo+5YBT8uF0mJFnuLQwtSlEIkze51dsJ233qGQnXeSZvhKWdq+SJDztKWeM71f57DZ1cekxFFoKmaJ5R5ru5UCalylHzEYgfBqQZGeQj/L/XG4oP/B7evBFnylx6NAPkiQ47AavV9Kt4BMC3VRBMr8h6oof585QB1MoykR0Rr6yVRfWOQNGKoK0oe9RXk41AMe6JdifxZiR8TuNJDPu9Cqfq9sguO6oP9smKa9jhPyYdrgUkBJMD1p68r//wVW6jFiDSW+ufe1m77cYMe2MKraDDF95Fe9wc8lLWig2HBFnMCQ4d2OT4gV3mEwseIm0EClHzZ6OpOF4BzhZ6gs2fmBmEUa+p6Cbm6wNphHIC/PuTo2qe</ds:SignatureValue>
                        <ds:KeyInfo>
                            <ds:X509Data>
                                <ds:X509Certificate>
                                    MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                            </ds:X509Data>
                        </ds:KeyInfo>
                    </ds:Signature>
                    <saml:Subject>
                        <saml:NameID
                            Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Testorganisation
                            nr.
                            94354969,CN=null,Serial=UI:DK-P:G:23550132-5e1f-4e43-a5f9-048acf49e0b8</saml:NameID>
                        <saml:SubjectConfirmation
                            Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                            <saml:SubjectConfirmationData
                                xsi:type="saml:KeyInfoConfirmationDataType">
                                <ds:KeyInfo>
                                    <ds:X509Data>
                                        <ds:X509Certificate>
                                            MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                                    </ds:X509Data>
                                </ds:KeyInfo>
                            </saml:SubjectConfirmationData>
                        </saml:SubjectConfirmation>
                    </saml:Subject>
                    <saml:Conditions NotOnOrAfter="2024-02-22T15:19:20Z">
                        <saml:AudienceRestriction>
                            <saml:Audience>http://audience/clear</saml:Audience>
                        </saml:AudienceRestriction>
                    </saml:Conditions>
                    <saml:AuthnStatement AuthnInstant="2024-02-22T12:19:20Z"
                        SessionIndex="_025f66d8-0d7b-4e0b-8f53-21f2d475719b">
                        <saml:AuthnContext>
                            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
                        </saml:AuthnContext>
                    </saml:AuthnStatement>
                    <saml:AttributeStatement>
                        <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                            <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
                        </saml:Attribute>
                        <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                            <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
                        </saml:Attribute>
                    </saml:AttributeStatement>
                    <saml:AuthnStatement AuthnInstant="2024-02-22T12:19:20Z"
                        SessionIndex="_025f66d8-0d7b-4e0b-8f53-21f2d475719b">
                        <saml:AuthnContext>
                            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
                        </saml:AuthnContext>
                    </saml:AuthnStatement>
                </saml:Assertion>
            </wst14:ActAs>
            <wsp:AppliesTo>
                <wsa:EndpointReference>
                    <wsa:Address>http://audience/clear</wsa:Address>
                </wsa:EndpointReference>
            </wsp:AppliesTo>
            <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
                <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier">
                    <auth:Value>0501792275</auth:Value>
                </auth:ClaimType>
                <auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf">
                    <auth:Value>
                        urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:1111111118</auth:Value>
                </auth:ClaimType>
            </wst:Claims>
        </wst:RequestSecurityToken>
    </soapenv:Body>
</soapenv:Envelope>

Svar fra STS

Code Block
languagexml
title(Borgeromveksling) BST2IDWS Response fra STS
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:wsa="http://www.w3.org/2005/08/addressing"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <soapenv:Header>
        <wsse:Security mustUnderstand="1" wsu:Id="security">
            <wsu:Timestamp wsu:Id="ts">
                <wsu:Created>2024-02-22T13:21:38Z</wsu:Created>
            </wsu:Timestamp>
            <ds:Signature>
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <ds:Reference URI="#body">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>SwKjKMO/razhrzgzJF1iP19kWtk=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#ts">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>lfWkWps0ueOLKfaZ3WFPcizG5A4=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#messageID">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>W6GOH/kKoBhMPCKDQH4VcD5o9xg=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#relatesTo">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>RqZqQczJIzv0XwAX5KFxtHom2wE=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#action">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>
                    ptVHrau5WCAkxuxMOc0Grtw1ihtZ+v5gLVS/UZhuSZExSacRE+9ae/hDlxZ9KEKolitbKedGSqo4hrV8KltdKt9f8g2HB6Y2mBBjNOoqEjjV4gQUfj1R/ubc0lRgUNtRobtEl6WRg4K0lfHo0HJsq5mG/jcGPV5O1rPxblfunaZex2EgHzsEH2YX2Eb1icSz/Sviust7AnteHg7cUmNBDXmFM6EYDxF1e/xnC9IQeR9fcj9+Rgki0FYfkikW1625med9wRCiHPEafqKZmcw4CPcC+Ryt/GV6tz1YwyjQGwT9V45VCknpD1X3uADdzyMpQIJnojigeZI0I+C3vkH+SjWpwenklBENIoJA9EhhgRWsfAWzWmc69+FNvLEyVfFp5SDl1MfOiTw+zoGKSEAguDysEmcnvcLpvbsMEMDMqj2FvSVY+7ZngIkNWhOxVDAvjO8Zx1rMNIaNImipSa7wdYKqujGRtv7AsSjGMqGvfYkbxKgyjdetUu0+8TSBYCiK</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>
                            MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
        <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
        <wsa:MessageID wsu:Id="messageID">urn:uuid:c467ee8f-de82-4ca7-9afa-fdb1e70f203a</wsa:MessageID>
        <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:1bb8ec36-9f6e-4414-aa38-f24e461d1444</wsa:RelatesTo>
    </soapenv:Header>
    <soapenv:Body wsu:Id="body">
        <wst:RequestSecurityTokenResponseCollection>
            <wst:RequestSecurityTokenResponse
                Context="urn:uuid:bc4558fb-83dc-4a7d-ac91-b02f48cfa602">
                <wst:TokenType>
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
                <wst:RequestedSecurityToken>
                    <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        ID="_4205addb-4282-49a4-8d9c-90bf5e93566d"
                        IssueInstant="2024-02-22T13:21:38Z" Version="2.0"
                        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
                        <saml:Issuer>TESTSTS</saml:Issuer>
                        <ds:Signature Id="OCESSignature">
                            <ds:SignedInfo>
                                <ds:CanonicalizationMethod
                                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                                <ds:SignatureMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                                <ds:Reference URI="#_4205addb-4282-49a4-8d9c-90bf5e93566d">
                                    <ds:Transforms>
                                        <ds:Transform
                                            Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                                        <ds:Transform
                                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                                    </ds:Transforms>
                                    <ds:DigestMethod
                                        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                                    <ds:DigestValue>0Cz5s72TRBmk12a6pmVWJAgrnBI=</ds:DigestValue>
                                </ds:Reference>
                            </ds:SignedInfo>
                            <ds:SignatureValue>
                                HHzFb7ye7g0kUyc0OsLt4BoEXk+nr35yrgVhZi0YzW+viNasZkJtpRSjznhydJFsyaWiXNW9DpFHbdp1jZrmDwPHyHQEacqmdi5SggQ1o6g70QI3d33QyxQNxzl6CegaRPcGUsu1moGkkziNT2bsydHmQknGf1cOkrVtAuqBg0wUhcvVf+jI3gEyU3zFNOKW9IZXl1X8jotMSrdav4IpeylmS3qVWUqc1MKajBwZjFQrYVridkDxrBRd7wDpzzF5cZP80tkJY+3d2Uf3UimsjzEo2jJNx64UVa/PsT6lgwpA2vfm6ZIYPcCecadngEdORCjetelDQPIcJ9ZLAwWtqcmVXo7gndDUBtKcKieQzd32PD3Nu7PC1lq5ZwjqoX1vtWku88+iYARi539pOj6agboVCxIUJkcXWIE0fVkLq9yD43yXuN7EYHF/uI4WnK1olUJWr2pyUnihG5G9DDuUbsi2WFNPfrLRtV26f6IaEbZ6u4rjEvKhphA/mzPcqeS0</ds:SignatureValue>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>
                                        MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                        </ds:Signature>
                        <saml:Subject>
                            <saml:NameID
                                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
                                C=DK,O=Testorganisation
                                nr.
                                94354969,CN=null,Serial=UI:DK-P:G:23550132-5e1f-4e43-a5f9-048acf49e0b8</saml:NameID>
                            <saml:SubjectConfirmation
                                Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                                <saml:SubjectConfirmationData NotOnOrAfter="2024-02-22T13:26:38Z"
                                    Recipient="http://audience/clear">
                                    <ds:KeyInfo>
                                        <ds:X509Data>
                                            <ds:X509Certificate>
                                                MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
                                        </ds:X509Data>
                                    </ds:KeyInfo>
                                </saml:SubjectConfirmationData>
                            </saml:SubjectConfirmation>
                        </saml:Subject>
                        <saml:Conditions NotBefore="2024-02-22T13:16:38Z"
                            NotOnOrAfter="2024-02-22T13:26:38Z">
                            <saml:AudienceRestriction>
                                <saml:Audience>http://audience/clear</saml:Audience>
                            </saml:AudienceRestriction>
                        </saml:Conditions>
                        <saml:AttributeStatement>
                            <saml:Attribute Name="dk:gov:saml:attribute:SpecVer"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
                            </saml:Attribute>
                            <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
                            </saml:Attribute>
                            <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
                            </saml:Attribute>
                            <saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediate"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                <saml:AttributeValue xsi:type="xs:string">
                                    PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2l0c3QuZGsvb2lvc2FtbC9iYXNpY19wcml2aWxlZ2VfcHJvZmlsZSI+PGJwcDpQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOmRrOmhlYWx0aGNhcmU6c2FtbDphY3RUaHJvdWdoUHJvY3VyYXRpb25CeTpjcHJOdW1iZXJJZGVudGlmaWVyOjExMTExMTExMTgiPjxicHA6UHJpdmlsZWdlPnVybjpkazpuc3BvcDpzdHM6Zm1rOnJlYWQ8L2JwcDpQcml2aWxlZ2U+PC9icHA6UHJpdmlsZWdlR3JvdXA+PC9icHA6UHJpdmlsZWdlTGlzdD4=</saml:AttributeValue>
                            </saml:Attribute>
                        </saml:AttributeStatement>
                    </saml:Assertion>
                </wst:RequestedSecurityToken>
                <wsp:AppliesTo>
                    <wsa:EndpointReference>
                        <wsa:Address>http://audience/clear</wsa:Address>
                    </wsa:EndpointReference>
                </wsp:AppliesTo>
                <wst:Lifetime>
                    <wsu:Created>2024-02-22T13:16:38Z</wsu:Created>
                    <wsu:Expires>2024-02-22T13:26:38Z</wsu:Expires>
                </wst:Lifetime>
            </wst:RequestSecurityTokenResponse>
        </wst:RequestSecurityTokenResponseCollection>
    </soapenv:Body>
</soapenv:Envelope>

Overordnet for ovenstående typer

Bemærk returværdien fra STS, der indeholder attributten 'dk:gov:saml:attribute:Privileges_intermediate' (Vist i ovenstående eksempel fra OIO2BST_LEGACY STS-svaret):

Code Block
languagexml
titledk:gov:saml:attribute:Privileges_intermediate
collapsetrue
<saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediate"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <saml:AttributeValue xsi:type="xs:string">
     PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2RpZ3N0LmRrL29pb3NhbWwvYmFzaWNfcHJpdmlsZWdlX3Byb2ZpbGUiPjxQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOnByZWZpeDoxMjM0NTY3ODkwIj48UHJpdmlsZWdlPnVybjpkazpzdW5kaGVkc2RhdGFzdHlyZWxzZW46aWRzYXM6cmVhZDp1bmJsdXJyZWQ8L1ByaXZpbGVnZT48L1ByaXZpbGVnZUdyb3VwPjwvYnBwOlByaXZpbGVnZUxpc3Q+
    </saml:AttributeValue>
</saml:Attribute>

Værdien er base64 encoded, og kan indeholde forskellige værdier. Disse er beskrevet nedenunder. Eksemplerne viser værdien efter en base64 decode.

 Fuldmagt

Bemærk at strukturen både indeholder det CPR nummer, som borgeren ønsker at arbejde på vegne af, samt listen af de privilegier der rent faktisk er tildelt fra denne borger, til den kaldende borger:

Code Block
languagexml
titleDecoded dk:gov:saml:attribute:Privileges_intermediate value
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile">
  <bpp:PrivilegeGroup Scope="urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040">
    <bpp:Privilege>urn:dk:nspop:sts:fmk:read</bpp:Privilege>
    <bpp:Privilege>urn:dk:nspop:sts:fmk:write</bpp:Privilege>
  </bpp:PrivilegeGroup>
</bpp:PrivilegeList>

 Subject Relations

Man kan også vedlægge en claim om værgemål eller forældremyndighed ift. en anden borger. Dette gøres under "dk:healthcare:saml:attribute:OnBehalfOf", og der er de to muligheder der ses herunder. Bemærk dog, at man kun kan claime "WardCustody" hvis man specifikt er blevet whitelisted til det som anvender.

Code Block
languagexml
titleEksempel på claim af værgemål
linenumberstrue
collapsetrue
<auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf">  
    <auth:Value>
      urn:dk:healthcare:saml:actThrough:WardCustody:cprNumberIdentifier:1111111118
    </auth:Value>
</auth:ClaimType>
Code Block
languagexml
titleEksempel på claim af forældremyndighed
linenumberstrue
collapsetrue
<auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf">  
    <auth:Value>
       urn:dk:healthcare:saml:actThrough:ParentalCustody:cprNumberIdentifier:1111111118
    </auth:Value>
</auth:ClaimType>

I billetten vil subject relations være kodet i stil med følgende, dog i praksis base64-encoded som nævnt ovenfor.

Eksempel for "Fuld værge". Her behøves attributten "relatedPersonAge" ikke være angivet:

Code Block
titleEksempel på subject relations i billetten (Fuld værge)
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>

<srp:SubjectRelations
    xmlns:srp="urn:dk:healthcare:saml:subject_relations_profile:1.1">
    <srp:VerifiedRelation
        relationType="wardCustodyHolder"
        relatedPersonID="0101111234"
        relatedPersonIDType="URN:OID:1.2.208.176.1.2"
    />

</srp:SubjectRelations>

Hvis det drejer sig om "Forældremyndighed", så skal attributten "relatedPersonAge" være angivet:

Code Block
languagexml
titleEksempel på subject relations i billetten (Forældremyndighed)
linenumberstrue
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<srp:SubjectRelations
    xmlns:srp="urn:dk:healthcare:saml:subject_relations_profile:1.1">
    <srp:VerifiedRelation
        relationType="parentalCustodyHolder"
        relatedPersonID="0101111234"
        relatedPersonIDType="URN:OID:1.2.208.176.1.2"
        relatedPersonAge= ”10”
    />
</srp:SubjectRelations>

 Sløring

STS vil gennem IDSAS slå op om sløring er ønsket. Sløring vil optræde som specificeret i OIOITP Blurring Instructions Profile 1.1 i billetten.

Returværdien fra STS indeholder sløringer hvis xml'en indeholder attributten "urn:dk:healthcare:saml:attribute:BlurringInstructions":

Code Block
titleEksempel på sløring i STS retursvar
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<saml:Attribute
	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	Name="urn:dk:healthcare:saml:attribute:BlurringInstructions"
	NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
	<saml:AttributeValue xsi:type="xs:string">
		<!-- Slørings-oplysninger i Base64 encodet form. -->
		PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxiaXA6Qmx1cnJpbmdJbnN0cnVj
		dGlvbnMgeG1sbnM6YmlwPSJ1cm46ZGs6aG-
		VhbHRoY2FyZTpzYW1sOmJsdXJyaW5nX2luc3RydWN0aW9uX3Byb2ZpbGU6MS4wIiBjdXItcmVudFNhbH
		Q9IjVrWlpMTlFNTkl-
		rejFZN3RDRGozR1E9PSI+DQoJPGJpcDpCbHVyRW1wbG95ZWVOYW1lc0Zyb21Pcmcgb3JnVHlwZT0iQ1Z
		SIiByZWFzb249ImZyb21fcmVsYXRlZF9wZXJzb24iPg0KCQkyOTE5MDkyNQ0KCTwvYml-
		wOkJsdXJFbXBsb3llZU5hbWVzRnJvbU9yZz4NCjwvYmlwOkJsdXJyaW5nSW5zdHJ1Y3Rpb25zPg== </saml:AttributeValue>
</saml:Attribute>

Værdien er base64 encoded, og kan indeholde forskellige værdier. Disse er beskrevet nedenunder. Eksemplerne viser værdien efter en base64 decode.

 Brugerspecifik sløring fra to CVR numre

Eksempel på en borgerspecifik sløring fra både Region Midtjylland (CVR:29190925) og Region Nordjylland (CVR:29190941).

Code Block
titleEksempel på borger specifik sløring fra to CVR numre
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
	xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
	currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">

	<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="specific_for_person">
		29190925
    </bip:BlurEmployeeNamesFromOrg>
	
    <bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="specific_for_person">
		29190941
    </bip:BlurEmployeeNamesFromOrg>
</bip:BlurringInstructions>

Ingen sløringer

Bemærk: <bip:BlurringInstructions> med currentSalt skal altid indlejres, uanset om der er sløringer ej.

Code Block
titleEksempel på ingen sløringer
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==" />

Sløringer fra en relateret person  

Hvis borgeren skal se oplysninger om en relateret person (f.eks. en fuldmagtsgiver), skal der også sløres for borgeren, når der er sløret for fuldmagtsgiveren.

Code Block
titleEksempel på sløringer fra en relateret person
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">

   <bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="from_related_person">
   29190925
   </bip:BlurEmployeeNamesFromOrg>

</bip:BlurringInstructions>

Sløringer både personlige og for en relateret person

I sjældne tilfælde kan der både være sløret for ’subject’ og den som ’subject’ ønsker at slå op på:

Code Block
titleEksempel på personlige sløringer og fra en relateret person
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
	xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
	currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">

	<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="specific_for_person">
		29190925
    </bip:BlurEmployeeNamesFromOrg>

	<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="from_related_person">
		29190941
    </bip:BlurEmployeeNamesFromOrg>

</bip:BlurringInstructions>

Simpel afdelingssløring

Afdelingssløringer vil i mange tilfælde optræde uden tilhørende borgerspecifikke sløringer:

Code Block
titleEksempel på simpel afdelingssløring
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
	xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
	currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">

	<bip:BlurEmployeeNamesFromOrg orgType="SOR" reason="specific_department">
		<!-- Retspsykiatrien Glostrup, SOR kode --> 
        536331000016003 
    </bip:BlurEmployeeNamesFromOrg>

	<bip:BlurEmployeeNamesFromOrg orgType="SHAK" reason="specific_department">
		<!-- Retspsykiatrien Glostrup, SHAK kode --> 
        1500P1V 
    </bip:BlurEmployeeNamesFromOrg>

</bip:BlurringInstructions>

Kombination af specifikke sløringer og afdelingssløringer

Afdelingssløringer kombineret med borgerspecifikke sløringer:

Code Block
titleEksempel på specifikke sløringer og afdelingssløringer
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
	xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
	currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">

	<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="specific_for_person">
		<!-- Slør for alle medarbejdere i Reg. Midt, CVR kode --> 
        29190925 
    </bip:BlurEmployeeNamesFromOrg>
	
    <bip:BlurEmployeeNamesFromOrg orgType="SOR" reason="specific_department">
		<!-- Retspsykiatrien Glostrup, SOR kode --> 
        536331000016003 
    </bip:BlurEmployeeNamesFromOrg>
	
    <bip:BlurEmployeeNamesFromOrg orgType="SHAK" reason="specific_department">
		<!-- Retspsykiatrien Glostrup, SHAK kode --> 
        1500P1V 
    </bip:BlurEmployeeNamesFromOrg>
</bip:BlurringInstructions>