Page History
...
| Medarbejderomveksling | |
|---|---|
| /sts/services/Sosi2OIOSaml | Omveksler SOSI Idkort til OIO Saml sikkerhedsbillet rettet mod et specifikt audience, f.eks. sundhed.dk.Bemærk, at det SOSI Idkort, der veksles, skal være udstedt af |
| /sts/services/NewSecurityTokenService/sts/services/OIOSaml2Sosi | Omveksler OIO Saml sikkerhedsbillet til SOSI Idkort. Bemærk, at den OIO Saml sikkerhedsbillet, der veksles, skal være signeret af troværdig tredjepart tredjepart (NemLogin). Tokenprofilen for denne snitflade er OIOSAML 2.0. |
| /sts/services/BST2SOSI | Omveksler OIO Saml bootstrap-token til SOSI til SOSI Idkort. Typen af bootstrap-token kan enten være OIO3, OIOH3 eller OIOH2. Bemærk, at bootstrap token skal være signeret af troværdig tredjepart: Lokal IdP, SEB eller IdP Bemærk, at en NSIS godkendt lokal IdP udsteder bootstrap-tokens af typen OIOH3, SEB IdP udsteder bootstrap-tokens af typen OIOH2 og NemLog-in STS (kommer til at) udstede bootstrap-tokens af typen OIO3 |
Fælles for alle snitflader er, at STS validerer signaturen sikkerhedsbilletten, der er en del af forespørgslen.
...
- Medarbejderens CPR-nummer skal enten være angivet i forespørgslen som et claim eller kunne bestemmes ud fra OIOSAML tokenet.
- Hvis CPR nummeret er claimet i requestet, så vil STS validere dette enten udfra RID i certifikatet vha OCES RID-CPR valideringsservicen eller udfra medarbejder uuid vha UUID2CPR servicen.
- Hvis CPR nummeret er claimet i requestet, så vil STS validere dette enten udfra RID i certifikatet vha OCES RID-CPR valideringsservicen eller udfra medarbejder uuid vha UUID2CPR servicen.
- Hvis der ønskes en specifik autorisation eller national rolle skal disse være claimet i forespørgslen:
- Autorisationsnummeret
- skal enten være claimet i forespørgslen eller kunne bestemmes entydigt (ud fra CPR-nummer og autorisationsregister/SEB-register/indlejret role liste).
- It-system-navn skal være claimet i forespørgslen da dette ikke indgår i et OIO SAML (NemLogin eller bootstrap) token.
- Uddannelseskoden kan angives ifm OIOSaml2Sosi billetomveksling men ikke ved brug af BST2SOSI, her udelades den af Autorisationsnummeret
- National rolle skal være angivet i requested, og kan verificeres af flere autoriteter. Se nedstående figur for hvordan verifikation udføres på et overordnet niveau.
- Det er ikke tilladt at claime både et Autorisationsnummer og en National rolle i samme omveksling.
- Uddannelseskoden kan angives ifm OIOSaml2Sosi billetomveksling men ikke ved brug af BST2SOSI, her udelades den af Autorisationsnummeret
- It-system-navn skal være claimet i forespørgslen da dette ikke indgår i et OIO SAML (NemLogin eller bootstrap) token.
- Herudover kan man vælge at medsende brugerens fornavn/efternavn i claims, idet fornavnet ikke kan bestemmes ud fra en OIO SAML sikkerhedsbillet.
...
Claims i forhold til autorisationsnummer og uddannelseskode samt national rolle håndteres vha algoritmen vist nedenfor:
| Gliffy Diagram | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Service Endpoints
Afhængig af miljø udstilles tjenesten på:
...
Veksling fra OIO SAML sikkerhedsbillet til SOSI Idkort
Bruger OIOSAML 2.0 token profil.
Selve requestet til STS ser således ud:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2020-12-04T13:34:53Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>CmI9nsLcR3tIH331Qpwnh5Q0tZA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ulJY+wzEYEvxHWhqK3/whW6Mnmw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>HcrDir5O5S/LidhZ/US8rAqyuhI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>CGpgSPnpOqWRqj4GhbMhchvcCXJO/Qox8DucwfIjoPmktENPUUOT1KL9vy9qDr/XeogUmRDFbUCSfGZGHuoAjkDzo3P7A1aoeZ5TG8+t4oTQgej0O0+ww+/djg81cAuHeCueTVPRgL0xyiVBNUR7uR15OWY7DzXYd3LvvKNyA3zyS4jLJA8y4Dkahb6JU1CWmOT7r79qhH8q7tbScv+dSJQdPHjbH1XW9ilD/fZiqNZBHA0Zcu+H5OPpvtgKKO52+ZNDuIJ8h9nm2IPglTSK1jyg6J9xQ5i3Iko7rVUOTQe6r3PfnPh/GIdcN8d4ZMjUo7JXmZCaKtKa2yuaRPqRIA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGJjCCBQ6gAwIBAgIEW607GjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MTIxNjE0MzE1NFoXDTIyMTIxNjE0MzEwN1owgZAxCzAJBgNVBAYTAkRLMScwJQYDVQQKDB5ORVRTIERBTklEIEEvUyAvLyBDVlI6MzA4MDg0NjAxWDAgBgNVBAUTGUNWUjozMDgwODQ2MC1GSUQ6OTQ3MzEzMTUwNAYDVQQDDC1UVSBHRU5FUkVMIEZPQ0VTIGd5bGRpZyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1oIiZqfo6pai5XoKDBlrtsckoUrj2AxK9neEWWjB6HtzXeVou/AnA5R5xZL+3BpCoZHkoI9ncsh+dTNSeFgNkWkZXRIYK9RYAsxvpr3vTlvDtwfGxY9KLQJJrU/8N0EQbdfNncz6cDNBpoYQRv573nOZdwQKp3sAo+ONDw69ttghOlQekOpbeMwAjTwBRSEWPmqAbsCH+H5niU6TlUfWWJ3WXLeQD4m7AOFEWpYDtTl2ZpN/sEoaAEvnwMZpT6aqbegipIB++llsR8Hc8pd/JnChfwOQrx1gBPn7oSfGLYQS4R1ZPlsredAkWiWGvWnxtJ46AUVNZEzydcIaHkyCvAgMBAAGjggLNMIICyTAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjItY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrQYDVR0fBIGlMIGiMD2gO6A5hjdodHRwOi8vY3JsLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QyMjEuY3JsMGGgX6BdpFswWTELMAkGA1UEBhMCREsxEjAQBgNVBAoMCVRSVVNUMjQwODElMCMGA1UEAwwcVFJVU1QyNDA4IFN5c3RlbXRlc3QgWFhJSSBDQTEPMA0GA1UEAwwGQ1JMMjE0MB8GA1UdIwQYMBaAFKuoAUQZsLNDmdr6fMzSABgD5zy/MB0GA1UdDgQWBBQBeqJr/Y3aBTNh08u88qjEhB6GETAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB7XyjSExCey9MOZxwR7RYjAfbOz/hLVNe1/Maw7Q7tLDVFwjmyZMbpxEAGlTFlo8y8yW5Dc6QQQejQ8+OCtbsJ2MmZfRf4HvezKIVwhZO2wUBbtUroiiatGiKE75GELjDkCI5iEo+aQFxzZ+saKWB6iyQkk9LqQs4+ut4HwUj2a3pXyXc7NfY+ivOxYYYOoPqvrhqEWTdjJv6A2mF6cdWKlZKBnvr8ndkVGQpHDHIUq9BcwGw6iVhaJcAoSl+i4kAjg3gNyWcr0UonyjwkQmaFMQJTkO95lDtn6XOLgXTwKS5X65cLhBDZqXPyNMaR+jGkQ6Ert5jceanwXzaKkLT5</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:20d3cb77-a509-41bc-be6f-214f4453d2a8</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:2f0ca258-1916-4c20-876f-5331a349e2fc">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_84b6b907-4ae8-43d4-a922-28d04fa0d6c2" IssueInstant="2020-12-04T13:34:53Z" Version="2.0">
<saml:Issuer>STS tester/issuer</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_84b6b907-4ae8-43d4-a922-28d04fa0d6c2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ufSXPtPiVJWLlt9ENfAfYOsMENo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>cH8TvxJusVbIFoFMzHYzrzYeaGKVUDf57qpUo8agEmRipV5AmRX3UdP1N5cKP6Isl8TJAZ3txePEedpBkdVopjBo2cx8ZVJTXgO2sD6uxbdhGKmVEGPR0f69k8vNOz9sXubNWIN+Xxh2GOHpGp91AV0Nsq9wqxCQURo9lNcdsc20QwC9zPbxCoSw+WV92hV10z72PvSX5OS0SeM+kBl83DTtBEJWOhlUFv9060pUXh17pt3QCK2LoMCb/2Ly40ab4DtbzLURf6aHSUfVNsIiV0DNp4IXrXPS5GOFs+j5gnEeRU80j2iC+tijm2wU4iUZ7GANVddVCfGnFFOYkHKL4g==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGNjCCBR6gAwIBAgIEWRzGcDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE4MDgyODE0MDc0NVoXDTIxMDgyODE0MDY0MVowgaExCzAJBgNVBAYTAkRLMS8wLQYDVQQKDCZTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC8vIENWUjo0NjgzNzQyODFhMCAGA1UEBRMZQ1ZSOjQ2ODM3NDI4LUZJRDo5MjQyMTMyNTA9BgNVBAMMNkZ1bmt0aW9uc3NpZ25hdHVyIHRpbCB0ZXN0bWlsasO4IChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJb1udNsBCGOyfmRu5yiVWLvuLEPV7vMBiyG/LD67zWHBSODuRoQBNBvrGE5iyXHskqQ8PEzK+N+MWyhp7XKXjU76HGQzSgsXS1nmbDa0QjlomYWyUVgoNiOFRtmSO2GT+CCGD0UvcuzPkxCPCpFGbmOcCaspkH/0wsWIzOGWAFtLdp63dFwgrtkNPr8TK7JxihfGl98n/A/Ibpw19h0sg3cnxTrbeW2whTg2iuP0QgmkggzR/kD7MH5oe98V5rgFD3gvdspfAW9tWgsG9DFxOzPhU6RVPKpUKrHnlQEKaVrDlDLExUx424HSHRESS9/42q7jy1Mi7oL4aMuTG8MoC8CAwEAAaOCAswwggLIMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QyMi1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAIwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjIuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjIuMIGsBgNVHR8EgaQwgaEwPaA7oDmGN2h0dHA6Ly9jcmwuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyMS5jcmwwYKBeoFykWjBYMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMQ4wDAYDVQQDDAVDUkw3NjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUw8wwIBeDjIYO/cn7TpNmW8hXaVAwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAXTQ5jb2Bk+nzr81zocF/HS3gPGSmF85dfBjoPpohjT8+gN2BgOpKxCd5RAbuCLnRHuJNcrJ1Km3Fi9hXkIVMki80MoJwmtTR2lRUxk+hiv6Q6+MvK7Dr2JzzHn/ktqd76Ej7+PpJn62GTZY+X+jNUzRoPPoO3ycKZFTrpUzH7s3LidFvhuBNculEXXI3yX9a+KrFRcOZ+F31Q1yQ/g5gPhdI6bIyzIK2RrjNhpjx1jAqv8ufvPPJeShkzZ0OZOxG3fr4MGdP84/8HSRhgaZE5AK5nVq9vP9dM+awU8gw5M1pTioAjGHkd0zWlv/XO76fN3tpn02ttgDPVzgTHTmF2w==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=NETS DANID A/S // CVR:30808460,CN=TU GENEREL MOCES M CPR gyldig,Serial=CVR:30808460-RID:42634739</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2020-12-04T14:34:53Z" Recipient="STS tester/recipientUrl"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-04T12:34:53Z" NotOnOrAfter="2020-12-04T14:34:53Z">
<saml:AudienceRestriction>
<saml:Audience>STS tester/audience</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2020-12-04T12:34:53Z" SessionIndex="_84b6b907-4ae8-43d4-a922-28d04fa0d6c2">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute FriendlyName="surName" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Testesen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="CommonName" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Test Testesen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="email" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">test.testesen@nsi.dk</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CvrNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">30808460</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="organizationName" Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Statens Serum Institut</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">1802602810</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:2.5.29.29" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">C=DK,O=TRUST2408,CN=TRUST2408 Systemtest XXII CA</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="Uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">CVR:30808460-RID:42634739</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:RidNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">42634739</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="serialNumber" Name="urn:oid:2.5.4.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">5bad375e</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:IsYouthCert" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">false</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">MIIGFjCCBP6gAwIBAgIEW603XjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MTIxMzEzMTcwNVoXDTIyMTIxMzEzMTY1MlowgYAxCzAJBgNVBAYTAkRLMScwJQYDVQQKDB5ORVRTIERBTklEIEEvUyAvLyBDVlI6MzA4MDg0NjAxSDAgBgNVBAUTGUNWUjozMDgwODQ2MC1SSUQ6NDI2MzQ3MzkwJAYDVQQDDB1UVSBHRU5FUkVMIE1PQ0VTIE0gQ1BSIGd5bGRpZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7yIdJgvaiDNjpeJ9JXqj3dM52hfsgMTVQnpWTStD1IkP4rCgKg+yWFS6XBYiXEXO8soJzAhA79caT96aTWY5nEZ+KgX5Iw63U2fFM/X3i3fk0WSWykrrOBsnFI1yp1E7kQiISP5qG4bdY8kNJkLkkJqH+Gd8/EHKg8Kxd0Hj7XO05hUr+EJx691cLgq6CaCUM4YSAEKmdPFbLStchZaGvp74s9UsY9HnFAJ05qYg8UvJfk274PCqKHfV0EcmWMW4AECLnSAiv07AbQfhABkp3kBEfgBrcQmy5Dn7mJ6QZ8H6Vad+gRlR7pBCeHreFj3rsojNrWoY6SJ8tNpztXrwsCAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwID+DCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL20uYWlhLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QyMi1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAgYwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjYuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjYuMIGtBgNVHR8EgaUwgaIwPaA7oDmGN2h0dHA6Ly9jcmwuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyMS5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMQ8wDQYDVQQDDAZDUkwyMTMwHwYDVR0jBBgwFoAUq6gBRBmws0OZ2vp8zNIAGAPnPL8wHQYDVR0OBBYEFKh4eb6AK8qIeIA2ZGrwcwV2d77mMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAEDup4Q2JuK5gmfpZ0jBhkzj4HSqLYhxTedDjewu7+c7QSDdFo599CngwjXgF6CHcz0MmizGyHe08quWsNcPo3BtKC54thE8gytOGdugvvwUv6EWRxfGl6YJieht6K9Qod8j/s6T+YfR+i7H3G+kxcocgVa5nImbv3Th1WsGSd1tt/OijOpdLjMWkhk8w8qFby9ubCV+YK+8sszrz471upjSZyJbsh4Gk50h2tbyfmTHqUBFtguYrioI4k/dVSukbt68jk+sZVLqH4p7Ilp6hA5R+MBMYftCyGrIbJU4LaqEn/DEulBX86sUgQmeVCljW1TnzSO9uKQgnBZSlZLT6XE=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_f6d5e2dc-fabf-434d-b743-a708282844ff" IssueInstant="2020-12-04T13:34:53Z" Version="2.0">
<saml:Issuer>STS tester</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=NETS DANID A/S // CVR:30808460,CN=TU GENEREL MOCES M CPR gyldig,Serial=CVR:30808460-RID:42634739</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
</saml:Subject>
<saml:AttributeStatement>
<saml:Attribute Name="dk:healthcare:saml:attribute:UserEducationCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:healthcare:saml:attribute:UserSurName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Testesen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:healthcare:saml:attribute:ITSystemName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">STS tester</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:healthcare:saml:attribute:UserGivenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Test</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://sosi.dk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2020-12-04T13:35:02Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>C3ZxAnTYjBI6hkrznqHapBCfxtc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>aOnXKnwxBhHRCvFEqklkJqX1sYE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>HWaea2VIk5szeWMz5pDbxRQ+xGg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>E3jEzjOKeemlNmEX7GE2G1ASzUs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>EFCMxLkjikWyOMV8Opf+UgcX2FTTpGTpCHELo307dpqJGq7rFbvLrqf9yPFzZ0R29E2+BJhKUMPFtZ8YmlOaWICkZXEagou5OcN6uR5mLf99nihWkNYmwHRo5mVzDOzwacU7n/5x6+qD9iZI8VXpGtH8+ilmENjO+jKwux/SQUWqib5jGCLi91WvwJNhjJ1fQ4VUp6E5Dw6QtfzLZnlr0djXdgzHJIAQmWcaLtUBzDhUZnChrMTYwufFVQaflzJSIEp0vXP+FYvwyAj5VZI8TlHIZiFCeHAjWnGfsJsKLrYAcqMnK1l+C34LYyqJtuqAWTvhlG08I63l9Js8ANv8uQ==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:8b3fc250-7384-44b6-828f-af16734867ed</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:20d3cb77-a509-41bc-be6f-214f4453d2a8</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:2f0ca258-1916-4c20-876f-5331a349e2fc">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2020-12-04T13:29:59Z" Version="2.0" id="IDCard">
<saml:Issuer>TESTSTS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:cprnumber">1802602810</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-04T13:29:59Z" NotOnOrAfter="2020-12-05T13:29:59Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>sDWguk1pErZyKWMNZiZXTw==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:OCESCertHash">
<saml:AttributeValue>kiE6PLwGDGs4sn01w3m0kvHmG4A=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>1802602810</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Testesen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserEmailAddress">
<saml:AttributeValue>test.testesen@nsi.dk</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>ZXCVB</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>STS tester</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>30808460</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Statens Serum Institut</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>nmnINoROyYfXXQev43SXwa6MOso=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>AEd0FyGPJl4hR7q36JVlWqfjSlNWMbpU0iKwokswdlgsncdhbpQGFetp1HH3MsFpRVg1NREADKcAgWIyud5Fwr7w2/gXhF0J8E+AdagXc88CFbeSIQ3nt5ML8icKTmvv015RCsASOgXDllNV2wCQqxwgLuO/VUQ2cvUi7vipXYXk/JIuw0A235uFdvdymyoymlGmdufmbi7veQyzI1HdYm33eIcIrMzjFGURMo1MiUZjG1aiNmn8SkTWBZRs4gjiSD3tIDXq+99UNoXHc3fGPxbvf2Hc/6R3nucrWHTTkV8t5CTd5bTgynEi/foiiD0Cu0ZT7RRF2gsmtx6aUMgEhg==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://sosi.dk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2020-12-04T13:29:59Z</wsu:Created>
<wsu:Expires>2020-12-05T13:29:59Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
<wst:RequestedAttachedReference>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#IDCard"/>
</wsse:SecurityTokenReference>
</wst:RequestedAttachedReference>
<wst:RequestedUnattachedReference>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#IDCard"/>
</wsse:SecurityTokenReference>
</wst:RequestedUnattachedReference>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
Veksling fra OIO Saml bootstrap token til SOSI Idkort
OIOH3 - med forklarende kommentarer
Request med bootstrap token (ikke krypteret):. I requested er der forklarende kommentarer, som bl.a. dækker autorisation, som f.eks. national rolle. Det vil typisk være en NSIS godkendt lokal IdP som udsteder bootstrap tokens af typen OIOH3.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:bfe03422-990c-49ec-9a31-07eeb82ffed3</wsa:MessageID> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2020Created>2022-1104-12T0825T13:0907:53Z<29Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#messageID#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>3/bX3JnTKLfa2WHUcLHFaHbq0/kDigestValue>lGvzBVzl7WzsufSyZd2p4Uzmv0g=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7QDigestValue>5Y0245bPPKhpaA0t6eNN82eTfa4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>CF/Pjtr//fCqWISF0PS7DeEjBgI<ds:DigestValue>lcyJytnBavbAuifHyg2R0FmCNQ8=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#body#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </</ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>u2b1ztME9hJij5RJneSCwqahRM4DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ifG94tpzr7UEdMJR+QA/Nsdj0mb2rAaoyT0TJsrEYnfvVar587GWz9Dcg80gxWc8KRyGuSgSQxIN7pdEkHEKPh52U9Ffm+JY6BEmcb0xwblxius5nW8szPdHIqEGJNIoSZm9Ij4vgIDAMsWA7aA4McvrhWGvkNXZchHcaeuM1KEfUR4/OrMJWEThQxXceN1pzuiRA+FinfNzE5Vyz0rkr3seVw4TSSMugqrJJ1QAsmkNZv2uG9PpSRgONzznWu9D9Q6OEMhMGQuk2MdHNXoImsxhAGQQ0S/6bWMXM9i7PG25IuN7/YaKBJVEsn68OJBfGuxzuK5l7RiixyWPq+I0QQ==<<ds:SignatureValue>tFrQgmojFSw5x0FYM4f9F1/WXrrF/BhY+jXYif7/mfJ5V4Xk2cSC/+Rw7/jA9O3SnPxgZCdq/abqft3ohMC9FiTEKgMMJYbtsjVkvJ5mb+lYIkCi44wF90S/JIJIxuVJK6kJ7GxoRvnTsUkoHxl/6nvWekZrd4LOoQ9gkCU0SsLBWS8NgrtroEVHWO+KVjI+4Q19/YsgPQPMPEAMg1m2brEvm0X+bHQiLROpMeeSlMouIKxaSHiprgzN8iooXfDv6i+CJnXNFvHlXBOWbGz6xPPHzPZekpl3EBjnKdkCozxbY5KcFWQlsLBDJr1/TXFDMCPfY3TSFSmbC70dB9a4mTeaGLB7kdQeZ5mLI31gttjct97BKs3UXxXH84iZvUNHQjyb+HlB/r6uloX8HtpyO7FM9esmoKdnDUksbpamPVmkJa/opK7vNz45V14WMRQphE9IVzQ9ANm753Zc7zC7l++mte8v9IKCx4pN9hP1XSTQkd9pKb0P72e44tGF4zlV</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <!-- Certifikat som har signeret beskeden (body og relevante headere)- skal matche Holder-of-Key certifikatet i bootstraptokenet --> <ds:X509Certificate>MIIGRTCCBS2gAwIBAgIEUw8DszANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTQwNTA1MTMzNTU4WhcNMTcwNTA1MTMzNTEyWjCBljELMAkGA1UEBhMCREsxMTAvBgNVBAoMKERpZ2l0YWxpc2VyaW5nc3N0eXJlbHNlbiAvLyBDVlI6MzQwNTExNzgxVDAgBgNVBAUTGUNWUjozNDA1MTE3OC1VSUQ6ODMzODQ5NzAwMAYDVQQDDClEaWdpdGFsaXNlcmluZ3NzdHlyZWxzZW4gLSBOZW1Mb2ctaW4gVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnCmDRMztjDckSupQBLcEzrRRJnAFxzEFdB7Cj6ApMQX509Certificate>MIIGzzCCBQOgAwIBAgIUVzhJs6+g8hDl/YxqKzfLqjLoEg6wfhHE18wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAyMTAxMDEzNDZaFw0yNTAyMDkxMDEzNDVaMIHFMRgwFgYDVQQDDA9UaG9ybXVuZCBOaXNzZW4xETAPBgNVBCoMCFRob3JtdW5kMQ8wDQYDVQQEDAZOaXNzZW4xNzA1BgNVBAUTLlVJOkRLLUU6RzozYzU2MzE4Ni03YTgzLTRiYjUtYWIxMS05MThhMWQzMDI2YTIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk5OTAwNDk5MRcwFQYDVQRhDA5OVFJESy05OTkwMDQ5OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXI9rlAtYBr9L6g30LJuzIlI9PY5zYhuJdOE2bl266nkPK5650gVrjXc6Hwwt2JoLKwsG5/TSIr3v2mdgQNnsJGz91YbAteDPRHR/K1W3kqoIX/qH2uXDzHK+qi4YD9D8s4MnHAt02x6t0TgKQGjn1XO6lgLQ563DjtgD2fdPm9USV2Lkxe5ofNRG7yvWowBWjXKia8D64k6zSzoHKdPz6GCy9S0NmwIyJE0sJavcfwxT3/ia0g63/xD77SteT4H/OR/DLis7FLnfkLp8yrd5xAk4nEGizmjrg2OVJmIMMPK6PQdw+/lqSdgaPDxMD6yoIwWshux5Rup1+piMLg852odHR6EhUzjEsi9DnWWcCAwEAAaOCAucwggLjMA4GA1UdDwEB/wQEAwIEsDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwQwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjQuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjQuMBwGA1UdEQQVMBOBEW5lbWxvZ2luQGRpZ3N0LmRrMIGpBgNVHR8EgaEwgZ4wPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDE5LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDE5LmNybDBeoFygWqRYMFYxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJDAiBgNVBAMMG1RSVVNUMjQwOCBTeXN0ZW10ZXN0IFhJWCBDQTENMAsGA1UEAwwEQ1JMMjAfBgNVHSMEGDAWgBTMAlUM5IF0ryBU1REUV5yRUjh/oDAdBgNVHQ4EFgQUwm9c3oUHE/zZ/43g4RUhswnMVAowCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEACLh3Ovvljv4b/Ywf/8WxoB2y50Oqt8rpwXZp+no4d5tLqIMTSAlQxL0lAf4Qm4e6tF5m/55+dLwxw5/Dqwa0bQXHt98vJjSBYLQH6rwfDzNmVGimO1n84k4MMYY449ykjqRNDfCS3+5+zV/An4CH9eUhvB0AHHWbD6eALw39sPGxc5kHADTOdJ5SboSm9DHYdLLt9k8HyxrHIkcJApLWPgyFmkE0+8jtuQQluN62F5+j5d53oTKinHEd7adM0ea537vNf5uBGu6h9OTXlhZwM9tlnrsTYQTTAIzdxGPlpD9Zvo5nmJHwILdRonm8rZf3vAm59/U6+Cht4+X2l5zxygLlkAMBldvSTvPQOdDbYI7+nZ4PZS90hHy6UFZbUBIANZTfooC9X2H5L8gjgn5ZjNyVe4CcJR8Y03XSkW3yiC7pMKn4Pn2dh0TtLhMpgSuj/rPKmmErNIWrC5A7RLCwDw0P60kQR8ngpeElDne0Y+w2+UgeeUskqCdT8imY+87aJ6HrTOA6wSKjRCGkcVCPNoCZ7vFviKMCT0yhtfUjYG+6lpsKI9Pbm0SEwOrDaI1qihC8tv9kDl/nCkmgQLmzsXAdE33YLZutz7nHDgvytJalzV1saSxxqp1WzVE4PlxBMgol9wVYv0UyWkPul6gyqVt8fv3EW6uoupDKjakFKDRNXrhEKGbJLVpFNK9S5TsW0qJ78Fo4j6jNj2QmwqhXjyLRcT5UVSa9uCLERNs84WrWtxlJZsuNkmged+j6Tf9ea0y1HhpKg1D2GV7ECAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAeBgNVHREEFzAVgRN0ZXN0QGt2YWxpdGV0c2l0LmRrMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAgcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQEwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFLIS2XtHEbhCDr9jENV2OdwpCBHvMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAB4wdMt68NiF7ksnq0fnszSEF0Ss6qC6t4/5tbytfhEu2OIVp0jTmdDUKtjiSAji03eV43Si8p/F5zOXZ5guk5CMXmOuFFqdQnJcGXijUknvXtcm/ol3HF7Wd7nUdvjGmh017utIrKEeGbhKtiT2rH5TIALoVTQfyaVvZieWpkVZkEVhKASY92zzbdH19JL0yiTBwIxD33VH9cHYGn6fB1i84G1HVb2ggcvz7o3fKllgEy40iF/KDyIhuOlrhE0P6Q8uToiBYY3/mNXHX4nF4jbBN/GUc5VtR1EnmeKr1XtzujbIJTpWmrWpzkOkxwIkOIVjxER1LziB4JyEH8/CkFuF4XHYOHEkOhy7mdpWNEfUY1yHf0zK01QQRsN0KrZXunYyeBU0ouNPvNacL257FR1fhlm2a2BYLveKZbtZaiostL4jdNHRHGHMIQWRsfXAybf3oN+X7E+jDlA4k/BYQEPVlT2PgiQbTo4wtrIyeI14/Mah9SElmJCzs1UPbTgFlQ==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:KeyInfo>Signature> </wsse:Security> </ds:Signature><wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> </wsse:Security> <wsa:MessageID wsu:Id="messageID">urn:uuid:de9ad9d5-ad35-4d46-8585-8b05469bc686</wsa:MessageID> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityToken Context="urn:uuid:b216a8d9a8299058-0cabf331-40f74d69-8f6087d0-8fa854c284a79c5385207326"> <wst<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst14:ActAs> <!-- Bootstraptoken --> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <Assertion xmlnsxmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_f3070cceb2748ff2-b0ce631b-402543f2-b37493ce-ada158cb137cf77052beb1bf" IssueInstant="20202022-1104-12T0725T13:2207:50.027Z29Z" Version="2.0"> <!-- Udstederen af bootstraptokenet (her Korsbæk Kommunes IdP) --> <Issuer>https<saml:Issuer>https://idp.korsbaekoioh3bst-kommuneissuer.dk</saml:Issuer> <ds:Signature Id="OCESSignature"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#_f3070cceb2748ff2-b0ce631b-402543f2-b37493ce-ada158cb137cf77052beb1bf"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>mLOzno5qLFEcRB7wZ803T+63ZuUdWFETQm1DH0uLgxEDigestValue>8ZD4sPqgIZ35Stk4UBu+EQ58o+k+gbDJSqAc5j3Whow=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>cam+piuM1GFsBWP2cyTnKCkSYFMYjwKawizCLXw2F8fpD2UioxDtbFOJLG8ca03lh5881RRxrqkwK0Q/QAgKACB8t7NXuYOnMZK0hm2Ys9wibGVqS2De7UImO7BA/RvL9QjRuOHqM3/BWeNG1hteIFzDsVmYGu6CRH6giuLx7uoI6mF69Jb3v3DrztjaCRqWXU8lJo6bNY/ET/hu5/10Xfegb/7qNWb34cW7WQE2qAWRJaLyj1/apQX5BpsdjS0V2uvTsQYx+Dob8cTKqY9nPbuUR5pgcsEg6jle82GhpsiT5hHyC7R2BlP2ZFknkAMg8orogOIhe0tYTIzMD6d2DQ==<SignatureValue>dYxTHjUpuPPusGOrNCeS4Tdk1Sam5/QWCvYve8bhdNZbu+/EEd1RI3FnGnn5cO9ZHBaRehXoFRRt0Tpc5/Hpj+S94nVX7HpLNg9UZBnu95UDtd5EXVeJ7/67jVI4pHlQ6jWCWJizUQbU/W/oLNLKA/rDLlDRk4UKRfTcNgqGCpG0b208ZFOLJe4kktsH8E420G+3ysgocK6BjaLHV8yQw10FMc+YXWJD6ysDN4Nupd4vQkFrk3K7aLZJT+PyEZUYrX/dgCebeDtR9KpRrlH9ScIo32UpVWom0uSX6Bt59pDEnP4Lyzuu8UDYDQZonkn3WL4h4gIEupdVT2DzC0cKzl1w0hVumEc0q9zyZ+mHqDtG2OdseqbY9shGRPH/MzYUZjirDtpDlkZmmIV0lbGVx+A6ydqOxY8ql0kQzDg2+r50UjRvDM7PRc4/LqUGLCpR5UPrhmBUgoAAaBbhoaucbibeYiFq+lFr/QEtLrP0OitZEEoie2XX0AF59q3cWxUy</ds:SignatureValue> <ds:KeyInfo> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data> <!-- Certifikat som har signeret bootstraptokenet (udstederen) <X509Data>--> <ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate> </ds:X509Data> <!-- Certifikat som har signeret bootstraptokenet (her Korsbæk Kommunes IdP) --> </ds:KeyInfo> </ds:Signature> <saml:Subject> <!-- NameID indeholder en i organisationen unik ID for erhvervspersonen - kunne også sættes til <X509Certificate>MIIGRTCCBS2gAwIBAgIEUw8DszANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTQwNTA1MTMzNTU4WhcNMTcwNTA1MTMzNTEyWjCBljELMAkGA1UEBhMCREsxMTAvBgNVBAoMKERpZ2l0YWxpc2VyaW5nc3N0eXJlbHNlbiAvLyBDVlI6MzQwNTExNzgxVDAgBgNVBAUTGUNWUjozNDA1MTE3OC1VSUQ6ODMzODQ5NzAwMAYDVQQDDClEaWdpdGFsaXNlcmluZ3NzdHlyZWxzZW4gLSBOZW1Mb2ctaW4gVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnCmDRMztjDckSupQBLcEzrRRJnAFxzEFdB7Cj6ApMQ/YxqKzfL/TSIr3v2mdgQNnsJGz91YbAteDPRHR/K1W3kqoIX/qH2uXDzHK+qi4YD9D8s4MnHAt02x6t0TgKQGjn1XO6lgLQ563DjtgD2fdPm9USV2Lkxe5ofNRG7yvWowBWjXKia8D64k6zSzoHKdPz6GCy9S0NmwIyJE0sJavcfwxT3/ia0g63/xD77SteT4H/OR/DLis7FLnfkLp8yrd5xAk4nEGizmjrg2OVJmIMMPK6PQdw+/lqSdgaPDxMD6yoIwWshux5Rup1+piMLg852odHR6EhUzjEsi9DnWWcCAwEAAaOCAucwggLjMA4GA1UdDwEB/wQEAwIEsDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwQwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjQuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjQuMBwGA1UdEQQVMBOBEW5lbWxvZ2luQGRpZ3N0LmRrMIGpBgNVHR8EgaEwgZ4wPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDE5LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDE5LmNybDBeoFygWqRYMFYxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJDAiBgNVBAMMG1RSVVNUMjQwOCBTeXN0ZW10ZXN0IFhJWCBDQTENMAsGA1UEAwwEQ1JMMjAfBgNVHSMEGDAWgBTMAlUM5IF0ryBU1REUV5yRUjh/oDAdBgNVHQ4EFgQUwm9c3oUHE/zZ/43g4RUhswnMVAowCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEACLh3Ovvljv4b/Ywf/8WxoB2y50Oqt8rpwXZp+no4d5tLqIMTSAlQxL0lAf4Qm4e6tF5m/55+dLwxw5/Dqwa0bQXHt98vJjSBYLQH6rwfDzNmVGimO1n84k4MMYY449ykjqRNDfCS3+5+zV/An4CH9eUhvB0AHHWbD6eALw39sPGxc5kHADTOdJ5SboSm9DHYdLLt9k8HyxrHIkcJApLWPgyFmkE0+8jtuQQluN62F5+j5d53oTKinHEd7adM0ea537vNf5uBGu6h9OTXlhZwM9tlnrsTYQTTAIzdxGPlpD9Zvo5nmJHwILdRonm8rZf3vAm59/U6+Cht4+X2l5zxyg==</X509Certificate> erhvervspersonens global unikke ID, som tildelt i den fællesoffentlige erhvervsadministration --> </X509Data> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">KorsbaekKommune\MSK</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> </KeyInfo> <saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType"> </ds:Signature> <ds:KeyInfo> <Subject> <ds:X509Data> <!-- NameID indeholder en i organisationen unik IDHolder-of-key certifikatet - dvs. certifikat for erhvervspersonendet system/SOSI-STS-klient som kunnekan ogsåveksle sættesbootstraptokenet til erhvervspersonenset global unikke ID,SOSI-idkort --> <ds:X509Certificate>MIIGzzCCBQOgAwIBAgIUVzhJs6+g8hDl/qjLoEg6wfhHE18wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAyMTAxMDEzNDZaFw0yNTAyMDkxMDEzNDVaMIHFMRgwFgYDVQQDDA9UaG9ybXVuZCBOaXNzZW4xETAPBgNVBCoMCFRob3JtdW5kMQ8wDQYDVQQEDAZOaXNzZW4xNzA1BgNVBAUTLlVJOkRLLUU6RzozYzU2MzE4Ni03YTgzLTRiYjUtYWIxMS05MThhMWQzMDI2YTIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk5OTAwNDk5MRcwFQYDVQRhDA5OVFJESy05OTkwMDQ5OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXI9rlAtYBr9L6g30LJuzIlI9PY5zYhuJdOE2bl266nkPK5650gVrjXc6Hwwt2JoLKwsG5/LlkAMBldvSTvPQOdDbYI7+nZ4PZS90hHy6UFZbUBIANZTfooC9X2H5L8gjgn5ZjNyVe4CcJR8Y03XSkW3yiC7pMKn4Pn2dh0TtLhMpgSuj/rPKmmErNIWrC5A7RLCwDw0P60kQR8ngpeElDne0Y+w2+UgeeUskqCdT8imY+87aJ6HrTOA6wSKjRCGkcVCPNoCZ7vFviKMCT0yhtfUjYG+6lpsKI9Pbm0SEwOrDaI1qihC8tv9kDl/nCkmgQLmzsXAdE33YLZutz7nHDgvytJalzV1saSxxqp1WzVE4PlxBMgol9wVYv0UyWkPul6gyqVt8fv3EW6uoupDKjakFKDRNXrhEKGbJLVpFNK9S5TsW0qJ78Fo4j6jNj2QmwqhXjyLRcT5UVSa9uCLERNs84WrWtxlJZsuNkmged+j6Tf9ea0y1HhpKg1D2GV7ECAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAeBgNVHREEFzAVgRN0ZXN0QGt2YWxpdGV0c2l0LmRrMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAgcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQEwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFLIS2XtHEbhCDr9jENV2OdwpCBHvMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAB4wdMt68NiF7ksnq0fnszSEF0Ss6qC6t4/5tbytfhEu2OIVp0jTmdDUKtjiSAji03eV43Si8p/F5zOXZ5guk5CMXmOuFFqdQnJcGXijUknvXtcm/ol3HF7Wd7nUdvjGmh017utIrKEeGbhKtiT2rH5TIALoVTQfyaVvZieWpkVZkEVhKASY92zzbdH19JL0yiTBwIxD33VH9cHYGn6fB1i84G1HVb2ggcvz7o3fKllgEy40iF/KDyIhuOlrhE0P6Q8uToiBYY3/mNXHX4nF4jbBN/GUc5VtR1EnmeKr1XtzujbIJTpWmrWpzkOkxwIkOIVjxER1LziB4JyEH8/CkFuF4XHYOHEkOhy7mdpWNEfUY1yHf0zK01QQRsN0KrZXunYyeBU0ouNPvNacL257FR1fhlm2a2BYLveKZbtZaiostL4jdNHRHGHMIQWRsfXAybf3oN+X7E+jDlA4k/BYQEPVlT2PgiQbTo4wtrIyeI14/Mah9SElmJCzs1UPbTgFlQ==</ds:X509Certificate> </ds:X509Data> som tildelt i den fællesoffentlige erhvervsadministration --> </ds:KeyInfo> </saml:SubjectConfirmationData> <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">KorsbaekKommune\MSK</NameID> </saml:SubjectConfirmation> </saml:Subject> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key<saml:Conditions NotOnOrAfter="2022-04-25T15:07:29Z"> <saml:AudienceRestriction> <SubjectConfirmationData xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:type="KeyInfoConfirmationDataType"> <!-- Aftageren som må omveksle dette bootstraptoken (her SOSI-STS'en) --> <KeyInfo xmlns="http<saml:Audience>https://wwwsts.w3sosi.orgdk/2000/09/xmldsig#"></saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <X509Data><saml:AttributeStatement> <!-- Angivelse af profil og version (konstanten 'OIO-SAML-3.0') --> <saml:Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <!-- Holder-of-key certifikatet - dvs. certifikat for det system/SOSI-STS-klient som kan veksle bootstraptokenet til et SOSI-idkort --> <saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue> </saml:Attribute> <!-- Mere specifik angivelse af profil og version (kun for OIOH3BST) --> <X509Certificate>MIIGIzCCBQugAwIBAgIEUw/NqTANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTUwNDIwMDcyNTQyWhcNMTgwNDIwMDcyMzM3WjCBkTELMAkGA1UEBhMCREsxMTAvBgNVBAoMKERpZ2l0YWxpc2VyaW5nc3N0eXJlbHNlbiAvLyBDVlI6MzQwNTExNzgxTzAgBgNVBAUTGUNWUjozNDA1MTE3OC1GSUQ6NjkyMjEwNTAwKwYDVQQDDCRKYXZhIHJlZi4gVEVTVCAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsZhc0L2r7+KF2FtqJxtBI/KKneBo6ojLQf8ZgaXa6eFK15lyI4nGM3xZ/OgC8/vjsw2XWQE08vL09W8SKiujEt6xs967Z/Y4rNl1S8hZa5TVmBTlOEwEbmIzGB8tckVj14KnZ6kcZGvygb8FT5gvMGpueMj3OzvhvkShfGvuG/9yrr8hj7590vu3X0EkeI5dQAFPG41sUqzjDMZhZol5zhHCqkxXf0C+H+1gYYvNvEYGc1WXfaK0j3i66RcKAWJvozgf6jDQfwHsV7qswndxbvIhoZ6W7cBxzs4ajDQ5QeHS5JtWKopgmz0hXgcgXChJ4ZVvyhpatXLuldJeINrlHAgMBAAGjggLKMIICxjAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MTkudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MTkudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MTktY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQCMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4yLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4yLjCBqgYDVR0fBIGiMIGfMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS5jcmwwX6BdoFukWTBXMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0ExDjAMBgNVBAMMBUNSTDI4MB8GA1UdIwQYMBaAFMwCVQzkgXSvIFTVERRXnJFSOH+gMB0GA1UdDgQWBBRUEhCFm3sj4tGyEI3OkBYnKKSOFDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB9r7wKMTPCxGmQYFu7M+CyGrxSWaFqe8FH6YGyh9SaCjZUSbayamCqjhxM+7cLZtSBXySMYkcUImj5tWzED3BUIX6vbhzXvAsvyBuyXH9iRrBq3hLUOL18dBOMOY98TghF9jqJQBoq3Ikctob3/ikfpws86/jLnoKvA5q3IGYJIiwZssj85kcXmbhOpi1x9SjCRqgXldDVqiSEBVcuU8WKqvDVhIoFJzpsDbWvjeGnlgXtU0mK55tJYvm9i0leaoaAEKesRd2MdG9yZ4yhDFcvzUaTlQULvBxoNgXGPOGPxIEr2euiDhBcdrx/zbC8tjok6eBwu4FvGqyrpm11xjQs</X509Certificate><saml:Attribute Name="https://healthcare.data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">OIO-SAML-H-3.0</saml:AttributeValue> </X509Data>saml:Attribute> <!-- Sikringsniveau udtrykt efter NSIS --> </KeyInfo><saml:Attribute Name="https://data.gov.dk/concept/core/nsis/loa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">High</saml:AttributeValue> </SubjectConfirmationData>saml:Attribute> <!-- Ervhvervspersonens global unikke ID, som tildelt i den fællesoffentlige </SubjectConfirmation> erhvervsadministration --> <saml:Attribute </Subject>Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <Conditions NotOnOrAfter="2020-11-12T12:22:50.027Z"><saml:AttributeValue xsi:type="xs:string">urn:uuid:433bf619-e571-4184-87cc-f8ea00d6ad19</saml:AttributeValue> </saml:Attribute> <!-- AftagerenOrganisationens somCVR må omveksle dette bootstraptoken nummer (her SOSI-STS'en) Korsbæk Kommunes) --> <saml:Attribute <AudienceRestriction>Name="https://data.gov.dk/model/core/eid/professional/cvr" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue> <Audience>https://sts.sosi.dk/</Audience>saml:Attribute> <!-- Organisationens navn (her Korsbæk Kommune) --> </AudienceRestriction> <saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/orgName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> </Conditions> <saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue> <AttributeStatement></saml:Attribute> </saml:AttributeStatement> </saml:Assertion> <!-- Angivelse af profil og version (konstanten 'OIO-SAML-3.0') -->/wst14:ActAs> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>https://fmk</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <Attribute<wst:Claims NameDialect="httpshttp://datadocs.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"oasis-open.org/wsfed/authorization/200706/authclaims"> <!-- Attribut som er påkrævet i SOSI idkortet og angives angives her som claim <AttributeValue>OIO-SAML-3.0</AttributeValue>> <auth:ClaimType Uri="medcom:ITSystemName"> <auth:Value>Korsbæk Kommunes IT </Attribute>systemer</auth:Value> </auth:ClaimType> <!-- Frivillige attributter som kan anvendes fx <!-- Mere specifik angivelse til valg af profilsundhedsfaglig og versionautorisation (kuneller for'national OIOH3BSTrolle') --> <Attribute Name="https://healthcare.data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri<auth:ClaimType Uri="medcom:UserAuthorizationCode"> <!-- Autorisationskode <AttributeValue>OIO-SAML-H-3.0</AttributeValue>-> <auth:Value>007NX</auth:Value> </Attribute>auth:ClaimType> <auth:ClaimType Uri="medcom:UserRole"> <!-- SikringsniveauNational udtryktrolle efter NSIS --> <Attribute Name="https://data.gov.dk/concept/core/nsis/loa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><auth:Value>urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3</auth:Value> </auth:ClaimType> <auth:ClaimType Uri="sosi:SubjectNameID"> <auth:Value>Mads_Skjern</auth:Value> <AttributeValue>Substantial</AttributeValue></auth:ClaimType> </wst:Claims> </wst:RequestSecurityToken> </Attribute> <!-- Ervhvervspersonens global unikke ID, som tildelt i den fællesoffentlige erhvervsadministration --> <Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormatsoapenv:Body> </soapenv:Envelope> |
Succesfuldt response:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <AttributeValue>urn:uuid:323e4567-e89b-12d3-a456-426655440000</AttributeValue><wsu:Timestamp wsu:Id="ts"> <wsu:Created>2022-04-25T13:07:30Z</wsu:Created> </wsu:Timestamp> <ds:Signature> </Attribute><ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod <!-- Organisationens CVR nummer (her Korsbæk Kommunes) --Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#body"> <ds:Transforms> <Attribute Name <ds:Transform Algorithm="httpshttp://datawww.govw3.dkorg/model2001/core/eid/professional/cvr" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"10/xml-exc-c14n#"/> </ds:Transforms> <AttributeValue>20301823</AttributeValue><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>3kNpWaBaibVYCwc4SGPJwVAVrT8=</ds:DigestValue> </Attribute>ds:Reference> <ds:Reference URI="#ts"> <ds:Transforms> <!-- Organisationens navn (her Korsbæk Kommune) <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <Attribute<ds:DigestMethod NameAlgorithm="httpshttp://datawww.govw3.dkorg/model2000/core/eid/professional/orgName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"09/xmldsig#sha1"/> <ds:DigestValue>o6uj52yeWQB5D0HQQFxqv+T8RHM=</ds:DigestValue> </ds:Reference> <AttributeValue>Korsbæk Kommune</AttributeValue> <ds:Reference URI="#messageID"> <ds:Transforms> </Attribute> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <!--</ds:Transforms> En (frivillig) angivelse af brugerens centralt trustede og lokalt administrerede 'nationale roller' formatteret som OIOBPP 1.2 XML struktur og indlejret i Base64 encoded form<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>1z169hod/5XrM90vXA4jxO2fw0Y=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#relatesTo"> <ds:Transforms> <Attribute Name<ds:Transform Algorithm="httpshttp://datawww.govw3.dkorg/model2001/core/eid/privilegesIntermediate"10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>EsmQlfzPgRhsoWZOMyJTHjCoiq4=</ds:DigestValue> </ds:Reference> <ds:Reference NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uriURI="#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <AttributeValue>Bx23z ....</AttributeValue><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> </Attribute><ds:SignatureValue>UpGxNQjzEvHYCZ7gPrpgoNYHw3ObIxJY0oTR7T0qf7I+0ZAYqSE3terJue26nHMJiQkmFAGemsdaIDsktf6oBikOzDC1Q9QAtqwlQ+uT13zq0Gz143he1GlixfORSJLiPMe5RSvRpYRFdyOIqgCviR5cvBm19N4zGJlLlxWt0LTsCg4Wv7zTNsuiUVxdvwAlJc8mWqvi8a97XOdEGw9GlfSNRBFMc7A41ZHjOfLfCN3kltVVhN/LSeRu2kXGVXOHcBfWeak7PkClpTc1YAusR+7Z35XR0bCCkiEf5gd+wFOeGfw+CoRUrEFnutJ/1PlmadUCr6x+MXjb+vxZOn2+jA==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> Eksempel (i Base64 decoded form) for en bruger med tildelt 'national rolle' 'Plejehjemsassistent' i Korsbæk Kommune:<wsa:MessageID wsu:Id="messageID">urn:uuid:d7ed6507-ffa5-4c4e-b0b0-d8a8bb813a86</wsa:MessageID> <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:de9ad9d5-ad35-4d46-8585-8b05469bc686</wsa:RelatesTo> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityTokenResponseCollection> <wst:RequestSecurityTokenResponse Context="urn:uuid:a8299058-f331-4d69-87d0-9c5385207326"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestedSecurityToken> <!-- SOSI idkortet --> <saml:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2022-04-25T13:02:30Z" Version="2.0" id="IDCard"> <bpp:PrivilegeList<saml:Issuer>TEST1-NSP-STS</saml:Issuer> <saml:Subject> <saml:NameID Format="medcom:other">Mads_Skjern</saml:NameID> <saml:SubjectConfirmation> xmlns:bpp="http://digst.dk/oiosaml/basic_privilege_profile"<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod> <saml:SubjectConfirmationData> <ds:KeyInfo> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ds:KeyName>OCESSignature</ds:KeyName> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:20301823"> </saml:Subject> <saml:Conditions NotBefore="2022-04-25T13:02:30Z" NotOnOrAfter="2022-04-26T13:02:30Z"/> <saml:AttributeStatement id="IDCardData"> <saml:Attribute Name="sosi:IDCardID"> <Privilege>urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3 <saml:AttributeValue>F6beeSEVLsnAyrNsPsURhQ==</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="sosi:IDCardVersion"> <saml:AttributeValue>1.0.1</saml:AttributeValue> </Privilege> </saml:Attribute> <saml:Attribute Name="sosi:IDCardType"> <saml:AttributeValue>user</saml:AttributeValue> </saml:Attribute> </PrivilegeGroup> <saml:Attribute Name="sosi:AuthenticationLevel"> <saml:AttributeValue>4</saml:AttributeValue> </saml:Attribute> </bppsaml:PrivilegeList>AttributeStatement> <saml:AttributeStatement id="UserLog"> <saml:Attribute Name="medcom:UserCivilRegistrationNumber"> <saml:AttributeValue>0202024300</saml:AttributeValue> </saml:Attribute> --<saml:Attribute Name="medcom:UserGivenName"> </AttributeStatement> <saml:AttributeValue>NSTSSenAtre</saml:AttributeValue> </Assertion>saml:Attribute> </wst14:ActAs> <saml:Attribute Name="medcom:UserSurName"> <wsp:AppliesTo> <saml:AttributeValue>Jensen</saml:AttributeValue> <wsa:EndpointReference></saml:Attribute> <wsa:Address>https://fmk</wsa:Address><saml:Attribute Name="medcom:UserRole"> <<saml:AttributeValue>7170</wsasaml:EndpointReference>AttributeValue> </wspsaml:AppliesTo>Attribute> <wst <saml:ClaimsAttribute DialectName="http://docs.oasis-open.org/wsfed/authorization/200706/authclaimsmedcom:UserAuthorizationCode"> <!-- Attribut som er påkrævet i SOSI idkortet og angives angives her som claim --<saml:AttributeValue>007NX</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <saml:AttributeStatement id="SystemLog"> <auth<saml:ClaimTypeAttribute UriName="medcom:ITSystemName"> <auth:Value>Korsbæk<saml:AttributeValue>Korsbæk Kommunes IT systemer</authsaml:Value>AttributeValue> </authsaml:ClaimType>Attribute> <saml:Attribute <!-- Frivillige attributter som kan anvendes fx til valg af sundhedsfaglig autorisation (eller 'national rolle') -->Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber"> <saml:AttributeValue>20301823</saml:AttributeValue> <auth:ClaimType Uri="medcom:UserRole"></saml:Attribute> <!-- Uddannelseskode for 'Læge' --<saml:Attribute Name="medcom:CareProviderName"> <auth:Value>7170</auth:Value><saml:AttributeValue>Korsbæk Kommune</saml:AttributeValue> </authsaml:ClaimType>Attribute> </saml:AttributeStatement> <!-- Eksempel med angivelse af national rolle 'Plejehjemsassistent'<ds:Signature id="OCESSignature"> <ds:SignedInfo> <auth<ds:ClaimTypeCanonicalizationMethod UriAlgorithm="medcom:UserRole"http://www.w3.org/2001/10/xml-exc-c14n#"/> <auth:Value>urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3</auth:Value><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#IDCard"> </auth:ClaimType> <ds:Transforms> --<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <!-- Eksempel med angivelse af der hverken skal sættes rolle eller autorisation i idkortet <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <auth:ClaimType Uri="medcom:UserRole"<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <auth:Value>urn:dk:healthcare:no-role</auth:Value><ds:DigestValue>euQ6vweNw8xZnluK10sTv06gses=</ds:DigestValue> </ds:Reference> </authds:ClaimType>SignedInfo> <ds:SignatureValue>O4Jx3vk1WX7GQdA+kN6+SanG2DhB7USm1HyL08OLwJ7QE7kqu0IVt42FpDu4vK4lxNbQGz2GsbmyNKu3dm5CabRU12Z9Ny2gmrBY3CwgYpGczPWl/RQa9tWK8Jb0iBp5wXwC7GvCeA72jJQz+kpt429vppCEkl70OKukUjllei/kcZUieNWqduHlBdyMnsafMY1K+2/Qhd/yU/GUF4DpqwQqoXd+s/GTqf+nlCVWvOLPto1j+HAMI/zQ7wtAYa9p4oJA6U8yW46PRA9WcNJJHCzuZIARpLZLpjHNg0UeYuEQeDnsYA8b3VqoprcbbByXrJ21mYQ74YdcwUaTfSOv2A==</ds:SignatureValue> --><ds:KeyInfo> <!-- Eksempel med angivelse af autorisationsID (fremfor uddannelseskode)<ds:X509Data> <auth:ClaimType Uri="medcom:UserAuthorizationCode"><ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate> </ds:X509Data> <auth:Value>ZXCVB</auth:Value></ds:KeyInfo> </ds:Signature> </saml:Assertion> </authwst:ClaimType>RequestedSecurityToken> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>https://fmk</wsa:Address> --> </wsa:EndpointReference> <!-- Eksempel med angivelse af ID som ønskes sat som Subject NameID i SOSI idkortet</wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2022-04-25T13:02:30Z</wsu:Created> <auth:ClaimType Uri="sosi:SubjectNameID"> <auth:Value>Mads_Skjern</auth:Value><wsu:Expires>2022-04-26T13:02:30Z</wsu:Expires> </auth:ClaimType> --> wst:Lifetime> </wst:Claims>RequestSecurityTokenResponse> </wst:RequestSecurityToken>RequestSecurityTokenResponseCollection> </soapenv:Body> </soapenv:Envelope> |
Succesfuldt response:
OIO3
Her vises et OIO3 request uden forklarende kommentarer, da kommentarerne i OIOH3-eksemplet også gælder her. Det er NemLog-in STS som (når den er klar) kommer til at udstede bootstrap tokens af typen OIO3.
Request
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
| Code Block | ||||||
| ||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security <wsa:Action mustUnderstand="1" wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>security"> <wsa<wsu:MessageIDTimestamp wsu:Id="messageID">urn:uuid:6b09a6eb-1539-4bbe-a367-8d9d9c4b20f6</wsa:MessageID> <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:bfe03422-990c-49ec-9a31-07eeb82ffed3</wsa:RelatesTo> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2020-11-12T08:09:53Z</wsu:Created> ts"> <wsu:Created>2022-12-29T11:59:45Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#messageID"> <ds:Reference URI="#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>AubBTkl44DigestValue>xL3Zq/WOoYqN4JZg96Ks2qEw4SnARv1+9WJKORaXkol4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>XZr9YfkelJBdDBlrjmE8vD9TYgw=</ds:DigestValue> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>Reference> </ds:Reference> <ds:Reference URI="#relatesTo#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>oe9O9MQRb9hFSIblLUns69YfAtUDigestValue>sErKM6Sc6OEZq8xftCjVFLc49lc=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>CF/Pjtr//fCqWISF0PS7DeEjBgIDigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:Reference URI="#body"><ds:SignatureValue>JuGLzQ1IfOcxxKwgt8bufiW0rLMwpry5JbAdRYfvaFajtxehccOwlZ9+C8kyKSMqzETAj4t9blA731peoTGgC1yfg4yECp/oa3WYJg7PTRJZgcKj5iRgoOn0i0AfzaJG81zPP1G5yCw0YzBNS2wAByk6Mi5Qk3DAIs3XxCTeZ0tLi5UdfREcOvuYvbHuZwv77mL89IlYosVTzsR2MQvXerZQdvymu6xHOzaHeTrnHple33X7hIpoGKKkqrInU3F+4cWQ9+8seIsBWlMcnyP1a7q7ZWeA2aspuRLH961YMO2ErPWOrt8nFJ7Bj7+2W2gPQXS1tgbOalyrxHSiBuD2ZWUKe+hohD1oR2ryJin81sRHDr8Gp4gCIMEbJwkQMfzWmjg8R2XkEAaWVqIZZD8gk/p5hiBjsZCcGLa2aORAYFMBEss8v4qIfevcvKEQT5XZ3luFhbcPFA6eetkOmqDQmdi2eO+rlZJrpAcgAU/EeiV0RRWLWIhYbgDAHhE5aBTJ</ds:SignatureValue> <ds:KeyInfo> <ds:Transforms>X509Data> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate> </ds:Transforms>X509Data> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action <ds:DigestMethod Algorithm="httpwsu:Id="action">http://wwwdocs.w3oasis-open.org/2000/09/xmldsig#sha1"/>/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:f6af72b5-652e-40d5-a8ff-ed0116c3d114</wsa:MessageID> </soapenv:Header> <soapenv:Body wsu:Id="body"> <ds:DigestValue>pRDhdBP4vg21xhs3q7kIpdhjXE8=</ds:DigestValue><wst:RequestSecurityToken Context="urn:uuid:e420f22e-9233-4b51-973a-9008528169a7"> </ds:Reference><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> </ds:SignedInfo> <ds:SignatureValue>nyRVy1efVfyKHffKgw2AMt2ZkgK2JC0/r6xk1ZVPiiryJ77gRVD/GmQGJb0c/k7Uygf/eBWVf21quE9xAUZrFTTlYGU+Nkr93tgskXZ2HeALiNBi3GtwRuqM66Pf6kszJaSJvaP8m4PioEfaXIZwiUUQp9hqMqGOsS1MQk6EDj/AwQjT35l3yLHVIceThJEWUCV9LObSjc5K+B3glOvqJ9j4VTLbeXaHjZfS/8cXhfOsbBKCV+n4wMES78DGNxfuIApz3i8OX9FjYvzYpS9+13HVweEXsDRuSuQnyQjS3pM6Sfy9ccmjxVSB2Vm5zFNxRqATOvgX3Ga++Yb5Qv+bEg==</ds:SignatureValue><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <ds:KeyInfo><wst14:ActAs> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_59c5a991-78de-4cf4-bd6e-18dafe651c38" IssueInstant="2022-12-29T11:59:45Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://oio3bst-issuer.dk</saml:Issuer> <ds:X509Data>Signature Id="OCESSignature"> <ds:SignedInfo> <ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> </ds:X509Data> <ds:Reference URI="#_59c5a991-78de-4cf4-bd6e-18dafe651c38"> </ds:KeyInfo> <ds:Transforms> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv<ds:BodyTransform wsu:Id="body"Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <wst:RequestSecurityTokenResponseCollection> <wst<ds:RequestSecurityTokenResponseTransform ContextAlgorithm="urn:uuid:b216a8d9-0cab-40f7-8f60-8fa854c284a7"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>http://www.w3.org/2001/10/xml-exc-c14n#"/> <wst</ds:RequestedSecurityToken>Transforms> <!-- SOSI idkortet --<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <saml:Assertion IssueInstant="2020-11-12T08:09:53Z" Version="2.0" id="IDCard"> <ds:DigestValue>YybMZF4egRrjzA5rv2exzR5UI6/nRJbFcYPRpIuuSJw=</ds:DigestValue> </ds:Reference> <saml:Issuer>TEST2-NSP-STS</saml:Issuer></ds:SignedInfo> <ds:SignatureValue>s3fIhmAu56NXkUZ5d2Wit8Us4zJ2q9Rx7USBTszXT7cYp4tZ3p7pCHTz4/OuOXaZ7qO7eXd7UQST8wNWbsd6UUD0glsB5AI+yZN07l5cCGbjVBy9yJa0leE4EkCM+cER10DTUKswZHy2zTxgjEdNSPRlnBtq4ArrfpoFz5jRTpekBhZhaVEV2oO3QC+7JhDjzidaOHQqkAYC6LJf54fG5NaqoxW0UKCcW/JSBddGqK+ctvhUOBHAbS1Uq8vyY1xRhB9XU+REQa6jeYyJU3MogOGDhsyIbYGzutawhAoT4EYp2J4AYPitWZ2JJ1bR+oVHnDTsCYg5djSQUMUoMO+eLrFsFI8C/D70k5g747nIC3c+tsjNLgHPI9hYRfQ8a7fC5R2r/2bkQPCJZ9rGJZrl2bQqGbfeBtMX8NKCqF6UXUFiZXZa2IzCA1TdjaejqzNoMGirGwOHfovwsExBf5zkD/OQOj+O/GmSpTEjSH/QauAolQ/ne5jdpWaezg3VE5ST</ds:SignatureValue> <saml <ds:Subject>KeyInfo> <ds:X509Data> <saml:NameID Format="medcom:other">KorsbaekKommune\MSK</saml:NameID> <ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">KorsbaekKommune\MSK</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotOnOrAfter="2022-12-29T13:59:45Z"> <saml:AudienceRestriction> <saml:Audience>https://sts.sosi.dk/</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AttributeStatement> <saml:Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">4</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">2634ccc3-225a-44ee-94bc-565904f46ead</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/cvr" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/orgName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="https://data.gov.dk/model/core/eid/cprNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">2501879875</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wst14:ActAs> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>https://fmk</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims"> <auth:ClaimType Uri="medcom:ITSystemName"> <auth:Value>Korsbæk Kommunes IT systemer</auth:Value> </auth:ClaimType> <auth:ClaimType Uri="medcom:UserAuthorizationCode"> <auth:Value>008NX</auth:Value> </auth:ClaimType> <auth:ClaimType Uri="sosi:SubjectNameID"> <auth:Value>Mads_Skjern</auth:Value> </auth:ClaimType> </wst:Claims> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> |
Succesfuldt response:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T11:59:45Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>YQBhieWz6ef3lQskTQGP9ptGB0c=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>XZr9YfkelJBdDBlrjmE8vD9TYgw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>vU63bukwsLeIWlq0IUzLmo80wEY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>vyq5ovfxPeAfSBJN16o9PVbAp3o=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>EM1CEGVmO5/ErUtyGS/gcYQixVUeDidJHx1ExnTbfK5Ib2c4MAl9lkLpQIFuVvNHLlHk2h6P1XpiuhZ+tgcfCM5nA7aQAlrt7lgt3GGTsnOUI8xgyZcYVGcZDdvNOieX+kW2kBurruVYZ+My1cmiWzneZwt3cqNXMU9Zn+T93JZ+WumjS2w0srt83bs8xicQ5ehLNDCRNrgoOc5qIckXx5uLSaKYX6LmT6ibhWsInSEjYIUK/Ae+CwAmkBPPkO4U//83VRjSjIQy4/l/4ucQa79ruKoAh84lrKyynpWDYyUIYP70fIXAQRnsAiN5RLe2+QqfwMLAj94PXM37z7KRDQ==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:cd73009a-507f-4b26-955d-7b5a8575b784</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:f6af72b5-652e-40d5-a8ff-ed0116c3d114</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:e420f22e-9233-4b51-973a-9008528169a7">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion IssueInstant="2022-12-29T11:54:45Z" Version="2.0" id="IDCard" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">Mads_Skjern</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2022-12-29T11:54:45Z" NotOnOrAfter="2022-12-30T11:54:45Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>NP16iFJQmjBi1Wzdqg5HOQ==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>2501879875</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Thorgot</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Friis</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>008NX</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Korsbæk Kommunes IT systemer</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>2YDORON64rrH3ZzsbWP6zXpLybg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>B4YLlyZwrULzQx7aQSiUBtO1/d9juA/NlCdk+GkAkTmU95Xh7UPsz07PpHlUS4VRbjZdvjzsj4CCF+bkbjTNzbicv7MLNkll/ooS3HuToTm0HZ0aRugUKPYMwW76huPqLq9odftNba+UYxdg9dC9ItU0TKGADUQIRCv/j+NxDwhI4AFTzKMByC1P9vsNRX8DafsKAtv/A6LOkwqDQdUho+SbGhBXxQ8k3SwtGVQ7N8PdQBK75e/Mm0IGFPTCVnSU7roLudm7mMNpl+5mQ00uJhN63OOqhP1D2S8RqdnTRkqTYQDhjYwtwgomlBiITOGBhqseD77zjbzm+FNZKt8qoA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2022-12-29T11:54:45Z</wsu:Created>
<wsu:Expires>2022-12-30T11:54:45Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
OIOH2
Her vises et OIOH2 request uden forklarende kommentarer, da kommentarerne i OIOH3-eksemplet også gælder her. Bootstrap tokens af typen OIOH2 indeholder et NIST assurancelevel og anvendes af token udstedere som endnu ikke er kommet over på NSIS standarden, som fx SEB IdP.
Request
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T12:07:43Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>8NA4xC8PxXNuy2aTPEIGrpvpjPs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>QocdLJWB/HX3wPD2kmYESEUlMR0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Vh7mIeKr19P3YH0x4PUNBHoOWvo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NCmQmpXaujpcNsai3f6lIWdK/owgGg6PJa6lNZUWxjbSOB0EoiXfqSNpzRe/kEvQPYRDxtdmq6prf78Yw8kcfolr4OVNm9uzszLFVr2MJuIRrSBWkCAX+klqURj5BWNIdRi4VTviFP0I8uMh/ecAaqb0AXwh31bzxeoagsJyTHLM0Rsizwa0Qp+ETsz9qJT8DNyhg+4DLgLr6qZBv2Uxw60itXxj1dFuJ6EwaJ2X01p7NbXgmAv/OM0lP9vg2XFMOwt1j7iE8CTE2lywBXxmVdLEd/v3lIHrO6uFxCWbYvasggkeCJyaVDedCaZ2VybwvHHptN2g768leO+2Oqki4t+Ou76no+6iGLpsxOXA6mXPYufRPF0M5RnviVeQa7KlZ0Vur80DS1y3z55yGoTVQRDNLxQfv0bD8nRj7kDfQjHrFJ/3L6CvdUc9e2klwc069isjqt4ze8eLBwCzqj9ZQqkI1UPBXcrlt5ogfWT0ppoK/G8pfbxx7+j5+4P0zUQp</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:92683d66-9627-4d65-b1de-fb5a740946a7</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:0c735390-d00c-4dc7-ba38-4536bb72ed59">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_af57c648-13ca-474b-9977-a61f3b82021c" IssueInstant="2022-12-29T12:07:43Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://oioh2bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_af57c648-13ca-474b-9977-a61f3b82021c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>a6U7fEn0zWmYTTysCVmkz80I+LL9mxWf8aIF2VhgEb0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Btx1nz3FM0hblXQEiOoamAo4yUR/tk+cvrzVwyEef960SM0+vD+eFL+GPWfy074Iy0e2lcK8XoIaMQEuStIKtFW0Rj0JIak0J9OeHXVCItZPDn7YlTPV5CYklnmpVL2cp+9NcKzyqKae2hoEX1SuqWgGACbmpcGByqUWCs8G884WEeRyZANxfynnQB7fbjp7UAAmicumErsXAivc4KRzSGN14ioiUFGkZLkx72tmC3zuazSwDVRdNJf1aigYc8r/KuKGMdc+TeaebEcVX45LcvLyWwo4jDank3BB+5c7RLKv0FAa+nYacktQyVGPIORpm1mWZaPxmmAd7Iou470QvKbciBf0V1wwrvJgGFBKbXmnrg59OQcQGu4WA1gMYSg+bUuusnpi8JdhJx+Bs51N+EF7m3m6PuFZd0RdKQjmXH7eUxzOgc9WTxUsPHObqVcefPVOId7t8c4oQxk7Zm4CmgKwAPN2Obu6bejJOKTjF83ENtEHQcFgMqxJ1shqtVZu</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">KorsbaekKommune\MSK</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2022-12-29T14:07:43Z">
<saml:AudienceRestriction>
<saml:Audience>https://sts.sosi.dk/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">2634ccc3-225a-44ee-94bc-565904f46ead</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CvrNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">2501879875</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<auth:ClaimType Uri="medcom:ITSystemName">
<auth:Value>Korsbæk Kommunes IT systemer</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="medcom:UserAuthorizationCode">
<auth:Value>008NX</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="sosi:SubjectNameID">
<auth:Value>Mads_Skjern</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
Succesfuldt response:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <saml:SubjectConfirmation><wsu:Created>2022-12-29T12:07:44Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#body"> <saml<ds:SubjectConfirmationData>Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:KeyInfo></ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>GuxBcihCyWbuWJ7GFFirFlQ5/xo=</ds:DigestValue> <ds:KeyName>OCESSignature<</ds:KeyName>Reference> <ds:Reference URI="#ts"> <ds:Transforms> </ds:KeyInfo><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> </saml:SubjectConfirmationData><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>eXGYZk7IaymM2G5i3yvNZqcw8VA=</ds:DigestValue> </samlds:SubjectConfirmation>Reference> <ds:Reference URI="#messageID"> </saml<ds:Subject>Transforms> <saml:Conditions NotBefore="2020-11-12T08:04:53Z" NotOnOrAfter="2020-11-13T08:04:53Z<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <saml<ds:AttributeStatementDigestMethod idAlgorithm="IDCardData"http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>tiLlO42eXYdbLIzEfT+EeOdPgLc=</ds:DigestValue> </ds:Reference> <saml:Attribute Name="sosi:IDCardID <ds:Reference URI="#relatesTo"> <ds:Transforms> <saml:AttributeValue>0gawKVevRYQ45IrGJt+r6w==</saml:AttributeValue> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </samlds:Attribute>Transforms> <saml:Attribute Name="sosi:IDCardVersion"<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>MT/GK4f3xk0LVVKLmcJNqVFykY8=</ds:DigestValue> </ds:Reference> <saml:AttributeValue>1.0.1</saml:AttributeValue><ds:Reference URI="#action"> <ds:Transforms> </saml:Attribute><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <saml:Attribute Name<ds:DigestMethod Algorithm="sosi:IDCardType"http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> <saml:AttributeValue>user</saml:AttributeValue></ds:SignedInfo> <ds:SignatureValue>BCDYLZ2LOnfzdYTM1gyd1D7HEg16uIKYiI6qVDD4ypC5FjOj77QWuexeoIbAc25v9aOhkyqMSx/5SdR6tNR1Gofr79Tqmmxdj6Zf0cZfETS1J/MZ2RnCeV29RkOZ4DjpBvzrfeSIn7tydkFJF590oWdSCK56xvgvjxYRWbdeVSrvlZxAfV/tv3rV92LrvFvaPXD4GTt/abFJDh/gMTPW3Yfx7piW3Fp0C5ESTXriq1H5UeOcEKaZwgIj9koYuk4l8EmSf4dxcMzs9iwRWI2x4aBLJVntfZL+KMnhEnBPjorpkStuUTBP0Rpic/GplKBzRNeL9dE5P+B2OHMRbgKqJg==</ds:SignatureValue> <ds:KeyInfo> </saml:Attribute><ds:X509Data> <ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate> </ds:X509Data> <saml:Attribute Name="sosi:AuthenticationLevel"> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:01707bdd-0b81-427a-bf7f-71a6d6f03b91</wsa:MessageID> <saml:AttributeValue>4</saml:AttributeValue> </saml:Attribute> <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:92683d66-9627-4d65-b1de-fb5a740946a7</wsa:RelatesTo> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityTokenResponseCollection> <wst:RequestSecurityTokenResponse Context="urn:uuid:0c735390-d00c-4dc7-ba38-4536bb72ed59"> </saml:AttributeStatement><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestedSecurityToken> <saml:Assertion IssueInstant="2022-12-29T12:02:44Z" Version="2.0" id="IDCard" <saml:AttributeStatement id="UserLogxmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>TEST1-NSP-STS</saml:Issuer> <saml:Subject> <saml:AttributeNameID NameFormat="medcom:UserCivilRegistrationNumber">other">Mads_Skjern</saml:NameID> <saml:SubjectConfirmation> <saml:AttributeValue>1802602810<<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:AttributeValue>ConfirmationMethod> <saml:SubjectConfirmationData> </saml:Attribute> <ds:KeyInfo> <saml:Attribute Name="medcom:UserGivenName"><ds:KeyName>OCESSignature</ds:KeyName> </ds:KeyInfo> <saml:AttributeValue>Mads<</saml:AttributeValue>SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Attribute>Subject> <saml:Conditions NotBefore="2022-12-29T12:02:44Z" NotOnOrAfter="2022-12-30T12:02:44Z"/> <saml:AttributeAttributeStatement Nameid="medcom:UserSurNameIDCardData"> <saml:Attribute Name="sosi:IDCardID"> <saml:AttributeValue>Skjern<AttributeValue>3iX+gE9UEOTN1Dyw04osPA==</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="medcomsosi:UserRoleIDCardVersion"> <saml:AttributeValue>1.0.1</saml:AttributeValue> <saml:AttributeValue>7170<</saml:AttributeValue>Attribute> <saml:Attribute Name="sosi:IDCardType"> < <saml:AttributeValue>user</saml:Attribute>AttributeValue> </saml:Attribute> <saml:Attribute Name="medcomsosi:UserAuthorizationCodeAuthenticationLevel"> <saml:AttributeValue>4</saml:AttributeValue> <saml:AttributeValue>ZXCVB<</saml:AttributeValue>Attribute> </saml:AttributeStatement> <saml:AttributeStatement id="UserLog"> </saml:Attribute> <saml:Attribute Name="medcom:UserCivilRegistrationNumber"> < <saml:AttributeValue>2501879875</saml:AttributeStatement>AttributeValue> </saml:Attribute> <saml:AttributeStatementAttribute idName="SystemLogmedcom:UserGivenName"> <saml:AttributeValue>Thorgot</saml:AttributeValue> <saml:Attribute Name="medcom:ITSystemName"> </saml:Attribute> <saml:Attribute Name="medcom:UserSurName"> <saml:AttributeValue>Korsbæk Kommunes IT systemer<AttributeValue>Friis</saml:AttributeValue> </saml:Attribute> </saml:Attribute><saml:Attribute Name="medcom:UserRole"> <saml:AttributeValue>7170</saml:AttributeValue> <saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber"> </saml:Attribute> <saml:Attribute Name="medcom:UserAuthorizationCode"> <saml:AttributeValue>20301823<AttributeValue>008NX</saml:AttributeValue> </saml:Attribute> </saml:Attribute>AttributeStatement> <saml:AttributeStatement id="SystemLog"> <saml:Attribute Name="medcom:CareProviderNameITSystemName"> <saml:AttributeValue>Korsbæk Kommunes IT systemer</saml:AttributeValue> <saml:AttributeValue>Korsbæk Kommune<</saml:AttributeValue>Attribute> <saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber"> < <saml:AttributeValue>20301823</saml:Attribute>AttributeValue> </saml:Attribute> </saml:AttributeStatement> <saml:Attribute Name="medcom:CareProviderName"> <saml:AttributeValue>Korsbæk Kommune</saml:AttributeValue> <ds:Signature id="OCESSignature"> </saml:Attribute> </saml:AttributeStatement> <ds:SignedInfo>Signature id="OCESSignature"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#IDCard"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>Fn9Dyi9gZTxaEOFyWmODqKB7rhE=</ds:DigestValue> /> <ds:DigestValue>fiZYzDicD5nahwHjhrnhlvtaYHo=</ds:Reference> DigestValue> </ds:SignedInfo>Reference> </ds:SignedInfo> <ds:SignatureValue>sQAGdHPbxmgl+xf4gD35b1Yv9Xq/oLOvAfZ0veMeLxvlDY0neBRMXwR0gWQlxNUDS494ed1cyb0D6eYfoCtWDnzVC0GDRqmWXRiNU7hlprqA0qoof4iTKUSCSDQ5AxHqu+zrUID0wuOSUSiuzEJ4iGeeuWkAgFPLSTqZtAXEZYoPWZF5KTJZefD6ZR/wshZjU9kU7uHvi7uQwZKp7vP1xvBm4Dwt1sBcJWl4CLRUor8A/nzXvh6pJ8NKELoYiFWKEDPMiF5HWpvnVGh1HaonyDdMXHAa2DqgJQnZH+OpwG4NUMxzVfQ+o27K/Rn8ZZ+BJT9Debdp/NFC21XpJFlhrwSignatureValue>Ww7ZmyUG50ZsIXZgXD0ro0UsEjBgnqHSAkBP8GHktBskdfkusZ4MRE8A4TH7dYvtX/y2MoytJbHqvnj1FZEgClBhjM28jt/Dd0c0xKj7LRj63YdN8vn7dzgKraqCB1/ZzVMdoD1gZ4dbjOCxEw5p10iLRCrQwOXD5EFYmlCEFJoqPzSAAYwfYexWwF7LukBw7NVZvjbkKlbGJS+uk/3yop/AkNl6HENX49CGdumudLj4CWzlmAhGLsao+u1gaha2Gyeu2jIbGuI/OcnVgEbgUXrGhASvxoe1093Y5zvzbLdJOu2+kihdHFBTki3YyZrQF57rUUc17TS3ZbTorDd2KQ==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9EX509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate> ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </saml:Assertion> </wst:RequestedSecurityToken> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>https://fmk</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2020Created>2022-1112-12T0829T12:0402:53Z<44Z</wsu:Created> <wsu:Expires>2020Expires>2022-1112-13T0830T12:0402:53Z<44Z</wsu:Expires> </wst:Lifetime> </wst:RequestSecurityTokenResponse> </wst:RequestSecurityTokenResponseCollection> </soapenv:Body> </soapenv:Envelope> |