Page History
Introduktion
Formål med dokumentet
Formålet med dette dokument er at give en detaljeret beskrivelse af de konkrete services, der udbydes af STS i forbindelse med anvendelsesområdet Borgeromvekslinger.
Læsevejledning
Dokumentet henvender sig primært til udviklere, der skal i gang med at anvende de konkrete borgervekslingssnitflader udbudt af STS.
Dokumentet bygger i høj grad på den overordnede STS - Guide til anvendere, som giver et overblik over STS og leverer i denne sammenhæng et mere dybdegående teknisk beskrivelse af de services i STS, der ligger i anvendelsesområdet borgeromvekslinger.
Overblik over services og anvendelse
Som beskrevet i STS - Guide til anvendere, så findes der i STS følgende services indenfor anvendelsesområdet borger:
| /sts/services/Bst2Idws | Omveksler OIO Saml bootstrap token til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring. Typen af bootstrap token kan enten være OIO3BST_CITIZEN, OIO2BST_CITIZEN eller OIO2BST_LEGACY. Bemærk, at bootstrap token skal være signeret af troværdig tredjepart (fx SEB IdP, NemLog-in IdP eller NemLog-in STS). |
| /sts/services/JWT2Idws | Ombytter JSON Web token (JWT) til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring. Bemærk, at JWT tokenet skal være signeret af troværdig tredjepart (pt. en OpenID Connect provider) |
| /sts/services/JWT2OIOSaml | Omveksler JSON Web token (JWT) til OIO Saml sikkerhedsbillet rettet mod et specifikt audience, f.eks. forløbsplaner.dk. Billetten er krypteret og er tænkt benyttet til sikker-browseropstart (SBO) Bemærk, at JWT tokenet skal være signeret af troværdig tredjepart (pt. en OpenID Connect provider) |
De to services Bst2Idws og JWT2Idws minder om hinanden i opbygning af requests, understøttede claims og valideringer. Disse beskrives derfor under et i afsnittet om claims og valideringer. JWT2OIOSaml beskrives for sig selv.
Claims og valideringer for veksling til IDWS tokens (Bst2Idws og JWT2Idws)
I forhold til berigelse af det udstedte IDWS token er der mulighed for at medsende følgende claims til:
...
- https://audience.nspop.dk/dds: Dokumentdelingsservicen
- https://audience.nspop.dk/minspaerring: MinSpærring
- https://audience.nspop.dk/minlog: MinLog2
- https://fmk: FMK
Der bliver desuden valideret at borgerens alder opfylder kravet for den minimale alder der er konfigureret i STS'en for borgeromvekslinger.
I eksemplerne nedenfor vises der eksempler på vekslinger af bootstraptoken til Idws og JWT til Idws. I eksemplet med bootstraptoken er der ydermere vist eksempler på anvendelsen af claims til både CPR for den kaldende bruger samt fuldmagt.
Service Endpoints
Afhængig af miljø udstilles tjenesten på:
|
http://<sts-host>:<port>/sts/services/JWT2Idws |
http://<sts-host>:<port>/sts/services/JWT2OIOSaml |
Eksempler på requests
I det følgende gives eksempler på følgende typer af requests:
- Omveksling af borger bootstrap token til IDWS token (med angivelse af anden borgers CPR nummer for fuldmagtstildelinger)
- Omveksling af borger JWT til IDWS token: Mangler for nuværende
- Omveksling af borger JWT til OIO Saml Token: Mangler for nuværende
...
Omveksling af borger bootstrap token til IDWS token
I dette eksempel Her vises eksempel eksempler på request requests til servicen Bst2IDWS. Bemærk både claim 'dk:gov:saml:attribute:CprNumberIdentifier' i forhold til borgerens eget CPR nummer med claims i forhold til anden borgers CPR nummer.
OIO3BST_CITIZEN - udstedes (på sigt) af NemLog-in STS
Request
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsa:Action<wsse:Security mustUnderstand="1" wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>security"> <wsa:MessageID wsu:Id="messageID">urn:uuid:3b222db7-5922-477c-b815-4ea35cba6574</wsa:MessageID> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu: <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2020Created>2023-12-07T0928T10:0457:30Z<48Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#messageID#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>qy1OEXC66wBsvGKipiai5kbgtVUDigestValue>fCllw3Lagb/vujh2A3HIuRC8WFg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7QDigestValue>IiN77aYXPnvGOCphzQ1GrEAscc0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>7U5J5GxULihSf9aMnTKZIBML9RcDigestValue>8J2ljhLBY8bo4rMRuVW2x1/c/sQ=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#body#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>pQiXI/9WJDEelRO2N9GJiUop5lEDigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>WBwK3D7bMq8Dm6ns6eJmIPICAoa92+fRWGzoKbDcKwSNkdTlRBBnw3okSHPDlvQ7P5cuKYCLfvgYG+/705aYDUQiyL7HexTJvBKMW+TR/fkvGeqB/mQcOVypaV7wYfS7mY0eZUuTWFLf6RGxEa3OkqD7r+HT9lqsdFDZbjxpUkBBpsWwMH1OOr1u5p+cY8thwCT4h38hDOupU3NsGz36nvlODqke1DtOAaiNeteN3rLDDf3FEIl3zqfiVix/vlrZee9mK/RgFdgIC9OFVkqQhYAWlGTNmcGKTjZ0ED07qtZVi5uGsMortCtIchr0KnW6uo+yBc7zdeO4aYb0ItM78g==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIGNDCCBRygAwIBAgIEXOg9yTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzQ3NTdaFw0yMzAyMTMxMzQzMzBaMIGeMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFfMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDo3OTY4MDA0NTA7BgNVBAMMNFRFU1Qgd2hpdGVsaXN0ZWQgU1AgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNWtWKpMlLgD5Er0SgRjNCKXlwU39x3DTPvqE/r09j96B+pwbzHjhnbV5HPwCNzoeUolcvnPmJrsOucIHsoKebPgfLEnhfjWnl0Z8ivPy/3iQfHyhJoB3shBcfLwH+FwZzEqw3hsabflVJHTq+9u2bLes9UM7r2Hy0mlynux28nFKB8dqkYVS1MjAid2cID4vbbavlFO+N+BSIt8M+MA8A1FVwhUEc/vyD+Ha8Alo3nYLZV9SqYlzeeGR+umiyQ7lhVOzv2CO2ULBSpX28mxGJ4N8CmCUrZgbSnPwkw3Mkq93bzMRUB4X9Bu/hWIpQZooKDM6wxE8dYn1yrAliw+ujAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFCe0e26va9zqyshyZoXec/52Pl5RMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnG/H/WeWIPAbnuPMZ/p2sSulgesmt6N1fK5mupYlVmLQ/7fuBIh/ER8zK3ya6yuQBAfSwIYib8iFWm+VBPc+CeS8KE/z4LRZKs3tsFkyEPlee3KpyQ4BQEawwLZjb0ZHS6ghI846SFOy+nYV8HpLvws5/vTNlGaRbBlrDVFzL/ZGois0EJe6wd3xnglwEIKjCxv30zzAnCOrmEzGIaojm07F7rnpQkaCmGNDfsSWl6Mi8SZ8jhFZHdybG9mjr6BXc1wJl2C6hQVuo7wvaIhVgJpV5BkG61mcCBniZhGr7uCJyjQ1vheKDEDle4IIzyVajjM+x5F3BWb6JQxujEHOU=</ds:X509Certificate>eCvtUXg+AeOiC/WMSK3/ew6M5ux79l14dZnn3Qql/Ygoxk64Rhsv0EQtpeO6n0LozT5diuH2HUOzE8TH0roqbcUnayPrRiqT0ONTCTETsWrmAQyAurrxcnofye8kUlDGSHXt72QQvnj1+1QSiMOrqeegHRa3YQV/Rd++0NIvQwdeX6HN+JHw1Tj7Y2UniUk7a7f6azyGhrv2DGj7E3a+nlHtfQWIZyAkFPniTRCgfTInBMMGi/HEevzCMt4YR9/1SEpcPWBbCnIPxqeWDy8TVMCGu2yKC/OH+q3kYDGEyhjovKYiaVXVeu2J3fZcPw1qtALrv6bxWHkI8SKQPM9yi6pz3FQwfI0PmWouBoS4BXnN35CKotpHYmswPxS3uG3Cn+gPxnGYH1TutO5wVCWYEXUrnyclj4ORXkRiGKGZxqrCcssDj3BgBCw0fZuIEQXGEsPzRPvO+t+huTmOOy9rKFljZ8i1qSsxEla+zENxxTcYDGuqpND1p9bt0gHfKg2E</ds:SignatureValue> <ds:KeyInfo> </ds:X509Data> </ds<ds:KeyInfo>X509Data> </ds:Signature> </wsse:Security> </soapenv<ds:Header>X509Certificate> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityToken Context="urn:uuid:b501bee1-e6ef-4bda-9877-ce43d8637354"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> <wst14:ActAs> </ds:X509Data> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_17433b24-cff4-4e22-ae47-4eefa07664a7" IssueInstant="2020-12-07T09:04:30Z" Version="2.0"</ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:1cf8e82e-5741-4bb9-a831-f0f89c83578a</wsa:MessageID> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityToken Context="urn:uuid:cf8a55b7-9d5f-4fce-aced-7769c4ca2de2"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <saml:Issuer>TEST trusted IdP</saml:Issuer> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst14:ActAs> <ds<saml:SignatureAssertion Idxmlns:xs="OCESSignature">http://www.w3.org/2001/XMLSchema" <ds:SignedInfo> <ds:CanonicalizationMethod Algorithmxmlns:xsi="http://www.w3.org/2001/10/xml-exc-c14n#"/>XMLSchema-instance" ID="_593cdbbb-e23d-4be5-8a6d-676187e4dd9c" IssueInstant="2023-12-28T10:57:48Z" <ds:SignatureMethod Algorithm Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#rsa-sha1xmldsig#"/> <ds:Reference URI="#_17433b24-cff4-4e22-ae47-4eefa07664a7"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://oio3bst-issuer.dk</saml:Issuer> <ds:Transforms> <ds:Signature Id="OCESSignature"> <ds:SignedInfo> <ds:TransformCanonicalizationMethod Algorithm="http://www.w3.org/20002001/0910/xmldsig#envelopedxml-exc-signaturec14n#" /> <ds:TransformSignatureMethod Algorithm="http://www.w3.org/2001/1004/xmlxmldsig-excmore#rsa-c14n#sha256" /> <ds:Reference </dsURI="#_593cdbbb-e23d-4be5-8a6d-676187e4dd9c"> <ds:Transforms> <ds:DigestMethodTransform Algorithm="http://www.w3.org/2000/09/xmldsig#sha1xmldsig#enveloped-signature" /> <ds:DigestValue>4jgrBp2Qz+1jWqwv4EPDwvnoeOU=</ds:DigestValue> Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Reference>Transforms> </ds:SignedInfo> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:SignatureValue>P0SXvO1fqVHbZIe/tcnlU7ppFHzxeb23F3YTdVjBR6U6U5xPKfn8NVaTYSJsqh6OGuxAXBrnAAYAd5wyP5E6Z8R62Q2z9Mog9qk+EM95kGfbqvJsAEQFDp6DEpAVyasKXpVdzqQv5b5/J2fG2X7ZHDUGeiIEHq9Cp/EWeFToOcEvx13eMU7MX2jhqdnc+aEGqjVHPsPrgSSy7z3zyg+5PQ476KmfuWxdKgxoKFtK1eMjbTk4bY1aEhDDQTcZNTgmg4qQVbOmMzRi3AWTl++HaMC1g8dXpuzNKWYnVc91a+vIRxghg3j6bzWDS+gET0vSyRAvlcFBl34/PdQlik8CCA== <ds:DigestValue>gNWtK4XYXVkkTSzxwdyxuhUrvIMzD8IQwRwbzX2sgGI=</ds:SignatureValue>DigestValue> <ds</ds:KeyInfo>Reference> </ds:SignedInfo> <ds:X509Data>SignatureValue> <ds:X509Certificate>MIIGMTCCBRmgAwIBAgIEXOg9zDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzUwNDhaFw0yMzAyMTMxMzQ5NDFaMIGbMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFcMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoyMjI0OTczMjA4BgNVBAMMMVRFU1QgdHJ1c3RlZCBJZFAgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxgR6YyL1auIQJtCyq6HpB3y5FtrFWigZsmbOXvhcxrmvjhqahlfvke2Vub5AfCPslTsbSgwg9sqhU7Hq2T96QZtLqa+UZP3PVzIqyfXwgXpOFvb2UGbXwQ5SPtSAhoo8z6cFPkBUdIGxL99DV7GPWw4kIk9ynV2YY/XulY049wePaHQFLuW4A5F+Nl6coXFpqn55fG0XNRxOPZUX3DUlnKT7aJKU4xA/1gIm+v4DbbIKN97SV1msXfQq+9Fdpz07dTQEINa9JzmBN1zPkT7hJEOHttqhtFwSxJhMA5V5k0ZbVj1b6WRgJZKUEtGSNOmyZUlcmwUgzz4PwGuMc85PHAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFN7fNS/56t+ZyVIxR6T6W0S7yS5JMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAANWrGs4jCmcvQX34e5h29UhxVegt8Jg02WWBzGB9/kH5YOVnSEp7CCIc4Qut0+C0QlvcDvCre12fOsII5ZlYjKIOXwXzjO2lsNmPKRom3+2syL5aWRQLsh3viVIvVLn4E5bZiEEX8P5KkXI8Exh9OlYEro5KpVyF8Bi2r7uJDmglCYl+BSc/zozgegXJ9KP4l+08mKVWPwwfw5qwp13PWbNNOVPpdIMVzN0YQCTUvPRfNqVfx265+zmx96HF2PvHCzTL95mKfWMs+SZEVpfek4Xl9priAOI6hhmcAZR1wwAklmI7KC4I3m0gFzUOPcZycXNg3G02gXvcmlwMcrdOek=</ds:X509Certificate>YT3dO6StVswfqgJL39yVgSq7Kn/dEmCyXKt0fWN5niKCa2WpPNVAyfVzcXIBEYGZ7UOLlCuXkk8bELXiJwJQ2NpbbdPRYE7g1O4w91mvYl0xs3cYxXFTKDbX7xxW7gxSF0GLGWATqHYmsmo47bi2pXqKUrEF7C3mQogEo6p0ssi4n44E5mFOO6aUJcTelJK+hoUhTmLXgZ754lhzrNZ34TomKMmFsoEpERdGXDiV2uNsUChpFLOSDWLDVdeXxAZ4QoR87CAkvoutCWICw1EdbbD+HOwq9PJjOI5UuSeMtTW+Q3/oiYVEGx1w5P6zjnX3FpPuu12kOaFIgUB6qqMhT6zNSsusEgaMQjGSeW7wOwTzKHnjDakoqjuPVsMghho2tsZi5nc6NWXAi787nU7oxLn85//dhWK22UU8y/Hlc/enufs1UG+EngTTLRXt3DBQ96gJntRygSf/bz3/9Bpcw1FMrDSS2qJS2WxtOBL8IgSCE8cgW5k8WLao8OMTiKqw</ds:SignatureValue> </ds:X509Data><ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:KeyInfo>X509Certificate> </ds:Signature>X509Data> <saml:Subject> </ds:KeyInfo> </ds:Signature> <saml:NameID Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:12.10:nameid-format:X509SubjectName">C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503<persistent"> dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearerholder-of-key"> <saml:SubjectConfirmationData NotOnOrAfter="2020-12-07T09:09:29Z" Recipient="https://sosi"/xsi:type="saml:KeyInfoConfirmationDataType"> </saml:SubjectConfirmation> <ds:KeyInfo> </saml:Subject> <saml:Conditions NotBefore="2020-12-07T09:04:24Z" NotOnOrAfter="2020-12-07T09:09:29Z"> <ds:X509Data> <saml:AudienceRestriction> <ds:X509Certificate> <saml:Audience/> </saml:AudienceRestriction> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </samlds:Conditions>X509Data> </saml:Assertion> </wst14ds:ActAs>KeyInfo> <wsp:AppliesTo> <wsa</saml:EndpointReference>SubjectConfirmationData> <wsa:Address>https://fmk</wsa:Address></saml:SubjectConfirmation> </wsasaml:EndpointReference>Subject> </wsp:AppliesTo> <wst<saml:ClaimsConditions DialectNotOnOrAfter="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims2023-12-28T12:57:48Z"> <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier"> <saml:AudienceRestriction> <auth:Value>0501792275</auth:Value> <saml:Audience>http://audience/clear</saml:Audience> </authsaml:ClaimType>AudienceRestriction> <auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf"> </saml:Conditions> <auth:Value>urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040</auth:Value> <saml:AttributeStatement> </auth:ClaimType> </wst:Claims> <saml:Attribute Name="https://data.gov.dk/model/core/specVersion" </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> |
Svaret fra STS ser således ud:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:assertionuri" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:bde6ee0c-06a9-4dd7-9ae0-3bf29b6280e3</wsa:MessageID> <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:3b222db7-5922-477c-b815-4ea35cba6574</wsa:RelatesTo> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> > <saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="https://data.gov.dk/concept/core/nsis/loa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">Substantial</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="https://data.gov.dk/model/core/eid/cprNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue> </saml:Attribute> <wsu:Created>2020-12-07T09:06:39Z</wsu:Created></saml:AttributeStatement> </saml:Assertion> </wsuwst14:Timestamp>ActAs> <ds<wsp:Signature>AppliesTo> <ds<wsa:SignedInfo>EndpointReference> <ds:CanonicalizationMethod Algorithm="http<wsa:Address>http://www.w3.org/2001/10/xml-exc-c14n#"/> audience/clear</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <ds<wst:SignatureMethodClaims AlgorithmDialect="http://wwwdocs.w3oasis-open.org/wsfed/2000authorization/09200706/xmldsig#rsa-sha1"/>0101603040authclaims"> <ds<auth:ReferenceClaimType URIUri="#messageIDdk:gov:saml:attribute:CprNumberIdentifier"> <ds:Transforms><auth:Value>0501792275</auth:Value> </auth:ClaimType> </wst:Claims> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> |
Svar fra STS
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<soapenv:Envelope xmlns:soapenv<ds:Transform Algorithm="http://wwwschemas.w3xmlsoap.org/2001soap/10envelope/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm xmlns:ds="http://www.w3.org/2000/09/xmldsig#sha1xmldsig#"/> <ds:DigestValue>5YUEr9PKYYu2iyvY0XhKxHE6NFk=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action"> <ds:Transforms> <ds:Transform Algorithm xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/20012005/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm08/addressing" xmlns:wsp="http://wwwschemas.w3xmlsoap.org/ws/20002004/09/xmldsig#sha1policy"/> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> </ds:Reference> <wsu:Created>2023-01-17T10:01:42Z</wsu:Created> <ds:Reference URI="#relatesTo"> </wsu:Timestamp> <ds:Signature> <ds:Transforms>SignedInfo> <ds:TransformCanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethodSignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1xmldsig#rsa-sha1"/> <ds:DigestValue>Oo+c5AT3Gky7Q2+jevrnjtKkbhI=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>/DWD2fllDigestValue>Dd3Fopf+qjDeFmjYb4i4TTQcJEKztciG0Ov2fyIFYV3bI=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#body#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>TOdMnbhE5vN9Q9/01qfrGKKKJP0DigestValue>QcufgSZuMyIqGDQRgzo2qhV9bPQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:Reference URI="#messageID"> <ds:SignatureValue>Or2nuZl8pyU4t6h90FP50MwghnBaQo0hGr/uOrDxkQo3lUXXxa5P2S4Vs5I8NzvgHGx22Piq19D2S7Z9NVMxPgRQC+kyhxIUehYFWv4ZlEX6L8Qn0N2T+44UA9pUZgJYH4BbUF0fXY79KZAiD5JGa6sc0ZKZTnO5eusR6ef6+m1jTGDOXEjH2J+qQ6i23VJPIYB0yxNU53n79d05rknhipWCQYfthE6eNKyfMy1jvkm1Wyux1bZUhwL+1WOZIbXTN7LbgN1I0x1IxFFe6yJ6ccIiSOoSzyEp00sVcTVoBLzfF2GmYVFijJo3kjjOXwnDTjxXCPCUE22ND4rjrmb2Zg==</ds:SignatureValue> <ds:Transforms> <ds:KeyInfo>Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:X509Data> </ds:Transforms> <ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>nu4c0NaE3eq9OGITv84JBSas6KE=</ds:X509Data>DigestValue> </ds:KeyInfo>Reference> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body wsu:Id="body<ds:Reference URI="#relatesTo"> <wst:RequestSecurityTokenResponseCollection> <wst:RequestSecurityTokenResponse Context="urn:uuid:b501bee1-e6ef-4bda-9877-ce43d8637354"> <ds:Transforms> <wst:TokenType>http <ds:Transform Algorithm="http://docswww.oasis-openw3.org/wss2001/10/oasisxml-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> exc-c14n#"/> <wst:RequestedSecurityToken> </ds:Transforms> <saml <ds:AssertionDigestMethod xmlns:xsAlgorithm="http://www.w3.org/20012000/09/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_fa311122-026e-4049-8ddf-cdbd84304d7c" IssueInstant="2020-12-07T09:06:39Z" Version="2.0"> xmldsig#sha1"/> <ds:DigestValue>9UwERB5xBRhppAfnRukLWgcivl0=</ds:DigestValue> <saml:Issuer>TEST2-NSP-STS</saml:Issuer> </ds:Reference> <ds:SignatureReference IdURI="OCESSignature#action"> <ds:SignedInfo>Transforms> <ds:CanonicalizationMethodTransform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:SignatureMethodDigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1xmldsig#sha1"/> <ds:Reference URI="#_fa311122-026e-4049-8ddf-cdbd84304d7c"><ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> <ds</ds:Transforms> SignedInfo> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:SignatureValue>jxKRTZ71YH+mfL4K5DyJy9Knvq12VmyklrREWzIUkiKPzbyvjyK2nXL152Sv3BY7/se+3aepmAhBGiQ7v+DHOjhCRDsGQZvs7J19tvSxLEYrdpVZdz93ZF0p5mKT9+Oqrx/nHSrcMkaBqf6/yWSoRivoJgRAJstJRfrjecNobYLowibqJJhLiGUYfucK3rde8FBTazzKwEjWdjrwCdJ3XeJanbRRY7L0z2NQahlt3HlSnT+3m0VJOBRL6dpKdOIlCi/pGcxkiXVZFXGQJhJpyaR8+QWj2Cs1rc/4/KrrGGdZX292s4UEnXsEaVcFKcvbb4Ggb4JZ1WATM9DeLABB2A==</ds:SignatureValue> <ds:KeyInfo> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:X509Data> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:X509Certificate>MIIGRzCCBS+gAwIBAgIEX51MYTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMTA4MTYwNjQ4MjJaFw0yNDA4MTYwNjQ3MjNaMIGOMQswCQYDVQQGEwJESzEvMC0GA1UECgwmU3RhdGVucyBTZXJ1bSBJbnN0aXR1dCAvLyBDVlI6NDY4Mzc0MjgxTjAgBgNVBAUTGUNWUjo0NjgzNzQyOC1VSUQ6Mjc5MTAxMzUwKgYDVQQDDCNTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC0gVGVzdCBWT0NFUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo3h9gnQBKbiJriTMg/QLuuJFNONeRl9F8T9RE+HEOdBhhb64afks3ztVjXQ15r8KNu0YwBkOVFOe0wz7w0uT7OSFxf5Zejl1BO7VxIkcYEfq5GjryNcHb50sB7G2CisfKtdN5DRSShJyQXgZ3cflVazP+ZrYfi9gy79GBVYi3mTxN4yJtSOkKIMh8knGiBgHVqS3fkOO+K5dmV9qImFYQvCpSf8XgN96d5+mTvuZ2Yu+8GaFCSU93CxlnfODkqAWkATYnV0I6hd9l7qrGjIT0flDaVm2ruJwKEW+CkeaG9W9yDYBNLNw6WqioUckslMkVUwSUD6rQ8MLrvxfmQ+WsCAwEAAaOCAu8wggLrMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuMCAGA1UdEQQZMBeBFXRlc3RjZXJ0aWZpa2F0QHNzaS5kazCBrQYDVR0fBIGlMIGiMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYqBgoF6kXDBaMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEPMA0GA1UEAwwGQ1JMMTk1MB8GA1UdIwQYMBaAFM1saJc5chmkNatk6vQRo4GH+Gk7MB0GA1UdDgQWBBTXaIm8KGHSJc24Q3sCwFiMXb5M3jAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCA26TOPUHHxffo7ajqZkZhNfDZzBl8XlcgQPbhrAZINCKD/cKesZGnJwElGHtexRfyUh073kkww1wP2EmZf+9m5Kry73hHKyUkawtO1/R2ib04OKpIZd8M3F9YfyOusZVxuTcYYty20xEfJO8HygzXNIrFFA1qorrMjuxiXZRnUDhjzUFVDAu/Rgt8cIR3pTvU1KizLBRUC6Q+8itJizvwMHVB+tRdENbUw+ElkXbLpFt+pc+C5wDFkVudv5B/46jU/ceGNdcmkvUt6F/ey3Uc3Pc30JzpYc4KDHKc6wOttYCNtxWAnpvhOS5HUuV6GpWVww28x3Ykhv0rfYXlZo4W</ds:X509Certificate> <ds:DigestValue>GOIAqcYUFLnazqyu7B4AL2vpV5o=</ds:DigestValue> X509Data> </ds:Reference> KeyInfo> </ds:SignedInfo>Signature> </wsse:Security> <ds:SignatureValue>sM1Nl1ehU0k4WwrNyIJaRn/VDH9JbriFlDKaRzd/iwYtiF6rCA+NQMMHYqAjjzPewjamKuueIqx7MTt0ElEN3mUcdBaSqaohdhmTTM9U2IB76B+sWNxpGdCXQ8N1lYjVqBYkCn6uAvzG89fADpTNkBct8ekWuj/UT06h/O8KLxybhK7I0HNOWkJ45BAhOIJTOc7Vg4qyIk3PJIh+8TzpyUY9L2WuBg8YKzgAd+8uCKRFn223ePRL6GtRlJJqsXm/x/82CNj6lGHdCFXsPcZrrYvKCmZu8FSFEqQrLjyE/ULnbTQVfe+gAPhIzAh01n1SvlWoQ0omyzjiWCAA2Sketw==</ds:SignatureValue><wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:886d0eb8-d70b-43fa-97ce-8d814342f306</wsa:MessageID> <wsa:RelatesTo <ds:KeyInfo> wsu:Id="relatesTo">urn:uuid:ebc3c28e-1fb4-48f3-8d70-ba71b778e12c</wsa:RelatesTo> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityTokenResponseCollection> <ds:X509Data><wst:RequestSecurityTokenResponse Context="urn:uuid:bc96d4e7-3427-46f8-a349-1dc33429f4f1"> <ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate><wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> </ds:X509Data> </ds:KeyInfo> </ds:Signature><wst:RequestedSecurityToken> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503</saml:NameID> <saml:SubjectConfirmation MethodAssertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_3fb99f0a-4da0-4157-accd-789b1ac78e14" IssueInstant="2023-01-17T10:01:42Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> assertion"> <saml:SubjectConfirmationData NotOnOrAfter="2020-12-07T09:09:29Z" Recipient="https://fmk"> <saml:Issuer>TESTSTS</saml:Issuer> <ds:KeyInfo> Signature Id="OCESSignature"> <ds:X509Data>SignedInfo> <ds:X509Certificate>MIIGNDCCBRygAwIBAgIEXOg9yTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzQ3NTdaFw0yMzAyMTMxMzQzMzBaMIGeMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFfMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDo3OTY4MDA0NTA7BgNVBAMMNFRFU1Qgd2hpdGVsaXN0ZWQgU1AgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNWtWKpMlLgD5Er0SgRjNCKXlwU39x3DTPvqE/r09j96B+pwbzHjhnbV5HPwCNzoeUolcvnPmJrsOucIHsoKebPgfLEnhfjWnl0Z8ivPy/3iQfHyhJoB3shBcfLwH+FwZzEqw3hsabflVJHTq+9u2bLes9UM7r2Hy0mlynux28nFKB8dqkYVS1MjAid2cID4vbbavlFO+N+BSIt8M+MA8A1FVwhUEc/vyD+Ha8Alo3nYLZV9SqYlzeeGR+umiyQ7lhVOzv2CO2ULBSpX28mxGJ4N8CmCUrZgbSnPwkw3Mkq93bzMRUB4X9Bu/hWIpQZooKDM6wxE8dYn1yrAliw+ujAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFCe0e26va9zqyshyZoXec/52Pl5RMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnG/H/WeWIPAbnuPMZ/p2sSulgesmt6N1fK5mupYlVmLQ/7fuBIh/ER8zK3ya6yuQBAfSwIYib8iFWm+VBPc+CeS8KE/z4LRZKs3tsFkyEPlee3KpyQ4BQEawwLZjb0ZHS6ghI846SFOy+nYV8HpLvws5/vTNlGaRbBlrDVFzL/ZGois0EJe6wd3xnglwEIKjCxv30zzAnCOrmEzGIaojm07F7rnpQkaCmGNDfsSWl6Mi8SZ8jhFZHdybG9mjr6BXc1wJl2C6hQVuo7wvaIhVgJpV5BkG61mcCBniZhGr7uCJyjQ1vheKDEDle4IIzyVajjM+x5F3BWb6JQxujEHOU=</ds:X509Certificate><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:X509Data><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> </ds:KeyInfo><ds:Reference URI="#_3fb99f0a-4da0-4157-accd-789b1ac78e14"> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> <ds:Transforms> </saml:Subject> <saml<ds:ConditionsTransform NotBeforeAlgorithm="2020-12-07T09:01:39Z" NotOnOrAfter="2020-12-07T09:09:29Z"http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <saml:AudienceRestriction> <saml:Audience>https://fmk</saml:Audience><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </saml:AudienceRestriction> </samlds:Conditions>Transforms> <saml:AttributeStatement> <saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue><ds:DigestValue>kJE9hhP9+/xweTiQukBiZipAjhQ=</ds:DigestValue> </samlds:Attribute>Reference> <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"></ds:SignedInfo> <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue><ds:SignatureValue>UcLkNItCKooUYVERRLUkeJvkPKXa5XGyim8/QY3bz20LsgO2J2FNUwREsLLk79cB0V7DZsB3MDulLBXiApYglI/ZPsX0lnr40fKFHBS8AOUrKidMVKbWVzQLqzIduwrgcIZCx2iwkuvXxlocuPlRmlochjAOCpNF6X/ZCaMOZTI8cnVrRptzsesXhhz+Hkuj/snUmzOT6sqPXq9RcqYkKD+ucHBnn7u0altrvng7mKzshNjd73Djrn7Edsj/J2Z69P9NYSv+32Ai7Uxe3d9G9vkqjjRg6Zh7bKm4cT//tjF8Zbq+F8hbdF1vM/t0iqCLln3OaMsRVJ0jZhLvN99HJg==</ds:SignatureValue> </saml<ds:Attribute>KeyInfo> <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <ds:X509Data> <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue><ds:X509Certificate>MIIGRzCCBS+gAwIBAgIEX51MYTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMTA4MTYwNjQ4MjJaFw0yNDA4MTYwNjQ3MjNaMIGOMQswCQYDVQQGEwJESzEvMC0GA1UECgwmU3RhdGVucyBTZXJ1bSBJbnN0aXR1dCAvLyBDVlI6NDY4Mzc0MjgxTjAgBgNVBAUTGUNWUjo0NjgzNzQyOC1VSUQ6Mjc5MTAxMzUwKgYDVQQDDCNTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC0gVGVzdCBWT0NFUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo3h9gnQBKbiJriTMg/QLuuJFNONeRl9F8T9RE+HEOdBhhb64afks3ztVjXQ15r8KNu0YwBkOVFOe0wz7w0uT7OSFxf5Zejl1BO7VxIkcYEfq5GjryNcHb50sB7G2CisfKtdN5DRSShJyQXgZ3cflVazP+ZrYfi9gy79GBVYi3mTxN4yJtSOkKIMh8knGiBgHVqS3fkOO+K5dmV9qImFYQvCpSf8XgN96d5+mTvuZ2Yu+8GaFCSU93CxlnfODkqAWkATYnV0I6hd9l7qrGjIT0flDaVm2ruJwKEW+CkeaG9W9yDYBNLNw6WqioUckslMkVUwSUD6rQ8MLrvxfmQ+WsCAwEAAaOCAu8wggLrMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuMCAGA1UdEQQZMBeBFXRlc3RjZXJ0aWZpa2F0QHNzaS5kazCBrQYDVR0fBIGlMIGiMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYqBgoF6kXDBaMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEPMA0GA1UEAwwGQ1JMMTk1MB8GA1UdIwQYMBaAFM1saJc5chmkNatk6vQRo4GH+Gk7MB0GA1UdDgQWBBTXaIm8KGHSJc24Q3sCwFiMXb5M3jAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCA26TOPUHHxffo7ajqZkZhNfDZzBl8XlcgQPbhrAZINCKD/cKesZGnJwElGHtexRfyUh073kkww1wP2EmZf+9m5Kry73hHKyUkawtO1/R2ib04OKpIZd8M3F9YfyOusZVxuTcYYty20xEfJO8HygzXNIrFFA1qorrMjuxiXZRnUDhjzUFVDAu/Rgt8cIR3pTvU1KizLBRUC6Q+8itJizvwMHVB+tRdENbUw+ElkXbLpFt+pc+C5wDFkVudv5B/46jU/ceGNdcmkvUt6F/ey3Uc3Pc30JzpYc4KDHKc6wOttYCNtxWAnpvhOS5HUuV6GpWVww28x3Ykhv0rfYXlZo4W</ds:X509Certificate> </samlds:Attribute>X509Data> <saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:AttributeValueNameID xsi:typeFormat="xs:string">PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2l0c3QuZGsvb2lvc2FtbC9iYXNpY19wcml2aWxlZ2VfcHJvZmlsZSI+PGJwcDpQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOmRrOmhlYWx0aGNhcmU6c2FtbDphY3RUaHJvdWdoUHJvY3VyYXRpb25CeTpjcHJOdW1iZXJJZGVudGlmaWVyOjAxMDE2MDMwNDAiPjxicHA6UHJpdmlsZWdlPnVybjpkazpuc3BvcDpzdHM6ZGR2OnJlYWQ8L2JwcDpQcml2aWxlZ2U+PGJwcDpQcml2aWxlZ2U+dXJuOmRrOm5zcG9wOnN0czpkZHY6d3JpdGU8L2JwcDpQcml2aWxlZ2U+PGJwcDpQcml2aWxlZ2U+dXJuOmRrOm5zcG9wOnN0czpmbWs6cmVhZDwvYnBwOlByaXZpbGVnZT48YnBwOlByaXZpbGVnZT51cm46ZGs6bnNwb3A6c3RzOmZtazp3cml0ZTwvYnBwOlByaXZpbGVnZT48L2JwcDpQcml2aWxlZ2VHcm91cD48L2JwcDpQcml2aWxlZ2VMaXN0Pg==</saml:AttributeValue>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID> </saml:Attribute> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> </saml:AttributeStatement> <saml:SubjectConfirmationData NotOnOrAfter="2023-01-17T10:06:42Z" Recipient="http://audience/clear"> </saml:Assertion> </wst<ds:RequestedSecurityToken>KeyInfo> <wsp:AppliesTo> <wsa<ds:EndpointReference>X509Data> <wsa:Address>https://fmk</wsa:Address> <ds:X509Certificate>MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </wsa:EndpointReference> </wspds:AppliesTo>X509Data> <wst:Lifetime> <wsu:Created>2020-12-07T09:01:39Z</wsu:Created> </ds:KeyInfo> <wsu:Expires>2020-12-07T09:09:29Z</wsu:Expires></saml:SubjectConfirmationData> </wst:Lifetime> </wstsaml:RequestSecurityTokenResponse>SubjectConfirmation> </wstsaml:RequestSecurityTokenResponseCollection>Subject> </soapenv:Body> </soapenv:Envelope> |
Bemærk returværdien fra STS, der indeholder attributten 'dk:gov:saml:attribute:Privileges_intermediate'. Værdien er base64 encoded. Efter en decode ser det således ud (bemærk, at strukturen både indeholder det CPR nummer, som borgeren ønsker at arbejde på vegne af samt listen af de privilegier, der rent faktisk er tildelt fra denne borger til den kaldende borger):
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile">
<bpp:PrivilegeGroup Scope="urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040">
<bpp:Privilege>urn:dk:nspop:sts:ddv:read</bpp:Privilege>
<bpp:Privilege>urn:dk:nspop:sts:ddv:write</bpp:Privilege>
<bpp:Privilege>urn:dk:nspop:sts:fmk:read</bpp:Privilege>
<bpp:Privilege>urn:dk:nspop:sts:fmk:write</bpp:Privilege>
</bpp:PrivilegeGroup>
</bpp:PrivilegeList> |
...
<saml:Conditions NotBefore="2023-01-17T09:56:42Z" NotOnOrAfter="2023-01-17T10:06:42Z">
<saml:AudienceRestriction>
<saml:Audience>http://audience/clear</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://audience/clear</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2023-01-17T09:56:42Z</wsu:Created>
<wsu:Expires>2023-01-17T10:06:42Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
OIO2BST_CITIZEN - udstedes af SEB IdP
Request
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2024-02-23T09:20:36Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>K6NblQLm29GnlaOTpaoqPbtcLHg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>/OQpEg3nog5DimJhhsBbCmCYrnU=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>0EpRuLcuAoWm8+cuLdJGMBkBWVo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
YUhbJ+uMu87Tj7TP1PYSflr1fTVUrf5ao6C5t+wtt06y9hn4QDtAovzPG3QAS7Cx79chxFcwKHWfGB2eBsKmj3VRr69d9C9JN62kpOSXDhdqKPcZETMvGU0iw1n29oI1JoR8UW55glppoRU07sGkssut1mm42PWg0P3xjXbUYofD0VMznHDLXF2iGtBv1vjXHXuin5UXYy1zL/SXl8Hvl9WWN1Cxg46VEGhvFcRRvoHknzDrWYJMbvVyVqzbRRTYDOUSaY+ECsGK/Gxn8NcVjbuHXa9kcs87h5GKHc+8wnV5dorDVo+SikpIuOrMPNwzW85Y8e2O68vK8NLa2SyrP2NaYFi50KoXluUOePGla8IFX1PxdVBCQLg+twFAosV3Ta1Ma7Ssdj/dSINs/lU9tcBvsNvnNPIxZVVBUZvMZ3K39AwoUDChSFZuv7o1FWHCXdJkI+3NZepFG2QL8ah3k4tq58MSFAAE8IW48F0thxyzjVxVvCRysD6J0hdo6JgD</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:8f55fcc0-6939-4a08-a6f7-35dfe686573e</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:edd62a55-4408-45ca-8dc5-b215d49c9797">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ID="_247b7481-a132-491b-aab9-187bdb90383c" IssueInstant="2024-02-23T09:20:36Z"
Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://oio2bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#_247b7481-a132-491b-aab9-187bdb90383c">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>KeyC0zlzgeHD5vDYBaivdYgfKi/2cnhpW31VXUoV65k=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Tr5Puq+s+4X1SHRTjK4od5/lQN2qhhz6TpSKxR4jbsZOtP/ngPdi2uR/i9XVjyWanBCgsd+FYsX9qeyHXw4fwlcOTTw6NWYxzTJhM+QNHhZcr9+nzgAy3uX3etqIiF6CTSQn52ZSFtVyKJzXzi3yNsaHR6HCJO4O2e8qSXyONsFlbsoVz/BBxze/uAKmwZG/5EsrWGJMQRjBd6Ik8vQ1WN/2yFPxGqAbsh7l0oEQqT8e/St/CuP4pLzvRMkRvQ9VuL9jaUAbtNDh2uFNWqy//l6t2EmRLB1yNdpFnThOkV66kx9F4yC9VPYcfkaB/dr+WbAGmMILuu+d14RvZPw5fe9eommtxRqT4ALH3JTKQDoXAkunXAEiAXtQEa+0IHip0Jwg6KzSZSNTxy+e1qh+aA57+QCZLzm7I5tkS1jUxT2AsaYP6iYnspRohTiiKM0AGfcXzW8dilriQX8W92fqEqCzpkZ0eNbnTCNvj9SP6+fq5BRraHKccb/VDRkVscmu</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData
xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2024-02-23T11:20:35Z">
<saml:AudienceRestriction>
<saml:Audience>http://audience/clear</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://audience/clear</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier">
<auth:Value>0501792275</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
Svar fra STS
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2024-02-23T09:20:36Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>MX56m7Zlnfh3wUIqhO2cUcVYPZo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>/OQpEg3nog5DimJhhsBbCmCYrnU=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Svg8kNvCmu7pVJgK+XnUIZmuwmo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>6811BMZG6WN0RxCj46QkgkGQ04A=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DTKTeVwgSBy5JVzReLpWwTR3VHTdZ8OMoT81O6rE8e0gAfzbxWiDXXjOe//d1DJ/lcuMjgx3d0Q34Hjx133Jm/neFoD04fgYk2PIO8bj/k0C/LUXz/53kvyzDU7wWRCVwFgBdJl4FwIxqrnAAEG+ILvPiIPZd1buVLiKgv9KJi4eN4xLtU+korApF5o95xAVbTKyFQJVATRHAMHRna416FffBxYTEffIY4x9UxWBrYxMvdbZ03hLrCkRqTYGCWb2oxOAtnB4vKwP1Q9jwMir8GgGy4JHdyF4cTxHLK5u1xVuN16BO3PFM4lv2hQGW45WZqSqGGXfeGfulvYH5St2nxGlPCA419V0n8GtoYhkDZjo12fVDxwU5897UbP/ewvJ/7B7P4kMmIidtNxo3f+JiGqUzE9KwFh4ofNevauKwciObIWp0EkAxmQttqTSScqv8ovZEw2dii1Xz6NXsAHavtk8fIDCLrLdKQhDDK8Go6e36VmzHpMdGX3WuSgI3UGg</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:47fa9dab-7fbc-417a-ad0d-dd2c82dccf70</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:8f55fcc0-6939-4a08-a6f7-35dfe686573e</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse
Context="urn:uuid:edd62a55-4408-45ca-8dc5-b215d49c9797">
<wst:TokenType>
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ID="_f355a920-4da2-4d1c-8e17-f974accb1413"
IssueInstant="2024-02-23T09:20:36Z" Version="2.0"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>TESTSTS</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_f355a920-4da2-4d1c-8e17-f974accb1413">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>PX0vREuRydy5Mod7TU8FWeEUyqg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
bv8FCelnJYIBmqHMhIrOTlaklZfv7YWlxfOhb2Mo5v1m/89pZJYDRWOLD8XphD6oEZZEKUIxNWimSceaL3vhv1cHplvulxDPgMUQv40c7exFbF7QRcZRY+NOrohTi0DFrzaFNEkNAXh5pHS1JB56kquHWsXfK26+7QyM9wDeLxPZO4P0baWP7VNO2m06Ah4Ru3B/hqNYxv4DcAKPibpgRQFYyT952INHMai21l8BAwHL1gmFxjVxrSLSj+Qo2FDCHLB2ldkPAZy3Ar/+fDHHxlDrqJIfUQXonsQZ01GGHGlcTIdbPbFZoPQVNn+aTWYgTFdJFIsQyUFIMM5dr2UUI6J7tx11t+kI6DMi4akhLFv+rD+N23NQlZSHZqpPnbe0OCt7DOebDwtxDZatd9oshrS4jw4MM70iiT6as9UZTv/31tzwhVf6tCd+zGaUdFSZ/+HDfqC1rAVWMdXf0tTaIQ8p20HuzrxZ+xyR/tjF4m6yx+4yS9k6fZXbc6uXduAs</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData NotOnOrAfter="2024-02-23T09:25:36Z"
Recipient="http://audience/clear">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2024-02-23T09:15:36Z"
NotOnOrAfter="2024-02-23T09:25:36Z">
<saml:AudienceRestriction>
<saml:Audience>http://audience/clear</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://audience/clear</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2024-02-23T09:15:36Z</wsu:Created>
<wsu:Expires>2024-02-23T09:25:36Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
OIO2BST_LEGACY - udstedes af NemLog-in IdP
Request
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2024-02-22T13:19:27Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>+PQJ+2kwDcJxXYE8iUenERzGeI4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>TThCBOCpnyZAloTBcWlyRTYupNM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>N2ZemMQczU42xX24fGmGmyNxxog=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
CdwfolKMiOq1bj3fCctMQCNVAIQRaU+oQ9kDrJ9eDkT4kNPI52gXwlaYc3YFYEAAvTIccTn3cxEJOTRtz7O3I4Q9vv1loFEf9rkiDoHqVotgggxTcDzXM2F8BfSBMv3Cn4cvIbCBgal9Deiwkk0PPpMZ2TkRrevPcSPlxcaZzgCMTYoIupC/OazGccUUEGQ86PWAzUXXL+Ae7FNeKhB8MNCE7kPy9pHrOWGoASlKoKhcX1lZgsMhBC4NZRhRFJD7aT781V44ozKlXoLpmvgb5JtKiBC/+dQ7UUhtgRL4QX/esdt3xRT+m0SMtU2Qkym/uP1KEon6IyGKarHNOWGanhaNYKuKtaspP6qotYqDZdLETw6ZbQwqgCewmyhHxhsEcGLS/k+PEJQAqFj/kLb8dZL+YqRAT90XJNmRcBD2AmoXFuXmKb8OFgz4EpbVhvcEiCIiYS9gf53jFae1ggVZl4zaKukizZcejYWPXEw7ZwM3i95rgVHcnjScDji9PYdk</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:1bb8ec36-9f6e-4414-aa38-f24e461d1444</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:bc4558fb-83dc-4a7d-ac91-b02f48cfa602">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ID="_025f66d8-0d7b-4e0b-8f53-21f2d475719b" IssueInstant="2024-02-22T13:19:27Z"
Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://oio2bst-legacy-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#_025f66d8-0d7b-4e0b-8f53-21f2d475719b">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>jpSuVLJ294+i3yyNtxCXCkpyux1/Y/7b3tfmtvxW6TY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
jKSKaKZYtBbJwFYrhLHqkX6ao5OeCUZLojxc3zLcsFK6aCV5kVYU53plxkIcG3M5SzES3hhwgjiOu9M95IlHe2dNJvQzCRECzWSiPHnJL+X008ouTMwNfZlWfgVX6FlBeIIl1sfs8lcvDL/1fo+5YBT8uF0mJFnuLQwtSlEIkze51dsJ233qGQnXeSZvhKWdq+SJDztKWeM71f57DZ1cekxFFoKmaJ5R5ru5UCalylHzEYgfBqQZGeQj/L/XG4oP/B7evBFnylx6NAPkiQ47AavV9Kt4BMC3VRBMr8h6oof585QB1MoykR0Rr6yVRfWOQNGKoK0oe9RXk41AMe6JdifxZiR8TuNJDPu9Cqfq9sguO6oP9smKa9jhPyYdrgUkBJMD1p68r//wVW6jFiDSW+ufe1m77cYMe2MKraDDF95Fe9wc8lLWig2HBFnMCQ4d2OT4gV3mEwseIm0EClHzZ6OpOF4BzhZ6gs2fmBmEUa+p6Cbm6wNphHIC/PuTo2qe</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Testorganisation
nr.
94354969,CN=null,Serial=UI:DK-P:G:23550132-5e1f-4e43-a5f9-048acf49e0b8</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData
xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2024-02-22T15:19:20Z">
<saml:AudienceRestriction>
<saml:Audience>http://audience/clear</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2024-02-22T12:19:20Z"
SessionIndex="_025f66d8-0d7b-4e0b-8f53-21f2d475719b">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthnStatement AuthnInstant="2024-02-22T12:19:20Z"
SessionIndex="_025f66d8-0d7b-4e0b-8f53-21f2d475719b">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://audience/clear</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier">
<auth:Value>0501792275</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf">
<auth:Value>
urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:1111111118</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
Svar fra STS
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2024-02-22T13:21:38Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>SwKjKMO/razhrzgzJF1iP19kWtk=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>lfWkWps0ueOLKfaZ3WFPcizG5A4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>W6GOH/kKoBhMPCKDQH4VcD5o9xg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RqZqQczJIzv0XwAX5KFxtHom2wE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ptVHrau5WCAkxuxMOc0Grtw1ihtZ+v5gLVS/UZhuSZExSacRE+9ae/hDlxZ9KEKolitbKedGSqo4hrV8KltdKt9f8g2HB6Y2mBBjNOoqEjjV4gQUfj1R/ubc0lRgUNtRobtEl6WRg4K0lfHo0HJsq5mG/jcGPV5O1rPxblfunaZex2EgHzsEH2YX2Eb1icSz/Sviust7AnteHg7cUmNBDXmFM6EYDxF1e/xnC9IQeR9fcj9+Rgki0FYfkikW1625med9wRCiHPEafqKZmcw4CPcC+Ryt/GV6tz1YwyjQGwT9V45VCknpD1X3uADdzyMpQIJnojigeZI0I+C3vkH+SjWpwenklBENIoJA9EhhgRWsfAWzWmc69+FNvLEyVfFp5SDl1MfOiTw+zoGKSEAguDysEmcnvcLpvbsMEMDMqj2FvSVY+7ZngIkNWhOxVDAvjO8Zx1rMNIaNImipSa7wdYKqujGRtv7AsSjGMqGvfYkbxKgyjdetUu0+8TSBYCiK</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:c467ee8f-de82-4ca7-9afa-fdb1e70f203a</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:1bb8ec36-9f6e-4414-aa38-f24e461d1444</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse
Context="urn:uuid:bc4558fb-83dc-4a7d-ac91-b02f48cfa602">
<wst:TokenType>
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ID="_4205addb-4282-49a4-8d9c-90bf5e93566d"
IssueInstant="2024-02-22T13:21:38Z" Version="2.0"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>TESTSTS</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_4205addb-4282-49a4-8d9c-90bf5e93566d">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>0Cz5s72TRBmk12a6pmVWJAgrnBI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
HHzFb7ye7g0kUyc0OsLt4BoEXk+nr35yrgVhZi0YzW+viNasZkJtpRSjznhydJFsyaWiXNW9DpFHbdp1jZrmDwPHyHQEacqmdi5SggQ1o6g70QI3d33QyxQNxzl6CegaRPcGUsu1moGkkziNT2bsydHmQknGf1cOkrVtAuqBg0wUhcvVf+jI3gEyU3zFNOKW9IZXl1X8jotMSrdav4IpeylmS3qVWUqc1MKajBwZjFQrYVridkDxrBRd7wDpzzF5cZP80tkJY+3d2Uf3UimsjzEo2jJNx64UVa/PsT6lgwpA2vfm6ZIYPcCecadngEdORCjetelDQPIcJ9ZLAwWtqcmVXo7gndDUBtKcKieQzd32PD3Nu7PC1lq5ZwjqoX1vtWku88+iYARi539pOj6agboVCxIUJkcXWIE0fVkLq9yD43yXuN7EYHF/uI4WnK1olUJWr2pyUnihG5G9DDuUbsi2WFNPfrLRtV26f6IaEbZ6u4rjEvKhphA/mzPcqeS0</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
C=DK,O=Testorganisation
nr.
94354969,CN=null,Serial=UI:DK-P:G:23550132-5e1f-4e43-a5f9-048acf49e0b8</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData NotOnOrAfter="2024-02-22T13:26:38Z"
Recipient="http://audience/clear">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2024-02-22T13:16:38Z"
NotOnOrAfter="2024-02-22T13:26:38Z">
<saml:AudienceRestriction>
<saml:Audience>http://audience/clear</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediate"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2l0c3QuZGsvb2lvc2FtbC9iYXNpY19wcml2aWxlZ2VfcHJvZmlsZSI+PGJwcDpQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOmRrOmhlYWx0aGNhcmU6c2FtbDphY3RUaHJvdWdoUHJvY3VyYXRpb25CeTpjcHJOdW1iZXJJZGVudGlmaWVyOjExMTExMTExMTgiPjxicHA6UHJpdmlsZWdlPnVybjpkazpuc3BvcDpzdHM6Zm1rOnJlYWQ8L2JwcDpQcml2aWxlZ2U+PC9icHA6UHJpdmlsZWdlR3JvdXA+PC9icHA6UHJpdmlsZWdlTGlzdD4=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://audience/clear</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2024-02-22T13:16:38Z</wsu:Created>
<wsu:Expires>2024-02-22T13:26:38Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
Overordnet for ovenstående typer
Bemærk returværdien fra STS, der indeholder attributten 'dk:gov:saml:attribute:Privileges_intermediate' (Vist i ovenstående eksempel fra OIO2BST_LEGACY STS-svaret):
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediate"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2RpZ3N0LmRrL29pb3NhbWwvYmFzaWNfcHJpdmlsZWdlX3Byb2ZpbGUiPjxQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOnByZWZpeDoxMjM0NTY3ODkwIj48UHJpdmlsZWdlPnVybjpkazpzdW5kaGVkc2RhdGFzdHlyZWxzZW46aWRzYXM6cmVhZDp1bmJsdXJyZWQ8L1ByaXZpbGVnZT48L1ByaXZpbGVnZUdyb3VwPjwvYnBwOlByaXZpbGVnZUxpc3Q+
</saml:AttributeValue>
</saml:Attribute> |
Værdien er base64 encoded, og kan indeholde forskellige værdier. Disse er beskrevet nedenunder. Eksemplerne viser værdien efter en base64 decode.
Fuldmagt
Bemærk at strukturen både indeholder det CPR nummer, som borgeren ønsker at arbejde på vegne af, samt listen af de privilegier der rent faktisk er tildelt fra denne borger, til den kaldende borger:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile">
<bpp:PrivilegeGroup Scope="urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040">
<bpp:Privilege>urn:dk:nspop:sts:fmk:read</bpp:Privilege>
<bpp:Privilege>urn:dk:nspop:sts:fmk:write</bpp:Privilege>
</bpp:PrivilegeGroup>
</bpp:PrivilegeList> |
Subject Relations
Man kan også vedlægge en claim om værgemål eller forældremyndighed ift. en anden borger. Dette gøres under "dk:healthcare:saml:attribute:OnBehalfOf", og der er de to muligheder der ses herunder. Bemærk dog, at man kun kan claime "WardCustody" hvis man specifikt er blevet whitelisted til det som anvender.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf">
<auth:Value>
urn:dk:healthcare:saml:actThrough:WardCustody:cprNumberIdentifier:1111111118
</auth:Value>
</auth:ClaimType> |
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf">
<auth:Value>
urn:dk:healthcare:saml:actThrough:ParentalCustody:cprNumberIdentifier:1111111118
</auth:Value>
</auth:ClaimType> |
I billetten vil subject relations være kodet i stil med følgende, dog i praksis base64-encoded som nævnt ovenfor.
Eksempel for "Fuld værge". Her behøves attributten "relatedPersonAge" ikke være angivet:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<srp:SubjectRelations
xmlns:srp="urn:dk:healthcare:saml:subject_relations_profile:1.1">
<srp:VerifiedRelation
relationType="wardCustodyHolder"
relatedPersonID="0101111234"
relatedPersonIDType="URN:OID:1.2.208.176.1.2"
/>
</srp:SubjectRelations> |
Hvis det drejer sig om "Forældremyndighed", så skal attributten "relatedPersonAge" være angivet:
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<srp:SubjectRelations
xmlns:srp="urn:dk:healthcare:saml:subject_relations_profile:1.1">
<srp:VerifiedRelation
relationType="parentalCustodyHolder"
relatedPersonID="0101111234"
relatedPersonIDType="URN:OID:1.2.208.176.1.2"
relatedPersonAge= ”10”
/>
</srp:SubjectRelations> |
Sløring
STS vil gennem IDSAS slå op om sløring er ønsket. Sløring vil optræde som specificeret i OIOITP Blurring Instructions Profile 1.1 i billetten.
Returværdien fra STS indeholder sløringer hvis xml'en indeholder attributten "urn:dk:healthcare:saml:attribute:BlurringInstructions":
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Name="urn:dk:healthcare:saml:attribute:BlurringInstructions"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">
<!-- Slørings-oplysninger i Base64 encodet form. -->
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxiaXA6Qmx1cnJpbmdJbnN0cnVj
dGlvbnMgeG1sbnM6YmlwPSJ1cm46ZGs6aG-
VhbHRoY2FyZTpzYW1sOmJsdXJyaW5nX2luc3RydWN0aW9uX3Byb2ZpbGU6MS4wIiBjdXItcmVudFNhbH
Q9IjVrWlpMTlFNTkl-
rejFZN3RDRGozR1E9PSI+DQoJPGJpcDpCbHVyRW1wbG95ZWVOYW1lc0Zyb21Pcmcgb3JnVHlwZT0iQ1Z
SIiByZWFzb249ImZyb21fcmVsYXRlZF9wZXJzb24iPg0KCQkyOTE5MDkyNQ0KCTwvYml-
wOkJsdXJFbXBsb3llZU5hbWVzRnJvbU9yZz4NCjwvYmlwOkJsdXJyaW5nSW5zdHJ1Y3Rpb25zPg== </saml:AttributeValue>
</saml:Attribute> |
Værdien er base64 encoded, og kan indeholde forskellige værdier. Disse er beskrevet nedenunder. Eksemplerne viser værdien efter en base64 decode.
Brugerspecifik sløring fra to CVR numre
Eksempel på en borgerspecifik sløring fra både Region Midtjylland (CVR:29190925) og Region Nordjylland (CVR:29190941).
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">
<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="specific_for_person">
29190925
</bip:BlurEmployeeNamesFromOrg>
<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="specific_for_person">
29190941
</bip:BlurEmployeeNamesFromOrg>
</bip:BlurringInstructions> |
Ingen sløringer
Bemærk: <bip:BlurringInstructions> med currentSalt skal altid indlejres, uanset om der er sløringer ej.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==" /> |
Sløringer fra en relateret person
Hvis borgeren skal se oplysninger om en relateret person (f.eks. en fuldmagtsgiver), skal der også sløres for borgeren, når der er sløret for fuldmagtsgiveren.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">
<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="from_related_person">
29190925
</bip:BlurEmployeeNamesFromOrg>
</bip:BlurringInstructions> |
Sløringer både personlige og for en relateret person
I sjældne tilfælde kan der både være sløret for ’subject’ og den som ’subject’ ønsker at slå op på:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">
<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="specific_for_person">
29190925
</bip:BlurEmployeeNamesFromOrg>
<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="from_related_person">
29190941
</bip:BlurEmployeeNamesFromOrg>
</bip:BlurringInstructions> |
Simpel afdelingssløring
Afdelingssløringer vil i mange tilfælde optræde uden tilhørende borgerspecifikke sløringer:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">
<bip:BlurEmployeeNamesFromOrg orgType="SOR" reason="specific_department">
<!-- Retspsykiatrien Glostrup, SOR kode -->
536331000016003
</bip:BlurEmployeeNamesFromOrg>
<bip:BlurEmployeeNamesFromOrg orgType="SHAK" reason="specific_department">
<!-- Retspsykiatrien Glostrup, SHAK kode -->
1500P1V
</bip:BlurEmployeeNamesFromOrg>
</bip:BlurringInstructions> |
Kombination af specifikke sløringer og afdelingssløringer
Afdelingssløringer kombineret med borgerspecifikke sløringer:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<bip:BlurringInstructions
xmlns:bip="urn:dk:healthcare:saml:blurring_instruction_profile:1.1"
currentSalt="5kZZLNQMNIkz1Y7tCDj3GQ==">
<bip:BlurEmployeeNamesFromOrg orgType="CVR" reason="specific_for_person">
<!-- Slør for alle medarbejdere i Reg. Midt, CVR kode -->
29190925
</bip:BlurEmployeeNamesFromOrg>
<bip:BlurEmployeeNamesFromOrg orgType="SOR" reason="specific_department">
<!-- Retspsykiatrien Glostrup, SOR kode -->
536331000016003
</bip:BlurEmployeeNamesFromOrg>
<bip:BlurEmployeeNamesFromOrg orgType="SHAK" reason="specific_department">
<!-- Retspsykiatrien Glostrup, SHAK kode -->
1500P1V
</bip:BlurEmployeeNamesFromOrg>
</bip:BlurringInstructions> |