Page History
...
| Medarbejderomveksling | |
|---|---|
| /sts/services/Sosi2OIOSaml | Omveksler SOSI Idkort til OIO Saml sikkerhedsbillet rettet mod et specifikt audience, f.eks. sundhed.dk.Bemærk, at det SOSI Idkort, der veksles, skal være udstedt af /sts/services |
| /NewSecurityTokenService/sts/services/OIOSaml2Sosi | Omveksler OIO Saml sikkerhedsbillet til SOSI Idkort. Bemærk, at den OIO Saml sikkerhedsbillet, der veksles, skal være signeret af troværdig tredjepart tredjepart (NemLogin). Tokenprofilen for denne snitflade er OIOSAML 2.0. |
| /sts/services/BST2SOSI | Omveksler OIO Saml bootstrap-token til SOSI Idkort. Typen af bootstrap-token kan enten være OIO3, OIOH3 eller OIOH2. Bemærk, at bootstrap token skal være signeret af troværdig tredjepart: Lokal IdP, SEB eller IdP Bemærk, at en NSIS godkendt lokal IdP udsteder bootstrap-tokens af typen OIOH3, SEB IdP udsteder bootstrap-tokens af typen OIOH2 og NemLog-in STS (kommer til at) udstede bootstrap-tokens af typen OIO3 |
Fælles for alle snitflader er, at STS validerer signaturen sikkerhedsbilletten, der er en del af forespørgslen.
...
- Medarbejderens CPR-nummer skal enten være angivet i forespørgslen som et claim eller kunne bestemmes ud fra OIOSAML tokenet.
- Hvis CPR nummeret er claimet i requestet, så vil STS validere dette enten udfra RID i certifikatet vha OCES RID-CPR valideringsservicen eller udfra medarbejder uuid vha UUID2CPR servicen.
- Hvis CPR nummeret er claimet i requestet, så vil STS validere dette enten udfra RID i certifikatet vha OCES RID-CPR valideringsservicen eller udfra medarbejder uuid vha UUID2CPR servicen.
- Hvis der ønskes en specifik autorisation eller national rolle skal disse være claimet i forespørgslen:
- Autorisationsnummeret
- skal enten være claimet i forespørgslen eller kunne bestemmes entydigt (ud fra CPR-nummer og autorisationsregister/SEB-register/indlejret role liste).
- Uddannelseskoden kan angives ifm OIOSaml2Sosi billetomveksling men ikke ved brug af BST2SOSI, her udelades den af Autorisationsnummeret
- National rolle skal være angivet i requested, og kan verificeres af flere autoriteter. Se nedstående figur for hvordan verifikation udføres på et overordnet niveau.
- Det er ikke tilladt at claime både et Autorisationsnummer og en National rolle i samme omveksling.
- It-system-navn skal være claimet i forespørgslen da dette ikke indgår i et OIO SAML (NemLogin eller bootstrap) token.
- Herudover kan man vælge at medsende brugerens fornavn/efternavn i claims, idet fornavnet ikke kan bestemmes ud fra en OIO SAML sikkerhedsbillet.
...
| Gliffy Diagram | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Service Endpoints
Afhængig af miljø udstilles tjenesten på:
...
Veksling fra OIO SAML sikkerhedsbillet til SOSI Idkort
Bruger OIOSAML 2.0 token profil.
Selve requestet til STS ser således ud:
...
Veksling fra OIO Saml bootstrap token til SOSI Idkort
OIOH3 -
...
med forklarende kommentarer
Request med bootstrap token (ikke krypteret). I requested er der forklarende kommentarer:, som bl.a. dækker autorisation, som f.eks. national rolle. Det vil typisk være en NSIS godkendt lokal IdP som udsteder bootstrap tokens af typen OIOH3.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-04-25T13:07:29Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>lGvzBVzl7WzsufSyZd2p4Uzmv0g=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>5Y0245bPPKhpaA0t6eNN82eTfa4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>lcyJytnBavbAuifHyg2R0FmCNQ8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>tFrQgmojFSw5x0FYM4f9F1/WXrrF/BhY+jXYif7/mfJ5V4Xk2cSC/+Rw7/jA9O3SnPxgZCdq/abqft3ohMC9FiTEKgMMJYbtsjVkvJ5mb+lYIkCi44wF90S/JIJIxuVJK6kJ7GxoRvnTsUkoHxl/6nvWekZrd4LOoQ9gkCU0SsLBWS8NgrtroEVHWO+KVjI+4Q19/YsgPQPMPEAMg1m2brEvm0X+bHQiLROpMeeSlMouIKxaSHiprgzN8iooXfDv6i+CJnXNFvHlXBOWbGz6xPPHzPZekpl3EBjnKdkCozxbY5KcFWQlsLBDJr1/TXFDMCPfY3TSFSmbC70dB9a4mTeaGLB7kdQeZ5mLI31gttjct97BKs3UXxXH84iZvUNHQjyb+HlB/r6uloX8HtpyO7FM9esmoKdnDUksbpamPVmkJa/opK7vNz45V14WMRQphE9IVzQ9ANm753Zc7zC7l++mte8v9IKCx4pN9hP1XSTQkd9pKb0P72e44tGF4zlV</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<!-- Certifikat som har signeret beskeden (body og relevante headere)- skal matche Holder-of-Key certifikatet i bootstraptokenet -->
<ds:X509Certificate>MIIGzzCCBQOgAwIBAgIUVzhJs6+g8hDl/qjLoEg6wfhHE18wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAyMTAxMDEzNDZaFw0yNTAyMDkxMDEzNDVaMIHFMRgwFgYDVQQDDA9UaG9ybXVuZCBOaXNzZW4xETAPBgNVBCoMCFRob3JtdW5kMQ8wDQYDVQQEDAZOaXNzZW4xNzA1BgNVBAUTLlVJOkRLLUU6RzozYzU2MzE4Ni03YTgzLTRiYjUtYWIxMS05MThhMWQzMDI2YTIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk5OTAwNDk5MRcwFQYDVQRhDA5OVFJESy05OTkwMDQ5OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXI9rlAtYBr9L6g30LJuzIlI9PY5zYhuJdOE2bl266nkPK5650gVrjXc6Hwwt2JoLKwsG5/LlkAMBldvSTvPQOdDbYI7+nZ4PZS90hHy6UFZbUBIANZTfooC9X2H5L8gjgn5ZjNyVe4CcJR8Y03XSkW3yiC7pMKn4Pn2dh0TtLhMpgSuj/rPKmmErNIWrC5A7RLCwDw0P60kQR8ngpeElDne0Y+w2+UgeeUskqCdT8imY+87aJ6HrTOA6wSKjRCGkcVCPNoCZ7vFviKMCT0yhtfUjYG+6lpsKI9Pbm0SEwOrDaI1qihC8tv9kDl/nCkmgQLmzsXAdE33YLZutz7nHDgvytJalzV1saSxxqp1WzVE4PlxBMgol9wVYv0UyWkPul6gyqVt8fv3EW6uoupDKjakFKDRNXrhEKGbJLVpFNK9S5TsW0qJ78Fo4j6jNj2QmwqhXjyLRcT5UVSa9uCLERNs84WrWtxlJZsuNkmged+j6Tf9ea0y1HhpKg1D2GV7ECAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAeBgNVHREEFzAVgRN0ZXN0QGt2YWxpdGV0c2l0LmRrMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAgcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQEwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFLIS2XtHEbhCDr9jENV2OdwpCBHvMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAB4wdMt68NiF7ksnq0fnszSEF0Ss6qC6t4/5tbytfhEu2OIVp0jTmdDUKtjiSAji03eV43Si8p/F5zOXZ5guk5CMXmOuFFqdQnJcGXijUknvXtcm/ol3HF7Wd7nUdvjGmh017utIrKEeGbhKtiT2rH5TIALoVTQfyaVvZieWpkVZkEVhKASY92zzbdH19JL0yiTBwIxD33VH9cHYGn6fB1i84G1HVb2ggcvz7o3fKllgEy40iF/KDyIhuOlrhE0P6Q8uToiBYY3/mNXHX4nF4jbBN/GUc5VtR1EnmeKr1XtzujbIJTpWmrWpzkOkxwIkOIVjxER1LziB4JyEH8/CkFuF4XHYOHEkOhy7mdpWNEfUY1yHf0zK01QQRsN0KrZXunYyeBU0ouNPvNacL257FR1fhlm2a2BYLveKZbtZaiostL4jdNHRHGHMIQWRsfXAybf3oN+X7E+jDlA4k/BYQEPVlT2PgiQbTo4wtrIyeI14/Mah9SElmJCzs1UPbTgFlQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:de9ad9d5-ad35-4d46-8585-8b05469bc686</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:a8299058-f331-4d69-87d0-9c5385207326">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<!-- Bootstraptoken -->
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_b2748ff2-631b-43f2-93ce-f77052beb1bf" IssueInstant="2022-04-25T13:07:29Z" Version="2.0">
<!-- Udstederen af bootstraptokenet -->
<saml:Issuer>https://oioh3bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_b2748ff2-631b-43f2-93ce-f77052beb1bf">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8ZD4sPqgIZ35Stk4UBu+EQ58o+k+gbDJSqAc5j3Whow=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>dYxTHjUpuPPusGOrNCeS4Tdk1Sam5/QWCvYve8bhdNZbu+/EEd1RI3FnGnn5cO9ZHBaRehXoFRRt0Tpc5/Hpj+S94nVX7HpLNg9UZBnu95UDtd5EXVeJ7/67jVI4pHlQ6jWCWJizUQbU/W/oLNLKA/rDLlDRk4UKRfTcNgqGCpG0b208ZFOLJe4kktsH8E420G+3ysgocK6BjaLHV8yQw10FMc+YXWJD6ysDN4Nupd4vQkFrk3K7aLZJT+PyEZUYrX/dgCebeDtR9KpRrlH9ScIo32UpVWom0uSX6Bt59pDEnP4Lyzuu8UDYDQZonkn3WL4h4gIEupdVT2DzC0cKzl1w0hVumEc0q9zyZ+mHqDtG2OdseqbY9shGRPH/MzYUZjirDtpDlkZmmIV0lbGVx+A6ydqOxY8ql0kQzDg2+r50UjRvDM7PRc4/LqUGLCpR5UPrhmBUgoAAaBbhoaucbibeYiFq+lFr/QEtLrP0OitZEEoie2XX0AF59q3cWxUy</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<!-- Certifikat som har signeret bootstraptokenet (udstederen) -->
<ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<!-- NameID indeholder en i organisationen unik ID for erhvervspersonen - kunne også sættes til erhvervspersonens global unikke ID, som tildelt i den fællesoffentlige erhvervsadministration -->
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">KorsbaekKommune\MSK</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<!-- Holder-of-key certifikatet - dvs. certifikat for det system/SOSI-STS-klient som kan veksle bootstraptokenet til et SOSI-idkort -->
<ds:X509Certificate>MIIGzzCCBQOgAwIBAgIUVzhJs6+g8hDl/qjLoEg6wfhHE18wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAyMTAxMDEzNDZaFw0yNTAyMDkxMDEzNDVaMIHFMRgwFgYDVQQDDA9UaG9ybXVuZCBOaXNzZW4xETAPBgNVBCoMCFRob3JtdW5kMQ8wDQYDVQQEDAZOaXNzZW4xNzA1BgNVBAUTLlVJOkRLLUU6RzozYzU2MzE4Ni03YTgzLTRiYjUtYWIxMS05MThhMWQzMDI2YTIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk5OTAwNDk5MRcwFQYDVQRhDA5OVFJESy05OTkwMDQ5OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXI9rlAtYBr9L6g30LJuzIlI9PY5zYhuJdOE2bl266nkPK5650gVrjXc6Hwwt2JoLKwsG5/LlkAMBldvSTvPQOdDbYI7+nZ4PZS90hHy6UFZbUBIANZTfooC9X2H5L8gjgn5ZjNyVe4CcJR8Y03XSkW3yiC7pMKn4Pn2dh0TtLhMpgSuj/rPKmmErNIWrC5A7RLCwDw0P60kQR8ngpeElDne0Y+w2+UgeeUskqCdT8imY+87aJ6HrTOA6wSKjRCGkcVCPNoCZ7vFviKMCT0yhtfUjYG+6lpsKI9Pbm0SEwOrDaI1qihC8tv9kDl/nCkmgQLmzsXAdE33YLZutz7nHDgvytJalzV1saSxxqp1WzVE4PlxBMgol9wVYv0UyWkPul6gyqVt8fv3EW6uoupDKjakFKDRNXrhEKGbJLVpFNK9S5TsW0qJ78Fo4j6jNj2QmwqhXjyLRcT5UVSa9uCLERNs84WrWtxlJZsuNkmged+j6Tf9ea0y1HhpKg1D2GV7ECAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAeBgNVHREEFzAVgRN0ZXN0QGt2YWxpdGV0c2l0LmRrMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAgcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQEwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFLIS2XtHEbhCDr9jENV2OdwpCBHvMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAB4wdMt68NiF7ksnq0fnszSEF0Ss6qC6t4/5tbytfhEu2OIVp0jTmdDUKtjiSAji03eV43Si8p/F5zOXZ5guk5CMXmOuFFqdQnJcGXijUknvXtcm/ol3HF7Wd7nUdvjGmh017utIrKEeGbhKtiT2rH5TIALoVTQfyaVvZieWpkVZkEVhKASY92zzbdH19JL0yiTBwIxD33VH9cHYGn6fB1i84G1HVb2ggcvz7o3fKllgEy40iF/KDyIhuOlrhE0P6Q8uToiBYY3/mNXHX4nF4jbBN/GUc5VtR1EnmeKr1XtzujbIJTpWmrWpzkOkxwIkOIVjxER1LziB4JyEH8/CkFuF4XHYOHEkOhy7mdpWNEfUY1yHf0zK01QQRsN0KrZXunYyeBU0ouNPvNacL257FR1fhlm2a2BYLveKZbtZaiostL4jdNHRHGHMIQWRsfXAybf3oN+X7E+jDlA4k/BYQEPVlT2PgiQbTo4wtrIyeI14/Mah9SElmJCzs1UPbTgFlQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2022-04-25T15:07:29Z">
<saml:AudienceRestriction>
<!-- Aftageren som må omveksle dette bootstraptoken (her SOSI-STS'en) -->
<saml:Audience>https://sts.sosi.dk/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<!-- Angivelse af profil og version (konstanten 'OIO-SAML-3.0') -->
<saml:Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue>
</saml:Attribute>
<!-- Mere specifik angivelse af profil og version (kun for OIOH3BST) -->
<saml:Attribute Name="https://healthcare.data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">OIO-SAML-H-3.0</saml:AttributeValue>
</saml:Attribute>
<!-- Sikringsniveau udtrykt efter NSIS -->
<saml:Attribute Name="https://data.gov.dk/concept/core/nsis/loa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">High</saml:AttributeValue>
</saml:Attribute>
<!-- Ervhvervspersonens global unikke ID, som tildelt i den fællesoffentlige erhvervsadministration -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">urn:uuid:433bf619-e571-4184-87cc-f8ea00d6ad19</saml:AttributeValue>
</saml:Attribute>
<!-- Organisationens CVR nummer (her Korsbæk Kommunes) -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/cvr" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue>
</saml:Attribute>
<!-- Organisationens navn (her Korsbæk Kommune) -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/orgName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<!-- Attribut som er påkrævet i SOSI idkortet og angives angives her som claim -->
<auth:ClaimType Uri="medcom:ITSystemName">
<auth:Value>Korsbæk Kommunes IT systemer</auth:Value>
</auth:ClaimType>
<!-- Frivillige attributter som kan anvendes fx til valg af sundhedsfaglig autorisation (eller 'national rolle') -->
<auth:ClaimType Uri="medcom:UserAuthorizationCode">
<!-- Autorisationskode -->
<auth:Value>007NX</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="medcom:UserRole1UserRole">
<!-- National rolle -->
<auth:Value>urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="sosi:SubjectNameID">
<auth:Value>Mads_Skjern</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-04-25T13:07:30Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3kNpWaBaibVYCwc4SGPJwVAVrT8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>o6uj52yeWQB5D0HQQFxqv+T8RHM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>1z169hod/5XrM90vXA4jxO2fw0Y=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>EsmQlfzPgRhsoWZOMyJTHjCoiq4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>UpGxNQjzEvHYCZ7gPrpgoNYHw3ObIxJY0oTR7T0qf7I+0ZAYqSE3terJue26nHMJiQkmFAGemsdaIDsktf6oBikOzDC1Q9QAtqwlQ+uT13zq0Gz143he1GlixfORSJLiPMe5RSvRpYRFdyOIqgCviR5cvBm19N4zGJlLlxWt0LTsCg4Wv7zTNsuiUVxdvwAlJc8mWqvi8a97XOdEGw9GlfSNRBFMc7A41ZHjOfLfCN3kltVVhN/LSeRu2kXGVXOHcBfWeak7PkClpTc1YAusR+7Z35XR0bCCkiEf5gd+wFOeGfw+CoRUrEFnutJ/1PlmadUCr6x+MXjb+vxZOn2+jA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:d7ed6507-ffa5-4c4e-b0b0-d8a8bb813a86</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:de9ad9d5-ad35-4d46-8585-8b05469bc686</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:a8299058-f331-4d69-87d0-9c5385207326">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<!-- SOSI idkortet -->
<saml:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2022-04-25T13:02:30Z" Version="2.0" id="IDCard">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">Mads_Skjern</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2022-04-25T13:02:30Z" NotOnOrAfter="2022-04-26T13:02:30Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>F6beeSEVLsnAyrNsPsURhQ==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>0202024300</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>NSTSSenAtre</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Jensen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>007NX</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Korsbæk Kommunes IT systemer</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>euQ6vweNw8xZnluK10sTv06gses=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>O4Jx3vk1WX7GQdA+kN6+SanG2DhB7USm1HyL08OLwJ7QE7kqu0IVt42FpDu4vK4lxNbQGz2GsbmyNKu3dm5CabRU12Z9Ny2gmrBY3CwgYpGczPWl/RQa9tWK8Jb0iBp5wXwC7GvCeA72jJQz+kpt429vppCEkl70OKukUjllei/kcZUieNWqduHlBdyMnsafMY1K+2/Qhd/yU/GUF4DpqwQqoXd+s/GTqf+nlCVWvOLPto1j+HAMI/zQ7wtAYa9p4oJA6U8yW46PRA9WcNJJHCzuZIARpLZLpjHNg0UeYuEQeDnsYA8b3VqoprcbbByXrJ21mYQ74YdcwUaTfSOv2A==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2022-04-25T13:02:30Z</wsu:Created>
<wsu:Expires>2022-04-26T13:02:30Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
OIO3
Her vises rå et OIO3 request uden forklarende kommentarer. Kommentarerne for OIOH3 gælder dog også her., da kommentarerne i OIOH3-eksemplet også gælder her. Det er NemLog-in STS som (når den er klar) kommer til at udstede bootstrap tokens af typen OIO3.
Request
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T11:59:45Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xL3Zq/w4SnARv1+9WJKORaXkol4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>XZr9YfkelJBdDBlrjmE8vD9TYgw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>sErKM6Sc6OEZq8xftCjVFLc49lc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>JuGLzQ1IfOcxxKwgt8bufiW0rLMwpry5JbAdRYfvaFajtxehccOwlZ9+C8kyKSMqzETAj4t9blA731peoTGgC1yfg4yECp/oa3WYJg7PTRJZgcKj5iRgoOn0i0AfzaJG81zPP1G5yCw0YzBNS2wAByk6Mi5Qk3DAIs3XxCTeZ0tLi5UdfREcOvuYvbHuZwv77mL89IlYosVTzsR2MQvXerZQdvymu6xHOzaHeTrnHple33X7hIpoGKKkqrInU3F+4cWQ9+8seIsBWlMcnyP1a7q7ZWeA2aspuRLH961YMO2ErPWOrt8nFJ7Bj7+2W2gPQXS1tgbOalyrxHSiBuD2ZWUKe+hohD1oR2ryJin81sRHDr8Gp4gCIMEbJwkQMfzWmjg8R2XkEAaWVqIZZD8gk/p5hiBjsZCcGLa2aORAYFMBEss8v4qIfevcvKEQT5XZ3luFhbcPFA6eetkOmqDQmdi2eO+rlZJrpAcgAU/EeiV0RRWLWIhYbgDAHhE5aBTJ</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:f6af72b5-652e-40d5-a8ff-ed0116c3d114</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:e420f22e-9233-4b51-973a-9008528169a7">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_59c5a991-78de-4cf4-bd6e-18dafe651c38" IssueInstant="2022-12-29T11:59:45Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://oio3bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_59c5a991-78de-4cf4-bd6e-18dafe651c38">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>YybMZF4egRrjzA5rv2exzR5UI6/nRJbFcYPRpIuuSJw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>s3fIhmAu56NXkUZ5d2Wit8Us4zJ2q9Rx7USBTszXT7cYp4tZ3p7pCHTz4/OuOXaZ7qO7eXd7UQST8wNWbsd6UUD0glsB5AI+yZN07l5cCGbjVBy9yJa0leE4EkCM+cER10DTUKswZHy2zTxgjEdNSPRlnBtq4ArrfpoFz5jRTpekBhZhaVEV2oO3QC+7JhDjzidaOHQqkAYC6LJf54fG5NaqoxW0UKCcW/JSBddGqK+ctvhUOBHAbS1Uq8vyY1xRhB9XU+REQa6jeYyJU3MogOGDhsyIbYGzutawhAoT4EYp2J4AYPitWZ2JJ1bR+oVHnDTsCYg5djSQUMUoMO+eLrFsFI8C/D70k5g747nIC3c+tsjNLgHPI9hYRfQ8a7fC5R2r/2bkQPCJZ9rGJZrl2bQqGbfeBtMX8NKCqF6UXUFiZXZa2IzCA1TdjaejqzNoMGirGwOHfovwsExBf5zkD/OQOj+O/GmSpTEjSH/QauAolQ/ne5jdpWaezg3VE5ST</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">KorsbaekKommune\MSK</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2022-12-29T13:59:45Z">
<saml:AudienceRestriction>
<saml:Audience>https://sts.sosi.dk/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">2634ccc3-225a-44ee-94bc-565904f46ead</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/cvr" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/orgName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/cprNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">2501879875</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<auth:ClaimType Uri="medcom:ITSystemName">
<auth:Value>Korsbæk Kommunes IT systemer</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="medcom:UserAuthorizationCode">
<auth:Value>008NX</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="sosi:SubjectNameID">
<auth:Value>Mads_Skjern</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T11:59:45Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>YQBhieWz6ef3lQskTQGP9ptGB0c=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>XZr9YfkelJBdDBlrjmE8vD9TYgw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>vU63bukwsLeIWlq0IUzLmo80wEY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>vyq5ovfxPeAfSBJN16o9PVbAp3o=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>EM1CEGVmO5/ErUtyGS/gcYQixVUeDidJHx1ExnTbfK5Ib2c4MAl9lkLpQIFuVvNHLlHk2h6P1XpiuhZ+tgcfCM5nA7aQAlrt7lgt3GGTsnOUI8xgyZcYVGcZDdvNOieX+kW2kBurruVYZ+My1cmiWzneZwt3cqNXMU9Zn+T93JZ+WumjS2w0srt83bs8xicQ5ehLNDCRNrgoOc5qIckXx5uLSaKYX6LmT6ibhWsInSEjYIUK/Ae+CwAmkBPPkO4U//83VRjSjIQy4/l/4ucQa79ruKoAh84lrKyynpWDYyUIYP70fIXAQRnsAiN5RLe2+QqfwMLAj94PXM37z7KRDQ==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:cd73009a-507f-4b26-955d-7b5a8575b784</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:f6af72b5-652e-40d5-a8ff-ed0116c3d114</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:e420f22e-9233-4b51-973a-9008528169a7">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion IssueInstant="2022-12-29T11:54:45Z" Version="2.0" id="IDCard" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">Mads_Skjern</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2022-12-29T11:54:45Z" NotOnOrAfter="2022-12-30T11:54:45Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>NP16iFJQmjBi1Wzdqg5HOQ==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>2501879875</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Thorgot</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Friis</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>008NX</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Korsbæk Kommunes IT systemer</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>2YDORON64rrH3ZzsbWP6zXpLybg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>B4YLlyZwrULzQx7aQSiUBtO1/d9juA/NlCdk+GkAkTmU95Xh7UPsz07PpHlUS4VRbjZdvjzsj4CCF+bkbjTNzbicv7MLNkll/ooS3HuToTm0HZ0aRugUKPYMwW76huPqLq9odftNba+UYxdg9dC9ItU0TKGADUQIRCv/j+NxDwhI4AFTzKMByC1P9vsNRX8DafsKAtv/A6LOkwqDQdUho+SbGhBXxQ8k3SwtGVQ7N8PdQBK75e/Mm0IGFPTCVnSU7roLudm7mMNpl+5mQ00uJhN63OOqhP1D2S8RqdnTRkqTYQDhjYwtwgomlBiITOGBhqseD77zjbzm+FNZKt8qoA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2022-12-29T11:54:45Z</wsu:Created>
<wsu:Expires>2022-12-30T11:54:45Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
OIOH2
Her vises rå et OIOH2 request uden forklarende kommentarer. Kommentarerne for OIOH3 gælder dog også her, da kommentarerne i OIOH3-eksemplet også gælder her. Bootstrap tokens af typen OIOH2 indeholder et NIST assurancelevel og anvendes af token udstedere som endnu ikke er kommet over på NSIS standarden, som fx SEB IdP.
Request
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T12:07:43Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>8NA4xC8PxXNuy2aTPEIGrpvpjPs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>QocdLJWB/HX3wPD2kmYESEUlMR0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Vh7mIeKr19P3YH0x4PUNBHoOWvo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NCmQmpXaujpcNsai3f6lIWdK/owgGg6PJa6lNZUWxjbSOB0EoiXfqSNpzRe/kEvQPYRDxtdmq6prf78Yw8kcfolr4OVNm9uzszLFVr2MJuIRrSBWkCAX+klqURj5BWNIdRi4VTviFP0I8uMh/ecAaqb0AXwh31bzxeoagsJyTHLM0Rsizwa0Qp+ETsz9qJT8DNyhg+4DLgLr6qZBv2Uxw60itXxj1dFuJ6EwaJ2X01p7NbXgmAv/OM0lP9vg2XFMOwt1j7iE8CTE2lywBXxmVdLEd/v3lIHrO6uFxCWbYvasggkeCJyaVDedCaZ2VybwvHHptN2g768leO+2Oqki4t+Ou76no+6iGLpsxOXA6mXPYufRPF0M5RnviVeQa7KlZ0Vur80DS1y3z55yGoTVQRDNLxQfv0bD8nRj7kDfQjHrFJ/3L6CvdUc9e2klwc069isjqt4ze8eLBwCzqj9ZQqkI1UPBXcrlt5ogfWT0ppoK/G8pfbxx7+j5+4P0zUQp</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:92683d66-9627-4d65-b1de-fb5a740946a7</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:0c735390-d00c-4dc7-ba38-4536bb72ed59">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_af57c648-13ca-474b-9977-a61f3b82021c" IssueInstant="2022-12-29T12:07:43Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://oioh2bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_af57c648-13ca-474b-9977-a61f3b82021c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>a6U7fEn0zWmYTTysCVmkz80I+LL9mxWf8aIF2VhgEb0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Btx1nz3FM0hblXQEiOoamAo4yUR/tk+cvrzVwyEef960SM0+vD+eFL+GPWfy074Iy0e2lcK8XoIaMQEuStIKtFW0Rj0JIak0J9OeHXVCItZPDn7YlTPV5CYklnmpVL2cp+9NcKzyqKae2hoEX1SuqWgGACbmpcGByqUWCs8G884WEeRyZANxfynnQB7fbjp7UAAmicumErsXAivc4KRzSGN14ioiUFGkZLkx72tmC3zuazSwDVRdNJf1aigYc8r/KuKGMdc+TeaebEcVX45LcvLyWwo4jDank3BB+5c7RLKv0FAa+nYacktQyVGPIORpm1mWZaPxmmAd7Iou470QvKbciBf0V1wwrvJgGFBKbXmnrg59OQcQGu4WA1gMYSg+bUuusnpi8JdhJx+Bs51N+EF7m3m6PuFZd0RdKQjmXH7eUxzOgc9WTxUsPHObqVcefPVOId7t8c4oQxk7Zm4CmgKwAPN2Obu6bejJOKTjF83ENtEHQcFgMqxJ1shqtVZu</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">KorsbaekKommune\MSK</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2022-12-29T14:07:43Z">
<saml:AudienceRestriction>
<saml:Audience>https://sts.sosi.dk/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">2634ccc3-225a-44ee-94bc-565904f46ead</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CvrNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">2501879875</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<auth:ClaimType Uri="medcom:ITSystemName">
<auth:Value>Korsbæk Kommunes IT systemer</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="medcom:UserAuthorizationCode">
<auth:Value>008NX</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="sosi:SubjectNameID">
<auth:Value>Mads_Skjern</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
...