Page History
...
| Medarbejderomveksling | |
|---|---|
| /sts/services/Sosi2OIOSaml | Omveksler SOSI Idkort til OIO Saml sikkerhedsbillet rettet mod et specifikt audience, f.eks. sundhed.dk. |
| /sts/services/OIOSaml2Sosi | Omveksler OIO Saml sikkerhedsbillet til SOSI Idkort. Bemærk, at den OIO Saml sikkerhedsbillet, der veksles, skal være signeret af troværdig tredjepart (NemLogin). Tokenprofilen for denne snitflade er OIOSAML 2.0. |
| /sts/services/BST2SOSI | Omveksler OIO Saml bootstrap-token til SOSI Idkort. Typen af bootstrap-token kan enten være OIO3, OIOH3 eller OIOH2. Bemærk, at bootstrap token skal være signeret af troværdig tredjepart: Lokal IdP, SEB IdP eller NemLog-in STSIdP Bemærk, at en NSIS godkendt lokal IdP udsteder bootstrap-tokens af typen OIOH3, SEB IdP udsteder bootstrap-tokens af typen OIOH2 og NemLog-in STS (kommer til at) udstede bootstrap-tokens af typen OIO3 |
...
- Medarbejderens CPR-nummer skal enten være angivet i forespørgslen som et claim eller kunne bestemmes ud fra OIOSAML tokenet.
- Hvis CPR nummeret er claimet i requestet, så vil STS validere dette enten udfra RID i certifikatet vha OCES RID-CPR valideringsservicen eller udfra medarbejder uuid vha UUID2CPR servicen.
- Hvis CPR nummeret er claimet i requestet, så vil STS validere dette enten udfra RID i certifikatet vha OCES RID-CPR valideringsservicen eller udfra medarbejder uuid vha UUID2CPR servicen.
- Hvis der ønskes en specifik autorisation eller national rolle skal disse være claimet i forespørgslen:
- Autorisationsnummeret
- skal enten være claimet i forespørgslen eller kunne bestemmes entydigt (ud fra CPR-nummer og autorisationsregister/SEB-register/indlejret role liste).
- Uddannelseskoden kan angives ifm OIOSaml2Sosi billetomveksling men ikke ved brug af BST2SOSI, her udelades den af Autorisationsnummeret
- National rolle skal være angivet i requested, og kan verificeres af flere autoriteter. Se nedstående figur for hvordan verifikation udføres på et overordnet niveau.
- Det er ikke tilladt at claime både et Autorisationsnummer og en National rolle i samme omveksling.
- It-system-navn skal være claimet i forespørgslen da dette ikke indgår i et OIO SAML (NemLogin eller bootstrap) token.
- Herudover kan man vælge at medsende brugerens fornavn/efternavn i claims, idet fornavnet ikke kan bestemmes ud fra en OIO SAML sikkerhedsbillet.
...
| Gliffy Diagram | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Service Endpoints
Afhængig af miljø udstilles tjenesten på:
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-04-25T13:07:29Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>lGvzBVzl7WzsufSyZd2p4Uzmv0g=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>5Y0245bPPKhpaA0t6eNN82eTfa4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>lcyJytnBavbAuifHyg2R0FmCNQ8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>tFrQgmojFSw5x0FYM4f9F1/WXrrF/BhY+jXYif7/mfJ5V4Xk2cSC/+Rw7/jA9O3SnPxgZCdq/abqft3ohMC9FiTEKgMMJYbtsjVkvJ5mb+lYIkCi44wF90S/JIJIxuVJK6kJ7GxoRvnTsUkoHxl/6nvWekZrd4LOoQ9gkCU0SsLBWS8NgrtroEVHWO+KVjI+4Q19/YsgPQPMPEAMg1m2brEvm0X+bHQiLROpMeeSlMouIKxaSHiprgzN8iooXfDv6i+CJnXNFvHlXBOWbGz6xPPHzPZekpl3EBjnKdkCozxbY5KcFWQlsLBDJr1/TXFDMCPfY3TSFSmbC70dB9a4mTeaGLB7kdQeZ5mLI31gttjct97BKs3UXxXH84iZvUNHQjyb+HlB/r6uloX8HtpyO7FM9esmoKdnDUksbpamPVmkJa/opK7vNz45V14WMRQphE9IVzQ9ANm753Zc7zC7l++mte8v9IKCx4pN9hP1XSTQkd9pKb0P72e44tGF4zlV</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<!-- Certifikat som har signeret beskeden (body og relevante headere)- skal matche Holder-of-Key certifikatet i bootstraptokenet -->
<ds:X509Certificate>MIIGzzCCBQOgAwIBAgIUVzhJs6+g8hDl/qjLoEg6wfhHE18wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAyMTAxMDEzNDZaFw0yNTAyMDkxMDEzNDVaMIHFMRgwFgYDVQQDDA9UaG9ybXVuZCBOaXNzZW4xETAPBgNVBCoMCFRob3JtdW5kMQ8wDQYDVQQEDAZOaXNzZW4xNzA1BgNVBAUTLlVJOkRLLUU6RzozYzU2MzE4Ni03YTgzLTRiYjUtYWIxMS05MThhMWQzMDI2YTIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk5OTAwNDk5MRcwFQYDVQRhDA5OVFJESy05OTkwMDQ5OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXI9rlAtYBr9L6g30LJuzIlI9PY5zYhuJdOE2bl266nkPK5650gVrjXc6Hwwt2JoLKwsG5/LlkAMBldvSTvPQOdDbYI7+nZ4PZS90hHy6UFZbUBIANZTfooC9X2H5L8gjgn5ZjNyVe4CcJR8Y03XSkW3yiC7pMKn4Pn2dh0TtLhMpgSuj/rPKmmErNIWrC5A7RLCwDw0P60kQR8ngpeElDne0Y+w2+UgeeUskqCdT8imY+87aJ6HrTOA6wSKjRCGkcVCPNoCZ7vFviKMCT0yhtfUjYG+6lpsKI9Pbm0SEwOrDaI1qihC8tv9kDl/nCkmgQLmzsXAdE33YLZutz7nHDgvytJalzV1saSxxqp1WzVE4PlxBMgol9wVYv0UyWkPul6gyqVt8fv3EW6uoupDKjakFKDRNXrhEKGbJLVpFNK9S5TsW0qJ78Fo4j6jNj2QmwqhXjyLRcT5UVSa9uCLERNs84WrWtxlJZsuNkmged+j6Tf9ea0y1HhpKg1D2GV7ECAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAeBgNVHREEFzAVgRN0ZXN0QGt2YWxpdGV0c2l0LmRrMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAgcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQEwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFLIS2XtHEbhCDr9jENV2OdwpCBHvMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAB4wdMt68NiF7ksnq0fnszSEF0Ss6qC6t4/5tbytfhEu2OIVp0jTmdDUKtjiSAji03eV43Si8p/F5zOXZ5guk5CMXmOuFFqdQnJcGXijUknvXtcm/ol3HF7Wd7nUdvjGmh017utIrKEeGbhKtiT2rH5TIALoVTQfyaVvZieWpkVZkEVhKASY92zzbdH19JL0yiTBwIxD33VH9cHYGn6fB1i84G1HVb2ggcvz7o3fKllgEy40iF/KDyIhuOlrhE0P6Q8uToiBYY3/mNXHX4nF4jbBN/GUc5VtR1EnmeKr1XtzujbIJTpWmrWpzkOkxwIkOIVjxER1LziB4JyEH8/CkFuF4XHYOHEkOhy7mdpWNEfUY1yHf0zK01QQRsN0KrZXunYyeBU0ouNPvNacL257FR1fhlm2a2BYLveKZbtZaiostL4jdNHRHGHMIQWRsfXAybf3oN+X7E+jDlA4k/BYQEPVlT2PgiQbTo4wtrIyeI14/Mah9SElmJCzs1UPbTgFlQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:de9ad9d5-ad35-4d46-8585-8b05469bc686</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:a8299058-f331-4d69-87d0-9c5385207326">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<!-- Bootstraptoken -->
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_b2748ff2-631b-43f2-93ce-f77052beb1bf" IssueInstant="2022-04-25T13:07:29Z" Version="2.0">
<!-- Udstederen af bootstraptokenet -->
<saml:Issuer>https://oioh3bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_b2748ff2-631b-43f2-93ce-f77052beb1bf">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8ZD4sPqgIZ35Stk4UBu+EQ58o+k+gbDJSqAc5j3Whow=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>dYxTHjUpuPPusGOrNCeS4Tdk1Sam5/QWCvYve8bhdNZbu+/EEd1RI3FnGnn5cO9ZHBaRehXoFRRt0Tpc5/Hpj+S94nVX7HpLNg9UZBnu95UDtd5EXVeJ7/67jVI4pHlQ6jWCWJizUQbU/W/oLNLKA/rDLlDRk4UKRfTcNgqGCpG0b208ZFOLJe4kktsH8E420G+3ysgocK6BjaLHV8yQw10FMc+YXWJD6ysDN4Nupd4vQkFrk3K7aLZJT+PyEZUYrX/dgCebeDtR9KpRrlH9ScIo32UpVWom0uSX6Bt59pDEnP4Lyzuu8UDYDQZonkn3WL4h4gIEupdVT2DzC0cKzl1w0hVumEc0q9zyZ+mHqDtG2OdseqbY9shGRPH/MzYUZjirDtpDlkZmmIV0lbGVx+A6ydqOxY8ql0kQzDg2+r50UjRvDM7PRc4/LqUGLCpR5UPrhmBUgoAAaBbhoaucbibeYiFq+lFr/QEtLrP0OitZEEoie2XX0AF59q3cWxUy</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<!-- Certifikat som har signeret bootstraptokenet (udstederen) -->
<ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<!-- NameID indeholder en i organisationen unik ID for erhvervspersonen - kunne også sættes til erhvervspersonens global unikke ID, som tildelt i den fællesoffentlige erhvervsadministration -->
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">KorsbaekKommune\MSK</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<!-- Holder-of-key certifikatet - dvs. certifikat for det system/SOSI-STS-klient som kan veksle bootstraptokenet til et SOSI-idkort -->
<ds:X509Certificate>MIIGzzCCBQOgAwIBAgIUVzhJs6+g8hDl/qjLoEg6wfhHE18wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAyMTAxMDEzNDZaFw0yNTAyMDkxMDEzNDVaMIHFMRgwFgYDVQQDDA9UaG9ybXVuZCBOaXNzZW4xETAPBgNVBCoMCFRob3JtdW5kMQ8wDQYDVQQEDAZOaXNzZW4xNzA1BgNVBAUTLlVJOkRLLUU6RzozYzU2MzE4Ni03YTgzLTRiYjUtYWIxMS05MThhMWQzMDI2YTIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk5OTAwNDk5MRcwFQYDVQRhDA5OVFJESy05OTkwMDQ5OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXI9rlAtYBr9L6g30LJuzIlI9PY5zYhuJdOE2bl266nkPK5650gVrjXc6Hwwt2JoLKwsG5/LlkAMBldvSTvPQOdDbYI7+nZ4PZS90hHy6UFZbUBIANZTfooC9X2H5L8gjgn5ZjNyVe4CcJR8Y03XSkW3yiC7pMKn4Pn2dh0TtLhMpgSuj/rPKmmErNIWrC5A7RLCwDw0P60kQR8ngpeElDne0Y+w2+UgeeUskqCdT8imY+87aJ6HrTOA6wSKjRCGkcVCPNoCZ7vFviKMCT0yhtfUjYG+6lpsKI9Pbm0SEwOrDaI1qihC8tv9kDl/nCkmgQLmzsXAdE33YLZutz7nHDgvytJalzV1saSxxqp1WzVE4PlxBMgol9wVYv0UyWkPul6gyqVt8fv3EW6uoupDKjakFKDRNXrhEKGbJLVpFNK9S5TsW0qJ78Fo4j6jNj2QmwqhXjyLRcT5UVSa9uCLERNs84WrWtxlJZsuNkmged+j6Tf9ea0y1HhpKg1D2GV7ECAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAeBgNVHREEFzAVgRN0ZXN0QGt2YWxpdGV0c2l0LmRrMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAgcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQEwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFLIS2XtHEbhCDr9jENV2OdwpCBHvMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAB4wdMt68NiF7ksnq0fnszSEF0Ss6qC6t4/5tbytfhEu2OIVp0jTmdDUKtjiSAji03eV43Si8p/F5zOXZ5guk5CMXmOuFFqdQnJcGXijUknvXtcm/ol3HF7Wd7nUdvjGmh017utIrKEeGbhKtiT2rH5TIALoVTQfyaVvZieWpkVZkEVhKASY92zzbdH19JL0yiTBwIxD33VH9cHYGn6fB1i84G1HVb2ggcvz7o3fKllgEy40iF/KDyIhuOlrhE0P6Q8uToiBYY3/mNXHX4nF4jbBN/GUc5VtR1EnmeKr1XtzujbIJTpWmrWpzkOkxwIkOIVjxER1LziB4JyEH8/CkFuF4XHYOHEkOhy7mdpWNEfUY1yHf0zK01QQRsN0KrZXunYyeBU0ouNPvNacL257FR1fhlm2a2BYLveKZbtZaiostL4jdNHRHGHMIQWRsfXAybf3oN+X7E+jDlA4k/BYQEPVlT2PgiQbTo4wtrIyeI14/Mah9SElmJCzs1UPbTgFlQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2022-04-25T15:07:29Z">
<saml:AudienceRestriction>
<!-- Aftageren som må omveksle dette bootstraptoken (her SOSI-STS'en) -->
<saml:Audience>https://sts.sosi.dk/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<!-- Angivelse af profil og version (konstanten 'OIO-SAML-3.0') -->
<saml:Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue>
</saml:Attribute>
<!-- Mere specifik angivelse af profil og version (kun for OIOH3BST) -->
<saml:Attribute Name="https://healthcare.data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">OIO-SAML-H-3.0</saml:AttributeValue>
</saml:Attribute>
<!-- Sikringsniveau udtrykt efter NSIS -->
<saml:Attribute Name="https://data.gov.dk/concept/core/nsis/loa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">High</saml:AttributeValue>
</saml:Attribute>
<!-- Ervhvervspersonens global unikke ID, som tildelt i den fællesoffentlige erhvervsadministration -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">urn:uuid:433bf619-e571-4184-87cc-f8ea00d6ad19</saml:AttributeValue>
</saml:Attribute>
<!-- Organisationens CVR nummer (her Korsbæk Kommunes) -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/cvr" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue>
</saml:Attribute>
<!-- Organisationens navn (her Korsbæk Kommune) -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/orgName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<!-- Attribut som er påkrævet i SOSI idkortet og angives angives her som claim -->
<auth:ClaimType Uri="medcom:ITSystemName">
<auth:Value>Korsbæk Kommunes IT systemer</auth:Value>
</auth:ClaimType>
<!-- Frivillige attributter som kan anvendes fx til valg af sundhedsfaglig autorisation (eller 'national rolle') -->
<auth:ClaimType Uri="medcom:UserAuthorizationCode">
<!-- Autorisationskode -->
<auth:Value>007NX</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="medcom:UserRole1UserRole">
<!-- National rolle -->
<auth:Value>urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="sosi:SubjectNameID">
<auth:Value>Mads_Skjern</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
...