Page History
| Navitabs | ||||
|---|---|---|---|---|
| ||||
Indledning
Omveksler et eHDSI IDWS IDWS XUA Bootstrap token Token (DKNCPBST) udsted af "Danish National Contact Point" til et eHDSI IDWS XUA Identity Token (IDWS-eHDSI)
Bemærk, at den Et eHDSI IDWS XUA Saml sikkerhedsbillet, der veksles fra, skal være signeret af troværdig tredjepart
I det følgende vises nogle stykker kode der viser hvordan man som anvender skal bruge Seal.Java til denne omveksling.
Der findes et komplet eksempel (incl. STS omveksling) sidst på siden der virker uden at det kræver tilretning.
Eksempel
eHSDI IDWS XUA Bootstrap Token
Læs eHSDI IDWS XUA Saml Assertion fra IdP
Der findes ikke metoder i EHDSIFactory der kan parse en eHDSI IDWS XUA Saml Assertion der stammer fra en Identity Provider (i et W3C Element) til et DkncpBootstrapSamlAssertion objekt.
Opbyg OIO SAML Assertion
Bootstrap Token er baseret på OIO-IDWS og er en SAML 2.0 Assertion der repræsentere en borger. Den er udstedt af Danish National Contact Point (DKNCP). Det er muligt at opbygge et eHDSI IDWS XUA Bootstrap Token vha. Seal.Java, men det er typisk kun til testformål. Dette token kan valideres ved at kontrollere, at audience svarer til den modtager, det er udstedt til, at gyldighedsperioden ikke er udløbet, og at signaturen er gyldig. Signaturen for en SAML 2.0 Assertion valideres ved at benytte det indlejrede signeringscertifikat.
Det samlede request der sendes til en STS er signeret af en troværdig tredjepart. Det samlede request kan valideres vha. det Holder Of Key certifikat der er indlejret i NSP OIO Bootstrap Token.
Det omvekslede eHDSI IDWS Identity Token er stort set identisk med eHDSI DWS XUA Bootstrap Token og har de samme Saml attributter.
I det følgende vises nogle stykker kode der viser hvordan man som anvender skal bruge Seal.Java til denne omveksling.
Der findes et komplet eksempel (incl. STS omveksling) sidst på siden der virker uden at det kræver tilretning.
Eksempel
eHSDI IDWS XUA Bootstrap Token
Læs eHSDI IDWS XUA Saml Assertion fra IdP
Der findes ikke metoder i EHDSIFactory der kan parse en eHDSI IDWS XUA Saml Assertion der stammer fra en Identity Provider (i et W3C Element) til et DkncpBootstrapSamlAssertion objekt.
Opbyg OIO SAML Assertion
Seal.Java kan anvendes til at opbygge Seal.Java kan anvendes til at opbygge en eHDSI IDWS XUA Saml Assertion. Dette vil typisk ske i forbindelse med test.
...
| Code Block |
|---|
DkncpBootstrapSamlAssertionBuilder dkncpBootstrapSamlAssertionBuilder = factory.createDkncpBootstrapSamlAssertionBuilder(vault, issuer);
dkncpBootstrapSamlAssertionBuilder.setIssuer("http://sosi");
dkncpBootstrapSamlAssertionBuilder.setAudienceRestriction("http://audience.nspoop.dk/dds");
dkncpBootstrapSamlAssertionBuilder.setNotBefore(notBeforeDateTime);
dkncpBootstrapSamlAssertionBuilder.setNotOnOrAfter(notOnOrAfterDateTime);
dkncpBootstrapSamlAssertionBuilder.setSubjectName("C=DK,O=LAKESIDE A/S // CVR:25450442,CN=Sårjournal TEST læge,Serial=CVR:25450442-RID:73570260");
dkncpBootstrapSamlAssertionBuilder.setSubjectNameID("nameid");
dkncpBootstrapSamlAssertionBuilder.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
dkncpBootstrapSamlAssertionBuilder.setDeliveryNotOnOrAfter(notOnOrAfterDateTime);
dkncpBootstrapSamlAssertionBuilder.setSigningVault(signingVault);
dkncpBootstrapSamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
dkncpBootstrapSamlAssertionBuilder.setSubject("Alfonso Gonzalez");
dkncpBootstrapSamlAssertionBuilder.setRole("2221", "Nursing professionals");
List<String> permissions = new ArrayList<>();
permissions.add("urn:oasis:names:tc:xspa:1.0:subject:hl7:permission:PRD-004");
permissions.add("urn:oasis:names:tc:xspa:1.0:subject:hl7:permission:PRD-010");
dkncpBootstrapSamlAssertionBuilder.setPermissions(permissions);
dkncpBootstrapSamlAssertionBuilder.setOnBehalfOf("221", "Medical Doctors");
dkncpBootstrapSamlAssertionBuilder.setOrganization("Charité – Universitätsmedizin Berlin");
dkncpBootstrapSamlAssertionBuilder.setOrganizationId("urn:oid:1.3.6.1.4.1.44938");
dkncpBootstrapSamlAssertionBuilder.setHealthcareFacilityType("Hospital");
dkncpBootstrapSamlAssertionBuilder.setPurposeOfUse("TREATMENT");
dkncpBootstrapSamlAssertionBuilder.setLocality("Klinik am Berg, 83242 Reit im Winkl");
dkncpBootstrapSamlAssertionBuilder.setPatientId("0205756078^^^&1.2.208.176.1.2&ISO");
dkncpBootstrapSamlAssertionBuilder.setAssuranceLevelNIST(assuranceLevel);
dkncpBootstrapSamlAssertionBuilder.setSpecVersion("eHDSI-IDWS-XUA-1.0");
dkncpBootstrapSamlAssertionBuilder.setIssuancePolicy("urn:dk:sosi:sts:eHDSI-strict");
dkncpBootstrapSamlAssertionBuilder.setCountryOfTreatment("DE");
DkncpBootstrapSamlAssertion dkncpBootstrapSamlAssertion = dkncpBootstrapSamlAssertionBuilder.build(); |
STS Request
Det samlede STS request med en NSP OIO SAML Assertion opbygges på denne måde:
...
Nu vil en STS kunne modtage det og veksle det til et eHDSI IDWS XUA Identity Token der kan anvendes på NSP platformen. Eksempel på hvordan Seal.Java kan anvendes til denne omveksling findes her: Seal.Java 3 - Guide til anvendere (STS) - Dkncp Boostrap token til eHDSI Identity token
Request som stream
En consumer vil typisk have et eHDSI IDWS XUA Bootstrap token som en stream der kan sendes direkte til en STS. Dette vil man selv kunne deserialisere hvis man vil se indholdet:
| Code Block |
|---|
// Anvender har et XML dokument indeholdende NSP OIO SAML Bootstrap Token request:
String consumerStsRequestXml = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" ... </soapenv:Envelope>";
Document requestDocument = XmlUtil.readXml(new Properties(), consumerStsRequestXml, false);
DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequest request = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestModelBuilder().build(requestDocument); |
Det er nu muligt at se indholdet af requestet
STS Response
Service Request
...
indholdet:
| Code Block |
|---|
// Anvender har et XML dokument indeholdende NSP OIO SAML Bootstrap Token request:
String consumerStsRequestXml = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" ... </soapenv:Envelope>";
Document requestDocument = XmlUtil.readXml(new Properties(), consumerStsRequestXml, false);
DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequest request = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestModelBuilder().build(requestDocument); |
Det er nu muligt for en STS at se indholdet af requestet og på baggrund af indholdet vil en STS kunne bygge et response .
STS Response
Når consumeren modtager svaret fra STS, så skal det først indlæses i et Document:
| Code Block |
|---|
// Konverter XML svaret fra STS til Document
consumerStsResponseDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsResponseXml, false); |
Man kan nu deserialisere svaret til et OIOBSTSAMLAssertionToIDCardResponse modelobjekt:
| Code Block |
|---|
// Deserialiser STS svaret til modelobjekt
DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponse consumerStsResponse = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseModelBuilder.build(consumerStsResponseDocument); |
Her efter kan man hente eHDSI IDWS XUA Identity Token ud og verificere attributterne:
| Code Block |
|---|
// Hent Identity Token fra STS svar
EhdsiIdwsXuaEmployeeIdentityToken employeeIdentityToken = response.getEhdsiIdwsXuaEmployeeIdentityToken();
// Verificer at det er et eHDSI IDWS XUA Identity Token og et par øvrige attributter:
Assert.assertEquals("eHDSI-IDWS-XUA-1.0", employeeIdentityToken.getSpecVersion());
Assert.assertEquals("3", employeeIdentityToken.getAssuranceLevel());
Assert.assertEquals("Alfonso Gonzalez", employeeIdentityToken.getSubject()); |
Service Request
Når vi har STS svaret kan service requestet opbygges. Først skal der opbygges et eHDSI XUA IDWS request med den Body der passer til den service der skal kaldes. Den kan se sådan her ud, hvor Body elementet ikke er udfyldt:
| Code Block |
|---|
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:sbf="urn:liberty:sb" xmlns:sbfprofile="urn:liberty:sb:profile"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
...
</soapenv:Header>
<soapenv:Body>
...
</soapenv:Body>
</soapenv:Envelope> |
Nu kan man så bruge Seal.Java til at berige dette request med det eHDSI XUA Idws Identity Token der findes i STS svaret (identityTokenResponse) og signere det:
| Code Block |
|---|
EhdsiRequestDOMEnhancer enhancer = factory.createEhdsiRequestDOMEnhancer(vocesVault, serviceConsumerRequestDocument);
enhancer.setWSAddressingAction(soapAction);
enhancer.setEhdsiIdwsXuaEmployeeIdentityToken(ehdsiIdwsXuaEmployeeIdentityToken);
enhancer.enhanceAndSign();
String serviceConsumerRequestXml = XmlUtil.node2String(serviceConsumerRequestDocument, false, true); |
Det samlede request kommer til at se sådan ud, hvor body delen her er tom:
| Code Block | ||
|---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:sbf="urn:liberty:sb" xmlns:sbfprofile="urn:liberty:sb:profile"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2025-11-25T12:19:41Z</wsu:Created>
</wsu:Timestamp>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ID="_390ea322-411a-4c0e-8d49-ce913cdba835" IssueInstant="2025-11-25T12:19:41Z"
Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>http://sosi</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#_390ea322-411a-4c0e-8d49-ce913cdba835">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>OYvT2iTaVAxohdVEob8FQ71VTyqLyecOI8TIIT6gTOQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
pMG6Nl1NnEyeK2iFB/WZALRGcn/WnOljUaNqHWtT/lvQrv0gqCe11CEqYiGfkpfWNnl6JvM7+voTDaxoI+h+PDylCvZTIwBR+IZCNHYk65mR3yh9bXyFmd7sc9LGugu49r5jUeclfbv/fUzQFM0WjWJ6qSIhaoLP7ZUYRIN7HAVX5hevOXhSizf3PFdvuFpcThpgUxEmLYsR7R1hlAFa/p0b817u9TNsTRfoYXRWSJLNNdQrrV5IktO+oQ8bdCmg3+/zdYJ+mRkofmWGeFIC8HKj+zXN22lb86CNacppxUdlT6gT4smfsuPYXVPNF0KVuvlquXqOdlyItvMLYDj5nmZV21NTL6hroGW7+2Of7Bg4gunuLJhAdl3lOih+IX6Hty/ZYPDVKYO+sTj/NHhmaQoKtIS0Svkf6ZLbbUmZu6K7suaJSNSdgFrYQWijor40bbBzIyZLkjbic8dQy9E6r46hLp1Iohqtpjrxe7krqzP2TKGl8JWmI2azwrSA/iZQ</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGqzCCBN+gAwIBAgIUbMuS2gXsAUxVt5B4LYli9Jh7G64wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yNDA0MjkwNjU0MzhaFw0yNzA0MjkwNjU0MzdaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMxeSBXyU1e/jdTJeC5C6qbKL/LosO1jyuwzVTr1OXUwNtWN47L3Xx/uflPcQUKvAj1DggEhraQRW3itGqeK6jktkKaz2SijYVoCXS1QbxXbWhSUkNXLwyDcRdhnj5DqfIYsifAFquX2BfzLweLudVWvIuggX4WVJA0GrpSFwmwIGcZpyu82XuW8wriw2NvUrjrfDjxpFkCoMZXT9Jr5YVVncPBiN9pxFVneoBhBeFnHmxdHSDILLPuGahsc57g/8o0BsgSWjWJNxGzST727bLb/rSCvRMWBIkUlsmx4HuNixJ8U0zITGgDGjVmv59OUXYOYq92QGaXBGnfVDKHK2uFC3Yqcx8MCD2gxg4Yr5Yl7wa0iXmLZXjvy14n0a+GOk5uH/DLD+uNU32HOSZ7ZMe1Hb/37ztBLklmUfhqS2jVdbR+5KuQegycNnbCRks8oUAFbeUnoJtXMPguBdTY1Uko/UXV+scl95w4XFj+BnVbgI13BRlmcKrTi8U5EphugMCAwEAAaOCAakwggGlMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAgBgNVHREEGTAXgRVuc3Auc3VwcG9ydEBhcm9zaWkuZGswIgYDVR0gBBswGTAIBgYEAI96AQEwDQYLKoFQgSkBAQEDBwEwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFC7ffuHVkwJCJnx9k2t3oJr0IYcxMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAL/FUm1nnfOw6iTUxHdHJjFziHzYgVLhm56yTeB5I74AmQHJWDY58vu3VEvrPm1q1YsQGnzd4Ks95/C6Y3po2mXMyY2lZLDmZrFRfcP7X+LfdNMxGYCxNaIVtSqW5SYGPrkbCRvk9IXt2OhZaYqblYsq2/bOBDUZq9kL/dyVoPs2dxSUNqNlpuQrpgvPwMVQYLEClY1h6Bgx3LgF5Un6j4TNXX+fvCoJi/41OSlZUFXWY8C9I3hpSHHBLtzX1UlFhWuEfz9aELakFb4PSFzwzZ+7iBibngbWJUHF4j16FigO7zqST63jYPlvgg5WoPSkGpXdiSsRbwrl4eOjXTLljDgcMePqXG/vhxVtkTcGOk6nPoBGwN0nasbdXkg+ZYmov7nvIUvMGgkYhhrAis1OYYZDpwHLSsZHKD85/pWoUUMRhnXcKTOFIa8t2GApFhBVdPruiZaDIokaKMacer1D+3f4iU64AzXPSOc6TORfvVHC8uIvXaVnl34ifUgD4FV72Q==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Ingen
organisatorisk tilknytning,CN=Lars
Larsen,Serial=PID:9208-2002-2-514358910503</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData NotOnOrAfter="2025-11-25T12:19:51Z">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGpTCCBNmgAwIBAgIUYJ0aPJz3wA7sSIY072JLnBOYu/IwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yNTAzMTkxOTE2MDlaFw0yODAzMTgxOTE2MDhaMIGbMRIwEAYDVQQDDAlWT0NFU19IT0sxNzA1BgNVBAUTLlVJOkRLLU86Rzo4YjQ2MTY1Ny1hZjliLTRkN2ItYThhYS0xMDY1YTdjNzUxZGIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDxyntzZwKVYwyT2LCMuPvfGxGBVdbxVBA1w6OrJfaktgHTOC6/aP4Er/M6Ey0Yk37paf2QNwkX4R9OOpZtikKsnKAgAryy8lNW1/4vHv+m2lguT/lUcjn6Y02CeoA3hTs3wxup4Z/0SbFucMZ2HlyoUKGVgroFHIiDVw0S7zeAlh25IxiO2U1C4aGFNbX25/vcU0SclYWAaWTDNQv3dReIPU/uPjKE87Ng7BbjFqP9sFtL0O0TJhMvDw6uNdSyVYAicmhLQhvMXAn31pfYp284uu+OpSDlZ8XM/V9zBuK+LyOZU8xWIT3Sio5ZBH9i3tHXOaG3SaGpgrNg7figkewo6haRanQm8NmzOBD2rwcYJOf9A07NurRdr3yYdsN9cQjYxJ47ZjN0jNnEHorWMgzMaqBCYqSH59C2Oqt7Isvqpi6vI+wOAHrE3pLdRYAQ5a4hA6gFMnME27vPskC344mEkLAbnfGlFI7WUK4pwtlBhi0R1RHr6WdMghmPBlPBpq0CAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAdBgNVHREEFjAUgRJ0a25Aa3ZhbGl0ZXRzaXQuZGswIgYDVR0gBBswGTAIBgYEAI96AQEwDQYLKoFQgSkBAQEDBwEwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFEazl9U4mkXimPA+0Ev2r0LAuAPdMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBALVDzuhJDYcr/DjKuvBLCGYsontwVBB5H4DT4XW9CoVjAwKuJMTrrpQZinKftjHR4Rn+QY5Mz0J/P8PgvXeyZ5FqLa46cCz/msBH+uqDWiH4jq1H0Yc/IYtxTb2jB2GArST905tb+aXoGmE3Gyus1PdmznPhHiGuImiZ5v8JITEdpHdi54Ywjmp9B/DRQ4o7x/oYTfQweq5a1ut0MlFukhdRL5K/wmNjH6FFbAOKWK7QBorKm+I0W2mZcQHUPKzryqM1FvZhWNJ76Kl3dDngRfOPZHpAMPIC0gPe2feC8850l3awYCA3c/hVKquteMPJcb3YQbqNB4z8iV0xZyXNiDxCUyT3ibiPltocEDnMGiVhNurRrOKCMX0l3q2kmWWO8JJn7Mif0avdSaOg+Z378VM6kSF6bdD4swiBZlMz6D3m3HeKKy/QCPWpaRAcAp1/oO0+gxs8UuMKusbxFHAQQ3InSoJhyOt+sv1ZnLKd9Iouvcy5v9yFGVsMsgbtB896ew==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubDet samlede request kommer til at se sådan ud, hvor body delen her er tom:jectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2025-11-25T12:19:40Z"
NotOnOrAfter="2025-11-25T12:24:41Z">
<saml:AudienceRestriction>
<saml:Audience>https://fmk</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute FriendlyName="XSPA Subject"
Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">Alfonso Gonzalez</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="XSPA Role"
Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<saml:AttributeValue>
<Role xmlns="urn:hl7-org:v3" code="2221"
codeSystem="2.16.840.1.113883.2.9.6.2.7" codeSystemName="ISCO"
displayName="Nursing professionals" xsi:type="CE" />
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="XSPA Organization Id"
Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">urn:oid:1.3.6.1.4.1.44938</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="EHDSI Healthcare Facility Type"
Name="urn:ehdsi:names:subject:healthcare-facility-type" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">Hospital</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="XSPA Purpose of Use"
Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<saml:AttributeValue>
<PurposeOfUse xmlns="urn:hl7-org:v3" code="TREATMENT"
codeSystem="urn:oasis:names:tc:xspa:1.0" xsi:type="CE" />
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="XSPA Locality"
Name="urn:oasis:names:tc:xspa:1.0:environment:locality" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">Klinik am Berg, 83242 Reit im
Winkl</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="XUA Patient Id"
Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">
0205756078^^^&1.2.208.176.1.2&ISO</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="IDWS XUA SpecVersion"
Name="urn:dk:healthcare:saml:SpecVersion" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">eHDSI-IDWS-XUA-1.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="IDWS XUA IssuancePolicy"
Name="urn:dk:healthcare:saml:IssuancePolicy" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">urn:dk:sosi:sts:eHDSI-strict</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="EHDSI Country of Treatment"
Name="urn:dk:healthcare:saml:CountryOfTreatment" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">DE</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="NIST AssuranceLevel"
Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="XSPA permissions"
Name="urn:oasis:names:tc:xspa:1.0:subject:hl7:permission" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">
urn:oasis:names:tc:xspa:1.0:subject:hl7:permission:PRD-004</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">
urn:oasis:names:tc:xspa:1.0:subject:hl7:permission:PRD-010</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="EHDSI OnBehalfOf"
Name="urn:ehdsi:names:subject:on-behalf-of">
<saml:AttributeValue>
<Role xmlns="urn:hl7-org:v3" code="221"
codeSystem="2.16.840.1.113883.2.9.6.2.7" codeSystemName="ISCO"
displayName="Medical Doctors" xsi:type="CE" />
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="XSPA Organization"
Name="urn:oasis:names:tc:xspa:1.0:subject:organization" NameFormat="">
<saml:AttributeValue xsi:type="xs:string">Charité – Universitätsmedizin
Berlin</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<wsse:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
wsu:Id="str">
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">
_390ea322-411a-4c0e-8d49-ce913cdba835</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>t4qwYXQUpCa6RcPoOxZurThUAQE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>PAd/Il/MPQ374UqwA45WNqFBASw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#str">
<ds:Transforms>
<ds:Transform
Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>MplFr7XEIG5UEjmXXHrPAtMiSss=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>JC57pKzzB6LKydk++s7Dzibh5TA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>gMcZyZVVFnlS95RDJcS8GmTyPzY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#sbf">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>DrMuEoWp7Uik1KTUOuvtisxvpXA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
fA1nANrYJrZWF10fDfO+BFgcM0wJwMh2BWFtLxkvnMa3SWjdfxT14f4JWQfPAQLsIg/BXFO7Xit+lQJb2sPxAnEBIlPr2SEu4O5uaWPCQkZk3fM86nYKuM+ZaeNdYPrzk7S6vPkMuDOllvm9EAVjhc7ZzQ+SixOJ/SNqJqi9hBhOzoBdSH2hjEAPwEu3lS/k+/Y9liiW8u9QQfPZGi/7E2uqU1D7P1XERQrUkwkJI6K+sBQUOKoK302/h4WlzDlEI4Z9yN8bFLa95te+ALAjCgFZHdPw+QCQ0SEPZIXCpcYvTmfMT71vZyL8KLFvZ9P2p7xG40q9pR1oChjllv5opdU4phGQGGFPF5g2aJJBQSuqKY2kX+BfSSSUHj63OxqFYLmgl2e2yV9LcEd1FuUiUumYt6Jq2SeP+34I8m0zlnANmBncnG4hNgP9qNtuU2WBl1hVkICU2e7Xv8dEetM4ot4G/m+QK9NOjI0DVg7jp6lh+Uj67sRKZa55lItXUoiO</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
wsu:Id="sigStr">
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">
_390ea322-411a-4c0e-8d49-ce913cdba835</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:MessageID wsu:Id="messageID">urn:uuid:a74425bc-b3f2-4891-a6c5-576914fdfdde</wsa:MessageID>
<wsa:Action wsu:Id="action">http://foo.com#bar</wsa:Action>
<sbf:Framework sbfprofile:profile="urn:liberty:sb:profile:basic" version="2.0" wsu:Id="sbf" />
</soapenv:Header>
<soapenv:Body wsu:Id="body" />
</soapenv:Envelope> |
Service Response
Det er pt. ikke muligt at benytte Seal.Java til at modtage service responses for denne omveksling.
Komplet eksempel (incl. STS delen)
| Code Block | ||
|---|---|---|
| ||
public class TestFactoryFlow extends AbstractUserIDCardTest { TestFactoryFlow { private final String NAMEID_FORMAT_X509_SUBJECT_NAME = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; @Test public void testDKNCPBST2EHDSIIdws() { /** * Consumer sender request */ // CredentialVault og Factory CredentialVault signingVault = new CredentialVaultTestUtil.getVoces3CredentialVault(ClasspathCredentialVault(null, "Filnavn på PKCS#12 Virksomhedscertifikat", "Kodeord til Virksomhedscertifikat"); CredentialVault holderOfKeyVault = new CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();ClasspathCredentialVault(null, "Filnavn på PKCS#12 Holder of key certifikat", "Kodeord til Holder of key certifikat"); EHDSIFactory factory = new EHDSIFactory(); // Build Dkncp Boostrap SAML Assertion String issuer = "http://sosi"; DkncpBootstrapSamlAssertionBuilder dkncpBootstrapSamlAssertionBuilder = factory.createDkncpBootstrapSamlAssertionBuilder(signingVault, issuer); dkncpBootstrapSamlAssertionBuilder.setIssuer(issuer); dkncpBootstrapSamlAssertionBuilder.setAudienceRestriction("https://fmk"); Date now = new Date(); dkncpBootstrapSamlAssertionBuilder.setNotBefore(notBefore); dkncpBootstrapSamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter); dkncpBootstrapSamlAssertionBuilder.setDeliveryNotOnOrAfter(notOnOrAfter); dkncpBootstrapSamlAssertionBuilder.setSubjectName("C=DK,O=LAKESIDE A/S // CVR:25450442,CN=Sårjournal TEST læge,Serial=CVR:25450442-RID:73570260"); dkncpBootstrapSamlAssertionBuilder.setSubjectNameID("nameid"); dkncpBootstrapSamlAssertionBuilder.setSubjectNameIDFormat(SAMLValues.NAMEID_FORMAT_X509_SUBJECT_NAME); dkncpBootstrapSamlAssertionBuilder.setSigningVault(signingVault); dkncpBootstrapSamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate()); // Mandatory attribute values dkncpBootstrapSamlAssertionBuilder.setSubject("Alfonso Gonzalez"); dkncpBootstrapSamlAssertionBuilder.setRole("2221", "Nursing professionals"); dkncpBootstrapSamlAssertionBuilder.setOrganization("Charité – Universitätsmedizin Berlin"); dkncpBootstrapSamlAssertionBuilder.setOrganizationId("urn:oid:1.3.6.1.4.1.44938"); dkncpBootstrapSamlAssertionBuilder.setHealthcareFacilityType("Hospital"); dkncpBootstrapSamlAssertionBuilder.setPurposeOfUse("TREATMENT"); dkncpBootstrapSamlAssertionBuilder.setLocality("Klinik am Berg, 83242 Reit im Winkl"); dkncpBootstrapSamlAssertionBuilder.setPatientId("0205756078^^^&1.2.208.176.1.2&ISO"); dkncpBootstrapSamlAssertionBuilder.setAssuranceLevelNIST("3"); dkncpBootstrapSamlAssertionBuilder.setSpecVersion("eHDSI-IDWS-XUA-1.0"); dkncpBootstrapSamlAssertionBuilder.setIssuancePolicy("urn:dk:sosi:sts:eHDSI-strict"); dkncpBootstrapSamlAssertionBuilder.setCountryOfTreatment("DE"); DkncpBootstrapSamlAssertion dkncpBootstrapSamlAssertion = dkncpBootstrapSamlAssertionBuilder.build(); dkncpBootstrapSamlAssertion.validateSchema(); dkncpBootstrapSamlAssertion.validateSignatureAndTrust(signingVault); // Build Dkncp Bootstrap request DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestDOMBuilder requestDomBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestDOMBuilder(); requestDomBuilder.setAudience("https://sosi"); requestDomBuilder.setSigningVault(holderOfKeyVault); requestDomBuilder.setDkncpBootstrapToken(dkncpBootstrapSamlAssertion); // Serialize request to the same form as received by the STS Document consumerStsRequestDocument = requestDomBuilder.build(); /** * Send request over netværk */ String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false); consumerStsRequestDocument = readXml(System.getProperties(), consumerStsRequestXml, false); /** * STS modtager request */ DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequest request = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestModelBuilder().build(consumerStsRequestDocument); // validate request request.validateSignatureAndTrust(holderOfKeyVault); request.validateHolderOfKeyRelation(); // Validate assertion DkncpBootstrapSamlAssertion assertion = request.getDkncpBootstrapSamlAssertion(); // The DKNCP BST Assertion can be schema validated after serialize/deserialize assertion.validateSchema(); assertion.validateSignatureAndTrust(signingVault); // Verify all attributes Assert.assertEquals("Alfonso Gonzalez", assertion.getSubject()); Assert.assertEquals(EHDSI_ROLE_XSI_TYPE, assertion.getRoleType()); Assert.assertEquals("2221", assertion.getRoleCode()); Assert.assertEquals(EHDSI_ROLE_CODE_SYSTEM, assertion.getRoleCodeSystem()); Assert.assertEquals(EHDSI_ROLE_CODE_SYSTEM_NAME, assertion.getRoleCodeSystemName()); Assert.assertEquals("Nursing professionals", assertion.getRoleDisplayName()); Assert.assertEquals("Charité – Universitätsmedizin Berlin", assertion.getOrganization()); Assert.assertEquals("urn:oid:1.3.6.1.4.1.44938", assertion.getOrganizationId()); Assert.assertEquals("Hospital", assertion.getHealthcareFacilityType()); Assert.assertEquals("TREATMENT", assertion.getPurposeOfUseCode()); Assert.assertEquals("Klinik am Berg, 83242 Reit im Winkl", assertion.getLocality()); Assert.assertEquals("0205756078^^^&1.2.208.176.1.2&ISO", assertion.getPatientId()); Assert.assertEquals("3", assertion.getAssuranceLevelNIST()); Assert.assertEquals("eHDSI-IDWS-XUA-1.0", assertion.getSpecVersion()); Assert.assertEquals("urn:dk:sosi:sts:eHDSI-strict", assertion.getIssuancePolicy()); Assert.assertEquals("DE", assertion.getCountryOfTreatment()); /** * STS bygger response */ // Build Ehdsi Idws Xua Employee identity token EhdsiIdwsXuaEmployeeIdentityTokenBuilder tokenBuilder = factory.createEhdsiIdwsXuaEmployeeIdentityTokenBuilder(); tokenBuilder.setIssuer("http://sosi"); tokenBuilder.setAudienceRestriction("https://fmk"); tokenBuilder.setNotBefore(notBefore); tokenBuilder.setNotOnOrAfter(notOnOrAfter); tokenBuilder.setDeliveryNotOnOrAfter(notOnOrAfter); tokenBuilder.setSubjectNameID("C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503"); tokenBuilder.setSubjectNameIDFormat(SAMLValues.NAMEID_FORMAT_X509_SUBJECT_NAME); tokenBuilder.setSigningVault(signingVault); tokenBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate()); tokenBuilder.setSubject("Alfonso Gonzalez"); tokenBuilder.setRole("2221", "Nursing professionals"); tokenBuilder.setOrganization("Charité – Universitätsmedizin Berlin"); tokenBuilder.setOrganizationId("urn:oid:1.3.6.1.4.1.44938"); tokenBuilder.setHealthcareFacilityType("Hospital"); tokenBuilder.setPurposeOfUse("TREATMENT"); tokenBuilder.setLocality("Klinik am Berg, 83242 Reit im Winkl"); tokenBuilder.setPatientId("0205756078^^^&1.2.208.176.1.2&ISO"); tokenBuilder.setAssuranceLevel("3"); tokenBuilder.setSpecVersion("eHDSI-IDWS-XUA-1.0"); tokenBuilder.setIssuancePolicy("urn:dk:sosi:sts:eHDSI-strict"); tokenBuilder.setCountryOfTreatment("DE"); EhdsiIdwsXuaEmployeeIdentityToken ehdsiIdwsXuaEmployeeIdentityToken = tokenBuilder.build(); // Validate Identity Token ehdsiIdwsXuaEmployeeIdentityToken.validateSchema(); ehdsiIdwsXuaEmployeeIdentityToken.validateSignatureAndTrust(signingVault); // Build Ehdsi Idws Xua Employee response DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseDOMBuilder responseBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseDOMBuilder(); responseBuilder.setEhdsiIdwsXuaEmployeeIdentityToken(ehdsiIdwsXuaEmployeeIdentityToken); responseBuilder.setSigningVault(holderOfKeyVault); responseBuilder.setRelatesTo("relatesTo"); responseBuilder.setContext("context"); Document consumerStsResponseDocument = responseBuilder.build(); /** * Send response over netværk */ String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false); consumerStsResponseDocument = readXml(System.getProperties(), consumerStsResponseXml, false); /** * Consumer modtager response */ DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseModelBuilder responseModelBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseModelBuilder(); DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponse response = responseModelBuilder.build(consumerStsResponseDocument); // Validate entire response response.validateSignature(); // Validate the Ehdsi Idws Xua Employee Identity token from the response EhdsiIdwsXuaEmployeeIdentityToken employeeIdentityToken = response.getEhdsiIdwsXuaEmployeeIdentityToken(); // The Ehdsi Idws Xua Employee Identity token can be schema validated after serialize/deserialize employeeIdentityToken.validateSchema(); employeeIdentityToken.validateSignatureAndTrust(signingVault); // Verify all attributes assertEquals("3", employeeIdentityToken.getAssuranceLevel()); assertEquals("Alfonso Gonzalez", employeeIdentityToken.getSubject()); Assert.assertEquals("2221", employeeIdentityToken.getRoleCode()); Assert.assertEquals("Nursing professionals", employeeIdentityToken.getRoleDisplayName()); Assert.assertEquals("Charité – Universitätsmedizin Berlin", employeeIdentityToken.getOrganization()); Assert.assertEquals("urn:oid:1.3.6.1.4.1.44938", employeeIdentityToken.getOrganizationId()); Assert.assertEquals("Hospital", employeeIdentityToken.getHealthcareFacilityType()); Assert.assertEquals("TREATMENT", employeeIdentityToken.getPurposeOfUseCode()); Assert.assertEquals("Klinik am Berg, 83242 Reit im Winkl", employeeIdentityToken.getLocality()); Assert.assertEquals("0205756078^^^&1.2.208.176.1.2&ISO", employeeIdentityToken.getPatientId()); Assert.assertEquals("3", employeeIdentityToken.getAssuranceLevel()); Assert.assertEquals("eHDSI-IDWS-XUA-1.0", employeeIdentityToken.getSpecVersion()); Assert.assertEquals("urn:dk:sosi:sts:eHDSI-strict", employeeIdentityToken.getIssuancePolicy()); Assert.assertEquals("DE", employeeIdentityToken.getCountryOfTreatment()); } } |
...