Page History
...
"..." er indsat de steder i eksemplet, hvor indholdet formateret som Base64.
<?xml version="1.0" encoding="UTF-8"?>
<Assertion ID="id4dc7177d3dc14383b4f2d6e6b125dcd9" IssueInstant="2022-09-14T10:53:26.804Z"
Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://t-seb.dkseb.dk/runtime/</Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#id4dc7177d3dc14383b4f2d6e6b125dcd9">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>...</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
>79f30dae-e945-4c7b-941f-94cd4c7a3cf1</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="id7970d754ae48499886d89d78cd862f84"
NotOnOrAfter="2022-09-14T10:58:26.804Z"
Recipient="https://t-seb.dkseb.dk/samlclaimapp11/login.ashx"/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2022-09-14T10:53:26.804Z" NotOnOrAfter="2022-09-14T11:53:26.804Z">
<AudienceRestriction>
<Audience>https://t-seb.dkseb.dk/samlclaimapp11/</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement AuthnInstant="2022-09-14T10:53:26.804Z" SessionIndex="DxtYXLE2lmxJyfM2BuiX2A==">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<AttributeStatement>
<Attribute Name="https://data.gov.dk/model/core/eid/cprUuid"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>f094778e-9b64-45a8-a254-d299dbde7614</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>79f30dae-e945-4c7b-941f-94cd4c7a3cf1</AttributeValue>
</Attribute>
<Attribute Name="dk:gov:saml:attribute:AssuranceLevel"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue>3</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/privilegesIntermediate"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>...</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/bootstrapToken"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>...</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/fullName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>Karl Kristensen</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>xxx@xxxxx.dk</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/cprNumber"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>231096xxxx</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/professional/cvr"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>25252525</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/professional/rid"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>85479288</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/eid/professional/orgName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>Organisation X</AttributeValue>
</Attribute>
<Attribute Name="https://data.gov.dk/model/core/specVersion"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>OIO-SAML-3.0</AttributeValue>
</Attribute>
<Attribute Name="https://healthcare.data.gov.dk/model/core/specVersion"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>OIOSAML-H-3.0</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>
Eksempel på
...
nationale roller, autorisationer, ydertilknytning
...
indlejret i https://data.gov.dk/model/core/eid/privilegesIntermediate attributten
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeListxmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:25450442">
<Privilege>urn:dk:healthcare:national-federation-role:SundAssistR1</Privilege>
<Privilege>urn:dk:healthcare:national-federation-role:PlejeAssR3</Privilege>
</PrivilegeGroup>
<PrivilegeGroup Scope="urn:dk:healthcare:saml:userAuthorization:National">
<Privilege>urn:dk:healthcare:saml:userAuthorization:AuthorizationCode:CLDSX:EducationCode:5265:EducationName:Kiropraktor</Privilege>
<Privilege>urn:dk:healthcare:saml:userAuthorization:AuthorizationCode:KQQ1F:EducationCode:7170:EducationName:Læge</Privilege>
</PrivilegeGroup>
<PrivilegeGroup Scope="urn:dk:healthcare:saml:yderNumberIdentifier:344123:regionCode:83">
<Privilege>urn:dk:healthcare:saml:yder:roleCode:42:roleName:Ansat</Privilege>
</PrivilegeGroup>
</bpp:PrivilegeList>
Den første PrivilegeGroup indenholder to nationale roller.
Den mellemste PrivilegeGroup indenholder to sundhedsfaglige autorisationer.
Den sidste PrivilegeGroup indenholder en yder-tilknytning.