Formålet med dette dokument er at give en detaljeret beskrivelse af de konkrete services, der udbydes af STS i forbindelse med anvendelsesområdet Medarbejderomvekslinger.
Dokumentet henvender sig primært til udviklere, der skal i gang med at anvende de konkrete medarbejderomvekslingssnitflader udbudt af STS.
Dokumentet bygger i høj grad på den overordnede STS - Guide til anvendere, som giver et overblik over STS og levere i denne sammenhæng et mere dybdegående teknisk beskrivelse af de services i STS, der ligger i anvendelsesområdet medarbejderomvekslinger.
Som beskrevet i STS - Guide til anvendere, så findes der i STS følgende services indenfor anvendelsesområdet medarbejderomvekslinger:
| Medarbejderomveksling | |
|---|---|
| /sts/services/Sosi2OIOSaml | Omveksler SOSI Idkort til OIO Saml sikkerhedsbillet rettet mod et specifikt audience, f.eks. sundhed.dk. |
| /sts/services/OIOSaml2Sosi | Omveksler OIO Saml sikkerhedsbillet til SOSI Idkort. Bemærk, at den OIO Saml sikkerhedsbillet, der veksles, skal være signeret af troværdig tredjepart (NemLogin). Tokenprofilen for denne snitflade er OIOSAML 2.0. |
| /sts/services/BST2SOSI | Omveksler OIO Saml bootstrap-token til SOSI Idkort. Typen af bootstrap-token kan enten være OIO3, OIOH3 eller OIOH2. Bemærk, at bootstrap token skal være signeret af troværdig tredjepart: Lokal IdP, SEB IdP Bemærk, at en NSIS godkendt lokal IdP udsteder bootstrap-tokens af typen OIOH3, SEB IdP udsteder bootstrap-tokens af typen OIOH2 og NemLog-in STS (kommer til at) udstede bootstrap-tokens af typen OIO3 |
Fælles for alle snitflader er, at STS validerer signaturen sikkerhedsbilletten, der er en del af forespørgslen.
Udover at indeholde et gyldigt SOSI Idkort på niveau 3 eller 4 (dvs. baseret på et MOCES-, VOCES- eller FOCES-certifikat) som input til omvekslingen, vil omvekslingsrequests af denne type indeholde:
Det angivne audience skal være konfigureret i STS'en.
Gyldige requests vil resultere i udstedelse af en OIO SAML sikkerhedsbillet signeret af STS og rettet mod den angivne webapplikation. Billetten krypteres til den angivne webapplikation. Oplysningerne i denne sikkerhedsbillet er baseret på oplysningerne i SOSI Idkortet.
En del af denne audience-konfiguration er:
Billetomvekslingen kan således anvendes af alle med adgang til NSP. Men kan kun veksle til en assertion som giver adgang til et system kendt og konfigureret i STS.
Der er følgende krav til requests til denne omvesklingsservice:
Såfremt omvekslingen går godt, vil slutresultatet være et STS-signeret id-kort med oplysninger sammensat fra NemLogin token, supplerende informationer og opslag, som herefter kan benyttes som adgangsbillet til NSP-platformens services.
Claims i forhold til autorisationsnummer og uddannelseskode samt national rolle håndteres vha algoritmen vist nedenfor:
Afhængig af miljø udstilles tjenesten på:
|
|
http://<sts-host>:<port>/sts/services/BST2SOSI |
I det følgende gives eksempler på de to typer af requests:
Bruger OIOSAML 2.0 token profil.
Selve requestet til STS ser således ud:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2020-12-04T13:34:53Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>CmI9nsLcR3tIH331Qpwnh5Q0tZA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ulJY+wzEYEvxHWhqK3/whW6Mnmw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>HcrDir5O5S/LidhZ/US8rAqyuhI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>CGpgSPnpOqWRqj4GhbMhchvcCXJO/Qox8DucwfIjoPmktENPUUOT1KL9vy9qDr/XeogUmRDFbUCSfGZGHuoAjkDzo3P7A1aoeZ5TG8+t4oTQgej0O0+ww+/djg81cAuHeCueTVPRgL0xyiVBNUR7uR15OWY7DzXYd3LvvKNyA3zyS4jLJA8y4Dkahb6JU1CWmOT7r79qhH8q7tbScv+dSJQdPHjbH1XW9ilD/fZiqNZBHA0Zcu+H5OPpvtgKKO52+ZNDuIJ8h9nm2IPglTSK1jyg6J9xQ5i3Iko7rVUOTQe6r3PfnPh/GIdcN8d4ZMjUo7JXmZCaKtKa2yuaRPqRIA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGJjCCBQ6gAwIBAgIEW607GjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MTIxNjE0MzE1NFoXDTIyMTIxNjE0MzEwN1owgZAxCzAJBgNVBAYTAkRLMScwJQYDVQQKDB5ORVRTIERBTklEIEEvUyAvLyBDVlI6MzA4MDg0NjAxWDAgBgNVBAUTGUNWUjozMDgwODQ2MC1GSUQ6OTQ3MzEzMTUwNAYDVQQDDC1UVSBHRU5FUkVMIEZPQ0VTIGd5bGRpZyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1oIiZqfo6pai5XoKDBlrtsckoUrj2AxK9neEWWjB6HtzXeVou/AnA5R5xZL+3BpCoZHkoI9ncsh+dTNSeFgNkWkZXRIYK9RYAsxvpr3vTlvDtwfGxY9KLQJJrU/8N0EQbdfNncz6cDNBpoYQRv573nOZdwQKp3sAo+ONDw69ttghOlQekOpbeMwAjTwBRSEWPmqAbsCH+H5niU6TlUfWWJ3WXLeQD4m7AOFEWpYDtTl2ZpN/sEoaAEvnwMZpT6aqbegipIB++llsR8Hc8pd/JnChfwOQrx1gBPn7oSfGLYQS4R1ZPlsredAkWiWGvWnxtJ46AUVNZEzydcIaHkyCvAgMBAAGjggLNMIICyTAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjItY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrQYDVR0fBIGlMIGiMD2gO6A5hjdodHRwOi8vY3JsLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QyMjEuY3JsMGGgX6BdpFswWTELMAkGA1UEBhMCREsxEjAQBgNVBAoMCVRSVVNUMjQwODElMCMGA1UEAwwcVFJVU1QyNDA4IFN5c3RlbXRlc3QgWFhJSSBDQTEPMA0GA1UEAwwGQ1JMMjE0MB8GA1UdIwQYMBaAFKuoAUQZsLNDmdr6fMzSABgD5zy/MB0GA1UdDgQWBBQBeqJr/Y3aBTNh08u88qjEhB6GETAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB7XyjSExCey9MOZxwR7RYjAfbOz/hLVNe1/Maw7Q7tLDVFwjmyZMbpxEAGlTFlo8y8yW5Dc6QQQejQ8+OCtbsJ2MmZfRf4HvezKIVwhZO2wUBbtUroiiatGiKE75GELjDkCI5iEo+aQFxzZ+saKWB6iyQkk9LqQs4+ut4HwUj2a3pXyXc7NfY+ivOxYYYOoPqvrhqEWTdjJv6A2mF6cdWKlZKBnvr8ndkVGQpHDHIUq9BcwGw6iVhaJcAoSl+i4kAjg3gNyWcr0UonyjwkQmaFMQJTkO95lDtn6XOLgXTwKS5X65cLhBDZqXPyNMaR+jGkQ6Ert5jceanwXzaKkLT5</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:20d3cb77-a509-41bc-be6f-214f4453d2a8</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:2f0ca258-1916-4c20-876f-5331a349e2fc">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_84b6b907-4ae8-43d4-a922-28d04fa0d6c2" IssueInstant="2020-12-04T13:34:53Z" Version="2.0">
<saml:Issuer>STS tester/issuer</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_84b6b907-4ae8-43d4-a922-28d04fa0d6c2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ufSXPtPiVJWLlt9ENfAfYOsMENo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>cH8TvxJusVbIFoFMzHYzrzYeaGKVUDf57qpUo8agEmRipV5AmRX3UdP1N5cKP6Isl8TJAZ3txePEedpBkdVopjBo2cx8ZVJTXgO2sD6uxbdhGKmVEGPR0f69k8vNOz9sXubNWIN+Xxh2GOHpGp91AV0Nsq9wqxCQURo9lNcdsc20QwC9zPbxCoSw+WV92hV10z72PvSX5OS0SeM+kBl83DTtBEJWOhlUFv9060pUXh17pt3QCK2LoMCb/2Ly40ab4DtbzLURf6aHSUfVNsIiV0DNp4IXrXPS5GOFs+j5gnEeRU80j2iC+tijm2wU4iUZ7GANVddVCfGnFFOYkHKL4g==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGNjCCBR6gAwIBAgIEWRzGcDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE4MDgyODE0MDc0NVoXDTIxMDgyODE0MDY0MVowgaExCzAJBgNVBAYTAkRLMS8wLQYDVQQKDCZTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC8vIENWUjo0NjgzNzQyODFhMCAGA1UEBRMZQ1ZSOjQ2ODM3NDI4LUZJRDo5MjQyMTMyNTA9BgNVBAMMNkZ1bmt0aW9uc3NpZ25hdHVyIHRpbCB0ZXN0bWlsasO4IChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJb1udNsBCGOyfmRu5yiVWLvuLEPV7vMBiyG/LD67zWHBSODuRoQBNBvrGE5iyXHskqQ8PEzK+N+MWyhp7XKXjU76HGQzSgsXS1nmbDa0QjlomYWyUVgoNiOFRtmSO2GT+CCGD0UvcuzPkxCPCpFGbmOcCaspkH/0wsWIzOGWAFtLdp63dFwgrtkNPr8TK7JxihfGl98n/A/Ibpw19h0sg3cnxTrbeW2whTg2iuP0QgmkggzR/kD7MH5oe98V5rgFD3gvdspfAW9tWgsG9DFxOzPhU6RVPKpUKrHnlQEKaVrDlDLExUx424HSHRESS9/42q7jy1Mi7oL4aMuTG8MoC8CAwEAAaOCAswwggLIMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QyMi1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAIwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjIuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjIuMIGsBgNVHR8EgaQwgaEwPaA7oDmGN2h0dHA6Ly9jcmwuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyMS5jcmwwYKBeoFykWjBYMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMQ4wDAYDVQQDDAVDUkw3NjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUw8wwIBeDjIYO/cn7TpNmW8hXaVAwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAXTQ5jb2Bk+nzr81zocF/HS3gPGSmF85dfBjoPpohjT8+gN2BgOpKxCd5RAbuCLnRHuJNcrJ1Km3Fi9hXkIVMki80MoJwmtTR2lRUxk+hiv6Q6+MvK7Dr2JzzHn/ktqd76Ej7+PpJn62GTZY+X+jNUzRoPPoO3ycKZFTrpUzH7s3LidFvhuBNculEXXI3yX9a+KrFRcOZ+F31Q1yQ/g5gPhdI6bIyzIK2RrjNhpjx1jAqv8ufvPPJeShkzZ0OZOxG3fr4MGdP84/8HSRhgaZE5AK5nVq9vP9dM+awU8gw5M1pTioAjGHkd0zWlv/XO76fN3tpn02ttgDPVzgTHTmF2w==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=NETS DANID A/S // CVR:30808460,CN=TU GENEREL MOCES M CPR gyldig,Serial=CVR:30808460-RID:42634739</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2020-12-04T14:34:53Z" Recipient="STS tester/recipientUrl"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-04T12:34:53Z" NotOnOrAfter="2020-12-04T14:34:53Z">
<saml:AudienceRestriction>
<saml:Audience>STS tester/audience</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2020-12-04T12:34:53Z" SessionIndex="_84b6b907-4ae8-43d4-a922-28d04fa0d6c2">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute FriendlyName="surName" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Testesen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="CommonName" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Test Testesen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="email" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">test.testesen@nsi.dk</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CvrNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">30808460</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="organizationName" Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Statens Serum Institut</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">1802602810</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:2.5.29.29" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">C=DK,O=TRUST2408,CN=TRUST2408 Systemtest XXII CA</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="Uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">CVR:30808460-RID:42634739</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:RidNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">42634739</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="serialNumber" Name="urn:oid:2.5.4.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">5bad375e</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:IsYouthCert" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">false</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">MIIGFjCCBP6gAwIBAgIEW603XjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MTIxMzEzMTcwNVoXDTIyMTIxMzEzMTY1MlowgYAxCzAJBgNVBAYTAkRLMScwJQYDVQQKDB5ORVRTIERBTklEIEEvUyAvLyBDVlI6MzA4MDg0NjAxSDAgBgNVBAUTGUNWUjozMDgwODQ2MC1SSUQ6NDI2MzQ3MzkwJAYDVQQDDB1UVSBHRU5FUkVMIE1PQ0VTIE0gQ1BSIGd5bGRpZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7yIdJgvaiDNjpeJ9JXqj3dM52hfsgMTVQnpWTStD1IkP4rCgKg+yWFS6XBYiXEXO8soJzAhA79caT96aTWY5nEZ+KgX5Iw63U2fFM/X3i3fk0WSWykrrOBsnFI1yp1E7kQiISP5qG4bdY8kNJkLkkJqH+Gd8/EHKg8Kxd0Hj7XO05hUr+EJx691cLgq6CaCUM4YSAEKmdPFbLStchZaGvp74s9UsY9HnFAJ05qYg8UvJfk274PCqKHfV0EcmWMW4AECLnSAiv07AbQfhABkp3kBEfgBrcQmy5Dn7mJ6QZ8H6Vad+gRlR7pBCeHreFj3rsojNrWoY6SJ8tNpztXrwsCAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwID+DCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL20uYWlhLnN5c3RlbXRlc3QyMi50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QyMi1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAgYwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjYuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjYuMIGtBgNVHR8EgaUwgaIwPaA7oDmGN2h0dHA6Ly9jcmwuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyMS5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMQ8wDQYDVQQDDAZDUkwyMTMwHwYDVR0jBBgwFoAUq6gBRBmws0OZ2vp8zNIAGAPnPL8wHQYDVR0OBBYEFKh4eb6AK8qIeIA2ZGrwcwV2d77mMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAEDup4Q2JuK5gmfpZ0jBhkzj4HSqLYhxTedDjewu7+c7QSDdFo599CngwjXgF6CHcz0MmizGyHe08quWsNcPo3BtKC54thE8gytOGdugvvwUv6EWRxfGl6YJieht6K9Qod8j/s6T+YfR+i7H3G+kxcocgVa5nImbv3Th1WsGSd1tt/OijOpdLjMWkhk8w8qFby9ubCV+YK+8sszrz471upjSZyJbsh4Gk50h2tbyfmTHqUBFtguYrioI4k/dVSukbt68jk+sZVLqH4p7Ilp6hA5R+MBMYftCyGrIbJU4LaqEn/DEulBX86sUgQmeVCljW1TnzSO9uKQgnBZSlZLT6XE=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_f6d5e2dc-fabf-434d-b743-a708282844ff" IssueInstant="2020-12-04T13:34:53Z" Version="2.0">
<saml:Issuer>STS tester</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=NETS DANID A/S // CVR:30808460,CN=TU GENEREL MOCES M CPR gyldig,Serial=CVR:30808460-RID:42634739</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
</saml:Subject>
<saml:AttributeStatement>
<saml:Attribute Name="dk:healthcare:saml:attribute:UserEducationCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:healthcare:saml:attribute:UserSurName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Testesen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:healthcare:saml:attribute:ITSystemName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">STS tester</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:healthcare:saml:attribute:UserGivenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Test</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://sosi.dk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
En succesfuld validering af requestet i STS resulterer i et succesfuldt response:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2020-12-04T13:35:02Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>C3ZxAnTYjBI6hkrznqHapBCfxtc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>aOnXKnwxBhHRCvFEqklkJqX1sYE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>HWaea2VIk5szeWMz5pDbxRQ+xGg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>E3jEzjOKeemlNmEX7GE2G1ASzUs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>EFCMxLkjikWyOMV8Opf+UgcX2FTTpGTpCHELo307dpqJGq7rFbvLrqf9yPFzZ0R29E2+BJhKUMPFtZ8YmlOaWICkZXEagou5OcN6uR5mLf99nihWkNYmwHRo5mVzDOzwacU7n/5x6+qD9iZI8VXpGtH8+ilmENjO+jKwux/SQUWqib5jGCLi91WvwJNhjJ1fQ4VUp6E5Dw6QtfzLZnlr0djXdgzHJIAQmWcaLtUBzDhUZnChrMTYwufFVQaflzJSIEp0vXP+FYvwyAj5VZI8TlHIZiFCeHAjWnGfsJsKLrYAcqMnK1l+C34LYyqJtuqAWTvhlG08I63l9Js8ANv8uQ==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:8b3fc250-7384-44b6-828f-af16734867ed</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:20d3cb77-a509-41bc-be6f-214f4453d2a8</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:2f0ca258-1916-4c20-876f-5331a349e2fc">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2020-12-04T13:29:59Z" Version="2.0" id="IDCard">
<saml:Issuer>TESTSTS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:cprnumber">1802602810</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-04T13:29:59Z" NotOnOrAfter="2020-12-05T13:29:59Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>sDWguk1pErZyKWMNZiZXTw==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:OCESCertHash">
<saml:AttributeValue>kiE6PLwGDGs4sn01w3m0kvHmG4A=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>1802602810</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Testesen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserEmailAddress">
<saml:AttributeValue>test.testesen@nsi.dk</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>ZXCVB</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>STS tester</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>30808460</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Statens Serum Institut</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>nmnINoROyYfXXQev43SXwa6MOso=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>AEd0FyGPJl4hR7q36JVlWqfjSlNWMbpU0iKwokswdlgsncdhbpQGFetp1HH3MsFpRVg1NREADKcAgWIyud5Fwr7w2/gXhF0J8E+AdagXc88CFbeSIQ3nt5ML8icKTmvv015RCsASOgXDllNV2wCQqxwgLuO/VUQ2cvUi7vipXYXk/JIuw0A235uFdvdymyoymlGmdufmbi7veQyzI1HdYm33eIcIrMzjFGURMo1MiUZjG1aiNmn8SkTWBZRs4gjiSD3tIDXq+99UNoXHc3fGPxbvf2Hc/6R3nucrWHTTkV8t5CTd5bTgynEi/foiiD0Cu0ZT7RRF2gsmtx6aUMgEhg==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://sosi.dk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2020-12-04T13:29:59Z</wsu:Created>
<wsu:Expires>2020-12-05T13:29:59Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
<wst:RequestedAttachedReference>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#IDCard"/>
</wsse:SecurityTokenReference>
</wst:RequestedAttachedReference>
<wst:RequestedUnattachedReference>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#IDCard"/>
</wsse:SecurityTokenReference>
</wst:RequestedUnattachedReference>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
Request med bootstrap token (ikke krypteret). I requested er der forklarende kommentarer, som bl.a. dækker autorisation, som f.eks. national rolle. Det vil typisk være en NSIS godkendt lokal IdP som udsteder bootstrap tokens af typen OIOH3.
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-04-25T13:07:29Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>lGvzBVzl7WzsufSyZd2p4Uzmv0g=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>5Y0245bPPKhpaA0t6eNN82eTfa4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>lcyJytnBavbAuifHyg2R0FmCNQ8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>tFrQgmojFSw5x0FYM4f9F1/WXrrF/BhY+jXYif7/mfJ5V4Xk2cSC/+Rw7/jA9O3SnPxgZCdq/abqft3ohMC9FiTEKgMMJYbtsjVkvJ5mb+lYIkCi44wF90S/JIJIxuVJK6kJ7GxoRvnTsUkoHxl/6nvWekZrd4LOoQ9gkCU0SsLBWS8NgrtroEVHWO+KVjI+4Q19/YsgPQPMPEAMg1m2brEvm0X+bHQiLROpMeeSlMouIKxaSHiprgzN8iooXfDv6i+CJnXNFvHlXBOWbGz6xPPHzPZekpl3EBjnKdkCozxbY5KcFWQlsLBDJr1/TXFDMCPfY3TSFSmbC70dB9a4mTeaGLB7kdQeZ5mLI31gttjct97BKs3UXxXH84iZvUNHQjyb+HlB/r6uloX8HtpyO7FM9esmoKdnDUksbpamPVmkJa/opK7vNz45V14WMRQphE9IVzQ9ANm753Zc7zC7l++mte8v9IKCx4pN9hP1XSTQkd9pKb0P72e44tGF4zlV</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<!-- Certifikat som har signeret beskeden (body og relevante headere)- skal matche Holder-of-Key certifikatet i bootstraptokenet -->
<ds:X509Certificate>MIIGzzCCBQOgAwIBAgIUVzhJs6+g8hDl/qjLoEg6wfhHE18wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAyMTAxMDEzNDZaFw0yNTAyMDkxMDEzNDVaMIHFMRgwFgYDVQQDDA9UaG9ybXVuZCBOaXNzZW4xETAPBgNVBCoMCFRob3JtdW5kMQ8wDQYDVQQEDAZOaXNzZW4xNzA1BgNVBAUTLlVJOkRLLUU6RzozYzU2MzE4Ni03YTgzLTRiYjUtYWIxMS05MThhMWQzMDI2YTIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk5OTAwNDk5MRcwFQYDVQRhDA5OVFJESy05OTkwMDQ5OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXI9rlAtYBr9L6g30LJuzIlI9PY5zYhuJdOE2bl266nkPK5650gVrjXc6Hwwt2JoLKwsG5/LlkAMBldvSTvPQOdDbYI7+nZ4PZS90hHy6UFZbUBIANZTfooC9X2H5L8gjgn5ZjNyVe4CcJR8Y03XSkW3yiC7pMKn4Pn2dh0TtLhMpgSuj/rPKmmErNIWrC5A7RLCwDw0P60kQR8ngpeElDne0Y+w2+UgeeUskqCdT8imY+87aJ6HrTOA6wSKjRCGkcVCPNoCZ7vFviKMCT0yhtfUjYG+6lpsKI9Pbm0SEwOrDaI1qihC8tv9kDl/nCkmgQLmzsXAdE33YLZutz7nHDgvytJalzV1saSxxqp1WzVE4PlxBMgol9wVYv0UyWkPul6gyqVt8fv3EW6uoupDKjakFKDRNXrhEKGbJLVpFNK9S5TsW0qJ78Fo4j6jNj2QmwqhXjyLRcT5UVSa9uCLERNs84WrWtxlJZsuNkmged+j6Tf9ea0y1HhpKg1D2GV7ECAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAeBgNVHREEFzAVgRN0ZXN0QGt2YWxpdGV0c2l0LmRrMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAgcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQEwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFLIS2XtHEbhCDr9jENV2OdwpCBHvMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAB4wdMt68NiF7ksnq0fnszSEF0Ss6qC6t4/5tbytfhEu2OIVp0jTmdDUKtjiSAji03eV43Si8p/F5zOXZ5guk5CMXmOuFFqdQnJcGXijUknvXtcm/ol3HF7Wd7nUdvjGmh017utIrKEeGbhKtiT2rH5TIALoVTQfyaVvZieWpkVZkEVhKASY92zzbdH19JL0yiTBwIxD33VH9cHYGn6fB1i84G1HVb2ggcvz7o3fKllgEy40iF/KDyIhuOlrhE0P6Q8uToiBYY3/mNXHX4nF4jbBN/GUc5VtR1EnmeKr1XtzujbIJTpWmrWpzkOkxwIkOIVjxER1LziB4JyEH8/CkFuF4XHYOHEkOhy7mdpWNEfUY1yHf0zK01QQRsN0KrZXunYyeBU0ouNPvNacL257FR1fhlm2a2BYLveKZbtZaiostL4jdNHRHGHMIQWRsfXAybf3oN+X7E+jDlA4k/BYQEPVlT2PgiQbTo4wtrIyeI14/Mah9SElmJCzs1UPbTgFlQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:de9ad9d5-ad35-4d46-8585-8b05469bc686</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:a8299058-f331-4d69-87d0-9c5385207326">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<!-- Bootstraptoken -->
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_b2748ff2-631b-43f2-93ce-f77052beb1bf" IssueInstant="2022-04-25T13:07:29Z" Version="2.0">
<!-- Udstederen af bootstraptokenet -->
<saml:Issuer>https://oioh3bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_b2748ff2-631b-43f2-93ce-f77052beb1bf">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8ZD4sPqgIZ35Stk4UBu+EQ58o+k+gbDJSqAc5j3Whow=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>dYxTHjUpuPPusGOrNCeS4Tdk1Sam5/QWCvYve8bhdNZbu+/EEd1RI3FnGnn5cO9ZHBaRehXoFRRt0Tpc5/Hpj+S94nVX7HpLNg9UZBnu95UDtd5EXVeJ7/67jVI4pHlQ6jWCWJizUQbU/W/oLNLKA/rDLlDRk4UKRfTcNgqGCpG0b208ZFOLJe4kktsH8E420G+3ysgocK6BjaLHV8yQw10FMc+YXWJD6ysDN4Nupd4vQkFrk3K7aLZJT+PyEZUYrX/dgCebeDtR9KpRrlH9ScIo32UpVWom0uSX6Bt59pDEnP4Lyzuu8UDYDQZonkn3WL4h4gIEupdVT2DzC0cKzl1w0hVumEc0q9zyZ+mHqDtG2OdseqbY9shGRPH/MzYUZjirDtpDlkZmmIV0lbGVx+A6ydqOxY8ql0kQzDg2+r50UjRvDM7PRc4/LqUGLCpR5UPrhmBUgoAAaBbhoaucbibeYiFq+lFr/QEtLrP0OitZEEoie2XX0AF59q3cWxUy</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<!-- Certifikat som har signeret bootstraptokenet (udstederen) -->
<ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<!-- NameID indeholder en i organisationen unik ID for erhvervspersonen - kunne også sættes til erhvervspersonens global unikke ID, som tildelt i den fællesoffentlige erhvervsadministration -->
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">KorsbaekKommune\MSK</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<!-- Holder-of-key certifikatet - dvs. certifikat for det system/SOSI-STS-klient som kan veksle bootstraptokenet til et SOSI-idkort -->
<ds:X509Certificate>MIIGzzCCBQOgAwIBAgIUVzhJs6+g8hDl/qjLoEg6wfhHE18wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAyMTAxMDEzNDZaFw0yNTAyMDkxMDEzNDVaMIHFMRgwFgYDVQQDDA9UaG9ybXVuZCBOaXNzZW4xETAPBgNVBCoMCFRob3JtdW5kMQ8wDQYDVQQEDAZOaXNzZW4xNzA1BgNVBAUTLlVJOkRLLUU6RzozYzU2MzE4Ni03YTgzLTRiYjUtYWIxMS05MThhMWQzMDI2YTIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk5OTAwNDk5MRcwFQYDVQRhDA5OVFJESy05OTkwMDQ5OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDXI9rlAtYBr9L6g30LJuzIlI9PY5zYhuJdOE2bl266nkPK5650gVrjXc6Hwwt2JoLKwsG5/LlkAMBldvSTvPQOdDbYI7+nZ4PZS90hHy6UFZbUBIANZTfooC9X2H5L8gjgn5ZjNyVe4CcJR8Y03XSkW3yiC7pMKn4Pn2dh0TtLhMpgSuj/rPKmmErNIWrC5A7RLCwDw0P60kQR8ngpeElDne0Y+w2+UgeeUskqCdT8imY+87aJ6HrTOA6wSKjRCGkcVCPNoCZ7vFviKMCT0yhtfUjYG+6lpsKI9Pbm0SEwOrDaI1qihC8tv9kDl/nCkmgQLmzsXAdE33YLZutz7nHDgvytJalzV1saSxxqp1WzVE4PlxBMgol9wVYv0UyWkPul6gyqVt8fv3EW6uoupDKjakFKDRNXrhEKGbJLVpFNK9S5TsW0qJ78Fo4j6jNj2QmwqhXjyLRcT5UVSa9uCLERNs84WrWtxlJZsuNkmged+j6Tf9ea0y1HhpKg1D2GV7ECAwEAAaOCAaYwggGiMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAeBgNVHREEFzAVgRN0ZXN0QGt2YWxpdGV0c2l0LmRrMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAgcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQEwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFLIS2XtHEbhCDr9jENV2OdwpCBHvMA4GA1UdDwEB/wQEAwIF4DBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAB4wdMt68NiF7ksnq0fnszSEF0Ss6qC6t4/5tbytfhEu2OIVp0jTmdDUKtjiSAji03eV43Si8p/F5zOXZ5guk5CMXmOuFFqdQnJcGXijUknvXtcm/ol3HF7Wd7nUdvjGmh017utIrKEeGbhKtiT2rH5TIALoVTQfyaVvZieWpkVZkEVhKASY92zzbdH19JL0yiTBwIxD33VH9cHYGn6fB1i84G1HVb2ggcvz7o3fKllgEy40iF/KDyIhuOlrhE0P6Q8uToiBYY3/mNXHX4nF4jbBN/GUc5VtR1EnmeKr1XtzujbIJTpWmrWpzkOkxwIkOIVjxER1LziB4JyEH8/CkFuF4XHYOHEkOhy7mdpWNEfUY1yHf0zK01QQRsN0KrZXunYyeBU0ouNPvNacL257FR1fhlm2a2BYLveKZbtZaiostL4jdNHRHGHMIQWRsfXAybf3oN+X7E+jDlA4k/BYQEPVlT2PgiQbTo4wtrIyeI14/Mah9SElmJCzs1UPbTgFlQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2022-04-25T15:07:29Z">
<saml:AudienceRestriction>
<!-- Aftageren som må omveksle dette bootstraptoken (her SOSI-STS'en) -->
<saml:Audience>https://sts.sosi.dk/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<!-- Angivelse af profil og version (konstanten 'OIO-SAML-3.0') -->
<saml:Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue>
</saml:Attribute>
<!-- Mere specifik angivelse af profil og version (kun for OIOH3BST) -->
<saml:Attribute Name="https://healthcare.data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">OIO-SAML-H-3.0</saml:AttributeValue>
</saml:Attribute>
<!-- Sikringsniveau udtrykt efter NSIS -->
<saml:Attribute Name="https://data.gov.dk/concept/core/nsis/loa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">High</saml:AttributeValue>
</saml:Attribute>
<!-- Ervhvervspersonens global unikke ID, som tildelt i den fællesoffentlige erhvervsadministration -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">urn:uuid:433bf619-e571-4184-87cc-f8ea00d6ad19</saml:AttributeValue>
</saml:Attribute>
<!-- Organisationens CVR nummer (her Korsbæk Kommunes) -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/cvr" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue>
</saml:Attribute>
<!-- Organisationens navn (her Korsbæk Kommune) -->
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/orgName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<!-- Attribut som er påkrævet i SOSI idkortet og angives angives her som claim -->
<auth:ClaimType Uri="medcom:ITSystemName">
<auth:Value>Korsbæk Kommunes IT systemer</auth:Value>
</auth:ClaimType>
<!-- Frivillige attributter som kan anvendes fx til valg af sundhedsfaglig autorisation (eller 'national rolle') -->
<auth:ClaimType Uri="medcom:UserAuthorizationCode">
<!-- Autorisationskode -->
<auth:Value>007NX</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="medcom:UserRole">
<!-- National rolle -->
<auth:Value>urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="sosi:SubjectNameID">
<auth:Value>Mads_Skjern</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
Succesfuldt response:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-04-25T13:07:30Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3kNpWaBaibVYCwc4SGPJwVAVrT8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>o6uj52yeWQB5D0HQQFxqv+T8RHM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>1z169hod/5XrM90vXA4jxO2fw0Y=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>EsmQlfzPgRhsoWZOMyJTHjCoiq4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>UpGxNQjzEvHYCZ7gPrpgoNYHw3ObIxJY0oTR7T0qf7I+0ZAYqSE3terJue26nHMJiQkmFAGemsdaIDsktf6oBikOzDC1Q9QAtqwlQ+uT13zq0Gz143he1GlixfORSJLiPMe5RSvRpYRFdyOIqgCviR5cvBm19N4zGJlLlxWt0LTsCg4Wv7zTNsuiUVxdvwAlJc8mWqvi8a97XOdEGw9GlfSNRBFMc7A41ZHjOfLfCN3kltVVhN/LSeRu2kXGVXOHcBfWeak7PkClpTc1YAusR+7Z35XR0bCCkiEf5gd+wFOeGfw+CoRUrEFnutJ/1PlmadUCr6x+MXjb+vxZOn2+jA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:d7ed6507-ffa5-4c4e-b0b0-d8a8bb813a86</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:de9ad9d5-ad35-4d46-8585-8b05469bc686</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:a8299058-f331-4d69-87d0-9c5385207326">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<!-- SOSI idkortet -->
<saml:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2022-04-25T13:02:30Z" Version="2.0" id="IDCard">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">Mads_Skjern</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2022-04-25T13:02:30Z" NotOnOrAfter="2022-04-26T13:02:30Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>F6beeSEVLsnAyrNsPsURhQ==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>0202024300</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>NSTSSenAtre</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Jensen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>007NX</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Korsbæk Kommunes IT systemer</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>euQ6vweNw8xZnluK10sTv06gses=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>O4Jx3vk1WX7GQdA+kN6+SanG2DhB7USm1HyL08OLwJ7QE7kqu0IVt42FpDu4vK4lxNbQGz2GsbmyNKu3dm5CabRU12Z9Ny2gmrBY3CwgYpGczPWl/RQa9tWK8Jb0iBp5wXwC7GvCeA72jJQz+kpt429vppCEkl70OKukUjllei/kcZUieNWqduHlBdyMnsafMY1K+2/Qhd/yU/GUF4DpqwQqoXd+s/GTqf+nlCVWvOLPto1j+HAMI/zQ7wtAYa9p4oJA6U8yW46PRA9WcNJJHCzuZIARpLZLpjHNg0UeYuEQeDnsYA8b3VqoprcbbByXrJ21mYQ74YdcwUaTfSOv2A==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2022-04-25T13:02:30Z</wsu:Created>
<wsu:Expires>2022-04-26T13:02:30Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
Her vises et OIO3 request uden forklarende kommentarer, da kommentarerne i OIOH3-eksemplet også gælder her. Det er NemLog-in STS som (når den er klar) kommer til at udstede bootstrap tokens af typen OIO3.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T11:59:45Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xL3Zq/w4SnARv1+9WJKORaXkol4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>XZr9YfkelJBdDBlrjmE8vD9TYgw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>sErKM6Sc6OEZq8xftCjVFLc49lc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>JuGLzQ1IfOcxxKwgt8bufiW0rLMwpry5JbAdRYfvaFajtxehccOwlZ9+C8kyKSMqzETAj4t9blA731peoTGgC1yfg4yECp/oa3WYJg7PTRJZgcKj5iRgoOn0i0AfzaJG81zPP1G5yCw0YzBNS2wAByk6Mi5Qk3DAIs3XxCTeZ0tLi5UdfREcOvuYvbHuZwv77mL89IlYosVTzsR2MQvXerZQdvymu6xHOzaHeTrnHple33X7hIpoGKKkqrInU3F+4cWQ9+8seIsBWlMcnyP1a7q7ZWeA2aspuRLH961YMO2ErPWOrt8nFJ7Bj7+2W2gPQXS1tgbOalyrxHSiBuD2ZWUKe+hohD1oR2ryJin81sRHDr8Gp4gCIMEbJwkQMfzWmjg8R2XkEAaWVqIZZD8gk/p5hiBjsZCcGLa2aORAYFMBEss8v4qIfevcvKEQT5XZ3luFhbcPFA6eetkOmqDQmdi2eO+rlZJrpAcgAU/EeiV0RRWLWIhYbgDAHhE5aBTJ</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:f6af72b5-652e-40d5-a8ff-ed0116c3d114</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:e420f22e-9233-4b51-973a-9008528169a7">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_59c5a991-78de-4cf4-bd6e-18dafe651c38" IssueInstant="2022-12-29T11:59:45Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://oio3bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_59c5a991-78de-4cf4-bd6e-18dafe651c38">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>YybMZF4egRrjzA5rv2exzR5UI6/nRJbFcYPRpIuuSJw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>s3fIhmAu56NXkUZ5d2Wit8Us4zJ2q9Rx7USBTszXT7cYp4tZ3p7pCHTz4/OuOXaZ7qO7eXd7UQST8wNWbsd6UUD0glsB5AI+yZN07l5cCGbjVBy9yJa0leE4EkCM+cER10DTUKswZHy2zTxgjEdNSPRlnBtq4ArrfpoFz5jRTpekBhZhaVEV2oO3QC+7JhDjzidaOHQqkAYC6LJf54fG5NaqoxW0UKCcW/JSBddGqK+ctvhUOBHAbS1Uq8vyY1xRhB9XU+REQa6jeYyJU3MogOGDhsyIbYGzutawhAoT4EYp2J4AYPitWZ2JJ1bR+oVHnDTsCYg5djSQUMUoMO+eLrFsFI8C/D70k5g747nIC3c+tsjNLgHPI9hYRfQ8a7fC5R2r/2bkQPCJZ9rGJZrl2bQqGbfeBtMX8NKCqF6UXUFiZXZa2IzCA1TdjaejqzNoMGirGwOHfovwsExBf5zkD/OQOj+O/GmSpTEjSH/QauAolQ/ne5jdpWaezg3VE5ST</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">KorsbaekKommune\MSK</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2022-12-29T13:59:45Z">
<saml:AudienceRestriction>
<saml:Audience>https://sts.sosi.dk/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">2634ccc3-225a-44ee-94bc-565904f46ead</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/cvr" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/orgName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/cprNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">2501879875</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<auth:ClaimType Uri="medcom:ITSystemName">
<auth:Value>Korsbæk Kommunes IT systemer</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="medcom:UserAuthorizationCode">
<auth:Value>008NX</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="sosi:SubjectNameID">
<auth:Value>Mads_Skjern</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
Succesfuldt response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T11:59:45Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>YQBhieWz6ef3lQskTQGP9ptGB0c=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>XZr9YfkelJBdDBlrjmE8vD9TYgw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>vU63bukwsLeIWlq0IUzLmo80wEY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>vyq5ovfxPeAfSBJN16o9PVbAp3o=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>EM1CEGVmO5/ErUtyGS/gcYQixVUeDidJHx1ExnTbfK5Ib2c4MAl9lkLpQIFuVvNHLlHk2h6P1XpiuhZ+tgcfCM5nA7aQAlrt7lgt3GGTsnOUI8xgyZcYVGcZDdvNOieX+kW2kBurruVYZ+My1cmiWzneZwt3cqNXMU9Zn+T93JZ+WumjS2w0srt83bs8xicQ5ehLNDCRNrgoOc5qIckXx5uLSaKYX6LmT6ibhWsInSEjYIUK/Ae+CwAmkBPPkO4U//83VRjSjIQy4/l/4ucQa79ruKoAh84lrKyynpWDYyUIYP70fIXAQRnsAiN5RLe2+QqfwMLAj94PXM37z7KRDQ==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:cd73009a-507f-4b26-955d-7b5a8575b784</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:f6af72b5-652e-40d5-a8ff-ed0116c3d114</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:e420f22e-9233-4b51-973a-9008528169a7">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion IssueInstant="2022-12-29T11:54:45Z" Version="2.0" id="IDCard" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">Mads_Skjern</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2022-12-29T11:54:45Z" NotOnOrAfter="2022-12-30T11:54:45Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>NP16iFJQmjBi1Wzdqg5HOQ==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>2501879875</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Thorgot</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Friis</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>008NX</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Korsbæk Kommunes IT systemer</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>2YDORON64rrH3ZzsbWP6zXpLybg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>B4YLlyZwrULzQx7aQSiUBtO1/d9juA/NlCdk+GkAkTmU95Xh7UPsz07PpHlUS4VRbjZdvjzsj4CCF+bkbjTNzbicv7MLNkll/ooS3HuToTm0HZ0aRugUKPYMwW76huPqLq9odftNba+UYxdg9dC9ItU0TKGADUQIRCv/j+NxDwhI4AFTzKMByC1P9vsNRX8DafsKAtv/A6LOkwqDQdUho+SbGhBXxQ8k3SwtGVQ7N8PdQBK75e/Mm0IGFPTCVnSU7roLudm7mMNpl+5mQ00uJhN63OOqhP1D2S8RqdnTRkqTYQDhjYwtwgomlBiITOGBhqseD77zjbzm+FNZKt8qoA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2022-12-29T11:54:45Z</wsu:Created>
<wsu:Expires>2022-12-30T11:54:45Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
Her vises et OIOH2 request uden forklarende kommentarer, da kommentarerne i OIOH3-eksemplet også gælder her. Bootstrap tokens af typen OIOH2 indeholder et NIST assurancelevel og anvendes af token udstedere som endnu ikke er kommet over på NSIS standarden, som fx SEB IdP.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T12:07:43Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>8NA4xC8PxXNuy2aTPEIGrpvpjPs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>QocdLJWB/HX3wPD2kmYESEUlMR0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Vh7mIeKr19P3YH0x4PUNBHoOWvo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NCmQmpXaujpcNsai3f6lIWdK/owgGg6PJa6lNZUWxjbSOB0EoiXfqSNpzRe/kEvQPYRDxtdmq6prf78Yw8kcfolr4OVNm9uzszLFVr2MJuIRrSBWkCAX+klqURj5BWNIdRi4VTviFP0I8uMh/ecAaqb0AXwh31bzxeoagsJyTHLM0Rsizwa0Qp+ETsz9qJT8DNyhg+4DLgLr6qZBv2Uxw60itXxj1dFuJ6EwaJ2X01p7NbXgmAv/OM0lP9vg2XFMOwt1j7iE8CTE2lywBXxmVdLEd/v3lIHrO6uFxCWbYvasggkeCJyaVDedCaZ2VybwvHHptN2g768leO+2Oqki4t+Ou76no+6iGLpsxOXA6mXPYufRPF0M5RnviVeQa7KlZ0Vur80DS1y3z55yGoTVQRDNLxQfv0bD8nRj7kDfQjHrFJ/3L6CvdUc9e2klwc069isjqt4ze8eLBwCzqj9ZQqkI1UPBXcrlt5ogfWT0ppoK/G8pfbxx7+j5+4P0zUQp</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:92683d66-9627-4d65-b1de-fb5a740946a7</wsa:MessageID>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:0c735390-d00c-4dc7-ba38-4536bb72ed59">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_af57c648-13ca-474b-9977-a61f3b82021c" IssueInstant="2022-12-29T12:07:43Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://oioh2bst-issuer.dk</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_af57c648-13ca-474b-9977-a61f3b82021c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>a6U7fEn0zWmYTTysCVmkz80I+LL9mxWf8aIF2VhgEb0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Btx1nz3FM0hblXQEiOoamAo4yUR/tk+cvrzVwyEef960SM0+vD+eFL+GPWfy074Iy0e2lcK8XoIaMQEuStIKtFW0Rj0JIak0J9OeHXVCItZPDn7YlTPV5CYklnmpVL2cp+9NcKzyqKae2hoEX1SuqWgGACbmpcGByqUWCs8G884WEeRyZANxfynnQB7fbjp7UAAmicumErsXAivc4KRzSGN14ioiUFGkZLkx72tmC3zuazSwDVRdNJf1aigYc8r/KuKGMdc+TeaebEcVX45LcvLyWwo4jDank3BB+5c7RLKv0FAa+nYacktQyVGPIORpm1mWZaPxmmAd7Iou470QvKbciBf0V1wwrvJgGFBKbXmnrg59OQcQGu4WA1gMYSg+bUuusnpi8JdhJx+Bs51N+EF7m3m6PuFZd0RdKQjmXH7eUxzOgc9WTxUsPHObqVcefPVOId7t8c4oQxk7Zm4CmgKwAPN2Obu6bejJOKTjF83ENtEHQcFgMqxJ1shqtVZu</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGiDCCBLygAwIBAgIUGesSd7YL6KygrTfmyrVc1/w+wJYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMTM4NTZaFw0yNDA0MjcxMTM4NTVaMIGeMRUwEwYDVQQDDAxWT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzpjNzBiMDIwNy0xNjJlLTRkM2QtYTdmMS1hMTlhOGUwN2Q5OWIxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMMqgvofQWw4oSUQgGydEZ/hljSZJGdbcaCJHhOawOeVF7I+ISedVayJfGptLk1iW5d92OWbINZzMW6sK6J+kcZeW+xzdwkSV42AJu7kfYw0tgkPwX+5pZbAAEYxgNbUfSEBeBTGWMn5RDIsKkryElrJ5pgmKVxvRURnG3MAieYxges8sYZyKIT3IFsAvn+cymIQ9ObvcpjOib7FMyjoxanwoDm5oRC+AxaC4nRls5gbljrDtu5CuqkOTWajnyFyvMGbDJYagT6IwLRAGFRuGGFdzK9JOZi8X5Zk8e98Fg2O2/DzvIv15bmocpCsSu8gp2fjryYBjdK2eEO2E7uyohd2xBMFwaTop18PVQz1wXA9i3o3VGbcga2+/aIjjgBNnstDzujthgDHu+ib/WlwVAkYU5jVrQQJF3GsVxEQ0oWcNYMQvkF+K7U4YJiiWzXHr2wzC/36xQmZR6i3U626f86J0jHZGm6K4Xo6+5jXBblIhy/XYFhDXqHUooJSxmRxUCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBTMXLy9NQtbqHed6JtCTmjx4/aUZTAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQA9MCrGkd1WfucACqjxSCnpoBqYRHTXrKYjSIarHnjaUMEXMZOixgIi6rk9jdiAX2L+6aY/lee++LejbfR2Immry+w50EpgIGI7jsJ/7ggSN5ySpu6lZpZcZ4KfB2Lx1CYH8AVWgQXDtOrvIGKQxSWY0qwey4M5weBhUGPDrEpu/7k3mMqIIZF1x5CtlrWJZ+bVm9Ohh+f8Yf7scWb14iciA0H85PRAXOvWoN13od2a35mqZqBMaW+4ExvmXailbEmuS1Smr1mcKNVP4ABeW/Oh621VEwChB/OnRpsp5+TjDxenoFQ9vPJm/M/zAke1G3U7Yje0qyi7ke8JxTtMqH0hP8O43WGlloL1NfvXXzigZTGrmVxcPB7HSHPzTINXfF/sqXmBfaHuUuIJqScwDNqwKoJQQLKeE8hhLFYmRdZ+HvgeIzv6aAbfp0h5vpwwpfNjhENuYGSjkI8nzoFmcmQgjXFt1o2xqlVSCU4rZLtqpMKDCnWFPFvblhmkHx7vcVE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">KorsbaekKommune\MSK</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGyjCCBP6gAwIBAgIUHrupYZr13YiuaidVa/fv5wGHNTMwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjAxMjcxMTUzMzBaFw0yNTAxMjYxMTUzMjlaMIHBMRYwFAYDVQQDDA1UaG9yZ290IEZyaWlzMRAwDgYDVQQqDAdUaG9yZ290MQ4wDAYDVQQEDAVGcmlpczE3MDUGA1UEBRMuVUk6REstRTpDOmVkYzA0ZDY5LWYyZDQtNGU2My1iOWVkLTU5M2YwNmMxZmY1ZDEmMCQGA1UECgwdVGVzdG9yZ2FuaXNhdGlvbiBuci4gOTAxNzc1ODAxFzAVBgNVBGEMDk5UUkRLLTkwMTc3NTgwMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANQyP5jOiFRMjQNviZhHYeIMBxE3gjTA3/GroUmtHYNAvrCskj5CGcMjXZ/h2oP7LE6Y93dGx5tVxSDvErnT67u5tsfwNYLHGVALznwocpBn+xQ/+Rky+/kCju4XiaZDoQVJs0JKXgCKDO+hcwMTYnyqg9Yb/yqfwf9o2AC25LhcaHgu+tWuK/VXM0kpKqrs9jNPgW9W3gr9+mD4NCCMpDeMS5d7kMMSh8t8FPLvtXyaKN04uBPcryFiMwyvXEZzP1O4MbQelmGzy9MxPiJSUSTEcV4lWlVI5naKIi05xhnTu0XX0iysKJiNxR/lujRAAZkBMG3+xfeae+hW2lttHwzDBAehIs1vD6ZLt1Agn+MVdDF7bOeU3hlEQveAY1r3VJVoxoDAsuay9ydPCRxbxdPefTSxUr5XzrWvzSN2VsJvEXQ36WRKsLDSU3MMgrB0LOVEmNsHNH/Tup6GkTOFHsqb3D8h4y1MjaK8tZp82t/QthuK750YAY7HaXMxaXE1rQIDAQABo4IBpTCCAaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMB0GA1UdEQQWMBSBEm5qb0BrdmFsaXRldHNpdC5kazAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQIHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQEBMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBQsRFepNQjYb4C31LaSPMkBhSUKNjAOBgNVHQ8BAf8EBAMCBeAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQCVw4pgvgp8cdxk2m3WQd8fvtZc/1v25LsQ09uz6gATRNetwnGGfPI9g6tSz0Wk96jrBcL/A5rsc6IMy5e9O1D3hPoA/KWkZHbcaAHO1afb+CtSBN4vSkIwISkRDEWYEhxWKr5N7xQ8QCML07JcTzsD38FxawAB/LBHQxaa4d2aKT7D6k2mIXU8xVG7T+fyYaVCBuVfaH7ITwQIr9tVtyV4R2/iT7nkMMCLceiMJjwQ4VPaoxwvsk5sPIJL6/4d29Cxa/oVXtaG4OnyB41iFhhWfmdVGvF1NEF5vk5x7BGUOAQerOU5t/hrBIPM9p1xVnFB+YB+xzns6TYuTi0Dxl2LgvkZta/FlyO0ExgmnqpM8dvNO+MGmQez/2fauMEMD1Id5XpgEX8Blp+mR5WaYa9DVb/AY78iGRPhbDw6vofA/AgjOmQD1oCveCiSUB8xv+EK3wpqSUSUPHmIk8kHqTkgKDQkelgig0y/hzzQdrlx5iOgTekFSi5K7tKyfnIRm6E=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2022-12-29T14:07:43Z">
<saml:AudienceRestriction>
<saml:Audience>https://sts.sosi.dk/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="https://data.gov.dk/model/core/eid/professional/uuid/persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">2634ccc3-225a-44ee-94bc-565904f46ead</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CvrNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">2501879875</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<auth:ClaimType Uri="medcom:ITSystemName">
<auth:Value>Korsbæk Kommunes IT systemer</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="medcom:UserAuthorizationCode">
<auth:Value>008NX</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="sosi:SubjectNameID">
<auth:Value>Mads_Skjern</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
Succesfuldt response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2022-12-29T12:07:44Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>GuxBcihCyWbuWJ7GFFirFlQ5/xo=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>eXGYZk7IaymM2G5i3yvNZqcw8VA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>tiLlO42eXYdbLIzEfT+EeOdPgLc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>MT/GK4f3xk0LVVKLmcJNqVFykY8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>BCDYLZ2LOnfzdYTM1gyd1D7HEg16uIKYiI6qVDD4ypC5FjOj77QWuexeoIbAc25v9aOhkyqMSx/5SdR6tNR1Gofr79Tqmmxdj6Zf0cZfETS1J/MZ2RnCeV29RkOZ4DjpBvzrfeSIn7tydkFJF590oWdSCK56xvgvjxYRWbdeVSrvlZxAfV/tv3rV92LrvFvaPXD4GTt/abFJDh/gMTPW3Yfx7piW3Fp0C5ESTXriq1H5UeOcEKaZwgIj9koYuk4l8EmSf4dxcMzs9iwRWI2x4aBLJVntfZL+KMnhEnBPjorpkStuUTBP0Rpic/GplKBzRNeL9dE5P+B2OHMRbgKqJg==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:01707bdd-0b81-427a-bf7f-71a6d6f03b91</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:92683d66-9627-4d65-b1de-fb5a740946a7</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:0c735390-d00c-4dc7-ba38-4536bb72ed59">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion IssueInstant="2022-12-29T12:02:44Z" Version="2.0" id="IDCard" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>TEST1-NSP-STS</saml:Issuer>
<saml:Subject>
<saml:NameID Format="medcom:other">Mads_Skjern</saml:NameID>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:2.0:cm:holder-of-key</saml:ConfirmationMethod>
<saml:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyName>OCESSignature</ds:KeyName>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2022-12-29T12:02:44Z" NotOnOrAfter="2022-12-30T12:02:44Z"/>
<saml:AttributeStatement id="IDCardData">
<saml:Attribute Name="sosi:IDCardID">
<saml:AttributeValue>3iX+gE9UEOTN1Dyw04osPA==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardVersion">
<saml:AttributeValue>1.0.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:IDCardType">
<saml:AttributeValue>user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sosi:AuthenticationLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="UserLog">
<saml:Attribute Name="medcom:UserCivilRegistrationNumber">
<saml:AttributeValue>2501879875</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserGivenName">
<saml:AttributeValue>Thorgot</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserSurName">
<saml:AttributeValue>Friis</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserRole">
<saml:AttributeValue>7170</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:UserAuthorizationCode">
<saml:AttributeValue>008NX</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AttributeStatement id="SystemLog">
<saml:Attribute Name="medcom:ITSystemName">
<saml:AttributeValue>Korsbæk Kommunes IT systemer</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderID" NameFormat="medcom:cvrnumber">
<saml:AttributeValue>20301823</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="medcom:CareProviderName">
<saml:AttributeValue>Korsbæk Kommune</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#IDCard">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>fiZYzDicD5nahwHjhrnhlvtaYHo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Ww7ZmyUG50ZsIXZgXD0ro0UsEjBgnqHSAkBP8GHktBskdfkusZ4MRE8A4TH7dYvtX/y2MoytJbHqvnj1FZEgClBhjM28jt/Dd0c0xKj7LRj63YdN8vn7dzgKraqCB1/ZzVMdoD1gZ4dbjOCxEw5p10iLRCrQwOXD5EFYmlCEFJoqPzSAAYwfYexWwF7LukBw7NVZvjbkKlbGJS+uk/3yop/AkNl6HENX49CGdumudLj4CWzlmAhGLsao+u1gaha2Gyeu2jIbGuI/OcnVgEbgUXrGhASvxoe1093Y5zvzbLdJOu2+kihdHFBTki3YyZrQF57rUUc17TS3ZbTorDd2KQ==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKzCCBROgAwIBAgIEX6JBADANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjA0MDYxNjI2MjBaFw0yNTA0MDYxNjI1NTJaMIGUMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFVMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoxODkxMTg2MTAxBgNVBAMMKlNPU0kgVGVzdCBGZWRlcmF0aW9uIChmdW5rdGlvbnNjZXJ0aWZpa2F0KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM3VAiyCBUDWg4K2vgVhmFTB1SDZWjT5Zd0NxAMPjzuKEsP8PpbWLdD8aNO7LuS3noC01AN4los3aqK//ZVJdTr9k3M1Aquo5G7+SwLBTsTVyiheh7uYKH+5v6gGjHHiPuYGrdnTc4YkrRbeqPtZAR1sX/iNMzLMQSuYfpphCJ0e9leV08KOswSktBhIYk7NAEng+8T4hkbREuPeaRn85/aL5eX/ohSIsfb0ByA3ta/+bymen8rY+6qb1A7V/2h2lmJ7uiWf9OJvUA37RdFrX4czI76+oqe9cGzplOuMHaujBbHG8Uc2yheL16xdexr0xAf7N8PkdVGALJAQm97q0CAwEAAaOCAs0wggLJMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL2YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGBAMwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi40LjMuMIGtBgNVHR8EgaUwgaIwPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDM0LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDM0LmNybDBioGCgXqRcMFoxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJjAkBgNVBAMMHVRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYWElWIENBMQ8wDQYDVQQDDAZDUkw0MDkwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFKnHK2ey5oU8RXACmOR0fcO57bsmMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALvu0VtupREO52FW2f8cAUZkxkwvbq2bQXOvNRN6XrtzvA+tt2Jgm4gP8dNZUBI7nOtEPQ+0+XkSMZ1wzu+8qxLHATTSUcicQNtUkaAbGTIfQkKiWRwPTtSK50qhEDm2fJW5m8NDOxOE/+58iuj8AI9Fb4RI1FV+xRsku3TakdvdwiNkSjAxiOv5JsXEZMJfVsM34fR0ZdOQgnFpyn3IfSjBrAHSgbxy47Zz9YhmONuQsa55NDEQ6mTmecXGrOSvfJZmQ/jRPhYmi04ufPEvOA5hjLHDy0CtsSKRhkDpXSafVjHjtmdfYKB4M++2Sp/nx1teRcoT78Nenl3qHgkz7OM=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2022-12-29T12:02:44Z</wsu:Created>
<wsu:Expires>2022-12-30T12:02:44Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |