Formålet med dette dokument er at give en detaljeret beskrivelse af de konkrete services, der udbydes af STS i forbindelse med anvendelsesområdet Borgeromvekslinger.
Dokumentet henvender sig primært til udviklere, der skal i gang med at anvende de konkrete borgervekslingssnitflader udbudt af STS.
Dokumentet bygger i høj grad på den overordnede STS - Guide til anvendere, som giver et overblik over STS og leverer i denne sammenhæng et mere dybdegående teknisk beskrivelse af de services i STS, der ligger i anvendelsesområdet borgeromvekslinger.
Som beskrevet i STS - Guide til anvendere, så findes der i STS følgende services indenfor anvendelsesområdet borger:
/sts/services/Bst2Idws | Omveksler OIO Saml bootstrap token til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring. Typen af bootstrap token kan enten være OIO3BST_CITIZEN, OIO2BST_CITIZEN eller OIO2BST_LEGACY. Bemærk, at bootstrap token skal være signeret af troværdig tredjepart (fx SEB IdP, NemLog-in IdP eller NemLog-in STS). |
/sts/services/JWT2Idws | Ombytter JSON Web token (JWT) til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring. Bemærk, at JWT tokenet skal være signeret af troværdig tredjepart (pt. en OpenID Connect provider) |
/sts/services/JWT2OIOSaml | Omveksler JSON Web token (JWT) til OIO Saml sikkerhedsbillet rettet mod et specifikt audience, f.eks. forløbsplaner.dk. Billetten er krypteret og er tænkt benyttet til sikker-browseropstart (SBO) Bemærk, at JWT tokenet skal være signeret af troværdig tredjepart (pt. en OpenID Connect provider) |
De to services Bst2Idws og JWT2Idws minder om hinanden i opbygning af requests, understøttede claims og valideringer. Disse beskrives derfor under et i afsnittet om claims og valideringer. JWT2OIOSaml beskrives for sig selv.
I forhold til berigelse af det udstedte IDWS token er der mulighed for at medsende følgende claims til:
Udover claims, skal der i forespørgslen angives et audience (som beskriver hvilken service det udstedte IDWS token skal bruges til). I NSP sammenhæng opereres der med følgende audiences:
I eksemplerne nedenfor vises der eksempler på vekslinger af bootstraptoken til Idws og JWT til Idws. I eksemplet med bootstraptoken er der ydermere vist eksempler på anvendelsen af claims til både CPR for den kaldende bruger samt fuldmagt.
Afhængig af miljø udstilles tjenesten på:
|
http: //<sts-host>:<port>/sts/services/JWT2Idws |
http: //<sts-host>:<port>/sts/services/JWT2OIOSaml |
I det følgende gives eksempler på følgende typer af requests:
Her vises eksempler på requests til servicen Bst2IDWS. Bemærk både claim 'dk:gov:saml:attribute:CprNumberIdentifier' i forhold til borgerens eget CPR nummer med claims i forhold til anden borgers CPR nummer.
Request
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2023-12-28T10:57:48Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>fCllw3Lagb/vujh2A3HIuRC8WFg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>IiN77aYXPnvGOCphzQ1GrEAscc0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>8J2ljhLBY8bo4rMRuVW2x1/c/sQ=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> eCvtUXg+AeOiC/WMSK3/ew6M5ux79l14dZnn3Qql/Ygoxk64Rhsv0EQtpeO6n0LozT5diuH2HUOzE8TH0roqbcUnayPrRiqT0ONTCTETsWrmAQyAurrxcnofye8kUlDGSHXt72QQvnj1+1QSiMOrqeegHRa3YQV/Rd++0NIvQwdeX6HN+JHw1Tj7Y2UniUk7a7f6azyGhrv2DGj7E3a+nlHtfQWIZyAkFPniTRCgfTInBMMGi/HEevzCMt4YR9/1SEpcPWBbCnIPxqeWDy8TVMCGu2yKC/OH+q3kYDGEyhjovKYiaVXVeu2J3fZcPw1qtALrv6bxWHkI8SKQPM9yi6pz3FQwfI0PmWouBoS4BXnN35CKotpHYmswPxS3uG3Cn+gPxnGYH1TutO5wVCWYEXUrnyclj4ORXkRiGKGZxqrCcssDj3BgBCw0fZuIEQXGEsPzRPvO+t+huTmOOy9rKFljZ8i1qSsxEla+zENxxTcYDGuqpND1p9bt0gHfKg2E</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:1cf8e82e-5741-4bb9-a831-f0f89c83578a</wsa:MessageID> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityToken Context="urn:uuid:cf8a55b7-9d5f-4fce-aced-7769c4ca2de2"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst14:ActAs> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_593cdbbb-e23d-4be5-8a6d-676187e4dd9c" IssueInstant="2023-12-28T10:57:48Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://oio3bst-issuer.dk</saml:Issuer> <ds:Signature Id="OCESSignature"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#_593cdbbb-e23d-4be5-8a6d-676187e4dd9c"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>gNWtK4XYXVkkTSzxwdyxuhUrvIMzD8IQwRwbzX2sgGI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> YT3dO6StVswfqgJL39yVgSq7Kn/dEmCyXKt0fWN5niKCa2WpPNVAyfVzcXIBEYGZ7UOLlCuXkk8bELXiJwJQ2NpbbdPRYE7g1O4w91mvYl0xs3cYxXFTKDbX7xxW7gxSF0GLGWATqHYmsmo47bi2pXqKUrEF7C3mQogEo6p0ssi4n44E5mFOO6aUJcTelJK+hoUhTmLXgZ754lhzrNZ34TomKMmFsoEpERdGXDiV2uNsUChpFLOSDWLDVdeXxAZ4QoR87CAkvoutCWICw1EdbbD+HOwq9PJjOI5UuSeMtTW+Q3/oiYVEGx1w5P6zjnX3FpPuu12kOaFIgUB6qqMhT6zNSsusEgaMQjGSeW7wOwTzKHnjDakoqjuPVsMghho2tsZi5nc6NWXAi787nU7oxLn85//dhWK22UU8y/Hlc/enufs1UG+EngTTLRXt3DBQ96gJntRygSf/bz3/9Bpcw1FMrDSS2qJS2WxtOBL8IgSCE8cgW5k8WLao8OMTiKqw</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotOnOrAfter="2023-12-28T12:57:48Z"> <saml:AudienceRestriction> <saml:Audience>http://audience/clear</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AttributeStatement> <saml:Attribute Name="https://data.gov.dk/model/core/specVersion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">OIO-SAML-3.0</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="https://data.gov.dk/concept/core/nsis/loa" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">Substantial</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="https://data.gov.dk/model/core/eid/cprNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wst14:ActAs> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>http://audience/clear</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims"> <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier"> <auth:Value>0501792275</auth:Value> </auth:ClaimType> </wst:Claims> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> |
Svar fra STS
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2023-01-17T10:01:42Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>Dd3Fopf+KztciG0Ov2fyIFYV3bI=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>QcufgSZuMyIqGDQRgzo2qhV9bPQ=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>nu4c0NaE3eq9OGITv84JBSas6KE=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#relatesTo"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>9UwERB5xBRhppAfnRukLWgcivl0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>jxKRTZ71YH+mfL4K5DyJy9Knvq12VmyklrREWzIUkiKPzbyvjyK2nXL152Sv3BY7/se+3aepmAhBGiQ7v+DHOjhCRDsGQZvs7J19tvSxLEYrdpVZdz93ZF0p5mKT9+Oqrx/nHSrcMkaBqf6/yWSoRivoJgRAJstJRfrjecNobYLowibqJJhLiGUYfucK3rde8FBTazzKwEjWdjrwCdJ3XeJanbRRY7L0z2NQahlt3HlSnT+3m0VJOBRL6dpKdOIlCi/pGcxkiXVZFXGQJhJpyaR8+QWj2Cs1rc/4/KrrGGdZX292s4UEnXsEaVcFKcvbb4Ggb4JZ1WATM9DeLABB2A==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIGRzCCBS+gAwIBAgIEX51MYTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMTA4MTYwNjQ4MjJaFw0yNDA4MTYwNjQ3MjNaMIGOMQswCQYDVQQGEwJESzEvMC0GA1UECgwmU3RhdGVucyBTZXJ1bSBJbnN0aXR1dCAvLyBDVlI6NDY4Mzc0MjgxTjAgBgNVBAUTGUNWUjo0NjgzNzQyOC1VSUQ6Mjc5MTAxMzUwKgYDVQQDDCNTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC0gVGVzdCBWT0NFUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo3h9gnQBKbiJriTMg/QLuuJFNONeRl9F8T9RE+HEOdBhhb64afks3ztVjXQ15r8KNu0YwBkOVFOe0wz7w0uT7OSFxf5Zejl1BO7VxIkcYEfq5GjryNcHb50sB7G2CisfKtdN5DRSShJyQXgZ3cflVazP+ZrYfi9gy79GBVYi3mTxN4yJtSOkKIMh8knGiBgHVqS3fkOO+K5dmV9qImFYQvCpSf8XgN96d5+mTvuZ2Yu+8GaFCSU93CxlnfODkqAWkATYnV0I6hd9l7qrGjIT0flDaVm2ruJwKEW+CkeaG9W9yDYBNLNw6WqioUckslMkVUwSUD6rQ8MLrvxfmQ+WsCAwEAAaOCAu8wggLrMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuMCAGA1UdEQQZMBeBFXRlc3RjZXJ0aWZpa2F0QHNzaS5kazCBrQYDVR0fBIGlMIGiMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYqBgoF6kXDBaMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEPMA0GA1UEAwwGQ1JMMTk1MB8GA1UdIwQYMBaAFM1saJc5chmkNatk6vQRo4GH+Gk7MB0GA1UdDgQWBBTXaIm8KGHSJc24Q3sCwFiMXb5M3jAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCA26TOPUHHxffo7ajqZkZhNfDZzBl8XlcgQPbhrAZINCKD/cKesZGnJwElGHtexRfyUh073kkww1wP2EmZf+9m5Kry73hHKyUkawtO1/R2ib04OKpIZd8M3F9YfyOusZVxuTcYYty20xEfJO8HygzXNIrFFA1qorrMjuxiXZRnUDhjzUFVDAu/Rgt8cIR3pTvU1KizLBRUC6Q+8itJizvwMHVB+tRdENbUw+ElkXbLpFt+pc+C5wDFkVudv5B/46jU/ceGNdcmkvUt6F/ey3Uc3Pc30JzpYc4KDHKc6wOttYCNtxWAnpvhOS5HUuV6GpWVww28x3Ykhv0rfYXlZo4W</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:886d0eb8-d70b-43fa-97ce-8d814342f306</wsa:MessageID> <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:ebc3c28e-1fb4-48f3-8d70-ba71b778e12c</wsa:RelatesTo> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityTokenResponseCollection> <wst:RequestSecurityTokenResponse Context="urn:uuid:bc96d4e7-3427-46f8-a349-1dc33429f4f1"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestedSecurityToken> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_3fb99f0a-4da0-4157-accd-789b1ac78e14" IssueInstant="2023-01-17T10:01:42Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>TESTSTS</saml:Issuer> <ds:Signature Id="OCESSignature"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_3fb99f0a-4da0-4157-accd-789b1ac78e14"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>kJE9hhP9+/xweTiQukBiZipAjhQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>UcLkNItCKooUYVERRLUkeJvkPKXa5XGyim8/QY3bz20LsgO2J2FNUwREsLLk79cB0V7DZsB3MDulLBXiApYglI/ZPsX0lnr40fKFHBS8AOUrKidMVKbWVzQLqzIduwrgcIZCx2iwkuvXxlocuPlRmlochjAOCpNF6X/ZCaMOZTI8cnVrRptzsesXhhz+Hkuj/snUmzOT6sqPXq9RcqYkKD+ucHBnn7u0altrvng7mKzshNjd73Djrn7Edsj/J2Z69P9NYSv+32Ai7Uxe3d9G9vkqjjRg6Zh7bKm4cT//tjF8Zbq+F8hbdF1vM/t0iqCLln3OaMsRVJ0jZhLvN99HJg==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIGRzCCBS+gAwIBAgIEX51MYTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMTA4MTYwNjQ4MjJaFw0yNDA4MTYwNjQ3MjNaMIGOMQswCQYDVQQGEwJESzEvMC0GA1UECgwmU3RhdGVucyBTZXJ1bSBJbnN0aXR1dCAvLyBDVlI6NDY4Mzc0MjgxTjAgBgNVBAUTGUNWUjo0NjgzNzQyOC1VSUQ6Mjc5MTAxMzUwKgYDVQQDDCNTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC0gVGVzdCBWT0NFUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKo3h9gnQBKbiJriTMg/QLuuJFNONeRl9F8T9RE+HEOdBhhb64afks3ztVjXQ15r8KNu0YwBkOVFOe0wz7w0uT7OSFxf5Zejl1BO7VxIkcYEfq5GjryNcHb50sB7G2CisfKtdN5DRSShJyQXgZ3cflVazP+ZrYfi9gy79GBVYi3mTxN4yJtSOkKIMh8knGiBgHVqS3fkOO+K5dmV9qImFYQvCpSf8XgN96d5+mTvuZ2Yu+8GaFCSU93CxlnfODkqAWkATYnV0I6hd9l7qrGjIT0flDaVm2ruJwKEW+CkeaG9W9yDYBNLNw6WqioUckslMkVUwSUD6rQ8MLrvxfmQ+WsCAwEAAaOCAu8wggLrMA4GA1UdDwEB/wQEAwIDuDCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL3YuYWlhLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAwUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4zLjUuMCAGA1UdEQQZMBeBFXRlc3RjZXJ0aWZpa2F0QHNzaS5kazCBrQYDVR0fBIGlMIGiMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYqBgoF6kXDBaMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEPMA0GA1UEAwwGQ1JMMTk1MB8GA1UdIwQYMBaAFM1saJc5chmkNatk6vQRo4GH+Gk7MB0GA1UdDgQWBBTXaIm8KGHSJc24Q3sCwFiMXb5M3jAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCA26TOPUHHxffo7ajqZkZhNfDZzBl8XlcgQPbhrAZINCKD/cKesZGnJwElGHtexRfyUh073kkww1wP2EmZf+9m5Kry73hHKyUkawtO1/R2ib04OKpIZd8M3F9YfyOusZVxuTcYYty20xEfJO8HygzXNIrFFA1qorrMjuxiXZRnUDhjzUFVDAu/Rgt8cIR3pTvU1KizLBRUC6Q+8itJizvwMHVB+tRdENbUw+ElkXbLpFt+pc+C5wDFkVudv5B/46jU/ceGNdcmkvUt6F/ey3Uc3Pc30JzpYc4KDHKc6wOttYCNtxWAnpvhOS5HUuV6GpWVww28x3Ykhv0rfYXlZo4W</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData NotOnOrAfter="2023-01-17T10:06:42Z" Recipient="http://audience/clear"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2023-01-17T09:56:42Z" NotOnOrAfter="2023-01-17T10:06:42Z"> <saml:AudienceRestriction> <saml:Audience>http://audience/clear</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AttributeStatement> <saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wst:RequestedSecurityToken> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>http://audience/clear</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2023-01-17T09:56:42Z</wsu:Created> <wsu:Expires>2023-01-17T10:06:42Z</wsu:Expires> </wst:Lifetime> </wst:RequestSecurityTokenResponse> </wst:RequestSecurityTokenResponseCollection> </soapenv:Body> </soapenv:Envelope> |
Request
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2024-02-23T09:20:36Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>K6NblQLm29GnlaOTpaoqPbtcLHg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>/OQpEg3nog5DimJhhsBbCmCYrnU=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>0EpRuLcuAoWm8+cuLdJGMBkBWVo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> YUhbJ+uMu87Tj7TP1PYSflr1fTVUrf5ao6C5t+wtt06y9hn4QDtAovzPG3QAS7Cx79chxFcwKHWfGB2eBsKmj3VRr69d9C9JN62kpOSXDhdqKPcZETMvGU0iw1n29oI1JoR8UW55glppoRU07sGkssut1mm42PWg0P3xjXbUYofD0VMznHDLXF2iGtBv1vjXHXuin5UXYy1zL/SXl8Hvl9WWN1Cxg46VEGhvFcRRvoHknzDrWYJMbvVyVqzbRRTYDOUSaY+ECsGK/Gxn8NcVjbuHXa9kcs87h5GKHc+8wnV5dorDVo+SikpIuOrMPNwzW85Y8e2O68vK8NLa2SyrP2NaYFi50KoXluUOePGla8IFX1PxdVBCQLg+twFAosV3Ta1Ma7Ssdj/dSINs/lU9tcBvsNvnNPIxZVVBUZvMZ3K39AwoUDChSFZuv7o1FWHCXdJkI+3NZepFG2QL8ah3k4tq58MSFAAE8IW48F0thxyzjVxVvCRysD6J0hdo6JgD</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:8f55fcc0-6939-4a08-a6f7-35dfe686573e</wsa:MessageID> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityToken Context="urn:uuid:edd62a55-4408-45ca-8dc5-b215d49c9797"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst14:ActAs> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_247b7481-a132-491b-aab9-187bdb90383c" IssueInstant="2024-02-23T09:20:36Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://oio2bst-issuer.dk</saml:Issuer> <ds:Signature Id="OCESSignature"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#_247b7481-a132-491b-aab9-187bdb90383c"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>KeyC0zlzgeHD5vDYBaivdYgfKi/2cnhpW31VXUoV65k=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Tr5Puq+s+4X1SHRTjK4od5/lQN2qhhz6TpSKxR4jbsZOtP/ngPdi2uR/i9XVjyWanBCgsd+FYsX9qeyHXw4fwlcOTTw6NWYxzTJhM+QNHhZcr9+nzgAy3uX3etqIiF6CTSQn52ZSFtVyKJzXzi3yNsaHR6HCJO4O2e8qSXyONsFlbsoVz/BBxze/uAKmwZG/5EsrWGJMQRjBd6Ik8vQ1WN/2yFPxGqAbsh7l0oEQqT8e/St/CuP4pLzvRMkRvQ9VuL9jaUAbtNDh2uFNWqy//l6t2EmRLB1yNdpFnThOkV66kx9F4yC9VPYcfkaB/dr+WbAGmMILuu+d14RvZPw5fe9eommtxRqT4ALH3JTKQDoXAkunXAEiAXtQEa+0IHip0Jwg6KzSZSNTxy+e1qh+aA57+QCZLzm7I5tkS1jUxT2AsaYP6iYnspRohTiiKM0AGfcXzW8dilriQX8W92fqEqCzpkZ0eNbnTCNvj9SP6+fq5BRraHKccb/VDRkVscmu</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotOnOrAfter="2024-02-23T11:20:35Z"> <saml:AudienceRestriction> <saml:Audience>http://audience/clear</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AttributeStatement> <saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wst14:ActAs> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>http://audience/clear</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims"> <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier"> <auth:Value>0501792275</auth:Value> </auth:ClaimType> </wst:Claims> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> |
Svar fra STS
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2024-02-23T09:20:36Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>MX56m7Zlnfh3wUIqhO2cUcVYPZo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>/OQpEg3nog5DimJhhsBbCmCYrnU=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>Svg8kNvCmu7pVJgK+XnUIZmuwmo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#relatesTo"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>6811BMZG6WN0RxCj46QkgkGQ04A=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> DTKTeVwgSBy5JVzReLpWwTR3VHTdZ8OMoT81O6rE8e0gAfzbxWiDXXjOe//d1DJ/lcuMjgx3d0Q34Hjx133Jm/neFoD04fgYk2PIO8bj/k0C/LUXz/53kvyzDU7wWRCVwFgBdJl4FwIxqrnAAEG+ILvPiIPZd1buVLiKgv9KJi4eN4xLtU+korApF5o95xAVbTKyFQJVATRHAMHRna416FffBxYTEffIY4x9UxWBrYxMvdbZ03hLrCkRqTYGCWb2oxOAtnB4vKwP1Q9jwMir8GgGy4JHdyF4cTxHLK5u1xVuN16BO3PFM4lv2hQGW45WZqSqGGXfeGfulvYH5St2nxGlPCA419V0n8GtoYhkDZjo12fVDxwU5897UbP/ewvJ/7B7P4kMmIidtNxo3f+JiGqUzE9KwFh4ofNevauKwciObIWp0EkAxmQttqTSScqv8ovZEw2dii1Xz6NXsAHavtk8fIDCLrLdKQhDDK8Go6e36VmzHpMdGX3WuSgI3UGg</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:47fa9dab-7fbc-417a-ad0d-dd2c82dccf70</wsa:MessageID> <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:8f55fcc0-6939-4a08-a6f7-35dfe686573e</wsa:RelatesTo> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityTokenResponseCollection> <wst:RequestSecurityTokenResponse Context="urn:uuid:edd62a55-4408-45ca-8dc5-b215d49c9797"> <wst:TokenType> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestedSecurityToken> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_f355a920-4da2-4d1c-8e17-f974accb1413" IssueInstant="2024-02-23T09:20:36Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>TESTSTS</saml:Issuer> <ds:Signature Id="OCESSignature"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#_f355a920-4da2-4d1c-8e17-f974accb1413"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>PX0vREuRydy5Mod7TU8FWeEUyqg=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> bv8FCelnJYIBmqHMhIrOTlaklZfv7YWlxfOhb2Mo5v1m/89pZJYDRWOLD8XphD6oEZZEKUIxNWimSceaL3vhv1cHplvulxDPgMUQv40c7exFbF7QRcZRY+NOrohTi0DFrzaFNEkNAXh5pHS1JB56kquHWsXfK26+7QyM9wDeLxPZO4P0baWP7VNO2m06Ah4Ru3B/hqNYxv4DcAKPibpgRQFYyT952INHMai21l8BAwHL1gmFxjVxrSLSj+Qo2FDCHLB2ldkPAZy3Ar/+fDHHxlDrqJIfUQXonsQZ01GGHGlcTIdbPbFZoPQVNn+aTWYgTFdJFIsQyUFIMM5dr2UUI6J7tx11t+kI6DMi4akhLFv+rD+N23NQlZSHZqpPnbe0OCt7DOebDwtxDZatd9oshrS4jw4MM70iiT6as9UZTv/31tzwhVf6tCd+zGaUdFSZ/+HDfqC1rAVWMdXf0tTaIQ8p20HuzrxZ+xyR/tjF4m6yx+4yS9k6fZXbc6uXduAs</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> dk:gov:saml:attribute:CprNumberIdentifier:0501792275</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData NotOnOrAfter="2024-02-23T09:25:36Z" Recipient="http://audience/clear"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2024-02-23T09:15:36Z" NotOnOrAfter="2024-02-23T09:25:36Z"> <saml:AudienceRestriction> <saml:Audience>http://audience/clear</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AttributeStatement> <saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wst:RequestedSecurityToken> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>http://audience/clear</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2024-02-23T09:15:36Z</wsu:Created> <wsu:Expires>2024-02-23T09:25:36Z</wsu:Expires> </wst:Lifetime> </wst:RequestSecurityTokenResponse> </wst:RequestSecurityTokenResponseCollection> </soapenv:Body> </soapenv:Envelope> |
Request
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2024-02-22T13:19:27Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>+PQJ+2kwDcJxXYE8iUenERzGeI4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>TThCBOCpnyZAloTBcWlyRTYupNM=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>N2ZemMQczU42xX24fGmGmyNxxog=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> CdwfolKMiOq1bj3fCctMQCNVAIQRaU+oQ9kDrJ9eDkT4kNPI52gXwlaYc3YFYEAAvTIccTn3cxEJOTRtz7O3I4Q9vv1loFEf9rkiDoHqVotgggxTcDzXM2F8BfSBMv3Cn4cvIbCBgal9Deiwkk0PPpMZ2TkRrevPcSPlxcaZzgCMTYoIupC/OazGccUUEGQ86PWAzUXXL+Ae7FNeKhB8MNCE7kPy9pHrOWGoASlKoKhcX1lZgsMhBC4NZRhRFJD7aT781V44ozKlXoLpmvgb5JtKiBC/+dQ7UUhtgRL4QX/esdt3xRT+m0SMtU2Qkym/uP1KEon6IyGKarHNOWGanhaNYKuKtaspP6qotYqDZdLETw6ZbQwqgCewmyhHxhsEcGLS/k+PEJQAqFj/kLb8dZL+YqRAT90XJNmRcBD2AmoXFuXmKb8OFgz4EpbVhvcEiCIiYS9gf53jFae1ggVZl4zaKukizZcejYWPXEw7ZwM3i95rgVHcnjScDji9PYdk</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:1bb8ec36-9f6e-4414-aa38-f24e461d1444</wsa:MessageID> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityToken Context="urn:uuid:bc4558fb-83dc-4a7d-ac91-b02f48cfa602"> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst14:ActAs> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_025f66d8-0d7b-4e0b-8f53-21f2d475719b" IssueInstant="2024-02-22T13:19:27Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://oio2bst-legacy-issuer.dk</saml:Issuer> <ds:Signature Id="OCESSignature"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#_025f66d8-0d7b-4e0b-8f53-21f2d475719b"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>jpSuVLJ294+i3yyNtxCXCkpyux1/Y/7b3tfmtvxW6TY=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> jKSKaKZYtBbJwFYrhLHqkX6ao5OeCUZLojxc3zLcsFK6aCV5kVYU53plxkIcG3M5SzES3hhwgjiOu9M95IlHe2dNJvQzCRECzWSiPHnJL+X008ouTMwNfZlWfgVX6FlBeIIl1sfs8lcvDL/1fo+5YBT8uF0mJFnuLQwtSlEIkze51dsJ233qGQnXeSZvhKWdq+SJDztKWeM71f57DZ1cekxFFoKmaJ5R5ru5UCalylHzEYgfBqQZGeQj/L/XG4oP/B7evBFnylx6NAPkiQ47AavV9Kt4BMC3VRBMr8h6oof585QB1MoykR0Rr6yVRfWOQNGKoK0oe9RXk41AMe6JdifxZiR8TuNJDPu9Cqfq9sguO6oP9smKa9jhPyYdrgUkBJMD1p68r//wVW6jFiDSW+ufe1m77cYMe2MKraDDF95Fe9wc8lLWig2HBFnMCQ4d2OT4gV3mEwseIm0EClHzZ6OpOF4BzhZ6gs2fmBmEUa+p6Cbm6wNphHIC/PuTo2qe</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Testorganisation nr. 94354969,CN=null,Serial=UI:DK-P:G:23550132-5e1f-4e43-a5f9-048acf49e0b8</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotOnOrAfter="2024-02-22T15:19:20Z"> <saml:AudienceRestriction> <saml:Audience>http://audience/clear</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2024-02-22T12:19:20Z" SessionIndex="_025f66d8-0d7b-4e0b-8f53-21f2d475719b"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <saml:AuthnStatement AuthnInstant="2024-02-22T12:19:20Z" SessionIndex="_025f66d8-0d7b-4e0b-8f53-21f2d475719b"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> </wst14:ActAs> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>http://audience/clear</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims"> <auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier"> <auth:Value>0501792275</auth:Value> </auth:ClaimType> <auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf"> <auth:Value> urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:1111111118</auth:Value> </auth:ClaimType> </wst:Claims> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> |
Svar fra STS
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security mustUnderstand="1" wsu:Id="security"> <wsu:Timestamp wsu:Id="ts"> <wsu:Created>2024-02-22T13:21:38Z</wsu:Created> </wsu:Timestamp> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#body"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>SwKjKMO/razhrzgzJF1iP19kWtk=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#ts"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>lfWkWps0ueOLKfaZ3WFPcizG5A4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#messageID"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>W6GOH/kKoBhMPCKDQH4VcD5o9xg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#relatesTo"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>RqZqQczJIzv0XwAX5KFxtHom2wE=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#action"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> ptVHrau5WCAkxuxMOc0Grtw1ihtZ+v5gLVS/UZhuSZExSacRE+9ae/hDlxZ9KEKolitbKedGSqo4hrV8KltdKt9f8g2HB6Y2mBBjNOoqEjjV4gQUfj1R/ubc0lRgUNtRobtEl6WRg4K0lfHo0HJsq5mG/jcGPV5O1rPxblfunaZex2EgHzsEH2YX2Eb1icSz/Sviust7AnteHg7cUmNBDXmFM6EYDxF1e/xnC9IQeR9fcj9+Rgki0FYfkikW1625med9wRCiHPEafqKZmcw4CPcC+Ryt/GV6tz1YwyjQGwT9V45VCknpD1X3uADdzyMpQIJnojigeZI0I+C3vkH+SjWpwenklBENIoJA9EhhgRWsfAWzWmc69+FNvLEyVfFp5SDl1MfOiTw+zoGKSEAguDysEmcnvcLpvbsMEMDMqj2FvSVY+7ZngIkNWhOxVDAvjO8Zx1rMNIaNImipSa7wdYKqujGRtv7AsSjGMqGvfYkbxKgyjdetUu0+8TSBYCiK</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action> <wsa:MessageID wsu:Id="messageID">urn:uuid:c467ee8f-de82-4ca7-9afa-fdb1e70f203a</wsa:MessageID> <wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:1bb8ec36-9f6e-4414-aa38-f24e461d1444</wsa:RelatesTo> </soapenv:Header> <soapenv:Body wsu:Id="body"> <wst:RequestSecurityTokenResponseCollection> <wst:RequestSecurityTokenResponse Context="urn:uuid:bc4558fb-83dc-4a7d-ac91-b02f48cfa602"> <wst:TokenType> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:RequestedSecurityToken> <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_4205addb-4282-49a4-8d9c-90bf5e93566d" IssueInstant="2024-02-22T13:21:38Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>TESTSTS</saml:Issuer> <ds:Signature Id="OCESSignature"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#_4205addb-4282-49a4-8d9c-90bf5e93566d"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>0Cz5s72TRBmk12a6pmVWJAgrnBI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> HHzFb7ye7g0kUyc0OsLt4BoEXk+nr35yrgVhZi0YzW+viNasZkJtpRSjznhydJFsyaWiXNW9DpFHbdp1jZrmDwPHyHQEacqmdi5SggQ1o6g70QI3d33QyxQNxzl6CegaRPcGUsu1moGkkziNT2bsydHmQknGf1cOkrVtAuqBg0wUhcvVf+jI3gEyU3zFNOKW9IZXl1X8jotMSrdav4IpeylmS3qVWUqc1MKajBwZjFQrYVridkDxrBRd7wDpzzF5cZP80tkJY+3d2Uf3UimsjzEo2jJNx64UVa/PsT6lgwpA2vfm6ZIYPcCecadngEdORCjetelDQPIcJ9ZLAwWtqcmVXo7gndDUBtKcKieQzd32PD3Nu7PC1lq5ZwjqoX1vtWku88+iYARi539pOj6agboVCxIUJkcXWIE0fVkLq9yD43yXuN7EYHF/uI4WnK1olUJWr2pyUnihG5G9DDuUbsi2WFNPfrLRtV26f6IaEbZ6u4rjEvKhphA/mzPcqeS0</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGjTCCBMGgAwIBAgIUFy4h2LTxF4eZW2LC1kay4XM2HOkwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMjExMjkwOTMwMjVaFw0yNTExMjgwOTMwMjRaMIGjMSIwIAYDVQQDDBlOU1AgVGVzdCBTZXJ2aWNlIENvbnN1bWVyMTcwNQYDVQQFEy5VSTpESy1POkc6OGQzZmEwNDctYzc3ZS00N2U0LWJkZDItZTkxNDg4NjEwY2U2MR4wHAYDVQQKDBVTdW5kaGVkc2RhdGFzdHlyZWxzZW4xFzAVBgNVBGEMDk5UUkRLLTMzMjU3ODcyMQswCQYDVQQGEwJESzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALyJRrV1jHkQtPZ5Yb1BQsVv7CsH2G7xMebZh6o7Opm/Pb2+u8QKnPK2dkPXtFDn4efC6adwMN7EeDulIOC+6S/2yNcUQvD9Nbk40TBX6wqHjcQoMA9a725m1cqQiHPGxlHhQVMRzeJLjpEVnkdush3NCZFfndu48bdtsxM2n6sJgB3wJhvVAb8PdABfZETRcpMVIU8gBEWhMFHZhKlzmZqPUf7OQCtF2Hd1N7F4Qzus/NCP98p9z92h07sVprZD8iwWLlN9GukssDoZTbHpYmeFRE74WnxibQwau8FRFXxHZVSMQ+b3rOPLw0fLL09wDIDcBdJZyK2S/qHWzCfxxNwUCMd5g5aEvXElxiVnNdSBNVz+9phvMz3T66Za64DxFbQ/cfQcCJgSQyGpGpAOEuv2Rl9xxiNHFkoYVTR85bsHPFm6zda7/WSRZbjrhWRsbcTNunu+ucK1STkb0jiupk951zwlGN/HFGPtYP6GEMbaln01Rc7XrQDO7Rc4VKBVlwIDAQABo4IBhjCCAYIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR/KJ/ZcZlC4nXn1zV2Lk0IJW12XjB7BggrBgEFBQcBAQRvMG0wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jYWNlcnQvaXNzdWluZy5jZXIwJgYIKwYBBQUHMAGGGmh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY3NwMCEGA1UdIAQaMBgwCAYGBACPegEBMAwGCiqBUIEpAQEBAwcwOwYIKwYBBQUHAQMELzAtMCsGCCsGAQUFBwsCMB8GBwQAi+xJAQIwFIYSaHR0cHM6Ly91aWQuZ292LmRrMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jYTEuY3RpLWdvdi5kay9vY2VzL2lzc3VpbmcvMS9jcmwvaXNzdWluZy5jcmwwHQYDVR0OBBYEFFNN5GI5Bd91v2k+3gh2tB79kMiJMA4GA1UdDwEB/wQEAwIFoDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGBAAg7zaoHb0a4EKKoVc2SVcp6/x4Np2CfUmduosmoWxd5SboR2NV93MinTkhJRLPXjTYjETLKLNbmgrDm1oFtnw4rVRdKtpy06D0Zh5hKmR3KDjfXt/+KiHtjqs5fmB8GVo3TxFHGnS4sOmph6l/KG4tOPhMabVWcX7vJQfIBVJMak1QHWzig4ooREvupqefYTpvP13GIG4DsyRabAlR2M3pyvdrSAU899gxASvWI6LBQlEdd4tPodAvdEEb3fHS2pnWmI56Im881jOdVtmmjWMCyPD4kP6SaBUxs7XhqZMwH8X98d5NMwPUYyyKwOVJfPrsWdfhupshcdyn2AWpVLU5GfhdRkmSdLdTKzzJOt7pPH+fS95R5MyV0febSJnSOXgNq7ICdQdiKO/HQ8/zmePRq8Ax/7DGrEA0zXENH2un6AV+7bZtELmNoU+B0MoN/AuSteAxmfTTnc8Xu45rTIXh3Vx1OS3NFggGSBvawlVkE7kWKej3o2sKtfot8a+ILzw==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"> C=DK,O=Testorganisation nr. 94354969,CN=null,Serial=UI:DK-P:G:23550132-5e1f-4e43-a5f9-048acf49e0b8</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData NotOnOrAfter="2024-02-22T13:26:38Z" Recipient="http://audience/clear"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIGiDCCBLygAwIBAgIUNySjAhoHGRCYk/yn3wsw3wmXBrcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMGsxLTArBgNVBAMMJERlbiBEYW5za2UgU3RhdCBPQ0VTIHVkc3RlZGVuZGUtQ0EgMTETMBEGA1UECwwKVGVzdCAtIGN0aTEYMBYGA1UECgwPRGVuIERhbnNrZSBTdGF0MQswCQYDVQQGEwJESzAeFw0yMTA0MjgxMjI1NDhaFw0yNDA0MjcxMjI1NDdaMIGeMRUwEwYDVQQDDAxGT0NFU19neWxkaWcxNzA1BgNVBAUTLlVJOkRLLU86RzoyMzU1MDEzMi01ZTFmLTRlNDMtYTVmOS0wNDhhY2Y0OWUwYjgxJjAkBgNVBAoMHVRlc3RvcmdhbmlzYXRpb24gbnIuIDk0MzU0OTY5MRcwFQYDVQRhDA5OVFJESy05NDM1NDk2OTELMAkGA1UEBhMCREswggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDDjbGCHjgv+o1q0Q8GcHnLzHG6r4Q4vfuuWHU3Uscjgo6PC55Wj+GAsEnX7Gb8zIcM/kFv87wYR4w14dRO2lc8OO4e6sCzyIJduvu6da8yCBu6qYV708liVTvmTFFTc5O20lmRb0/MnUlyqU+IFcARhsT14M05sNznd1JF+/cfYwyDo+vCRPXa24WbY5GS2kBgnP/YDCUhmjOiDOGKMCgHj/YYvIZJq+2lfB+Lbi3vRXwJRCeI8FUOaVejFY6zDWOz14uELHhbK9Mhm3MV80PzK/MzDs2G60SMv7PGfkjjb3CHYKsDF0IJe59zumn322HAYOtaVSObSxESHhkOCUf6ZgFGoIQCGB7Q94A3UOktdPqgTmyequ+6HYQxPWbb5HxaItWvQ0qMV3jfu9VsH8Jzo+kpVoUVjpEucwmyXMLd22Iihfy6arckFHQFMYRBGB8bPuPGbk9aSlJ+AOQ+MD1foq051loLJb5Sukj3Bp+BtqrE3WAXp5xC+8pmN4szGacCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfyif2XGZQuJ159c1di5NCCVtdl4wewYIKwYBBQUHAQEEbzBtMEMGCCsGAQUFBzAChjdodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY2FjZXJ0L2lzc3VpbmcuY2VyMCYGCCsGAQUFBzABhhpodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2NzcDAhBgNVHSAEGjAYMAgGBgQAj3oBATAMBgoqgVCBKQEBAQMHMDsGCCsGAQUFBwEDBC8wLTArBggrBgEFBQcLAjAfBgcEAIvsSQECMBSGEmh0dHBzOi8vdWlkLmdvdi5kazBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY2ExLmN0aS1nb3YuZGsvb2Nlcy9pc3N1aW5nLzEvY3JsL2lzc3VpbmcuY3JsMB0GA1UdDgQWBBSQ2zoWKogKlPFYOToFjHSMufl3ZTAOBgNVHQ8BAf8EBAMCBaAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQB9sFKk0XIi7AOVjMu5ngVK+KMqnEOe9YGuhW8PBRhaDXi1uVBTm3wpl7CCnPKjPCuJ8sUJxSsES8IZjowuGGRY8RI6Xrf9+gBihL/HHUFowPUSobUJeDiVqZyaQDxVXWRyTwF5R6lQtdX/GJJlrmgW2oEvm4SYGW512EA8DBMWXNfoR0iWGp7taNggMrRj+i3IRiqzfhtslBGA4Rd1t+SRkUJ9lu8JpS+zdQ9MOzfW1YWHeab7nK/k4LkfZTKh2762q4/ez74806OaTqf31Yg56KbPxWHNe0h18gFby0ggIAxhOMS+yAySN5CXcOMigqZt23vtgZjz+RgUVXX3cXrkJhFbhStO2Buh2xHfBT09L5lDfhpLAmC06oWT6xcoJO5EJ2bYCEAV74mwdyWNIkEc2H8AD7SLIxf56Q3MECYGPqyVU2yRKY6iDebTRt+HOeNLyWoZUTO7MXb7IQOhTpsVEZjZd0eiAEw8KbNPGNMwsWQwuf8RzVhildJ/bhPKsAY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2024-02-22T13:16:38Z" NotOnOrAfter="2024-02-22T13:26:38Z"> <saml:AudienceRestriction> <saml:Audience>http://audience/clear</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AttributeStatement> <saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string"> PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2l0c3QuZGsvb2lvc2FtbC9iYXNpY19wcml2aWxlZ2VfcHJvZmlsZSI+PGJwcDpQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOmRrOmhlYWx0aGNhcmU6c2FtbDphY3RUaHJvdWdoUHJvY3VyYXRpb25CeTpjcHJOdW1iZXJJZGVudGlmaWVyOjExMTExMTExMTgiPjxicHA6UHJpdmlsZWdlPnVybjpkazpuc3BvcDpzdHM6Zm1rOnJlYWQ8L2JwcDpQcml2aWxlZ2U+PC9icHA6UHJpdmlsZWdlR3JvdXA+PC9icHA6UHJpdmlsZWdlTGlzdD4=</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wst:RequestedSecurityToken> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>http://audience/clear</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2024-02-22T13:16:38Z</wsu:Created> <wsu:Expires>2024-02-22T13:26:38Z</wsu:Expires> </wst:Lifetime> </wst:RequestSecurityTokenResponse> </wst:RequestSecurityTokenResponseCollection> </soapenv:Body> </soapenv:Envelope> |
Bemærk returværdien fra STS, der indeholder attributten 'dk:gov:saml:attribute:Privileges_intermediate' (Vist i ovenstående eksempel fra OIO2BST_LEGACY STS-svaret):
<saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string"> PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2RpZ3N0LmRrL29pb3NhbWwvYmFzaWNfcHJpdmlsZWdlX3Byb2ZpbGUiPjxQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOnByZWZpeDoxMjM0NTY3ODkwIj48UHJpdmlsZWdlPnVybjpkazpzdW5kaGVkc2RhdGFzdHlyZWxzZW46aWRzYXM6cmVhZDp1bmJsdXJyZWQ8L1ByaXZpbGVnZT48L1ByaXZpbGVnZUdyb3VwPjwvYnBwOlByaXZpbGVnZUxpc3Q+ </saml:AttributeValue> </saml:Attribute> |
Værdien er base64 encoded, og kan indeholde forskellige værdier. Disse er beskrevet nedenunder. Eksemplerne viser værdien efter en base64 decode.
Bemærk at strukturen både indeholder det CPR nummer, som borgeren ønsker at arbejde på vegne af, samt listen af de privilegier der rent faktisk er tildelt fra denne borger, til den kaldende borger:
<?xml version="1.0" encoding="UTF-8"?> <bpp:PrivilegeList xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"> <bpp:PrivilegeGroup Scope="urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040"> <bpp:Privilege>urn:dk:nspop:sts:fmk:read</bpp:Privilege> <bpp:Privilege>urn:dk:nspop:sts:fmk:write</bpp:Privilege> </bpp:PrivilegeGroup> </bpp:PrivilegeList> |
Man kan også vedlægge en claim om værgemål eller forældremyndighed ift. en anden borger. Dette gøres under "dk:healthcare:saml:attribute:OnBehalfOf", og der er følgende to muligheder i praksis:
<auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf"> <auth:Value> urn:dk:healthcare:saml:actThrough:WardCustody:cprNumberIdentifier:1111111118 </auth:Value> </auth:ClaimType> |
<auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf"> <auth:Value> urn:dk:healthcare:saml:actThrough:ParentalCustody:cprNumberIdentifier:1111111118 </auth:Value> </auth:ClaimType> |
I billetten vil subject relations være kodet i stil med følgende, dog i praksis base64-encoded som nævnt ovenfor.
<?xml version="1.0" encoding="UTF-8"?> <srp:SubjectRelations xmlns:srp="urn:dk:healthcare:saml:subject_relations_profile:1.0"> <srp:VerifiedRelation relationType="parentalCustodyHolder" relatedPersonID="0101111234" relatedPersonIDType="URN:OID:1.2.208.176.1.2" /> </srp:SubjectRelations> |
STS vil gennem IDSAS slå op om sløring er ønsket. Sløring vil optræde som specificeret i OIOITP Blurring Instructions Profile 1.0 i billetten. Bemærk også, at der er en version 1.1 på vej.