Formålet med dette dokument er at give en detaljeret beskrivelse af de konkrete services, der udbydes af STS i forbindelse med anvendelsesområdet Borgeromvekslinger.
Dokumentet henvender sig primært til udviklere, der skal i gang med at anvende de konkrete borgervekslingssnitflader udbudt af STS.
Dokumentet bygger i høj grad på den overordnede STS - Guide til anvendere, som giver et overblik over STS og leverer i denne sammenhæng et mere dybdegående teknisk beskrivelse af de services i STS, der ligger i anvendelsesområdet borgeromvekslinger.
Som beskrevet i STS - Guide til anvendere, så findes der i STS følgende services indenfor anvendelsesområdet borger:
| /sts/services/Bst2Idws | Omveksler OIO Saml bootstrap token til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring. Bemærk, at bootstrap token skal være signeret af troværdig tredjepart (SEB eller NemLog-in) |
| /sts/services/JWT2Idws | Ombytter JSON Web token (JWT) til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring. Bemærk, at JWT tokenet skal være signeret af troværdig tredjepart (pt. en OpenID Connect provider) |
| /sts/services/JWT2OIOSaml | Omveksler JSON Web token (JWT) til OIO Saml sikkerhedsbillet rettet mod et specifikt audience, f.eks. forløbsplaner.dk. Billetten er krypteret og er tænkt benyttet til sikker-browseropstart (SBO) Bemærk, at JWT tokenet skal være signeret af troværdig tredjepart (pt. en OpenID Connect provider) |
De to services Bst2Idws og JWT2Idws minder om hinanden i opbygning af requests, understøttede claims og valideringer. Disse beskrives derfor under et i afsnittet om claims og valideringer. JWT2OIOSaml beskrives for sig selv.
I forhold til berigelse af det udstedte IDWS token er der mulighed for at medsende følgende claims til:
Udover claims, skal der i forespørgslen angives et audience (som beskriver hvilken service det udstedte IDWS token skal bruges til). I NSP sammenhæng opereres der med følgende audiences:
I eksemplerne nedenfor vises der eksempler på vekslinger af bootstraptoken til Idws og JWT til Idws. I eksemplet med bootstraptoken er der ydermere vist eksempler på anvendelsen af claims til både CPR for den kaldende bruger samt fuldmagt.
Afhængig af miljø udstilles tjenesten på:
|
http://<sts-host>:<port>/sts/services/JWT2Idws |
http://<sts-host>:<port>/sts/services/JWT2OIOSaml |
I det følgende gives eksempler på følgende typer af requests:
I dette eksempel vises eksempel på request til servicen Bst2IDWS. Bemærk både claim 'dk:gov:saml:attribute:CprNumberIdentifier' i forhold til borgerens eget CPR nummer med claims i forhold til anden borgers CPR nummer.
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:3b222db7-5922-477c-b815-4ea35cba6574</wsa:MessageID>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2020-12-07T09:04:30Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>qy1OEXC66wBsvGKipiai5kbgtVU=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>7U5J5GxULihSf9aMnTKZIBML9Rc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>pQiXI/9WJDEelRO2N9GJiUop5lE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>WBwK3D7bMq8Dm6ns6eJmIPICAoa92+fRWGzoKbDcKwSNkdTlRBBnw3okSHPDlvQ7P5cuKYCLfvgYG+/705aYDUQiyL7HexTJvBKMW+TR/fkvGeqB/mQcOVypaV7wYfS7mY0eZUuTWFLf6RGxEa3OkqD7r+HT9lqsdFDZbjxpUkBBpsWwMH1OOr1u5p+cY8thwCT4h38hDOupU3NsGz36nvlODqke1DtOAaiNeteN3rLDDf3FEIl3zqfiVix/vlrZee9mK/RgFdgIC9OFVkqQhYAWlGTNmcGKTjZ0ED07qtZVi5uGsMortCtIchr0KnW6uo+yBc7zdeO4aYb0ItM78g==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGNDCCBRygAwIBAgIEXOg9yTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzQ3NTdaFw0yMzAyMTMxMzQzMzBaMIGeMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFfMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDo3OTY4MDA0NTA7BgNVBAMMNFRFU1Qgd2hpdGVsaXN0ZWQgU1AgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNWtWKpMlLgD5Er0SgRjNCKXlwU39x3DTPvqE/r09j96B+pwbzHjhnbV5HPwCNzoeUolcvnPmJrsOucIHsoKebPgfLEnhfjWnl0Z8ivPy/3iQfHyhJoB3shBcfLwH+FwZzEqw3hsabflVJHTq+9u2bLes9UM7r2Hy0mlynux28nFKB8dqkYVS1MjAid2cID4vbbavlFO+N+BSIt8M+MA8A1FVwhUEc/vyD+Ha8Alo3nYLZV9SqYlzeeGR+umiyQ7lhVOzv2CO2ULBSpX28mxGJ4N8CmCUrZgbSnPwkw3Mkq93bzMRUB4X9Bu/hWIpQZooKDM6wxE8dYn1yrAliw+ujAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFCe0e26va9zqyshyZoXec/52Pl5RMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnG/H/WeWIPAbnuPMZ/p2sSulgesmt6N1fK5mupYlVmLQ/7fuBIh/ER8zK3ya6yuQBAfSwIYib8iFWm+VBPc+CeS8KE/z4LRZKs3tsFkyEPlee3KpyQ4BQEawwLZjb0ZHS6ghI846SFOy+nYV8HpLvws5/vTNlGaRbBlrDVFzL/ZGois0EJe6wd3xnglwEIKjCxv30zzAnCOrmEzGIaojm07F7rnpQkaCmGNDfsSWl6Mi8SZ8jhFZHdybG9mjr6BXc1wJl2C6hQVuo7wvaIhVgJpV5BkG61mcCBniZhGr7uCJyjQ1vheKDEDle4IIzyVajjM+x5F3BWb6JQxujEHOU=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityToken Context="urn:uuid:b501bee1-e6ef-4bda-9877-ce43d8637354">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst14:ActAs>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_17433b24-cff4-4e22-ae47-4eefa07664a7" IssueInstant="2020-12-07T09:04:30Z" Version="2.0">
<saml:Issuer>TEST trusted IdP</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_17433b24-cff4-4e22-ae47-4eefa07664a7">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>4jgrBp2Qz+1jWqwv4EPDwvnoeOU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>P0SXvO1fqVHbZIe/tcnlU7ppFHzxeb23F3YTdVjBR6U6U5xPKfn8NVaTYSJsqh6OGuxAXBrnAAYAd5wyP5E6Z8R62Q2z9Mog9qk+EM95kGfbqvJsAEQFDp6DEpAVyasKXpVdzqQv5b5/J2fG2X7ZHDUGeiIEHq9Cp/EWeFToOcEvx13eMU7MX2jhqdnc+aEGqjVHPsPrgSSy7z3zyg+5PQ476KmfuWxdKgxoKFtK1eMjbTk4bY1aEhDDQTcZNTgmg4qQVbOmMzRi3AWTl++HaMC1g8dXpuzNKWYnVc91a+vIRxghg3j6bzWDS+gET0vSyRAvlcFBl34/PdQlik8CCA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGMTCCBRmgAwIBAgIEXOg9zDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzUwNDhaFw0yMzAyMTMxMzQ5NDFaMIGbMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFcMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDoyMjI0OTczMjA4BgNVBAMMMVRFU1QgdHJ1c3RlZCBJZFAgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxgR6YyL1auIQJtCyq6HpB3y5FtrFWigZsmbOXvhcxrmvjhqahlfvke2Vub5AfCPslTsbSgwg9sqhU7Hq2T96QZtLqa+UZP3PVzIqyfXwgXpOFvb2UGbXwQ5SPtSAhoo8z6cFPkBUdIGxL99DV7GPWw4kIk9ynV2YY/XulY049wePaHQFLuW4A5F+Nl6coXFpqn55fG0XNRxOPZUX3DUlnKT7aJKU4xA/1gIm+v4DbbIKN97SV1msXfQq+9Fdpz07dTQEINa9JzmBN1zPkT7hJEOHttqhtFwSxJhMA5V5k0ZbVj1b6WRgJZKUEtGSNOmyZUlcmwUgzz4PwGuMc85PHAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFN7fNS/56t+ZyVIxR6T6W0S7yS5JMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAANWrGs4jCmcvQX34e5h29UhxVegt8Jg02WWBzGB9/kH5YOVnSEp7CCIc4Qut0+C0QlvcDvCre12fOsII5ZlYjKIOXwXzjO2lsNmPKRom3+2syL5aWRQLsh3viVIvVLn4E5bZiEEX8P5KkXI8Exh9OlYEro5KpVyF8Bi2r7uJDmglCYl+BSc/zozgegXJ9KP4l+08mKVWPwwfw5qwp13PWbNNOVPpdIMVzN0YQCTUvPRfNqVfx265+zmx96HF2PvHCzTL95mKfWMs+SZEVpfek4Xl9priAOI6hhmcAZR1wwAklmI7KC4I3m0gFzUOPcZycXNg3G02gXvcmlwMcrdOek=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2020-12-07T09:09:29Z" Recipient="https://sosi"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-07T09:04:24Z" NotOnOrAfter="2020-12-07T09:09:29Z">
<saml:AudienceRestriction>
<saml:Audience/>
</saml:AudienceRestriction>
</saml:Conditions>
</saml:Assertion>
</wst14:ActAs>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
<auth:ClaimType Uri="dk:gov:saml:attribute:CprNumberIdentifier">
<auth:Value>0501792275</auth:Value>
</auth:ClaimType>
<auth:ClaimType Uri="dk:healthcare:saml:attribute:OnBehalfOf">
<auth:Value>urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040</auth:Value>
</auth:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope> |
Svaret fra STS ser således ud:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsa:Action wsu:Id="action">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="messageID">urn:uuid:bde6ee0c-06a9-4dd7-9ae0-3bf29b6280e3</wsa:MessageID>
<wsa:RelatesTo wsu:Id="relatesTo">urn:uuid:3b222db7-5922-477c-b815-4ea35cba6574</wsa:RelatesTo>
<wsse:Security mustUnderstand="1" wsu:Id="security">
<wsu:Timestamp wsu:Id="ts">
<wsu:Created>2020-12-07T09:06:39Z</wsu:Created>
</wsu:Timestamp>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>0101603040
<ds:Reference URI="#messageID">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>5YUEr9PKYYu2iyvY0XhKxHE6NFk=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#action">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3cXAhlhZH22NiSh7AttxKxBap7Q=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#relatesTo">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Oo+c5AT3Gky7Q2+jevrnjtKkbhI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ts">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>/DWD2fll+qjDeFmjYb4i4TTQcJE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>TOdMnbhE5vN9Q9/01qfrGKKKJP0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Or2nuZl8pyU4t6h90FP50MwghnBaQo0hGr/uOrDxkQo3lUXXxa5P2S4Vs5I8NzvgHGx22Piq19D2S7Z9NVMxPgRQC+kyhxIUehYFWv4ZlEX6L8Qn0N2T+44UA9pUZgJYH4BbUF0fXY79KZAiD5JGa6sc0ZKZTnO5eusR6ef6+m1jTGDOXEjH2J+qQ6i23VJPIYB0yxNU53n79d05rknhipWCQYfthE6eNKyfMy1jvkm1Wyux1bZUhwL+1WOZIbXTN7LbgN1I0x1IxFFe6yJ6ccIiSOoSzyEp00sVcTVoBLzfF2GmYVFijJo3kjjOXwnDTjxXCPCUE22ND4rjrmb2Zg==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="body">
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse Context="urn:uuid:b501bee1-e6ef-4bda-9877-ce43d8637354">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_fa311122-026e-4049-8ddf-cdbd84304d7c" IssueInstant="2020-12-07T09:06:39Z" Version="2.0">
<saml:Issuer>TEST2-NSP-STS</saml:Issuer>
<ds:Signature Id="OCESSignature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_fa311122-026e-4049-8ddf-cdbd84304d7c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>GOIAqcYUFLnazqyu7B4AL2vpV5o=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>sM1Nl1ehU0k4WwrNyIJaRn/VDH9JbriFlDKaRzd/iwYtiF6rCA+NQMMHYqAjjzPewjamKuueIqx7MTt0ElEN3mUcdBaSqaohdhmTTM9U2IB76B+sWNxpGdCXQ8N1lYjVqBYkCn6uAvzG89fADpTNkBct8ekWuj/UT06h/O8KLxybhK7I0HNOWkJ45BAhOIJTOc7Vg4qyIk3PJIh+8TzpyUY9L2WuBg8YKzgAd+8uCKRFn223ePRL6GtRlJJqsXm/x/82CNj6lGHdCFXsPcZrrYvKCmZu8FSFEqQrLjyE/ULnbTQVfe+gAPhIzAh01n1SvlWoQ0omyzjiWCAA2Sketw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGKjCCBRKgAwIBAgIEW6uMBTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMB4XDTE5MDQzMDA5MDcxN1oXDTIyMDQzMDA5MDYzOFowgZQxCzAJBgNVBAYTAkRLMS4wLAYDVQQKDCVTdW5kaGVkc2RhdGFzdHlyZWxzZW4gLy8gQ1ZSOjMzMjU3ODcyMVUwIAYDVQQFExlDVlI6MzMyNTc4NzItRklEOjE4OTExODYxMDEGA1UEAwwqU09TSSBUZXN0IEZlZGVyYXRpb24gKGZ1bmt0aW9uc2NlcnRpZmlrYXQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo57h9E/hM5gimxaDgHB0MLcgVfXGJbQh/8OC1vTdDsCUIzIwRd5lJE+ado8urHF7UmKubFZzfCPduoRv9b3TkNVKaixiHUMtP4egbL8vcgyalk28cNQdUk8f34mg8atgvd45EnIKz2iB+yjs5guJPDBg2OFSbP0r53NU8fVTq3aLtDpDVnkxsyjNQ7HOFtzavyMnKx0vDgafEvrUR3WTSLCGju4aUIg3ThgrWXA7i3lPIAXdV8mQmlY3wn/kIBiyIotmF98UsEket/sxpJNkJ6R6AUpxnGApCDP1Fw2BgxAQWWrtD/c5IoIZwGWNfLgpJEzfhnuIZJ7Bfs9RmHFdQIDAQABo4ICzTCCAskwDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vZi5haWEuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASCARcwggETMIIBDwYNKwYBBAGB9FECBAYEAjCB/TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwWBURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjQuMi4wga0GA1UdHwSBpTCBojA9oDugOYY3aHR0cDovL2NybC5zeXN0ZW10ZXN0MjIudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MjIxLmNybDBhoF+gXaRbMFkxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJTAjBgNVBAMMHFRSVVNUMjQwOCBTeXN0ZW10ZXN0IFhYSUkgQ0ExDzANBgNVBAMMBkNSTDE0MjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNVHQ4EFgQUGYAVKKL17LHyVGSErL26MBNadTQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAjHMO4sWEf8M25WHczBTJYtMitn1wLOqE6raeM6oYyw6R/4FImpOzF6bxBlfNnhhR0vJSXMWTqL/onCyy4gCs9eLglRHZ9BC8a9fmirrguNpOWlR8NAf5GRwOqCyTnkTAfUD1fp0RzVo8TvAd73WiGeUTzTiAVf7OgZFnRIYkcALXLjNs6AwELWSh+bC/gGuQcHUDd8YGSzgKS6w2qz3fIASrykxzlYjeusks58CereC6WfvN0I+GGlL9fIgjpzh7JEELME7r9QJLL9NSrmlRKfhM8gzuE6Vm4vGzmSsnNJxGMf1vTzEve4lXI8pnOtHMTtNl5zw4jCJFakRqcWm3FQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml:SubjectConfirmationData NotOnOrAfter="2020-12-07T09:09:29Z" Recipient="https://fmk">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGNDCCBRygAwIBAgIEXOg9yTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMDAyMTMxMzQ3NTdaFw0yMzAyMTMxMzQzMzBaMIGeMQswCQYDVQQGEwJESzEuMCwGA1UECgwlU3VuZGhlZHNkYXRhc3R5cmVsc2VuIC8vIENWUjozMzI1Nzg3MjFfMCAGA1UEBRMZQ1ZSOjMzMjU3ODcyLUZJRDo3OTY4MDA0NTA7BgNVBAMMNFRFU1Qgd2hpdGVsaXN0ZWQgU1AgU09TSSBhbGlhcyAoZnVua3Rpb25zY2VydGlmaWthdCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNWtWKpMlLgD5Er0SgRjNCKXlwU39x3DTPvqE/r09j96B+pwbzHjhnbV5HPwCNzoeUolcvnPmJrsOucIHsoKebPgfLEnhfjWnl0Z8ivPy/3iQfHyhJoB3shBcfLwH+FwZzEqw3hsabflVJHTq+9u2bLes9UM7r2Hy0mlynux28nFKB8dqkYVS1MjAid2cID4vbbavlFO+N+BSIt8M+MA8A1FVwhUEc/vyD+Ha8Alo3nYLZV9SqYlzeeGR+umiyQ7lhVOzv2CO2ULBSpX28mxGJ4N8CmCUrZgbSnPwkw3Mkq93bzMRUB4X9Bu/hWIpQZooKDM6wxE8dYn1yrAliw+ujAgMBAAGjggLMMIICyDAOBgNVHQ8BAf8EBAMCA7gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9mLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgQDMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuNC4zLjCBrAYDVR0fBIGkMIGhMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYaBfoF2kWzBZMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEOMAwGA1UEAwwFQ1JMMTEwHwYDVR0jBBgwFoAUzWxolzlyGaQ1q2Tq9BGjgYf4aTswHQYDVR0OBBYEFCe0e26va9zqyshyZoXec/52Pl5RMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnG/H/WeWIPAbnuPMZ/p2sSulgesmt6N1fK5mupYlVmLQ/7fuBIh/ER8zK3ya6yuQBAfSwIYib8iFWm+VBPc+CeS8KE/z4LRZKs3tsFkyEPlee3KpyQ4BQEawwLZjb0ZHS6ghI846SFOy+nYV8HpLvws5/vTNlGaRbBlrDVFzL/ZGois0EJe6wd3xnglwEIKjCxv30zzAnCOrmEzGIaojm07F7rnpQkaCmGNDfsSWl6Mi8SZ8jhFZHdybG9mjr6BXc1wJl2C6hQVuo7wvaIhVgJpV5BkG61mcCBniZhGr7uCJyjQ1vheKDEDle4IIzyVajjM+x5F3BWb6JQxujEHOU=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-12-07T09:01:39Z" NotOnOrAfter="2020-12-07T09:09:29Z">
<saml:AudienceRestriction>
<saml:Audience>https://fmk</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="dk:gov:saml:attribute:SpecVer" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DK-SAML-2.0</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:AssuranceLevel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">3</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:CprNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">0501792275</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dk:gov:saml:attribute:Privileges_intermediate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiID8+PGJwcDpQcml2aWxlZ2VMaXN0IHhtbG5zOmJwcD0iaHR0cDovL2l0c3QuZGsvb2lvc2FtbC9iYXNpY19wcml2aWxlZ2VfcHJvZmlsZSI+PGJwcDpQcml2aWxlZ2VHcm91cCBTY29wZT0idXJuOmRrOmhlYWx0aGNhcmU6c2FtbDphY3RUaHJvdWdoUHJvY3VyYXRpb25CeTpjcHJOdW1iZXJJZGVudGlmaWVyOjAxMDE2MDMwNDAiPjxicHA6UHJpdmlsZWdlPnVybjpkazpuc3BvcDpzdHM6ZGR2OnJlYWQ8L2JwcDpQcml2aWxlZ2U+PGJwcDpQcml2aWxlZ2U+dXJuOmRrOm5zcG9wOnN0czpkZHY6d3JpdGU8L2JwcDpQcml2aWxlZ2U+PGJwcDpQcml2aWxlZ2U+dXJuOmRrOm5zcG9wOnN0czpmbWs6cmVhZDwvYnBwOlByaXZpbGVnZT48YnBwOlByaXZpbGVnZT51cm46ZGs6bnNwb3A6c3RzOmZtazp3cml0ZTwvYnBwOlByaXZpbGVnZT48L2JwcDpQcml2aWxlZ2VHcm91cD48L2JwcDpQcml2aWxlZ2VMaXN0Pg==</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>https://fmk</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2020-12-07T09:01:39Z</wsu:Created>
<wsu:Expires>2020-12-07T09:09:29Z</wsu:Expires>
</wst:Lifetime>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soapenv:Body>
</soapenv:Envelope> |
Bemærk returværdien fra STS, der indeholder attributten 'dk:gov:saml:attribute:Privileges_intermediate'. Værdien er base64 encoded. Efter en decode ser det således ud (bemærk, at strukturen både indeholder det CPR nummer, som borgeren ønsker at arbejde på vegne af samt listen af de privilegier, der rent faktisk er tildelt fra denne borger til den kaldende borger):
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile">
<bpp:PrivilegeGroup Scope="urn:dk:healthcare:saml:actThroughProcurationBy:cprNumberIdentifier:0101603040">
<bpp:Privilege>urn:dk:nspop:sts:ddv:read</bpp:Privilege>
<bpp:Privilege>urn:dk:nspop:sts:ddv:write</bpp:Privilege>
<bpp:Privilege>urn:dk:nspop:sts:fmk:read</bpp:Privilege>
<bpp:Privilege>urn:dk:nspop:sts:fmk:write</bpp:Privilege>
</bpp:PrivilegeGroup>
</bpp:PrivilegeList> |