4. IS autentifikācijas un autorizācijas pieprasījums no drošības talonu servisa

IS autentifikācijas un autorizācijas pieprasījuma saturs no drošības talonu servisa atbilst šādiem standartiem:

  • Envelope, Header, Body – SOAP v1.2;
  • Action, MessageID, ReplyTo, To – WS-Addresing v1.0;
  • Security, Timestamp – WS-Security v1.1;
  • UsernameToken  - User Name Token Profile v1.1;
  • BinarySecurityToken – X.509 Certificate Token Profile v1.1;
  • Signature – XML Signature;
  • RequestSecurityToken – WS-Trust v1.3.

XML ziņojuma piemērs, izmantojot lietotāja vārdu un paroli:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

  <s:Header>

    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>

    <a:MessageID>urn:uuid:fa020542-3cba-4770-8ace-ce79cbe8e494</a:MessageID>

    <a:ReplyTo>

      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>

    </a:ReplyTo>

    <a:To s:mustUnderstand="1">https://epakvisstv.vraa.gov.lv/STS/VISS.Pfas.STS/STS/Issue.svc/trust/13/usernamemixed</a:To>

    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

      <u:Timestamp u:Id="_0">

        <u:Created>2015-09-17T11:46:52.859Z</u:Created>

        <u:Expires>2015-09-17T11:51:52.859Z</u:Expires>

      </u:Timestamp>

      <o:UsernameToken u:Id="uuid-12a5e50d-0d38-4f54-8924-fb9233c7a771-1">

        <o:Username>

          <!-- Removed-->

        </o:Username>

        <o:Password>

          <!-- Removed-->

        </o:Password>

<o:Nonce>

<!-- Removed-->

</o:Nonce>

<u:Created>2015-09-17T11:46:52.859Z</u:Created>

      </o:UsernameToken>

    </o:Security>

  </s:Header>

  <s:Body>

    <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">

      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

        <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">

          <wsa:Address>https://ivis.eps.gov.lv/Request.WebService</wsa:Address>

        </wsa:EndpointReference>

      </wsp:AppliesTo>

      <trust:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:i="http://schemas.xmlsoap.org/ws/2005/05/identity">

        <i:ClaimType Uri="urn:ivis:100001:name.id-viss" Optional="false"></i:ClaimType>

      </trust:Claims>

      <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>

      <trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>

    </trust:RequestSecurityToken>

  </s:Body>

</s:Envelope>

XML ziņojuma piemērs izmantojot sertifikātu:

<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

  <s:Header>

    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

      <u:Timestamp u:Id="TS-B65CDDAC66F66F62D314485313824851333">

        <u:Created>2015-11-26T09:49:42.485Z</u:Created>

        <u:Expires>2015-11-26T09:59:42.485Z</u:Expires>

      </u:Timestamp>

      <wsse:BinarySecurityToken>

        <!-- Removed-->

      </wsse:BinarySecurityToken>

      <ds:Signature Id="SIG-B65CDDAC66F66F62D314485313824731332" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

        <!-- Removed-->

      </ds:Signature>

    </wsse:Security>

    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>

    <a:To s:mustUnderstand="1" u:Id="id-B65CDDAC66F66F62D314485313824731331">https://epak2.abcsoftware.lv/PFAS/Pfas.STS/v1-2/STS/Issue.svc/trust/13/certificatemixed</a:To>

  </s:Header>

  <s:Body>

    <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">

      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

        <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">

          <wsa:Address>https://ivis.eps.gov.lv/Request.WebService</wsa:Address>

        </wsa:EndpointReference>

      </wsp:AppliesTo>

      <trust:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:i="http://schemas.xmlsoap.org/ws/2005/05/identity">

        <i:ClaimType Uri="urn:ivis:100001:name.id-viss" Optional="false"></i:ClaimType>

      </trust:Claims>

      <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>

      <trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>

    </trust:RequestSecurityToken>

  </s:Body>

</s:Envelope>

Noradītā piemērā STS izsaukums ir veikts, izmantojot STS metodi “../Issue.svc/trust/13/{name}” atbilstoši SAML un WS-* standartiem:

Version

SOAP

WS-Trust

WS-Addressing

WS-Policy

WS-SecurityPolicy

WS-Security

13

V1.2

V1.3

2005/08

V1.2

V1.2

V1.1