Ieiet

Vadlīnijas 

 
Viss > Atbalsts > Partneriem > Vadlīnijas > Integrācijas nodrošināšana > Datu apmaiņas izveides vadlīnijas un scenāriji > IS autentifikācijas un autorizācijas pieprasījums no drošības talonu servisa

4. IS autentifikācijas un autorizācijas pieprasījums no drošības talonu servisa

IS autentifikācijas un autorizācijas pieprasījuma saturs no drošības talonu servisa atbilst šādiem standartiem:

  • Envelope, Header, Body – SOAP v1.2;
  • Action, MessageID, ReplyTo, To – WS-Addresing v1.0;
  • Security, Timestamp – WS-Security v1.1;
  • UsernameToken  - User Name Token Profile v1.1;
  • BinarySecurityToken – X.509 Certificate Token Profile v1.1;
  • Signature – XML Signature;
  • RequestSecurityToken – WS-Trust v1.3.

XML ziņojuma piemērs, izmantojot lietotāja vārdu un paroli:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

  <s:Header>

    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>

    <a:MessageID>urn:uuid:fa020542-3cba-4770-8ace-ce79cbe8e494</a:MessageID>

    <a:ReplyTo>

      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>

    </a:ReplyTo>

    <a:To s:mustUnderstand="1">https://epakvisstv.vraa.gov.lv/STS/VISS.Pfas.STS/STS/Issue.svc/trust/13/usernamemixed</a:To>

    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

      <u:Timestamp u:Id="_0">

        <u:Created>2015-09-17T11:46:52.859Z</u:Created>

        <u:Expires>2015-09-17T11:51:52.859Z</u:Expires>

      </u:Timestamp>

      <o:UsernameToken u:Id="uuid-12a5e50d-0d38-4f54-8924-fb9233c7a771-1">

        <o:Username>

          <!-- Removed-->

        </o:Username>

        <o:Password>

          <!-- Removed-->

        </o:Password>

<o:Nonce>

<!-- Removed-->

</o:Nonce>

<u:Created>2015-09-17T11:46:52.859Z</u:Created>

      </o:UsernameToken>

    </o:Security>

  </s:Header>

  <s:Body>

    <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">

      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

        <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">

          <wsa:Address>https://ivis.eps.gov.lv/Request.WebService</wsa:Address>

        </wsa:EndpointReference>

      </wsp:AppliesTo>

      <trust:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:i="http://schemas.xmlsoap.org/ws/2005/05/identity">

        <i:ClaimType Uri="urn:ivis:100001:name.id-viss" Optional="false"></i:ClaimType>

      </trust:Claims>

      <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>

      <trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>

    </trust:RequestSecurityToken>

  </s:Body>

</s:Envelope>

XML ziņojuma piemērs izmantojot sertifikātu:

<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

  <s:Header>

    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

      <u:Timestamp u:Id="TS-B65CDDAC66F66F62D314485313824851333">

        <u:Created>2015-11-26T09:49:42.485Z</u:Created>

        <u:Expires>2015-11-26T09:59:42.485Z</u:Expires>

      </u:Timestamp>

      <wsse:BinarySecurityToken>

        <!-- Removed-->

      </wsse:BinarySecurityToken>

      <ds:Signature Id="SIG-B65CDDAC66F66F62D314485313824731332" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

        <!-- Removed-->

      </ds:Signature>

    </wsse:Security>

    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>

    <a:To s:mustUnderstand="1" u:Id="id-B65CDDAC66F66F62D314485313824731331">https://epak2.abcsoftware.lv/PFAS/Pfas.STS/v1-2/STS/Issue.svc/trust/13/certificatemixed</a:To>

  </s:Header>

  <s:Body>

    <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">

      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

        <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">

          <wsa:Address>https://ivis.eps.gov.lv/Request.WebService</wsa:Address>

        </wsa:EndpointReference>

      </wsp:AppliesTo>

      <trust:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:i="http://schemas.xmlsoap.org/ws/2005/05/identity">

        <i:ClaimType Uri="urn:ivis:100001:name.id-viss" Optional="false"></i:ClaimType>

      </trust:Claims>

      <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>

      <trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>

    </trust:RequestSecurityToken>

  </s:Body>

</s:Envelope>

Noradītā piemērā STS izsaukums ir veikts, izmantojot STS metodi “../Issue.svc/trust/13/{name}” atbilstoši SAML un WS-* standartiem:

Version

SOAP

WS-Trust

WS-Addressing

WS-Policy

WS-SecurityPolicy

WS-Security

13

V1.2

V1.3

2005/08

V1.2

V1.2

V1.1