Ieiet

Vadlīnijas 

 
Viss > Atbalsts > Partneriem > Vadlīnijas > Integrācijas nodrošināšana > Datu apmaiņas izveides vadlīnijas un scenāriji > Atbilde uz IS autentifikācijas un autorizācijas pieprasījumu

5. Atbilde uz IS autentifikācijas un autorizācijas pieprasījumu

Atbildes saturs uz IS autentifikācijas un autorizācijas pieprasījumu atbilst standartiem:

  • Envelope, Header, Body – SOAP v1.2;
  • Action, RelatesTo – WS-Addresing v1.0;
  • Security, Timestamp – WS-Security v1.1;
  • RequestSecurityTokenResponseCollection – WS-Trust v1.3.
  • RequestedSecurityToken elementa saturs – SAML1.1 vai SAML2.0 vai XMLEncryption

Ziņojuma piemērs:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<s:Header>

<a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action>

<a:RelatesTo>urn:uuid:fa020542-3cba-4770-8ace-ce79cbe8e494</a:RelatesTo>

<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<u:Timestamp u:Id="_0">

<u:Created>2015-09-17T11:46:53.283Z</u:Created>

<u:Expires>2015-09-17T11:51:53.283Z</u:Expires>

</u:Timestamp>

</o:Security>

</s:Header>

<s:Body>

<trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">

<trust:RequestSecurityTokenResponse>

<trust:KeySize>256</trust:KeySize>

<trust:Lifetime>

<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-09-17T11:46:53.283Z</wsu:Created>

<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-09-17T15:46:53.283Z</wsu:Expires>

</trust:Lifetime>

<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

<a:EndpointReference>

<a:Address>https://ivis.eps.gov.lv/Request.WebService</a:Address>

</a:EndpointReference>

</wsp:AppliesTo>

<trust:RequestedSecurityToken>

<EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">

<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">

<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>

</e:EncryptionMethod>

<KeyInfo>

<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<X509Data>

<X509IssuerSerial>

<X509IssuerName>CN=IVIS Root CA</X509IssuerName>

<X509SerialNumber>526677922334502603980825</X509SerialNumber>

</X509IssuerSerial>

</X509Data>

</o:SecurityTokenReference>

</KeyInfo>

<e:CipherData>

<e:CipherValue>icGvsJvxfHT38V0ZgrMFJMzCOlP1DMqAzK6tv+LpsrbhsILs+R6uE2DKfNX3KnA7fkweebNp0hfoFpMtkTU51clHkWQw3sXdhRqeTxJQJNztE1mJp5VjUxVyUKtGFmYt4rdZQZNYo//SIrsB5tmO21L8bb9T590qqP3L8LGrwTs=</e:CipherValue>

</e:CipherData>

</e:EncryptedKey>

</KeyInfo>

<xenc:CipherData>

<xenc:CipherValue>BEmoMtZ+MmXO7+Z1+4bjrVk1RCLRPXhDofOZIIM5emhEnZai1LJtV9cvLgPVFw6spxe38biWAIrzL1+Wy1NJvJZJjee9EULChYZryZFa00tvltHRMG8GElsdOJr/KgZvKEIeoVHBaS8NyerIWMvQTc2hdi2/0rtSv694/xZzSbapBo03MY2xJOOmTMideXSKGqVQvHRYgkP0cYHTEwbC4wUIbuUWvXSb93FYtVJyqvrQ8NLVX8Irx47cPdVWu8E0kx5tM0hM6wNWIwK4qRfpmKfw+kpbcZN6+ +6oAgWpdycp+oiIzPyNSEVAlj5GQ7af5vaatXTlv+e5WDM9JSJwWtN9xMc/SqzlPdX75pLqrkWb2uoIkhV2Z5+Gy8xTXdHwoLtQbe7UraM3ZyJRuzuuw9r92ddP0szBrqqzqAJ7Uv5ITZYuE54oZClXrMfB2asFVrRrVNGfHHphwYA0milbvuf9P/WrIXm2irRyMonmFRh/q05H/LEvq21Jaaexv6L2510fMP6slZJZhljehgQQ+0JXPko3+BI/HM4g8WbqLWem9SfLvDMNlkm/1BambQTpcfYwCAbSH+M8/8555KGRRrDTV8ELZ1yAbBViBpxqy7hF9gf2U0HUGFFH+uw==</xenc:CipherValue>

</xenc:CipherData>

</xenc:EncryptedData>

</EncryptedAssertion>

</trust:RequestedSecurityToken>

<trust:RequestedProofToken>

<trust:BinarySecret>5I1lkTh0fgl1wHTZDKGkTEyo4fbeb4XylbOkRMV8N0Q=</trust:BinarySecret>

</trust:RequestedProofToken>

<trust:RequestedAttachedReference>

<SecurityTokenReference b:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:b="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">

<KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_c5327ddc-689b-4771-b0c4-943bd7ba9e18</KeyIdentifier>

</SecurityTokenReference>

</trust:RequestedAttachedReference>

<trust:RequestedUnattachedReference>

<SecurityTokenReference b:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:b="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">

<KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_c5327ddc-689b-4771-b0c4-943bd7ba9e18</KeyIdentifier>

</SecurityTokenReference>

</trust:RequestedUnattachedReference>

<trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>

<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>

<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>

</trust:RequestSecurityTokenResponse>

</trust:RequestSecurityTokenResponseCollection>

</s:Body>

</s:Envelope>