Request
Following is the example of authentication request from a OIOSAML 3-compliant trusted provider (For example, Nemlogin) to Access Manager Identity Provider:
<AuthnRequest ID="_bd71a98e-37fe-9a8c-bf3e-d20e39337d5b"
Version="2.0"
IssueInstant="2023-02-15T09:34:54.8455204Z"
Destination="https://slesnode1.kcdad1.com:8443/nidp/saml2/sso"
IsPassive="false"
ForceAuthn="false"
AssertionConsumerServiceURL="https://devtest4-nemlog-in.dk/localidp/saml/1.0/"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
>
<Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
>https://saml.devtest4-nemlog-in.dk</Issuer>
<Conditions xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<AudienceRestriction>
<Audience>https://saml.devtest4-nemlog-in.dk</Audience>
</AudienceRestriction>
</Conditions>
<RequestedAuthnContext comparison="minimum">
<AuthnContextClassRef xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://data.gov.dk/concept/core/nsis/loa/Substantial</AuthnContextClassRef>
<AuthnContextClassRef xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://data.gov.dk/eid/Professional</AuthnContextClassRef>
</RequestedAuthnContext>
<Scoping>
<RequesterID>https://saml.services.devtest4-nemlog-in.dk</RequesterID>
</Scoping>
</AuthnRequest>
Response
Following is the example of authentication response from Access Manager Identity Provider to OIOSAML 3-compliant trusted provider:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Consent="urn:oasis:names:tc:SAML:2.0:consent:obtained" Destination="https://devtest4-nemlog-in.dk/localidp/saml/1.0/" ID="idL4NswVTVNPY69m7ld5Kf6744y0Q" InResponseTo="_bd71a98e-37fe-9a8c-bf3e-d20e39337d5b" IssueInstant="2023-02-15T09:35:06Z" Version="2.0" > <saml:Issuer>https://slesnode1.kcdad1.com:8443/nidp/saml2/metadata</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#idL4NswVTVNPY69m7ld5Kf6744y0Q"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>9op0qndP22y6OTkYB5QKqvcep0OU6p0raobXlDF9jXc=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> RXHrgFsZOuFTYxiBwws6moKmCqqseM1w79h9dnS4FkgV4cF/9mHm9LnuWMPmHq/eHyNSOj7YLXW5 4ewsKbxZjr769DkQ+vB3f91nr35IEG/pHMURgW9Z2DqKvbO2z5ApWuClHO4HXq7RykgVDXKubQvY h2/t6zVIbBAaZuyNvh2LZjK7fptEwvAxsqL7ny/vTnN+o13lL3DsJKT+4E4sOpDUCfSM94lJqwfq Hd2mKyYn095mKhp9Em2zy1YLQrbyJcS+jdqXnWLK7OKc7xNIRxAtSf7y3lLpw9LGxcGrEGKFMf+9 Wu6UN5j4SfWoaIR9GE5zbHuYXSUZ1CGd5HOzPpAA6ARqY007sSetimKb/mF1AVLy8vaF5G6na89S UczqcZn3DgM2mZEixOQp3iyjw50rIGlZC51EUxwhH84zxe5mhYQiAnkq6/1oBjav6OERoURVE/2W UwLUV0nKsWPPd9PqQpT0XxO5Aghn/puenpoGUiOqNXbqCb79nQyLa9K4 </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> *** </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status> <saml:EncryptedAssertion> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element" > <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm" /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /> <xenc11:MGF xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256" /> </xenc:EncryptionMethod> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>CN=TRUST2408 Systemtest XXXIV CA, O=TRUST2408, C=DK</ds:X509IssuerName> <ds:X509SerialNumber>1604723226</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>*** </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>*** </xenc:CipherData> </xenc:EncryptedData> </saml:EncryptedAssertion> </samlp:Response>