====== Anvendelse af nationale roller via SEB ====== FMK's sikkerhedsmodel er baseret på anvendelse af ID Kort, signeret af SOSI STS'en. Inden dette kan ske, skal brugerens identitet kontrolleres vha. en IdP, som STS'en har tillid til. Det kan enten være en lokal IdP, NemLogin eller SEB (Statens Elektroniske Brugerstyring). I relation til SEB, er der i FMK oprettet en whitelist af godkendte SEB-roller, som FMK accepterer og som er koblet til en tilsvarende FMK-rolle, som angivet i RequestedRole i whitelisting headeren (se [[fmk:generel:sikkerhedsmodel|Sikkerhedsmodel]]): ^ SEB Rolle ^ FMK rolle ^ | urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3 | Plejehjemsassistent | Herunder ses et eksempel på et RequestServiceToken kald til STS'en, hvor der anvendes en national rolle, som STS'en validerer brugerens identitet op mod:



        
            urn:oasis:names:tc:SAML:2.0:assertion:
            http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
            
                
                    TheSOSILibrary
                    
                        0105590536
                        
                            urn:oasis:names:tc:SAML:2.0:cm:holder-of-key
                            
                                
                                    OCESSignature
                                
                            
                        
                    
                    
                    
                        
                            rNo6BtlMc9d+3hoxquGMEg==
                        
                        
                            1.0.1
                        
                        
                            user
                        
                        
                            4
                        
                        
                            2Fa46beRTYplmCb9lqYSqpGpO8Q=
                        
                    
                    
                        
                            0105590536
                        
                        
                            Joakim
                        
                        
                            Recht
                        
                        
                            jre@trifork.com
                        
                        
                            urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3
                        
                        
                            developer
                        
                    
                    
                        
                            Trifork146Only
                        
                        
                            20921897
                        
                        
                            Logica
                        
                    
                    
                        
                            
                            
                            
                                
                                    
                                    
                                
                                
                                PRnoMGDytBGaO+5KImbN7TQt8qk=
                            
                        
                        rulW6tAiOTzZNEhLJhlL+jIf+tCxqFxZFFfWTUazhrHeBOHPN9nx+HULzDXkbn4l+59iymYawLK7vZAddcr3GmbbOBIkB4foNSPSMM+xw7nBolZCcvlUSrJB4RR9W0qPZQrD3PRZqlx7obrm+VmysgQnDHLqw0bLnczUVgHLGLHkfrs3qqhuVJ8ifm8SBTCKmVm9f56fUUCZeZlYIsnQhO6vzr0Nu3CJ1t8uk7dZIyaXS4Q3IL9tx7LdZebs+wMr7Y/QYMOEomyGfTrBzW4Phag9x/CAT3xe2FfMubi8atT3wivO7qDSFxYQZyC+Jafe+f3VWxHvkYQGejucP8nKjA==
                        
                            
                                MIIGKTCCBRGgAwIBAgIEX6IRdjANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTAeFw0yMjAzMjIxMjEyMTlaFw0yNTAzMjIxMjEyMDZaMG8xCzAJBgNVBAYTAkRLMSQwIgYDVQQKDBtUUklGT1JLIEEvUyAvLyBDVlI6MjA5MjE4OTcxOjAWBgNVBAMMD1RhaWEgU3RlZmZlbnNlbjAgBgNVBAUTGUNWUjoyMDkyMTg5Ny1SSUQ6OTU3MDU3MzYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIR76TD1UQy1JoouUKpOoflsoHbv12ze40THjJ79l0blk5ZBM5ZRY+yWdcHbKNSHiCMsAnKgdgdQFzcXtDGUTLTI1XYJiekOozyrmD7SFoiEnb+diiDLR+FM7Ev6JjH8o15FAyXq6ZH2inln9Cyr56HIGuMAw5SiuFuIYYJDDj7QrFe+nryk+8IRNuAzLzxwt1r4tckr8mMMV9k7/ORjzQBTuwoGPG80lt3qATDqniuduxU7XiyyxQt0saF0TZQh/fO4pGIm9D/Ctz4TSkD82kFxt/QlfzAygE19yXNjg6L8oymK3mznqrZWBVEO7GZvgIimCHOe+XM7uk30M8k4urAgMBAAGjggLxMIIC7TAOBgNVHQ8BAf8EBAMCA/gwgZcGCCsGAQUFBwEBBIGKMIGHMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9yZXNwb25kZXIwRwYIKwYBBQUHMAKGO2h0dHA6Ly9tLmFpYS5zeXN0ZW10ZXN0MzQudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MzQtY2EuY2VyMIIBIAYDVR0gBIIBFzCCARMwggEPBg0rBgEEAYH0UQIEBgIGMIH9MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeTCByQYIKwYBBQUHAgIwgbwwDBYFRGFuSUQwAwIBARqBq0RhbklEIHRlc3QgY2VydGlmaWthdGVyIGZyYSBkZW5uZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuMi42LiBEYW5JRCB0ZXN0IGNlcnRpZmljYXRlcyBmcm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4zLjYuMS40LjEuMzEzMTMuMi40LjYuMi42LjAiBgNVHREEGzAZgRdmbWstc3VwcG9ydEB0cmlmb3JrLmNvbTCBrQYDVR0fBIGlMIGiMDygOqA4hjZodHRwOi8vY3JsLnN5c3RlbXRlc3QzNC50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QzNC5jcmwwYqBgoF6kXDBaMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSYwJAYDVQQDDB1UUlVTVDI0MDggU3lzdGVtdGVzdCBYWFhJViBDQTEPMA0GA1UEAwwGQ1JMNDAxMB8GA1UdIwQYMBaAFM1saJc5chmkNatk6vQRo4GH+Gk7MB0GA1UdDgQWBBS4AgCzYL8h9DFoTYZPEh74dFP6mjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAgTUkymSYU/AJec2eAEeuY5S9AoMx2UqMJ/X62iEZ5aSizfyj5U9sDJDhI1/ppYzZShs12rnmZPAQ38mudK7QpZrUgctFVpverF+gn2cqB43mICF4lCUcYaK0/L+Vxg0pbJ118lQMPxxODrgCPpuo6oswuE7VZdVsICnr3to+2BJm7o6uuKXe3BTZUh/5AdR9l0bmp9Trh3nb5OPeAH+Ztg5A2sRpDgEBORhSxrFBBxgBNxg9nDOhHTL/OgEzzdhsLJDiVHLBt0qcHWwdWtqRbGMiuMJ0cms26gvOmDQ/T2FRH8r35iSN39UA4gdElFoMdZtoYz8oBE8uuCHwJZDM3
                            
                        
                    
                
            
            
                TheSOSILibrary