/
3.0 IdP - Teknisk anslutning
3.0 IdP - Teknisk anslutning
Innan du börjar
Du behöver ha en godkänd förstudie för att få registrera en klient.
För att kunna komma åt registreringsgränsnittet behöver du ha ett SITHS Testkort vars Testperson har registrerats i självbetjäningssystemet.
Anslutning Step by step
Skapa metadata
Validera metadata
Registrera klient
Anslutning
Skapa metadata
För att kunna ansluta till ineras IdP behöver du registrera en klient. Det första steget i detta är att skapa upp metadata i enlighet med IdP:ns profil. Fullständig profil: https://docs.swedenconnect.se/technical-framework/latest/02_-_Deployment_Profile_for_the_Swedish_eID_Framework.html#authentication-requests
Exempel på metadata:
<?xml version="1.0" encoding="UTF-8"?>
<!-- entityID ska vara unikt för din anslutning och används som identifierare för din klient -->
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://sp.dev.inera.test:8883"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<md:Extensions>
<mdattr:EntityAttributes>
<saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<!-- urn:oasis:names:tc:SAML:attribute:assurance-certification kan användas för att ange accepterad loa nivå, optionel -->
<saml:AttributeValue>https://id.sambi.se/loa/loa3</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<!-- Certifikat som används för signaturer -->
<ds:X509Certificate>
MIIEczCCAlugAwIBAgIBEjANBgkqhkiG9w0BAQ0FADBMMSIwIAYDVQQKDBlTSVRIUyBlSUQgUG9ydGFsIFRlc3QgT3JnMSYwJAYDVQQDDB1TSVRIUyBlSUQgUG9ydGFsIFRlc3QgUm9vdCBDQTAeFw0yNTAxMTUxNDU2NDhaFw0zMDAxMTQxNDU2NDhaMF0xIjAgBgNVBAoMGVNJVEhTIGVJRCBQb3J0YWwgVGVzdCBPcmcxGjAYBgNVBAMMEXNwLmRldi5pbmVyYS50ZXN0MRswGQYDVQQFExJTRVBPUlRBTDE3MzY5NTI4ODEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6MkGbJuCWoNauY3pnjvjWircBzfYlRUwLNLyp0xfA6d6gM7DpSHYa9G/mqMN3Mwu3q9QsQGVmcyaU8BWC78mOnjyf2ziRBSXfXgQDD5KV11cbv1q6ThnMUGgLy795RzFMjXMGKqkqnKC9rWaaSLrWgcmDiEIHsKjNL4Vhqr2T+1bjWFraclfLwptCSkgqUrGzEewEM9XbSxmKHDAmMWNvSiB7AxnyIxD+YIScGCe5sKICTP6o32CybnAIoV6S7IFXu67i+7ym4ziAey7uDtyj3YaiX2JxVOTIHQOaMyzZ/RBqbyzNGqz0zKvCfe+qOF+BR2HnOU3prfj3PxRfLPtZAgMBAAGjTzBNMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHAYDVR0RBBUwE4IRc3AuZGV2LmluZXJhLnRlc3QwDQYJKoZIhvcNAQENBQADggIBAJ/Wy5UaJoHsgxN1eU79edA2WJOA806e6kkshnR7hkeIuRRCTx1bII0AibHawh6zqXd7H22k0zZMQQkv2fakX2ENH9JN6pKG87j2pI33sxHNAP24rB+hNRF7/LkJmWAXnkU6hogpHezcRzHf7Rr67OYk/WgCyg3qYbGVP3feEufOd/LfzdpPSX3MCBGhIhFKn2c1jxo9PkC4bWrXo+HBkLRA3pZWwx8YrEx0kGlWrsS/6L3YZP9NWHCV98wr6NEW1e4Qktwk9n/KtjD5cCyz8Y8KSffThlEQeFegKX+0QOiGZZK87wmw0fNktm3rk7hMn7ddMvPdK1r/inapKMg4ndhguywmLdX7XZofcdW+A6/x3ngkqUPxnLycmObEyO717bb0LrZX04u1JHGoULUpRNYA+Yq4QrmNrXdO8SSvuD+zEhed35BjXAE9MzSgPJ7rt6Jpp4L75HmTfedgUhSIaEBHglqs14B5m1EFwgm43T81vaVLSeEMyZirEIp57ZbZ7CD9ekJXJlZBHHSZszVGSpIXVSgQCd4HtLCCObWMFY2D+/s0yQAbAQ/mUs38UoE27cdFfYbCCqjSEwaXxaa8XhkFSJHaSEYyHJXf3hZL+tMvl39Dwd9Zjpl/RwS4w0K4o9AooK37u7aug66WZPXQS3p2ezJaH3vzKEBjKoUn5eof
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
<!-- Certifikat som används för kryptering -->
MIIEczCCAlugAwIBAgIBEjANBgkqhkiG9w0BAQ0FADBMMSIwIAYDVQQKDBlTSVRIUyBlSUQgUG9ydGFsIFRlc3QgT3JnMSYwJAYDVQQDDB1TSVRIUyBlSUQgUG9ydGFsIFRlc3QgUm9vdCBDQTAeFw0yNTAxMTUxNDU2NDhaFw0zMDAxMTQxNDU2NDhaMF0xIjAgBgNVBAoMGVNJVEhTIGVJRCBQb3J0YWwgVGVzdCBPcmcxGjAYBgNVBAMMEXNwLmRldi5pbmVyYS50ZXN0MRswGQYDVQQFExJTRVBPUlRBTDE3MzY5NTI4ODEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6MkGbJuCWoNauY3pnjvjWircBzfYlRUwLNLyp0xfA6d6gM7DpSHYa9G/mqMN3Mwu3q9QsQGVmcyaU8BWC78mOnjyf2ziRBSXfXgQDD5KV11cbv1q6ThnMUGgLy795RzFMjXMGKqkqnKC9rWaaSLrWgcmDiEIHsKjNL4Vhqr2T+1bjWFraclfLwptCSkgqUrGzEewEM9XbSxmKHDAmMWNvSiB7AxnyIxD+YIScGCe5sKICTP6o32CybnAIoV6S7IFXu67i+7ym4ziAey7uDtyj3YaiX2JxVOTIHQOaMyzZ/RBqbyzNGqz0zKvCfe+qOF+BR2HnOU3prfj3PxRfLPtZAgMBAAGjTzBNMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHAYDVR0RBBUwE4IRc3AuZGV2LmluZXJhLnRlc3QwDQYJKoZIhvcNAQENBQADggIBAJ/Wy5UaJoHsgxN1eU79edA2WJOA806e6kkshnR7hkeIuRRCTx1bII0AibHawh6zqXd7H22k0zZMQQkv2fakX2ENH9JN6pKG87j2pI33sxHNAP24rB+hNRF7/LkJmWAXnkU6hogpHezcRzHf7Rr67OYk/WgCyg3qYbGVP3feEufOd/LfzdpPSX3MCBGhIhFKn2c1jxo9PkC4bWrXo+HBkLRA3pZWwx8YrEx0kGlWrsS/6L3YZP9NWHCV98wr6NEW1e4Qktwk9n/KtjD5cCyz8Y8KSffThlEQeFegKX+0QOiGZZK87wmw0fNktm3rk7hMn7ddMvPdK1r/inapKMg4ndhguywmLdX7XZofcdW+A6/x3ngkqUPxnLycmObEyO717bb0LrZX04u1JHGoULUpRNYA+Yq4QrmNrXdO8SSvuD+zEhed35BjXAE9MzSgPJ7rt6Jpp4L75HmTfedgUhSIaEBHglqs14B5m1EFwgm43T81vaVLSeEMyZirEIp57ZbZ7CD9ekJXJlZBHHSZszVGSpIXVSgQCd4HtLCCObWMFY2D+/s0yQAbAQ/mUs38UoE27cdFfYbCCqjSEwaXxaa8XhkFSJHaSEYyHJXf3hZL+tMvl39Dwd9Zjpl/RwS4w0K4o9AooK37u7aug66WZPXQS3p2ezJaH3vzKEBjKoUn5eof
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
<!-- Url som man skickas tillbaks till efter lyckad eller misslyckad autentisering -->
Location="https://sp.dev.inera.test:8883/saml/post/response" index="1"
isDefault="true"/>
<!-- Vilka attribut som begärs vid autentisering -->
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="sv" xmlns:xml="http://www.w3.org/XML/1998/namespace">Säk Test SP</md:ServiceName>
<md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="personalIdentityNumber" Name="urn:oid:1.2.752.29.4.13"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="telephoneNumber" Name="urn:oid:2.5.4.20"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="mobile" Name="urn:oid:0.9.2342.19200300.100.1.41"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="employeeHsaId" Name="urn:oid:1.2.752.29.6.2.1"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="o" Name="urn:oid:2.5.4.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="organizationIdentifier" Name="urn:oid:2.5.4.97"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="orgAffiliation" Name="urn:oid:1.2.752.201.3.1"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="transactionIdentifier" Name="urn:oid:1.2.752.201.3.2"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="healthcareProfessionalLicenseIdentityNumber"
Name="https://id.ena-infrastructure.se/attributes/health/healthcareProfessionalLicenseIdentityNumber"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="personalPrescriptionCode"
Name="https://id.ena-infrastructure.se/attributes/health/personalPrescriptionCode"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="healthcareProfessionalLicense"
Name="https://id.ena-infrastructure.se/attributes/health/healthcareProfessionalLicense"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="occupationalCode"
Name="https://id.ena-infrastructure.se/attributes/health/occupationalCode"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="groupPrescriptionCode"
Name="https://id.ena-infrastructure.se/attributes/health/groupPrescriptionCode"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="pharmacyIdentifier"
Name="https://id.ena-infrastructure.se/attributes/health/pharmacyIdentifier"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="healthcareProviderId"
Name="https://id.ena-infrastructure.se/attributes/health/healthcareProviderId"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="healthCareProviderHsaId"
Name="https://id.ena-infrastructure.se/attributes/health/healtCareProviderHsaId"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="healthCareProviderName"
Name="https://id.ena-infrastructure.se/attributes/health/healthCareProviderName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="healthCareUnitName"
Name="https://id.ena-infrastructure.se/attributes/health/healthCareUnitName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="healthCareUnitHsaId"
Name="https://id.ena-infrastructure.se/attributes/health/healthCareUnitHsaId"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="paTitleCode"
Name="https://id.ena-infrastructure.se/attributes/health/paTitleCode"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="commissionHsaId"
Name="https://id.ena-infrastructure.se/attributes/health/commissionHsaId"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="commissionName"
Name="https://id.ena-infrastructure.se/attributes/health/commissionName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="commissionPurpose"
Name="https://id.ena-infrastructure.se/attributes/health/commissionName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="commissionRight"
Name="https://id.ena-infrastructure.se/attributes/health/commissionRight"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="systemRole"
Name="https://id.ena-infrastructure.se/attributes/health/systemRole"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="healthCareProfessionalLicenceSpeciality"
Name="https://id.ena-infrastructure.se/attributes/health/healthCareProfessionalLicenceSpeciality"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<md:RequestedAttribute FriendlyName="authnMethod" Name="https://idp.inera.se/attributes/authnMethod"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="identityProviderForSign"
Name="https://idp.inera.se/attributes/identityProviderForSign"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="authenticationMethod"
Name="https://idp.inera.se/attributes/authenticationMethod"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="allCommissions" Name="https://idp.inera.se/attributes/allCommissions"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
<md:RequestedAttribute FriendlyName="allEmployeeHsaIds" Name="https://idp.inera.se/attributes/allEmployeeHsaIds"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
</md:RequestedAttribute>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<!-- Organisations information, skallkrav -->
<md:Organization>
<md:OrganizationName xml:lang="sv" xmlns:xml="http://www.w3.org/XML/1998/namespace">SAML SP</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="sv" xmlns:xml="http://www.w3.org/XML/1998/namespace">SAML SP
</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="sv" xmlns:xml="http://www.w3.org/XML/1998/namespace">
https://sp.dev.inera.test:8883/sp/saml
</md:OrganizationURL>
</md:Organization>
<!-- Kontakt information, skallkrav -->
<md:ContactPerson contactType="support" xml:lang="sv" xmlns:xml="http://www.w3.org/XML/1998/namespace">
<md:Company>ITU</md:Company>
<md:GivenName>Tolvan</md:GivenName>
<md:SurName>Tolvansson</md:SurName>
<md:EmailAddress>anders.andersson@example.com</md:EmailAddress>
<md:TelephoneNumber>0701234567</md:TelephoneNumber>
</md:ContactPerson>
<md:ContactPerson contactType="technical" xml:lang="sv" xmlns:xml="http://www.w3.org/XML/1998/namespace">
<md:Company>ITU</md:Company>
<md:GivenName>Tolvan</md:GivenName>
<md:SurName>Tolvansson</md:SurName>
<md:EmailAddress>Tolvan.Tolvansson@example.com</md:EmailAddress>
<md:TelephoneNumber>0701234567</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>Validera metadata
Validera metadata här https://klientadministration-idp.qa.siths.se/saml-validator
Registrera klient
För att kunna ansluta behöver din klient finnas registrerad i IdP:n. Detta gör du i självbetjäningsgränssnittet för respektive miljö.
Test | QA | Prod |
|---|
Test | QA | Prod |
|---|---|---|
För att få tillgång till självbetjäningen behöver man blivit tillagd som kund och ha angett en eller flera personer i förstudien som ska få administrera er anslutning.
Anslutning
När klienten är registrerad så är vi redo att göra anrop mot IdP:n. Anslutningsinformation är definerat i IdP:ns metadata.
Test | QA | Prod |
|---|
Test | QA | Prod |
|---|---|---|
IdP:ns metadata innehåller den information som behövs för en teknisk anslutning. Som t ex Url för autentiseringsbegäran, loa nivåer och supportade attribut.
För Java finns en referensimplementation publicerad här https://bitbucket.org/ineraservices/sp-reference-implementation/src/Main/ och ett hjälpbibliotek publicerat här https://bitbucket.org/ineraservices/sp-support-libb/src/Main/
Alternativt använder man något annat 3:e part bibliotek.
, multiple selections available,
Publik Information