# Example Messages
# SAML AuthnRequest
# eHerkenning 1.13 request via artifact binding
<S11:Envelope xmlns:S11="http://schemas.xmlsoap.org/soap/envelope/">
<S11:Body>
<samlp:ArtifactResponse xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="xxx" InResponseTo="xxx" IssueInstant="2020-05-28T12:40:32Z" Version="2.0">
<Issuer>urn:etoegang:DV:xxx:entities:0098</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#xxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<samlp:AuthnRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="xxx" AttributeConsumingServiceIndex="1" Destination="https://eh01.signicat.nl/broker/sso/1.13" ForceAuthn="true" ID="xxx" IsPassive="false" IssueInstant="2020-05-28T12:40:32Z" ProviderName="Kadaster" Version="2.0">
<saml:Issuer>urn:etoegang:DV:xxx:entities:0098</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_xxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<samlp:RequestedAuthnContext Comparison="minimum">
<saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa3</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
</samlp:ArtifactResponse>
</S11:Body>
</S11:Envelope>
# eHerkenning 1.11 (eIDAS) post binding example
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ForceAuthn="True"
AssertionConsumerServiceURL="https://forms.xxxxx.nl/acs"
AttributeConsumingServiceIndex="3"
Destination="https://eh01.staging.signicat.nl/broker/sso/1.11"
ID="_xxxxxxxxxxxxxxxxxxxxx"
IssueInstant="2020-05-29T06:59:51.9038041Z"
Version="2.0">
<saml:Issuer>urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx</saml:Issuer>
<samlp:RequestedAuthnContext Comparison="minimum">
<saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa2</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">xxxxx</Signature>
</samlp:AuthnRequest>
# SAML response
# eHerkenning 1.13
<samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxx" InResponseTo="xxx" IssueInstant="2020-05-28T12:42:04Z" Version="2.0">
<Issuer>urn:etoegang:HM:00000003244440010000:entities:1135</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#xxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<samlp:Response xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="xxx" ID="xxx" InResponseTo="xxx" IssueInstant="2020-05-28T12:42:03Z" Version="2.0">
<saml:Issuer>urn:etoegang:HM:00000003244440010000:entities:1135</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#xxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os" ID="xxx" IssueInstant="2020-05-28T12:42:03Z" Version="2.0">
<saml:Issuer>urn:etoegang:HM:00000003244440010000:entities:1135</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#xxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="urn:etoegang:MR:00000003341423870000:entities:0113">xxx</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="xxx" NotOnOrAfter="2020-05-28T12:47:03Z" Recipient="xxx">
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-05-28T12:42:03Z" NotOnOrAfter="2020-05-28T12:47:03Z">
<saml:AudienceRestriction>
<saml:Audience>urn:etoegang:DV:xxx:entities:0098</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:Advice>
<saml:Assertion ID="xxx" IssueInstant="2020-05-28T12:42:02Z" Version="2.0">
<saml:Issuer>urn:etoegang:AD:00000003341423870000:entities:0113</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#xxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">xxx</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="xxx" NotOnOrAfter="2020-05-28T12:52:02Z" Recipient="https://eh01.signicat.nl/broker/acs/1.13"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-05-28T12:32:02Z" NotOnOrAfter="2020-05-28T12:52:02Z">
<saml:AudienceRestriction>
<saml:Audience>urn:etoegang:HM:00000003244440010000:entities:1135</saml:Audience>
<saml:Audience>urn:etoegang:DV:xxx:entities:0098</saml:Audience>
<saml:Audience>urn:etoegang:MR:00000003341423870000:entities:0113</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2020-05-28T12:42:01Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa3</saml:AuthnContextClassRef>
<saml:AuthenticatingAuthority>00000003341423870000</saml:AuthenticatingAuthority>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="urn:etoegang:core:Representation">
<saml:AttributeValue xsi:type="xs:boolean">true</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ServiceUUID">
<saml:AttributeValue xsi:type="xs:string">xxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:AuthorizationRegistryID">
<saml:AttributeValue xsi:type="xs:string">urn:etoegang:MR:00000003341423870000:entities:0113</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ActingSubjectID">
<saml:AttributeValue>
<saml:EncryptedID>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#xxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Recipient="urn:etoegang:MR:00000003341423870000:entities:0113">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#xxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedID>
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxx" IssueInstant="2020-05-28T12:42:03Z" Version="2.0">
<saml2:Issuer>urn:etoegang:MR:00000003341423870000:entities:0113</saml2:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#xxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxx</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="urn:etoegang:MR:00000003341423870000:entities:0113">xxx</saml2:NameID>
</saml2:Subject>
<saml2:Conditions NotBefore="2020-05-28T12:42:03Z" NotOnOrAfter="2020-05-28T12:44:03Z"/>
<saml2:Advice>
<saml2:AssertionIDRef>xxx</saml2:AssertionIDRef>
</saml2:Advice>
<saml2:Statement xsi:type="xacml-saml:XACMLAuthzDecisionStatementType">
<xacml-context:Response xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os">
<xacml-context:Result>
<xacml-context:Decision>Permit</xacml-context:Decision>
<xacml-context:Status>
<xacml-context:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</xacml-context:Status>
</xacml-context:Result>
</xacml-context:Response>
<xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os">
<xacml-context:Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<xacml-context:Attribute AttributeId="urn:etoegang:core:ActingEntityID" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
<xacml-context:AttributeValue>xxx</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:etoegang:core:ActingSubjectID" DataType="urn:oasis:names:tc:SAML:2.0:assertion#EncryptedID" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
<xacml-context:AttributeValue>
<saml2:EncryptedID>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#xxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#xxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml2:EncryptedID>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:etoegang:core:LinkedDeclarationSignatureValue" DataType="http://www.w3.org/2001/XMLSchema#base64Binary" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
<xacml-context:AttributeValue>xxx</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:etoegang:core:LegalSubjectID" DataType="urn:oasis:names:tc:SAML:2.0:assertion#EncryptedID" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
<xacml-context:AttributeValue>
<saml2:EncryptedID>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#xxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_xxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml2:EncryptedID>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Subject>
<xacml-context:Resource>
<xacml-context:ResourceContent>
<saml2:EncryptedAttribute>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="encrypted_urn_etoegang_1.11_attribute-represented_CompanyName" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#xxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#encrypted_urn_etoegang_1.11_attribute-represented_CompanyName"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml2:EncryptedAttribute>
</xacml-context:ResourceContent>
<xacml-context:Attribute AttributeId="urn:etoegang:core:LevelOfAssurance" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:HM:00000003244440010000:entities:1135">
<xacml-context:AttributeValue>urn:etoegang:core:assurance-class:loa3</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:etoegang:core:ServiceID" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:HM:00000003244440010000:entities:1135">
<xacml-context:AttributeValue>urn:etoegang:DV:xxx:services:0001</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:etoegang:core:ServiceUUID" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:HM:00000003244440010000:entities:1135">
<xacml-context:AttributeValue>xxx</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:etoegang:1.9:EntityConcernedID:KvKnr" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
<xacml-context:AttributeValue>xxx</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:etoegang:core:LevelOfAssuranceUsed" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
<xacml-context:AttributeValue>urn:etoegang:core:assurance-class:loa3</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Resource>
<xacml-context:Action>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
<xacml-context:AttributeValue>Authenticate</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Action>
<xacml-context:Environment/>
</xacml-context:Request>
</saml2:Statement>
</saml2:Assertion>
</saml:Advice>
<saml:AuthnStatement AuthnInstant="2020-05-28T12:42:03Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa3</saml:AuthnContextClassRef>
<saml:AuthenticatingAuthority>urn:etoegang:AD:00000003341423870000:entities:0113</saml:AuthenticatingAuthority>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="urn:etoegang:core:ServiceUUID">
<saml:AttributeValue xsi:type="xs:string">xxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ActingSubjectID">
<saml:AttributeValue>
<saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptedData Id="_xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="xxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_xxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedID>
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:LegalSubjectID">
<saml:AttributeValue>
<saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptedData Id="_xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_xxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="_xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_xxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedID>
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ServiceID">
<saml:AttributeValue xsi:type="xs:string">urn:etoegang:DV:xxx:services:0001</saml:AttributeValue>
</saml:Attribute>
<saml:EncryptedAttribute xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptedData Id="_xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_xxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="_xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_xxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedAttribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
</samlp:ArtifactResponse>
# eHerkenning 1.11 (eIDAS)
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Destination="https://forms.toverijs7.nl/acs"
ID="_xxxxxxxxxxxxxxxxxxxxx"
InResponseTo="_xxxxxxxxxxxxxxxxxxxxx"
IssueInstant="2020-05-29T07:00:13Z"
Version="2.0">
<saml:Issuer>urn:etoegang:HM:0000000xxxxxxxxx000:entities:xxxx</saml:Issuer>
<ds:Signature>xxxx</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion
ID="_xxxxxxxxxxxxxxxxxxxxx"
IssueInstant="2020-05-29T07:00:13Z"
Version="2.0">
<saml:Issuer>urn:etoegang:HM:0000000xxxxxxxxx000:entities:xxxx</saml:Issuer>
<ds:Signature>xxxx</ds:Signature>
<saml:Subject>
<saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptedData Id="_xxxxxxxxxxxxxxxxxxxxx"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
URI="#_xxxxxxxxxxxxxxxxxxxxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="_xxxxxxxxxxxxxxxxxxxxx"
Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="_xxxxxxxxxxxxxxxxxxxxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="_xxxxxxxxxxxxxxxxxxxxx"
NotOnOrAfter="2020-05-29T07:05:13Z"
Recipient="https://forms.xxxxxx.nl/acs"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-05-29T07:00:13Z"
NotOnOrAfter="2020-05-29T07:05:13Z">
<saml:AudienceRestriction>
<saml:Audience>urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:Advice>
<saml:Assertion ID="sxxxxxxxxxxxxxxxxxxxxx"
IssueInstant="2020-05-29T07:00:12Z"
Version="2.0">
<saml:Issuer>urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="_xxxxxxxxxxxxxxxxxxxxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxxx=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxxx</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">xxxx</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="_xxxxxxxxxxxxxxxxxxxxx"
NotOnOrAfter="2020-05-29T07:10:12Z"
Recipient="https://eh01.staging.signicat.nl/broker/acs/1.13"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-05-29T06:50:12Z"
NotOnOrAfter="2020-05-29T07:10:12Z">
<saml:AudienceRestriction>
<saml:Audience>urn:etoegang:HM:0000000xxxxxxxxx000:entities:xxxx</saml:Audience>
<saml:Audience>urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2020-05-29T07:00:07Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa2</saml:AuthnContextClassRef>
<saml:AuthenticatingAuthority>xxxx</saml:AuthenticatingAuthority>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="urn:etoegang:core:Representation">
<saml:AttributeValue xsi:type="xs:boolean">false</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ServiceUUID">
<saml:AttributeValue xsi:type="xs:string">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ActingSubjectID">
<saml:AttributeValue>
<saml:EncryptedID>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="_xxxxxxxxxxxxxxxxxxxxx"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
URI="_xxxxxxxxxxxxxxxxxxxxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="_xxxxxxxxxxxxxxxxxxxxx"
Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="_xxxxxxxxxxxxxxxxxxxxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedID>
</saml:AttributeValue>
</saml:Attribute>
<saml:EncryptedAttribute>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="encrypted_urn_etoegang_1.9_attribute_DateOfBirth"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
URI="_xxxxxxxxxxxxxxxxxxxxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="_xxxxxxxxxxxxxxxxxxxxx"
Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#encrypted_urn_etoegang_1.9_attribute_DateOfBirth"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedAttribute>
<saml:EncryptedAttribute>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="encrypted_urn_etoegang_1.9_attribute_FamilyName"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
URI="_xxxxxxxxxxxxxxxxxxxxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="_xxxxxxxxxxxxxxxxxxxxx"
Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx"
>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxxxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#encrypted_urn_etoegang_1.9_attribute_FamilyName"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedAttribute>
<saml:EncryptedAttribute>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="encrypted_urn_etoegang_1.9_attribute_FirstName"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
URI="_xxxxxxxxxxxxxxxxxxxxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="_1c10d90e8b53461cb794fa23b1f72f55"
Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#encrypted_urn_etoegang_1.9_attribute_FirstName"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedAttribute>
</saml:AttributeStatement>
</saml:Assertion>
</saml:Advice>
<saml:AuthnStatement AuthnInstant="2020-05-29T07:00:13Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa2</saml:AuthnContextClassRef>
<saml:AuthenticatingAuthority>urn:etoegang:AD:0000000xxxxxxxxx000:entities:xxxx</saml:AuthenticatingAuthority>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="urn:etoegang:core:ServiceUUID">
<saml:AttributeValue xsi:type="xs:string">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:EncryptedAttribute xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptedData Id="_07151871-ab7d-337d-a4c2-aa6f0c23148d"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
URI="_xxxxxxxxxxxxxxxxxxxxx"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="_xxxxxxxxxxxxxxxxxxxxx"
Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>xxxx</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>xxxx</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="_xxxxxxxxxxxxxxxxxxxxx"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedAttribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
# eHerkenning chain authorisation
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="xxx" ID="xxx" InResponseTo="xxx" IssueInstant="2020-05-20T12:30:40Z" Version="2.0">
<saml:Issuer>xxx</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#xxx">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>xxx</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion
xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os" ID="xxx" IssueInstant="2020-05-20T12:30:40Z" Version="2.0">
<saml:Issuer>xxx</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:etoegang:HM:00000003244440010000:entities:9632">xxx</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="xxx" NotOnOrAfter="2020-05-20T12:35:40Z" Recipient="xxx"></saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-05-20T12:30:40Z" NotOnOrAfter="2020-05-20T12:35:40Z">
<saml:AudienceRestriction>
<saml:Audience>xxx</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2020-05-20T12:30:40Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
<saml:AuthenticatingAuthority>urn:etoegang:HM:00000003244440010000:entities:9632</saml:AuthenticatingAuthority>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="urn:etoegang:core:ServiceID">
<saml:AttributeValue xsi:type="xs:string">urn:etoegang:DV:xxx:services:1990</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ServiceUUID">
<saml:AttributeValue xsi:type="xs:string">xxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:1.9:EntityConcernedID:KvKnr">
<saml:AttributeValue xsi:type="xs:string">11----118</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:1.9:IntermediateEntityID:KvKnr">
<saml:AttributeValue xsi:type="xs:string">271---01</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="urn:etoegang:1.13:EntityConcernedID:Pseudo" Name="urn:etoegang:1.13:EntityConcernedID:Pseudo">
<saml:AttributeValue xsi:type="xs:string">xxx</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>