# Example Messages

# SAML AuthnRequest

# eHerkenning 1.13 request via artifact binding

<S11:Envelope xmlns:S11="http://schemas.xmlsoap.org/soap/envelope/">
    <S11:Body>
        <samlp:ArtifactResponse xmlns="urn:oasis:names:tc:SAML:2.0:assertion" 
            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="xxx" InResponseTo="xxx" IssueInstant="2020-05-28T12:40:32Z" Version="2.0">
            <Issuer>urn:etoegang:DV:xxx:entities:0098</Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#xxx">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>xxx</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>xxx
                </ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:KeyName>xxx</ds:KeyName>
                </ds:KeyInfo>
            </ds:Signature>
            <samlp:Status>
                <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </samlp:Status>
            <samlp:AuthnRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="xxx" AttributeConsumingServiceIndex="1" Destination="https://eh01.signicat.nl/broker/sso/1.13" ForceAuthn="true" ID="xxx" IsPassive="false" IssueInstant="2020-05-28T12:40:32Z" ProviderName="Kadaster" Version="2.0">
                <saml:Issuer>urn:etoegang:DV:xxx:entities:0098</saml:Issuer>
                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <ds:SignedInfo>
                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                        <ds:Reference URI="#_xxx">
                            <ds:Transforms>
                                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                    <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
                                </ds:Transform>
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                            <ds:DigestValue>xxx</ds:DigestValue>
                        </ds:Reference>
                    </ds:SignedInfo>
                    <ds:SignatureValue>xxx
                    </ds:SignatureValue>
                    <ds:KeyInfo>
                        <ds:KeyName>xxx</ds:KeyName>
                    </ds:KeyInfo>
                </ds:Signature>
                <samlp:RequestedAuthnContext Comparison="minimum">
                    <saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa3</saml:AuthnContextClassRef>
                </samlp:RequestedAuthnContext>
            </samlp:AuthnRequest>
        </samlp:ArtifactResponse>
    </S11:Body>
</S11:Envelope>

# eHerkenning 1.11 (eIDAS) post binding example

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    ForceAuthn="True"
                    AssertionConsumerServiceURL="https://forms.xxxxx.nl/acs"
                    AttributeConsumingServiceIndex="3"
                    Destination="https://eh01.staging.signicat.nl/broker/sso/1.11"
                    ID="_xxxxxxxxxxxxxxxxxxxxx"
                    IssueInstant="2020-05-29T06:59:51.9038041Z"
                    Version="2.0">
    <saml:Issuer>urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx</saml:Issuer>
    <samlp:RequestedAuthnContext Comparison="minimum">
        <saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa2</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">xxxxx</Signature>
</samlp:AuthnRequest>

# SAML response

# eHerkenning 1.13

<samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxx" InResponseTo="xxx" IssueInstant="2020-05-28T12:42:04Z" Version="2.0">
    <Issuer>urn:etoegang:HM:00000003244440010000:entities:1135</Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#xxx">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>xxx</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>xxx
        </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:KeyName>xxx</ds:KeyName>
        </ds:KeyInfo>
    </ds:Signature>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <samlp:Response xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
        xmlns:xs="http://www.w3.org/2001/XMLSchema" 
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="xxx" ID="xxx" InResponseTo="xxx" IssueInstant="2020-05-28T12:42:03Z" Version="2.0">
        <saml:Issuer>urn:etoegang:HM:00000003244440010000:entities:1135</saml:Issuer>
        <ds:Signature>
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#xxx">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>xxx</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>xxx
            </ds:SignatureValue>
            <ds:KeyInfo>
                <ds:KeyName>xxx</ds:KeyName>
            </ds:KeyInfo>
        </ds:Signature>
        <samlp:Status>
            <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
        </samlp:Status>
        <saml:Assertion xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os" ID="xxx" IssueInstant="2020-05-28T12:42:03Z" Version="2.0">
            <saml:Issuer>urn:etoegang:HM:00000003244440010000:entities:1135</saml:Issuer>
            <ds:Signature>
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#xxx">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>xxx</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>xxx
                </ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:KeyName>xxx</ds:KeyName>
                </ds:KeyInfo>
            </ds:Signature>
            <saml:Subject>
                <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="urn:etoegang:MR:00000003341423870000:entities:0113">xxx</saml:NameID>
                <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                    <saml:SubjectConfirmationData InResponseTo="xxx" NotOnOrAfter="2020-05-28T12:47:03Z" Recipient="xxx">
                    </saml:SubjectConfirmationData>
                </saml:SubjectConfirmation>
            </saml:Subject>
            <saml:Conditions NotBefore="2020-05-28T12:42:03Z" NotOnOrAfter="2020-05-28T12:47:03Z">
                <saml:AudienceRestriction>
                    <saml:Audience>urn:etoegang:DV:xxx:entities:0098</saml:Audience>
                </saml:AudienceRestriction>
            </saml:Conditions>
            <saml:Advice>
                <saml:Assertion ID="xxx" IssueInstant="2020-05-28T12:42:02Z" Version="2.0">
                    <saml:Issuer>urn:etoegang:AD:00000003341423870000:entities:0113</saml:Issuer>
                    <ds:Signature>
                        <ds:SignedInfo>
                            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                            <ds:Reference URI="#xxx">
                                <ds:Transforms>
                                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                </ds:Transforms>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                <ds:DigestValue>xxx</ds:DigestValue>
                            </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue>xxx
                        </ds:SignatureValue>
                        <ds:KeyInfo>
                            <ds:KeyName>xxx</ds:KeyName>
                        </ds:KeyInfo>
                    </ds:Signature>
                    <saml:Subject>
                        <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">xxx</saml:NameID>
                        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                            <saml:SubjectConfirmationData InResponseTo="xxx" NotOnOrAfter="2020-05-28T12:52:02Z" Recipient="https://eh01.signicat.nl/broker/acs/1.13"/>
                        </saml:SubjectConfirmation>
                    </saml:Subject>
                    <saml:Conditions NotBefore="2020-05-28T12:32:02Z" NotOnOrAfter="2020-05-28T12:52:02Z">
                        <saml:AudienceRestriction>
                            <saml:Audience>urn:etoegang:HM:00000003244440010000:entities:1135</saml:Audience>
                            <saml:Audience>urn:etoegang:DV:xxx:entities:0098</saml:Audience>
                            <saml:Audience>urn:etoegang:MR:00000003341423870000:entities:0113</saml:Audience>
                        </saml:AudienceRestriction>
                    </saml:Conditions>
                    <saml:AuthnStatement AuthnInstant="2020-05-28T12:42:01Z">
                        <saml:AuthnContext>
                            <saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa3</saml:AuthnContextClassRef>
                            <saml:AuthenticatingAuthority>00000003341423870000</saml:AuthenticatingAuthority>
                        </saml:AuthnContext>
                    </saml:AuthnStatement>
                    <saml:AttributeStatement>
                        <saml:Attribute Name="urn:etoegang:core:Representation">
                            <saml:AttributeValue xsi:type="xs:boolean">true</saml:AttributeValue>
                        </saml:Attribute>
                        <saml:Attribute Name="urn:etoegang:core:ServiceUUID">
                            <saml:AttributeValue xsi:type="xs:string">xxx</saml:AttributeValue>
                        </saml:Attribute>
                        <saml:Attribute Name="urn:etoegang:core:AuthorizationRegistryID">
                            <saml:AttributeValue xsi:type="xs:string">urn:etoegang:MR:00000003341423870000:entities:0113</saml:AttributeValue>
                        </saml:Attribute>
                        <saml:Attribute Name="urn:etoegang:core:ActingSubjectID">
                            <saml:AttributeValue>
                                <saml:EncryptedID>
                                    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
                                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                                        <ds:KeyInfo>
                                            <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#xxx"/>
                                        </ds:KeyInfo>
                                        <xenc:CipherData>
                                            <xenc:CipherValue>xxx=</xenc:CipherValue>
                                        </xenc:CipherData>
                                    </xenc:EncryptedData>
                                    <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Recipient="urn:etoegang:MR:00000003341423870000:entities:0113">
                                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                        </xenc:EncryptionMethod>
                                        <ds:KeyInfo>
                                            <ds:KeyName>xxx</ds:KeyName>
                                        </ds:KeyInfo>
                                        <xenc:CipherData>
                                            <xenc:CipherValue>xxx</xenc:CipherValue>
                                        </xenc:CipherData>
                                        <xenc:ReferenceList>
                                            <xenc:DataReference URI="#xxx"/>
                                        </xenc:ReferenceList>
                                    </xenc:EncryptedKey>
                                </saml:EncryptedID>
                            </saml:AttributeValue>
                        </saml:Attribute>
                    </saml:AttributeStatement>
                </saml:Assertion>
                <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxx" IssueInstant="2020-05-28T12:42:03Z" Version="2.0">
                    <saml2:Issuer>urn:etoegang:MR:00000003341423870000:entities:0113</saml2:Issuer>
                    <ds:Signature>
                        <ds:SignedInfo>
                            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                            <ds:Reference URI="#xxx">
                                <ds:Transforms>
                                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
                                    </ds:Transform>
                                </ds:Transforms>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                <ds:DigestValue>xxx</ds:DigestValue>
                            </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue>xxx</ds:SignatureValue>
                        <ds:KeyInfo>
                            <ds:KeyName>xxx</ds:KeyName>
                        </ds:KeyInfo>
                    </ds:Signature>
                    <saml2:Subject>
                        <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="urn:etoegang:MR:00000003341423870000:entities:0113">xxx</saml2:NameID>
                    </saml2:Subject>
                    <saml2:Conditions NotBefore="2020-05-28T12:42:03Z" NotOnOrAfter="2020-05-28T12:44:03Z"/>
                    <saml2:Advice>
                        <saml2:AssertionIDRef>xxx</saml2:AssertionIDRef>
                    </saml2:Advice>
                    <saml2:Statement xsi:type="xacml-saml:XACMLAuthzDecisionStatementType">
                        <xacml-context:Response xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os">
                            <xacml-context:Result>
                                <xacml-context:Decision>Permit</xacml-context:Decision>
                                <xacml-context:Status>
                                    <xacml-context:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
                                </xacml-context:Status>
                            </xacml-context:Result>
                        </xacml-context:Response>
                        <xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os">
                            <xacml-context:Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
                                <xacml-context:Attribute AttributeId="urn:etoegang:core:ActingEntityID" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
                                    <xacml-context:AttributeValue>xxx</xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                                <xacml-context:Attribute AttributeId="urn:etoegang:core:ActingSubjectID" DataType="urn:oasis:names:tc:SAML:2.0:assertion#EncryptedID" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
                                    <xacml-context:AttributeValue>
                                        <saml2:EncryptedID>
                                            <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
                                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                                                <ds:KeyInfo>
                                                    <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#xxx"/>
                                                </ds:KeyInfo>
                                                <xenc:CipherData>
                                                    <xenc:CipherValue>xxx</xenc:CipherValue>
                                                </xenc:CipherData>
                                            </xenc:EncryptedData>
                                            <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
                                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                                </xenc:EncryptionMethod>
                                                <ds:KeyInfo>
                                                    <ds:KeyName>xxx</ds:KeyName>
                                                </ds:KeyInfo>
                                                <xenc:CipherData>
                                                    <xenc:CipherValue>xxx</xenc:CipherValue>
                                                </xenc:CipherData>
                                                <xenc:ReferenceList>
                                                    <xenc:DataReference URI="#xxx"/>
                                                </xenc:ReferenceList>
                                            </xenc:EncryptedKey>
                                        </saml2:EncryptedID>
                                    </xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                                <xacml-context:Attribute AttributeId="urn:etoegang:core:LinkedDeclarationSignatureValue" DataType="http://www.w3.org/2001/XMLSchema#base64Binary" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
                                    <xacml-context:AttributeValue>xxx</xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                                <xacml-context:Attribute AttributeId="urn:etoegang:core:LegalSubjectID" DataType="urn:oasis:names:tc:SAML:2.0:assertion#EncryptedID" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
                                    <xacml-context:AttributeValue>
                                        <saml2:EncryptedID>
                                            <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
                                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                                                <ds:KeyInfo>
                                                    <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#xxx"/>
                                                </ds:KeyInfo>
                                                <xenc:CipherData>
                                                    <xenc:CipherValue>xxx</xenc:CipherValue>
                                                </xenc:CipherData>
                                            </xenc:EncryptedData>
                                            <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
                                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                                </xenc:EncryptionMethod>
                                                <ds:KeyInfo>
                                                    <ds:KeyName>xxx</ds:KeyName>
                                                </ds:KeyInfo>
                                                <xenc:CipherData>
                                                    <xenc:CipherValue>xxx</xenc:CipherValue>
                                                </xenc:CipherData>
                                                <xenc:ReferenceList>
                                                    <xenc:DataReference URI="#_xxx"/>
                                                </xenc:ReferenceList>
                                            </xenc:EncryptedKey>
                                        </saml2:EncryptedID>
                                    </xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                            </xacml-context:Subject>
                            <xacml-context:Resource>
                                <xacml-context:ResourceContent>
                                    <saml2:EncryptedAttribute>
                                        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="encrypted_urn_etoegang_1.11_attribute-represented_CompanyName" Type="http://www.w3.org/2001/04/xmlenc#Element">
                                            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                                            <ds:KeyInfo>
                                                <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#xxx"/>
                                            </ds:KeyInfo>
                                            <xenc:CipherData>
                                                <xenc:CipherValue>xxx</xenc:CipherValue>
                                            </xenc:CipherData>
                                        </xenc:EncryptedData>
                                        <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
                                            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                            </xenc:EncryptionMethod>
                                            <ds:KeyInfo>
                                                <ds:KeyName>xxx</ds:KeyName>
                                            </ds:KeyInfo>
                                            <xenc:CipherData>
                                                <xenc:CipherValue>xxx</xenc:CipherValue>
                                            </xenc:CipherData>
                                            <xenc:ReferenceList>
                                                <xenc:DataReference URI="#encrypted_urn_etoegang_1.11_attribute-represented_CompanyName"/>
                                            </xenc:ReferenceList>
                                        </xenc:EncryptedKey>
                                    </saml2:EncryptedAttribute>
                                </xacml-context:ResourceContent>
                                <xacml-context:Attribute AttributeId="urn:etoegang:core:LevelOfAssurance" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:HM:00000003244440010000:entities:1135">
                                    <xacml-context:AttributeValue>urn:etoegang:core:assurance-class:loa3</xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                                <xacml-context:Attribute AttributeId="urn:etoegang:core:ServiceID" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:HM:00000003244440010000:entities:1135">
                                    <xacml-context:AttributeValue>urn:etoegang:DV:xxx:services:0001</xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                                <xacml-context:Attribute AttributeId="urn:etoegang:core:ServiceUUID" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:HM:00000003244440010000:entities:1135">
                                    <xacml-context:AttributeValue>xxx</xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                                <xacml-context:Attribute AttributeId="urn:etoegang:1.9:EntityConcernedID:KvKnr" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
                                    <xacml-context:AttributeValue>xxx</xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                                <xacml-context:Attribute AttributeId="urn:etoegang:core:LevelOfAssuranceUsed" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="urn:etoegang:MR:00000003341423870000:entities:0113">
                                    <xacml-context:AttributeValue>urn:etoegang:core:assurance-class:loa3</xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                            </xacml-context:Resource>
                            <xacml-context:Action>
                                <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                                    <xacml-context:AttributeValue>Authenticate</xacml-context:AttributeValue>
                                </xacml-context:Attribute>
                            </xacml-context:Action>
                            <xacml-context:Environment/>
                        </xacml-context:Request>
                    </saml2:Statement>
                </saml2:Assertion>
            </saml:Advice>
            <saml:AuthnStatement AuthnInstant="2020-05-28T12:42:03Z">
                <saml:AuthnContext>
                    <saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa3</saml:AuthnContextClassRef>
                    <saml:AuthenticatingAuthority>urn:etoegang:AD:00000003341423870000:entities:0113</saml:AuthenticatingAuthority>
                </saml:AuthnContext>
            </saml:AuthnStatement>
            <saml:AttributeStatement>
                <saml:Attribute Name="urn:etoegang:core:ServiceUUID">
                    <saml:AttributeValue xsi:type="xs:string">xxx</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute Name="urn:etoegang:core:ActingSubjectID">
                    <saml:AttributeValue>
                        <saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptedData Id="_xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                                <ds:KeyInfo>
                                    <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="xxx"/>
                                </ds:KeyInfo>
                                <xenc:CipherData>
                                    <xenc:CipherValue>xxx</xenc:CipherValue>
                                </xenc:CipherData>
                            </xenc:EncryptedData>
                            <xenc:EncryptedKey Id="xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                </xenc:EncryptionMethod>
                                <ds:KeyInfo>
                                    <ds:KeyName>xxx</ds:KeyName>
                                </ds:KeyInfo>
                                <xenc:CipherData>
                                    <xenc:CipherValue>xxx</xenc:CipherValue>
                                </xenc:CipherData>
                                <xenc:ReferenceList>
                                    <xenc:DataReference URI="#_xxx"/>
                                </xenc:ReferenceList>
                            </xenc:EncryptedKey>
                        </saml:EncryptedID>
                    </saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute Name="urn:etoegang:core:LegalSubjectID">
                    <saml:AttributeValue>
                        <saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptedData Id="_xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                                <ds:KeyInfo>
                                    <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_xxx"/>
                                </ds:KeyInfo>
                                <xenc:CipherData>
                                    <xenc:CipherValue>xxx</xenc:CipherValue>
                                </xenc:CipherData>
                            </xenc:EncryptedData>
                            <xenc:EncryptedKey Id="_xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                </xenc:EncryptionMethod>
                                <ds:KeyInfo>
                                    <ds:KeyName>xxx</ds:KeyName>
                                </ds:KeyInfo>
                                <xenc:CipherData>
                                    <xenc:CipherValue>xxx</xenc:CipherValue>
                                </xenc:CipherData>
                                <xenc:ReferenceList>
                                    <xenc:DataReference URI="#_xxx"/>
                                </xenc:ReferenceList>
                            </xenc:EncryptedKey>
                        </saml:EncryptedID>
                    </saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute Name="urn:etoegang:core:ServiceID">
                    <saml:AttributeValue xsi:type="xs:string">urn:etoegang:DV:xxx:services:0001</saml:AttributeValue>
                </saml:Attribute>
                <saml:EncryptedAttribute xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptedData Id="_xxx" Type="http://www.w3.org/2001/04/xmlenc#Element">
                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                        <ds:KeyInfo>
                            <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_xxx"/>
                        </ds:KeyInfo>
                        <xenc:CipherData>
                            <xenc:CipherValue>xxx</xenc:CipherValue>
                        </xenc:CipherData>
                    </xenc:EncryptedData>
                    <xenc:EncryptedKey Id="_xxx" Recipient="urn:etoegang:DV:xxx:entities:0098">
                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        </xenc:EncryptionMethod>
                        <ds:KeyInfo>
                            <ds:KeyName>xxx</ds:KeyName>
                        </ds:KeyInfo>
                        <xenc:CipherData>
                            <xenc:CipherValue>xxx</xenc:CipherValue>
                        </xenc:CipherData>
                        <xenc:ReferenceList>
                            <xenc:DataReference URI="#_xxx"/>
                        </xenc:ReferenceList>
                    </xenc:EncryptedKey>
                </saml:EncryptedAttribute>
            </saml:AttributeStatement>
        </saml:Assertion>
    </samlp:Response>
</samlp:ArtifactResponse>

# eHerkenning 1.11 (eIDAS)

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:xs="http://www.w3.org/2001/XMLSchema"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                Destination="https://forms.toverijs7.nl/acs"
                ID="_xxxxxxxxxxxxxxxxxxxxx"
                InResponseTo="_xxxxxxxxxxxxxxxxxxxxx"
                IssueInstant="2020-05-29T07:00:13Z"
                Version="2.0">
    <saml:Issuer>urn:etoegang:HM:0000000xxxxxxxxx000:entities:xxxx</saml:Issuer>
    <ds:Signature>xxxx</ds:Signature>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion
            ID="_xxxxxxxxxxxxxxxxxxxxx"
            IssueInstant="2020-05-29T07:00:13Z"
            Version="2.0">
        <saml:Issuer>urn:etoegang:HM:0000000xxxxxxxxx000:entities:xxxx</saml:Issuer>
        <ds:Signature>xxxx</ds:Signature>
        <saml:Subject>
            <saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptedData Id="_xxxxxxxxxxxxxxxxxxxxx"
                                    Type="http://www.w3.org/2001/04/xmlenc#Element">
                    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                    <ds:KeyInfo>
                        <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
                                            URI="#_xxxxxxxxxxxxxxxxxxxxx"/>
                    </ds:KeyInfo>
                    <xenc:CipherData>
                        <xenc:CipherValue>xxxx</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
                <xenc:EncryptedKey Id="_xxxxxxxxxxxxxxxxxxxxx"
                                   Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
                    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:KeyName>xxxx</ds:KeyName>
                    </ds:KeyInfo>
                    <xenc:CipherData>
                        <xenc:CipherValue>xxxx</xenc:CipherValue>
                    </xenc:CipherData>
                    <xenc:ReferenceList>
                        <xenc:DataReference URI="_xxxxxxxxxxxxxxxxxxxxx"/>
                    </xenc:ReferenceList>
                </xenc:EncryptedKey>
            </saml:EncryptedID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData InResponseTo="_xxxxxxxxxxxxxxxxxxxxx"
                                              NotOnOrAfter="2020-05-29T07:05:13Z"
                                              Recipient="https://forms.xxxxxx.nl/acs"/>
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions NotBefore="2020-05-29T07:00:13Z"
                         NotOnOrAfter="2020-05-29T07:05:13Z">
            <saml:AudienceRestriction>
                <saml:Audience>urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:Advice>
            <saml:Assertion ID="sxxxxxxxxxxxxxxxxxxxxx"
                            IssueInstant="2020-05-29T07:00:12Z"
                            Version="2.0">
                <saml:Issuer>urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx</saml:Issuer>
                <ds:Signature>
                    <ds:SignedInfo>
                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                        <ds:Reference URI="_xxxxxxxxxxxxxxxxxxxxx">
                            <ds:Transforms>
                                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                            <ds:DigestValue>xxxx=</ds:DigestValue>
                        </ds:Reference>
                    </ds:SignedInfo>
                    <ds:SignatureValue>xxxx</ds:SignatureValue>
                    <ds:KeyInfo>
                        <ds:KeyName>xxxx</ds:KeyName>
                    </ds:KeyInfo>
                </ds:Signature>
                <saml:Subject>
                    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">xxxx</saml:NameID>
                    <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml:SubjectConfirmationData InResponseTo="_xxxxxxxxxxxxxxxxxxxxx"
                                                      NotOnOrAfter="2020-05-29T07:10:12Z"
                                                      Recipient="https://eh01.staging.signicat.nl/broker/acs/1.13"/>
                    </saml:SubjectConfirmation>
                </saml:Subject>
                <saml:Conditions NotBefore="2020-05-29T06:50:12Z"
                                 NotOnOrAfter="2020-05-29T07:10:12Z">
                    <saml:AudienceRestriction>
                        <saml:Audience>urn:etoegang:HM:0000000xxxxxxxxx000:entities:xxxx</saml:Audience>
                        <saml:Audience>urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx</saml:Audience>
                    </saml:AudienceRestriction>
                </saml:Conditions>
                <saml:AuthnStatement AuthnInstant="2020-05-29T07:00:07Z">
                    <saml:AuthnContext>
                        <saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa2</saml:AuthnContextClassRef>
                        <saml:AuthenticatingAuthority>xxxx</saml:AuthenticatingAuthority>
                    </saml:AuthnContext>
                </saml:AuthnStatement>
                <saml:AttributeStatement>
                    <saml:Attribute Name="urn:etoegang:core:Representation">
                        <saml:AttributeValue xsi:type="xs:boolean">false</saml:AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="urn:etoegang:core:ServiceUUID">
                        <saml:AttributeValue xsi:type="xs:string">xxxx</saml:AttributeValue>
                    </saml:Attribute>
                    <saml:Attribute Name="urn:etoegang:core:ActingSubjectID">
                        <saml:AttributeValue>
                            <saml:EncryptedID>
                                <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                                    Id="_xxxxxxxxxxxxxxxxxxxxx"
                                                    Type="http://www.w3.org/2001/04/xmlenc#Element">
                                    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                                    <ds:KeyInfo>
                                        <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
                                                            URI="_xxxxxxxxxxxxxxxxxxxxx"/>
                                    </ds:KeyInfo>
                                    <xenc:CipherData>
                                        <xenc:CipherValue>xxxx</xenc:CipherValue>
                                    </xenc:CipherData>
                                </xenc:EncryptedData>
                                <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                                   Id="_xxxxxxxxxxxxxxxxxxxxx"
                                                   Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
                                    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                    </xenc:EncryptionMethod>
                                    <ds:KeyInfo>
                                        <ds:KeyName>xxxx</ds:KeyName>
                                    </ds:KeyInfo>
                                    <xenc:CipherData>
                                        <xenc:CipherValue>xxxx</xenc:CipherValue>
                                    </xenc:CipherData>
                                    <xenc:ReferenceList>
                                        <xenc:DataReference URI="_xxxxxxxxxxxxxxxxxxxxx"/>
                                    </xenc:ReferenceList>
                                </xenc:EncryptedKey>
                            </saml:EncryptedID>
                        </saml:AttributeValue>
                    </saml:Attribute>
                    <saml:EncryptedAttribute>
                        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                            Id="encrypted_urn_etoegang_1.9_attribute_DateOfBirth"
                                            Type="http://www.w3.org/2001/04/xmlenc#Element">
                            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                            <ds:KeyInfo>
                                <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
                                                    URI="_xxxxxxxxxxxxxxxxxxxxx"/>
                            </ds:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>xxxx</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedData>
                        <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                           Id="_xxxxxxxxxxxxxxxxxxxxx"
                                           Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
                            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:KeyName>xxxx</ds:KeyName>
                            </ds:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>xxxx</xenc:CipherValue>
                            </xenc:CipherData>
                            <xenc:ReferenceList>
                                <xenc:DataReference URI="#encrypted_urn_etoegang_1.9_attribute_DateOfBirth"/>
                            </xenc:ReferenceList>
                        </xenc:EncryptedKey>
                    </saml:EncryptedAttribute>
                    <saml:EncryptedAttribute>
                        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                            Id="encrypted_urn_etoegang_1.9_attribute_FamilyName"
                                            Type="http://www.w3.org/2001/04/xmlenc#Element">
                            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                            <ds:KeyInfo>
                                <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
                                                    URI="_xxxxxxxxxxxxxxxxxxxxx"/>
                            </ds:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>xxxx</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedData>
                        <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                           Id="_xxxxxxxxxxxxxxxxxxxxx"
                                           Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx"
                        >
                            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:KeyName>xxxxx</ds:KeyName>
                            </ds:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>xxxxx</xenc:CipherValue>
                            </xenc:CipherData>
                            <xenc:ReferenceList>
                                <xenc:DataReference URI="#encrypted_urn_etoegang_1.9_attribute_FamilyName"/>
                            </xenc:ReferenceList>
                        </xenc:EncryptedKey>
                    </saml:EncryptedAttribute>
                    <saml:EncryptedAttribute>
                        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                            Id="encrypted_urn_etoegang_1.9_attribute_FirstName"
                                            Type="http://www.w3.org/2001/04/xmlenc#Element">
                            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                            <ds:KeyInfo>
                                <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
                                                    URI="_xxxxxxxxxxxxxxxxxxxxx"/>
                            </ds:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>xxx</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedData>
                        <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                                           Id="_1c10d90e8b53461cb794fa23b1f72f55"
                                           Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
                            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:KeyName>xxxx</ds:KeyName>
                            </ds:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>xxxx</xenc:CipherValue>
                            </xenc:CipherData>
                            <xenc:ReferenceList>
                                <xenc:DataReference URI="#encrypted_urn_etoegang_1.9_attribute_FirstName"/>
                            </xenc:ReferenceList>
                        </xenc:EncryptedKey>
                    </saml:EncryptedAttribute>
                </saml:AttributeStatement>
            </saml:Assertion>
        </saml:Advice>
        <saml:AuthnStatement AuthnInstant="2020-05-29T07:00:13Z">
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:loa2</saml:AuthnContextClassRef>
                <saml:AuthenticatingAuthority>urn:etoegang:AD:0000000xxxxxxxxx000:entities:xxxx</saml:AuthenticatingAuthority>
            </saml:AuthnContext>
        </saml:AuthnStatement>
        <saml:AttributeStatement>
            <saml:Attribute Name="urn:etoegang:core:ServiceUUID">
                <saml:AttributeValue xsi:type="xs:string">xxxx</saml:AttributeValue>
            </saml:Attribute>
            <saml:EncryptedAttribute xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptedData Id="_07151871-ab7d-337d-a4c2-aa6f0c23148d"
                                    Type="http://www.w3.org/2001/04/xmlenc#Element">
                    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
                    <ds:KeyInfo>
                        <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
                                            URI="_xxxxxxxxxxxxxxxxxxxxx"/>
                    </ds:KeyInfo>
                    <xenc:CipherData>
                        <xenc:CipherValue>xxxx</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
                <xenc:EncryptedKey Id="_xxxxxxxxxxxxxxxxxxxxx"
                                   Recipient="urn:etoegang:DV:0000000xxxxxxxxx000:entities:xxxx">
                    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:KeyName>xxxx</ds:KeyName>
                    </ds:KeyInfo>
                    <xenc:CipherData>
                        <xenc:CipherValue>xxxx</xenc:CipherValue>
                    </xenc:CipherData>
                    <xenc:ReferenceList>
                        <xenc:DataReference URI="_xxxxxxxxxxxxxxxxxxxxx"/>
                    </xenc:ReferenceList>
                </xenc:EncryptedKey>
            </saml:EncryptedAttribute>
        </saml:AttributeStatement>
    </saml:Assertion>
</samlp:Response>

# eHerkenning chain authorisation

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<samlp:Response
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="xxx" ID="xxx" InResponseTo="xxx" IssueInstant="2020-05-20T12:30:40Z" Version="2.0">
    <saml:Issuer>xxx</saml:Issuer>
    <ds:Signature>
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#xxx">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces
                            xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>xxx</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>xxx
</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:KeyName>xxx</ds:KeyName>
            </ds:KeyInfo>
        </ds:Signature>
        <samlp:Status>
            <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
        </samlp:Status>
        <saml:Assertion
            xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os" ID="xxx" IssueInstant="2020-05-20T12:30:40Z" Version="2.0">
            <saml:Issuer>xxx</saml:Issuer>
            <saml:Subject>
                <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:etoegang:HM:00000003244440010000:entities:9632">xxx</saml:NameID>
                <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                    <saml:SubjectConfirmationData InResponseTo="xxx" NotOnOrAfter="2020-05-20T12:35:40Z" Recipient="xxx"></saml:SubjectConfirmationData>
                </saml:SubjectConfirmation>
            </saml:Subject>
            <saml:Conditions NotBefore="2020-05-20T12:30:40Z" NotOnOrAfter="2020-05-20T12:35:40Z">
                <saml:AudienceRestriction>
                    <saml:Audience>xxx</saml:Audience>
                </saml:AudienceRestriction>
            </saml:Conditions>
            <saml:AuthnStatement AuthnInstant="2020-05-20T12:30:40Z">
                <saml:AuthnContext>
                    <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
                    <saml:AuthenticatingAuthority>urn:etoegang:HM:00000003244440010000:entities:9632</saml:AuthenticatingAuthority>
                </saml:AuthnContext>
            </saml:AuthnStatement>
            <saml:AttributeStatement>
                <saml:Attribute Name="urn:etoegang:core:ServiceID">
                    <saml:AttributeValue xsi:type="xs:string">urn:etoegang:DV:xxx:services:1990</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute Name="urn:etoegang:core:ServiceUUID">
                    <saml:AttributeValue xsi:type="xs:string">xxx</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute Name="urn:etoegang:1.9:EntityConcernedID:KvKnr">
                    <saml:AttributeValue xsi:type="xs:string">11----118</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute Name="urn:etoegang:1.9:IntermediateEntityID:KvKnr">
                    <saml:AttributeValue xsi:type="xs:string">271---01</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute FriendlyName="urn:etoegang:1.13:EntityConcernedID:Pseudo" Name="urn:etoegang:1.13:EntityConcernedID:Pseudo">
                    <saml:AttributeValue xsi:type="xs:string">xxx</saml:AttributeValue>
                </saml:Attribute>
            </saml:AttributeStatement>
        </saml:Assertion>
    </samlp:Response>

Last updated: 9/20/23, 12:13:17 PM UTC