link

# About SAML 1.1

Attention

SAML 1.1 will be deprecated soon. If you are working on a new integration, we strongly recommend that you use OIDC instead.

# Introduction

Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorisation data between security domains. This is normally between an identity provider like id.signicat and a service provider (the customer). SAML is a product of the OASIS Security Services Technical Committee (opens new window).

SAML assumes that the end-user has enrolled with at least one identity provider. This identity provider is expected to provide local authentication services to the end-user. However, SAML does not specify the implementation of these local services; indeed, SAML does not care how local authentication services are implemented.

SAML has been a de facto standard protocol for identity management and is now supported by most of the biggest actors in the computer industry. Today, id.signicat supports SAML v.1.1 and v.2.0. For detailed information about SAML as well as access to white papers, please visit this page (opens new window) on the OASIS website.

An illustration of the SAML 1.1 flow click-to-zoom

# Using the SAML 1.1 protocol

Commonly, the authentication process starts in your application and will consist of the following steps. You are required to carry out the actions marked in bold.

  1. Authenticating the user: You are the service provider (SP) and you need to authenticate an end-user in order to grant them access to a service. In order to do that, you redirect the user to Signicat (in the browser). Read more about redirecting the user to Signicat below.
  2. Signicat will host the entire authentication process using any of the available (or desired) id methods, after which a SAML assertion (XML) is constructed. The SAML assertion will be signed with a certificate which ensures that the contents of the assertion cannot be spoofed or altered.
  3. Receiving the SAML response: Signicat will then redirect the user back to your application along with the aforementioned SAML assertion. Read more about the SAML response below.
  4. Verifying the SAML response: Your application will pick up the SAML assertion and validate it to make sure it’s correct. Read more about validating the SAML response in this section below.
  5. Retrieving attributes from the SAML response: After validation has taken place, the values in the SAML assertion (such as user name, personal identity number etc.) can be extracted and processed by your application for further usage (typically logging the user in). Please refer to the SAML 1.1 response examples to see which attributes that are available.

# Authenticating the user

The first step of the authentication process is constructing a URL to redirect the user to Signicat. The URL will have the following format:

https//env.signicat.com/std/method/service?id=method:profile:language&target=target
Parameter Description Example value Required
env env is the environment preprod (in preprod)
id (in production)
Yes
service service is the name of your service as registered with Signicat*.
There is a demo preprod service called "demo" which you may use as you'd like, but eventually you will start using your own service.
Demo (in preprod environment)
yourdomainnamegoeshere.com (in production)
Yes
method method is the name of the id-method as registered with Signicat*. nbid (Norwegian BankID) Yes
profile profile is the name of the graphical profile** you would like to use. If you don't have a graphical profile, you can omit the value and the default profile will be used. No
language language is the (ISO 639-1) two-letter code for the language you would like in the user interface. "en" (English) is default. nb (Norwegian) No
target target is the URL-encoded (or “percent encoded”) URL to the application which is to receive the SAML assertion. If you’re starting out testing the services, then perhaps your URL is http://localhost:8080/auth/verify and if you URL encode that you will end up with http%3A%2F%2Flocalhost%3A8080%2Fauth%2Fverify. Any parameters you use in any of your URLs should always be URL encoded according to the URL standard, so make sure you adhere to that. http%3A%2F%2Flocalhost%3A8080%2Fauth%2Fverify Yes

URL encoding

All URL parameters must be properly URL encoded using UTF-8, as per RFC 3986 (opens new window).

*If your company name is Foo then your service name can be “foo”. If you’re using Danish NemID then the method name can be “nemid” or something completely different if you’d like. Please contact support@signicat.com if you’re unsure of the name of your service and/or available id-methods.

**A graphical profile is an HTML template which can be used to wrap the dynamic content served by Signicat.

# Example

Let’s put the pieces together and construct a URL where we send the user to the preprod environment, using the demo service, the Danish NemID method, a demo profile, danish language and localhost as the target:

https://preprod.signicat.com/std/method/demo?id=nemid:demo:da&target=http%3A%2F%2Flocalhost%3A8080%2Fauth%2Fverify

Clicking the link will send you to a page where the NemID applet is loaded and the authentication process starts, such as in the following screenshot:

An example showing the NemID applet click-to-zoom

# Receiving the SAML response

After authenticating, Signicat will redirect the user to the target using HTTP POST. In terms of HTTP, this is what the request would like like:

POST http://localhost:8080/auth/verify HTTP/1.1
Host: localhost:8080
Proxy-Connection: keep-alive
Content-Length: 9213
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Origin: https//preprod.signicat.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) chrome/29.0.1547.66 Safari/537.36
Content-Type: Application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate,sdch
Accept-Language: en-US,en;q=0.8
SamlResponse=PFJlc3BvbnNlIHhtbG5zPSJ1c...and so on and so on...Rpb24%2BPC)SZXNwb25zZT4%3D%0D%0A&TARGET=http%3A%2F%2Flocalhost%3A5050%2Fvalidate

Decoding the SAML response will result in the actual SAML (XML) document which contains information about the authentication. Read more about SAML 1.1 and SAML 2.0 or have a look at example SAML 1.1 responses for different id providers.

# Verifying the SAML response

The SAML response is a signed XML (xml-dsig) and the signature must be verified in order to ensure the correctness of the assertion. Signicat provides libraries that will help you verifying the SAML using Java or C#.

# Using time skew when verifying SAML 1.1 responses

If you experience error messages like The assertion is expired, or The assertion is not valid yet when validating a SAML response from Signicat, this is because the current time is outside the validity period of SAML assertions. This problem can often be solved by adjusting the time skew configuration setting.

For security reasons, the validity period of SAML assertions is limited to 30 seconds. Their lifetime can not be extended. A common problem is that if the recipient's clock is just one or two seconds late, while the real redirection latency is short, then the recipient (the SAML consumer) will see the SAML assertion as created "in the future", and the verification will fail.

Preferably, you should make sure that your servers are NTP synced at all times to avoid these issues. If necessary, you can also adjust the SAML consumer clock by the amount of seconds in the time skew property. By doing this, the whole validity window can be moved to make the verification function less vulnerable for a late (or early) clock on the consumer's end. A common setting for time skew is 5 seconds. If you experience many errors of type The assertion is expired, decrease the time skew. If you experience many errors of type The assertion is not valid yet, increase the time skew.

# Renewal of SAML 1.1 signing certificates

Signicat renews their SAML signing certificates every second year (years ending with odd numbers). This section describes the impact of Signicat’s Connectors and Applications

# Signicat's connectors

Customers using older versions of Signicat Connectors will be affected by a renewal of Signicat’s SAML certificates. This applies to the following versions of the Connectors:

  • on Java platform: Java client kit, v. 2.3.2 or lower
  • on .NET platform: Signicat.Basic.Service v.1.11 ..
  • or lower on .NET platform: Signicat.Basic v.1.0.1.10 or lower

Every time Signicat renews the SAML signing certificates, these customers must replace the old SAML signing certificate with the new ones or add the new ones to the Connector’s truststore.

Customers using newer connectors than the above mentioned will not be affected by renewal of the SAML signing certificate.

# Signicat authentication using the SAML2 protocol

Customers integrated with the Signicat authentication service using the SAML2 protocol, will be affected by a renewal of Signicat’s SAML certificates.

Every time Signicat renews the SAML signing certificats these customers must renew the SAML2 metadata from Signicat.

# Frequently asked questions

Q: I use OIDC, what do I do?
A: OIDC is unaffected by this change.

Q: I only use Signicat for signatures, what do I do?
A: Renewal of the SAML signing certificate does not affect Signicat's electronic signature services.

Q: What is “SAML Signing” certificate?
A: The SAML Signing certificate is the certificate used by Signicat for validating SAML responses.

Q: I use SAML2, what do I need to do?
A: You need to change existing Signicat metadata with new metadata. Contact support@signicat.com to receive new metadata or change your metadata manually by changing the certificate in our metadata with the new certificate.

Q: What version of the connector do I use?
A: For .Net: Find the signicat.basic.dll, check the properties for version.
For Java: Locate signicat-client-lib-X.X.X.jar. The version number should be in the file name.

Q: I don’t use any of Signicat's connectors, what do I do?
A: If your integration use Signicat’s root CA, you don’t need to do anything. If you use the leaf-certificate, consider adding the root CA or add the new certificate in your integration manually.

# SAML 1.1 response

A service provider (the Customer) relies on Signicat AS, as the identity provider, to identify the end-user. At the end-users request, the identity provider passes a SAML assertion to the service provider. On the basis of this assertion, the service provider makes an access control decision. We call this SAML assertion the SAML response.

The SAML response is created in both the authentication and the signing scenario. Both scenarios contains two url redirections:

  1. Before authentication/signature, the user is redirected from the service provider to id.signicat
  2. After authentication/signature, id.signicat redirects the user back to the target url, normally to a webpage in the service provider. This redirect includes the SAML response, which contains the end-users identify “package”. The SAML response generated by id.signicat confirms to the SAML specification version 1.1. The specification for SAML can be found on the OASIS website (opens new window). This document also summarises the security aspects of the SAML protocol.

SAML responses from authentication transactions are always signed with Signicat's signing certificate. Such signing is both necessary and mandatory. The purpose is to control integrity and origin of the SAML response and to prevent tampering with the SAML response.

Signicat’s opinion is that signed SAML responses will improve the security also in the document signing scenario. SAML responses may be stored in the web applications database and if they are signed, it is always possible to control their integrity and origin at any time later.

# Overview

The SAML Response contains an SAML Assertion. The assertion contains two statements; an authentication statement and an attribute statement. Each of these has a subject and some information. The subject will always be identical for all statements in the same SAML assertion.

# The subject

The “subject” in contains a NameIdentifier. This is the information used by the identity solution to identify the user. This will be different for each identity solution. Norwegian BankID use what they call “PID” which is a unique, BankID-specific identifier for the user. Swedish BankID use “personnummer”.

The NameIdentifier will always identify the user in a unique manner.

# The authentication statement

The authentication statement tells when and how the user was authenticated. The AuthenticationMethod attribute has a unique value for each identity solution.

Identity solution Attribute value
Norwegian BankID urn:ksi:names:SAML:2.0:ac:BankID-NO
Buypass urn:ksi:names:SAML:2.0:ac:Buypass
Swedish BankID urn:ksi:names:SAML:2.0:ac:BankID-SE
Telia urn:ksi:names:SAML:2.0:ac:Telia-e-legitimation
Nordea urn:ksi:names:SAML:2.0:ac:e-legitimation-via-Nordea
Danish NetID urn:ksi:names:SAML:2.0:ac:net-ID
Norwegian MinID urn:ksi:names:SAML:2.0:ac:MinID
Tupas urn:ksi:names:SAML:2.0:ac:Tupas
OCES urn:ksi:names:SAML:2.0:ac:OCES

# The attribute statement

The attribute statement holds additional attributes which we hold to be true about the user. The information is normally collected in the authentication process, but it may also be other information collected by some other means. Each attribute has a name and a namespace. The namespace tells how the attribute information was collected.

# Attribute mappings

We may define custom attribute names if you want standard attribute names across different identity solutions. You may, for instance, want the users name to be present in an attribute with a standard name regardless of how the user did authenticate themselves.

# Signed document

An SAML Response may also be downloaded if the user has signed a digital document. The SAML Response is identical, but will also contain the Base64 encoded signed document as an attribute.

# SAML 1.1 response examples

# Index

ID method SAML example response
NemID See response
EsteID See response
Tupas See response
Mobiilivarmenne See response
itsme See response
Norwegian BankID See response
Norwegian BankID on mobile See response
Buypass See response
Smart-ID See response
DNIe See response
Swedish BankID See response
Telia See response

# NemID


Response example

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2013-09-12T09:08:52.552Z" MajorVersion="1" MinorVersion="1" Recipient="https://test.signicat.com/james-alaska/response?url=https://test.signicat.com/james-alaska/app/?wicket:bookmarkablePage=:ksi.admin.app.page.DemoPage" ResponseID="_28104efd25c4e099d757af527cfcb75a">
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
      <ds:Reference URI="#_28104efd25c4e099d757af527cfcb75a">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
          </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
        <ds:DigestValue>m1sBAiy3xcZIYQuXiVxyqMBxUvQ=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue> hbfvLmjDEAXtw3dOsCUaEjqCsbyQ2nWZ1QobUk+UEVPdhI7urKk57cg+rzX0TgCoJjsnEqR9gSmT rAKan7SLxvMXzHLjABEkH5BkJDQv1HftARd1IlBMK3sT27oU+2heJj9quWeOg6IwU0TqrX3wPi1y sSFikREBxZQVvqd/fMB+VRgkgBziM/NdcxXKF6TZjVVknzpBs1q1HOcG7Byjkp+uCAfaxiAbQMno pmdhYa3MAHFS0HrZOf+ax3lrMLp2dV7ltI5KEr876ChHjU4zD8OzlrnMwyUsuxrdeLsrX5/3diMu jNQHUFMmox/e1tsXBHYsn8i2CADEKFiUN0inGw== </ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate> MIIDuzCCAqOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xMTA4 MDExMjMyNThaFw0xMzEwMjkxMjMyNThaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIEwZOb3J3YXkx EjAQBgNVBAcTCVRyb25kaGVpbTERMA8GA1UEChMIU2lnbmljYXQxETAPBgNVBAsTCFNpZ25pY2F0 MR4wHAYDVQQDExV0ZXN0LnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCWUoZYyNjxht64J/AyxV807psI0e0yxLoAAKw82QaClDodgfpRLJ1RcMq4RfQvptjx zMxwxseKcRTBnDsPQ1k93D4yzrrySlWwk6/fv4G/zaSDhIc6JKZjPO9/NxILdVdGJ4/a78fMtYjF oTC6vV884GdewFtXvPIse309Opfw/O8mkr709G8yCyuLX6qHIYO2loTMEPrawKdiOva9Hst2wKGj JWtX31qhOs8OE6A57ymzfkFzch0IVdqsDg6nLfWRwY5CzBhAYAfwYEXAuwOc0eppZ7HkqryFxeFM DF5wz8sNoBs1Pu5Wm0xEeqTq34vqHMdfG+fXoITiY16Xe+x9AgMBAAGjfzB9MAkGA1UdEwQCMAAw CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E FgQUDHKNW1c2WXmsa2CLURzBAsBH5f4wHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw DQYJKoZIhvcNAQEFBQADggEBAAwjTtaZtDMb8TszQgWqlXq2F06OjTPNosSYjssX7n127zQ9594J VIi2Yx9YSUrWB/bEHoHoSrzLb8jWtycKct8MNHIHWI/pvjI/A+e7l0vG66WFyzwngr4LVFSm0t35 D3s8k8lanZ5NA5n1OXSc/bAi9iI8CcVaCdXPrvbxDBOx6ba9+EpN6xXDixP/i2q+TLspv4VOrn+7 JGN9NQiQTSTSua1f6E7EYY6BxrWtdzF/7Y8gZoTok3Cj0vnZf7LOXRKKSTs8ofg2goDriw1ad8ku VvxfOoltLeXhO4GQACBo45nNZuNnCwFDgUp6IMDOG1mRUR5wcWbS/i9hqgtkpsA= </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>
  <Status>
    <StatusCode Value="samlp:Success"></StatusCode>
  </Status>
  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_ba1f71cafa8b4df51798903b989aaf2c" IssueInstant="2013-09-12T09:08:52.552Z" Issuer="test.signicat.com/std" MajorVersion="1" MinorVersion="1">
    <Conditions NotBefore="2013-09-12T09:08:52.552Z" NotOnOrAfter="2013-09-12T09:09:22.552Z"></Conditions>
    <AuthenticationStatement AuthenticationInstant="2013-09-12T09:08:52.550Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:OCES">
      <Subject>
        <NameIdentifier Format="urn:kantega:ksi:3.0:nameid-format:fnr">2204777971</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
    </AuthenticationStatement>
    <AttributeStatement>
      <Subject>
        <NameIdentifier Format="urn:kantega:ksi:3.0:nameid-format:fnr">2204777971</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
      <Attribute AttributeName="service-name" AttributeNamespace="signicat">
        <AttributeValue>demo</AttributeValue>
      </Attribute>
      <Attribute AttributeName="method-name" AttributeNamespace="signicat">
        <AttributeValue>nemid</AttributeValue>
      </Attribute>
      <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
        <AttributeValue>Harry Dresden</AttributeValue>
      </Attribute>
      <Attribute AttributeName="firstname" AttributeNamespace="nemid">
        <AttributeValue>Harry</AttributeValue>
      </Attribute>
      <Attribute AttributeName="lastname" AttributeNamespace="nemid">
        <AttributeValue>Dresden</AttributeValue>
      </Attribute>
      <Attribute AttributeName="security-level" AttributeNamespace="signicat">
        <AttributeValue>3</AttributeValue>
      </Attribute>
      <Attribute AttributeName="nemid" AttributeNamespace="unique-id">
        <AttributeValue>9208-2002-2-505451427991</AttributeValue>
      </Attribute>
      <Attribute AttributeName="subject-serial-number" AttributeNamespace="nemid">
        <AttributeValue>PID:9208-2002-2-505451427991</AttributeValue>
      </Attribute>
      <Attribute AttributeName="dk.cpr" AttributeNamespace="national-id">
        <AttributeValue>2204777971</AttributeValue>
      </Attribute>
      <Attribute AttributeName="plain-name" AttributeNamespace="oces">
        <AttributeValue>Harry Dresden</AttributeValue>
      </Attribute>
      <Attribute AttributeName="cpr" AttributeNamespace="nemid">
        <AttributeValue>2204777971</AttributeValue>
      </Attribute>
      <Attribute AttributeName="pid" AttributeNamespace="nemid">
        <AttributeValue>9208-2002-2-505451427991</AttributeValue>
      </Attribute>
    </AttributeStatement>
  </Assertion>
</Response>

# EsteID


Response example

<Response
    xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2014-07-23T12:49:31.213Z" MajorVersion="1" MinorVersion="1" Recipient="https://james.signicat.com/james-alaska/response" ResponseID="_b24159c058404afd47c2a9b255956c0e">
    <ds:Signature
        xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
            <ds:Reference URI="#_b24159c058404afd47c2a9b255956c0e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces
                            xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi">
                        </ec:InclusiveNamespaces>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
                <ds:DigestValue>4hEo2NBxj1ixZHdJ7JzRo9WIxdQ=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue> shTmpEjNAwnSYNBW4Id4/I37V6ecPO0fGMWCXu2HXCNKyiktl5Cz4w8KAQvRSH5oU9MhKK10j67W 8M4G6TCLuJhzBQLugfh2o/8gDxx9qEmd8SqizrhafEMWY3NKgMXMonOKTXYg8dwwO/UyAaciItcM Va6p2dXXZf5c3OVba3kOwv0hl+11DX6630/PnFswRiYtbp76FabfqZd1leHSpbeHM0BCnDdK8tsM vh7jUDornxH4sg2Y3hQhIetjAvoR2qQJZHhtOtOToEKJ1lli/EiXU/GiEhczywNaEKbO1tJgvK3t 34OpCE6CxcJ8I/rHsQPhrbMcu58tXw9XXLBlxg== </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate> MIIDuzCCAqOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xMzEw MDIwOTMyMjlaFw0xNTEwMDIwOTMyMjlaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIEwZOb3J3YXkx EjAQBgNVBAcTCVRyb25kaGVpbTERMA8GA1UEChMIU2lnbmljYXQxETAPBgNVBAsTCFNpZ25pY2F0 MR4wHAYDVQQDExV0ZXN0LnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDSKpx1HktssD+3vFQxFqiA1ZLLNTD3qCnbtMrnEn2dbz5cIFWHYLyC4t4/yUSVlV3X iG8zBLutjOUTa77URte+GNLF9BeOV0nGhqXCGQBIXztCWrROG/q1qdo9yIsom+gbfmSSYXJNR5RI mZhXtyWWbD9llimS2ucRFBuIiU4v82HsBmjZR1tBMHlijes0DBaYrq6FhJD6n2jBzked0UUmaHdn JviL/aKt5G/cj6meWZB5AkyA3qQiaCTlzZHQL7Q0VplBnWaLc566XtJa+9AAmnJ4t3gGQc+pai3j koSVH38IHdSspba7ycqVoWyxcHUkhAKEI2T6Ye6uTqcTAE5jAgMBAAGjfzB9MAkGA1UdEwQCMAAw CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E FgQUkk/9PoiAJCAkJnfGc5GOsPfN41gwHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw DQYJKoZIhvcNAQEFBQADggEBAIzlAW1Ev4HgmGQTmVBogtTgekRrK4VpM2liyoO4Ud6rUpCOvOwI KuA0ixmVaaSjNaSTqM49sdeos9+cu9D/cOv/tGJvpsFCP9kbEJ3/M/OhrUQfoIqNwXFjZbJAH9AQ 78811wIZJVR8YOJenMEZ0OTCBq7aAaUENTBGeboCDfTNxtH3U6hPfO6Ng7C5JAH2zciZFnOJuN7J uzfGW7Da77XlPVhUtIrDgMH02vwU+mRsXXWuSvbTIYEg6aPfpb/DUvibeAEGLC/PpDZY4QaltHxE CCodbzhOWptzHUfdbs7lfzXpZMgLGDlNz+k5SXvCN+RA4ZMkHeitXYhYCF0Pv48= </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <Status>
        <StatusCode Value="samlp:Success"></StatusCode>
    </Status>
    <Assertion
        xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_1f4169ac82eb7408625aad57bad53ce9" IssueInstant="2014-07-23T12:49:31.213Z" Issuer="test.signicat.com/std" MajorVersion="1" MinorVersion="1">
        <Conditions NotBefore="2014-07-23T12:49:31.213Z" NotOnOrAfter="2014-07-23T12:50:01.213Z"></Conditions>
        <AuthenticationStatement AuthenticationInstant="2014-07-23T12:49:31.148Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:EstEID">
            <Subject>
                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">SERIALNUMBER=37101010021, GIVENNAME=IGOR, SURNAME=ŽAIKOVSKI, CN="ŽAIKOVSKI,IGOR,37101010021", OU=authentication, O=ESTEID, C=EE</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
        </AuthenticationStatement>
        <AttributeStatement>
            <Subject>
                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">SERIALNUMBER=37101010021, GIVENNAME=IGOR, SURNAME=ŽAIKOVSKI, CN="ŽAIKOVSKI,IGOR,37101010021", OU=authentication, O=ESTEID, C=EE</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
            <Attribute AttributeName="service-name" AttributeNamespace="signicat">
                <AttributeValue>customertest3</AttributeValue>
            </Attribute>
            <Attribute AttributeName="method-name" AttributeNamespace="signicat">
                <AttributeValue>esteid</AttributeValue>
            </Attribute>
            <Attribute AttributeName="security-level" AttributeNamespace="signicat">
                <AttributeValue>3</AttributeValue>
            </Attribute>
            <Attribute AttributeName="ee.ik" AttributeNamespace="national-id">
                <AttributeValue>37101010021</AttributeValue>
            </Attribute>
            <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
                <AttributeValue>IGOR ŽAIKOVSKI</AttributeValue>
            </Attribute>
            <Attribute AttributeName="ee.serialnumber" AttributeNamespace="id-code">
                <AttributeValue>37101010021</AttributeValue>
            </Attribute>
            <Attribute AttributeName="unique-id" AttributeNamespace="esteid">
                <AttributeValue>37101010021</AttributeValue>
            </Attribute>
            <Attribute AttributeName="givenname" AttributeNamespace="esteid">
                <AttributeValue>IGOR</AttributeValue>
            </Attribute>
            <Attribute AttributeName="surname" AttributeNamespace="esteid">
                <AttributeValue>ŽAIKOVSKI</AttributeValue>
            </Attribute>
            <Attribute AttributeName="cn" AttributeNamespace="esteid">
                <AttributeValue>ŽAIKOVSKI,IGOR,37101010021</AttributeValue>
            </Attribute>
        </AttributeStatement>
    </Assertion>
</Response>

# Tupas


Response example

Obsolete

TUPAS was replaced by FTN (Finnish Trust Network) on 1 October 2019. Signicat does not offer FTN integration with SAML 1.1, as FTN requires message-level encryption. A relevant OIDC example can be found on this page.

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2013-09-16T10:36:06.540Z" MajorVersion="1" MinorVersion="1" Recipient="https://test.signicat.com/james-alaska/response?url=https://test.signicat.com/james-alaska/app/?wicket:bookmarkablePage=:ksi.admin.app.page.DemoPage" ResponseID="_1d362b6d00f8fb073b11dc38c6d4f211">
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
      <ds:Reference URI="#_1d362b6d00f8fb073b11dc38c6d4f211">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
          </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
        <ds:DigestValue>0Ih/D6ETISV8cjvILy+r5oxB3Jo=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue> Hw3byZHN+of30IW8fRyiCMp61xyieHF54/z6BBn3ixdK6jPuOHBSK4/TQCptcPAcVTLHRRtmnGO2 2IN6IyeMkwC+PZwtanflk8glO0zqFyQ7butlQNH4kUhHQz7uZ/BScvOCODB5qjj6SIrmFd3Foh2b ehOnEvKyFyexh+BRNla0mUfbBks7QJ1D2Un9chJxXt+tm81xSQ43j1BDL8kFk+ij8W1Hsr9TNv6S mFIP4zgrJx95pdlg+F1q/AMZ6GysxIRLDdxxydvZ2UdAt1+UbbQ2CosAxXaSDRCUYupWuoFb7thH lTfe02LVHpttNQfKKAtZyNZEmH6iuzhQpkEiPw== </ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate> MIIDuzCCAqOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xMTA4 MDExMjMyNThaFw0xMzEwMjkxMjMyNThaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIEwZOb3J3YXkx EjAQBgNVBAcTCVRyb25kaGVpbTERMA8GA1UEChMIU2lnbmljYXQxETAPBgNVBAsTCFNpZ25pY2F0 MR4wHAYDVQQDExV0ZXN0LnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCWUoZYyNjxht64J/AyxV807psI0e0yxLoAAKw82QaClDodgfpRLJ1RcMq4RfQvptjx zMxwxseKcRTBnDsPQ1k93D4yzrrySlWwk6/fv4G/zaSDhIc6JKZjPO9/NxILdVdGJ4/a78fMtYjF oTC6vV884GdewFtXvPIse309Opfw/O8mkr709G8yCyuLX6qHIYO2loTMEPrawKdiOva9Hst2wKGj JWtX31qhOs8OE6A57ymzfkFzch0IVdqsDg6nLfWRwY5CzBhAYAfwYEXAuwOc0eppZ7HkqryFxeFM DF5wz8sNoBs1Pu5Wm0xEeqTq34vqHMdfG+fXoITiY16Xe+x9AgMBAAGjfzB9MAkGA1UdEwQCMAAw CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E FgQUDHKNW1c2WXmsa2CLURzBAsBH5f4wHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw DQYJKoZIhvcNAQEFBQADggEBAAwjTtaZtDMb8TszQgWqlXq2F06OjTPNosSYjssX7n127zQ9594J VIi2Yx9YSUrWB/bEHoHoSrzLb8jWtycKct8MNHIHWI/pvjI/A+e7l0vG66WFyzwngr4LVFSm0t35 D3s8k8lanZ5NA5n1OXSc/bAi9iI8CcVaCdXPrvbxDBOx6ba9+EpN6xXDixP/i2q+TLspv4VOrn+7 JGN9NQiQTSTSua1f6E7EYY6BxrWtdzF/7Y8gZoTok3Cj0vnZf7LOXRKKSTs8ofg2goDriw1ad8ku VvxfOoltLeXhO4GQACBo45nNZuNnCwFDgUp6IMDOG1mRUR5wcWbS/i9hqgtkpsA= </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>
  <Status>
    <StatusCode Value="samlp:Success"></StatusCode>
  </Status>
  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_f6cbb7762e5a32b6b54e2aaf922d4556" IssueInstant="2013-09-16T10:36:06.540Z" Issuer="test.signicat.com/std" MajorVersion="1" MinorVersion="1">
    <Conditions NotBefore="2013-09-16T10:36:06.540Z" NotOnOrAfter="2013-09-16T10:36:36.540Z"></Conditions>
    <AuthenticationStatement AuthenticationInstant="2013-09-16T10:36:06.538Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:Tupas">
      <Subject>
        <NameIdentifier Format="urn:kantega:ksi:3.0:nameid-format:fnr">210281-9988</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
    </AuthenticationStatement>
    <AttributeStatement>
      <Subject>
        <NameIdentifier Format="urn:kantega:ksi:3.0:nameid-format:fnr">210281-9988</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
      <Attribute AttributeName="service-name" AttributeNamespace="signicat">
        <AttributeValue>demo</AttributeValue>
      </Attribute>
      <Attribute AttributeName="method-name" AttributeNamespace="signicat">
        <AttributeValue>tupas</AttributeValue>
      </Attribute>
      <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
        <AttributeValue>TESTAA PORTAALIA</AttributeValue>
      </Attribute>
      <Attribute AttributeName="security-level" AttributeNamespace="signicat">
        <AttributeValue>3</AttributeValue>
      </Attribute>
      <Attribute AttributeName="fi.hetu" AttributeNamespace="national-id">
        <AttributeValue>210281-9988</AttributeValue>
      </Attribute>
      <Attribute AttributeName="customer.name" AttributeNamespace="tupas">
        <AttributeValue>TESTAA PORTAALIA</AttributeValue>
      </Attribute>
      <Attribute AttributeName="firstname" AttributeNamespace="tupas">
        <AttributeValue>TESTAA</AttributeValue>
      </Attribute>
      <Attribute AttributeName="lastname" AttributeNamespace="tupas">
        <AttributeValue>PORTAALIA</AttributeValue>
      </Attribute>
      <Attribute AttributeName="customer.id.plaintext" AttributeNamespace="tupas">
        <AttributeValue>210281-9988</AttributeValue>
      </Attribute>
      <Attribute AttributeName="customer.id" AttributeNamespace="tupas">
        <AttributeValue>210281-9988</AttributeValue>
      </Attribute>
      <Attribute AttributeName="customer.id.type" AttributeNamespace="tupas">
        <AttributeValue>01</AttributeValue>
      </Attribute>
      <Attribute AttributeName="bank.id" AttributeNamespace="tupas">
        <AttributeValue>200</AttributeValue>
      </Attribute>
      <Attribute AttributeName="bank.name" AttributeNamespace="tupas">
        <AttributeValue>Nordea</AttributeValue>
      </Attribute>
    </AttributeStatement>
  </Assertion>
</Response>

# Mobiilivarmenne


Response example

Obsolete

From 1st October 2019, Mobiilivarmenne is part of FTN (Finnish Trust Network). Signicat does not offer FTN integration with SAML 1.1. A relevant OIDC example can be found on this page.

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2017-02-09T12:02:28.497Z" MajorVersion="1" MinorVersion="1" Recipient="https://preprod.signicat.com/james-alaska/response" ResponseID="_bb4b989899a962aeec875be52b74dec6">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
            <ds:Reference URI="#_bb4b989899a962aeec875be52b74dec6">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
                <ds:DigestValue>B2siYAv16R9FA0g/lIT1sH1oyjw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue> h/5qlRP1UoRl7vc0cnEye1Ct25zviRK0H7aVhEEQ0lQSqoRyJVSpj8kDFU+osjjYwvJwWZUEohvN Qz52Mjcum+thPdsYFxz3w1Lm7ZSKhmgO2JHegJQhl/+1TC+xtgoNBK924w4jMZHMXW1+ouW2feei NgBLTEptMfECOCZ+QFNSDOIfgjzTm6BH7QbN9P+fwuFlTUZWB3vOT1F4PUcx1JdSz+4isck+vfGo Htg+MUBnS2+fXU8jRGvSXNkNamqKoWC2HgUf57VG4RwW/S8OpMCNm+LiOzZI4DsJpp3L/NopS61l VKjSHOUwG+tN7A2/DR5qCYdPTnJYDQPprOXWgg== </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate> MIIDuzCCAqOgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xNTA1 MTIxMzA4MzVaFw0xNzA5MjMxMzA4MzVaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkx EjAQBgNVBAcMCVRyb25kaGVpbTERMA8GA1UECgwIU2lnbmljYXQxETAPBgNVBAsMCFNpZ25pY2F0 MR4wHAYDVQQDDBV0ZXN0LnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCnVHnRlvqzV6RPNjPTSOqboAH8xJwOR2hncTcYsVZ8U5TLYAwaphaiGa5Sx2PGpi/R 8+uVyxAm3EdOcXBIg60sfZ7dhXl78x0porzXA4wxFTd3wTpAYh/jt2JX0aLnEtYATvVzW1xatmQO DBhBpwZ0Gj352FadQFVobqhKkJJkguudQ6z0QpZiRRDuA1vXXrnCmwCfzXmGXVOfMIfgkvPz85EG d5Y365UALDLWcbamk7Z/llEXc+oaOR6amdFVxnH3ksSyfZ+Hhi2G9qijiLKs1qp516pwVdb3flry JRsoa9GccS68rQN6EzD+S9io7qmUGQkfBpKd9s8O2SwqhSjtAgMBAAGjfzB9MAkGA1UdEwQCMAAw CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E FgQUlvBuK7QGLkIZlNUxMaZwjtVOZyIwHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw DQYJKoZIhvcNAQELBQADggEBAEhA48Ioyr6qSySmFBmxitUC+421IgTZ6ZOPLE8u0QLCXuUdwicO OAtn5ue3iSq6kxMI5jPa3JFQdX/sCgeON0jZGCvcJ8DOw4ScwR7OjLk0cHLpb1t+8ns9YAPjy0Ho 69N0L4vSujKWA4pw3T2Hw2XIKRSqfgfrjAlSXBugQNl0NB9PmCvUbfHwGsz1ldgNjAUfMweSyRfi R6ZrRaUjzB93q2cpY4kWVgCld0Kw+Qu/qaEXn1BpA7Lf9ZDyMQjqbbEug2t40Y/Ey90eYotj5cHg B5XLK+N1Z8S6fmWFwGiMYDCvg60dOUfLp4b/7KK0aj79l7WH7f6FCeT0uIuqpdQ= </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <Status>
        <StatusCode Value="samlp:Success"></StatusCode>
    </Status>
    <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_7a9c1506f23a4ee506476e2b78917591" IssueInstant="2017-02-09T12:02:28.497Z" Issuer="test.signicat.com/std" MajorVersion="1" MinorVersion="1">
        <Conditions NotBefore="2017-02-09T12:02:28.497Z" NotOnOrAfter="2017-02-09T12:02:58.497Z"></Conditions>
        <AuthenticationStatement AuthenticationInstant="2017-02-09T12:02:28.455Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:mobiilivarmenne">
            <Subject>
                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=Falck Tes Carita Marianne 10002050S,SURNAME=Falck Tes+SERIALNUMBER=10002050S+GIVENNAME=Carita Marianne</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
        </AuthenticationStatement>
        <AttributeStatement>
            <Subject>
                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=Falck Tes Carita Marianne 10002050S,SURNAME=Falck Tes+SERIALNUMBER=10002050S+GIVENNAME=Carita Marianne</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
            <Attribute AttributeName="service-name" AttributeNamespace="signicat">
                <AttributeValue>demo</AttributeValue>
            </Attribute>
            <Attribute AttributeName="method-name" AttributeNamespace="signicat">
                <AttributeValue>mobiilivarmenne-elisa</AttributeValue>
            </Attribute>
            <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
                <AttributeValue>Carita Marianne Falck Tes</AttributeValue>
            </Attribute>
            <Attribute AttributeName="security-level" AttributeNamespace="signicat">
                <AttributeValue>3</AttributeValue>
            </Attribute>
            <Attribute AttributeName="unique-id" AttributeNamespace="signicat">
                <AttributeValue>10002050S</AttributeValue>
            </Attribute>
            <Attribute AttributeName="nationality" AttributeNamespace="signicat">
                <AttributeValue>FI</AttributeValue>
            </Attribute>
            <Attribute AttributeName="friendly-name" AttributeNamespace="signicat">
                <AttributeValue>Mobiilivarmenne</AttributeValue>
            </Attribute>
            <Attribute AttributeName="national-id" AttributeNamespace="signicat">
                <AttributeValue>101092-002A</AttributeValue>
            </Attribute>
            <Attribute AttributeName="fi.hetu" AttributeNamespace="national-id">
                <AttributeValue>101092-002A</AttributeValue>
            </Attribute>
            <Attribute AttributeName="phone" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>+358504352123</AttributeValue>
            </Attribute>
            <Attribute AttributeName="hetu" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>101092-002A</AttributeValue>
            </Attribute>
            <Attribute AttributeName="satu" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>10002050S</AttributeValue>
            </Attribute>
            <Attribute AttributeName="age" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>24</AttributeValue>
            </Attribute>
            <Attribute AttributeName="age-class" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>true</AttributeValue>
            </Attribute>
            <Attribute AttributeName="gender" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>F</AttributeValue>
            </Attribute>
            <Attribute AttributeName="given-name" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>Carita Marianne</AttributeValue>
            </Attribute>
            <Attribute AttributeName="surname" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>Falck Tes</AttributeValue>
            </Attribute>
            <Attribute AttributeName="subject" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>CN=Falck Tes Carita Marianne 10002050S,SURNAME=Falck Tes+SERIALNUMBER=10002050S+GIVENNAME=Carita Marianne</AttributeValue>
            </Attribute>
            <Attribute AttributeName="valid-until" AttributeNamespace="mobiilivarmenne">
                <AttributeValue>2019-11-13T16:06:27+02:00</AttributeValue>
            </Attribute>
        </AttributeStatement>
    </Assertion>
</Response>

# itsme


Response example

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2019-04-08T17:21:50.386Z" MajorVersion="1" MinorVersion="1" Recipient="https://demo.signicat.com/id/saml/connect?selectedMethod=itsme-register" ResponseID="_9e28e98dfe136fb13e75e78260f48c5b">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_9e28e98dfe136fb13e75e78260f48c5b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"/>
                    </ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>FViazQCrJfOS3mJkvuPw4eZAM5w=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DdMt300yFfvNWUGToslbHed61fas5JxurlDxvFjfilT7u7rPq5VEpkFbwH/yDrnRu0grbwJxvss/
YfBe+DUri+MCMxfvFwxEbKf2+P+BYYxeNHTUXy0LJB7TP3UQYvycDVN5NZ6icJz36Qy9H5TCpd67
tH2VvClqz3VwHFTUtW44wy9JnFkdKZ1M+dy+vwfspNSV1FLclooGDFn2UXBz9j6fUZdnxVorYZ6s
u3ax5hAcLdzHs6hIyCLUmlGFIPVDK/PAtKXPyM6owglpQSfbeT2YtZnVBi0BATvr+EnJim9w6PcR
lEjHXRg/sBdyFgxzInq/koZDxW676XbG5M4IvQ==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIDxDCCAqygAwIBAgIBGDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML
U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xOTAy
MDcxNDUzMDdaFw0yMTAyMDYxNDUzMDdaMIGAMQswCQYDVQQGEwJOTzEPMA0GA1UECAwGTm9yd2F5
MRIwEAYDVQQHDAlUcm9uZGhlaW0xETAPBgNVBAoMCFNpZ25pY2F0MREwDwYDVQQLDAhTaWduaWNh
dDEmMCQGA1UEAwwdZXUwMS5wcmVwcm9kLnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDB3OLNVC40cYL1TDVR8srKJNij6g/7lqFK1PMZZpaVOmGpqXFcvb5G
Hu61Sf6lpCunccKYKFWm3nUFeI2Av28fXnG4/l1OxLZwKI6WtwfMuWjMytnn9U3AfRV8fAnSn6GJ
ZGo3otgSZF4aQ3E1RQnJOOoWUmuD0HsiDsrSNgVffGHpJ8GVmgPl13fX6pPMDGd31Yp4q1nhajrz
PS3CcrSiPVBVp4ie9pFeX2oSSs8l/trhFLG1owM/mkx491K7NTViIobZ4Xb4o72tnnTZ2+6Ja/H3
sX17zy7QsnZB1wx7cNqgyRCYQG11Ohg3auV7RicJ5iAzN35+GBaUgmj+93e/AgMBAAGjfzB9MAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0
ZTAdBgNVHQ4EFgQU+NIuhiepta8eWNjRI83T1+joLwEwHwYDVR0jBBgwFoAUstl+DZ605NwX3br6
61U41SHRS/YwDQYJKoZIhvcNAQELBQADggEBAHUTEb/DXv0gH8qCnzfIrZOZj+o/5pnZ9s4dNJ4Q
9meyYjvvbmj0Cl1wXKoExhCt97kbyaaGJlviZ+CNfapa0Xrh8Wed/6nhq6poGaizXam+gz8Qhy3m
7nB39euZVrREjY1VC51OcDUiZl72vq9va6cHR//AbDwdTT/k1uZO43NVQgirOsoI9Y3zfAycrON1
w9+3eKvRizLE6WwOLAb9KrTohr45y24chnr78oZmCymx+nA7okFkVq3TxdLXmZzcFjFb8yzPF/h4
JRu593P+pU7We2U7lxN/7DCLwxWKNW/5j3ygrOfXnST+uN+HD0Ma3DW1MOVa5tBQkxmoLxjW2ag=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
    </ds:Signature>
    <Status>
        <StatusCode Value="samlp:Success"/>
    </Status>
    <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_c91aa7e9e3dae3414481ccf4cd0b2c24" IssueInstant="2019-04-08T17:21:50.386Z" Issuer="test.signicat.com/std" MajorVersion="1" MinorVersion="1">
        <Conditions NotBefore="2019-04-08T17:21:50.386Z" NotOnOrAfter="2019-04-08T17:22:20.386Z"/>
        <AuthenticationStatement AuthenticationInstant="2019-04-08T17:21:50.385Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:itsme">
            <Subject>
                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:ksi:names:SAML:2.0:ac:itsme">fv11w93neaebqvt2s3qbitcmj5o4p8u3csje</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
        </AuthenticationStatement>
        <AttributeStatement>
            <Subject>
                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:ksi:names:SAML:2.0:ac:itsme">fv11w93neaebqvt2s3qbitcmj5o4p8u3csje</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
            <Attribute AttributeName="unique-id" AttributeNamespace="signicat">
                <AttributeValue>fv11w93neaebqvt2s3qbitcmj5o4p8u3csje</AttributeValue>
            </Attribute>
            <Attribute AttributeName="service-name" AttributeNamespace="signicat">
                <AttributeValue>signicat</AttributeValue>
            </Attribute>
            <Attribute AttributeName="method-name" AttributeNamespace="signicat">
                <AttributeValue>itsme-register</AttributeValue>
            </Attribute>
            <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
                <AttributeValue>Debora Test</AttributeValue>
            </Attribute>
            <Attribute AttributeName="security-level" AttributeNamespace="signicat">
                <AttributeValue>Level1</AttributeValue>
            </Attribute>
            <Attribute AttributeName="friendly-name" AttributeNamespace="signicat">
                <AttributeValue>Itsme</AttributeValue>
            </Attribute>
            <Attribute AttributeName="firstname" AttributeNamespace="signicat">
                <AttributeValue>Debora</AttributeValue>
            </Attribute>
            <Attribute AttributeName="lastname" AttributeNamespace="signicat">
                <AttributeValue>Test</AttributeValue>
            </Attribute>
            <Attribute AttributeName="sub" AttributeNamespace="itsme">
                <AttributeValue>fv11w93neaebqvt2s3qbitcmj5o4p8u3csje</AttributeValue>
            </Attribute>
            <Attribute AttributeName="birthdate" AttributeNamespace="itsme">
                <AttributeValue>1974-04-12</AttributeValue>
            </Attribute>
            <Attribute AttributeName="email_verified" AttributeNamespace="itsme">
                <AttributeValue>false</AttributeValue>
            </Attribute>
            <Attribute AttributeName="gender" AttributeNamespace="itsme">
                <AttributeValue>female</AttributeValue>
            </Attribute>
            <Attribute AttributeName="iss" AttributeNamespace="itsme">
                <AttributeValue>https://e2emerchant.itsme.be/oidc</AttributeValue>
            </Attribute>
            <Attribute AttributeName="phone_number_verified" AttributeNamespace="itsme">
                <AttributeValue>true</AttributeValue>
            </Attribute>
            <Attribute AttributeName="given_name" AttributeNamespace="itsme">
                <AttributeValue>Debora</AttributeValue>
            </Attribute>
            <Attribute AttributeName="aud" AttributeNamespace="itsme">
                <AttributeValue>SIGNICPPRD</AttributeValue>
            </Attribute>
            <Attribute AttributeName="name" AttributeNamespace="itsme">
                <AttributeValue>Debora Test</AttributeValue>
            </Attribute>
            <Attribute AttributeName="phone_number" AttributeNamespace="itsme">
                <AttributeValue>+32 423000551</AttributeValue>
            </Attribute>
            <Attribute AttributeName="family_name" AttributeNamespace="itsme">
                <AttributeValue>Test</AttributeValue>
            </Attribute>
            <Attribute AttributeName="email" AttributeNamespace="itsme">
                <AttributeValue>test@signicat.be</AttributeValue>
            </Attribute>
            <Attribute AttributeName="address.country" AttributeNamespace="itsme">
                <AttributeValue>BE</AttributeValue>
            </Attribute>
            <Attribute AttributeName="address.street_address" AttributeNamespace="itsme">
                <AttributeValue>place Sainte Gudule</AttributeValue>
            </Attribute>
            <Attribute AttributeName="address.locality" AttributeNamespace="itsme">
                <AttributeValue>Bruxelles</AttributeValue>
            </Attribute>
            <Attribute AttributeName="address.postal_code" AttributeNamespace="itsme">
                <AttributeValue>1000</AttributeValue>
            </Attribute>
        </AttributeStatement>
    </Assertion>
</Response>

# Norwegian BankID


Response example

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2017-09-21T12:23:18.954Z" MajorVersion="1" MinorVersion="1" Recipient="https://demo.signicat.com/id/saml/connect?selectedMethod=nbid" ResponseID="_0a1ea8667c0dd7cf129754dfc2527170">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_0a1ea8667c0dd7cf129754dfc2527170">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>WKjb52bGUyJMn/YRjD9ekvBHd7g=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
            hVWtXaBO4hsJYIGvYaupDzuM5UYxh6vJ6/BhsY/yINcyLNlpnfTJT84P0JgNi0fQiKXEV81iAENv
            BzK2MGcs61l/PGGWHIhVuARITWT/v/Gc9twCFI5sYmqOkydePCg4B2Pha1t510iuDy98pHVb+4ve
            B7ytcAKm2LxuUyrNyuMwEw4vMfbrgFwrfttz5GC6E/mMPUPJaNH6KiNNn+xzQUSmtgvPZQcd6f2o
            Dm83Zz0Jqaj7CPCxueWHjMuoskc3UIOEKdQ5tVVrllAJraI1zycaI+Qfb7rrlnaXYgsYdB2ozPsG
            N96i1t4+LqPfR+mjXeG69xsPMEK3L0HnO8LrPg==
        </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>
                    MIIDuzCCAqOgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML
                    U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xNzA3
                    MDUwOTM3MzNaFw0xOTA3MDUwOTM3MzNaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkx
                    EjAQBgNVBAcMCVRyb25kaGVpbTERMA8GA1UECgwIU2lnbmljYXQxETAPBgNVBAsMCFNpZ25pY2F0
                    MR4wHAYDVQQDDBV0ZXN0LnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
                    ggEKAoIBAQCyBY8hhOJIEw9flwQXOe+Kc1yDLeZBIgiiToip1wXW2f0vlFgr+UA0CMZHkrimekbu
                    uLRR2QDw9+4EWs5TASgdeKfUkVrgpvpY7CE0PxvSDhMTE9dRlWd/fFQrnPFsu6UES9Mg1c0jGDci
                    S3doqOT0OlPM2E4FP06Sdkq9wBp90KEZPoM6uZYFw2iOg4NpXAbmgvdRLLJV7GZhwTqrJDKSovNl
                    SzojhCM6HGGeS4HsNR+UDkSqELCfy0yFI4KGlOVhftHBjqE3xny0yiPjekY37hUMiAUsvIkOCxZe
                    sNw8EcEmQ0LBgsgzWiRmc3cY4c+XmgsbJKhSwYhPVZIbj5HnAgMBAAGjfzB9MAkGA1UdEwQCMAAw
                    CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
                    FgQUYMQXySEJc9Q/zGqvkuPUQ6nySQAwHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw
                    DQYJKoZIhvcNAQELBQADggEBAIW91gTlnn3EduMtTX4JiwLEBbs4z57Tgf3Gp01VzV1DemK0BNuT
                    KlVl+jMXmJJAKwuyizoLEqTkOva1z9o3ozUxhwqIVdtu5N5XaXjqgMm3wUDQjD5199nopI8SeWf7
                    C17s70wNF8O2h2hyn/FSi8mn28Gm4Jqi/U+X/gGKEP3bOGqBrptsSqAi6U8yvdN7PNGqSSGKWeG+
                    7yX1u4BPW8mWy93Hi+cuEe0oIdOVrEbUKoFVy4bcE69sG6RxTmaELjCy0OmoW16UoHJwIDyJWXx9
                    qkS5sFcT/jb3kuSnZ17ZC99EgScO8NKuKrJgHei9k13xSwsUAmnI7mInW4CfJ0c=
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <Status>
        <StatusCode Value="samlp:Success"/>
    </Status>
    <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_c849240d11e0ecac580a7a16cc9c3513" IssueInstant="2017-09-21T12:23:18.954Z" Issuer="test.signicat.com/std" MajorVersion="1" MinorVersion="1">
        <Conditions NotBefore="2017-09-21T12:23:18.954Z" NotOnOrAfter="2017-09-21T12:23:48.954Z"/>
        <AuthenticationStatement AuthenticationInstant="2017-09-21T12:23:18.801Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:BankID-NO">
            <Subject>
                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=Weasley\, Ginny,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-877</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
        </AuthenticationStatement>
        <AttributeStatement>
            <Subject>
                <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=Weasley\, Ginny,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-877</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
            <Attribute AttributeName="service-name" AttributeNamespace="signicat">
                <AttributeValue>demo.signicat.com</AttributeValue>
            </Attribute>
            <Attribute AttributeName="method-name" AttributeNamespace="signicat">
                <AttributeValue>nbid</AttributeValue>
            </Attribute>
            <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
                <AttributeValue>Weasley, Ginny</AttributeValue>
            </Attribute>
            <Attribute AttributeName="security-level" AttributeNamespace="signicat">
                <AttributeValue>3</AttributeValue>
            </Attribute>
            <Attribute AttributeName="unique-id" AttributeNamespace="signicat">
                <AttributeValue>9578-6000-4-877</AttributeValue>
            </Attribute>
            <Attribute AttributeName="national-id" AttributeNamespace="signicat">
                <AttributeValue>10109001290</AttributeValue>
            </Attribute>
            <Attribute AttributeName="date-of-birth" AttributeNamespace="signicat">
                <AttributeValue>1990-10-10</AttributeValue>
            </Attribute>
            <Attribute AttributeName="action" AttributeNamespace="bankid">
                <AttributeValue>auth</AttributeValue>
            </Attribute>
            <Attribute AttributeName="bankid-no" AttributeNamespace="unique-id">
                <AttributeValue>9578-6000-4-877</AttributeValue>
            </Attribute>
            <Attribute AttributeName="no.fnr" AttributeNamespace="national-id">
                <AttributeValue>10109001290</AttributeValue>
            </Attribute>
            <Attribute AttributeName="firstname" AttributeNamespace="bankid.certificate">
                <AttributeValue>Ginny</AttributeValue>
            </Attribute>
            <Attribute AttributeName="lastname" AttributeNamespace="bankid.certificate">
                <AttributeValue>Weasley</AttributeValue>
            </Attribute>
            <Attribute AttributeName="issuer-dn" AttributeNamespace="bankid.certificate">
                <AttributeValue>CN=BankID TestBank1 Bank CA 2,OU=123456789,O=TestBank1 AS,C=NO</AttributeValue>
            </Attribute>
            <Attribute AttributeName="subject-dn" AttributeNamespace="bankid.certificate">
                <AttributeValue>CN=Weasley\, Ginny,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-877</AttributeValue>
            </Attribute>
            <Attribute AttributeName="plain-name" AttributeNamespace="bankid.certificate">
                <AttributeValue>Weasley, Ginny</AttributeValue>
            </Attribute>
            <Attribute AttributeName="serialnumber" AttributeNamespace="bankid.certificate">
                <AttributeValue>685521</AttributeValue>
            </Attribute>
            <Attribute AttributeName="unique-id" AttributeNamespace="bankid.certificate">
                <AttributeValue>9578-6000-4-877</AttributeValue>
            </Attribute>
            <Attribute AttributeName="valid-from" AttributeNamespace="bankid.certificate">
                <AttributeValue>2017-06-13</AttributeValue>
            </Attribute>
            <Attribute AttributeName="valid-to" AttributeNamespace="bankid.certificate">
                <AttributeValue>2019-06-13</AttributeValue>
            </Attribute>
            <Attribute AttributeName="date-of-birth" AttributeNamespace="bankid.certificate">
                <AttributeValue>1990-10-10</AttributeValue>
            </Attribute>
            <Attribute AttributeName="version-number" AttributeNamespace="bankid.certificate">
                <AttributeValue>3</AttributeValue>
            </Attribute>
            <Attribute AttributeName="key-algorithm" AttributeNamespace="bankid.certificate">
                <AttributeValue>RSA</AttributeValue>
            </Attribute>
            <Attribute AttributeName="key-size" AttributeNamespace="bankid.certificate">
                <AttributeValue>2048</AttributeValue>
            </Attribute>
            <Attribute AttributeName="policy-oid" AttributeNamespace="bankid.certificate">
                <AttributeValue>2.16.578.1.16.1.12.1.1</AttributeValue>
            </Attribute>
            <Attribute AttributeName="originator" AttributeNamespace="bankid.certificate">
                <AttributeValue>9980</AttributeValue>
            </Attribute>
            <Attribute AttributeName="bank" AttributeNamespace="bankid.certificate">
                <AttributeValue>BINAS</AttributeValue>
            </Attribute>
            <Attribute AttributeName="qualified" AttributeNamespace="bankid.certificate">
                <AttributeValue>true</AttributeValue>
            </Attribute>
            <Attribute AttributeName="monetary-limit-amount" AttributeNamespace="bankid.certificate">
                <AttributeValue>100000</AttributeValue>
            </Attribute>
            <Attribute AttributeName="monetary-limit-currency" AttributeNamespace="bankid.certificate">
                <AttributeValue>NOK</AttributeValue>
            </Attribute>
            <Attribute AttributeName="fnr" AttributeNamespace="bankid.va">
                <AttributeValue>10109001290</AttributeValue>
            </Attribute>
        </AttributeStatement>
    </Assertion>
</Response>

# Norwegian BankID on mobile


Response example

<Response IssueInstant="2017-04-19T11:00:14.164Z" MajorVersion="1" MinorVersion="1" Recipient="https://internal.signicat.com/james-alaska/response" ResponseID="_16c81d3232f991b7c02982ea02b7c6ae" xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
         <ds:Reference URI="#_16c81d3232f991b7c02982ea02b7c6ae">
            <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
               <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                  <ec:InclusiveNamespaces PrefixList="code ds kind rw saml samlp typens #default xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces>
               </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
            <ds:DigestValue>vBd9Rb1wolCKE0IfZkYbYsOq3UY=</ds:DigestValue>
         </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>OkMtDLQvJ+i4s/rmAbz56BlXK0TYkVgbzuWVLoaBBlnv2KktG/iUaadh0yhfuS6SP92xtndCykUt mwpJKTW3eNcZAVmSKMiFSjqmnVFxyByNnI8JGyyig4fuyemRkmXWDr5splw0H++96YXqwi3xZ/Di k7gHoA5GcCXRMv7oM4JTevrGmj8RJqhm6BQK2ig+jH7DdFuCaOxqJdPOzYyMbqqRKNuV9rbAvmXP aDjDLtPaA2fEB2Q8mCEjGZjZ3604ZfrdJJM61We+obuGP4HAdt4oMXCL/m389OuzmVN3SflhBlNu NK9jdSUz4j6vb6kJXwmkDl+aJiWY2hlqiqUHeA==</ds:SignatureValue>
      <ds:KeyInfo>
         <ds:X509Data>
            <ds:X509Certificate>MIIDuzCCAqOgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xNTA1 MTIxMzA4MzVaFw0xNzA5MjMxMzA4MzVaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkx EjAQBgNVBAcMCVRyb25kaGVpbTERMA8GA1UECgwIU2lnbmljYXQxETAPBgNVBAsMCFNpZ25pY2F0 MR4wHAYDVQQDDBV0ZXN0LnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCnVHnRlvqzV6RPNjPTSOqboAH8xJwOR2hncTcYsVZ8U5TLYAwaphaiGa5Sx2PGpi/R 8+uVyxAm3EdOcXBIg60sfZ7dhXl78x0porzXA4wxFTd3wTpAYh/jt2JX0aLnEtYATvVzW1xatmQO DBhBpwZ0Gj352FadQFVobqhKkJJkguudQ6z0QpZiRRDuA1vXXrnCmwCfzXmGXVOfMIfgkvPz85EG d5Y365UALDLWcbamk7Z/llEXc+oaOR6amdFVxnH3ksSyfZ+Hhi2G9qijiLKs1qp516pwVdb3flry JRsoa9GccS68rQN6EzD+S9io7qmUGQkfBpKd9s8O2SwqhSjtAgMBAAGjfzB9MAkGA1UdEwQCMAAw CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E FgQUlvBuK7QGLkIZlNUxMaZwjtVOZyIwHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw DQYJKoZIhvcNAQELBQADggEBAEhA48Ioyr6qSySmFBmxitUC+421IgTZ6ZOPLE8u0QLCXuUdwicO OAtn5ue3iSq6kxMI5jPa3JFQdX/sCgeON0jZGCvcJ8DOw4ScwR7OjLk0cHLpb1t+8ns9YAPjy0Ho 69N0L4vSujKWA4pw3T2Hw2XIKRSqfgfrjAlSXBugQNl0NB9PmCvUbfHwGsz1ldgNjAUfMweSyRfi R6ZrRaUjzB93q2cpY4kWVgCld0Kw+Qu/qaEXn1BpA7Lf9ZDyMQjqbbEug2t40Y/Ey90eYotj5cHg B5XLK+N1Z8S6fmWFwGiMYDCvg60dOUfLp4b/7KK0aj79l7WH7f6FCeT0uIuqpdQ=</ds:X509Certificate>
         </ds:X509Data>
      </ds:KeyInfo>
   </ds:Signature>
   <Status>
      <StatusCode Value="samlp:Success"></StatusCode>
   </Status>
   <Assertion AssertionID="_41698831a897a2b2772e235f49115907" IssueInstant="2017-04-19T11:00:14.164Z" Issuer="https://test.signicat.com/std" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
      <Conditions NotBefore="2017-04-19T11:00:14.164Z" NotOnOrAfter="2017-04-19T11:00:44.164Z"></Conditions>
      <AuthenticationStatement AuthenticationInstant="2017-04-19T11:00:12.897Z" AuthenticationMethod="urn:signicat:names:SAML:2.0:ac:BankID-NO-mobile">
         <Subject>
            <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=Pendragon\, Martin Test,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-63625</NameIdentifier>
            <SubjectConfirmation>
               <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
            </SubjectConfirmation>
         </Subject>
      </AuthenticationStatement>
      <AttributeStatement>
         <Subject>
            <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=Pendragon\, Martin Test,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-63625</NameIdentifier>
            <SubjectConfirmation>
               <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
            </SubjectConfirmation>
         </Subject>
         <Attribute AttributeName="service-name" AttributeNamespace="signicat">
            <AttributeValue>signicat</AttributeValue>
         </Attribute>
         <Attribute AttributeName="method-name" AttributeNamespace="signicat">
            <AttributeValue>nbid-mobil</AttributeValue>
         </Attribute>
         <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
            <AttributeValue>Pendragon, Martin Test</AttributeValue>
         </Attribute>
         <Attribute AttributeName="security-level" AttributeNamespace="signicat">
            <AttributeValue>3</AttributeValue>
         </Attribute>
         <Attribute AttributeName="unique-id" AttributeNamespace="signicat">
            <AttributeValue>9578-6000-4-63625</AttributeValue>
         </Attribute>
         <Attribute AttributeName="national-id" AttributeNamespace="signicat">
            <AttributeValue>13055012345</AttributeValue>
         </Attribute>
         <Attribute AttributeName="action" AttributeNamespace="bankid">
            <AttributeValue>auth</AttributeValue>
         </Attribute>
         <Attribute AttributeName="bankid-no" AttributeNamespace="unique-id">
            <AttributeValue>9578-6000-4-63625</AttributeValue>
         </Attribute>
         <Attribute AttributeName="no.fnr" AttributeNamespace="national-id">
            <AttributeValue>13055012345</AttributeValue>
         </Attribute>
         <Attribute AttributeName="firstname" AttributeNamespace="bankid.certificate">
            <AttributeValue>Martin Test</AttributeValue>
         </Attribute>
         <Attribute AttributeName="lastname" AttributeNamespace="bankid.certificate">
            <AttributeValue>Pendragon</AttributeValue>
         </Attribute>
         <Attribute AttributeName="issuer-dn" AttributeNamespace="bankid.certificate">
            <AttributeValue>CN=BankID TestBank1 Bank CA 2,OU=123456789,O=TestBank1 AS,C=NO</AttributeValue>
         </Attribute>
         <Attribute AttributeName="subject-dn" AttributeNamespace="bankid.certificate">
            <AttributeValue>CN=Pendragon\, Martin Test,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-63625</AttributeValue>
         </Attribute>
         <Attribute AttributeName="plain-name" AttributeNamespace="bankid.certificate">
            <AttributeValue>Pendragon, Martin Test</AttributeValue>
         </Attribute>
         <Attribute AttributeName="serialnumber" AttributeNamespace="bankid.certificate">
            <AttributeValue>401970</AttributeValue>
         </Attribute>
         <Attribute AttributeName="unique-id" AttributeNamespace="bankid.certificate">
            <AttributeValue>9578-6000-4-63625</AttributeValue>
         </Attribute>
         <Attribute AttributeName="valid-from" AttributeNamespace="bankid.certificate">
            <AttributeValue>2016-02-24</AttributeValue>
         </Attribute>
         <Attribute AttributeName="valid-to" AttributeNamespace="bankid.certificate">
            <AttributeValue>2018-02-24</AttributeValue>
         </Attribute>
         <Attribute AttributeName="date-of-birth" AttributeNamespace="bankid.certificate">
            <AttributeValue>1950-05-13</AttributeValue>
         </Attribute>
         <Attribute AttributeName="version-number" AttributeNamespace="bankid.certificate">
            <AttributeValue>3</AttributeValue>
         </Attribute>
         <Attribute AttributeName="key-algorithm" AttributeNamespace="bankid.certificate">
            <AttributeValue>RSA</AttributeValue>
         </Attribute>
         <Attribute AttributeName="key-size" AttributeNamespace="bankid.certificate">
            <AttributeValue>1024</AttributeValue>
         </Attribute>
         <Attribute AttributeName="policy-oid" AttributeNamespace="bankid.certificate">
            <AttributeValue>2.16.578.1.16.1.12.2.1</AttributeValue>
         </Attribute>
         <Attribute AttributeName="originator" AttributeNamespace="bankid.certificate">
            <AttributeValue>9999</AttributeValue>
         </Attribute>
         <Attribute AttributeName="bank" AttributeNamespace="bankid.certificate">
            <AttributeValue>TestBank1</AttributeValue>
         </Attribute>
         <Attribute AttributeName="phone" AttributeNamespace="bankid.certificate">
            <AttributeValue>+4791673074</AttributeValue>
         </Attribute>
         <Attribute AttributeName="qualified" AttributeNamespace="bankid.certificate">
            <AttributeValue>false</AttributeValue>
         </Attribute>
         <Attribute AttributeName="fnr" AttributeNamespace="bankid.va">
            <AttributeValue>13055012345</AttributeValue>
         </Attribute>
         <Attribute AttributeName="phone" AttributeNamespace="signicat">
            <AttributeValue>91673074</AttributeValue>
         </Attribute>
         <Attribute AttributeName="fullname" AttributeNamespace="common">
            <AttributeValue>Pendragon, Martin Test</AttributeValue>
         </Attribute>
         <Attribute AttributeName="bankid-no" AttributeNamespace="unique-id">
            <AttributeValue>9578-6000-4-63625</AttributeValue>
         </Attribute>
         <Attribute AttributeName="fnr" AttributeNamespace="national-id.no">
            <AttributeValue>13055012345</AttributeValue>
         </Attribute>
      </AttributeStatement>
   </Assertion>
</Response>

# Buypass


Response example

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2013-09-16T10:16:49.211Z" MajorVersion="1" MinorVersion="1" Recipient="https://test.signicat.com/james-alaska/response?url=https://test.signicat.com/james-alaska/app/?wicket:bookmarkablePage=:ksi.admin.app.page.DemoPage" ResponseID="_6905ae2ebb392d20e9cfa09518c6a73c">
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
      <ds:Reference URI="#_6905ae2ebb392d20e9cfa09518c6a73c">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
          </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
        <ds:DigestValue>K8jiMKpdLfk43US16jYxnoUtCJc=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue> G5yanFj2j3jZw/hPCtYKwR0jrllpOa4me0m/oeeb+9mWEjt+9UgMcE0diV7BttxnOoWSAsSukfL0 IStcyIOywS4Z/at/x5eQrIOLYyHUFLlhtRVpM2AzYYX8NmOb+8yC4kM2T/cE4GnzB1fdZB1uImt3 5kqPiG+f0qAXihQ4lGgJYOVN1LIu3xFtbCw22X4GQrLxT3NrFWpGqBqE3/OKhHFtPp1yL2N4htoK vOQvXhON4qkQICD5HyIYWOE2YlRVM6wPO06qnAAG7uEpXABtSJuQV0JL9SPRZOHGxs2lGal3duul dnBBLfqurPw9NrfAz6Qwb6hxQ+LhAV982bkHiw== </ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate> MIIDuzCCAqOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xMTA4 MDExMjMyNThaFw0xMzEwMjkxMjMyNThaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIEwZOb3J3YXkx EjAQBgNVBAcTCVRyb25kaGVpbTERMA8GA1UEChMIU2lnbmljYXQxETAPBgNVBAsTCFNpZ25pY2F0 MR4wHAYDVQQDExV0ZXN0LnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCWUoZYyNjxht64J/AyxV807psI0e0yxLoAAKw82QaClDodgfpRLJ1RcMq4RfQvptjx zMxwxseKcRTBnDsPQ1k93D4yzrrySlWwk6/fv4G/zaSDhIc6JKZjPO9/NxILdVdGJ4/a78fMtYjF oTC6vV884GdewFtXvPIse309Opfw/O8mkr709G8yCyuLX6qHIYO2loTMEPrawKdiOva9Hst2wKGj JWtX31qhOs8OE6A57ymzfkFzch0IVdqsDg6nLfWRwY5CzBhAYAfwYEXAuwOc0eppZ7HkqryFxeFM DF5wz8sNoBs1Pu5Wm0xEeqTq34vqHMdfG+fXoITiY16Xe+x9AgMBAAGjfzB9MAkGA1UdEwQCMAAw CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E FgQUDHKNW1c2WXmsa2CLURzBAsBH5f4wHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw DQYJKoZIhvcNAQEFBQADggEBAAwjTtaZtDMb8TszQgWqlXq2F06OjTPNosSYjssX7n127zQ9594J VIi2Yx9YSUrWB/bEHoHoSrzLb8jWtycKct8MNHIHWI/pvjI/A+e7l0vG66WFyzwngr4LVFSm0t35 D3s8k8lanZ5NA5n1OXSc/bAi9iI8CcVaCdXPrvbxDBOx6ba9+EpN6xXDixP/i2q+TLspv4VOrn+7 JGN9NQiQTSTSua1f6E7EYY6BxrWtdzF/7Y8gZoTok3Cj0vnZf7LOXRKKSTs8ofg2goDriw1ad8ku VvxfOoltLeXhO4GQACBo45nNZuNnCwFDgUp6IMDOG1mRUR5wcWbS/i9hqgtkpsA= </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>
  <Status>
    <StatusCode Value="samlp:Success"></StatusCode>
  </Status>
  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_a029806c6864a33ccfcdc52930fdc5f3" IssueInstant="2013-09-16T10:16:49.211Z" Issuer="test.signicat.com/std" MajorVersion="1" MinorVersion="1">
    <Conditions NotBefore="2013-09-16T10:16:49.211Z" NotOnOrAfter="2013-09-16T10:17:19.211Z"></Conditions>
    <AuthenticationStatement AuthenticationInstant="2013-09-16T10:16:49.209Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:Buypass">
      <Subject>
        <NameIdentifier Format="urn:kantega:ksi:3.5:nameid-format:buypassid">100085885</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
    </AuthenticationStatement>
    <AttributeStatement>
      <Subject>
        <NameIdentifier Format="urn:kantega:ksi:3.5:nameid-format:buypassid">100085885</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
      <Attribute AttributeName="service-name" AttributeNamespace="signicat">
        <AttributeValue>demo</AttributeValue>
      </Attribute>
      <Attribute AttributeName="method-name" AttributeNamespace="signicat">
        <AttributeValue>buypass</AttributeValue>
      </Attribute>
      <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
        <AttributeValue>JOHANN PSA HOV</AttributeValue>
      </Attribute>
      <Attribute AttributeName="security-level" AttributeNamespace="signicat">
        <AttributeValue>3</AttributeValue>
      </Attribute>
      <Attribute AttributeName="buypass" AttributeNamespace="unique-id">
        <AttributeValue>100085885</AttributeValue>
      </Attribute>
      <Attribute AttributeName="firstname" AttributeNamespace="buypass">
        <AttributeValue>JOHANN</AttributeValue>
      </Attribute>
      <Attribute AttributeName="middlename" AttributeNamespace="buypass">
        <AttributeValue>PSA</AttributeValue>
      </Attribute>
      <Attribute AttributeName="lastname" AttributeNamespace="buypass">
        <AttributeValue>HOV</AttributeValue>
      </Attribute>
      <Attribute AttributeName="customer-id" AttributeNamespace="buypass">
        <AttributeValue>BP00215520</AttributeValue>
      </Attribute>
      <Attribute AttributeName="buypass-id" AttributeNamespace="buypass">
        <AttributeValue>100085885</AttributeValue>
      </Attribute>
      <Attribute AttributeName="issuer-realm" AttributeNamespace="buypass">
        <AttributeValue>PUBLIC</AttributeValue>
      </Attribute>
      <Attribute AttributeName="selected-tech" AttributeNamespace="buypass">
        <AttributeValue>ips:BPSC</AttributeValue>
      </Attribute>
      <Attribute AttributeName="id-status" AttributeNamespace="buypass">
        <AttributeValue>Ok</AttributeValue>
      </Attribute>
      <Attribute AttributeName="certificate" AttributeNamespace="buypass">
        <AttributeValue>-----BEGIN CERTIFICATE----- MIIEmDCCA4CgAwIBAgIKARjrwwcwDjYnuTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIzAhBgNVBAMMGkJ1eXBhc3MgQ2xhc3MgMyBU ZXN0NCBDQSAzMB4XDTEyMDUwOTE1MzAyNFoXDTE1MDUwOTA4MTA1NlowRDELMAkGA1UEBhMCTk8x FzAVBgNVBAMMDkpPSEFOTiBQU0EgSE9WMRwwGgYDVQQFExM5NTc4LTQwNTAtMTAwMDg1ODg1MIIB HzANBgkqhkiG9w0BAQEFAAOCAQwAMIIBBwKB/wC5f0LKk+ZtuWkf+Glt7ogfRF2Rk2+gEvjggroT NoeX/lIywoxY4azEDMpNHx11ao1zSv0vo6SzFIH+gg0rTpzbHWars4XzKdlYlrpqVnK/H29iopGq OUXx666omPGL4ZWhKG/krEoEhEfx9q7HyCuQGOn/ppZOLxQEGat2r+D7dyLahHrtVyvctIn95Nz+ a7WTvCBhGUF/7IDPfxC429CSkkc40hDrRdhu7C4unAdJbGO09Wf251mElcoobf396kBCItckoS8S R5BHyE/RkT+VMcExoHghuDMHcdrFTUV6XaPhK9Z8PPXaUuvUvtij24zfF4/4/sFkzodN58KDQQID AQABo4IBgDCCAXwwCQYDVR0TBAIwADAfBgNVHSMEGDAWgBQ/rvV4C5KjcCA1X1r69ySgUgHwQTAd BgNVHQ4EFgQUj5nqJtR0B8ZoRP/avzujhhSRu18wDgYDVR0PAQH/BAQDAgO4MBQGA1UdIAQNMAsw CQYHYIRCARoBADCBuwYDVR0fBIGzMIGwMDegNaAzhjFodHRwOi8vY3JsLnRlc3Q0LmJ1eXBhc3Mu bm8vY3JsL0JQQ2xhc3MzVDRDQTMuY3JsMHWgc6Bxhm9sZGFwOi8vbGRhcC50ZXN0NC5idXlwYXNz Lm5vL2RjPUJ1eXBhc3MsZGM9Tk8sQ049QnV5cGFzcyUyMENsYXNzJTIwMyUyMFRlc3Q0JTIwQ0El MjAzP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3QwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAB hi9odHRwOi8vb2NzcC50ZXN0NC5idXlwYXNzLm5vL29jc3AvQlBDbGFzczNUNENBMzANBgkqhkiG 9w0BAQUFAAOCAQEAjyQGkvi5Gbu0LR4/yRA0Hs2waJ3zDrIE4IWNy+vTdKDhviFVkAIEp3httP5L e84V4vkoAtfvGTtAMOZmBOvhRIvfnuEB22aY8Atg6bv0b5Uu6ZGFeuk5Vo+5KIgcAtcffOI6Y7Dq lvifpVWSXlSm0+Px6H+BXkIEvXr4F99h0C22Y6TPCS4PdGAdblpDItzOfZjTZg5lIlSYj7R2mjgd i8sEm+60xPVMW4TuptMeiHc0wq5aLvJaXOMa7a4D6o5yc0DGrg5da7wporVplW/iyQZFE9IJgavP RJEvm7bTewbdkWYioRR5Z0oY5/g+aOwkkdwaphqSTjGwCCdUUVNLBQ== -----END CERTIFICATE-----</AttributeValue>
      </Attribute>
      <Attribute AttributeName="ca-dn" AttributeNamespace="buypass">
        <AttributeValue>CN=Buypass Class 3 Test4 CA 3, O=Buypass AS-983163327, C=NO</AttributeValue>
      </Attribute>
      <Attribute AttributeName="plain-name" AttributeNamespace="buypass">
        <AttributeValue>JOHANN PSA HOV</AttributeValue>
      </Attribute>
      <Attribute AttributeName="serialnumber" AttributeNamespace="buypass">
        <AttributeValue>5182076770761024350137</AttributeValue>
      </Attribute>
      <Attribute AttributeName="valid-from" AttributeNamespace="buypass">
        <AttributeValue>2012-05-09</AttributeValue>
      </Attribute>
      <Attribute AttributeName="valid-to" AttributeNamespace="buypass">
        <AttributeValue>2015-05-09</AttributeValue>
      </Attribute>
    </AttributeStatement>
  </Assertion>
</Response>

# Smart-ID


Response example

<Response xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
          xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2017-12-05T08:12:57.083Z" MajorVersion="1"
          MinorVersion="1" Recipient="https://id01.signicat.net:4443/james/response"
          ResponseID="_644ad10ea164023061b14847ed465304">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
            <ds:Reference URI="#_644ad10ea164023061b14847ed465304">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                                                PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
                <ds:DigestValue>vq6lo/6UXvGUxXeXhRykCHNA1w8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>E3qQPgoUZhK9Cq7fvllwhMu521mPe2ez44V9IXmNXtWzgLmZUqici3NBD6Xc6fN9+awKQkjmDOmD
            Z5m0E6Ht1/g6MCnEAzXrl5HQv1FbZtrcy5B8bvmQGVENgxeXe2gZfZA+1s0Plymucpv7u8Kif9oy
            +elB/2wtv7OjgaVei23X5h6Knp/tqhSh8UHw3FZbloZZMYinfZiaWyNXVh/XQ+vrtAA330JRg2K0
            vRFc6aFv/+mPWUjxZO5GUoSNAQ29bnDJLuODPcVG/ZmDR9aEopWAYmXm46LGoMLd+rXilBpxbxTZ
            iqr9q+vENCpSolOkpSqPE1nUgsYgf8cQal0PrQ==
        </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDsTCCApmgAwIBAgIBFTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML
                    U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xNzA5
                    MjUxMDEzNDBaFw0xOTA5MjUxMDEzNDBaMG4xCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkx
                    EjAQBgNVBAcMCVRyb25kaGVpbTERMA8GA1UECgwIU2lnbmljYXQxETAPBgNVBAsMCFNpZ25pY2F0
                    MRQwEgYDVQQDDAtEZXZlbG9wbWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANmg
                    RCDuwdwxyQ6nGtnaE2qC1ZWkLOj1M+YA+ojpbkdbolcHDCcxosdT8s6lkLlBRa+0XnNhQ4PVKOdi
                    vhqDQxKwlaXN+g8tHvTGPGWA2UVcweiwESTVQ+fhUhGVYcV11+P+U887h8EwER3RK1ziZmLKDCKT
                    6blzCy1gFD4da3a9CbZvYWCm7nvlIvC/4CrlqDhpQrSdsN2lxnhU4AI+awWAz3Awmug/gk8V+EoX
                    NbntHrKeMDVA/iBHxwyFfYGAz5JxYPO2JzgdPPic0esJ1/LinMjQf5ilvdmE7XlV0mq9eUMwZ2Ni
                    daUmtdeWw37M9gCvAVBwUVX+tbpGmzrorF8CAwEAAaN/MH0wCQYDVR0TBAIwADALBgNVHQ8EBAMC
                    BeAwIwYJYIZIAYb4QgENBBYWFFNpZ25pY2F0IENlcnRpZmljYXRlMB0GA1UdDgQWBBQo2Kh4ZtP1
                    Qd9gFLwBJcxXvr3ScTAfBgNVHSMEGDAWgBSy2X4NnrTk3BfduvrrVTjVIdFL9jANBgkqhkiG9w0B
                    AQsFAAOCAQEAGgocxS64OW4jQpylvxa+sPkxu+I82DxjaVk1rGlSNYL4Kar0R3gUpSgC703lB5z/
                    HN9hciTzlqOKVY9Qx1kVvyQwL0JQwzLWh6uTuFvYDcxJNo8S3JAENBRdk3GJqLFHG/G32QMZEBVv
                    U6cM8OOnPdHxkvacRpUqyzCES/0ttL9KodWIjZW166vu8JSukC3qcn+PJ46pJkFRAnFhQCMKU0sJ
                    481cx8mwiB5oAVFfTQyKxHZQ+aNdONaYfjHh6CRD6r3neh8ABZM5+1cUjPULdDTb7S5Q0QGgdC9t
                    pFlKAUrUblnJe3520InhvEEgIhzcGiW/YDDz79pUzwm4UQemMA==
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <Status>
        <StatusCode Value="samlp:Success"></StatusCode>
    </Status>
    <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_d4c82fe03c19a26fd1dc624ae0e90333"
               IssueInstant="2017-12-05T08:12:57.083Z" Issuer="https://qa.loc/std" MajorVersion="1" MinorVersion="1">
        <Conditions NotBefore="2017-12-05T08:12:57.083Z" NotOnOrAfter="2017-12-05T08:13:27.083Z"></Conditions>
        <AttributeStatement>
            <Subject>
                <NameIdentifier Format="urn:kantega:ksi:3.0:nameid-format:etsi-pno">PNOEE-10101010005</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
            <Attribute AttributeName="friendly-name" AttributeNamespace="signicat">
                <AttributeValue>Smart ID</AttributeValue>
            </Attribute>
            <Attribute AttributeName="service-name" AttributeNamespace="signicat">
                <AttributeValue>acme</AttributeValue>
            </Attribute>
            <Attribute AttributeName="method-name" AttributeNamespace="signicat">
                <AttributeValue>smart-id</AttributeValue>
            </Attribute>
            <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
                <AttributeValue>DEMO SMART-ID</AttributeValue>
            </Attribute>
            <Attribute AttributeName="first-name" AttributeNamespace="signicat">
                <AttributeValue>DEMO</AttributeValue>
            </Attribute>
            <Attribute AttributeName="last-name" AttributeNamespace="signicat">
                <AttributeValue>SMART-ID</AttributeValue>
            </Attribute>
            <Attribute AttributeName="security-level" AttributeNamespace="signicat">
                <AttributeValue>3</AttributeValue>
            </Attribute>
            <Attribute AttributeName="unique-id" AttributeNamespace="signicat">
                <AttributeValue>PNOEE-10101010005</AttributeValue>
            </Attribute>
            <Attribute AttributeName="national-id" AttributeNamespace="signicat">
                <AttributeValue>PNOEE-10101010005</AttributeValue>
            </Attribute>
            <Attribute AttributeName="identity-code" AttributeNamespace="smart-id">
                <AttributeValue>10101010005</AttributeValue>
            </Attribute>
            <Attribute AttributeName="nationality" AttributeNamespace="signicat">
                <AttributeValue>ee</AttributeValue>
            </Attribute>
            <Attribute AttributeName="ma" AttributeNamespace="sig">
                <AttributeValue>foobar</AttributeValue>
            </Attribute>
        </AttributeStatement>
    </Assertion>
</Response>

# DNIe


Response example

SAML assertion attributes:

Attribute Example
subject.name CN=”LOPEZ, JOSÉ PEPE (AUTENTICACIÓN)”, GIVENNAME=JOSÉ, SURNAME=LOPEZ, SERIALNUMBER=12345678X, C=ES
subject.format urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
subject.nameQualifier
authentication.method urn:ksi:names:SAML:2.0:ac:DNIe
authentication.instant Thu Dec 19 10:16:29 CET 2013
signicat.service-name servicename
signicat.method-named dnie
signicat.security-level 3
signicat.plain-name JOSÉ PEPE LOPEZ
signicat.pki.serial 11111222223333344444555556666677777888
dnie.serialnumber 12345678X
es.unique-id 12345678X
dnie.givenname JOSÉ PEPE
dnie.surname LOPEZ
dnie.cn LOPEZ, JOSÉ PEPE (AUTENTICACIÓN)

If you have additional requirements regarding the contents of the SAML response, please contact support@signicat.com.

# Swedish BankID


Response example

<Response
    xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2017-12-11T13:19:57.052Z" MajorVersion="1" MinorVersion="1" Recipient="https://qa.signicat.com/james/response" ResponseID="_276f8327bed57320511033d441ebb616">
    <ds:Signature
        xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
            <ds:Reference URI="#_276f8327bed57320511033d441ebb616">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces
                            xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi">
                        </ec:InclusiveNamespaces>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
                <ds:DigestValue>BsVFPBov4vwZRVxZfdpLbi2t/h8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue> XdZ/fqBGDycQBitnBy4M26/joZ0NimXJYgM02yfgavdgTiGaeLtCOkPCrXWuJ54jnIzWBYHCTowm Wvg8mwz1ZdZfo9MrtwDkwJmYnvMoPQ+x0cDb+NyCFzECE7UJbtWjOWi8u5hS+KlOZFHVIJ35iOsu TVKDQ/TIHuNegjH1g4SUZzocYblNROPlWpybvWPfvizr0NE2K7nMHmdSQwqlkxHlMUrwkg7xSUDz La9qtkacYqUKNdEy58Su06HM4g0aejnpvty+zQtBn01qCKPFlGhAZoWBGzGM1jbzjdTe+fX+dRI8 Zlo72hCt5IizbFMO6EQMTiwxRru619Bbz/8mGQ== </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate> MIIDuzCCAqOgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xNzA5 MjUxMDA4MDVaFw0xOTA5MjUxMDA4MDVaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIDAZOb3J3YXkx EjAQBgNVBAcMCVRyb25kaGVpbTERMA8GA1UECgwIU2lnbmljYXQxETAPBgNVBAsMCFNpZ25pY2F0 MR4wHAYDVQQDDBViZXRhLnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCXZorbsojIT6lf29ejt0rjLW7DvLfUFvWHWyy5rUbCFUB4wgutWmaGY6C+NVe/kgng /z9T3TBWySiBCsVFLV2i9d/67bw/rIlrvQCcUnQ2/sqKRVW7MMni7Wb3XHjD/wLeCSSKmnKcsQ/9 gEOsNqZjOT5pBcmF75a6b8dn4+3M8abg7zgrMfx6E3JEyZ2azNIuoYT9wHKrDKXkKvxn1y43k4xN kzz50QMQMemAs32SO6iU5MBYYxKh+pMYX7Cc7VTJ9BRsod0zLFoDKXJiyGiH4OeeC45t35be/mxZ Rlo6X51XHGdklaMgfhDOZEOAhYY+94mS9r0bOBlKrJ5SLi1RAgMBAAGjfzB9MAkGA1UdEwQCMAAw CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E FgQUB1OBDCpi5BvRXLsgChdMm73szEkwHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw DQYJKoZIhvcNAQELBQADggEBAHlLPdOpeKiWqmtcUs0GVEllyP8gGweqWf+13FEoSzPEt+aWFFjj aQm2sXaK3XET9U//cXf5plWGWUufXP1JD5VUUhRG1tRzBhe7q8EkuFL2xd8c2ofGMXGWvgaWdstE oljkk/CLuft9kVgtC+tplZhKtroEbNJGjbnazxfxe9D/P7OgZGFFQRpK5lNOFRRU36SpS3LPo/FA rhQako7zBpRW0IisREqe5gVNxU7BqMvU+WgecbOhlQTirDgBMbfeN6wpVgYsMXyssNL/bBhc0+AP UxQ9BVf2Irsa2xQixnqX5q+AAAlNGbgiapdb9NVXK0gmvS/xg5ngnz4buAv716w= </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <Status>
        <StatusCode Value="samlp:Success"></StatusCode>
    </Status>
    <Assertion
        xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_93e2a4bc6c96d62ef775cd935d431c80" IssueInstant="2017-12-11T13:19:57.052Z" Issuer="https://test.signicat.com/std" MajorVersion="1" MinorVersion="1">
        <Conditions NotBefore="2017-12-11T13:19:57.052Z" NotOnOrAfter="2017-12-11T13:20:27.052Z"></Conditions>
        <AuthenticationStatement AuthenticationInstant="2017-12-11T13:19:57.024Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:BankID-SE">
            <Subject>
                <NameIdentifier Format="urn:kantega:ksi:3.0:nameid-format:fnr">199010275312</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
        </AuthenticationStatement>
        <AttributeStatement>
            <Subject>
                <NameIdentifier Format="urn:kantega:ksi:3.0:nameid-format:fnr">199010275312</NameIdentifier>
                <SubjectConfirmation>
                    <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
                </SubjectConfirmation>
            </Subject>
            <Attribute AttributeName="service-name" AttributeNamespace="signicat">
                <AttributeValue>signicat</AttributeValue>
            </Attribute>
            <Attribute AttributeName="method-name" AttributeNamespace="signicat">
                <AttributeValue>sbidcava</AttributeValue>
            </Attribute>
            <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
                <AttributeValue>John Signicat</AttributeValue>
            </Attribute>
            <Attribute AttributeName="security-level" AttributeNamespace="signicat">
                <AttributeValue>3</AttributeValue>
            </Attribute>
            <Attribute AttributeName="unique-id" AttributeNamespace="signicat">
                <AttributeValue>199010275312</AttributeValue>
            </Attribute>
            <Attribute AttributeName="national-id" AttributeNamespace="signicat">
                <AttributeValue>199010275312</AttributeValue>
            </Attribute>
            <Attribute AttributeName="sbid" AttributeNamespace="unique-id">
                <AttributeValue>199010275312</AttributeValue>
            </Attribute>
            <Attribute AttributeName="not-before" AttributeNamespace="sbid">
                <AttributeValue>2017-12-10T23:00:00.000Z</AttributeValue>
            </Attribute>
            <Attribute AttributeName="not-after" AttributeNamespace="sbid">
                <AttributeValue>2019-12-11T22:59:59.000Z</AttributeValue>
            </Attribute>
            <Attribute AttributeName="ip" AttributeNamespace="sbid">
                <AttributeValue>86.62.191.174</AttributeValue>
            </Attribute>
            <Attribute AttributeName="given-name" AttributeNamespace="sbid">
                <AttributeValue>John</AttributeValue>
            </Attribute>
            <Attribute AttributeName="surname" AttributeNamespace="sbid">
                <AttributeValue>Signicat</AttributeValue>
            </Attribute>
            <Attribute AttributeName="responder-id" AttributeNamespace="sbid">
                <AttributeValue>C=SE,O=Testbank A AB (publ),SERIALNUMBER=1111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing</AttributeValue>
            </Attribute>
            <Attribute AttributeName="signature" AttributeNamespace="sbid">
                <AttributeValue>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiPjwvQ2Fub25pY2FsaXphdGlvbk1ldGhvZD48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiI+PC9TaWduYXR1cmVNZXRob2Q+PFJlZmVyZW5jZSBUeXBlPSJodHRwOi8vd3d3LmJhbmtpZC5jb20vc2lnbmF0dXJlL3YxLjAuMC90eXBlcyIgVVJJPSIjYmlkU2lnbmVkRGF0YSI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiI+PC9EaWdlc3RNZXRob2Q+PERpZ2VzdFZhbHVlPlk3TlNQZkNqbVM2cUF6VEdKYlFWNnRzUkhLWXJzMU01dmIxRmtMOTl3d009PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48UmVmZXJlbmNlIFVSST0iI2JpZEtleUluZm8iPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSI+PC9UcmFuc2Zvcm0+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiPjwvRGlnZXN0TWV0aG9kPjxEaWdlc3RWYWx1ZT42Zjh2Slo1OEdyMWE2d0JUb3loT2paZ09PeWtyMldhV1hEN21yM3h1ams0PTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5DcEJhVHRMMGFhYUVmVUJYKzAxdzhKMTNhWUN1elJCUEE5MXpQMzBYb3RGWm9VTG1hRDY4UVZ4YTBoZVRXZVpabUhrb1d4TjB1Vzl3b0lLU1NJL1M4c0xESkhXYkRodW9yYThER0JEalRXM1VhU3RZdTVQd0hBcWRJWmhFRGZ0V2JjRmdwSjVmSUJ2alFtSml5eVI2VXV4SUZBVFdYWnhEU3k1eWZxQkpYQXNIS1lqQmFSbTE5V0hWdUJaL3cyYWFSWHBQZWpJL283a1JkQTk4NTNIOEZSQmhWcDZBU1FBRE9lSmdnZnplZ1ZBb3dBcktIeERQTWwwbjlER1VraEFqclZHWHkvT2lWb1l4T0V4cG95ZjNvY0hZTHNUMjVtZkUyMHRIcXZPODJvUU5BREpFaTFzcHdxNU83ZWJZRmJHWmFZbmM0SkRSYW5qdWlBYThCRDNuVFE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJiaWRLZXlJbmZvIj48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlGVnpDQ0F6K2dBd0lCQWdJSUw0RnRKMzVLcXFvd0RRWUpLb1pJaHZjTkFRRUxCUUF3ZURFTE1Ba0dBMVVFQmhNQ1UwVXhIVEFiQmdOVkJBb01GRlJsYzNSaVlXNXJJRUVnUVVJZ0tIQjFZbXdwTVJVd0V3WURWUVFGRXd3eE1URXhNVEV4TVRFeE1URXhNekF4QmdOVkJBTU1LbFJsYzNSaVlXNXJJRUVnUTNWemRHOXRaWElnUTBFeElIWXhJR1p2Y2lCQ1lXNXJTVVFnVkdWemREQWVGdzB4TnpFeU1UQXlNekF3TURCYUZ3MHhPVEV5TVRFeU1qVTVOVGxhTUlHMU1Rc3dDUVlEVlFRR0V3SlRSVEVkTUJzR0ExVUVDZ3dVVkdWemRHSmhibXNnUVNCQlFpQW9jSFZpYkNreEVUQVBCZ05WQkFRTUNGTnBaMjVwWTJGME1RMHdDd1lEVlFRcURBUktiMmh1TVJVd0V3WURWUVFGRXd3eE9Ua3dNVEF5TnpVek1USXhOakEwQmdOVkJDa01MU2d4TnpFeU1URWdNVFF1TVRncElFcHZhRzRnVTJsbmJtbGpZWFFnTFNCQ1lXNXJTVVFnY01PbElHWnBiREVXTUJRR0ExVUVBd3dOU205b2JpQlRhV2R1YVdOaGREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5iVGtkc05GZjZxbFJZNEo2NEcrSWN0OVlPNGlGR3RxSFZnQzJCeHc1RS9sRkF1MDdmM0xmamp2M0g4TEVIUjVnRXVoamQyL0RDUm50L1czTjN1akhMa1Fsc04xd1ZuSTZGcDZxMDI3dlVNb2hGMzZqYk84REl0dmdGd3ZUZytPYktBRHZpcThhcUFibERhMXhpUDMvRFBxbFFwem55UlljV0hOVG9SL0kwTE1tNFRrcnN2dE1FRC9VSGFNcEx1WE1oVHNOTWcrb0RpaERKZWQyU012OUNlUXJMSEVEVzh4TnUvSFM1bTQwOW1vNDhtZGkwWHdUTHoxSGJyNjBjTkJGR3RBRzd0bm9qRTdYYldLK0RLZ055a2dRb0xubDgrS0Q1djNoUWkvY1FLcENXbE9qYitmOHBKcVF2b1c0R1NoOHh1QVVOWGhJYm5jVHVUK3R3L1RzRUNBd0VBQWFPQnBqQ0JvekErQmdnckJnRUZCUWNCQVFReU1EQXdMZ1lJS3dZQkJRVUhNQUdHSW1oMGRIQTZMeTlqY0dGamRDNTBaWE4wTG5CcmFYTmxjblpwWTJWekxtTnZiUzh3RVFZRFZSMGdCQW93Q0RBR0JnUXFBd1FGTUE0R0ExVWREd0VCL3dRRUF3SUhnREFkQmdOVkhRNEVGZ1FVNkhUN0t0N3NvbzRXNFViYWZqTWc5MmkrQzY0d0h3WURWUjBqQkJnd0ZvQVVZSHA5cDFtRGpKK2tzUmZxRFVORGxVUG1tZjB3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQURrWTF2KzRnQ293NUJ1VlI2d1gyaWNIUjQ4UlVWWmxyand0ZEwwR2hpYm0vYkxjY2dxdUJTbTFwb21Zdyt3WFdXNkZwOTZZNUxidG1HVjgxanRtbTY2MWVQZU5VRm1FbG1OVklkcmpabWlXNUlqNG5FSFBMTG9vRVZ5dFF4V0MrT1YxYURJS3NhajJOYi9Dc0haYVlnYXl6UVloOU9HN0hTWm9KM3V6UWlrWE9sU2UwQkJLcFlXeW5mUTNHOW1pbktTb09nNWkyYTgrYkJ5aExQelROTlRnc0tqWVpQNjJJbXc3UjNrQkZzOVpkc1MrZzJJNjdUa2dkT2I0Ull0MnUrbnF5U0ZsdDZwVUNZU0xyenlneEU2MWw4UW1pVkp3MllvYldydVlGUk93R0NveXRPVjFnVWluWE1KUUxUVGswcDg4UjZpbm0vZkozRHNOK3ZFTHkrWjk4a2MyREx3T2VmVUNLd0c0a1I2YVR3T2JybFZEZktMMzBEUXdGZXVvU0FFTDhFRFJDNkxKYWJ2V0g4eGNBblM4eXk0TXcrOGdzblRWamUrMS9FUXlEbVV3L2c3SWMrVE85ZS9lQ1Z6MjF0YkJSUjRQSHdkRElodnBWcWFESkdROGhnNjVBYW5tR1FyTUhQMDZ2cmFhTHJpY3QrcHczVzh1dHBXcmxRcmhRMzl3SEMxSXlaaGJ4V2xJU1pPcFlZcXAzN09UNVQxYkVZZ2hoQndCU0xzcmttRXV1ZjRiT3dIL0d3UHJHWm5KZmZ2M250OEg4WGtXaEtlZiszalNBR1JMbmIxMkhOWW1FZmhrKy9MeHE4a3duTWU0dEZUSGdKVXpkVmZIUytvaUxnQWc5UjR1MERJT2dSaTBSTTYzaE9Md3N2N3E0bEwxczQxRlEzQU9kNDYvPC9YNTA5Q2VydGlmaWNhdGU+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlGM2pDQ0E4YWdBd0lCQWdJSUZuWlZ5ZWhtWFl3d0RRWUpLb1pJaHZjTkFRRU5CUUF3YmpFTE1Ba0dBMVVFQmhNQ1UwVXhIVEFiQmdOVkJBb01GRlJsYzNSaVlXNXJJRUVnUVVJZ0tIQjFZbXdwTVJVd0V3WURWUVFGRXd3eE1URXhNVEV4TVRFeE1URXhLVEFuQmdOVkJBTU1JRlJsYzNSaVlXNXJJRUVnUTBFZ2RqRWdabTl5SUVKaGJtdEpSQ0JVWlhOME1CNFhEVEV4TURreU1qRTBNakV4TkZvWERUTTBNVEl3TVRFME1qRXhORm93ZURFTE1Ba0dBMVVFQmhNQ1UwVXhIVEFiQmdOVkJBb01GRlJsYzNSaVlXNXJJRUVnUVVJZ0tIQjFZbXdwTVJVd0V3WURWUVFGRXd3eE1URXhNVEV4TVRFeE1URXhNekF4QmdOVkJBTU1LbFJsYzNSaVlXNXJJRUVnUTNWemRHOXRaWElnUTBFeElIWXhJR1p2Y2lCQ1lXNXJTVVFnVkdWemREQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUlXMERQb3BMRWh0YXdWUndOckU0MzFHVnNoL0huV1ZzWGRnT2p6VXNEN1FEMzAvdGZPSFJPUWk5bkx1RFdrWTFmRVV4WjA2WXE1THRST29GcGtUUTZTUmkyUmdpVWt1Q05xTUV3c2oyZWlhN0toWVJJay9YSmtrRnAxQnZFNjJJNjN2dFV6WnpTNjlIQXNNTlBsZmRMVTJwSVoyQW5kMlFKMmRDMHhpbW1Galk1azUvejcvTmszSkdCYmF4TEgvWDZ6aGNOcU9wcjJTcnY5RytsaytHdnk3aFFMSW1OTFJWKzRHM21hbEhqNlFNK3dEY1JLdlQ0VitpUmR2elA5bzgwMy9nK0dMNXFpdWZXNlJkVCsybHdHaWZQMmQzc3VMNzl1R1cxSE84cWJpaS9pNEhUeERmdEtkWEZzbEZyWGZSKytRVVU0Qit2NlF5YjRyRjNxaERmZWFrZ2ZMOHV6ZnRNdFRNUmxvd3hJYjA4anhDZWhDU2FZMENNQkhRVFMwTHRYMUMvVmpNNlViYnBTYTI4MHpTTCt4WGxTN1M3MjdzSkI3MjJmeldSMy9OU3AzTVpUYkUwUUFxTVRFTlk0cGZ3Yy9sWHdWbjhUdkFOdzFGSXhFN2lrd0lCTUZTbzZlWDJVRER6OWFpNmR6UnJZZnRJNDRFdExUdjNLVjVVRFdjSWJzUkJ2bGdCUXFxdXBoY3VSVnYxYTZYbzl4ZUgyK28rQnNyK3NvdW1pQzZ6SUZ1VXVCeEI0dXFzU3FlVlFGa0lhZXBpbndoWDVDSkJaTGNPUmFNWkY2STFrR3ZFRFpPVllYT0V0OVBXZy9Tc1NjR00rc2YyNTEwR3owZjJvbVFqT0w1QmV6ZFlZS05Bd3ppejlVMUlyMVZwdnprSkY0U0EzVzA1Y21qaktaQWdNQkFBR2pkakIwTUIwR0ExVWREZ1FXQkJSZ2VuMm5XWU9NbjZTeEYrb05RME9WUSthWi9UQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01COEdBMVVkSXdRWU1CYUFGS1B5ZUhrZEswV0t5ZUhLbFFubG5tL095MDdGTUJFR0ExVWRJQVFLTUFnd0JnWUVLZ01FQlRBT0JnTlZIUThCQWY4RUJBTUNBUVl3RFFZSktvWklodmNOQVFFTkJRQURnZ0lCQUR4aHl6V1N6b2t5RytoVUNwM1VnN1FaeGJNTEsrNklZcCs4YWNSdVRTRmZyNW1hSDNNcnlkODcvQjJ5OUszZlcrRlhRTHBkaFZIb3ZLSk9BUXl2L3QzQ0E2MlpHcnpoQVhHcUNjUjlTbjQ0ZWNLUkpQRTlaSmJ6YWxvNHd0S1JVdjA0VzJaZ0Z1bllUTjU1VHNObjNiR3pjSWlBZGRNcTlUTUt3SWpsNnA1aTZvSWpBbXQ5Lzc1UWY3cVEvMXgyMEVVZHN2KzhRUElwMXZsQjh2QXpBdG8rOGJaRkNSc2RNVkxSUms5NkNvUzUzdjRhRFlZQU14bXNUYmd2THFWVTUvQ05mVkVnVmVTcEZWU3o2ZmxiRk1CWmQ1TE9QZ2xpL2xSSjdGV2V3UXZyWmFLZ2ZKZ2RtVVV2Q3BpMGVEKy9LQm5zRUpMYmhkbksvQitpVG80QTZCd29SKzlYaE9ReU5NVEIvU0R0U1ljekozNXZGaFpmS0o1LzBwc3FYU0pILzI1d0E0cGUvMzRFUnpRMW1nbGFkdDZKT2huV2Y5Mkp3NWpkdzdCRnB0ZzdsbUlrRHlZRFUrNlJ5RXNBckNpYkkrMjh5RjUvZkNaQ3VVZHdEdzlpSHBvb2RmMWg4dDFnZlBubm1rY3dHVGZQZy9kdVVna0Z3S1k5N1N6ZlpnUjAyaGQ3eHhvNXBLNzljemltTUYyR1RGdzlTV1NubFpLNzFmb1kyNUZ6U1VITm11R0hoRnpHOThBRkl0MFZMd2lUajh0SmVTalRpNDFpZjIzN3ZETnZzZXB0KzgvdHQ4MC9mNDVLelBOZldVQjA2L0ZHcjB3Zm9ZZ1pwNFBpOVJSVFh6RGFmd2o3cUxkdWFlcFJyTGNFVXBYV0NHcnVTVXlseHhDaGRCVHdWelpuPC9YNTA5Q2VydGlmaWNhdGU+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlGMHpDQ0E3dWdBd0lCQWdJSVVZbWZkdHF0eTgwd0RRWUpLb1pJaHZjTkFRRU5CUUF3YlRFa01DSUdBMVVFQ2d3YlJtbHVZVzV6YVdWc2JDQkpSQzFVWld0dWFXc2dRa2xFSUVGQ01SOHdIUVlEVlFRTERCWkNZVzVyU1VRZ1RXVnRZbVZ5SUVKaGJtdHpJRU5CTVNRd0lnWURWUVFEREJ0VVpYTjBJRUpoYm10SlJDQlNiMjkwSUVOQklIWXhJRlJsYzNRd0hoY05NVEV3T1RJeU1UUXhOVEF6V2hjTk16UXhNak14TVRRd01UTXpXakJ1TVFzd0NRWURWUVFHRXdKVFJURWRNQnNHQTFVRUNnd1VWR1Z6ZEdKaGJtc2dRU0JCUWlBb2NIVmliQ2t4RlRBVEJnTlZCQVVURERFeE1URXhNVEV4TVRFeE1URXBNQ2NHQTFVRUF3d2dWR1Z6ZEdKaGJtc2dRU0JEUVNCMk1TQm1iM0lnUW1GdWEwbEVJRlJsYzNRd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUNUcVU3dXhrNVF6YlhTNkFyWElHVFdOZVpYejY1YnpkZ294Yjc5THZZaC9wN2tjSzI1bUEydHpHcE8zUVMxZUtKSnU4NEc5VU56bTRtTWw2Y25nblhjanhFVFlpRXF0aWpyQTVtZno4NjUvWDZVZ09wWDdEa291UThkNWVEeWhKNDlVckRxbHJnb1ZNeDMyMmtNMFNaNGhlVmVYODNlMUlTRml5eHFaQkt4aDI1eUtZRVpBNEV6SXJEajJ0aThDUnJXUEhDVFdhSUZwY2Q1VHlNaHBVVFBuNER6d1BoUEdXTVJOeGdPQWVQNEJTREI3UjZhejRyb3g3VFBrZDJzV0cxT0RqLzBJUlBoSlMxZFExQjdRaU5IWTU4UmpuTlRoRVFLd2RXV01QTUtQdGhTZCtHRWpMOUdEYWZZeE9zSXJLRll3bFlOQlczQzVtYmUzVCszaitBeGo2VzJIYmdtSlhQR0l0THVjeFkxa1B3VDlMN3U1bkl4YVJPbWgxdVR3WXFyOXB1R3E2c29KbmdnRVMzSzRQSWhNNmthbXZuQ0NQWG9xV0NDcnVTRVBWZ3lFWkVpMHNoeSs4MVFzZWIxZ2M5cllnVnJFbkxCT0l5TXFhVHRFeGFGcHJZYnYxZi9Bd1d0akZVaTJYaVNkTjhhTXAra3FiaSsxdEtKVVVQTEMrQ3JkdTlmRm8vOGxzbFNkZXcrU25QVkZlVno1Q09LYnQ2R1RFNHhjSmVSelc1d1EwdzdiK3JHTFdoSnZ3UkpzUzVHWHZxYTNMZzhFeVdpTEpzd3VURmFFd1BVRHZaQnZ5RlpFWmVydEtnWmJSWXZlem85L2dyd3lCK21vclZyTHJ5dTljaFlFWXdFNTUwdXp5S3R6WFV6eWdWOEZwWGU5RHBtcE9TZkdNQVVSUUlEQVFBQm8zWXdkREFkQmdOVkhRNEVGZ1FVby9KNGVSMHJSWXJKNGNxVkNlV2ViODdMVHNVd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZkJnTlZIU01FR0RBV2dCUks5Nk5xQ05vSU9CY1pVeWpJMnFiV05OaGF1akFSQmdOVkhTQUVDakFJTUFZR0JDb0RCQVV3RGdZRFZSMFBBUUgvQkFRREFnRUdNQTBHQ1NxR1NJYjNEUUVCRFFVQUE0SUNBUURQMURveGpFamV5RzI3eGVhaSttcHh4Sm9xQjFSRFZURVk4NlJkTnlsdVVLUU9JYmZLSk1tWCtEWDR2VHVVUVMzNTM5eHpIS3dwajZnaytpWlZqRjFVb0p0R3ArcXVyamphck9oNDRzKytzMHlXS2lLckpCRWxvSm44bytZWEZUOEM3ZTFXdHFKVm9hRmREQkN2b2hKeUsyMFBLUzcvblVHNWI3SjZpcTM1MTdZdmpiNEQ5NEx0MGRITlNnRDJCSUlIbU5rcFNZV2d5aTFzZWF2aE41QWp0ZkpyNHAxMDF1MlNzTmNMQXI0MkE1ZnJhbjl2TDI5SGphTTJNVFU4TDBPeG9JWDhsZ2NwVXk5d2NpN2xIUUtPaXdhT2NJS2ZDQzFxTTdsTzV6MGM0UCtvMHpUNjE4M3hKVjNybXcyMkdHWWQ0MEVCcVc5N29xQkswSWorS2w1c3V5Y1o0SjJxSzFhVmNpWUJac0JObGJ0bXovazhIdUJ4eTlXYkVlUHNZLzYxSTUwZkJMU0FrVmsvVGVhNGorTk5ISjFpbXA3Qm8xOGFMbzhwbGI5ZTJpWmVJRHpIMXU2Nm8wUkZZYkhkbkpEOENuUGVCTFZnU3ZFcW1CUzExZmdIcjgxL3RrNWxKeGNLZWpkc0VmdHpHUXh3dUh3L3Bqa2pvYklreHJyb1hwYTZpWG9rVnlINGJlMTYrZi9kRGFFa2g5UmY4TGgxVUVRUHh4cEN5SVNNaWZINXBMNzhES2hHbmg4VmZpN0Vlc1VWMWs2WTNlVkNGdzJDQ0tXY3ZYc0piOVFxTEZzRHFJbFdQaDZiQmdNNGFYZnBlMGFyRHJnWVJiYng4TDZvdWh5eEFId2p0ejlpMGxYZXpXTVg1ZjdRWVJFTVRDNXlCUE5UVFAyZkNOc296UT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PE9iamVjdD48YmFua0lkU2lnbmVkRGF0YSB4bWxucz0iaHR0cDovL3d3dy5iYW5raWQuY29tL3NpZ25hdHVyZS92MS4wLjAvdHlwZXMiIElkPSJiaWRTaWduZWREYXRhIj48c3J2SW5mbz48bmFtZT5ZMjQ5UmxBZ1ZHVnpkR05sY25RZ01peHVZVzFsUFZSbGMzUWdZWFlnUW1GdWEwbEVMSE5sY21saGJFNTFiV0psY2oweE1qTTBOVFkzT0N4dlBWUmxjM1JpWVc1cklFRWdRVUlnS0hCMVltd3BMR005VTBVPTwvbmFtZT48bm9uY2U+ZHNwOUpwaUhvMUxUWTRFWWFjOHVDM3BlQWlRPTwvbm9uY2U+PGRpc3BsYXlOYW1lPlZHVnpkQ0JoZGlCQ1lXNXJTVVE9PC9kaXNwbGF5TmFtZT48L3NydkluZm8+PGNsaWVudEluZm8+PGZ1bmNJZD5JZGVudGlmaWNhdGlvbjwvZnVuY0lkPjx2ZXJzaW9uPlVHVnljMjl1WVd3OU55NHpMakF1TVRnbVFtRnVhMGxFWDJWNFpUMDNMak11TUM0eE9DWkNTVk5RUFRjdU15NHdMakU0Sm5Cc1lYUm1iM0p0UFhkcGJqWTBKbTl6WDNabGNuTnBiMjQ5ZDJsdU55WjFhR2s5WnpaVk4wMHdPVVJYZUV4eWNrVjBkbkpzV1Voc1VUbHFaMEYyVWlac1pXZGhZM2wxYUdrOVozVmtZV1U1Y21Kb01WcHNhVXRKYmpORVNEQXlZVEJhVFZwTGVpWmlaWE4wWDJKbFptOXlaVDB4TlRFME5qTTFORE13SmxOdFlYSjBRMkZ5WkY5U1pXRmtaWEk5UVd4amIzSWdUV2xqY204Z1ZWTkNJRk50WVhKMElFTmhjbVFnVW1WaFpHVnlJREFtPC92ZXJzaW9uPjxlbnY+PGFpPjx0eXBlPlYwbE9SRTlYVXc9PTwvdHlwZT48ZGV2aWNlSW5mbz5kMmx1Tnc9PTwvZGV2aWNlSW5mbz48dWhpPmc2VTdNMDlEV3hMcnJFdHZybFlIbFE5amdBdlI8L3VoaT48ZnNpYj4xPC9mc2liPjx1dGI+Y3MxPC91dGI+PHJlcXVpcmVtZW50Pjxjb25kaXRpb24+PHR5cGU+QWxsb3dGaW5nZXJwcmludDwvdHlwZT48dmFsdWU+eWVzPC92YWx1ZT48L2NvbmRpdGlvbj48Y29uZGl0aW9uPjx0eXBlPkNlcnRpZmljYXRlUG9saWNpZXM8L3R5cGU+PHZhbHVlPjEuMi4zLjQuNTwvdmFsdWU+PC9jb25kaXRpb24+PC9yZXF1aXJlbWVudD48dWF1dGg+cHc8L3VhdXRoPjwvYWk+PC9lbnY+PC9jbGllbnRJbmZvPjwvYmFua0lkU2lnbmVkRGF0YT48L09iamVjdD48L1NpZ25hdHVyZT4=</AttributeValue>
            </Attribute>
            <Attribute AttributeName="ocspresponse" AttributeNamespace="sbid">
                <AttributeValue>MIIHegoBAKCCB3MwggdvBgkrBgEFBQcwAQEEggdgMIIHXDCCASqhgYYwgYMxCzAJBgNVBAYTAlNFMR0wGwYDVQQKDBRUZXN0YmFuayBBIEFCIChwdWJsKTETMBEGA1UEBRMKMTExMTExMTExMTFAMD4GA1UEAww3VGVzdGJhbmsgQSBDdXN0b21lciBDQTEgdjEgZm9yIEJhbmtJRCBUZXN0IE9DU1AgU2lnbmluZxgPMjAxNzEyMTExMzE5NTZaMFgwVjBBMAkGBSsOAwIaBQAEFBP7rqtoeRrzCcpyQtJKfGhZPNdpBBRgen2nWYOMn6SxF+oNQ0OVQ+aZ/QIIL4FtJ35KqqqAABgPMjAxNzEyMTExMzE5NTZaoTQwMjAwBgkrBgEFBQcwAQIBAf8EIAAwNgE3lz6NNregvCexn1++MqRJ2TvvvfFH53DWVIk6MA0GCSqGSIb3DQEBBQUAA4IBAQB5ZkIDdYk9uJK6x85abmia2WJGROydfxU4K+xquX/elZz2BbnZubApoxF3LU60wntFSR88XafbBnVsR8bveLjQ0t8q+nm4DBGb2QTWBJ1VMfmrs24GP44sCaVSfIY+EY+sAb8PrMqitEBqHobrm7PLJv5WAc9L8qqkUgkA+L7+QgLg2fvasI7gzijEjIGPf4O4ZykHXtwsUmqabh6D2cnuo0DKEUuXqcfhBFqVqL0Lp3YcSQipDujAx3JjU/zZy8PtnP88UFRD2raYQG2OZSQ6geWzHEV38knmH0SDnmgbMlUM2dHbtpxAdMfvo34aEAFeTkpAILwPENv6QKtqwNgyoIIFFjCCBRIwggUOMIIC9qADAgECAghCQbxUDWpyETANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJTRTEdMBsGA1UECgwUVGVzdGJhbmsgQSBBQiAocHVibCkxFTATBgNVBAUTDDExMTExMTExMTExMTEzMDEGA1UEAwwqVGVzdGJhbmsgQSBDdXN0b21lciBDQTEgdjEgZm9yIEJhbmtJRCBUZXN0MB4XDTE0MTAxMzIyMDAwMFoXDTE5MTAxMzIxNTk1OVowgYMxCzAJBgNVBAYTAlNFMR0wGwYDVQQKDBRUZXN0YmFuayBBIEFCIChwdWJsKTETMBEGA1UEBRMKMTExMTExMTExMTFAMD4GA1UEAww3VGVzdGJhbmsgQSBDdXN0b21lciBDQTEgdjEgZm9yIEJhbmtJRCBUZXN0IE9DU1AgU2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIBZwsT4ZUCNVijTBLkkUkfrea9po8CdfEUkqfCFsbbXe13wor7LHIP37Jwv4NLcYp4vhyuodujs6hc345BRIGcZai96CjrwEbBy+LuY4X2jfrMx400e6HKKvmUHm9qBkPsQ4Kc6CPScKB+7Un13sq330l0g7gX0hEDWbEIKRzXN6BmYzkhWa/FeDTe2kgH38TYVvYgoOVkTrxiAE664RsxasLdvIPPO0xYapHMrrEAZ28BfnSVqQaAjfO68Q6XjWW5L1EORdHEht+/4XdFpiTh7H9bsqZtA5y93d9/DZ5qLHlNWm+t3dcDYdmuc86/oDhLuS5TPyrtNzG+BV7zIopUCAwEAAaOBjzCBjDARBgNVHSAECjAIMAYGBCoDBAUwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgZAMA8GCSsGAQUFBzABBQQCBQAwHQYDVR0OBBYEFLSANs5clSusAKJ3mwSHheiKtGKDMB8GA1UdIwQYMBaAFGB6fadZg4yfpLEX6g1DQ5VD5pn9MA0GCSqGSIb3DQEBCwUAA4ICAQAq67KWk7M0RTIv0ETvB3jdDzIJT6F7j6TD8oArbhL/y071TiAy+V0SceGUmBzHe+y9LGNcrcGC9g17q7TcZL9pR5UMWqgsdzbUBgsJajsM2sebnoBCt7sjAvLLuVnow5Me3gZeibVIl6bOFfj+ZLrWBwvose17sM4DOx4vnZ0iBAhTBuu9iPYbsRmbVQA+JrrgfpRu4VqNKnIXFq7ZjsXFKuLJqlvIfEp0gIBb/R/qVSXEbJLmqMiadx9qpHd6PmF163fbsE7NrmCKhrctVqA+rkUrMrT9db2uXXWB4oqjYPq98u2pNCmKU171CUeo01hok8aPcPZkmvXZkwWWPezOAqZo1UeK5dH8on98YwXULNb5S0DlyqA5egzfCaI/sO0DxAUPsPJYBZvH52nlss1IGZiojtDgFWNKW48Z2RvvazQV1oocX7fDahJcYk0Fzv9qvZqtdS3NbYMgMHaUoCvGqGReKRWzPCngDtiTRR/mKA8eQHPwKtFeiGo25kgZS030XoqKNR0va8RVsOpvDkmfcrt7YLNj5rIUMMMsttvPFFeUK+YGpA7MpMIyDBMarMiXSlgvMI2rSAG6c+cl81NkxCJqONiVBFlil22kOxioWZrdoGKKxN0i8w7mxwfWprBa5KeTbktJkrIuJ1HJPCl5XFJqeeG1nY2acfGay+3z5Q==</AttributeValue>
            </Attribute>
            <Attribute AttributeName="bankid-se" AttributeNamespace="unique-id">
                <AttributeValue>199010275312</AttributeValue>
            </Attribute>
            <Attribute AttributeName="se.persnr" AttributeNamespace="national-id">
                <AttributeValue>199010275312</AttributeValue>
            </Attribute>
            <Attribute AttributeName="firstname" AttributeNamespace="bankid-se">
                <AttributeValue>John</AttributeValue>
            </Attribute>
            <Attribute AttributeName="lastname" AttributeNamespace="bankid-se">
                <AttributeValue>Signicat</AttributeValue>
            </Attribute>
            <Attribute AttributeName="plain-name" AttributeNamespace="bankid-se">
                <AttributeValue>John Signicat</AttributeValue>
            </Attribute>
            <Attribute AttributeName="fnr" AttributeNamespace="bankid-se">
                <AttributeValue>199010275312</AttributeValue>
            </Attribute>
            <Attribute AttributeName="name" AttributeNamespace="bankid-se">
                <AttributeValue>John Signicat</AttributeValue>
            </Attribute>
            <Attribute AttributeName="not-before-millis" AttributeNamespace="bankid-se">
                <AttributeValue>1512946800000</AttributeValue>
            </Attribute>
            <Attribute AttributeName="not-after-millis" AttributeNamespace="bankid-se">
                <AttributeValue>1576105199000</AttributeValue>
            </Attribute>
            <Attribute AttributeName="fnr" AttributeNamespace="common">
                <AttributeValue>199010275312</AttributeValue>
            </Attribute>
        </AttributeStatement>
    </Assertion>
</Response>

# Telia


Response example

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2013-09-16T10:31:28.498Z" MajorVersion="1" MinorVersion="1" Recipient="https://test.signicat.com/james-alaska/response?url=https://test.signicat.com/james-alaska/app/?wicket:bookmarkablePage=wicket-0:ksi.admin.app.page.DemoPage" ResponseID="_45e0641f5cac118b6ccf754c57941b14">
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
      <ds:Reference URI="#_45e0641f5cac118b6ccf754c57941b14">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces>
          </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
        <ds:DigestValue>bTI3uR4cYBxUvDK0M1+wPy4+h8c=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue> GPe14gVcm4+2o75+8p/hE5jgBTAWDxDu0Vt21MTpIr+3SLofhgcwl3cu63geXkZQ0T5EH7r01MDo HDg1oik/jFaT1tOav9brv2igok/yaRI3dJ0v3mh9dmHBwLMkFjT3DRefiTgGntjXHB90ze+k2Wm6 W2Cm38hPr/i94ZXwZoOvnWyTPtM47EewXxu1n7V2UzH/gNR1xAI+J+kzu/oLPr0GKK2j/n/53Evk +yT/HLKEpKDVdwEVNfzG7qdZt946M2aniCA15WUYtTmMKFCikPcGJgg2BQ3LEDo+ZNJnUUj+pbk5 qDCgHJjougclMn8aI1ACapgXScJOIqvMSj2X1w== </ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate> MIIDuzCCAqOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJOTzEUMBIGA1UEChML U2lnbmljYXQgQVMxJDAiBgNVBAMTG1NpZ25pY2F0IEV4dGVybmFsIENBICgyMDQ4KTAeFw0xMTA4 MDExMjMyNThaFw0xMzEwMjkxMjMyNThaMHgxCzAJBgNVBAYTAk5PMQ8wDQYDVQQIEwZOb3J3YXkx EjAQBgNVBAcTCVRyb25kaGVpbTERMA8GA1UEChMIU2lnbmljYXQxETAPBgNVBAsTCFNpZ25pY2F0 MR4wHAYDVQQDExV0ZXN0LnNpZ25pY2F0LmNvbS9zdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCWUoZYyNjxht64J/AyxV807psI0e0yxLoAAKw82QaClDodgfpRLJ1RcMq4RfQvptjx zMxwxseKcRTBnDsPQ1k93D4yzrrySlWwk6/fv4G/zaSDhIc6JKZjPO9/NxILdVdGJ4/a78fMtYjF oTC6vV884GdewFtXvPIse309Opfw/O8mkr709G8yCyuLX6qHIYO2loTMEPrawKdiOva9Hst2wKGj JWtX31qhOs8OE6A57ymzfkFzch0IVdqsDg6nLfWRwY5CzBhAYAfwYEXAuwOc0eppZ7HkqryFxeFM DF5wz8sNoBs1Pu5Wm0xEeqTq34vqHMdfG+fXoITiY16Xe+x9AgMBAAGjfzB9MAkGA1UdEwQCMAAw CwYDVR0PBAQDAgXgMCMGCWCGSAGG+EIBDQQWFhRTaWduaWNhdCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E FgQUDHKNW1c2WXmsa2CLURzBAsBH5f4wHwYDVR0jBBgwFoAUstl+DZ605NwX3br661U41SHRS/Yw DQYJKoZIhvcNAQEFBQADggEBAAwjTtaZtDMb8TszQgWqlXq2F06OjTPNosSYjssX7n127zQ9594J VIi2Yx9YSUrWB/bEHoHoSrzLb8jWtycKct8MNHIHWI/pvjI/A+e7l0vG66WFyzwngr4LVFSm0t35 D3s8k8lanZ5NA5n1OXSc/bAi9iI8CcVaCdXPrvbxDBOx6ba9+EpN6xXDixP/i2q+TLspv4VOrn+7 JGN9NQiQTSTSua1f6E7EYY6BxrWtdzF/7Y8gZoTok3Cj0vnZf7LOXRKKSTs8ofg2goDriw1ad8ku VvxfOoltLeXhO4GQACBo45nNZuNnCwFDgUp6IMDOG1mRUR5wcWbS/i9hqgtkpsA= </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>
  <Status>
    <StatusCode Value="samlp:Success"></StatusCode>
  </Status>
  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_2eb16827a015b6e5ed5cc00b88246e1f" IssueInstant="2013-09-16T10:31:28.498Z" Issuer="test.signicat.com/std" MajorVersion="1" MinorVersion="1">
    <Conditions NotBefore="2013-09-16T10:31:28.498Z" NotOnOrAfter="2013-09-16T10:31:58.498Z"></Conditions>
    <AuthenticationStatement AuthenticationInstant="2013-09-16T10:31:28.091Z" AuthenticationMethod="urn:ksi:names:SAML:2.0:ac:Telia-e-legitimation">
      <Subject>
        <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">SERIALNUMBER=199908199392, GIVENNAME=Mohamed, SURNAME=Al Samed, CN=Mohamed Al Samed, C=SE</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
    </AuthenticationStatement>
    <AttributeStatement>
      <Subject>
        <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">SERIALNUMBER=199908199392, GIVENNAME=Mohamed, SURNAME=Al Samed, CN=Mohamed Al Samed, C=SE</NameIdentifier>
        <SubjectConfirmation>
          <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
        </SubjectConfirmation>
      </Subject>
      <Attribute AttributeName="service-name" AttributeNamespace="signicat">
        <AttributeValue>demo</AttributeValue>
      </Attribute>
      <Attribute AttributeName="method-name" AttributeNamespace="signicat">
        <AttributeValue>telia</AttributeValue>
      </Attribute>
      <Attribute AttributeName="plain-name" AttributeNamespace="signicat">
        <AttributeValue>Mohamed Al Samed</AttributeValue>
      </Attribute>
      <Attribute AttributeName="security-level" AttributeNamespace="signicat">
        <AttributeValue>3</AttributeValue>
      </Attribute>
      <Attribute AttributeName="telia" AttributeNamespace="unique-id">
        <AttributeValue>199908199392</AttributeValue>
      </Attribute>
      <Attribute AttributeName="se.persnr" AttributeNamespace="national-id">
        <AttributeValue>199908199392</AttributeValue>
      </Attribute>
      <Attribute AttributeName="givenname" AttributeNamespace="e-leg-telia">
        <AttributeValue>Mohamed</AttributeValue>
      </Attribute>
      <Attribute AttributeName="surname" AttributeNamespace="e-leg-telia">
        <AttributeValue>Al Samed</AttributeValue>
      </Attribute>
      <Attribute AttributeName="cn" AttributeNamespace="e-leg-telia">
        <AttributeValue>Mohamed Al Samed</AttributeValue>
      </Attribute>
      <Attribute AttributeName="serialnumber" AttributeNamespace="e-leg-telia">
        <AttributeValue>199908199392</AttributeValue>
      </Attribute>
    </AttributeStatement>
  </Assertion>
</Response>

Last updated: 20/09/2023 12:20 UTC