...
Code Block |
---|
<urn:assertion> <urn1:homeCommunity> <urn1:description>LOCAL-HC-DESCRIPTION</urn1:description> <urn1:homeCommunityId>LOCAL-HCID</urn1:homeCommunityId> <urn1:name>LOCAL-HC-NAME</urn1:name> </urn1:homeCommunity> <urn1:userInfo> <urn1:personName> <urn1:familyName>USER-FAMILY-NAME</urn1:familyName> <urn1:givenName>USER-FIRST-NAME</urn1:givenName> <urn1:nameType> <urn1:code>NAME-TYPE</urn1:code> </urn1:nameType> <urn1:secondNameOrInitials>INITIALS</urn1:secondNameOrInitials> <urn1:fullName>USER-FIRST-NAME + USER-FAMILY-NAME</urn1:fullName> <urn1:prefix>USER-PREFIX</urn1:prefix> </urn1:personName> <urn1:userName>DN=USERNAME</urn1:userName> <urn1:org> <urn1:description>LOCAL-HC-DESCRIPTION</urn1:description> <urn1:homeCommunityId>LOCAL-HCID</urn1:homeCommunityId> <urn1:name>LOCAL-HC-NAME</urn1:name> </urn1:org> <urn1:roleCoded> <urn1:code>ROLE-CODE</urn1:code> <urn1:codeSystemVersion>CODE-SYSTEM-VERSION</urn1:codeSystemVersion> <urn1:displayName>CODE-DISPLAY-NAME</urn1:displayName> <urn1:originalText>ROLE-ORIGINAL-TEXT</urn1:originalText> </urn1:roleCoded> </urn1:userInfo> <urn1:authorized>AUTHORIZED</urn1:authorized> <urn1:purposeOfDisclosureCoded> <urn1:code>PURPOSE-CODE</urn1:code> <urn1:displayName>PURPOSE-DISPLAY-NAME</urn1:displayName> <urn1:originalText>PURPOSE-ORIGINAL-TEXT</urn1:originalText> </urn1:purposeOfDisclosureCoded> <urn1:samlConditions> <urn1:notBefore>2009-04-16T13:10:39.093Z</urn1:notBefore> <urn1:notOnOrAfter>2009-12-31T12:00:00.000Z</urn1:notOnOrAfter> </urn1:samlConditions> <urn1:samlAuthnStatement> <urn1:authInstant>DATE</urn1:authInstant> <urn1:sessionIndex>SESSION-INDEX</urn1:sessionIndex> <urn1:authContextClassRef>AUTH-CONTEXT-CLASS-REF</urn1:authContextClassRef> <urn1:subjectLocalityAddress>SUBJECT-LOCALITY-ADDRESS</urn1:subjectLocalityAddress> <urn1:subjectLocalityDNSName>SUBJECT-LOCALITY-DNS-NAME</urn1:subjectLocalityDNSName> </urn1:samlAuthnStatement> <urn1:samlAuthzDecisionStatement> <urn1:decision>Permit</urn1:decision> <urn1:resource>https://1.1.1.1:8181/SamlReceiveService/SamlProcessWS</urn1:resource> <urn1:action>TestSaml</urn1:action> <urn1:evidence> <urn1:assertion> <urn1:id>40df7c0a-ff3e-4b26-baeb-f2910f6d05a9</urn1:id> <urn1:issueInstant>2009-04-16T13:10:39.093Z</urn1:issueInstant> <urn1:version>2.0</urn1:version> <urn1:issuerFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</urn1:issuerFormat> <urn1:issuer>CN=SAML User,OU=connect,O=FHA,L=Melbourne,ST=FL,C=US</urn1:issuer> <urn1:conditions> <urn1:notBefore>2009-04-16T13:10:39.093Z</urn1:notBefore> <urn1:notOnOrAfter>2009-12-31T12:00:00.000Z</urn1:notOnOrAfter> </urn1:conditions> <urn1:accessConsentPolicy>Claim-Ref-1234</urn1:accessConsentPolicy> <urn1:instanceAccessConsentPolicy>Claim-Instance-1</urn1:instanceAccessConsentPolicy> </urn1:assertion> </urn1:evidence> </urn1:samlAuthzDecisionStatement> </urn:assertion> |
Assertion block to SAML assertions
...
mapping
Assertion block | SAML assertion | Notes | ||
---|---|---|---|---|
<urn1:homeCommunity> <urn1:description>LOCAL-HC-DESCRIPTION</urn1:description> <urn1:homeCommunityId>LOCAL-HCID</urn1:homeCommunityId> <urn1:name>LOCAL-HC-NAME</urn1:name> </urn1:homeCommunity> | <saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xsi:type="xsd:string">LOCAL-HCID</saml2:AttributeValue> | Per testing with PD, <description> and <name> in this location do not get used | ||
<urn1:userInfo> <urn1:personName> <urn1:familyName>USER-FAMILY-NAME</urn1:familyName> <urn1:givenName>USER-FIRST-NAME</urn1:givenName> <urn1:nameType> <urn1:code>NAME-TYPE</urn1:code> </urn1:nameType> <urn1:secondNameOrInitials>INITIALS</urn1:secondNameOrInitials> <urn1:fullName>USER-FIRST-NAME + USER-FAMILY-NAME</urn1:fullName> <urn1:prefix>USER-PREFIX</urn1:prefix> </urn1:personName> | <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xsi:type="xsd:string">USER-FIRST-NAME INITIALS USER-LAST-NAME</saml2:AttributeValue> | Per testing with PD, <nameType>, <fullName>, and <prefix> in this location do not get used | ||
<urn1:userName>DN=USERNAME</urn1:userName> | N/A | Per testing with PD, this does not get used | ||
<urn1:org> <urn1:description>LOCAL-HC-DESCRIPTION</urn1:description> <urn1:homeCommunityId>LOCAL-HCID</urn1:homeCommunityId> <urn1:name>LOCAL-HC-NAME</urn1:name> </urn1:org> | <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> and <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> | Per testing with PD, <description> in this location does not get used | ||
<urn1:roleCoded> <urn1:code>ROLE-CODE</urn1:code> <urn1:codeSystemVersion>CODE-SYSTEM-VERSION</urn1:codeSystemVersion> <urn1:displayName>ROLE-DISPLAY-NAME</urn1:displayName> <urn1:originalText>ROLE-ORIGINAL-TEXT</urn1:originalText> </urn1:roleCoded> | <saml2:AttributeValue> | Per testing with PD, <codeSystemVersion> and <originalText> in this location does not get used | ||
<urn1:authorized>AUTHORIZED</urn1:authorized> | N/A | Per testing with PD, this does not get used | ||
<urn1:purposeOfDisclosureCoded> <urn1:code>PURPOSE-CODE</urn1:code> <urn1:displayName>PURPOSE-DISPLAY-NAME</urn1:displayName> <urn1:originalText>PURPOSE-ORIGINAL-TEXT</urn1:originalText> </urn1:purposeOfDisclosureCoded> | <hl7:PurposeOfUse xmlns:hl7="urn:hl7-org:v3" code="PURPOSE-CODE" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="PURPOSE-DISPLAY-NAME" xsi:type="hl7:CE"/> | Per testing with PD, <originalText> in this location does not get used | ||
<urn1:samlConditions> <urn1:notBefore>2009-04-16T13:10:39.093Z</urn1:notBefore> <urn1:notOnOrAfter>2009-12-31T12:00:00.000Z</urn1:notOnOrAfter> </urn1:samlConditions> | <saml2:Conditions NotBefore="2018-04-20T16:26:34.545Z" NotOnOrAfter="2018-04-20T16:31:34.546Z"/> | |||
<urn1:samlAuthnStatement> <urn1:authInstant>DATE</urn1:authInstant> <urn1:sessionIndex>SESSION-INDEX</urn1:sessionIndex> <urn1:authContextClassRef>AUTH-CONTEXT-CLASS-REF</urn1:authContextClassRef> <urn1:subjectLocalityAddress>SUBJECT-LOCALITY-ADDRESS</urn1:subjectLocalityAddress> <urn1:subjectLocalityDNSName>SUBJECT-LOCALITY-DNS-NAME</urn1:subjectLocalityDNSName> </urn1:samlAuthnStatement> | <saml2:AuthnStatement AuthnInstant="DATE" SessionIndex="SESSION-INDEX"> <saml2:SubjectLocality Address="SUBJECT-LOCALITY-ADDRESS" DNSName="SUBJECT-LOCALITY-DNS-NAME"/> <saml2:AuthnContext> <saml2:AuthnContextClassRef>AUTH-CONTEXT-CLASS-REF</saml2:AuthnContextClassRef> </saml2:AuthnContext> | Per testing with PD:
| ||
<urn1:samlAuthzDecisionStatement> <urn1:decision>Permit</urn1:decision> <urn1:resource>https://1.1.1.1:8181/SamlReceiveService/SamlProcessWS</urn1:resource> <urn1:action>TestSaml</urn1:action> <urn1:evidence> <urn1:assertion> <urn1:id>40df7c0a-ff3e-4b26-baeb-f2910f6d05a9</urn1:id> <urn1:issueInstant>2009-04-16T13:10:39.093Z</urn1:issueInstant> <urn1:version>2.0</urn1:version> <urn1:issuerFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</urn1:issuerFormat> <urn1:issuer>CN=SAML User,OU=connect,O=FHA,L=Melbourne,ST=FL,C=US</urn1:issuer> <urn1:conditions> <urn1:notBefore>2009-04-16T13:10:39.093Z</urn1:notBefore> <urn1:notOnOrAfter>2009-12-31T12:00:00.000Z</urn1:notOnOrAfter> </urn1:conditions> <urn1:accessConsentPolicy>Claim-Ref-1234</urn1:accessConsentPolicy> <urn1:instanceAccessConsentPolicy>Claim-Instance-1</urn1:instanceAccessConsentPolicy> </urn1:assertion> </urn1:evidence> </urn1:samlAuthzDecisionStatement> |
| Based on testing with the CONNECT policy engine adapter, only the following are required in order for AuthzDecisionStatement to be present in the outgoing SAML assertion:
Dates must be in valid formats or an exception is thrown Only the following values are passed all the way through to the adapter to the outgoing nhin SAML assertion:
|
...