• API Hub
  • Search loading...

    API Hub

    Explore and Make use of Nationally Defined Messaging APIs

     

    SAML Example

    An example of a SAML assertion

    See the Authorisation page for details.

    Example SAML Role Assertion Request (using token ID returned from the identity agent and URL encoded):

    curl --insecure https://sbapi.nis1.national.ncrs.nhs.uk/saml/RoleAssertion?token=AQIC5wM2LY4Sfcy73z2zeTRzPNXOdr5U6mC2NyUVxy0BffY%3D%40AAJTSQACMDE%3D%23
    

    SAML Response:

    <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" ResponseID="null" InResponseTo="null" MajorVersion="1" MinorVersion="1" IssueInstant="2018-06-28T14:30:51Z" Recipient="172.16.143.51">
        <samlp:Status>
            <samlp:StatusCode Value="samlp:Success"/>
        </samlp:Status>
        <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="1" AssertionID="ba10307f67ace849c6fc7459fe9b6e4e2daa65c8d" Issuer="http://iam-careid-development:8080" IssueInstant="2018-06-28T14:30:51Z">
            <saml:Conditions NotBefore="2018-06-28T14:27:51Z" NotOnOrAfter="2018-06-28T14:31:51Z"/>
            <saml:AttributeStatement>
                <saml:Subject>
                    <saml:NameIdentifier NameQualifier="o=nhs">uid=232871648514,ou=People,o=nhs</saml:NameIdentifier>
                    <saml:SubjectConfirmation>
                        <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
                        <saml:SubjectConfirmationData>
                            <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="10a1792f539d58d6d11f9a84633338c27907283er" Issuer="http://iam-careid-development:8080" IssueInstant="2018-06-28T14:30:51Z">
                                <saml:Conditions NotBefore="2018-06-28T14:27:51Z" NotOnOrAfter="2018-06-28T14:31:51Z"/>
                                <saml:AuthenticationStatement AuthenticationInstant="2018-06-28T14:22:24Z" AuthenticationMethod="urn:com:sun:identity:ExtendedLoginModule">
                                    <saml:Subject>
                                        <saml:NameIdentifier NameQualifier="o=nhs">uid=232871648514,ou=People,o=nhs</saml:NameIdentifier>
                                        <saml:SubjectConfirmation>
                                            <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
                                            <saml:SubjectConfirmationData>AQIC5wM2LY4Sfcy73z2zeTRzPNXOdr5U6mC2NyUVxy0BffY=@AAJTSQACMDE=#</saml:SubjectConfirmationData>
                                        </saml:SubjectConfirmation>
                                    </saml:Subject>
                                    <saml:SubjectLocality IPAddress="172.16.143.51"/>
                                </saml:AuthenticationStatement>
                            </saml:Assertion>
                        </saml:SubjectConfirmationData>
                    </saml:SubjectConfirmation>
                </saml:Subject>
                <saml:Attribute AttributeName="ssbAssertionVersion" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>1.1</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="cn" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>Hatherly Adam</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="uid" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>232871648514</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="ssbSessionRoleUid" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>780609380511</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="ssbMode" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>0</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="nhsIdCode" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>X09</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="o" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>NHS CONNECTING FOR HEALTH</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="nhsBusinessFunctions" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>Execute Management Reports</saml:AttributeValue>
                    <saml:AttributeValue>View non-ETP Clinical Data within CSA</saml:AttributeValue>
                    <saml:AttributeValue>Execute Clinical Reports</saml:AttributeValue>
                    <saml:AttributeValue>Claim Subject Access Request</saml:AttributeValue>
                    <saml:AttributeValue>Manage Detailed Health Records</saml:AttributeValue>
                    <saml:AttributeValue>Claim a relationship with a patient</saml:AttributeValue>
                    <saml:AttributeValue>Execute Administrative Reports</saml:AttributeValue>
                    <saml:AttributeValue>Access SCR Application (Perform Patient Trace)</saml:AttributeValue>
                    <saml:AttributeValue>Execute Ad-hoc Reports</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="nhsBusinessFunctionsCodes" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>B8029</saml:AttributeValue>
                    <saml:AttributeValue>B0945</saml:AttributeValue>
                    <saml:AttributeValue>B0257</saml:AttributeValue>
                    <saml:AttributeValue>B0264</saml:AttributeValue>
                    <saml:AttributeValue>B0286</saml:AttributeValue>
                    <saml:AttributeValue>B0991</saml:AttributeValue>
                    <saml:AttributeValue>B8004</saml:AttributeValue>
                    <saml:AttributeValue>B8006</saml:AttributeValue>
                    <saml:AttributeValue>B0085</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="nhsJobRole" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>"Clinical":"Clinical Provision":"Health Professional Access Role"</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="uniqueIdentifier" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>780609380511</saml:AttributeValue>
                </saml:Attribute>
                <saml:Attribute AttributeName="nhsJobRoleCode" AttributeNamespace="http://www.syntegra.com">
                    <saml:AttributeValue>S8000:G8000:R8003</saml:AttributeValue>
                </saml:Attribute>
            </saml:AttributeStatement>
        </saml:Assertion>
    </samlp:Response>
    
    Tags:

    All content is available under the Open Government Licence v3.0, except where otherwise stated