Prototyp Interoperable Servicekonten

&
&
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1
vom 05.10.2016
Projektbezeichnung
Prototyp Interoperable Servicekonten
Dokumentname
API-Dokumentation
Projektleiter
Herr Kirschenbauer (StMFLH)
Version
0.1
Erstellt am
05.10.2016
Zuletzt geändert
Anton Kronseder, 05.10.2016
Bearbeitungszustand
In Bearbeitung
Dokumentablage
https://www.interoperable-servicekonten.de/p/x/LwBf
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
2
Änderungsverzeichnis
Nr. Datum
V
1
0.1 Alle
05.10.2016
Kapitel
Beschreibung
Autor
Zustand
Initiale Erstellung
Anton Kronseder,
In Bearbeitung
Robert Reiner
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
3
Inhaltsverzeichnis
1
Vorwort .....................................................................................................5
2
Entity-Deskriptor-Dienst ............................................................................7
2.1
Zugriff auf den Entities-Deskriptor ................................................................................... 7
2.2
Struktur des Deskriptors ................................................................................................. 15
3
3.1
4
4.1
5
5.1
Feed-Dienst ............................................................................................. 17
Entities der Föderation ................................................................................................... 17
Föderationsmitglieder-Dienst .................................................................. 40
IDs der Föderationsmitglieder ........................................................................................ 40
Servicekontodienst .................................................................................. 41
Informationen zu Servicekonten .................................................................................... 41
6
Administrationsdienste ........................................................................... 42
7
Literaturverweise .................................................................................... 43
8
Glossar .................................................................................................... 44
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
4
1 Vorwort
Die Integration von bestehenden Servicekonten erfolgt durch das Einspielen von EntitiesDescriptoren der IdP- und SP-Anteile der Servicekonten. Die Administration dieser
Deskriptoren erfolgt über eine Webschnittstelle (REST-API).
Die Dokumentation zu diesem REST-API ist über den REST API Browser im Bereich egov
zugreifbar.
Die REST-Services werden sichtbar, wenn die Auswahlbox "Show only public APIs" abgewählt
ist.
Die in diesem Dokument beinhalteten Spezifikationen und Definitionen stellen eine
Diskussionsgrundlage für die Teilnehmer am fachlichen Prototypen und dem BSI dar.
Der Hinweis, dass jede Aussage oder Forderung ungeachtet der Formulierung stets nur ein
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
5
Vorschlag ist erfolgt aus Gründen der Lesbarkeit nur jeweils zu Beginn eines Tour-Dokuments.
In Teilen der Dokumentation, beispielsweise welche Attribute in der Föderation übermittelt
werden und wie diese aufgebaut sein sollen, werden lediglich Vorschläge unterbreitet, da es
sich hier um nicht technische, sondern um fachliche Spezifikationen handelt. Die fachlichen
Spezifikationen sollen von den Teilnehmern am fachlichen Prototypen erarbeitet und mit dem
BSI abgestimmt werden.
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
6
2 Entity-Deskriptor-Dienst
URL-Template
/entity-descriptor/{token}
REST-API
egov
Die Deskriptoren müssen beide Entities (IdP und SP) in einem EntititesDescriptorElement enthalten.
Informationen zur Konfiguration der Entities sind Metadaten des Identity-Providers zu
entnehmen. In Einspielen von Metadaten wird der Einspielprozess näher beschrieben.
Per HTTP-PUT können die Deskriptoren dem System bereitgestellt werden.
Alternativ kann gegenwärtig auch HTTP-POST für den Upload verwendet werden, falls die
Firewall-Einstellungen die Verwendung von PUT verhindern.
Falls jeder Teilnehmer PUT verwenden kann, wird diese Methode nach Abstimmung mit den
Teilnehmern abgeschaltet.
Über den Dienst kann mittels HTTP-GET der Deskriptor zur Kontrolle vom
Föderationsteilnehmer heruntergeladen werden.
2.1 Zugriff auf den Entities-Deskriptor
Für den Zugriff auf seinen Entities-Deskriptor benötigt das Föderationsmitglied seine
Föderationsmitglied-ID. Diese ID wird an den URL des REST-Diensts als Path-Parameter
angehängt.
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
7
Codeblock 1 Beispielantwort des Service
<?xml version="1.0"?>
<EntitiesDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" >
<Extensions>
<attr:EntityAttributes>
<saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oasis:names:tc:SAML:attribute:assurance-certification">
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/normal
</saml:AttributeValue>
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/substantiell
</saml:AttributeValue>
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/hoch
</saml:AttributeValue>
</saml:Attribute>
</attr:EntityAttributes>
</Extensions>
<EntityDescriptor
entityID="https://servicekonto.verwaltungsportal1.de/idp" >
<IDPSSODescriptor
errorURL="https://www.interoperable-servicekonten.de/ref/support"
WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAHMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3MzRaFw0xNzA3MTkwNjQ3MzRaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwxLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
8
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMX0MCeHGAmxJRRwCbYULrZO8m6V
Ic5VuuWxh2SDD6ieojLr7BLj3GFQhALSXjv+Hhh7p3sNInDWX3W73BtjC5qpDOif
boVXuPc5jBQRMbxQz6qWCdhaaUXf6JpEz3JwGVOhool7rigTjSqPuP0igtivO+mF
/VgjLMBXDuQXYZ+sfkimrUP32mTIV3Zm3/z4+dcH0PTbOdwoa8+gHEyZY4BEpdXM
z+mTI568jIMy9OYxLAXP0JKfVwhn5PhCVu5xnfC3zvMbaxx2YS7BJSqG/2au272v
wlYnsGLYdojgxvg+zuG0fdfh+9ZQbSSUYIQ+nOU4IDgoa4LCtn2Ab2H/lS8CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAhxeLdpsyGLP3fUizKP9N6fiyBq4Dkwz5Jq1U
dEZioRAi0hxWo6rjZi2wOv4zwoQablZY3nwIcT3X+jNKuImIeEy+RKOxOO7Mp9yC
6jcYSG0P0YabmWA+N/iyuH8N5ZPKP0iig9n9qN10OGhzh3y0+FZLtyUIvX9VVvQZ
/HCTh4uUzk+ppv/3ShH2tGPcmY07xTuEoMS8QIYnk2pgCw5fD/oDU1E/TYZG1UEh
6NhBbWMCfdlG11V/Y8y6n6HPozoywSsuAi1GM8TOiQ+Qi91tfyLpRyb04+IbiwhE
1Aoxqmwd12DU5s0wmlQOb1SKdwLHrjzpFgkxIUOeHG396aoQ2JTbBigNoqNRBm9s
fKooOPBXtBkt69Ei1XWZYd2eHzOfVaPOjZYgvSC1tnAtUvZlqgATdoYOjmgUGf/I
LkgCj1Y0cnUS7+P+2PUUkcXYS46ebU8Fd6lJtBBdY2Wgrtp9g4NAG8MEmDTfk4Mp
dYXke45kTf1PZq3ohZevBfAj3duh32iH2mdUVcVB320Ptd0nKaXG/B9la/yrVBTj
Hz/RCG3boErBY+8fn+pmpaeHkgrybeJ5hbd/bPoNmKl2w3VI1ZYgahtGPxVoSsyE
CM3BsugwSsZauYTurvguHAyTKSIENV+piUtdQBx/v9vldnZS8PNzcqzmas3nR9R4
cvrRSjU=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
9
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAHMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3MzRaFw0xNzA3MTkwNjQ3MzRaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwxLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMX0MCeHGAmxJRRwCbYULrZO8m6V
Ic5VuuWxh2SDD6ieojLr7BLj3GFQhALSXjv+Hhh7p3sNInDWX3W73BtjC5qpDOif
boVXuPc5jBQRMbxQz6qWCdhaaUXf6JpEz3JwGVOhool7rigTjSqPuP0igtivO+mF
/VgjLMBXDuQXYZ+sfkimrUP32mTIV3Zm3/z4+dcH0PTbOdwoa8+gHEyZY4BEpdXM
z+mTI568jIMy9OYxLAXP0JKfVwhn5PhCVu5xnfC3zvMbaxx2YS7BJSqG/2au272v
wlYnsGLYdojgxvg+zuG0fdfh+9ZQbSSUYIQ+nOU4IDgoa4LCtn2Ab2H/lS8CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAhxeLdpsyGLP3fUizKP9N6fiyBq4Dkwz5Jq1U
dEZioRAi0hxWo6rjZi2wOv4zwoQablZY3nwIcT3X+jNKuImIeEy+RKOxOO7Mp9yC
6jcYSG0P0YabmWA+N/iyuH8N5ZPKP0iig9n9qN10OGhzh3y0+FZLtyUIvX9VVvQZ
/HCTh4uUzk+ppv/3ShH2tGPcmY07xTuEoMS8QIYnk2pgCw5fD/oDU1E/TYZG1UEh
6NhBbWMCfdlG11V/Y8y6n6HPozoywSsuAi1GM8TOiQ+Qi91tfyLpRyb04+IbiwhE
1Aoxqmwd12DU5s0wmlQOb1SKdwLHrjzpFgkxIUOeHG396aoQ2JTbBigNoqNRBm9s
fKooOPBXtBkt69Ei1XWZYd2eHzOfVaPOjZYgvSC1tnAtUvZlqgATdoYOjmgUGf/I
LkgCj1Y0cnUS7+P+2PUUkcXYS46ebU8Fd6lJtBBdY2Wgrtp9g4NAG8MEmDTfk4Mp
dYXke45kTf1PZq3ohZevBfAj3duh32iH2mdUVcVB320Ptd0nKaXG/B9la/yrVBTj
Hz/RCG3boErBY+8fn+pmpaeHkgrybeJ5hbd/bPoNmKl2w3VI1ZYgahtGPxVoSsyE
CM3BsugwSsZauYTurvguHAyTKSIENV+piUtdQBx/v9vldnZS8PNzcqzmas3nR9R4
cvrRSjU=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
10
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">256</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://servicekonto.verwaltungsportal1.de:443/service/SSORedirect/metaAlias/
idp" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://servicekonto.verwaltungsportal1.de:443/service/SSOPOST/metaAlias/idp"
/>
</IDPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">HD_GmbH_Verwaltungsportal_1</OrganizationName>
<OrganizationDisplayName xml:lang="de">Servicekonto Verwaltungsportal
1</OrganizationDisplayName>
<OrganizationURL xml:lang="de"></OrganizationURL>
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
11
</Organization>
</EntityDescriptor>
<EntityDescriptor
entityID="https://servicekonto.verwaltungsportal1.de/sp" >
<SPSSODescriptor
errorURL="https://www.interoperable-servicekonten.de/ref/support"
AuthnRequestsSigned="true"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAHMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3MzRaFw0xNzA3MTkwNjQ3MzRaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwxLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMX0MCeHGAmxJRRwCbYULrZO8m6V
Ic5VuuWxh2SDD6ieojLr7BLj3GFQhALSXjv+Hhh7p3sNInDWX3W73BtjC5qpDOif
boVXuPc5jBQRMbxQz6qWCdhaaUXf6JpEz3JwGVOhool7rigTjSqPuP0igtivO+mF
/VgjLMBXDuQXYZ+sfkimrUP32mTIV3Zm3/z4+dcH0PTbOdwoa8+gHEyZY4BEpdXM
z+mTI568jIMy9OYxLAXP0JKfVwhn5PhCVu5xnfC3zvMbaxx2YS7BJSqG/2au272v
wlYnsGLYdojgxvg+zuG0fdfh+9ZQbSSUYIQ+nOU4IDgoa4LCtn2Ab2H/lS8CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAhxeLdpsyGLP3fUizKP9N6fiyBq4Dkwz5Jq1U
dEZioRAi0hxWo6rjZi2wOv4zwoQablZY3nwIcT3X+jNKuImIeEy+RKOxOO7Mp9yC
6jcYSG0P0YabmWA+N/iyuH8N5ZPKP0iig9n9qN10OGhzh3y0+FZLtyUIvX9VVvQZ
/HCTh4uUzk+ppv/3ShH2tGPcmY07xTuEoMS8QIYnk2pgCw5fD/oDU1E/TYZG1UEh
6NhBbWMCfdlG11V/Y8y6n6HPozoywSsuAi1GM8TOiQ+Qi91tfyLpRyb04+IbiwhE
1Aoxqmwd12DU5s0wmlQOb1SKdwLHrjzpFgkxIUOeHG396aoQ2JTbBigNoqNRBm9s
fKooOPBXtBkt69Ei1XWZYd2eHzOfVaPOjZYgvSC1tnAtUvZlqgATdoYOjmgUGf/I
LkgCj1Y0cnUS7+P+2PUUkcXYS46ebU8Fd6lJtBBdY2Wgrtp9g4NAG8MEmDTfk4Mp
dYXke45kTf1PZq3ohZevBfAj3duh32iH2mdUVcVB320Ptd0nKaXG/B9la/yrVBTj
Hz/RCG3boErBY+8fn+pmpaeHkgrybeJ5hbd/bPoNmKl2w3VI1ZYgahtGPxVoSsyE
CM3BsugwSsZauYTurvguHAyTKSIENV+piUtdQBx/v9vldnZS8PNzcqzmas3nR9R4
cvrRSjU=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
12
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">384</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAHMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3MzRaFw0xNzA3MTkwNjQ3MzRaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwxLmRlMTIwMAYJKoZI
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
13
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMX0MCeHGAmxJRRwCbYULrZO8m6V
Ic5VuuWxh2SDD6ieojLr7BLj3GFQhALSXjv+Hhh7p3sNInDWX3W73BtjC5qpDOif
boVXuPc5jBQRMbxQz6qWCdhaaUXf6JpEz3JwGVOhool7rigTjSqPuP0igtivO+mF
/VgjLMBXDuQXYZ+sfkimrUP32mTIV3Zm3/z4+dcH0PTbOdwoa8+gHEyZY4BEpdXM
z+mTI568jIMy9OYxLAXP0JKfVwhn5PhCVu5xnfC3zvMbaxx2YS7BJSqG/2au272v
wlYnsGLYdojgxvg+zuG0fdfh+9ZQbSSUYIQ+nOU4IDgoa4LCtn2Ab2H/lS8CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAhxeLdpsyGLP3fUizKP9N6fiyBq4Dkwz5Jq1U
dEZioRAi0hxWo6rjZi2wOv4zwoQablZY3nwIcT3X+jNKuImIeEy+RKOxOO7Mp9yC
6jcYSG0P0YabmWA+N/iyuH8N5ZPKP0iig9n9qN10OGhzh3y0+FZLtyUIvX9VVvQZ
/HCTh4uUzk+ppv/3ShH2tGPcmY07xTuEoMS8QIYnk2pgCw5fD/oDU1E/TYZG1UEh
6NhBbWMCfdlG11V/Y8y6n6HPozoywSsuAi1GM8TOiQ+Qi91tfyLpRyb04+IbiwhE
1Aoxqmwd12DU5s0wmlQOb1SKdwLHrjzpFgkxIUOeHG396aoQ2JTbBigNoqNRBm9s
fKooOPBXtBkt69Ei1XWZYd2eHzOfVaPOjZYgvSC1tnAtUvZlqgATdoYOjmgUGf/I
LkgCj1Y0cnUS7+P+2PUUkcXYS46ebU8Fd6lJtBBdY2Wgrtp9g4NAG8MEmDTfk4Mp
dYXke45kTf1PZq3ohZevBfAj3duh32iH2mdUVcVB320Ptd0nKaXG/B9la/yrVBTj
Hz/RCG3boErBY+8fn+pmpaeHkgrybeJ5hbd/bPoNmKl2w3VI1ZYgahtGPxVoSsyE
CM3BsugwSsZauYTurvguHAyTKSIENV+piUtdQBx/v9vldnZS8PNzcqzmas3nR9R4
cvrRSjU=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
14
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">256</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://servicekonto.verwaltungsportal1.de:443/service/Consumer/metaAlias/sp"
/>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">HD_GmbH_Verwaltungsportal_1</OrganizationName>
<OrganizationDisplayName xml:lang="de">Servicekonto Verwaltungsportal
1</OrganizationDisplayName>
<OrganizationURL xml:lang="de"></OrganizationURL>
</Organization>
</EntityDescriptor>
</EntitiesDescriptor>
2.2 Struktur des Deskriptors
Der Deskriptor für Entity-Metadaten hat die folgende Struktur:
<?xml version='1.0'?>
<EntitiesDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute"
Name="..."
ID="...">
<Extensions>
...
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
15
</Extensions>
<EntityDescriptor entityID="https://.../idp" ...>
<IDPSSODescriptor ...>
...
</IDPSSODescriptor>
<Organization>
...
</Organization>
</EntityDescriptor>
<EntityDescriptor entityID="https://.../sp" ...>
<SPSSODescriptor ...>
...
</SPSSODescriptor>
<Organization>
...
</Organization>
</EntityDescriptor>
</EntitiesDescriptor>
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
16
3 Feed-Dienst
URL-Template
/feed/feed/{token}
REST-API
egov
Damit die SAML-Entities der Föderation miteinander kommunizieren können, müssen sie in
eine gemeinsame Vertrauensstellung gebracht werden. Diese Vertrauensstellung wird Circleof-Trust genannt. Dazu werden zwischen den Föderationspartner so genannte EntitiesDeskriptoren ausgetauscht, die die Schnittstelle zwischen den SAML-Entities beschreiben.
Die Deskriptoren werden über den Feed-Service bereitgestellt.
3.1 Entities der Föderation
Codeblock 2 Beispielantwort des Service
<?xml version="1.0" encoding="UTF-8"?><EntitiesDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="EGOV-DE-FEDERATION"
Name="https://interoperable-servicekonten.de/ref/metadata/egov-de.xml">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsasha256"/>
<ds:Reference URI="#EGOV-DE-FEDERATION">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#envelopedsignature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>vAjwyreCOUF8LRLkP2F6r5EOFt0fuBu/COGrr7xE/WM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
17
<ds:SignatureValue>L049H2P61HFSF6JU9+f8gaYxw81pH41+obpDuU/8oAuLLpohb574Hm/LNQWAr48KwCG7
b8iWxm30JgcpRH7ZU92W9dQkuOCuEO5OsvcGVPEumDpxM3Hf4jvM+tNPp0OEQwiS3CjOT6RgJcOcvItmgldmNPH
dcSS+51FvWkQE+IwEAxPOx5iOUNLwA6/kVHrNdylfwKEgdgOSGmtg6JGVW+IeGJKUVRLtRfn3D1OFgn7eC+3u2p
KBZBrC0jy4W/YQAfu09S1a6jN3k9MrZ1IviCEd/6Vlwsl2iBoUxjVyWON3BWzMk/UYHfPovzgCBfGK63WA7J68W
+Y1n098km8aOQ==</ds:SignatureValue>
</ds:Signature>
<EntityDescriptor entityID="https://servicekonto.verwaltungsportal1.de/idp"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="true" errorURL="https://www.interoperableservicekonten.de/ref/support"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAHMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3MzRaFw0xNzA3MTkwNjQ3MzRaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwxLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMX0MCeHGAmxJRRwCbYULrZO8m6V
Ic5VuuWxh2SDD6ieojLr7BLj3GFQhALSXjv+Hhh7p3sNInDWX3W73BtjC5qpDOif
boVXuPc5jBQRMbxQz6qWCdhaaUXf6JpEz3JwGVOhool7rigTjSqPuP0igtivO+mF
/VgjLMBXDuQXYZ+sfkimrUP32mTIV3Zm3/z4+dcH0PTbOdwoa8+gHEyZY4BEpdXM
z+mTI568jIMy9OYxLAXP0JKfVwhn5PhCVu5xnfC3zvMbaxx2YS7BJSqG/2au272v
wlYnsGLYdojgxvg+zuG0fdfh+9ZQbSSUYIQ+nOU4IDgoa4LCtn2Ab2H/lS8CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAhxeLdpsyGLP3fUizKP9N6fiyBq4Dkwz5Jq1U
dEZioRAi0hxWo6rjZi2wOv4zwoQablZY3nwIcT3X+jNKuImIeEy+RKOxOO7Mp9yC
6jcYSG0P0YabmWA+N/iyuH8N5ZPKP0iig9n9qN10OGhzh3y0+FZLtyUIvX9VVvQZ
/HCTh4uUzk+ppv/3ShH2tGPcmY07xTuEoMS8QIYnk2pgCw5fD/oDU1E/TYZG1UEh
6NhBbWMCfdlG11V/Y8y6n6HPozoywSsuAi1GM8TOiQ+Qi91tfyLpRyb04+IbiwhE
1Aoxqmwd12DU5s0wmlQOb1SKdwLHrjzpFgkxIUOeHG396aoQ2JTbBigNoqNRBm9s
fKooOPBXtBkt69Ei1XWZYd2eHzOfVaPOjZYgvSC1tnAtUvZlqgATdoYOjmgUGf/I
LkgCj1Y0cnUS7+P+2PUUkcXYS46ebU8Fd6lJtBBdY2Wgrtp9g4NAG8MEmDTfk4Mp
dYXke45kTf1PZq3ohZevBfAj3duh32iH2mdUVcVB320Ptd0nKaXG/B9la/yrVBTj
Hz/RCG3boErBY+8fn+pmpaeHkgrybeJ5hbd/bPoNmKl2w3VI1ZYgahtGPxVoSsyE
CM3BsugwSsZauYTurvguHAyTKSIENV+piUtdQBx/v9vldnZS8PNzcqzmas3nR9R4
cvrRSjU=</ds:X509Certificate>
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
18
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAHMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3MzRaFw0xNzA3MTkwNjQ3MzRaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
19
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwxLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMX0MCeHGAmxJRRwCbYULrZO8m6V
Ic5VuuWxh2SDD6ieojLr7BLj3GFQhALSXjv+Hhh7p3sNInDWX3W73BtjC5qpDOif
boVXuPc5jBQRMbxQz6qWCdhaaUXf6JpEz3JwGVOhool7rigTjSqPuP0igtivO+mF
/VgjLMBXDuQXYZ+sfkimrUP32mTIV3Zm3/z4+dcH0PTbOdwoa8+gHEyZY4BEpdXM
z+mTI568jIMy9OYxLAXP0JKfVwhn5PhCVu5xnfC3zvMbaxx2YS7BJSqG/2au272v
wlYnsGLYdojgxvg+zuG0fdfh+9ZQbSSUYIQ+nOU4IDgoa4LCtn2Ab2H/lS8CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAhxeLdpsyGLP3fUizKP9N6fiyBq4Dkwz5Jq1U
dEZioRAi0hxWo6rjZi2wOv4zwoQablZY3nwIcT3X+jNKuImIeEy+RKOxOO7Mp9yC
6jcYSG0P0YabmWA+N/iyuH8N5ZPKP0iig9n9qN10OGhzh3y0+FZLtyUIvX9VVvQZ
/HCTh4uUzk+ppv/3ShH2tGPcmY07xTuEoMS8QIYnk2pgCw5fD/oDU1E/TYZG1UEh
6NhBbWMCfdlG11V/Y8y6n6HPozoywSsuAi1GM8TOiQ+Qi91tfyLpRyb04+IbiwhE
1Aoxqmwd12DU5s0wmlQOb1SKdwLHrjzpFgkxIUOeHG396aoQ2JTbBigNoqNRBm9s
fKooOPBXtBkt69Ei1XWZYd2eHzOfVaPOjZYgvSC1tnAtUvZlqgATdoYOjmgUGf/I
LkgCj1Y0cnUS7+P+2PUUkcXYS46ebU8Fd6lJtBBdY2Wgrtp9g4NAG8MEmDTfk4Mp
dYXke45kTf1PZq3ohZevBfAj3duh32iH2mdUVcVB320Ptd0nKaXG/B9la/yrVBTj
Hz/RCG3boErBY+8fn+pmpaeHkgrybeJ5hbd/bPoNmKl2w3VI1ZYgahtGPxVoSsyE
CM3BsugwSsZauYTurvguHAyTKSIENV+piUtdQBx/v9vldnZS8PNzcqzmas3nR9R4
cvrRSjU=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
20
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">256</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://servicekonto.verwaltungsportal1.de:443/service/SSORedirect/metaAlias/
idp"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://servicekonto.verwaltungsportal1.de:443/service/SSOPOST/metaAlias/idp"
/>
</IDPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">HD_GmbH_Verwaltungsportal_1</OrganizationName>
<OrganizationDisplayName xml:lang="de">Servicekonto Verwaltungsportal
1</OrganizationDisplayName>
<OrganizationURL xml:lang="de"/>
</Organization>
</EntityDescriptor>
<EntityDescriptor entityID="https://servicekonto.verwaltungsportal1.de/sp"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true"
errorURL="https://www.interoperable-servicekonten.de/ref/support"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAHMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3MzRaFw0xNzA3MTkwNjQ3MzRaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
21
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwxLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMX0MCeHGAmxJRRwCbYULrZO8m6V
Ic5VuuWxh2SDD6ieojLr7BLj3GFQhALSXjv+Hhh7p3sNInDWX3W73BtjC5qpDOif
boVXuPc5jBQRMbxQz6qWCdhaaUXf6JpEz3JwGVOhool7rigTjSqPuP0igtivO+mF
/VgjLMBXDuQXYZ+sfkimrUP32mTIV3Zm3/z4+dcH0PTbOdwoa8+gHEyZY4BEpdXM
z+mTI568jIMy9OYxLAXP0JKfVwhn5PhCVu5xnfC3zvMbaxx2YS7BJSqG/2au272v
wlYnsGLYdojgxvg+zuG0fdfh+9ZQbSSUYIQ+nOU4IDgoa4LCtn2Ab2H/lS8CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAhxeLdpsyGLP3fUizKP9N6fiyBq4Dkwz5Jq1U
dEZioRAi0hxWo6rjZi2wOv4zwoQablZY3nwIcT3X+jNKuImIeEy+RKOxOO7Mp9yC
6jcYSG0P0YabmWA+N/iyuH8N5ZPKP0iig9n9qN10OGhzh3y0+FZLtyUIvX9VVvQZ
/HCTh4uUzk+ppv/3ShH2tGPcmY07xTuEoMS8QIYnk2pgCw5fD/oDU1E/TYZG1UEh
6NhBbWMCfdlG11V/Y8y6n6HPozoywSsuAi1GM8TOiQ+Qi91tfyLpRyb04+IbiwhE
1Aoxqmwd12DU5s0wmlQOb1SKdwLHrjzpFgkxIUOeHG396aoQ2JTbBigNoqNRBm9s
fKooOPBXtBkt69Ei1XWZYd2eHzOfVaPOjZYgvSC1tnAtUvZlqgATdoYOjmgUGf/I
LkgCj1Y0cnUS7+P+2PUUkcXYS46ebU8Fd6lJtBBdY2Wgrtp9g4NAG8MEmDTfk4Mp
dYXke45kTf1PZq3ohZevBfAj3duh32iH2mdUVcVB320Ptd0nKaXG/B9la/yrVBTj
Hz/RCG3boErBY+8fn+pmpaeHkgrybeJ5hbd/bPoNmKl2w3VI1ZYgahtGPxVoSsyE
CM3BsugwSsZauYTurvguHAyTKSIENV+piUtdQBx/v9vldnZS8PNzcqzmas3nR9R4
cvrRSjU=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
22
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">384</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAHMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3MzRaFw0xNzA3MTkwNjQ3MzRaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwxLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMX0MCeHGAmxJRRwCbYULrZO8m6V
Ic5VuuWxh2SDD6ieojLr7BLj3GFQhALSXjv+Hhh7p3sNInDWX3W73BtjC5qpDOif
boVXuPc5jBQRMbxQz6qWCdhaaUXf6JpEz3JwGVOhool7rigTjSqPuP0igtivO+mF
/VgjLMBXDuQXYZ+sfkimrUP32mTIV3Zm3/z4+dcH0PTbOdwoa8+gHEyZY4BEpdXM
z+mTI568jIMy9OYxLAXP0JKfVwhn5PhCVu5xnfC3zvMbaxx2YS7BJSqG/2au272v
wlYnsGLYdojgxvg+zuG0fdfh+9ZQbSSUYIQ+nOU4IDgoa4LCtn2Ab2H/lS8CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAhxeLdpsyGLP3fUizKP9N6fiyBq4Dkwz5Jq1U
dEZioRAi0hxWo6rjZi2wOv4zwoQablZY3nwIcT3X+jNKuImIeEy+RKOxOO7Mp9yC
6jcYSG0P0YabmWA+N/iyuH8N5ZPKP0iig9n9qN10OGhzh3y0+FZLtyUIvX9VVvQZ
/HCTh4uUzk+ppv/3ShH2tGPcmY07xTuEoMS8QIYnk2pgCw5fD/oDU1E/TYZG1UEh
6NhBbWMCfdlG11V/Y8y6n6HPozoywSsuAi1GM8TOiQ+Qi91tfyLpRyb04+IbiwhE
1Aoxqmwd12DU5s0wmlQOb1SKdwLHrjzpFgkxIUOeHG396aoQ2JTbBigNoqNRBm9s
fKooOPBXtBkt69Ei1XWZYd2eHzOfVaPOjZYgvSC1tnAtUvZlqgATdoYOjmgUGf/I
LkgCj1Y0cnUS7+P+2PUUkcXYS46ebU8Fd6lJtBBdY2Wgrtp9g4NAG8MEmDTfk4Mp
dYXke45kTf1PZq3ohZevBfAj3duh32iH2mdUVcVB320Ptd0nKaXG/B9la/yrVBTj
Hz/RCG3boErBY+8fn+pmpaeHkgrybeJ5hbd/bPoNmKl2w3VI1ZYgahtGPxVoSsyE
CM3BsugwSsZauYTurvguHAyTKSIENV+piUtdQBx/v9vldnZS8PNzcqzmas3nR9R4
cvrRSjU=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
23
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">256</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://servicekonto.verwaltungsportal1.de:443/service/Consumer/metaAlias/sp"
index="0"/>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">HD_GmbH_Verwaltungsportal_1</OrganizationName>
<OrganizationDisplayName xml:lang="de">Servicekonto Verwaltungsportal
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
24
1</OrganizationDisplayName>
<OrganizationURL xml:lang="de"/>
</Organization>
</EntityDescriptor>
<EntityDescriptor entityID="https://servicekonto.verwaltungsportal3.de/idp"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<Extensions>
<attr:EntityAttributes xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute">
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/normal
</saml:AttributeValue>
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/substantiell
</saml:AttributeValue>
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/hoch
</saml:AttributeValue>
</saml:Attribute>
</attr:EntityAttributes>
</Extensions>
<IDPSSODescriptor WantAuthnRequestsSigned="true" errorURL="https://www.interoperableservicekonten.de/ref/support"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAJMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ4MDJaFw0xNzA3MTkwNjQ4MDJaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwzLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMt3nnfjPDOXdslDxiD8aexeJwzs
g7hT6SSVcRq1mybTSqmU2eonsPtD3xvnVceW2pWDiNZHpxA2Ojzig0RRIqW+xtOn
lPF04BLDl8JkZskv0FQkLhmmVQNWRny25x8UxPOATnB4e84J1V0xJT0FhZcnr2zW
oioPzEWZb6Wk1bx7qZ5HvJ1lq+upZu4UVC74oRLiLopor5rfam1m9EHcve74WVoc
kanGcdXAY1T8/0ftbDyToy+itZtNsnnNsALJwD32Hllao0XPXjm9+FLNX3wFuWGE
mcFOKmpK7bMvGM3unw6eW1RCUduKKfosrCSUY4ZFbOaAAGnFdqsDEnW2rR0CAwEA
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
25
ATANBgkqhkiG9w0BAQsFAAOCAgEAgdGQgl0wvUPUo6jAPXbd4JE/TGsJkG1SWwSs
WMwBDcgceVXg520DwBdWspC1mL4IbKqHMwfKj/u9h/dNySNaQfsLuSUFUbyMtrIO
GsokuPJEEyn9VpaFejBGyWM9wRqnBWTLJD/WaMw0igmKFqwrcPA9aHJSPHkKTIF/
s16zv34z7y3igEHiCFlTRNbhbdyyR3YYAB23iNrzdle/YszS+IpJ27gugNqOZlFZ
lr49jx0lPSwPsBo3+5mY0vJ2nwaHU66u5Z92GdsJk4pVY6wFa/tkH9QlD2ZBQJZH
e2xKlD47bfP0tpT2cUuLaHdzTReCobGMntnqS5527EOVuYHk6lRaUPVqFQ8bWQko
kXLdkBI2bSVJq3MTOesgSoTnXl8xX4i3fX34Dq6SFghCO41lx0KNbHtqCnvZgn2Q
5trki6lzLMorwtUD5pg4u8QmGcvlRJu14B8X5dETPFw5ZJwU3xxdfBNhJ8dFSCjA
jAedz1A0qd30zVy79Bx6O51KPsddxjXIKHnwdPTmtwSKpcBLGAba8DdGB+7eCSMq
Ytq/8OPOuL4GWzwOfQPyJTBPVbsmJABgb74BUjlYPlha+SjaYuGoU2ZhIK1iYsMp
WGlfBtb1w2e6aUM0m/DmjCmMU/uL/Stz5yp2PTMIrK+VFWhaSUYnHKEki5m1hk3j
rv7jDfg=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
26
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAJMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ4MDJaFw0xNzA3MTkwNjQ4MDJaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwzLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMt3nnfjPDOXdslDxiD8aexeJwzs
g7hT6SSVcRq1mybTSqmU2eonsPtD3xvnVceW2pWDiNZHpxA2Ojzig0RRIqW+xtOn
lPF04BLDl8JkZskv0FQkLhmmVQNWRny25x8UxPOATnB4e84J1V0xJT0FhZcnr2zW
oioPzEWZb6Wk1bx7qZ5HvJ1lq+upZu4UVC74oRLiLopor5rfam1m9EHcve74WVoc
kanGcdXAY1T8/0ftbDyToy+itZtNsnnNsALJwD32Hllao0XPXjm9+FLNX3wFuWGE
mcFOKmpK7bMvGM3unw6eW1RCUduKKfosrCSUY4ZFbOaAAGnFdqsDEnW2rR0CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAgdGQgl0wvUPUo6jAPXbd4JE/TGsJkG1SWwSs
WMwBDcgceVXg520DwBdWspC1mL4IbKqHMwfKj/u9h/dNySNaQfsLuSUFUbyMtrIO
GsokuPJEEyn9VpaFejBGyWM9wRqnBWTLJD/WaMw0igmKFqwrcPA9aHJSPHkKTIF/
s16zv34z7y3igEHiCFlTRNbhbdyyR3YYAB23iNrzdle/YszS+IpJ27gugNqOZlFZ
lr49jx0lPSwPsBo3+5mY0vJ2nwaHU66u5Z92GdsJk4pVY6wFa/tkH9QlD2ZBQJZH
e2xKlD47bfP0tpT2cUuLaHdzTReCobGMntnqS5527EOVuYHk6lRaUPVqFQ8bWQko
kXLdkBI2bSVJq3MTOesgSoTnXl8xX4i3fX34Dq6SFghCO41lx0KNbHtqCnvZgn2Q
5trki6lzLMorwtUD5pg4u8QmGcvlRJu14B8X5dETPFw5ZJwU3xxdfBNhJ8dFSCjA
jAedz1A0qd30zVy79Bx6O51KPsddxjXIKHnwdPTmtwSKpcBLGAba8DdGB+7eCSMq
Ytq/8OPOuL4GWzwOfQPyJTBPVbsmJABgb74BUjlYPlha+SjaYuGoU2ZhIK1iYsMp
WGlfBtb1w2e6aUM0m/DmjCmMU/uL/Stz5yp2PTMIrK+VFWhaSUYnHKEki5m1hk3j
rv7jDfg=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
27
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">256</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://servicekonto.verwaltungsportal3.de:443/service/SSORedirect/metaAlias/
idp"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://servicekonto.verwaltungsportal3.de:443/service/SSOPOST/metaAlias/idp"
/>
</IDPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">HD_GmbH_Verwaltungsportal_3</OrganizationName>
<OrganizationDisplayName xml:lang="de">Servicekonto Verwaltungsportal
3</OrganizationDisplayName>
<OrganizationURL xml:lang="de">http://h-d-gmbh.de/</OrganizationURL>
</Organization>
</EntityDescriptor>
<EntityDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="https://servicekonto.verwaltungsportal3.de/sp"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
28
<SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true"
errorURL="https://www.interoperable-servicekonten.de/ref/support"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAJMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ4MDJaFw0xNzA3MTkwNjQ4MDJaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwzLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMt3nnfjPDOXdslDxiD8aexeJwzs
g7hT6SSVcRq1mybTSqmU2eonsPtD3xvnVceW2pWDiNZHpxA2Ojzig0RRIqW+xtOn
lPF04BLDl8JkZskv0FQkLhmmVQNWRny25x8UxPOATnB4e84J1V0xJT0FhZcnr2zW
oioPzEWZb6Wk1bx7qZ5HvJ1lq+upZu4UVC74oRLiLopor5rfam1m9EHcve74WVoc
kanGcdXAY1T8/0ftbDyToy+itZtNsnnNsALJwD32Hllao0XPXjm9+FLNX3wFuWGE
mcFOKmpK7bMvGM3unw6eW1RCUduKKfosrCSUY4ZFbOaAAGnFdqsDEnW2rR0CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAgdGQgl0wvUPUo6jAPXbd4JE/TGsJkG1SWwSs
WMwBDcgceVXg520DwBdWspC1mL4IbKqHMwfKj/u9h/dNySNaQfsLuSUFUbyMtrIO
GsokuPJEEyn9VpaFejBGyWM9wRqnBWTLJD/WaMw0igmKFqwrcPA9aHJSPHkKTIF/
s16zv34z7y3igEHiCFlTRNbhbdyyR3YYAB23iNrzdle/YszS+IpJ27gugNqOZlFZ
lr49jx0lPSwPsBo3+5mY0vJ2nwaHU66u5Z92GdsJk4pVY6wFa/tkH9QlD2ZBQJZH
e2xKlD47bfP0tpT2cUuLaHdzTReCobGMntnqS5527EOVuYHk6lRaUPVqFQ8bWQko
kXLdkBI2bSVJq3MTOesgSoTnXl8xX4i3fX34Dq6SFghCO41lx0KNbHtqCnvZgn2Q
5trki6lzLMorwtUD5pg4u8QmGcvlRJu14B8X5dETPFw5ZJwU3xxdfBNhJ8dFSCjA
jAedz1A0qd30zVy79Bx6O51KPsddxjXIKHnwdPTmtwSKpcBLGAba8DdGB+7eCSMq
Ytq/8OPOuL4GWzwOfQPyJTBPVbsmJABgb74BUjlYPlha+SjaYuGoU2ZhIK1iYsMp
WGlfBtb1w2e6aUM0m/DmjCmMU/uL/Stz5yp2PTMIrK+VFWhaSUYnHKEki5m1hk3j
rv7jDfg=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
29
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">384</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAJMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ4MDJaFw0xNzA3MTkwNjQ4MDJaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwzLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMt3nnfjPDOXdslDxiD8aexeJwzs
g7hT6SSVcRq1mybTSqmU2eonsPtD3xvnVceW2pWDiNZHpxA2Ojzig0RRIqW+xtOn
lPF04BLDl8JkZskv0FQkLhmmVQNWRny25x8UxPOATnB4e84J1V0xJT0FhZcnr2zW
oioPzEWZb6Wk1bx7qZ5HvJ1lq+upZu4UVC74oRLiLopor5rfam1m9EHcve74WVoc
kanGcdXAY1T8/0ftbDyToy+itZtNsnnNsALJwD32Hllao0XPXjm9+FLNX3wFuWGE
mcFOKmpK7bMvGM3unw6eW1RCUduKKfosrCSUY4ZFbOaAAGnFdqsDEnW2rR0CAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAgdGQgl0wvUPUo6jAPXbd4JE/TGsJkG1SWwSs
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
30
WMwBDcgceVXg520DwBdWspC1mL4IbKqHMwfKj/u9h/dNySNaQfsLuSUFUbyMtrIO
GsokuPJEEyn9VpaFejBGyWM9wRqnBWTLJD/WaMw0igmKFqwrcPA9aHJSPHkKTIF/
s16zv34z7y3igEHiCFlTRNbhbdyyR3YYAB23iNrzdle/YszS+IpJ27gugNqOZlFZ
lr49jx0lPSwPsBo3+5mY0vJ2nwaHU66u5Z92GdsJk4pVY6wFa/tkH9QlD2ZBQJZH
e2xKlD47bfP0tpT2cUuLaHdzTReCobGMntnqS5527EOVuYHk6lRaUPVqFQ8bWQko
kXLdkBI2bSVJq3MTOesgSoTnXl8xX4i3fX34Dq6SFghCO41lx0KNbHtqCnvZgn2Q
5trki6lzLMorwtUD5pg4u8QmGcvlRJu14B8X5dETPFw5ZJwU3xxdfBNhJ8dFSCjA
jAedz1A0qd30zVy79Bx6O51KPsddxjXIKHnwdPTmtwSKpcBLGAba8DdGB+7eCSMq
Ytq/8OPOuL4GWzwOfQPyJTBPVbsmJABgb74BUjlYPlha+SjaYuGoU2ZhIK1iYsMp
WGlfBtb1w2e6aUM0m/DmjCmMU/uL/Stz5yp2PTMIrK+VFWhaSUYnHKEki5m1hk3j
rv7jDfg=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
31
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">256</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://servicekonto.verwaltungsportal3.de:443/service/Consumer/metaAlias/sp"
index="0"/>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">HD_GmbH_Verwaltungsportal_3</OrganizationName>
<OrganizationDisplayName xml:lang="de">Servicekonto Verwaltungsportal
3</OrganizationDisplayName>
<OrganizationURL xml:lang="de">http://h-d-gmbh.de/</OrganizationURL>
</Organization>
</EntityDescriptor>
<EntityDescriptor entityID="https://servicekonto.verwaltungsportal2.de/idp"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<Extensions>
<attr:EntityAttributes xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute">
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/normal
</saml:AttributeValue>
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/substantiell
</saml:AttributeValue>
<saml:AttributeValue>
https://interoperable-servicekonten.de/ref/assurance/hoch
</saml:AttributeValue>
</saml:Attribute>
</attr:EntityAttributes>
</Extensions>
<IDPSSODescriptor WantAuthnRequestsSigned="true" errorURL="https://www.interoperableservicekonten.de/ref/support"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAIMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
32
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3NThaFw0xNzA3MTkwNjQ3NThaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwyLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIvIsoiTwVFHkYQENqb3LzLfTf3
5qKSCZWP3a0J9bHp4DwocqLoBhoWwhTSRANwZNKhxXFg54bVBZlAf0PFp4gr8PFg
0d29SbkFtm9mAzootAx30WxJ0bTpGpeuB74vIOOGXEu9/VYjjPnla6XApAGyZu2H
8Gmc8hbzyV5Qn38PzaqYM5iOAT7x/UDfB5nN+Ao4jzVmp70iLFH9R8bo0cGEQDwV
BaaAiMkVEJxJH1F4YdvEudmTjsXHS1k0+SgYiG/0FsVFyw/encrI01C/ky+n0QlO
rrFnnCuGeWbTcBPBGAnQdUEiE4NEdOquRR+pzrHDAZU5/2Ha7TbdGh0o0ZkCAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAo8Wgr/RjnEBWuQBhO/eE9Yd4NTT12HY+6VeL
t2Y645sOLs2+Vm8zbzMNIuzgHNWkGX4lSQAU98Rx0+oLHh3btaGHV0Vu89P2jtXj
XEn/NBnanuIDHRrzu2mia3gvLZ2UBwhXrpwARyXTBWUzYx5CP/+KTV6iLO66tkvd
aeXE/O6noDcsvhb5I1P060Z1lZG6XBv4JahBOlh+sQg9t1q9Tj6+Xtiw1utgui7q
I2CJ5OB9b7OjObgi4jPP7qnc6z/ypBezjS1WljLa85kGeFv4jENSTmCtwTVcpWbH
ewoNkmtyHK9M30tF3tPz7McBkHtRcr4eYcWymRzBFnuvMJeISpxPza4GcV2rM2gB
9d6O1NyRgZOXToUTiy8ih9YUm2EXwlGIR4TDbPLWegH9QPCJVnFXYOaTJe06Sf2Y
KVYenGj7zKo9D+hdt/emF4Y42NUvHooPMhRuf3G2/5WvM8Gz4cm7sfzYLsa9ATfR
kmedVcV0XBTLDluB+u6fQvlfAiPv2plibHjPI7t5w/+XdasAyeUGgp9XACd26280
+qQAO/mSh1UILUArXv05YxyhNVKP056ZgIGoRNi3sY8oqLM8HbdM8a4NNM6JNWF8
rceASKkDZvw86T7HDA25hOm7NEGDR3s8OcbR1/81LOfVzSpg9u2Ni8nEcSXec2js
T8zRZHM=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
33
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAIMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3NThaFw0xNzA3MTkwNjQ3NThaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwyLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIvIsoiTwVFHkYQENqb3LzLfTf3
5qKSCZWP3a0J9bHp4DwocqLoBhoWwhTSRANwZNKhxXFg54bVBZlAf0PFp4gr8PFg
0d29SbkFtm9mAzootAx30WxJ0bTpGpeuB74vIOOGXEu9/VYjjPnla6XApAGyZu2H
8Gmc8hbzyV5Qn38PzaqYM5iOAT7x/UDfB5nN+Ao4jzVmp70iLFH9R8bo0cGEQDwV
BaaAiMkVEJxJH1F4YdvEudmTjsXHS1k0+SgYiG/0FsVFyw/encrI01C/ky+n0QlO
rrFnnCuGeWbTcBPBGAnQdUEiE4NEdOquRR+pzrHDAZU5/2Ha7TbdGh0o0ZkCAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAo8Wgr/RjnEBWuQBhO/eE9Yd4NTT12HY+6VeL
t2Y645sOLs2+Vm8zbzMNIuzgHNWkGX4lSQAU98Rx0+oLHh3btaGHV0Vu89P2jtXj
XEn/NBnanuIDHRrzu2mia3gvLZ2UBwhXrpwARyXTBWUzYx5CP/+KTV6iLO66tkvd
aeXE/O6noDcsvhb5I1P060Z1lZG6XBv4JahBOlh+sQg9t1q9Tj6+Xtiw1utgui7q
I2CJ5OB9b7OjObgi4jPP7qnc6z/ypBezjS1WljLa85kGeFv4jENSTmCtwTVcpWbH
ewoNkmtyHK9M30tF3tPz7McBkHtRcr4eYcWymRzBFnuvMJeISpxPza4GcV2rM2gB
9d6O1NyRgZOXToUTiy8ih9YUm2EXwlGIR4TDbPLWegH9QPCJVnFXYOaTJe06Sf2Y
KVYenGj7zKo9D+hdt/emF4Y42NUvHooPMhRuf3G2/5WvM8Gz4cm7sfzYLsa9ATfR
kmedVcV0XBTLDluB+u6fQvlfAiPv2plibHjPI7t5w/+XdasAyeUGgp9XACd26280
+qQAO/mSh1UILUArXv05YxyhNVKP056ZgIGoRNi3sY8oqLM8HbdM8a4NNM6JNWF8
rceASKkDZvw86T7HDA25hOm7NEGDR3s8OcbR1/81LOfVzSpg9u2Ni8nEcSXec2js
T8zRZHM=</ds:X509Certificate>
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
34
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">256</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://servicekonto.verwaltungsportal2.de:443/service/SSORedirect/metaAlias/
idp"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://servicekonto.verwaltungsportal2.de:443/service/SSOPOST/metaAlias/idp"
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
35
/>
</IDPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">HD_GmbH_Verwaltungsportal_2</OrganizationName>
<OrganizationDisplayName xml:lang="de">Servicekonto Verwaltungsportal
2</OrganizationDisplayName>
<OrganizationURL xml:lang="de">http://h-d-gmbh.de/</OrganizationURL>
</Organization>
</EntityDescriptor>
<EntityDescriptor entityID="https://servicekonto.verwaltungsportal2.de/sp"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true"
errorURL="https://www.interoperable-servicekonten.de/ref/support"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAIMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3NThaFw0xNzA3MTkwNjQ3NThaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwyLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIvIsoiTwVFHkYQENqb3LzLfTf3
5qKSCZWP3a0J9bHp4DwocqLoBhoWwhTSRANwZNKhxXFg54bVBZlAf0PFp4gr8PFg
0d29SbkFtm9mAzootAx30WxJ0bTpGpeuB74vIOOGXEu9/VYjjPnla6XApAGyZu2H
8Gmc8hbzyV5Qn38PzaqYM5iOAT7x/UDfB5nN+Ao4jzVmp70iLFH9R8bo0cGEQDwV
BaaAiMkVEJxJH1F4YdvEudmTjsXHS1k0+SgYiG/0FsVFyw/encrI01C/ky+n0QlO
rrFnnCuGeWbTcBPBGAnQdUEiE4NEdOquRR+pzrHDAZU5/2Ha7TbdGh0o0ZkCAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAo8Wgr/RjnEBWuQBhO/eE9Yd4NTT12HY+6VeL
t2Y645sOLs2+Vm8zbzMNIuzgHNWkGX4lSQAU98Rx0+oLHh3btaGHV0Vu89P2jtXj
XEn/NBnanuIDHRrzu2mia3gvLZ2UBwhXrpwARyXTBWUzYx5CP/+KTV6iLO66tkvd
aeXE/O6noDcsvhb5I1P060Z1lZG6XBv4JahBOlh+sQg9t1q9Tj6+Xtiw1utgui7q
I2CJ5OB9b7OjObgi4jPP7qnc6z/ypBezjS1WljLa85kGeFv4jENSTmCtwTVcpWbH
ewoNkmtyHK9M30tF3tPz7McBkHtRcr4eYcWymRzBFnuvMJeISpxPza4GcV2rM2gB
9d6O1NyRgZOXToUTiy8ih9YUm2EXwlGIR4TDbPLWegH9QPCJVnFXYOaTJe06Sf2Y
KVYenGj7zKo9D+hdt/emF4Y42NUvHooPMhRuf3G2/5WvM8Gz4cm7sfzYLsa9ATfR
kmedVcV0XBTLDluB+u6fQvlfAiPv2plibHjPI7t5w/+XdasAyeUGgp9XACd26280
+qQAO/mSh1UILUArXv05YxyhNVKP056ZgIGoRNi3sY8oqLM8HbdM8a4NNM6JNWF8
rceASKkDZvw86T7HDA25hOm7NEGDR3s8OcbR1/81LOfVzSpg9u2Ni8nEcSXec2js
T8zRZHM=</ds:X509Certificate>
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
36
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">384</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIE4TCCAskCAhAIMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJERTEMMAoG
A1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU0VSVklDRUtPTlRF
TjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29udGVuLmRlMTIwMAYJ
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
37
KoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTAe
Fw0xNjA3MTkwNjQ3NThaFw0xNzA3MTkwNjQ3NThaMIHKMQswCQYDVQQGEwJERTEM
MAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwNU2VydmljZWtv
bnRlbjEkMCIGA1UECwwbSW50ZXJvcGVyYWJsZSBTZXJ2aWNla29udGVuMSswKQYD
VQQDDCJzZXJ2aWNla29udG8udmVyd2FsdHVuZ3Nwb3J0YWwyLmRlMTIwMAYJKoZI
hvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2VydmljZWtvbnRlbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIvIsoiTwVFHkYQENqb3LzLfTf3
5qKSCZWP3a0J9bHp4DwocqLoBhoWwhTSRANwZNKhxXFg54bVBZlAf0PFp4gr8PFg
0d29SbkFtm9mAzootAx30WxJ0bTpGpeuB74vIOOGXEu9/VYjjPnla6XApAGyZu2H
8Gmc8hbzyV5Qn38PzaqYM5iOAT7x/UDfB5nN+Ao4jzVmp70iLFH9R8bo0cGEQDwV
BaaAiMkVEJxJH1F4YdvEudmTjsXHS1k0+SgYiG/0FsVFyw/encrI01C/ky+n0QlO
rrFnnCuGeWbTcBPBGAnQdUEiE4NEdOquRR+pzrHDAZU5/2Ha7TbdGh0o0ZkCAwEA
ATANBgkqhkiG9w0BAQsFAAOCAgEAo8Wgr/RjnEBWuQBhO/eE9Yd4NTT12HY+6VeL
t2Y645sOLs2+Vm8zbzMNIuzgHNWkGX4lSQAU98Rx0+oLHh3btaGHV0Vu89P2jtXj
XEn/NBnanuIDHRrzu2mia3gvLZ2UBwhXrpwARyXTBWUzYx5CP/+KTV6iLO66tkvd
aeXE/O6noDcsvhb5I1P060Z1lZG6XBv4JahBOlh+sQg9t1q9Tj6+Xtiw1utgui7q
I2CJ5OB9b7OjObgi4jPP7qnc6z/ypBezjS1WljLa85kGeFv4jENSTmCtwTVcpWbH
ewoNkmtyHK9M30tF3tPz7McBkHtRcr4eYcWymRzBFnuvMJeISpxPza4GcV2rM2gB
9d6O1NyRgZOXToUTiy8ih9YUm2EXwlGIR4TDbPLWegH9QPCJVnFXYOaTJe06Sf2Y
KVYenGj7zKo9D+hdt/emF4Y42NUvHooPMhRuf3G2/5WvM8Gz4cm7sfzYLsa9ATfR
kmedVcV0XBTLDluB+u6fQvlfAiPv2plibHjPI7t5w/+XdasAyeUGgp9XACd26280
+qQAO/mSh1UILUArXv05YxyhNVKP056ZgIGoRNi3sY8oqLM8HbdM8a4NNM6JNWF8
rceASKkDZvw86T7HDA25hOm7NEGDR3s8OcbR1/81LOfVzSpg9u2Ni8nEcSXec2js
T8zRZHM=</ds:X509Certificate>
<ds:X509Certificate>MIIGFTCCA/2gAwIBAgIJAPLoHBkJylj5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UECgwN
U0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNla29u
dGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vydmlj
ZWtvbnRlbi5kZTAeFw0xNjA2MjQxMzA4MzNaFw0zNjA2MTkxMzA4MzNaMIGgMQsw
CQYDVQQGEwJERTEMMAoGA1UECAwDRkVEMQ4wDAYDVQQHDAVQR0VJRDEWMBQGA1UE
CgwNU0VSVklDRUtPTlRFTjEnMCUGA1UEAwweaW50ZXJvcGVyYWJsZS1zZXJ2aWNl
a29udGVuLmRlMTIwMAYJKoZIhvcNAQkBFiNpbmZvQGludGVyb3BlcmFibGUtc2Vy
dmljZWtvbnRlbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK69
44U/Guf2QqkJrwag3IoTE1Q9B0HWD0KUehYRwvxEUdcIWILi+fwCldD/uNeI941U
kb5G1EY1rxoUvPGBppJsNhzXtXQfW9HnzMD7OMka6ZT+InW1vlzUzNWjGxFsuMQ/
11vjALy35rbGxO2mLE1p63jYbyyg6aQW2UIciKueqNqDx7Um0uaTpMEBuRTzB3L4
RUfRBaxuLyrvSPt8y2YRvTuCox5dPU2kxkG96oSEZMOe5h9WUnGQC7zjddDsRu5B
1KCx3kvwJnUVQ5/Yv7yITpQHwoqPu1Tjw9RetDk/oGl9kw/PN6iqvx0gaFQ3sLBJ
2gNhAuLrWoWCNjF/+vh37aiUsUa1yinVOqcQ62zYMtKkDPkoQi2U07yrRUllvkRU
AuEZa0KJIR4+jBwBuWR4CBtgmUXqAnGph61MIUMB9pGAyWOnqoJaxOQq7GmRDTX+
llDl4ynqCmSvAxroQKPOXIqnwhxx86nyR4AHzbb9NKohIjIse8aCWcK1JB9YeeY4
zf1TByt+xfQeze02yJzeW0BJaoUjYBcCSlfBOMmQO4yIEP0xF8Pd+LM/55MCDWOl
/khNJfIHigYB3iTmkL7R1EqfEfTaGyMKoegCs2/SyjOUR9KV8zutlg9p5QuZT8+u
ktBzSu5qxmHHjdPzxP/tgcQ6s3EyNFheoLj2T9CVAgMBAAGjUDBOMB0GA1UdDgQW
BBSnV35Y0qTmvJwGHjnx9rtcXhZG6TAfBgNVHSMEGDAWgBSnV35Y0qTmvJwGHjnx
9rtcXhZG6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBo/2aQbsvJ
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
38
eyqvK8sumR504+rgiA9yzdojXRzawwFDvsM6iyn+y4Bz8tlb2vnW5OzmI6WP3Kk8
Ck7/hCAEUk12sQS5Ahx+C9B1TZCptSiChq9GmJaP8equLv4oK6KJjfyY4+lwhQSb
N9af3ibkTkYzNOIfDKbUSsLzmme5+SkG8NMy/Y3vpkGOUHkBrOc2YQBKDC6Kt46u
MuNxOaYiQlCwswIenS6P+1EOoMy+bD8D/II6xDHbsdNAxrnHwPOA2jFVTsmAXIED
i8gPG6cRvNllUgocFUdKr5IrcgGdFhGoFMuEmoXQ6vsvd84wI91Sb5X2nr6QPenj
mzHhW6E//Z/LrEVW2cbGyphxy+jDQGZ6gpHElvwamYg6Z88kWkCKk7zhiHpmLjGA
wxAQ4NT6AjhfdV8ssWlPZCIVkfIPD18dNxXNEMlAGCJOjfSaxoGdqyJkI9bQAs4t
n0SOKrOV2kvpGtr/KZwSMunwVNuUZvd3Yi473fqilEloufLvmR8Q+TjGLENkiTaY
+rBYYH6GsRog0KR4TMlWh2RUsDkssqBT918CUnKxLsJaZe284x+ZUVZllnpq6HXV
ToSYrCyvzem4R6fTVlmyFcApqVbOYKJAkYztwnt1+HBKWSifA1pHwDyyF0r9AbbI
4hbz6GznaiNE/TwqSV7FTUm7QwzGx9/wlg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
<xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">256</xenc:KeySize>
</EncryptionMethod>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://servicekonto.verwaltungsportal2.de:443/service/Consumer/metaAlias/sp"
index="0"/>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">HD_GmbH_Verwaltungsportal_2</OrganizationName>
<OrganizationDisplayName xml:lang="de">Servicekonto Verwaltungsportal
2</OrganizationDisplayName>
<OrganizationURL xml:lang="de">http://h-d-gmbh.de/</OrganizationURL>
</Organization>
</EntityDescriptor>
</EntitiesDescriptor>
Sollen lediglich die Deskriptoren der fremden Föderationsmitglieder abgerufen werden, wird
die eigene Föderationsmitglied-ID als Path-Paramter an den URL angefügt.
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
39
4 Föderationsmitglieder-Dienst
URL-Template
/federation-member/federation-member/{token}
REST-API
egov
4.1 IDs der Föderationsmitglieder
Codeblock 3 URL zur Liste der Föderationsmitglieder
https://www.interoperable-servicekonten.de/p/rest/egov/1/federation-member
Codeblock 4 Beispielantwort des Service
<federation-member-list>
<members>
<member>verwaltungsportal1</member>
<member>verwaltungsportal2</member>
<member>verwaltungsportal3</member>
</members>
</federation-member-list>
Sollen lediglich die IDs der fremden Föderationsmitglieder abgerufen werden, wird die eigene
Föderationsmitglied-ID als Query-Paramter token an den URL angefügt.
Die Informationen werden sowohl in einer XML- als auch in einer JSON-Repräsentation
angeboten.
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
40
5 Servicekontodienst
URL-Template
/servicekonto/servicekonto/{token}
REST-API
egov
5.1 Informationen zu Servicekonten
Codeblock 5 URL zur Liste der Föderationsmitglieder
https://www.interoperable-servicekonten.de/p/rest/egov/1/servicekonto
Codeblock 6 Beispielantwort des Service
<?xml version="1.0"?>
<servicekonten>
<servicekonto id="verwaltungsportal1">
<display-name>Servicekonto Verwaltungsportal 1</display-name>
<entity-id>https://servicekonto.verwaltungsportal1.de/idp</entity-id>
</servicekonto>
<servicekonto id="verwaltungsportal2">
<display-name>Servicekonto Verwaltungsportal 2</display-name>
<entity-id>https://servicekonto.verwaltungsportal2.de/idp</entity-id>
</servicekonto>
<servicekonto id="verwaltungsportal3">
<display-name>Servicekonto Verwaltungsportal 3</display-name>
<entity-id>https://servicekonto.verwaltungsportal3.de/idp</entity-id>
</servicekonto>
</servicekonten>
Sollen lediglich die Informationen zu Servicekonten der fremden Föderationsmitglieder
abgerufen werden, wird die eigene Föderationsmitglied-ID als Path-Paramter an den URL
angefügt.
Die Informationen werden sowohl in einer XML- als auch in einer JSON-Repräsentation
angeboten.
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
41
6 Administrationsdienste
URL-Template
/admin/check/admin/check/{token}/admin/extendedmetadata/{token}
REST-API
egov
Die Administrationsdienste stehen nur den Föderationsmanagern zur Verfügung. Diese
Dienste helfen bei der Administration des technischen Prototypen und sind
produktspezifisch.
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
42
7 Literaturverweise
Weitere Informationen zum Thema Interoperable Servicekonten finden Sie in den folgenden
Dokumenten.
Name
Kurzbeschreibung
Version
Tour für neue
Eine geführte Tour durch die Dokumentation für neue
0.1
Föderationsmitglieder
Föderationsmitglieder.
Überblick über den
Kurzer Überblick über die umgesetzte Lösung zur Diskussion.
0.2
Überblick über die
Liste der Anwendungsfälle, die für die Spezifikation des
0.2
Anwendungsfälle
Lösungsvorschlags betrachtet werden.
Lösungsvorschlag
Beschreibung der SAML- Dokumentation der SAML-Metadaten für die an der Föderation
0.2
Metadaten
teilnehmenden IdPs und SPs.
Beschreibung der
Dokumentation der Kommunikationsschnittstellen außerhalb der 0.2
Schnittstellen
SAML-Metadaten.
Kurzanleitung für
Liste von Kurzanleitungen, die Aufgaben der
Föderationsteilnehmer
Föderationsteilnehmer beschreiben.
Glossar
Beschreibung der zentralen Begriffe im Kontext von
0.1
0.1
interoperablen Servicekonten der Föderation.
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
43
8 Glossar
Die in diesem Dokument verwendeten Begriffe aus der Domäne Interoperable Servicekonten
werden in einem separaten Glossar erklärt. In diesem Glossar werden alle Begriffe der
Domäne aufgelistet
Prototyp Interoperable Servicekonten
API-Dokumentation V 0.1 vom 05.10.2016
44