(DataFlex) eHealth.gov.be RequestSecurityToken

Request a security token for use with the eHealth.gov.be SOAP web services.

For more information, see https://www.ehealth.fgov.be/ehealthplatform/fr/data/file/view/bf25682e28c6ccd0d06768c73a467176f63791dd?name=STS%20-%20WS%20Trust%20-%20Cookbook%20v1.0%20dd%2020012023.pdf

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Variant vCert
    Handle hoCert
    Handle hoXmlToSign
    Variant vBdCert
    Handle hoBdCert
    Handle hoDt
    Handle hoGen
    Handle hoXmlCustomKeyInfo
    Variant vSbXml
    Handle hoSbXml
    Handle hoHttp
    String sUrl
    Variant vResp
    Handle hoResp
    Integer iResponseStatus
    Variant vBdSecToken
    Handle hoBdSecToken
    String sTemp1
    Boolean bTemp1

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Move True To iSuccess

    // Provide a certificate + private key.
    // Note: If your certificate + private key is located on a hardware token or smartcard, you can call a different function to load from smartcard..
    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End
    Get ComLoadPfxFile Of hoCert "SSIN=12345678.acc.p12" "p12_password" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Create the following XML to be signed..

    // <?xml version="1.0" encoding="UTF-8"?>
    // <soapenv:Envelope xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    // 	<soapenv:Header>
    // 		<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
    // 		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    // 			<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
    // 			    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
    // 			    wsu:Id="X509-4A13D668E59AAC4F3816750824965588">{organization certificate}</wsse:BinarySecurityToken>			
    // 			<wsu:Timestamp wsu:Id="TS-4A13D668E59AAC4F3816750824965567">
    // 				<wsu:Created>2023-02-01T12:42:11.156Z</wsu:Created>
    // 				<wsu:Expires>2023-02-01T12:58:51.156Z</wsu:Expires>
    // 			</wsu:Timestamp>
    // 		</wsse:Security>
    // 	</soapenv:Header>
    // 	<soapenv:Body wsu:Id="id-4A13D668E59AAC4F38167508249655911" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    // 		<wst:RequestSecurityToken Context="RC-302613de-a809-46b5-931a-0a55bfca5937" 
    // 		    xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"
    // 		    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    // 		    xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
    // 		    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    // 		    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    // 		    xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
    // 			<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
    // 			<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
    // 			<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
    // 				<auth:ClaimType Uri="urn:be:fgov:kbo-bce:organization:cbe-number">
    // 					<auth:Value>{cbenumber}</auth:Value>
    // 				</auth:ClaimType>
    // 				<auth:ClaimType Uri="urn:be:fgov:ehealth:1.0:certificateholder:enterprise:cbe-number">
    // 					<auth:Value>{cbenumber}</auth:Value>
    // 				</auth:ClaimType>
    // 			</wst:Claims>
    // 			<wst:Lifetime>
    // 				<wsu:Created>2023-02-01T08:30:10+02:00</wsu:Created>
    // 				<wsu:Expires>2023-02-01T09:30:10+02:00</wsu:Expires>
    // 			</wst:Lifetime>
    // 			<wst:KeyType>http://docs.oasis-open.org/ws-sx/wstrust/200512/PublicKey</wst:KeyType>
    // 		</wst:RequestSecurityToken>
    // 	</soapenv:Body>
    // </soapenv:Envelope>

    Get Create (RefClass(cComChilkatXml)) To hoXmlToSign
    If (Not(IsComObjectCreated(hoXmlToSign))) Begin
        Send CreateComObject of hoXmlToSign
    End
    Set ComTag Of hoXmlToSign To "soapenv:Envelope"
    Get ComAddAttribute Of hoXmlToSign "xmlns:ns" "http://docs.oasis-open.org/ws-sx/ws-trust/200512" To iSuccess
    Get ComAddAttribute Of hoXmlToSign "xmlns:soapenv" "http://schemas.xmlsoap.org/soap/envelope/" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Header|wsse:Security" True "xmlns:wsse" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Header|wsse:Security" True "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" True "EncodingType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" True "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" True "wsu:Id" "X509-4A13D668E59AAC4F3816750824965588" To iSuccess

    Get Create (RefClass(cComChilkatBinData)) To hoBdCert
    If (Not(IsComObjectCreated(hoBdCert))) Begin
        Send CreateComObject of hoBdCert
    End
    Get pvComObject of hoBdCert to vBdCert
    Get ComExportCertDerBd Of hoCert vBdCert To iSuccess
    Get ComGetEncoded Of hoBdCert "base64" To sTemp1
    Send ComUpdateChildContent To hoXmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" sTemp1

    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Header|wsse:Security|wsu:Timestamp" True "wsu:Id" "TS-4A13D668E59AAC4F3816750824965567" To iSuccess

    Get Create (RefClass(cComCkDateTime)) To hoDt
    If (Not(IsComObjectCreated(hoDt))) Begin
        Send CreateComObject of hoDt
    End
    Get ComSetFromCurrentSystemTime Of hoDt To iSuccess
    Get ComGetAsTimestamp Of hoDt False To sTemp1
    Send ComUpdateChildContent To hoXmlToSign "soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Created" sTemp1
    Get ComAddSeconds Of hoDt 300 To iSuccess
    Get ComGetAsTimestamp Of hoDt False To sTemp1
    Send ComUpdateChildContent To hoXmlToSign "soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Expires" sTemp1
    Get ComAddSeconds Of hoDt -300 To iSuccess

    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body" True "wsu:Id" "id-4A13D668E59AAC4F38167508249655911" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body" True "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken" True "Context" "RC-302613de-a809-46b5-931a-0a55bfca5937" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken" True "xmlns:auth" "http://docs.oasis-open.org/wsfed/authorization/200706" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken" True "xmlns:ds" "http://www.w3.org/2000/09/xmldsig#" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken" True "xmlns:wsa" "http://schemas.xmlsoap.org/ws/2004/08/addressing" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken" True "xmlns:wsp" "http://schemas.xmlsoap.org/ws/2004/09/policy" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken" True "xmlns:wsse" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken" True "xmlns:wst" "http://docs.oasis-open.org/ws-sx/ws-trust/200512" To iSuccess
    Send ComUpdateChildContent To hoXmlToSign "soapenv:Body|wst:RequestSecurityToken|wst:TokenType" "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
    Send ComUpdateChildContent To hoXmlToSign "soapenv:Body|wst:RequestSecurityToken|wst:RequestType" "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"

    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken|wst:Claims" True "Dialect" "http://docs.oasis-open.org/wsfed/authorization/200706/authclaims" To iSuccess
    Get ComUpdateAttrAt Of hoXmlToSign "soapenv:Body|wst:RequestSecurityToken|wst:Claims|auth:ClaimType[1]" True "Uri" "urn:be:fgov:ehealth:1.0:certificateholder:person:ssin" To iSuccess

    Send ComUpdateChildContent To hoXmlToSign "soapenv:Body|wst:RequestSecurityToken|wst:KeyType" "http://docs.oasis-open.org/ws-sx/wstrust/200512/PublicKey"

    Get Create (RefClass(cComChilkatXmlDSigGen)) To hoGen
    If (Not(IsComObjectCreated(hoGen))) Begin
        Send CreateComObject of hoGen
    End

    Set ComSigLocation Of hoGen To "soapenv:Envelope|soapenv:Header|wsse:Security|wsse:BinarySecurityToken"
    Set ComSigLocationMod Of hoGen To 1
    Set ComSigId Of hoGen To "SIG-4A13D668E59AAC4F38167508249656212"
    Set ComSigNamespacePrefix Of hoGen To "ds"
    Set ComSigNamespaceUri Of hoGen To "http://www.w3.org/2000/09/xmldsig#"
    Set ComSignedInfoPrefixList Of hoGen To "soapenv urn urn1"
    Set ComIncNamespacePrefix Of hoGen To "ec"
    Set ComIncNamespaceUri Of hoGen To "http://www.w3.org/2001/10/xml-exc-c14n#"
    Set ComSignedInfoCanonAlg Of hoGen To "EXCL_C14N"
    Set ComSignedInfoDigestMethod Of hoGen To "sha256"

    // Set the KeyInfoId before adding references..
    Set ComKeyInfoId Of hoGen To "KI-4A13D668E59AAC4F3816750824965589"

    // -------- Reference 1 --------
    Get ComAddSameDocRef Of hoGen "TS-4A13D668E59AAC4F3816750824965567" "sha256" "EXCL_C14N" "wsse soapenv urn urn1" "" To iSuccess

    // -------- Reference 2 --------
    Get ComAddSameDocRef Of hoGen "id-4A13D668E59AAC4F38167508249655911" "sha256" "EXCL_C14N" "urn urn1" "" To iSuccess

    // -------- Reference 3 --------
    Get ComAddSameDocRef Of hoGen "X509-4A13D668E59AAC4F3816750824965588" "sha256" "EXCL_C14N" "_EMPTY_" "" To iSuccess

    Get pvComObject of hoCert to vCert
    Get ComSetX509Cert Of hoGen vCert True To iSuccess

    Set ComKeyInfoType Of hoGen To "Custom"

    // Create the custom KeyInfo XML..
    Get Create (RefClass(cComChilkatXml)) To hoXmlCustomKeyInfo
    If (Not(IsComObjectCreated(hoXmlCustomKeyInfo))) Begin
        Send CreateComObject of hoXmlCustomKeyInfo
    End
    Set ComTag Of hoXmlCustomKeyInfo To "wsse:SecurityTokenReference"
    Get ComAddAttribute Of hoXmlCustomKeyInfo "wsu:Id" "STR-4A13D668E59AAC4F38167508249655810" To iSuccess
    Get ComUpdateAttrAt Of hoXmlCustomKeyInfo "wsse:Reference" True "URI" "#X509-4A13D668E59AAC4F3816750824965588" To iSuccess
    Get ComUpdateAttrAt Of hoXmlCustomKeyInfo "wsse:Reference" True "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" To iSuccess

    Set ComEmitXmlDecl Of hoXmlCustomKeyInfo To False
    Get ComGetXml Of hoXmlCustomKeyInfo To sTemp1
    Set ComCustomKeyInfoXml Of hoGen To sTemp1

    // Load XML to be signed...
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbXml
    If (Not(IsComObjectCreated(hoSbXml))) Begin
        Send CreateComObject of hoSbXml
    End
    Get pvComObject of hoSbXml to vSbXml
    Get ComGetXmlSb Of hoXmlToSign vSbXml To iSuccess

    Set ComBehaviors Of hoGen To "IndentedSignature"

    // Sign the XML...
    Get pvComObject of hoSbXml to vSbXml
    Get ComCreateXmlDSigSb Of hoGen vSbXml To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoGen To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // The sbXml is sent as the HTTP request body below..
    Get ComGetAsString Of hoSbXml To sTemp1
    Showln sTemp1

    // -----------------------------------------------------------------------------------------------------------
    // Send the SOAP requet to ask the server to issue a security token, which can then be used to access other SOAP services..
    Get Create (RefClass(cComChilkatHttp)) To hoHttp
    If (Not(IsComObjectCreated(hoHttp))) Begin
        Send CreateComObject of hoHttp
    End

    Get pvComObject of hoCert to vCert
    Get ComSetSslClientCert Of hoHttp vCert To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Send ComSetRequestHeader To hoHttp "Content-Type" "text/xml"

    Move "https://services-acpt.ehealth.fgov.be/IAM/SecurityTokenService/v1/RequestSecurityToken" To sUrl
    Get ComGetAsString Of hoSbXml To sTemp1
    Get ComPostXml Of hoHttp sUrl sTemp1 "utf-8" To vResp
    If (IsComObject(vResp)) Begin
        Get Create (RefClass(cComChilkatHttpResponse)) To hoResp
        Set pvComObject Of hoResp To vResp
    End
    Get ComLastMethodSuccess Of hoHttp To bTemp1
    If (bTemp1 = False) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComStatusCode Of hoResp To iResponseStatus
    Showln "Response Status Code = " iResponseStatus

    // You'll want to check to see if the response status code = 200.
    // If not, then the response body contains error information instead of a security token.
    // This example will assume we received 200 status code.

    Get ComBodyStr Of hoResp To sTemp1
    Showln sTemp1

    // The response body contains XML like this:

    // <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    //     <SOAP-ENV:Header/>
    //     <SOAP-ENV:Body>
    //         <wst:RequestSecurityTokenResponse xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Context="RC-302613de-a809-46b5-931a-0a55bfca5937">
    //             <wst:RequestedSecurityToken>
    //                 <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_3e8ea5c951b2167c274974750ace9b5d" 
    // ...
    //                 </Assertion>
    //             </wst:RequestedSecurityToken>
    //         </wst:RequestSecurityTokenResponse>
    //     </SOAP-ENV:Body>
    // </SOAP-ENV:Envelope>

    // The portion of the response from  <Assertion ..> ... </Assertion>  is the SAML security token to be included
    // in a subsesquent SOAP request.  It is extremely important to not modify the contents of the security token in any way, including not changing
    // whitespace or any formatting.  Therefore, we get the response body exactly as-is, to be used in a SOAP request.

    // Copy the response body to a Chilkat BinData object.
    Get Create (RefClass(cComChilkatBinData)) To hoBdSecToken
    If (Not(IsComObjectCreated(hoBdSecToken))) Begin
        Send CreateComObject of hoBdSecToken
    End
    Get pvComObject of hoBdSecToken to vBdSecToken
    Get ComGetBodyBd Of hoResp vBdSecToken To iSuccess

    Send Destroy of hoResp

    // Let's save the bdSecToken to a file, and pick it up in the next example where it is used
    // in a SOAP request, such as in this example:  AddressBook Search for Professionals

    Get ComWriteFile Of hoBdSecToken "qa_data/tokens/ehealth-fgov-be-sectoken.xml" To iSuccess

    Showln "OK"


End_Procedure