<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    ID="_df0a498d-46c6-4ae5-87e8-017409209931"
    IssueInstant="2019-12-16T11:53:37.012Z" Version="2.0">
    <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
        >urn:elga:ets</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_df0a498d-46c6-4ae5-87e8-017409209931">
                <ds:Transforms>
                    <ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform
                        Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces
                            xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                            PrefixList="xsd"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod
                    Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>lKWbz5dGS6pu3/A9Bt+D4x+CPs9msO2sC9OCkAkmI84=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>YiDcYkeGf/rtxwAY38sB66lifg3QLmSVkVmaK6FFdtd0RjrlLma/Nm6TgOiTLXfLe6iZ4whaVB6ZKIZ1uvKMArqeKE8DWQEDTYRorTz2svzErfmMxGAB2kqnYR7QJW93qz5K1jT9IjkboFvoe0GOapbK/sVtO5wsOBL6SbcIESNVJgNafJoJTQkiNXKsp5RanDLIZ4Fiqm/JhuJeuWQHWzM7+L0duYq4tW4K/ISn1a/9Jy05T4Ep0JaRgYMIM1pBM23EUho8wFKlYJC0T7GhK9ZO5DOUVljGeBMsBDR7Js5glZ9APNjJv1/PRgWswGzvTggrNSGs2qCdz+Hrh1P1LA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIFojCCA4qgAwIBAgIIKEyhglZf59IwDQYJKoZIhvcNAQELBQAwRzEhMB8GA1UEAwwYRWxnYS1TcGlyaXQtSW50LUlzc3VlckNBMRUwEwYDVQQKDAxUaWFuaS1TcGlyaXQxCzAJBgNVBAYTAkFUMB4XDTE4MDQwOTEwMDQxNloXDTIwMDUwODEwMDQxNlowTTEnMCUGA1UEAwweYWNzLWV0cy1pc3N1ZXIuZWxnYS1zcGlyaXQuaW50MRUwEwYDVQQKDAxUaWFuaS1TcGlyaXQxCzAJBgNVBAYTAkFUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraClgr0ayjQ23TomXJOYVBGTtBf1h52Ly1mRcztD7cVNXV13fvKR/ZjCeznXP6vBytCd4+H3cbZWktLdNNMwyp2cuqSsdR2XQQB4FnnEF8IZ4OCQoKOg6gjI6QPTv3z4k9qY5cNEyMX9+awKn+3RSk1v8pgTs4a0W3tA7H3OLVL299YNmhBUAGC9czXtJ9u9irMBqJipJieQqc+9fiWohZarZoCl4F94Fie23PTO3WG5YAQxdXM4aDRRSLa8xVAW7JG8F+ebZ+vbk2oxn1oZfwPkjyHEYLGAFOT9bboHodeaN9Z39sBGXhdPdF4lXkJMQmqCvFpMd1IGEY0kKRXJYQIDAQABo4IBijCCAYYwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRBL42YJmvw2YvhLTtYAfVfgpcaiTBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6Ly9TcGlyaXRQS0k6ODA4MC9lamJjYS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwgdYGA1UdHwSBzjCByzCByKB5oHeGdWh0dHA6Ly9TcGlyaXRQS0k6ODA4MC9lamJjYS9wdWJsaWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9jbWQ9Y3JsJmlzc3Vlcj1DTj1FbGdhLVNwaXJpdC1JbnQtSXNzdWVyQ0EsTz1UaWFuaS1TcGlyaXQsQz1BVKJLpEkwRzEhMB8GA1UEAwwYRWxnYS1TcGlyaXQtSW50LUlzc3VlckNBMRUwEwYDVQQKDAxUaWFuaS1TcGlyaXQxCzAJBgNVBAYTAkFUMB0GA1UdDgQWBBQXFtxLRYmeOIHXsK+2m1wc6Ju8XDAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIBAE9dyRh8DFkxtgfINl1sF19HbDi2u6Zf9e/ty/6j4gqwNzCKn73jd0HrHyRlwDxgRdZJc8yIZJc/GhEkk/3ndnUcHka+sbrHvNm3V7sWjp7sehIcmqoFxNAV3V1MEMmfoNcZW1UCyusZhGu8l26IKJ/BDdqr0n/MxECEtO6e82KULH3DiFmWi03nvWbSeZs8eCcYV89bzVf1FiPzcJt1N0HCl5COyf5FLYDdRaad2xf94r2Gl/zrrh3p/cS6Lpl84U10KPlnimV7nSWQgZvPopd19rG9PY6s9GcrKMkI5H//9xjj2J5NAW2Dpu+BCkSOK8TApmohAwUvMPfZ61Sf3j+2lDcPVqwP1VECvq8BGIZa4h/4rZOb51PpZeaufN+qRepbNwKJxwJVktDEGycqkqBna9fnJt8vSB5ByLzGAr/bS9cs8vzd698dpRL438g0+SqPvt1QDOYSJhQxjagPc6wIk9LyuhLd31nPYaRYmUVvV5bybIWrBWL2ltolDsKEmWKt8h9rcHO2+yQ8jtSlgYjmQC2qbURT97wrGU2pK+EfwfD6emiUABVGfY2eJxyEH23j+67UloKzOGjwyhqIPS8kMKfqeH/frOiD3WHkuqy0cT4XQ/ydau6LPESuFbdH8hYVrBUDZBJGTnXuA6qt7y+tQJBM0ueRIlLZWNYer3BS</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2:Subject>
        <saml2:NameID
            Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
            >urn:oid:1.2.40.0.34.99.10.1.12.1.990.1</saml2:NameID>
        <saml2:SubjectConfirmation
            Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches">
            <saml2:SubjectConfirmationData/>
        </saml2:SubjectConfirmation>
    </saml2:Subject>
    <saml2:Conditions NotBefore="2019-12-16T11:53:37.012Z"
        NotOnOrAfter="2019-12-16T11:58:37.012Z">
        <saml2:AudienceRestriction>
            <saml2:Audience>https://urn:oid:1.2.40.0.34.3.9.114</saml2:Audience>
        </saml2:AudienceRestriction>
    </saml2:Conditions>
    <saml2:AuthnStatement AuthnInstant="2019-12-16T11:53:37.011Z">
        <saml2:AuthnContext>
            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</saml2:AuthnContextClassRef>
        </saml2:AuthnContext>
    </saml2:AuthnStatement>
    <saml2:AttributeStatement>
        <saml2:Attribute FriendlyName="XSPA Subject"
            Name="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:string">Mauro</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="XUA++ Role (ELGA)"
            Name="urn:oasis:names:tc:xacml:2.0:subject:role"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:anyType">
                <Role xmlns="urn:hl7-org:v3" code="702"
                    codeSystem="1.2.40.0.34.5.3"
                    codeSystemName="ELGA GDA Aggregatrollen"
                    displayName="Krankenanstalt"/>
            </saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="Permissions"
            Name="urn:elga:bes:permission"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:string"
                >urn:elga:bes:2019:permission:e-Impfpass:read:contact</saml2:AttributeValue>
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:string"
                >urn:elga:bes:2019:permission:e-Impfpass:write:contact</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="XSPA Organization ID (GDA-I)"
            Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:anyURI"
                >urn:oid:1.2.40.0.34.99.10.1.1.1.31498</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="XSPA PatientID (LPID)"
            Name="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:string"
                >GH:oJoUi+luBdbhCkipnoZ7/1/Zrmw=^^^&amp;1.2.40.0.34.3.9.114&amp;ISO</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="BeS Purpose of Use"
            Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:string"
                >E-HEALTH-CONTEXT^103</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="AC Purpose"
            Name="urn:oasis:names:tc:xacml:2.0:action:purpose"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:string">PUBLICHEALTH</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="Area specific personal identifier"
            Name="urn:elga:bes:2013:bPK-GH"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:anyURI"
                >GH:oJoUi+luBdbhCkipnoZ7/1/Zrmw=</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="XCA Home Community ID"
            Name="urn:ihe:iti:xca:2010:homeCommunityId"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:anyURI"
                >urn:oid:1.2.40.0.34.99.10.1.12.1.990.1</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="XCA Responding Home Community ID"
            Name="urn:elga:bes:2013:rsp-community"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:anyURI"
                >urn:oid:1.2.40.0.34.3.9.114</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="AC Endpoint"
            Name="urn:elga:bes:2019:ac-wse"
            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:type="xsd:anyURI"
                >https://zpite.zpi.sozvers.at/eip-war/services/Repository_Port_Soap12,https://zpite.zpi.sozvers.at/eip-war/services/Registry_Port_Soap12</saml2:AttributeValue>
        </saml2:Attribute>
    </saml2:AttributeStatement>
</saml2:Assertion>