<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
    <env:Header xmlns:addressing="http://www.w3.org/2005/08/addressing">
        <addressing:Action env:mustUnderstand="1"
            >http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/IssueFinal</addressing:Action>
        <addressing:MessageID>uuid:24C1A3E6-5000-4F68-8FFE-40F90692C795</addressing:MessageID>
        <addressing:RelatesTo>Mauro_msgID:d24bb4c6-ad1a-4a98-ba7a-6f47c663df7c</addressing:RelatesTo>
    </env:Header>
    <env:Body>
        <wst:RequestSecurityTokenResponseCollection
            xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
            <wst:RequestSecurityTokenResponse>
                <wst:TokenType>urn:elga:bes:2019:Context:assertion</wst:TokenType>
                <wst:RequestedSecurityToken>
                    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                        xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                        ID="_c677bef9-0491-4acc-a7b0-f181274cb871"
                        IssueInstant="2019-11-07T09:38:40.467Z" Version="2.0">
                        <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                            >urn:elga:ets</saml2:Issuer>
                        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <ds:SignedInfo>
                                <ds:CanonicalizationMethod
                                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                <ds:SignatureMethod
                                    Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                                <ds:Reference URI="#_c677bef9-0491-4acc-a7b0-f181274cb871">
                                    <ds:Transforms>
                                        <ds:Transform
                                            Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                        <ds:Transform
                                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                            <ec:InclusiveNamespaces
                                                xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                                                PrefixList="xsd"/>
                                        </ds:Transform>
                                    </ds:Transforms>
                                    <ds:DigestMethod
                                        Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                    <ds:DigestValue>vm8XZV5HEvhF+2Y/5NMIcbGJ0pE+UgbLR5ntmnAjLzo=</ds:DigestValue>
                                </ds:Reference>
                            </ds:SignedInfo>
                            <ds:SignatureValue>d+GIxIRvSq5/36fv6X5LNtD0aLGGmznh/1EGnZCRPjyEO/WFhWW18mA8khnSAlrap/3yDm7YYvXUTxQ7o7A2mlUT/XweBeddtb7lbkXSEZKr+c+76k8lijMwMPEGt7ODF0BLMUB0dxYDAF7f8BVL5/+URvTuD3NBmk9apiBxfPzlqk22ZVBuMUIMYzi5GmrMJzudcpDdK7g0/52Qpcj+egx4spQPwl1hF05HOL7gDR/wKJvzPz72wllyJ5AQxZLdEsLKqnFJ0LlwvCh8ocEM/BOiDvSuXtI4ucGkjHsRsM8iOZst4tS/I0LvXj+Du/n9J9h0dQV0QDtSU2nUFi+LOA==</ds:SignatureValue>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIFojCCA4qgAwIBAgIIKEyhglZf59IwDQYJKoZIhvcNAQELBQAwRzEhMB8GA1UEAwwYRWxnYS1TcGlyaXQtSW50LUlzc3VlckNBMRUwEwYDVQQKDAxUaWFuaS1TcGlyaXQxCzAJBgNVBAYTAkFUMB4XDTE4MDQwOTEwMDQxNloXDTIwMDUwODEwMDQxNlowTTEnMCUGA1UEAwweYWNzLWV0cy1pc3N1ZXIuZWxnYS1zcGlyaXQuaW50MRUwEwYDVQQKDAxUaWFuaS1TcGlyaXQxCzAJBgNVBAYTAkFUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraClgr0ayjQ23TomXJOYVBGTtBf1h52Ly1mRcztD7cVNXV13fvKR/ZjCeznXP6vBytCd4+H3cbZWktLdNNMwyp2cuqSsdR2XQQB4FnnEF8IZ4OCQoKOg6gjI6QPTv3z4k9qY5cNEyMX9+awKn+3RSk1v8pgTs4a0W3tA7H3OLVL299YNmhBUAGC9czXtJ9u9irMBqJipJieQqc+9fiWohZarZoCl4F94Fie23PTO3WG5YAQxdXM4aDRRSLa8xVAW7JG8F+ebZ+vbk2oxn1oZfwPkjyHEYLGAFOT9bboHodeaN9Z39sBGXhdPdF4lXkJMQmqCvFpMd1IGEY0kKRXJYQIDAQABo4IBijCCAYYwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRBL42YJmvw2YvhLTtYAfVfgpcaiTBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6Ly9TcGlyaXRQS0k6ODA4MC9lamJjYS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwgdYGA1UdHwSBzjCByzCByKB5oHeGdWh0dHA6Ly9TcGlyaXRQS0k6ODA4MC9lamJjYS9wdWJsaWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9jbWQ9Y3JsJmlzc3Vlcj1DTj1FbGdhLVNwaXJpdC1JbnQtSXNzdWVyQ0EsTz1UaWFuaS1TcGlyaXQsQz1BVKJLpEkwRzEhMB8GA1UEAwwYRWxnYS1TcGlyaXQtSW50LUlzc3VlckNBMRUwEwYDVQQKDAxUaWFuaS1TcGlyaXQxCzAJBgNVBAYTAkFUMB0GA1UdDgQWBBQXFtxLRYmeOIHXsK+2m1wc6Ju8XDAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQELBQADggIBAE9dyRh8DFkxtgfINl1sF19HbDi2u6Zf9e/ty/6j4gqwNzCKn73jd0HrHyRlwDxgRdZJc8yIZJc/GhEkk/3ndnUcHka+sbrHvNm3V7sWjp7sehIcmqoFxNAV3V1MEMmfoNcZW1UCyusZhGu8l26IKJ/BDdqr0n/MxECEtO6e82KULH3DiFmWi03nvWbSeZs8eCcYV89bzVf1FiPzcJt1N0HCl5COyf5FLYDdRaad2xf94r2Gl/zrrh3p/cS6Lpl84U10KPlnimV7nSWQgZvPopd19rG9PY6s9GcrKMkI5H//9xjj2J5NAW2Dpu+BCkSOK8TApmohAwUvMPfZ61Sf3j+2lDcPVqwP1VECvq8BGIZa4h/4rZOb51PpZeaufN+qRepbNwKJxwJVktDEGycqkqBna9fnJt8vSB5ByLzGAr/bS9cs8vzd698dpRL438g0+SqPvt1QDOYSJhQxjagPc6wIk9LyuhLd31nPYaRYmUVvV5bybIWrBWL2ltolDsKEmWKt8h9rcHO2+yQ8jtSlgYjmQC2qbURT97wrGU2pK+EfwfD6emiUABVGfY2eJxyEH23j+67UloKzOGjwyhqIPS8kMKfqeH/frOiD3WHkuqy0cT4XQ/ydau6LPESuFbdH8hYVrBUDZBJGTnXuA6qt7y+tQJBM0ueRIlLZWNYer3BS</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                        </ds:Signature>
                        <saml2:Subject>
                            <saml2:NameID
                                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                                >1.2.40.0.34.99.10.1.1.1.31498^1.2.40.0.34@100Krankenanstalt
                                Eisenstadt</saml2:NameID>
                            <saml2:SubjectConfirmation
                                Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                                <saml2:SubjectConfirmationData/>
                            </saml2:SubjectConfirmation>
                        </saml2:Subject>
                        <saml2:Conditions NotBefore="2019-11-07T09:38:40.466Z"
                            NotOnOrAfter="2019-11-07T13:38:40.466Z">
                            <saml2:ProxyRestriction Count="1"/>
                            <saml2:AudienceRestriction>
                                <saml2:Audience>https://elga-online.at/ETS</saml2:Audience>
                                <saml2:Audience>https://elga-online.at/KBS</saml2:Audience>
                                <saml2:Audience>https://elga-online.at/ZPI</saml2:Audience>
                            </saml2:AudienceRestriction>
                        </saml2:Conditions>
                        <saml2:AuthnStatement AuthnInstant="2019-11-07T09:38:40.466Z">
                            <saml2:AuthnContext>
                                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</saml2:AuthnContextClassRef>
                            </saml2:AuthnContext>
                        </saml2:AuthnStatement>
                        <saml2:AttributeStatement>
                            <saml2:Attribute FriendlyName="BeS Purpose Of Use"
                                Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                                <saml2:AttributeValue
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                    xsi:type="xsd:string"
                                    >E-HEALTH-CONTEXT^103</saml2:AttributeValue>
                            </saml2:Attribute>
                            <saml2:Attribute FriendlyName="AC Purpose"
                                Name="urn:oasis:names:tc:xacml:2.0:action:purpose"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                                <saml2:AttributeValue
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                    xsi:type="xsd:string">PUBLICHEALTH</saml2:AttributeValue>
                            </saml2:Attribute>
                            <saml2:Attribute FriendlyName="ELGA Rolle"
                                Name="urn:oasis:names:tc:xacml:2.0:subject:role"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                                <saml2:AttributeValue
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                    xsi:type="xsd:anyType">
                                    <Role xmlns="urn:hl7-org:v3" code="702"
                                        codeSystem="1.2.40.0.34.5.3"
                                        codeSystemName="ELGA GDA Aggregatrollen"
                                        displayName="Krankenanstalt"/>
                                </saml2:AttributeValue>
                            </saml2:Attribute>
                            <saml2:Attribute FriendlyName="XSPA Subject"
                                Name="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                                <saml2:AttributeValue
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                    xsi:type="xsd:string">Mauro</saml2:AttributeValue>
                            </saml2:Attribute>
                            <saml2:Attribute FriendlyName="Local Organisation ID"
                                Name="urn:elga:bes:2013:local-organisation-id"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                                <saml2:AttributeValue
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                    xsi:type="xsd:anyURI"
                                    >urn:oid:1.2.40.0.34.99.10.1.1.1.31498</saml2:AttributeValue>
                            </saml2:Attribute>
                            <saml2:Attribute FriendlyName="XSPA Organization ID"
                                Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id"
                                NameFormat="urn:oasis:names:tc:IMPF_TRA_Issuer_KSSAML:2.0:attrname-format:uri">
                                <saml2:AttributeValue
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                    xsi:type="xsd:anyURI"
                                    >urn:oid:1.2.40.0.34.99.10.1.1.1.31498</saml2:AttributeValue>
                            </saml2:Attribute>
                            <saml2:Attribute FriendlyName="Permissions"
                                Name="urn:elga:bes:permission"
                                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                                <saml2:AttributeValue
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                    xsi:type="xsd:string"
                                    >urn:elga:bes:2019:permission:e-Impfpass:read:contact</saml2:AttributeValue>
                                <saml2:AttributeValue
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                    xsi:type="xsd:string"
                                    >urn:elga:bes:2019:permission:e-Impfpass:write:contact</saml2:AttributeValue>
                            </saml2:Attribute>
                        </saml2:AttributeStatement>
                    </saml2:Assertion>
                </wst:RequestedSecurityToken>
            </wst:RequestSecurityTokenResponse>
        </wst:RequestSecurityTokenResponseCollection>
    </env:Body>
</env:Envelope>