External Validation Service Front-end

Information

File Name: kp_saml.xml
OID :: 1.3.6.1.4.1.12559.11.11.4.32050
Validation Date :: 8/22/25 4:20:16 PM (CEST GMT+0200)
GSS - XUA Validator (7.2.2): IHE - ITI - XUA (Unknown)
Validation Results :: DONE_PASSED
Permanent link :: https://connectathon.ihe-catalyst.net/evs/report.seam?oid=1.3.6.1.4.1.12559.11.11.4.32050
Data Visibility :: Public

↓

$type Validation Report

Well-formednessPASSED

The document you have validated is supposed to be a well-formed document. The validator has checked if it is well-formed, results of this validation are gathered in this section.

The document is well-formed

Schema Validation detailed ResultPASSED

Your document has been validated with the appropriate schema, here is the detail of the validation outcome.

The document is valid regarding the schema

Gazelle Objects Checker validator resultsPASSED

Summary of checks: 1

17

Test: consNPII - 1
Location: /Assertion/AttributeStatement[0]
Description: The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a National Provider Identifier (NPI) attribute (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: conOthersR - 1
Location: /Assertion/AttributeStatement[0]/Attribute[5]
Description: In the Role element defined under the AttributeValue element, only (code, codesystem, codeSystemName, nullFlavor and displayName) can be specified (ITI TF Vol2b, 3.40.4.1.2.1)[ Assertion... ]

Test: consSubRoleR - 2
Location: /Assertion/AttributeStatement[0]/Attribute[5]
Description: The Role shall be recorded under the AttributeValue with an element <Role> in the namespace 'urn:hl7-org:v3', whose content is defined by the CE datatypes from HL7V3 (ITI TF Vol2b, 3.40.4.1.2.1)[ Assertion... ]

Test: conscodesystemR - 3
Location: /Assertion/AttributeStatement[0]/Attribute[6]
Description: codeSystem shall be specified in the PurposeOfUse element (ITI TF Vol2b, 3.40.4.1.2.3)[ Assertion... ]

Test: conspurpR - 4
Location: /Assertion/AttributeStatement[0]/Attribute[6]
Description: Purpose of use shall be presented with an element <PurposeOfUse> under the element AttributeValue., and shall have the namespace'urn:hl7-org:v3' whose content is defined by the 'CE' HL7V3 datatypes (ITI TF Vol2b, 3.40.4.1.2.3)[ Assertion... ]

Test: consAttrStatementR - 5
Location: /Assertion
Description: The Assertion may contain other statements (e.g. Attributes) (ITI TF 3.40.4.1.2)[ Assertion... ]

Test: consAuthnStatementR - 6
Location: /Assertion
Description: Assertion SHALL contain AuthnStatement with AuthnContextClassRef or AuthnContextDeclRef (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: conssubjectR - 7
Location: /Assertion
Description: Assertion SHALL have a Subject (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: conssubjconfR - 8
Location: /Assertion/Subject
Description: Subject SHALL have SubjectConfirmation element (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: consAudienceRestR - 9
Location: /Assertion/Conditions
Description: Conditions SHALL contain an AudienceRestriction containing an Audience (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: consOneTimeUseR - 10
Location: /Assertion/Conditions
Description: An X-Service User may ignore a OneTimeUse condition. (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: consProxyRestrictionR - 11
Location: /Assertion/Conditions
Description: An X-Service User may ignore a ProxyRestriction condition. (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: consnotbeforeR - 12
Location: /Assertion/Conditions
Description: NotBefore attribute SHALL be populated (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: consHomeCommunityIdR - 13
Location: /Assertion/AttributeStatement[0]
Description: The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Home Community ID attribute (ITI TF Vol2b, 3.40.4.1.2).[ Assertion... ]

Test: consOrganizationIDR - 14
Location: /Assertion/AttributeStatement[0]
Description: The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Organization ID attribute (ITI TF Vol2b, 3.40.4.1.2).[ Assertion... ]

Test: consSubjectIdR - 15
Location: /Assertion/AttributeStatement[0]
Description: The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Subject ID attribute. (ITI TF Vol2b, 3.40.4.1.2)[ Assertion... ]

Test: consSubjectOrganizationR - 16
Location: /Assertion/AttributeStatement[0]
Description: The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with an Subject Organization attribute (ITI TF Vol2b, 3.40.4.1.2).[ Assertion... ]

Test: consValueOIDR - 17
Location: /Assertion/AttributeStatement[0]/Attribute[2]
Description: The value shall be the Home Community ID (an Object Identifier) assigned to the Community that is initiating the request, using the urn format (that is, urn:oid appended with the OID). (ITI TF Vol2b,, 3.40.4.1.2) (ITI TF Vol2b,[ Assertion... ]

File Content

↓

Prettify content

View lines numbers

The following content has been modified for better visualization. Validation will be performed on original content
1	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_2f052efc-fc29-4648-9d48-e3963cdd7f90" IssueInstant="2025-08-12T22:30:59.196Z" Version="2.0">
2	<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">urn:tiani-spirit:sts</saml2:Issuer>
3	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
4	<ds:SignedInfo>
5	<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
6	<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
7	<ds:Reference URI="#_2f052efc-fc29-4648-9d48-e3963cdd7f90">
8	<ds:Transforms>
9	<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
10	<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
11	<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd"/>
12	</ds:Transform>
13	</ds:Transforms>
14	<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
15	<ds:DigestValue>v6etJtnsJlxwr6XkuaXbbGnUP9Y=</ds:DigestValue>
16	</ds:Reference>
17	</ds:SignedInfo>
18	<ds:SignatureValue>ebZ9jmsQB5LC19YG67mPkcJYc1YSTJo/EyDefuw0QWAWRMPEMLxPPL2l1d2gKKVJiPISn9DB//X2lVl1mMlt1UYrfhz+2JnvxCz23XAiat8pRkiSykKWC5dsSTTMhRN817Vl8lMb7yzlK+PpEIKKRDPFr1flqqSHIi159HuPaIne5DpvJZiQl2xXyGKkZKM0sTKU82phgwnMXNQnK6UblJRiF5xg6R7bf5dvB2Nbmo3xCdvYgcCic5KZucMCPlLL+h+jifKod6wYw64jabxBXAcFNVgj11RSjrN8yiyfk87LO6vARp48j0lEVGNt3245lht09l1DDmsEHqa6bUArDQ==</ds:SignatureValue>
19	<ds:KeyInfo>
20	<ds:X509Data>
21	<ds:X509Certificate>MIIFeTCCBGGgAwIBAgIIFnrD7KYyvtowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCVVMxEzARBgNVBAoMCkVNUiBEaXJlY3QxOjA4BgNVBAMMMUVNUiBEaXJlY3QgcGhpQ2VydCBIZWFsdGggSW5mb3JtYXRpb24gRXhjaGFuZ2UgQ0EwHhcNMjUwNTE0MjExNzExWhcNMjYwNTE0MjExNzExWjCBiTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDlNvdXRoIENhcm9saW5hMSgwJgYDVQQKDB9FbGVjdHJvbmljIEhlYWx0aCBOZXR3b3JrLCBJbmMuMRQwEgYDVQQLDAtDQVJFUVVBTElUWTEhMB8GA1UEAwwYY2FyZXF1YWxpdHkuZWhuLXByb2QubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBYyal7mQoO7MQnfb5Jio1A4yKX54fzWFOyEBEzyJawO6BdmK8dhJruZbJb3IT4LavOzSralR48ZPcgC2tu/YPi/dMQmd+cyksWmpfDjr/qsF0vLSyxgHAWHY/s3Nju7PUaS1Ln+4XLQJ41hmrTBOF29/kwwbc+Ui+XYiEHB/7L4c7KyhQHaA83E46i8fizgKgMkd0OATc25QAoLXaLHsPXkU3EfSdWxSlAGR7y0Mla9abXc7mHQ9DCVKiEZ++bfWlkydnWIvFq0STcbXyDZGT/I79Sd5t9rDvR93DdiBQlwEWNPaLnOtJXpFchwWCO4zyju4X18OIoli2W5kZrvbQIDAQABo4ICDTCCAgkwaAYIKwYBBQUHAQEEXDBaMFgGCCsGAQUFBzAChkxodHRwOi8vd3d3LnBoaWNlcnQuY29tL2NlcnRzL0VNUkRpcmVjdFBoaUNlcnRIZWFsdGhJbmZvcm1hdGlvbkV4Y2hhbmdlQ0EuY3J0MB0GA1UdDgQWBBR/f561WcIS97deM1lrKWewT1esqjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHOgAtZf8+w7zFUC9/L2ZcKoYjw7MH4GA1UdIAR3MHUwDAYKKwYBBAGCwVsBBTA6Bg1ghkgBhvlbA5R5AQELMCkwJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnBoaWNlcnQuY29tL2NwczAMBgorBgEEAYLBWwICMA0GCysGAQQBgsFbAAIAMAwGCisGAQQBgsFbAwEwWwYDVR0fBFQwUjBQoE6gTIZKaHR0cDovL3d3dy5waGljZXJ0LmNvbS9jcmwvRU1SRGlyZWN0UGhpQ2VydEhlYWx0aEluZm9ybWF0aW9uRXhjaGFuZ2VDQS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBDBgNVHREEPDA6ghhjYXJlcXVhbGl0eS5laG4tcHJvZC5uZXSGHkhUVFA6Ly9XV1cuQ0FSRVFVQUxJVFkuT1JHL1YwMTANBgkqhkiG9w0BAQsFAAOCAQEAb1FNMFRz4wkbglg7v/84ulZCtssLIM/N+XiK/Zez1PXDjLCxm/LADgdtelWtKMl1Licg846LrKk4/cq6dWCDZ25UOdSctVgcPCmJFF+wTlnm8KLPDs7ZkBjbBsTQOLbo1Hlz444JaZEN17onaR7PjFsdMWHMDQ68vqn9RHGaaXwxAqlMAkTVcA3nfGiFZthYonXDDYqxJbif7zcMjIvzbOM7Y3TwadvQRgrkKJ23hqkhxT8UoYq/4oHXLIlVLl1ShqjWF91izf2yNytWeIFZZIpGhz5N666rlb/LBuGThCGFk3AgEokgizlqX9pxzYtPVkeYS7G3VX8pj3MqRKhi8A==</ds:X509Certificate>
22	</ds:X509Data>
23	</ds:KeyInfo>
24	</ds:Signature>
25	<saml2:Subject>
26	<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=carequality.ehn-prod.net, OU=CAREQUALITY, O="Electronic Health Network, Inc.", ST=South Carolina, C=US</saml2:NameID>
27	<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
28	<saml2:SubjectConfirmationData>
29	<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
30	<ds:KeyValue>
31	<ds:RSAKeyValue>
32	<ds:Modulus>oBYyal7mQoO7MQnfb5Jio1A4yKX54fzWFOyEBEzyJawO6BdmK8dhJruZbJb3IT4LavOzSralR48ZPcgC2tu/YPi/dMQmd+cyksWmpfDjr/qsF0vLSyxgHAWHY/s3Nju7PUaS1Ln+4XLQJ41hmrTBOF29/kwwbc+Ui+XYiEHB/7L4c7KyhQHaA83E46i8fizgKgMkd0OATc25QAoLXaLHsPXkU3EfSdWxSlAGR7y0Mla9abXc7mHQ9DCVKiEZ++bfWlkydnWIvFq0STcbXyDZGT/I79Sd5t9rDvR93DdiBQlwEWNPaLnOtJXpFchwWCO4zyju4X18OIoli2W5kZrvbQ==</ds:Modulus>
33	<ds:Exponent>AQAB</ds:Exponent>
34	</ds:RSAKeyValue>
35	</ds:KeyValue>
36	</ds:KeyInfo>
37	</saml2:SubjectConfirmationData>
38	</saml2:SubjectConfirmation>
39	</saml2:Subject>
40	<saml2:Conditions NotBefore="2025-08-12T22:30:59.195Z" NotOnOrAfter="2025-08-13T02:30:59.195Z">
41	<saml2:AudienceRestriction>
42	<saml2:Audience>http://ihe.connecthaton.XUA/X-ServiceProvider-IHE-Connectathon</saml2:Audience>
43	</saml2:AudienceRestriction>
44	</saml2:Conditions>
45	<saml2:AuthnStatement AuthnInstant="2025-08-12T22:30:59.195Z" SessionIndex="123456">
46	<saml2:AuthnContext>
47	<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
48	</saml2:AuthnContext>
49	</saml2:AuthnStatement>
50	<saml2:AttributeStatement>
51	<saml2:Attribute FriendlyName="XSPA Organization" Name="urn:oasis:names:tc:xspa:1.0:subject:organization" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
52	<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">EHN_EMR</saml2:AttributeValue>
53	</saml2:Attribute>
54	<saml2:Attribute FriendlyName="XSPA Organization ID" Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
55	<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">2.16.840.1.113883.3.704.1.103.100</saml2:AttributeValue>
56	</saml2:Attribute>
57	<saml2:Attribute FriendlyName="XCA Home Community ID" Name="urn:ihe:iti:xca:2010:homeCommunityId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
58	<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">urn:oid:2.16.840.1.113883.3.704.1.103</saml2:AttributeValue>
59	</saml2:Attribute>
60	<saml2:Attribute FriendlyName="NHIN XCA Home Community ID" Name="urn:nhin:names:saml:homeCommunityId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
61	<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">urn:oid:2.16.840.1.113883.3.704.1.103</saml2:AttributeValue>
62	</saml2:Attribute>
63	<saml2:Attribute FriendlyName="XSPA Subject ID" Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
64	<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">aperez@ehnusa.com</saml2:AttributeValue>
65	</saml2:Attribute>
66	<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
67	<saml2:AttributeValue>
68	<hl7:Role xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="Administrator" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Medical Doctor" xsi:type="hl7:CE"/>
69	</saml2:AttributeValue>
70	</saml2:Attribute>
71	<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
72	<saml2:AttributeValue>
73	<hl7:PurposeOfUse xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Treatment" xsi:type="hl7:CE"/>
74	</saml2:AttributeValue>
75	</saml2:Attribute>
76	</saml2:AttributeStatement>
77	</saml2:Assertion>

Validation result

Information

Well-formednessPASSED

Schema Validation detailed ResultPASSED

Gazelle Objects Checker validator resultsPASSED

File Content