Merge branch 'master' into moa-sig-dependency-fixup

30 files changed, 646 insertions, 96 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
index 51b4e0b4..c9c2ec0b 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
@@ -103,9 +103,9 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder
 	@Override
 	public final Map<String, Object> getViewParameters() {		
 		//set generic parameters
-		setViewParameter(PARAM_GROUP_FORM, PARAM_AUTHCONTEXT, this.authURL);
-		setViewParameter(PARAM_GROUP_FORM, PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
-		setViewParameter(PARAM_GROUP_FORM, PARAM_VIEWNAME, this.viewName);
+		setViewParameter(getFromGroup(), PARAM_AUTHCONTEXT, this.authURL);
+		setViewParameter(getFromGroup(), PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
+		setViewParameter(getFromGroup(), PARAM_VIEWNAME, this.viewName);
 				
 		//get parameters from detail implementation
 		putSpecificViewParameters();
@@ -126,6 +126,13 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder
 	 * 
 	 */
 	abstract protected void putSpecificViewParameters();
+	
+	/**
+	 * Get the Group for generic form elements
+	 * 
+	 * @return groupName or <code>null</code> if no groups are used
+	 */
+	abstract protected String getFromGroup();
 
 	@SuppressWarnings("unchecked")
 	protected void setViewParameter(String group, String key, Object value) {
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java
index 65e13b5a..b9c16538 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java
@@ -77,7 +77,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui
 	public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config,
 			String loggerName) throws GUIBuildException {
 		if (config instanceof IVelocityGUIBuilderConfiguration)
-			build(httpReq, httpResp, config, loggerName);
+			build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, loggerName);
 		else
 			throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName());
 		
@@ -88,7 +88,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui
 	public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config,
 			String contentType, String loggerName) throws GUIBuildException {
 		if (config instanceof IVelocityGUIBuilderConfiguration)
-			build(httpReq, httpResp, config, loggerName);
+			build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, contentType, loggerName);
 		else
 			throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName());
 		
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java
new file mode 100644
index 00000000..86728c05
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java
@@ -0,0 +1,121 @@
+package at.gv.egiz.eaaf.core.impl.idp;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.NonNull;
+import org.springframework.util.Assert;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+
+public class EidAuthenticationData extends AuthenticationData implements IEidAuthData {
+	private static final Logger log = LoggerFactory.getLogger(EidAuthenticationData.class);
+	
+	
+	private static final long serialVersionUID = -7106142572904327044L;
+
+	private byte[] eIDToken;
+	private byte[] signerCertificate;
+	private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus;
+	private String vdaEndpointUrl;
+	private boolean useMandate = false;
+	
+	@Override
+	public byte[] getSignerCertificate() {
+		return this.signerCertificate;		
+	}  
+	
+	@Override
+	public byte[] getEIDToken() {
+		return this.eIDToken;
+	}
+
+	@Override
+	public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() {
+		return this.eidStatus;
+		
+	}
+
+	@Override
+	public boolean isUseMandate() {
+		return useMandate;
+	}
+
+	@Override
+	public String getVdaEndPointUrl() {
+		return vdaEndpointUrl;
+		
+	}
+	
+	/**
+	 * Set the status of the E-ID identity
+	 * 
+	 * @param eidStatus
+	 */
+	public void setEidStatus(EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus) {
+		this.eidStatus = eidStatus;
+	}
+
+	/**
+	 * Set Online IdentityLink to AuthenticationData
+	 * 
+	 * @param eIDToken
+	 */
+	public void seteIDToken(final byte[] eIDToken) {
+		this.eIDToken = eIDToken;
+		
+	}
+
+	/**
+	 * Set the signing certificate that was used to sign the user consent
+	 * 
+	 * @param signerCertificate
+	 */
+	public void setSignerCertificate(@NonNull final X509Certificate signerCertificate) {
+		Assert.notNull(signerCertificate, "Signer certificate is null");
+		try {
+			this.signerCertificate = signerCertificate.getEncoded();
+			
+		} catch (final CertificateEncodingException e) {
+			log.warn("Can NOT serialized signer-certificate", e);
+			log.warn("Signer certificate will be ignored");
+			
+		}
+	}
+
+	/**
+	 * Set the signing certificate that was used to sign the user consent
+	 * 
+	 * @param signerCertificate
+	 */
+	public void setSignerCertificate(final byte[] signerCertificate) {
+		this.signerCertificate = signerCertificate;
+		
+	}
+	
+	/**
+	 * Set flag that mandates are used in this process
+	 * 
+	 * @param useMandate true if mandates was used, otherwise false
+	 */
+	public void setUseMandate(boolean useMandate) {
+		this.useMandate = useMandate;
+	}
+
+
+	/**
+	 * Set URL of the EndPoint that was used on VDA for authentication
+	 * 
+	 * @param vdaEndpointUrl
+	 */
+	public void setVdaEndpointUrl(String vdaEndpointUrl) {
+		this.vdaEndpointUrl = vdaEndpointUrl;
+	}
+
+	
+
+	
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index 2482d65f..47b1ecf9 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -172,7 +172,6 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
 		internalAuthData.setDateOfBirth(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.BIRTHDATE_NAME, String.class));
 		internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class));
 		internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class));
-
 		
 		//####################################################
 		//set QAA level
@@ -574,7 +573,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
 		 * but there it is not neccesary. We fix this problem in 3.4.3, but the fix can be deactivated 
 		 * for dependency reasons. 
 		 */
-		if (basicConfig.getBasicMOAIDConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) {
+		if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) {
 			authData.setGivenName(identityLink.getGivenName().replaceAll("'", "&#39;"));
 			authData.setFamilyName(identityLink.getFamilyName().replaceAll("'", "&#39;"));
 			
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 6f416414..0aa7ff89 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -48,7 +48,7 @@ import at.gv.egiz.eaaf.core.api.IStatusMessenger;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.api.gui.ISpringMVCGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
@@ -83,7 +83,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 	@Autowired(required=true) private ITransactionStorage transactionStorage;
 	@Autowired(required=true) private IAuthenticationManager authmanager;			
 	@Autowired(required=true) private IAuthenticationDataBuilder authDataBuilder;	
-	@Autowired(required=true) private ISpringMVCGUIFormBuilder guiBuilder;
 	@Autowired(required=true) private IGUIBuilderConfigurationFactory guiConfigFactory;
 	@Autowired(required=true) private IStatusMessenger statusMessager;
 	@Autowired(required=true) private IRequestStorage requestStorage;
@@ -93,6 +92,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 	@Autowired private IStatisticLogger statisticLogger;
 	@Autowired private IRevisionLogger revisionsLogger;
 	
+	
+	private IGUIFormBuilder guiBuilder;
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService#performAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egiz.eaaf.core.api.IRequest)
 	 */
@@ -257,6 +259,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 			
 	}
 	
+		
+	public void setGuiBuilder(IGUIFormBuilder guiBuilder) {
+		this.guiBuilder = guiBuilder;
+	}
+
 	/**
 	 * Finalize the requested protocol operation
 	 * 
@@ -366,16 +373,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 		}		
 	}
 	
-	private void writeBadRequestErrorResponse(final HttpServletRequest req, final HttpServletResponse resp, final EAAFException e) throws IOException {
-		final String code = statusMessager.mapInternalErrorToExternalError(((InvalidProtocolRequestException)e).getErrorId());
-		final String descr = StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage()));
-		resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8);
-		resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
-				"(Errorcode=" + code +
-				" | Description=" + descr + ")");
-		
-	}
-	
 	private void writeHTMLErrorResponse(@NonNull final HttpServletRequest httpReq, @NonNull final HttpServletResponse httpResp, 
 			@NonNull final String msg, @NonNull  final String errorCode, @Nullable final Object[] params, @NonNull final Exception error) throws IOException, EAAFException {
 
@@ -457,11 +454,21 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 				statisticLogger.logErrorOperation(ex, ex.getErrorRequest());
 			
 			//write error message
-			writeBadRequestErrorResponse(req, resp, (EAAFException) e);			
+			//writeBadRequestErrorResponse(req, resp, (EAAFException) e);
+			writeHTMLErrorResponse(req, resp, 
+					e.getMessage(), 
+					statusMessager.getResponseErrorCode(e),
+					null,
+					e);	
 		
 		} else if (e instanceof InvalidProtocolRequestException) {		
 			//send error response
-			writeBadRequestErrorResponse(req, resp, (EAAFException) e);
+			//writeBadRequestErrorResponse(req, resp, (EAAFException) e);
+			writeHTMLErrorResponse(req, resp, 
+					e.getMessage(), 
+					statusMessager.getResponseErrorCode(e),
+					null,
+					e);	
 			
 		} else if (e instanceof ConfigurationException) {
 			//send HTML formated error message
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java
new file mode 100644
index 00000000..ec0f5d0c
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java
@@ -0,0 +1,44 @@
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+
+@PVPMETADATA
+public class EIDCcsURL implements IPVPAttributeBuilder {
+	private static final Logger log = LoggerFactory.getLogger(EID_CCS_URL_NAME);
+	
+	@Override
+	public String getName() {
+		return EID_CCS_URL_NAME;
+	}
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		if (authData instanceof IEidAuthData) {
+			final String bkuurl = ((IEidAuthData)authData).getVdaEndPointUrl();
+			if (StringUtils.isNotEmpty(bkuurl))
+				return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
+			
+				
+		} else
+			log.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
+		throw new UnavailableAttributeException(EID_CCS_URL_NAME);
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME);
+	}
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java
new file mode 100644
index 00000000..698393ea
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java
@@ -0,0 +1,69 @@
+/*******************************************************************************
+ * Copyright 2019 Graz University of Technology
+ * EAAF-Core Components has been developed in a cooperation between EGIZ,  
+ * A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *  
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.util.Base64Utils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+
+@PVPMETADATA
+public class EIDEIDTokenBuilder implements IPVPAttributeBuilder {
+	private static final Logger log = LoggerFactory.getLogger(EIDEIDTokenBuilder.class);
+	 
+	
+	@Override
+	public String getName() {
+		return EID_E_ID_TOKEN_NAME;
+	}
+
+	@Override
+	public <ATT> ATT build(final ISPConfiguration oaParam, final IAuthData authData,
+			final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		
+		if (authData instanceof IEidAuthData) {		
+			if (((IEidAuthData)authData).getEIDToken() == null)
+				throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME);
+					
+			return g.buildStringAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME,
+					EID_E_ID_TOKEN_NAME, Base64Utils.encodeToString(((IEidAuthData)authData).getEIDToken()));
+		} else
+			log.info(EID_E_ID_TOKEN_FRIENDLY_NAME + " is only available in AuthHandler context");
+		
+		throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME);
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME,
+				EID_E_ID_TOKEN_NAME);
+	}
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java
new file mode 100644
index 00000000..bab521b4
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java
@@ -0,0 +1,80 @@
+/*******************************************************************************
+ * Copyright 2019 Graz University of Technology
+ * EAAF-Core Components has been developed in a cooperation between EGIZ,  
+ * A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *  
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.util.Base64Utils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+
+@PVPMETADATA
+public class EIDSignerCertificate implements IPVPAttributeBuilder {
+	private static final Logger log = LoggerFactory.getLogger(EIDSignerCertificate.class);
+	
+	@Override
+	public String getName() {
+		return EID_SIGNER_CERTIFICATE_NAME;
+	}
+
+	@Override
+	public <ATT> ATT build(final ISPConfiguration oaParam, final IAuthData authData,
+			final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		
+		if (authData instanceof IEidAuthData) {
+			try {
+				
+				final byte[] signerCertificate = ((IEidAuthData)authData).getSignerCertificate();
+				if (signerCertificate != null) {
+					return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, 
+						Base64Utils.encodeToString(signerCertificate));
+			
+				} else
+					log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context");
+			
+			} catch (final Exception e) {
+				log.info("Signer certificate BASE64 encoding error");
+			
+			}
+			
+		} else
+			log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in AuthHandler context");
+			
+		
+		throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME);
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME);
+	}
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java
new file mode 100644
index 00000000..6a8de559
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java
@@ -0,0 +1,47 @@
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+
+@PVPMETADATA
+public class EidIdentityStatusLevelAttributeBuiler implements IPVPAttributeBuilder {
+	private static final Logger log = LoggerFactory.getLogger(EidIdentityStatusLevelAttributeBuiler.class);
+
+	@Override
+	public String getName() {
+		return EID_IDENTITY_STATUS_LEVEL_NAME;
+	}
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		if (authData instanceof IEidAuthData) {		
+			if (((IEidAuthData)authData).getEIDStatus() == null)
+				throw new UnavailableAttributeException(getName());
+					
+			return g.buildStringAttribute(getFriendlyName(),
+					getName(), ((IEidAuthData)authData).getEIDStatus().getURI());
+		} else
+			log.info(getFriendlyName() + " is only available in EAAF context");
+		
+		throw new UnavailableAttributeException(getName());
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(getFriendlyName(), getName());
+	}
+
+	private String getFriendlyName() {
+		return EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME;
+	}
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java
index af009b10..55662326 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java
@@ -158,19 +158,31 @@ public abstract class AbstractConfigurationImpl implements IExtendedConfiguratio
 		return defaultValue;
 	}
 
+	
 	@Override
-	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
-		return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix));
+	public Boolean getBasicConfigurationBoolean(String key) {
+		final String value = getBasicConfiguration(key);
+		if (value != null)
+			return Boolean.parseBoolean(value);
+		else
+			return null;
 		
 	}
 
+
 	@Override
-	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
-		final String value = getBasicConfiguration(key);		
-		if (StringUtils.isNotEmpty(value))
-			return Boolean.valueOf(value.trim());
-						
-		return defaultValue;
+	public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
+		final Boolean result = getBasicConfigurationBoolean(key);
+		if (result != null)
+			return result;
+		else
+			return defaultValue;
+		
+	}
+	
+	@Override
+	public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
+		return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix));
 		
 	}
 	
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
index 62245331..1a344feb 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
@@ -88,7 +88,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat
 	}
 
 	@Override
-	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {				
+	public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {				
 		final Map<String, String> configProps = getPropertiesStartingWith((ConfigurableEnvironment) env, addPrefixToKey(prefix));
 		return KeyValueUtils.removePrefixFromKeys(configProps, addPrefixToKey(prefix) + ".");
 
@@ -96,17 +96,24 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat
 	}
 
 	@Override
-	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
-		final String value = getBasicConfiguration(key);		
+	public Boolean getBasicConfigurationBoolean(String key) {
+		final String value = getBasicConfiguration(key);
 		if (StringUtils.isNotEmpty(value))
 			return Boolean.valueOf(value.trim());
-						
-		return defaultValue;
-		
+		else
+			return null;
 	}
-	
 
 	@Override
+	public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
+		final Boolean value = getBasicConfigurationBoolean(key);		
+		if (value != null)
+			return value;
+		else
+			return defaultValue;
+	}
+	
+	@Override
 	public URI getConfigurationRootDirectory() {
 		try {
 			return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR)));
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
index 1da8036c..5ad44801 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
@@ -72,7 +72,7 @@ public abstract class AbstractController {
 	@Autowired protected IRevisionLogger revisionsLogger;
 		
 	@ExceptionHandler({EAAFException.class})
-	public void MOAIDExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException {				
+	public void EAAFExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException {				
 		try {
 			protAuthService.handleErrorNoRedirect(e, req, resp, true);
 			
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
index a5b79f6a..926b2bd5 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
@@ -75,7 +75,7 @@ public class HttpClientFactory {
 		httpClientBuilder.setDefaultRequestConfig(requestConfig);
 				
 		//set  pool connection if requested
-		if (basicConfig.getBasicMOAIDConfigurationBoolean(
+		if (basicConfig.getBasicConfigurationBoolean(
 				PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, 
 				true)) {
 			final PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager();
@@ -97,7 +97,7 @@ public class HttpClientFactory {
 			log.trace("Initializing SSL Context ... ");
 			final SSLContext sslContext = SSLContext.getDefault();
 			HostnameVerifier hostnameVerifier = null;
-			if (basicConfig.getBasicMOAIDConfigurationBoolean(
+			if (basicConfig.getBasicConfigurationBoolean(
 					PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, 
 					false)) {
 				hostnameVerifier = new NoopHostnameVerifier();
diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 2decf67c..7b977193 100644
--- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -9,3 +9,7 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDeIDASQAALevelAttributeBuilde
 at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder
 at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder
 at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSignerCertificate
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDCcsURL
\ No newline at end of file
diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml
index e750a49f..27b0f381 100644
--- a/eaaf_core/src/main/resources/eaaf_core.beans.xml
+++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml
@@ -12,9 +12,6 @@
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
 
-	<bean 	id="eaafProtocolAuthenticationService"
-			class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService" />
-
 	<bean	id="httpClientFactory"
 			class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
 
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
index 880582cd..ffb921ce 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
@@ -27,25 +27,11 @@ public class DummyConfiguration implements IConfiguration {
 	}
 
 	@Override
-	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+	public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
 		// TODO Auto-generated method stub
 		return null;
 	}
-
-	@Override
-	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
-		if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) {
-			if (isIDLEscapingEnabled == null)
-				return defaultValue;
-			else
-				return isIDLEscapingEnabled;
-			
-		}
-		
-		
-		return false;
-	}
-
+	
 	@Override
 	public ISPConfiguration getServiceProviderConfiguration(String uniqueID) throws EAAFConfigurationException {
 		// TODO Auto-generated method stub
@@ -74,4 +60,25 @@ public class DummyConfiguration implements IConfiguration {
 	public void setIsIDLEscapingEnabled(Boolean isIDLEscapingEnabled) {
 		this.isIDLEscapingEnabled = isIDLEscapingEnabled;
 	}
+
+	@Override
+	public Boolean getBasicConfigurationBoolean(String key) {
+		return null;
+		
+	}
+
+	@Override
+	public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
+		if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) {
+			if (isIDLEscapingEnabled == null)
+				return defaultValue;
+			else
+				return isIDLEscapingEnabled;
+			
+		}
+		
+		
+		return false;
+		
+	}
 }
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
index 2a92e5f3..e4ebe433 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
@@ -133,6 +133,30 @@ public interface PVPAttributeDefinitions {
 	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108";	
 	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID;
 	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL";
+
+	public static final String EID_IDENTITY_STATUS_LEVEL_OID = "1.2.40.0.10.2.1.1.261.109";	
+	public static final String EID_IDENTITY_STATUS_LEVEL_NAME = URN_OID_PREFIX + EID_IDENTITY_STATUS_LEVEL_OID;
+	public static final String EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME = "EID-IDENTITY-STATUS-LEVEL";
+	public enum EID_IDENTITY_STATUS_LEVEL_VALUES {
+		IDENTITY("http://eid.gv.at/eID/status/identity"), 
+		TESTIDENTITY("http://eid.gv.at/eID/status/testidentity"),
+		SYSTEM("http://eid.gv.at/eID/status/system");
+		
+		private final String uri;
+		
+		private EID_IDENTITY_STATUS_LEVEL_VALUES(String uri) {
+			this.uri = uri; 
+		}
+		
+		/**
+		 * Get the URI based status identifier of an E-ID
+		 * 
+		 * @return
+		 */
+		public String getURI() {
+			return this.uri;
+		}
+	};
 	
 	public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";
 	public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID;
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
index eceec2a6..7d564b58 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
@@ -57,27 +57,35 @@ public interface IConfiguration {
 	 */
 	public String getBasicConfiguration(final String key, final String defaultValue);
 	
+	
 	/**
-	 * Get a set of configuration values from file based configuration that starts with this prefix
-	 * <br><br>
-	 * <b>Important:</b> The configuration values must be of type String! 
+	 * Get a configuration value from file based configuration
 	 * 
-	 * @param prefix Prefix of the configuration key
-	 * @return Map<String, String> without prefix, but never null
+	 * @param key configuration key 
+	 * @return configuration value as {@link Boolean.parseBoolean(value)} or <code>null</code> if key does not exist
 	 */
-	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix);
-	
+	public Boolean getBasicConfigurationBoolean(final String key);
 	
 	/**
-	 * Get a boolean value from basic MOA-ID configuration file
+	 * Get a configuration value from file based configuration
 	 * 
-	 * @param key Configuration key
-	 * @param defaultValue Default result
-	 * @return returns the value of the configuration key, or the default value if the key is not set
+	 * @param key configuration key 
+	 * @param defaultValue Default value if no value with this key is found
+	 * @return configuration value as {@link Boolean.parseBoolean(value)} or <code>defaultValue</code> if key does not exist
 	 */
-	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue);
+	public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue);
 	
 	/**
+	 * Get a set of configuration values from file based configuration that starts with this prefix
+	 * <br><br>
+	 * <b>Important:</b> The configuration values must be of type String! 
+	 * 
+	 * @param prefix Prefix of the configuration key
+	 * @return Map<String, String> without prefix, but never null
+	 */
+	public Map<String, String> getBasicConfigurationWithPrefix(final String prefix);
+		
+	/**
 	 * Get a configuration entry for a specific Service Provider 
 	 * 
 	 * @param uniqueID Unique identifier of the Service Provider
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java
new file mode 100644
index 00000000..74c84468
--- /dev/null
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java
@@ -0,0 +1,45 @@
+package at.gv.egiz.eaaf.core.api.idp;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+
+public interface IEidAuthData extends IAuthData {
+
+	/**
+	 * Get the serialized signing certificate that was used to sign the consent
+	 * 
+	 * @return
+	 */
+	byte[] getSignerCertificate();
+
+	
+	/**
+	 * Get the serialized E-ID token that can be used to validate the Identity-Link
+	 * 
+	 * @return
+	 */
+	byte[] getEIDToken();
+
+
+	/**
+	 * Get the status of the E-ID  
+	 * 
+	 * @return {@link PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES}
+	 */
+	PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus();
+	
+	
+	/**
+	 * Get the URL of the VDA EndPoint, that was used for authentication
+	 * 
+	 * @return 
+	 */
+	String getVdaEndPointUrl();
+	
+	
+	/**
+	 * Flag that mandates are used
+	 * 
+	 * @return true if mandates are used, otherwise false
+	 */
+	boolean isUseMandate();
+}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
index efeecbe5..f02b3bf6 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
@@ -30,8 +30,8 @@ public class AttributeBuilderException extends EAAFIDPException {
 
 	private static final long serialVersionUID = 1L;
 
-	public AttributeBuilderException(String msg) {
-		super(msg);
+	public AttributeBuilderException(String attrName) {
+		super("builder.12", new Object[] {attrName});
 	}
 
 }
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
index 8af806d0..7f504a5a 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
@@ -38,4 +38,9 @@ public class EAAFIDPException extends EAAFException {
 		
 	}
 
+	public EAAFIDPException(String msg, Object[] params) {
+		super(msg, params);
+		
+	}
+	
 }
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
index d87af4d1..626cbea7 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
@@ -33,10 +33,10 @@ public class UnavailableAttributeException extends AttributeBuilderException {
 	 */
 	private static final long serialVersionUID = -1114323185905118432L;
 
-	private String attributeName;
+	private final String attributeName;
 	
 	public UnavailableAttributeException(String attributeName) {
-		super("Attribute " + attributeName + " is not available.");
+		super(attributeName);
 		this.attributeName = attributeName;
 	}
 
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
index b0949cd3..dfcaaf5a 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
@@ -183,7 +183,7 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
 		//String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);		
 		final String spSpecificVDAEndpoints = null;
 		
-		final Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+		final Map<String, String> endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
 		if (StringUtils.isNotEmpty(spSpecificVDAEndpoints)) {
 			endPointMap.putAll(KeyValueUtils.convertListToMap(
 							KeyValueUtils.getListOfCSVValues(
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
index a377a4c0..5abbd543 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
@@ -100,10 +100,10 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
 				//validate signature
 				final VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(
 						sl20ReqObj, joseTools, 
-						authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
+						authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
 				
 				if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
-					if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+					if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
 						log.info("SL20 result from VDA was not valid signed");
 						throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
 				
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
new file mode 100644
index 00000000..9548d96b
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
@@ -0,0 +1,20 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
+
+import java.io.InputStream;
+import java.util.Map;
+
+/**
+ * Inject additional XML schemes into MOA-Sig
+ * 
+ * @author tlenz
+ *
+ */
+public interface ISchemaRessourceProvider {
+
+	/**
+	 * Get a Map of additional XML schemes that should be injected into MOA-Sig 
+	 * 
+	 * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme as {@link InputStream}  
+	 */
+	public Map<String, InputStream> getSchemas();
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
index fe99e328..d796c165 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -1,7 +1,11 @@
 package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.Provider;
 import java.security.Security;
+import java.util.Iterator;
+import java.util.Map.Entry;
 
 import javax.annotation.PostConstruct;
 import javax.xml.parsers.DocumentBuilder;
@@ -10,13 +14,16 @@ import javax.xml.parsers.ParserConfigurationException;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.w3c.dom.Document;
 
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider;
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException;
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.api.Configurator;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import at.gv.egovernment.moaspss.util.DOMUtils;
 import iaik.asn1.structures.AlgorithmID;
 import iaik.security.ec.provider.ECCelerate;
 import iaik.security.provider.IAIK;
@@ -25,6 +32,7 @@ public abstract class AbstractSignatureService {
 	private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
 	private static boolean isMOASigInitialized = false;
 	
+	@Autowired(required=false) ISchemaRessourceProvider[] schemas;
 	
 	@PostConstruct
 	private synchronized void initialize() throws MOASigServiceConfigurationException {
@@ -66,6 +74,30 @@ public abstract class AbstractSignatureService {
 	        	
 	        }
 	        
+	        
+	        //Inject additional XML schemes
+	        if (schemas != null && schemas.length > 0) {
+	        	log.debug("Infjecting additional XML schemes ... ");
+	        	for (final ISchemaRessourceProvider el : schemas) {
+	        		final Iterator<Entry<String, InputStream>> xmlSchemeIt = el.getSchemas().entrySet().iterator();
+	        		while (xmlSchemeIt.hasNext()) {
+						final Entry<String, InputStream> xmlDef = xmlSchemeIt.next();
+						try {
+							DOMUtils.addSchemaToPool(xmlDef.getValue(), xmlDef.getKey());
+							log.info("Inject XML scheme: {}", xmlDef.getKey());
+							
+						} catch (final IOException e) {
+							log.warn("Can NOT inject XML scheme: " + xmlDef.getKey(), e);
+							
+						}
+						
+					}	        			        		
+	        	}
+	        	
+	        } else
+	        	log.trace("No additional XML schemes to inject. Skip this feature");
+	        
+	        
 	        isMOASigInitialized = true;
 	        
 		} else
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 1608490d..ca20ce0f 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -221,12 +221,12 @@ public class SignatureVerificationService extends AbstractSignatureService imple
 			verifySignatureLocationElem.appendChild(signatureLocation);      
 	      
 			// signature manifest params
-			final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
-			requestElem_.appendChild(signatureManifestCheckParamsElem);
-			signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {				
+				final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+				requestElem_.appendChild(signatureManifestCheckParamsElem);
+				signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
 
-			//verify transformations
-			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {
+				//verify transformations			
 				final Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
 				signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
 				for (final String element : verifyTransformsInfoProfileID) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index e5cc555a..ae942318 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -62,6 +62,11 @@
 	    <artifactId>xmlsec</artifactId>
   	</dependency>
   	<dependency>
+    	<groupId>org.bouncycastle</groupId>
+    	<artifactId>bcprov-jdk15on</artifactId>
+	</dependency>
+  	
+  	<dependency>
     	<groupId>org.owasp.esapi</groupId>
     	<artifactId>esapi</artifactId>
 	</dependency>  	
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index 4ec7cf99..cbbed659 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -90,31 +90,32 @@ public class AuthenticationAction implements IAction {
 		
 	}
 		
+	@Override
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, IAuthData authData) throws ResponderErrorException {		
-		PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;
+		final PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;
 		try {
 			//get basic information 
-			PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest();
-			AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
-			EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
+			final PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest();
+			final AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
+			final EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
 		
-			AssertionConsumerService consumerService = 
+			final AssertionConsumerService consumerService = 
 					SAML2Utils.createSAMLObject(AssertionConsumerService.class);
 			consumerService.setBinding(pvpRequest.getBinding());
 			consumerService.setLocation(pvpRequest.getConsumerURL());
 				
-			DateTime date = new DateTime();		 
-			SLOInformationImpl sloInformation = new SLOInformationImpl();
-			String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());
+			final DateTime date = new DateTime();		 
+			final SLOInformationImpl sloInformation = new SLOInformationImpl();
+			final String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());
 		
 			//build Assertion
-			Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
+			final Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
 					peerEntity, date, consumerService, sloInformation);
 		
-			Response authResponse = AuthResponseBuilder.buildResponse(
+			final Response authResponse = AuthResponseBuilder.buildResponse(
 					metadataProvider, issuerEntityID, authnRequest, 
-					date, assertion, authConfig.getBasicMOAIDConfigurationBoolean(
+					date, assertion, authConfig.getBasicConfigurationBoolean(
 							CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true));
 							
 			IEncoder binding = null;
@@ -148,11 +149,11 @@ public class AuthenticationAction implements IAction {
 			 log.warn("Message Encoding exception", e);
 			throw new ResponderErrorException("pvp2.01", null, e);
 			
-		} catch (EAAFException e) {
+		} catch (final EAAFException e) {
 			 log.info("Response generation error: Msg: ", e.getMessage());
 			throw new ResponderErrorException(e.getErrorId(), e.getParams(), e);
 					
-		} catch (Exception e) {
+		} catch (final Exception e) {
 			 log.warn("Response generation error", e);
 			throw new ResponderErrorException("pvp2.01", null, e);
 			
@@ -160,11 +161,13 @@ public class AuthenticationAction implements IAction {
 		
 	}
 
+	@Override
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp) {
 		return true;
 	}
 
+	@Override
 	public String getDefaultActionName() {
 		return "PVPAuthenticationRequestAction";
 		
diff --git a/pom.xml b/pom.xml
index 9e45d6b8..39b10ea3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,7 +50,8 @@
       	<org.opensaml.version>2.6.6</org.opensaml.version>
 		<org.opensaml.xmltooling.version>1.4.6</org.opensaml.xmltooling.version>
 		<org.opensaml.openws.version>1.5.6</org.opensaml.openws.version>
-		<org.apache.santuario.xmlsec.version>2.1.2</org.apache.santuario.xmlsec.version>
+		<org.apache.santuario.xmlsec.version>2.1.3</org.apache.santuario.xmlsec.version>
+		<org.bouncycastle.bcprov-jdk15on.version>1.61</org.bouncycastle.bcprov-jdk15on.version>
 		<org.owasp.esapi.version>2.1.0.1</org.owasp.esapi.version>      	      		  		
   		<surefire.version>2.22.0</surefire.version>	
   		<org.slf4j.version>1.7.25</org.slf4j.version>
@@ -310,6 +311,12 @@
 	    		<version>${org.apache.santuario.xmlsec.version}</version>
 			</dependency>
 			<dependency>
+   			<groupId>org.bouncycastle</groupId>
+    			<artifactId>bcprov-jdk15on</artifactId>
+    			<version>${org.bouncycastle.bcprov-jdk15on.version}</version>
+			</dependency>
+			
+			<dependency>
 				<groupId>org.owasp.esapi</groupId>
     			<artifactId>esapi</artifactId>
     			<version>${org.owasp.esapi.version}</version>