some updates and bugfixes

10 files changed, 111 insertions, 70 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
index 620018ad..4c145fbc 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
@@ -100,7 +100,7 @@ public interface IRequest {
 	 * @param key The specific identifier of the request-data object
 	 * @return The request-data object or null if no data is found with this key
 	 */
-	public Object getGenericData(String key);
+	public Object getRawData(String key);
 	
 	/**
 	 * Returns a generic request-data object with is stored with a specific identifier 
@@ -109,7 +109,7 @@ public interface IRequest {
 	 * @param clazz The class type which is stored with this key
 	 * @return The request-data object or null if no data is found with this key
 	 */
-	public <T> T getGenericData(String key, final Class<T> clazz);
+	public <T> T getRawData(String key, final Class<T> clazz);
 	
 	/** 
 	 * Store a generic data-object into pending request with a specific identifier
@@ -118,7 +118,7 @@ public interface IRequest {
 	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
 	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
 	 */
-	public void setGenericDataToSession(String key, Object object) throws EAAFStorageException;
+	public void setRawDataToTransaction(String key, Object object) throws EAAFStorageException;
 
 	/** 
 	 * Store generic data-objects into pending request with specific identifiers
@@ -126,16 +126,15 @@ public interface IRequest {
 	 * @param map Map with Identifiers and values
 	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
 	 */
-	public void setGenericDataToSession(Map<String, Object> map) throws EAAFStorageException;
-	
-	
-	
+	public void setRawDataToTransaction(Map<String, Object> map) throws EAAFStorageException;
+		
 	/**
-	 * Get the internal dataStorage map
+	 * Wrap the internal dataStorage map into a DAO
 	 * 
-	 * @return read-only map of data stored to this pending request
+	 * @param wrapper DOA to access SessionData
+	 * @return
 	 */
-	public Map<String, Object> genericFullDataStorage();
+	public <T> T getSessionData(Class<T> wrapper);
 	
 	/**
 	 * Hold the identifier of this request object. 
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
index a4734e66..1fb4bf6b 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
@@ -236,7 +236,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa
 			log.debug("Find SSL-client-certificate on request --> Add it to context");
 			executionContext.put(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, 
 					((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
-			pendingReq.setGenericDataToSession(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, 
+			pendingReq.setRawDataToTransaction(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, 
 					((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
 			
 		}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index 94d9a810..c095135d 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -440,16 +440,16 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
 	 */
 	private String getbPKTypeFromPVPAttribute(IAuthProcessDataContainer session) {
 		String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); 
-		if (StringUtils.isNotEmpty(pvpbPKTypeAttr)) {
-			
-			//fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations
-			if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && 
-					!pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), 
-							EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) {				
-				log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... ");
-				pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); 
-				
-			}
+		
+		if (StringUtils.isNotEmpty(pvpbPKTypeAttr)) {			
+//			//fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations
+//			if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && 
+//					!pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), 
+//							EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) {				
+//				log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... ");
+//				pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); 
+//				
+//			}
 			log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
 			return pvpbPKTypeAttr;
 		}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
index a453a8a3..7d59f043 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
@@ -27,6 +27,7 @@
 package at.gv.egiz.eaaf.core.impl.idp.controller.protocols;
 
 import java.io.Serializable;
+import java.lang.reflect.InvocationTargetException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.Date;
@@ -48,6 +49,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
@@ -141,7 +143,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		
 		//set requester's IP address
 		try {
-			setGenericDataToSession(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr());
+			setRawDataToTransaction(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr());
 			
 		} catch (EAAFStorageException e) {
 			log.info("Can NOT store remote IP address into 'pendingRequest'." , e);
@@ -215,11 +217,31 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		this.internalSSOSessionId = internalSSOSessionId;
 		
 	}
-	
+		
 	@Override
-	public final Map<String, Object> genericFullDataStorage() {
-		return this.genericDataStorage;
+	public final <T> T getSessionData(final Class<T> wrapper) {
+		if (wrapper != null) {
+			if (AuthProcessDataWrapper.class.isAssignableFrom(wrapper)) {
+				try {					
+					return wrapper.getConstructor(Map.class).newInstance(this.genericDataStorage);
+					
+				} catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException 
+						| IllegalArgumentException | InvocationTargetException e) {
+					log.error("Can NOT instance wrapper: " + wrapper.getName(), e);
+					
+				}
+				
+			}
+			
+			log.error("Can NOT wrap generic data into session data. "
+					+ "Reason: Wrapper " + wrapper.getName() + " is NOT a valid wrapper");
+			throw new RuntimeException("Can NOT wrap generic data into session data. "
+					+ "Reason: Wrapper " + wrapper.getName() + " is NOT a valid wrapper");
+			
+		}
 		
+		return null;
+				
 	}
 	
 	@Override
@@ -346,7 +368,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	}
 	
 	@Override
-	public final Object getGenericData(String key) {
+	public final Object getRawData(String key) {
 		if (StringUtils.isNotEmpty(key)) {
 			return genericDataStorage.get(key);
 			
@@ -357,7 +379,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	}
 	
 	@Override
-	public final <T> T getGenericData(String key, final Class<T> clazz) {
+	public final <T> T getRawData(String key, final Class<T> clazz) {
 		if (StringUtils.isNotEmpty(key)) {
 			Object data =  genericDataStorage.get(key);
 			
@@ -383,13 +405,13 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	}
 	
 	@Override
-	public final void setGenericDataToSession(String key, Object object) throws EAAFStorageException {
+	public final void setRawDataToTransaction(String key, Object object) throws EAAFStorageException {
 		if (StringUtils.isEmpty(key)) {
 			log.info("Generic request-data can not be stored with a 'null' key");
 			throw new EAAFStorageException("Generic request-data can not be stored with a 'null' key", null);
 			
 		}
-		
+				
 		if (object != null) {
 			if (!Serializable.class.isInstance(object)) {
 				log.warn("Generic request-data can only store objects which implements the 'Seralizable' interface");
@@ -408,7 +430,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	}
 	
 	@Override
-	public final void setGenericDataToSession(Map<String, Object> map) throws EAAFStorageException {
+	public final void setRawDataToTransaction(Map<String, Object> map) throws EAAFStorageException {
 		if (map == null) {
 			log.info("Generic request-data can not be stored with a 'null' map");
 			throw new EAAFStorageException("Generic request-data can not be stored with a 'null' map", null);
@@ -417,7 +439,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		
 		//validate and store values
 		for (Entry<String, Object> el : map.entrySet())
-			setGenericDataToSession(el.getKey(), el.getValue());
+			setRawDataToTransaction(el.getKey(), el.getValue());
 					
 	}
 		
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
index f458c142..a7bd8f81 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
@@ -40,14 +40,13 @@ import java.net.URI;
 import java.net.URL;
 
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-/**
- * Utility for accessing files on the file system, and for reading from input streams.
- * @author Paul Ivancsics
- * @version $Id$
- */
 public class FileUtils {
-  
+	private static final Logger log = LoggerFactory.getLogger(FileUtils.class);
+	
+	
   /**
    * Reads a file, given by URL, into a byte array.
    * @param urlString file URL
@@ -112,6 +111,8 @@ public class FileUtils {
 	public static String makeAbsoluteURL(String url, String root) {
 		//if url is relative to rootConfigFileDirName make it absolute 					
 		
+		log.trace("Making AbsoluteURL URL: " + url + " Root-Path: " + root);
+		
 		if (StringUtils.isEmpty(root))
 			root = null;
 		
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
index b190bfba..2504d8f1 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
@@ -36,6 +36,8 @@ import org.apache.commons.lang3.ArrayUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder;
+
 
 /**
  * Random number generator used to generate ID's
@@ -60,15 +62,7 @@ public class Random {
 			
 		} catch (NoSuchAlgorithmException e) {
 			log.warn("Can NOT initialize SecureRandom with: 'SHA256PRNG-FIPS186'. Use 'StrongSecureRandom' as backup");
-
-			try {
-				random = SecureRandom.getInstanceStrong();
-				
-			} catch (NoSuchAlgorithmException e1) {
-				log.error("Can NOT initialize SecureRandom. StartUp process FAILED!");
-				throw new RuntimeException("Can NOT initialize SecureRandom. StartUp process FAILED!", e);
-				
-			}
+			random = SecureRandomHolder.getInstance();
 			
 		}
 		
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java
index a3812816..b1f53db3 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java
@@ -26,12 +26,14 @@
  *******************************************************************************/
 package at.gv.egiz.eaaf.core.impl.idp.module.test;
 
+import java.lang.reflect.InvocationTargetException;
 import java.util.HashMap;
 import java.util.Map;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 
 /**
  * @author tlenz
@@ -83,7 +85,7 @@ public class TestRequestImpl implements IRequest {
 	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String)
 	 */
 	@Override
-	public Object getGenericData(String key) {
+	public Object getRawData(String key) {
 		return storage.get(key);
 	}
 
@@ -91,7 +93,7 @@ public class TestRequestImpl implements IRequest {
 	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String, java.lang.Class)
 	 */
 	@Override
-	public <T> T getGenericData(String key, Class<T> clazz) {
+	public <T> T getRawData(String key, Class<T> clazz) {
 		return (T)storage.get(key);
 	}
 
@@ -218,14 +220,9 @@ public class TestRequestImpl implements IRequest {
 	}
 
 	@Override
-	public void setGenericDataToSession(Map<String, Object> map) throws EAAFStorageException {
+	public void setRawDataToTransaction(Map<String, Object> map) throws EAAFStorageException {
 		storage.putAll(map);
-		
-	}
-
-	@Override
-	public Map<String, Object> genericFullDataStorage() {
-		return storage;
+		 
 	}
 
 	@Override
@@ -270,7 +267,7 @@ public class TestRequestImpl implements IRequest {
 	}
 
 	@Override
-	public void setGenericDataToSession(String key, Object object) throws EAAFStorageException {
+	public void setRawDataToTransaction(String key, Object object) throws EAAFStorageException {
 		storage.put(key, object);
 		
 	}
@@ -278,6 +275,29 @@ public class TestRequestImpl implements IRequest {
 	public void setSpConfig(ISPConfiguration spConfig) {
 		this.spConfig = spConfig;
 	}
+
+	@Override
+	public <T> T getSessionData(Class<T> wrapper) {
+		if (wrapper != null) {
+			if (AuthProcessDataWrapper.class.isAssignableFrom(wrapper)) {
+				try {					
+					return wrapper.getConstructor(Map.class).newInstance(this.storage);
+					
+				} catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException 
+						| IllegalArgumentException | InvocationTargetException e) {
+					throw new RuntimeException("Can NOT instance wrapper: " + wrapper.getName(), e);
+					
+				}
+				
+			}
+			
+			throw new RuntimeException("Can NOT wrap generic data into session data. "
+					+ "Reason: Wrapper " + wrapper.getName() + " is NOT a valid wrapper");
+			
+		}
+		
+		return null;
+	}
 	
 	
 	
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
index 1621aa84..2bb2cb10 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
@@ -28,6 +28,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
 
 import java.util.List;
 
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -82,6 +83,10 @@ public class QAALevelVerifier {
 	}		
 	
 	public static void verifyQAALevel(String qaaAuth, List<String> requiredLoAs, String matchingMode) throws QAANotAllowedException {
+		log.trace("Starting LoA verification: authLoA: " + qaaAuth 
+				+ " requiredLoA: " + StringUtils.join(requiredLoAs, "|") 
+				+ " matchingMode: " + matchingMode);
+		
 		boolean hasMatch = false;
 		for (String loa : requiredLoAs) {
 			if (verifyQAALevel(qaaAuth, loa, matchingMode))
@@ -90,7 +95,7 @@ public class QAALevelVerifier {
 		}		
 		
 		if (!hasMatch)
-			throw new QAANotAllowedException(qaaAuth, requiredLoAs.toArray().toString(), matchingMode);
+			throw new QAANotAllowedException(qaaAuth, StringUtils.join(requiredLoAs, "|"), matchingMode);
 		
 		else
 			log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... ");
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index 32c2cce7..b6e00709 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -139,17 +139,17 @@ public class AuthenticationAction implements IAction {
 			sloInformation.setProtocolType(req.requestedModule());
 			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
 			return sloInformation;
-			
-		} catch (MessageEncodingException e) {
-			 log.error("Message Encoding exception", e);
-			throw new ResponderErrorException("pvp2.01", null, e);
-			
-		} catch (SecurityException e) {
-			 log.error("Security exception", e);
+						
+		} catch (MessageEncodingException  | SecurityException e) {
+			 log.warn("Message Encoding exception", e);
 			throw new ResponderErrorException("pvp2.01", null, e);
 			
 		} catch (EAAFException e) {
-			 log.error("Response generation error", e);
+			 log.info("Response generation error: Msg: ", e.getMessage());
+			throw new ResponderErrorException(e.getErrorId(), e.getParams(), e);
+					
+		} catch (Exception e) {
+			 log.warn("Response generation error", e);
 			throw new ResponderErrorException("pvp2.01", null, e);
 			
 		}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java
index 5ef112dd..d049aeb3 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java
@@ -156,7 +156,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
 			
 			//get matching mode from authn. request
 			String loaMatchingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
-			if (StringUtils.isNotEmpty(reqAuthnContext.getComparison().toString()))
+			if (reqAuthnContext.getComparison() != null && 
+					StringUtils.isNotEmpty(reqAuthnContext.getComparison().toString()))
 				loaMatchingMode = reqAuthnContext.getComparison().toString();
 						
 			//get requested LoAs
@@ -172,7 +173,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 									
 					if (!qaa_uri.trim().startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) {
 						if (loaLevelMapper != null) {
-							log.debug("Find no eIDAS LoA. Start mapping process ... " );
+							log.debug("Find no eIDAS LoA in AuthnReq. Start mapping process ... " );
 							eIDASLoaFromRequest.add(loaLevelMapper.mapToeIDASLoA(qaa_uri.trim()));
 							
 						} else
@@ -356,14 +357,13 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		SubjectConfirmationData subjectConfirmationData = SAML2Utils
 				.createSAMLObject(SubjectConfirmationData.class);
 		subjectConfirmationData.setInResponseTo(authnRequest.getID());
-		subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
-//		subjectConfirmationData.setNotBefore(date);
+		subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));		
 		
 		//set 'recipient' attribute in subjectConformationData 
 		subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
 		
 		//set IP address of the user machine as 'Address' attribute in subjectConformationData 
-		String usersIPAddress = pendingReq.getGenericData(
+		String usersIPAddress = pendingReq.getRawData(
 				RequestImpl.DATAID_REQUESTER_IP_ADDRESS, String.class);
 		if (StringUtils.isNotEmpty(usersIPAddress))
 			subjectConfirmationData.setAddress(usersIPAddress);