summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_idp
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml14
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/pom.xml36
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java59
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java16
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java25
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java45
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml104
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml1
8 files changed, 230 insertions, 70 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml b/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml
new file mode 100644
index 00000000..855f39bd
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+ <Match>
+ <!-- allow SHA-1, because transient SubjectNameIDs should have the same pattern as bPKs -->
+ <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder"/>
+ <Method name="buildAssertion" />
+ <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" />
+ </Match>
+ <Match>
+ <!-- allow logging of SAML2 request parameters -->
+ <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol"/>
+ <Bug pattern="CRLF_INJECTION_LOGS" />
+ </Match>
+</FindBugsFilter>
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index 5c5bc687..53ffff26 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.3-SNAPSHOT</version>
+ <version>1.2.1-SNAPSHOT</version>
</parent>
<artifactId>eaaf_module_pvp2_idp</artifactId>
<name>eaaf_module_pvp2_idp</name>
@@ -17,7 +17,6 @@
<dependency>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_module_pvp2_core</artifactId>
- <version>${egiz.eaaf.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
@@ -32,11 +31,6 @@
<!-- Testing -->
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
@@ -64,31 +58,15 @@
<build>
<finalName>eaaf_module_pvp2_idp</finalName>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <version>3.7.0</version>
- <configuration>
- <source>1.8</source>
- <target>1.8</target>
- </configuration>
- </plugin>
-
- <!-- enable co-existence of testng and junit -->
+ <plugins>
<plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>${surefire.version}</version>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ <version>${spotbugs-maven-plugin.version}</version>
<configuration>
- <threadCount>1</threadCount>
+ <failOnError>true</failOnError>
+ <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>
</configuration>
- <dependencies>
- <dependency>
- <groupId>org.apache.maven.surefire</groupId>
- <artifactId>surefire-junit47</artifactId>
- <version>${surefire.version}</version>
- </dependency>
- </dependencies>
</plugin>
</plugins>
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index 1e42ac9c..2e30dcd9 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -44,6 +44,7 @@ import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.Assert;
import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
@@ -78,6 +79,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import lombok.Setter;
public abstract class AbstractPvp2XProtocol extends AbstractController implements IModulInfo {
private static final Logger log = LoggerFactory.getLogger(AbstractPvp2XProtocol.class);
@@ -88,12 +90,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
@Autowired(required = true)
protected IPvp2BasicConfiguration pvpBasicConfiguration;
@Autowired(required = true)
- protected IPvp2MetadataProvider metadataProvider;
- @Autowired(required = true)
protected SamlVerificationEngine samlVerificationEngine;
@Autowired(required = false)
protected List<IAuthnRequestPostProcessor> authRequestPostProcessors;
+ /**
+ * SAML2 metadata provider that should be used in this component.
+ */
+ @Setter
+ protected IPvp2MetadataProvider metadataProvider;
+
private IPvp2CredentialProvider pvpIdpCredentials;
/**
@@ -124,7 +130,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
final StatusCode statusCode = Saml2Utils.createSamlObject(StatusCode.class);
final StatusMessage statusMessage = Saml2Utils.createSamlObject(StatusMessage.class);
- String moaError = null;
+ String internalErrorCode = null;
if (e instanceof NoPassivAuthenticationException) {
statusCode.setValue(StatusCode.NO_PASSIVE);
@@ -144,30 +150,37 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
final String statusMessageValue = ex.getStatusMessageValue();
if (statusMessageValue != null) {
statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
+
}
- moaError = statusMessager.mapInternalErrorToExternalError(ex.getErrorId());
+
+ internalErrorCode = ex.getErrorId();
} else {
statusCode.setValue(StatusCode.RESPONDER);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
- moaError = statusMessager.getResponseErrorCode(e);
+ internalErrorCode = statusMessager.getResponseErrorCode(e);
+
}
- if (StringUtils.isNotEmpty(moaError)) {
- final StatusCode moaStatusCode = Saml2Utils.createSamlObject(StatusCode.class);
- moaStatusCode.setValue(moaError);
- statusCode.setStatusCode(moaStatusCode);
+ //set external sub-statusCode if one was selected
+ if (StringUtils.isNotEmpty(internalErrorCode)) {
+ final StatusCode externalStatusCode = Saml2Utils.createSamlObject(StatusCode.class);
+ externalStatusCode.setValue(
+ statusMessager.mapInternalErrorToExternalError(internalErrorCode));
+ statusCode.setStatusCode(externalStatusCode);
+
}
- status.setStatusCode(statusCode);
+ //set status-message if availabe
if (statusMessage.getMessage() != null) {
status.setStatusMessage(statusMessage);
- }
- samlResponse.setStatus(status);
- final String remoteSessionID = Saml2Utils.getSecureIdentifier();
- samlResponse.setID(remoteSessionID);
-
+
+ }
+ status.setStatusCode(statusCode);
+ samlResponse.setStatus(status);
+ samlResponse.setID(Saml2Utils.getSecureIdentifier());
samlResponse.setIssueInstant(Instant.now());
+
final Issuer nissuer = Saml2Utils.createSamlObject(Issuer.class);
nissuer.setValue(pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl()));
nissuer.setFormat(NameIDType.ENTITY);
@@ -176,13 +189,13 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
IEncoder encoder = null;
if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
+ encoder = applicationContext.getBean("PvpRedirectBinding", RedirectBinding.class);
} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
+ encoder = applicationContext.getBean("PvpPostBinding", PostBinding.class);
} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
- encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
+ encoder = applicationContext.getBean("PvpSoapBinding", SoapBinding.class);
}
if (encoder == null) {
@@ -263,7 +276,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
pendingReq.getUniqueTransactionIdentifier());
}
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {e.getMessage()});
} catch (final Pvp2Exception e) {
final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
@@ -337,7 +350,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
pendingReq.getUniqueTransactionIdentifier());
}
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {e.getMessage()});
} catch (final Pvp2Exception e) {
final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
@@ -555,11 +568,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
@PostConstruct
private void verifyInitialization() {
- if (pvpIdpCredentials == null) {
- log.error("No SAML2 credentialProvider injected!");
- throw new RuntimeException("No SAML2 credentialProvider injected!");
+ Assert.notNull(metadataProvider, "No SAML2 MetadataProvider injected!");
+ Assert.notNull(pvpIdpCredentials, "No SAML2 credentialProvider injected!");
- }
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index 91e92d63..a3c6cb5d 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -36,6 +36,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
+import org.springframework.util.Assert;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAction;
@@ -57,14 +58,13 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import lombok.Setter;
@Service("PVPAuthenticationRequestAction")
public class AuthenticationAction implements IAction {
private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class);
@Autowired(required = true)
- private IPvp2MetadataProvider metadataProvider;
- @Autowired(required = true)
ApplicationContext springContext;
@Autowired(required = true)
IConfiguration authConfig;
@@ -75,6 +75,12 @@ public class AuthenticationAction implements IAction {
@Autowired(required = true)
IRevisionLogger revisionsLogger;
+ /**
+ * SAML2 metadata provider that should be used in this component.
+ */
+ @Setter
+ protected IPvp2MetadataProvider metadataProvider;
+
private IPvp2CredentialProvider pvpIdpCredentials;
/**
@@ -169,11 +175,9 @@ public class AuthenticationAction implements IAction {
@PostConstruct
private void verifyInitialization() {
- if (pvpIdpCredentials == null) {
- log.error("No SAML2 credentialProvider injected!");
- throw new RuntimeException("No SAML2 credentialProvider injected!");
+ Assert.notNull(metadataProvider, "No SAML2 MetadataProvider injected!");
+ Assert.notNull(pvpIdpCredentials, "No SAML2 credentialProvider injected!");
- }
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
index df5c15f8..cab14a5d 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
@@ -157,10 +157,6 @@ public class AuthenticationActionTest {
return null;
}
- @Override
- public String getFormatedDateOfBirth() {
- return DateFormatUtils.format(getDateOfBirth(), "yyyy-MM-dd");
- }
@Override
public String getFamilyName() {
@@ -184,13 +180,7 @@ public class AuthenticationActionTest {
public String getEidasQaaLevel() {
return EaafConstants.EIDAS_LOA_LOW;
}
-
- @Override
- public Date getDateOfBirth() {
- return new Date();
-
- }
-
+
@Override
public String getCiticenCountryCode() {
// TODO Auto-generated method stub
@@ -221,6 +211,19 @@ public class AuthenticationActionTest {
public Date getAuthenticationIssueInstant() {
return new Date();
}
+
+ @Override
+ public String getDateOfBirth() {
+ return RandomStringUtils.randomNumeric(4) + "-" + RandomStringUtils.randomNumeric(2) + "-"
+ + RandomStringUtils.randomNumeric(2);
+
+ }
+
+ @Override
+ public String getDateOfBirthFormated(String pattern) {
+ // TODO Auto-generated method stub
+ return null;
+ }
};
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
index 799002ed..f2df5e8d 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
@@ -61,6 +61,51 @@ public class AuthnResponseBuilderTest {
}
@Test
+ public void plainAssertion() throws InvalidAssertionEncryptionException, Pvp2MetadataException,
+ XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException {
+ final String issuerEntityID = RandomStringUtils.randomAlphabetic(15);
+
+ final IPvp2MetadataProvider metadataProvider =
+ metadataResolverFactory.createMetadataProvider(
+ "classpath:/data/pvp_metadata_junit_keystore_without_enc.xml", null, "jUnit metadata resolver", null);
+
+ final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+ authnReq.setID("_" + RandomStringUtils.randomAlphanumeric(10));
+
+ final Assertion assertion = (Assertion) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml"));
+
+ //build response
+ final Instant now = Instant.now();
+ final Response response = AuthResponseBuilder.buildResponse(
+ metadataProvider, issuerEntityID, authnReq,
+ now, assertion, authConfig);
+
+
+ //validate
+ Assert.assertNotNull("SAML2 response is null", response);
+ Assert.assertFalse("Assertion is empty", response.getAssertions().isEmpty());
+ Assert.assertEquals("# assertions wrong", 1, response.getAssertions().size());
+
+ Assert.assertNotNull("Enc. assertion is null", response.getEncryptedAssertions());
+ Assert.assertTrue("Enc. assertion is not empty", response.getEncryptedAssertions().isEmpty());
+
+ Assert.assertEquals("InResponseTo", authnReq.getID(), response.getInResponseTo());
+ Assert.assertEquals("Issuer EntityId", issuerEntityID, response.getIssuer().getValue());
+ Assert.assertNotNull("ResponseId is null", response.getID());
+ Assert.assertFalse("ResponseId is emptry", response.getID().isEmpty());
+
+ final Element responseElement = XMLObjectSupport.getMarshaller(response).marshall(response);
+ final String xmlResp = DomUtils.serializeNode(responseElement);
+ Assert.assertNotNull("XML response is null", xmlResp);
+ Assert.assertFalse("XML response is empty", xmlResp.isEmpty());
+
+ }
+
+ @Test
public void encryptedAssertion() throws InvalidAssertionEncryptionException, Pvp2MetadataException,
XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException {
final String issuerEntityID = RandomStringUtils.randomAlphabetic(15);
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml
new file mode 100644
index 00000000..fb6e1d94
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2045-02-05T06:41:42.966Z">
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <ds:Reference URI="#_2e23ca9b2ba4dc9eef15187830d07ff0">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <ds:DigestValue>Jy/c0ZvVJSfWzSoAcxDx/o+T5W61vvNJNqTFz2o+ILc=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>chMxIdwrPvr78j3oTtgS7udbydy9kye1bbeQ4jm2GeFKUfxvJqY+vt9MjVnWFeR4c16gd80BjZJ6xxD5i5Ifci3YtxeKSxq0ttH/xZYEhJZkD/0NrGUhSvNV9zuLAz3uGk/LJ+2JxRq7dbnW4n9MtGuYhea8OW9/Pr1xI1KyskQS76NZDsGjjfnFWbFXahLoQZULU4Ke3SfZVqLATTn0J34RZnjNH3QieY3LhRzOVu/I5yeZtnLgUS6dg0Gab9DA/pdNFaC632iaE5QCXJmhgpqkjbkayO9e8N93YGFjbszhU1Kws5OUGjXjfCZwezLeOUZoKEfo5c+4+zEaTrEQjg==</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W
+ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w
+CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ
+RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq
+UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+
+M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F
+Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt
+1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq
+nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC
+VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq
+itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc
+2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O
+fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy
+4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJB
+VDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFk
+YXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMC
+QVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRh
+ZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYA
+O5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6H
+rp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+
+WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7
+/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONb
+f+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3l
+PIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9
+YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NX
+zh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWS
+YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW
+9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZi
+purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A==</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN
+MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw
+HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN
+MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC
+LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG
+SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh
+ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/>
+ <md:AttributeConsumingService index="0" isDefault="true">
+ <md:ServiceName xml:lang="en">Default Service</md:ServiceName>
+ <md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ </md:AttributeConsumingService>
+ </md:SPSSODescriptor>
+ <md:Organization>
+ <md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName>
+ <md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName>
+ <md:OrganizationURL xml:lang="de">http://www.egiz.gv.at</md:OrganizationURL>
+ </md:Organization>
+ <md:ContactPerson contactType="technical">
+ <md:Company>E-Government Innovationszentrum</md:Company>
+ <md:GivenName>Lenz</md:GivenName>
+ <md:SurName>Thomas</md:SurName>
+ <md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress>
+ <md:TelephoneNumber>+43 316 873 5525</md:TelephoneNumber>
+ </md:ContactPerson>
+</md:EntityDescriptor>
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml
index 2bddd629..760f290e 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml
@@ -38,6 +38,7 @@
<bean id="PVPAuthenticationRequestAction"
class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
<property name="pvpIdpCredentials" ref="dummyCredentialProvider" />
+ <property name="metadataProvider" ref="dummyChainingMetadataResolver" />
</bean>
<bean id="pvpMetadataService"