Merge branch 'connector_update_SZRv4' into 'nightlybuild'

Integration of E-ID functionality

See merge request egiz/eidas_at_proxy!1

7 files changed, 438 insertions, 107 deletions

diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java
new file mode 100644
index 00000000..be9f8862
--- /dev/null
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.connector.attributes;
+
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME;
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata;
+
+
+@PvpMetadata
+public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder {
+
+  @Override
+  public String getName() {
+    return EID_AUTHBLOCK_SIGNED_NAME;
+  }
+
+  @Override
+  public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
+                         final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+    String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);
+    if (StringUtils.isNotEmpty(authBlock)) {
+      return g.buildStringAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME, authBlock);
+
+    } else {
+      throw new UnavailableAttributeException(EID_AUTHBLOCK_SIGNED_NAME);
+    }
+
+  }
+
+  @Override
+  public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+    return g.buildEmptyAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME);
+  }
+
+}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java
new file mode 100644
index 00000000..a4fe8c6c
--- /dev/null
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.connector.attributes;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata;
+import org.apache.commons.lang3.StringUtils;
+
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME;
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME;
+
+@PvpMetadata
+public class EidasBindAttributeBuilder implements IPvpAttributeBuilder {
+
+
+  @Override
+  public String getName() {
+    return EID_EIDBIND_NAME;
+  }
+
+  @Override
+  public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
+                         final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+    String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class);
+    if (StringUtils.isNotEmpty(eidasBind)) {
+      return g.buildStringAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME, eidasBind);
+
+    } else {
+      throw new UnavailableAttributeException(EID_EIDBIND_NAME);
+    }
+
+  }
+
+  @Override
+  public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+    return g.buildEmptyAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME);
+  }
+
+}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
index b14faa62..13cceafb 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
@@ -19,7 +19,7 @@
  * file for details on the various modules and licenses.
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
 
 package at.asitplus.eidas.specific.connector.builder;
 
@@ -54,30 +54,35 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
   public IAuthData buildAuthenticationData(IRequest pendingReq) throws EaafAuthenticationException {
 
     final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
-    final AuthenticationData authData = new AuthenticationData();
+    AuthenticationData authData = new AuthenticationData();
 
-    try {
-      generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
+    boolean isEidModeNew = pendingReq.getServiceProviderConfiguration()
+        .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false);
 
-      // set specific informations
-      authData.setSsoSessionValidTo(new Date(new Date().getTime()
-          + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+    if (isEidModeNew) {
+      authData = (AuthenticationData) super.buildAuthenticationData(pendingReq);
+    } else {
+      try {
+        generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
 
-    } catch (EaafBuilderException | EaafParserException | EaafConfigurationException
-        | XPathException | DOMException e) {
-      log.warn("Can not build authentication data from auth. process information");
-      throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e);
+        // set specific informations
+        authData.setSsoSessionValidTo(
+            new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
 
-    }
+      } catch (EaafBuilderException | EaafParserException
+          | EaafConfigurationException | XPathException | DOMException e) {
+        log.warn("Can not build authentication data from auth. process information");
+        throw new EaafAuthenticationException("builder.11", new Object[]{e.getMessage()}, e);
 
+      }
+    }
     return authData;
-
   }
 
   @Override
   protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EaafException {
     return new AuthenticationData();
-    
+
   }
 
   @Override
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
index 651b7b78..8dbb74c7 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
@@ -173,4 +173,11 @@ public class PvpMetadataProvider extends AbstractChainingMetadataProvider {
     return "Service-provider chainging metadata provider";
     
   }
+  
+  @Override
+  public void doDestroy() {
+    this.fullyDestroy();
+    
+  }
+
 }
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index 26176c49..a9eb06be 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -46,11 +46,13 @@ import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
 import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
@@ -107,120 +109,179 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       }
 
       // post-process requested LoA
-      final List<String> reqLoA = extractLoA(authnReq);
-      log.trace("SP requests LoA with: {}", String.join(", ",reqLoA));
+      postprocessLoaLevel(pendingReq, authnReq);
+
+      // post-process requested LoA comparison-level
+      pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
+          extractComparisonLevel(authnReq));
+      
+      //extract information from requested attributes
+      extractFromRequestedAttriutes(pendingReq, authnReq);
       
-      LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
-          MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
-          EaafConstants.EIDAS_LOA_HIGH));
-      if (minimumLoAFromConfig == null) {
-        log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default",
-            EaafConstants.EIDAS_LOA_HIGH);
-        minimumLoAFromConfig = LevelOfAssurance.HIGH;
+    } catch (final EaafStorageException e) {
+      log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
+      throw new AuthnRequestValidatorException("internal.02", null, e);
 
-      }
-            
-      log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
-          minimumLoAFromConfig);      
-      final List<String> allowedLoA = new ArrayList<>();
-      for (final String loa : reqLoA) {
-        try {
-          final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
-          String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
-          if (intLoa != null 
-              && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
-            log.info("Client: {} requested LoA: {} will be upgraded to: {}",
-                pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
-                loa,
-                minimumLoAFromConfig);
-            selectedLoA = minimumLoAFromConfig.getValue();
+    }
 
-          }
+  }
 
-          if (!allowedLoA.contains(selectedLoA)) {
-            log.debug("Allow LoA: {} for Client: {}",
-                selectedLoA,
-                pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
-            allowedLoA.add(selectedLoA);
+  private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) 
+      throws AuthnRequestValidatorException {
+    // validate and process requested attributes
+    boolean sectorDetected = false;
+    
+    final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
+        ServiceProviderConfiguration.class);
+    
+    if (authnReq.getExtensions() != null) {
+      final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
+      for (final XMLObject reqAttrObj : requestedAttributes) {
+        if (reqAttrObj instanceof EaafRequestedAttributes) {
+          final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj;
+          if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) {
+            for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
+              log.trace("Processing req. attribute '" + el.getName() + "' ... ");
+              if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+                sectorDetected = extractBpkTargetIdentifier(el, spConfig); 
+               
+              } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) {
+                extractUniqueTransactionId(el, pendingReq);
+                
+              } else {
+                log.debug("Ignore req. attribute: " + el.getName());
+                
+              }
+            }
 
+          } else {
+            log.debug("No requested Attributes in Authn. Request");
+            
           }
 
-        } catch (final IllegalArgumentException e) {
-          log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa);
-
+        } else {
+          log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
+          
         }
-
       }
+    }
+    
+    if (!sectorDetected) {
+      log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
+      throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
+          "NO or NO VALID target-sector information" });
 
-      pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
-          allowedLoA);
+    }
+    
+  }
 
-      // post-process requested LoA comparison-level
-      final String reqLoAComperison = extractComparisonLevel(authnReq);
-      pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
-          reqLoAComperison);
+  /**
+   * Extract unique transactionId from AuthnRequest.
+   * 
+   * @param el Requested attribute from AuthnRequest
+   * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl})
+   * @return <code>true</code> if transactionId extraction was successful, otherwise <code>false</code>
+   */
+  private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) {
+    if (!(pendingReq instanceof RequestImpl)) {
+      log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
+          RequestImpl.class.getName());
+      
+    } else {        
+      if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+        final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();      
+        ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId);      
+        return true;
 
-      // validate and process requested attributes
-      boolean sectorDetected = false;
+      } else {
+        log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", 
+            el.getName());
+        
+      }
       
-      if (authnReq.getExtensions() != null) {
-        final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
-        for (final XMLObject reqAttrObj : requestedAttributes) {
-          if (reqAttrObj instanceof EaafRequestedAttributes) {
-            final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj;
-            if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) {
-              for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
-                log.trace("Processing req. attribute '" + el.getName() + "' ... ");
-                if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
-                  if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
-                    final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
-                    final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
-                        ServiceProviderConfiguration.class);
-  
-                    try {
-                      spConfig.setBpkTargetIdentifier(sectorId);
-                      sectorDetected = true;
-  
-                    } catch (final EaafException e) {
-                      log.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: "
-                          + spConfig.getUniqueIdentifier());
-                    }
-  
-                  } else {
-                    log.info("Req. attribute '" + el.getName()
-                        + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
-                  }
-  
-                } else {
-                  log.debug("Ignore req. attribute: " + el.getName());
-                }
-  
-              }
-  
-            } else {
-              log.debug("No requested Attributes in Authn. Request");
-            }
-  
-          } else {
-            log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
-          }
+    }
+    
+    return false;
+  }
+
+  /**
+   * Extract the bPK target from requested attribute.
+   * 
+   * @param el Requested attribute from AuthnRequest
+   * @param spConfig Service-Provider configuration for current process
+   * @return <code>true</code> if bPK target extraction was successful, otherwise <code>false</code>
+   */
+  private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) {        
+    if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+      final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();      
+      try {
+        spConfig.setBpkTargetIdentifier(sectorId);
+        return true;
+
+      } catch (final EaafException e) {
+        log.warn("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: "
+            + spConfig.getUniqueIdentifier());
+      }
+
+    } else {
+      log.warn("Req. attribute '" + el.getName()
+          + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
+    }
+    
+    return false;
+    
+  }
   
+  private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) 
+      throws AuthnRequestValidatorException {
+    final List<String> reqLoA = extractLoA(authnReq);
+    log.trace("SP requests LoA with: {}", String.join(", ",reqLoA));
+    
+    LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
+        MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
+        EaafConstants.EIDAS_LOA_HIGH));
+    if (minimumLoAFromConfig == null) {
+      log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default",
+          EaafConstants.EIDAS_LOA_HIGH);
+      minimumLoAFromConfig = LevelOfAssurance.HIGH;
+
+    }
+          
+    log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
+        minimumLoAFromConfig);      
+    final List<String> allowedLoA = new ArrayList<>();
+    for (final String loa : reqLoA) {
+      try {
+        final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
+        String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
+        if (intLoa != null 
+            && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
+          log.info("Client: {} requested LoA: {} will be upgraded to: {}",
+              pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
+              loa,
+              minimumLoAFromConfig);
+          selectedLoA = minimumLoAFromConfig.getValue();
+
         }
-      }
 
-      if (!sectorDetected) {
-        log.info("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
-        throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
-            "NO or NO VALID target-sector information" });
+        if (!allowedLoA.contains(selectedLoA)) {
+          log.debug("Allow LoA: {} for Client: {}",
+              selectedLoA,
+              pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+          allowedLoA.add(selectedLoA);
 
-      }
+        }
 
-    } catch (final EaafStorageException e) {
-      log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
-      throw new AuthnRequestValidatorException("internal.02", null, e);
+      } catch (final IllegalArgumentException e) {
+        log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa);
+
+      }
 
     }
 
+    pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
+        allowedLoA);
+    
   }
 
   private String extractComparisonLevel(AuthnRequest authnReq) {
diff --git a/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
new file mode 100644
index 00000000..8508cc4b
--- /dev/null
+++ b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -0,0 +1,2 @@
+at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder
+at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder
diff --git a/connector/src/main/resources/SpringTest_connector.beans.xml b/connector/src/main/resources/SpringTest_connector.beans.xml
new file mode 100644
index 00000000..5cf0d5b8
--- /dev/null
+++ b/connector/src/main/resources/SpringTest_connector.beans.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xmlns:mvc="http://www.springframework.org/schema/mvc"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
+    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+  <context:annotation-config />
+  <mvc:annotation-driven />
+  <mvc:default-servlet-handler />
+
+  <bean id="WebResourceConfiguration"
+    class="at.asitplus.eidas.specific.connector.config.StaticResourceConfiguration" />
+
+  <bean id="ProcessEngineSignalController"
+    class="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" />
+
+  <bean id="MonitoringController"
+    class="at.asitplus.eidas.specific.connector.controller.MonitoringController">
+    <property name="pvpIdpCredentials">
+      <ref bean="PVPEndPointCredentialProvider" />
+    </property>
+  </bean>
+
+  <bean id="AuthenticationManager"
+    class="at.asitplus.eidas.specific.connector.auth.AuthenticationManager" />
+
+  <bean id="AuthenticationDataBuilder"
+    class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" />
+
+  <bean id="PVPEndPointConfiguration"
+    class="at.asitplus.eidas.specific.connector.config.PvpEndPointConfiguration" />
+
+  <bean id="PVPEndPointCredentialProvider"
+    class="at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider" />
+
+  <bean id="PVPMetadataConfigurationFactory"
+    class="at.asitplus.eidas.specific.connector.provider.PvpMetadataConfigurationFactory" />
+
+  <bean id="PVP2XProtocol"
+    class="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint">
+    <property name="pvpIdpCredentials">
+      <ref bean="PVPEndPointCredentialProvider" />
+    </property>
+  </bean>
+
+  <bean id="AuthnRequestValidator"
+    class="at.asitplus.eidas.specific.connector.verification.AuthnRequestValidator" />
+
+  <bean id="SAMLVerificationEngine"
+    class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine" />
+
+  <bean id="pvpMetadataService"
+    class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
+    <property name="pvpIdpCredentials">
+      <ref bean="PVPEndPointCredentialProvider" />
+    </property>
+  </bean>
+
+  <bean id="PVPAuthenticationRequestAction"
+    class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
+    <property name="pvpIdpCredentials">
+      <ref bean="PVPEndPointCredentialProvider" />
+    </property>
+  </bean>
+
+  <bean id="eaafProtocolAuthenticationService"
+    class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService">
+    <property name="guiBuilder" ref="mvcGUIBuilderImpl" />
+  </bean>
+
+  <bean id="securePendingRequestIdGeneration"
+    class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" />
+
+  <bean id="PVPMetadataProvider"
+    class="at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider" />
+
+  <bean id="PVPSubjectNameGenerator"
+    class="at.asitplus.eidas.specific.connector.builder.PvpSubjectNameGenerator" />
+
+  <bean id="LoALevelMapper"
+    class="at.asitplus.eidas.specific.connector.mapper.LoALevelMapper" />
+
+  <bean id="GUIBuilderConfigurationFactory"
+    class="at.asitplus.eidas.specific.connector.gui.GuiBuilderConfigurationFactory" />
+
+  <bean id="velocityGUIBuilderImpl"
+    class="at.asitplus.eidas.specific.connector.gui.DefaultVelocityGuiBuilderImpl" />
+
+  <bean id="mvcGUIBuilderImpl"
+    class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" />
+
+  <bean id="templateEngine"
+    class="org.thymeleaf.spring5.SpringTemplateEngine">
+    <property name="templateResolver" ref="templateResolver" />
+  </bean>
+
+  <bean class="org.thymeleaf.spring5.view.ThymeleafViewResolver">
+    <property name="order" value="2" />
+    <property name="templateEngine" ref="templateEngine" />
+    <property name="characterEncoding" value="UTF-8" />
+  </bean>
+
+  <bean id="StatusMessageProvider"
+    class="at.asitplus.eidas.specific.connector.provider.StatusMessageProvider" />
+
+  <bean id="eidasRevisionLogger"
+    class="at.asitplus.eidas.specific.connector.logger.RevisionLogger" />
+
+  <bean id="eidasStatisticLogger"
+    class="at.asitplus.eidas.specific.connector.logger.StatisticLogger" />
+
+
+  <!-- Tasks -->
+  <bean id="GenerateCountrySelectionFrameTask"
+    class="at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask"
+    scope="prototype" />
+
+  <bean id="EvaluateCountrySelectionTask"
+    class="at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask"
+    scope="prototype" />
+
+</beans>
\ No newline at end of file