aboutsummaryrefslogtreecommitdiff
path: root/modules/eidas_proxy-sevice/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main/java/at')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java7
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java297
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java34
3 files changed, 176 insertions, 162 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
index 86ca49fa..f66bb799 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
@@ -15,6 +15,7 @@ import lombok.Data;
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonPropertyOrder({
"mds",
+ "autoIncludeWithMandates",
"mandator"
})
@Data
@@ -28,6 +29,12 @@ public class Type {
private Boolean mds;
/**
+ * <code>true</code> if that attribute has to be included into eIDAS response in case of mandates.
+ */
+ @JsonProperty("autoIncludeWithMandates")
+ private Boolean autoIncludeWithMandates;
+
+ /**
* Classifie that attribute to specific mandate modes.
*/
@JsonProperty("mandator")
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 92165412..bf1c5e5f 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -1,6 +1,7 @@
package at.asitplus.eidas.specific.modules.msproxyservice.protocol;
import java.io.IOException;
+import java.util.Optional;
import java.util.UUID;
import javax.annotation.PostConstruct;
@@ -15,12 +16,11 @@ import org.springframework.context.ApplicationContext;
import org.springframework.core.io.ResourceLoader;
import org.springframework.web.util.UriComponentsBuilder;
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
-import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
@@ -69,35 +69,35 @@ public class ProxyServiceAuthenticationAction implements IAction {
@Autowired
ISpringMvcGuiFormBuilder guiBuilder;
@Autowired
- EidasAttributeRegistry attrRegistry;
+ ProxyEidasAttributeRegistry attrRegistry;
@Override
public SloInformationInterface processRequest(IRequest pendingReq, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws EaafException {
if (pendingReq instanceof ProxyServicePendingRequest) {
- try {
- ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest();
-
- //build eIDAS response
- Builder lightRespBuilder = LightResponse.builder();
+ try {
+ final ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest();
+
+ // build eIDAS response
+ final Builder lightRespBuilder = LightResponse.builder();
lightRespBuilder.id(UUID.randomUUID().toString());
lightRespBuilder.inResponseToId(eidasReq.getId());
lightRespBuilder.relayState(eidasReq.getRelayState());
-
+
lightRespBuilder.status(ResponseStatus.builder()
.statusCode(EidasConstants.SUCCESS_URI)
.build());
-
- //TODO: check if we can use transient subjectNameIds
+
+ // TODO: check if we can use transient subjectNameIds
lightRespBuilder.subject(UUID.randomUUID().toString());
lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT);
-
- //TODO:
+
+ // TODO:
lightRespBuilder.issuer(basicConfig.getBasicConfiguration(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID));
- lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
+ lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq));
-
+
// set SLO response object of EAAF framework
final SloInformationImpl sloInformation = new SloInformationImpl();
sloInformation.setProtocolType(pendingReq.requestedModule());
@@ -121,7 +121,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
-
+
@Override
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
return true;
@@ -133,28 +133,29 @@ public class ProxyServiceAuthenticationAction implements IAction {
return PROXYSERVICE_AUTH_ACTION_NAME;
}
-
/**
* Forward eIDAS Light response to eIDAS node.
- *
- * @param pendingReq Current pending request.
- * @param httpReq Current HTTP request
- * @param httpResp Current HTTP response
+ *
+ * @param pendingReq Current pending request.
+ * @param httpReq Current HTTP request
+ * @param httpResp Current HTTP response
* @param lightResponse eIDAS LightResponse
* @throws EaafConfigurationException In case of a configuration error
- * @throws IOException In case of a general error
- * @throws GuiBuildException In case of a GUI rendering error, if http POST binding is used
- * @throws ServletException In case of a general error
+ * @throws IOException In case of a general error
+ * @throws GuiBuildException In case of a GUI rendering error, if http
+ * POST binding is used
+ * @throws ServletException In case of a general error
*/
public void forwardToEidasProxy(IRequest pendingReq, HttpServletRequest httpReq,
- HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException, IOException,
+ HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException,
+ IOException,
GuiBuildException, ServletException {
// put request into shared cache
final BinaryLightToken token = putResponseInCommunicationCache(lightResponse);
final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
-
+
// select forward URL regarding the selected environment
final String forwardUrl = basicConfig.getBasicConfiguration(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL);
@@ -196,148 +197,80 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
-
- @PostConstruct
+
+ @PostConstruct
private void checkConfiguration() {
- //TODO: validate configuration on start-up
-
+ // TODO: validate configuration on start-up
+
}
-
-
- private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
+
+ private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
ILightRequest eidasReq) {
- IEidAuthData eidAuthData = (IEidAuthData) authData;
+ final IEidAuthData eidAuthData = (IEidAuthData) authData;
+ final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
+
+ // inject all requested attributres
+ injectRequestedAttributes(attributeMap, eidasReq, eidAuthData);
+
if (eidAuthData.isUseMandate()) {
log.debug("Building eIDAS Proxy-Service response with mandate ... ");
- final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
- injectRepesentativeInformation(attributeMap, eidAuthData);
- injectMandatorInformation(attributeMap, eidAuthData);
-
- // work-around that injects nat. person subject to bypass validation on eIDAS Node
+ injectMdsRepesentativeInformation(attributeMap, eidAuthData, eidasReq.getRequestedAttributes());
+
+ // work-around that injects nat. person subject to bypass validation on eIDAS
+ // Node
injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData);
-
- return attributeMap.build();
-
- } else {
- log.debug("Building eIDAS Proxy-Service response without mandates ... ");
- return buildAttributesWithoutMandate(eidAuthData);
-
- }
- }
-
- private void injectMandatorInformation(
- ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
- String natMandatorId = eidAuthData.getGenericData(
- MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class);
-
- if (StringUtils.isNotEmpty(natMandatorId)) {
- log.debug("Injecting natural mandator informations ... ");
- final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
- final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
- final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
- final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
-
- attributeMap.put(attrDefPersonalId, natMandatorId);
- attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData(
- PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class));
- attributeMap.put(attrDefGivenName, eidAuthData.getGenericData(
- PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class));
- attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData(
- PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class));
-
- } else {
- log.debug("Injecting legal mandator informations ... ");
- final AttributeDefinition<?> commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_LEGALNAME).first();
- final AttributeDefinition<?> legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
-
- attributeMap.put(commonName, eidAuthData.getGenericData(
- PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
- attributeMap.put(legalPersonId, eidAuthData.getGenericData(
- MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
-
- }
- }
- private void injectRepesentativeInformation(
- ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
- final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first();
- final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first();
- final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first();
- final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first();
-
- attributeMap.put(attrDefPersonalId,
- eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class));
- attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName());
- attributeMap.put(attrDefGivenName, eidAuthData.getGivenName());
-
- //TODO: throw an error in case of SZR Date with month or day = "00"
- attributeMap.put(attrDefDateOfBirth, eidAuthData.getDateOfBirth());
-
+ }
+
+ return attributeMap.build();
+
}
- /**
- * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation.
- *
- * <p><b>Injection will only be done if this work-around is enabled by configuration,
- * the mandator is a legal person, and both legal and natural person subject's is requested.</b></p>
- *
- * @param attributeMap Attribute set for eIDAS response
- * @param eidasReq Incoming eIDAS request
- * @param authData Authentication data
- */
- private void injectJurPersonWorkaroundIfRequired(
- ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
- if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData)
- && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
- && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
- log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation");
- attributeMap.putAll(buildAttributesWithoutMandate(authData));
-
- }
+ private void injectRequestedAttributes(ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq,
+ IEidAuthData eidAuthData) {
+ eidasReq.getRequestedAttributes().getAttributeMap().keySet().stream()
+ .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData,
+ el.getNameUri().toString(), eidAuthData.isUseMandate()));
+
}
-
- private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) {
- //TODO: throw an error in case of SZR Date with month or day = "00"
- return buildAttributesWithoutMandate(
- eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class),
- eidAuthData.getFamilyName(),
- eidAuthData.getGivenName(),
- eidAuthData.getDateOfBirth());
-
+
+ private void injectMdsRepesentativeInformation(
+ ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData,
+ ImmutableAttributeMap requestedAttributes) {
+ attrRegistry.getRepresentativeAttributesToAddByDefault()
+ .filter(el -> requestedAttributes.getAttributeValuesByNameUri(el) == null)
+ .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData, el, true));
+
}
- private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName,
- String givenName, String dateOfBirth) {
- final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
- final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
- final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
- final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
-
- final ImmutableAttributeMap.Builder attributeMap =
- ImmutableAttributeMap.builder()
- .put(attrDefPersonalId, personalIdentifier)
- .put(attrDefFamilyName, familyName)
- .put(attrDefGivenName, givenName)
- .put(attrDefDateOfBirth, dateOfBirth);
-
- return attributeMap.build();
-
+ private void injectEidasAttribute(ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData,
+ String eidasAttrName, boolean mandatesUsed) {
+ final Optional<String> releatedIdaAttribute =
+ attrRegistry.mapEidasAttributeToSpecificIdaAttribute(eidasAttrName, mandatesUsed);
+ if (releatedIdaAttribute.isPresent()) {
+ log.trace("Mapping IDA attribute: {} to eIDAS attribute: {}", releatedIdaAttribute.get(),
+ eidasAttrName);
+ final String idaAttrValue = eidAuthData.getGenericData(releatedIdaAttribute.get(), String.class);
+ if (StringUtils.isNotEmpty(idaAttrValue)) {
+ log.debug("Build eIDAS attribute: {} from IDA attribute: {}", eidasAttrName, releatedIdaAttribute
+ .get());
+ attributeMap.put(
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByName(eidasAttrName),
+ idaAttrValue);
+
+ } else {
+ log.info("No IDA attribute: {}, eIDAS attribute: {} will be ignored", releatedIdaAttribute.get(),
+ eidasAttrName);
+
+ }
+
+ } else {
+ log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined",
+ eidasAttrName);
+
+ }
}
-
+
private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse)
throws ServletException {
final BinaryLightToken binaryLightToken;
@@ -358,17 +291,61 @@ public class ProxyServiceAuthenticationAction implements IAction {
return binaryLightToken;
}
+ /**
+ * Work-around to inject representative information as nat. person subject to
+ * bypass eIDAS Node validation.
+ *
+ * <p>
+ * <b>Injection will only be done if this work-around is enabled by
+ * configuration, the mandator is a legal person, and both legal and natural
+ * person subject's is requested.</b>
+ * </p>
+ *
+ * @param attributeMap Attribute set for eIDAS response
+ * @param eidasReq Incoming eIDAS request
+ * @param authData Authentication data
+ */
+ private void injectJurPersonWorkaroundIfRequired(
+ ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
+ if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData)
+ && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
+ && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
+ log.debug(
+ "Injecting representative information as nat. person subject to bypass eIDAS Node validation");
+
+ final AttributeDefinition<?> attrDefPersonalId =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+ final AttributeDefinition<?> attrDefFamilyName =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+ final AttributeDefinition<?> attrDefGivenName =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+ final AttributeDefinition<?> attrDefDateOfBirth =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
+
+ attributeMap.put(attrDefPersonalId, authData.getGenericData(PvpAttributeDefinitions.BPK_NAME,
+ String.class));
+ attributeMap.put(attrDefFamilyName, authData.getFamilyName());
+ attributeMap.put(attrDefGivenName, authData.getGivenName());
+ attributeMap.put(attrDefDateOfBirth, authData.getDateOfBirth());
+
+ }
+ }
+
private boolean isLegalPersonWorkaroundActive() {
return basicConfig.getBasicConfigurationBoolean(
- MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON,
+ MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON,
false);
-
+
}
-
+
private boolean isLegalPersonMandateAvailable(IAuthData authData) {
return StringUtils.isNoneEmpty(authData.getGenericData(
- MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
-
+ PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
+
}
}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
index b9e0c488..a6a50100 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
@@ -7,6 +7,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
+import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@@ -77,6 +78,19 @@ public class ProxyEidasAttributeRegistry {
}
/**
+ * Get all eIDAS attributes that are added by default in case of mandates.
+ *
+ * @return {@link Stream} of eIDAS attributes
+ */
+ @NonNull
+ public Stream<String> getRepresentativeAttributesToAddByDefault() {
+ return attributeConfiguration.stream()
+ .filter(el -> el.getType() != null && el.getType().getAutoIncludeWithMandates())
+ .map(el -> el.getEidasAttributeName());
+
+ }
+
+ /**
* Get IDA attributes for a specific eIDAS attribute.
*
* @param eidasAttributeName Name of the eIDAS attribute.
@@ -95,8 +109,24 @@ public class ProxyEidasAttributeRegistry {
.collect(Collectors.toSet());
}
-
-
+
+ /**
+ * Get eIDAS related IDA attribute.
+ *
+ * @param eidasAttributeName Name of the eIDAS attribute.
+ * @param withMandates <code>true</code> if mandates are supported, otherwise <code>false</code>
+ * @return Name of the related IDA attribute if available
+ */
+ public Optional<String> mapEidasAttributeToSpecificIdaAttribute(
+ String eidasAttributeName, boolean withMandates) {
+ return attributeConfiguration.stream()
+ .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName))
+ .findFirst()
+ .map(el -> withMandates ? el.getIdaAttribute().getWithMandates() : el.getIdaAttribute().getBasic())
+ .filter(el -> StringUtils.isNotEmpty(el));
+
+ }
+
@PostConstruct
private void initialize() throws EaafConfigurationException {
final String attrConfPath = basicConfig.getBasicConfiguration(