From 58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 19 Jan 2021 10:37:45 +0100
Subject: build 'requesterId' for private-sector SP's based on hashed unique
 AppIds set 'requesterId' and 'providerName' to static value for any type of
 SP

---
 connector/src/main/resources/application.properties | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'connector/src/main/resources/application.properties')

diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index b13b6c18..b92102ed 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -51,10 +51,23 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
 #eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
 eidas.ms.auth.eIDAS.node_v2.forward.method=POST
 eidas.ms.auth.eIDAS.node_v2.countrycode=AT
+#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.*
 eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
-eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
+
+## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate
 eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
-eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
+
+## use hashed version of unique SP-Identifier as requesterId
+eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true
+
+## user static requesterId for all SP's in case of LU
+eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true
+
+ 
+## set provider name for all public SPs
+eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false
+
+
 
 eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
 
@@ -92,6 +105,10 @@ eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
 eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false
 eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false
 
+
+
+
+
 ##without mandates
 eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
 eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
-- 
cgit v1.2.3


From 2fabf6cfdc78fceac1302d45c88d08214fe4e9e3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 20 Jan 2021 14:32:37 +0100
Subject: add README.md, release and update informations, and full handbook

---
 README.md                                          | 112 +++++++++++++++++++++
 basicConfig/default_config.properties              |   1 -
 connector/src/assembly/assembly_dir.xml            |   2 +
 connector/src/assembly/assembly_zip.xml            |   3 +
 .../src/main/resources/application.properties      |  20 ++--
 infos/handbook-work_in_progress.docx               | Bin 0 -> 44486 bytes
 infos/readme_1.2.0.md                              |  59 +++++++++++
 7 files changed, 183 insertions(+), 14 deletions(-)
 create mode 100644 README.md
 create mode 100644 infos/handbook-work_in_progress.docx
 create mode 100644 infos/readme_1.2.0.md

(limited to 'connector/src/main/resources/application.properties')

diff --git a/README.md b/README.md
new file mode 100644
index 00000000..e0914598
--- /dev/null
+++ b/README.md
@@ -0,0 +1,112 @@
+# Member-state specific eIDAS Application
+
+## Description
+
+The member-state specific eIDAS application (ms-specific eIDAS) implements the bridge between the eIDAS reference implementation provides by European commission and the national eID system. This application consists of two parts
+
+- **MS-specific Connector:** implements the bridge to connect a national service-provider to a foreign idenity-provider. 
+
+- **MS-specific Proxy-Service:** implements the bridge to connect a foreign service-provider to national eID system (ID Austria). This feature is not implemented yet.
+
+  
+
+### Building
+
+The application uses SpringBoot as core framework, but the default build-profile does not build an executable jar. There, the application has to be deployed into an application service, like Apache Tomcat
+
+The project can be build with :
+
+```
+mvn clean package
+```
+
+The resulting `war` file can be deployed into an application server
+
+Set Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ to set the configuration for this application
+
+
+
+If you like to build an executable SpringBoot application with embedded Tomcat then use:
+
+```
+mvn -P embbededTomcat clean package
+```
+
+The resulting `jar` file can be run with java:
+
+```
+java -jar ./connector/target/ms-connector.jar
+```
+
+But it is also directly executalbe
+
+```
+./connector/target/ms-connector.jar
+```
+
+In case of a executable application package, the configuration can be either set by Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._  or by default SpringBoot configuration features.
+
+
+
+### Configuration
+
+A default configuration is located at _basicConfig/_
+
+
+
+## Generate a BM.I Release Package
+
+The full release packages for BM.I infrastructure will be automatically assembled by maven build-process.  Before release build, all release related information have to added into infos folder. To add release informations follow the steps outlined below.
+
+Add a file with release informations to:
+```
+./infos/readme_{version}.txt
+```
+
+Add additional eIDAS Node related information into:
+
+```
+./infos/eIDAS_Ref_Impl/
+```
+
+Add, remove, or update the application description in the handbook and store the handbook for the current release version as pdf. 
+
+```
+modify: ./infos/handbook-work_in_progress.docx
+store pdf to: ./infos/handbook/handbook-{version}.pdf
+```
+
+Generate a release package with:
+
+
+```
+mvn clean package
+```
+
+The full release package will be located add
+```
+./target/ms_specific_connector-{version}-dist.tar.gz
+```
+
+
+
+## Changelog
+
+**v1.2.0**
+
+- Anpassungen zur Anbindungen an das E-ID System
+- Update auf eIDAS Ref. Impl. 2.5.0 mit Apache Ignite Cache
+  https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5
+- TODO:
+
+
+
+**v1.1.0**
+
+  - Update auf eIDAS Ref. Impl. 2.4.0 mit Apache Ignite Cache
+    https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.4
+  - Statischer Service-Provider Name für öffentliche Applikationen 
+  - Mindest LoA, welche für Requests an eIDAS Proxy-Services verwendet wird.
+  - Requested Attributes je Land konfigurierbar
+  - Neue Template-Engine mit i18n Unterstützung
+  - Neuer Algorithmus zur Generierung von Sessiontokens  
\ No newline at end of file
diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties
index ad883284..725fac7c 100644
--- a/basicConfig/default_config.properties
+++ b/basicConfig/default_config.properties
@@ -1,6 +1,5 @@
 ## Basic service configuration
 eidas.ms.context.url.prefix=
-eidas.ms.context.url.request.validation=false
 eidas.ms.core.configRootDir=file:./
 
 
diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml
index 37e05390..59437be6 100644
--- a/connector/src/assembly/assembly_dir.xml
+++ b/connector/src/assembly/assembly_dir.xml
@@ -43,7 +43,9 @@
       <includes>
         <!-- include>README.md</include-->
         <include>readme_${project.version}.txt</include>
+        <include>readme_${project.version}.md</include>
         <include>eIDAS_Ref_Impl/*</include>
+        <include>handbook/*</include>
       </includes>
     </fileSet>
   </fileSets>
diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml
index 579da2e1..43877283 100644
--- a/connector/src/assembly/assembly_zip.xml
+++ b/connector/src/assembly/assembly_zip.xml
@@ -43,6 +43,9 @@
       <includes>
         <!-- include>README.md</include -->
         <include>readme_${project.version}.txt</include>
+        <include>readme_${project.version}.md</include>
+        <include>eIDAS_Ref_Impl/*</include>
+        <include>handbook/*</include>
       </includes>
     </fileSet>
   </fileSets>
diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index b92102ed..9a4ae54f 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -17,9 +17,9 @@ spring.boot.admin.client.enabled=false
 
 #############################################################################
 ## MS-speccific eIDAS-Connector configuration
-#proxy.context.url.prefix=
+#eidas.ms.context.url.prefix=
 eidas.ms.context.url.request.validation=false
-#proxy.configRootDir=file:/.../config/
+#eidas.ms.configRootDir=file:/.../config/
 eidas.ms.context.use.clustermode=true
 eidas.ms.core.logging.level.info.errorcodes=auth.21
 
@@ -51,8 +51,7 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
 #eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
 eidas.ms.auth.eIDAS.node_v2.forward.method=POST
 eidas.ms.auth.eIDAS.node_v2.countrycode=AT
-#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.*
-eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
+eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.*
 
 ## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate
 eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
@@ -106,9 +105,6 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false
 eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false
 
 
-
-
-
 ##without mandates
 eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
 eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
@@ -137,7 +133,7 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
 #eidas.ms.pvp2.key.metadata.password=password
 #eidas.ms.pvp2.key.signing.alias=sig
 #eidas.ms.pvp2.key.signing.password=password
-#eidas.ms.pvp2.metadata.validity=24
+eidas.ms.pvp2.metadata.validity=24
 
 #eidas.ms.pvp2.metadata.organisation.name=JUnit
 #eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
@@ -158,8 +154,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
 
 
 ##only for advanced config
-eidas.ms.configuration.sp.disableRegistrationRequirement=
-#eidas.ms.configuration.restrictions.baseID.spTransmission=
-eidas.ms.configuration.auth.default.countrycode=
-eidas.ms.configuration.pvp.scheme.validation=
-eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file
+eidas.ms.configuration.sp.disableRegistrationRequirement=false
+eidas.ms.configuration.pvp.scheme.validation=true
+eidas.ms.configuration.pvp.enable.entitycategories=false
\ No newline at end of file
diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx
new file mode 100644
index 00000000..d311fa80
Binary files /dev/null and b/infos/handbook-work_in_progress.docx differ
diff --git a/infos/readme_1.2.0.md b/infos/readme_1.2.0.md
new file mode 100644
index 00000000..98e18ccb
--- /dev/null
+++ b/infos/readme_1.2.0.md
@@ -0,0 +1,59 @@
+# MS-Connector v1.2.0 Release vom xx.xx.2021
+
+Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
+
+### Änderungen in dieser Version
+
+  - Erforderliche Anpassungen zur Integration in den ID Austria
+
+  - Update auf eIDAS Ref. Impl. 2.5.0 (Implementiert eIDAS Spezifikation 1.2)
+    https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5
+
+  - Codestabilisierung 
+
+  - Monitoring und HealthChecks Verbesserungen
+
+  - Akutalisierung von Drittherstellerbibliotheken
+
+
+
+
+### Durchführen eines Updates 
+
+Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.0. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_
+
+### Ausgehend von einer bestehenden Version 1.1.0 
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.0-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties)  und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie **hier**.
+5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde
+
+   * __MsConnectorPackage__/config/templates/error_message.html
+6. Erstellung neuer Dateien
+   - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll.
+7. Neue Konfigurationsparameter
+   - *Allgemeine Konfiguration*
+     - ```eidas.ms.core.configRootDir```
+   - *ID Austria Umsetzung*
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.type```
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.path```
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.password```
+     - ```eidas.ms.auth.eIDAS.authblock.key.alias```
+     - ```eidas.ms.auth.eIDAS.authblock.key.password```
+   - *Service-Provider Konfiguration Konfiguration*
+     - ```eidas.ms.sp.x.newEidMode```
+8. Gelöschte Konfigurationsparameter
+
+   - ```authhandler.modules.bindingservice.bpk.target```
+9. Neue optionale Konfigurationsparameter
+   - *Allgemeine Konfiguration*
+     - ```eidas.ms.core.logging.level.info.errorcodes```
+   - *eIDAS Node Kommunikation*
+     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll```
+     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+   - *ID Austria Umsetzung*
+     - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```
-- 
cgit v1.2.3


From c5c6344931f67ccaba335ffa476b5e8117948020 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 10 Mar 2021 12:25:10 +0100
Subject: switch to EAAF-components 1.1.13-SNAPSHOT to add
 EID-IDENTITY-STATUS-LEVEL attribute into SAML2 response

---
 basicConfig/default_config.properties              |   2 ++
 .../builder/AuthenticationDataBuilder.java         |  26 +++++++++++-----
 .../src/main/resources/application.properties      |   2 ++
 .../resources/specific_eIDAS_connector.beans.xml   |   6 ++++
 .../connector/test/FullStartUpAndProcessTest.java  |   7 +++--
 .../ProcessEngineSignalControllerTest.java         |   2 +-
 .../test/utils/AuthenticationDataBuilderTest.java  |  16 +++++++++-
 .../data/metadata_valid_without_encryption.xml     |   1 +
 .../spring/SpringTest_connector.beans.xml          |   6 ++++
 .../specific/modules/auth/eidas/v2/Constants.java  |   2 ++
 .../eidas/v2/tasks/ReceiveAuthnResponseTask.java   |   9 ++++--
 .../test/tasks/ReceiveEidasResponseTaskTest.java   |  34 +++++++++++++++++++--
 infos/handbook-work_in_progress.docx               | Bin 44486 -> 44445 bytes
 pom.xml                                            |   2 +-
 14 files changed, 98 insertions(+), 17 deletions(-)

(limited to 'connector/src/main/resources/application.properties')

diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties
index 725fac7c..2ea12b17 100644
--- a/basicConfig/default_config.properties
+++ b/basicConfig/default_config.properties
@@ -18,6 +18,8 @@ eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
 
 
 ## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.eid.testidentity.default=false
+
 eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
 eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
 
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
index c41660ce..3a93c1b8 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
@@ -30,6 +30,7 @@ import org.springframework.stereotype.Service;
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
@@ -37,8 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import lombok.extern.slf4j.Slf4j;
 
 @Service("AuthenticationDataBuilder")
@@ -47,9 +49,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
   
   @Override
   protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {        
-    final IAuthProcessDataContainer authProcessData =
-        pendingReq.getSessionData(AuthProcessDataWrapper.class);    
-    AuthenticationData authData = new AuthenticationData();
+    final EidAuthProcessDataWrapper authProcessData =
+        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);    
+    EidAuthenticationData authData = new EidAuthenticationData();
     
     //set basis infos
     super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
@@ -58,6 +60,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
     authData.setSsoSessionValidTo(
         new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
     
+    authData.setEidStatus(authProcessData.isTestIdentity() 
+        ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
+    
     return authData;
 
   }
@@ -65,16 +70,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
   @Override
   protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) 
       throws EaafException {
-    if (authData instanceof AuthenticationData) {
-      ((AuthenticationData)authData).setGenericData(
+    if (authData instanceof EidAuthenticationData) {
+      ((EidAuthenticationData)authData).setGenericData(
           ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, 
           pendingReq.getUniquePiiTransactionIdentifier());
       log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
     
       // set specific informations
-      ((AuthenticationData)authData).setSsoSessionValidTo(
+      ((EidAuthenticationData)authData).setSsoSessionValidTo(
           new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
 
+      //set E-ID status-level
+      final EidAuthProcessDataWrapper authProcessData =
+          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);        
+      ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() 
+          ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
       
     } else {
       throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " 
@@ -86,7 +96,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
   @Override
   protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException {
-    return new AuthenticationData();
+    return new EidAuthenticationData();
 
   }
 
diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index 9a4ae54f..2411fde3 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -48,6 +48,8 @@ eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
 
 ## eIDAS Ref. Implementation connector ###
 eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
+eidas.ms.auth.eIDAS.eid.testidentity.default=false
+
 #eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
 eidas.ms.auth.eIDAS.node_v2.forward.method=POST
 eidas.ms.auth.eIDAS.node_v2.countrycode=AT
diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
index f6fdeefe..0f8511d5 100644
--- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml
+++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
@@ -49,6 +49,9 @@
     <property name="pvpIdpCredentials">
       <ref bean="PVPEndPointCredentialProvider" />
     </property>
+    <property name="metadataProvider">
+      <ref bean="PVPMetadataProvider" />
+    </property>   
   </bean>
 
   <bean id="AuthnRequestValidator"
@@ -69,6 +72,9 @@
     <property name="pvpIdpCredentials">
       <ref bean="PVPEndPointCredentialProvider" />
     </property>
+    <property name="metadataProvider">
+      <ref bean="PVPMetadataProvider" />
+    </property>     
   </bean>
 
   <bean id="eaafProtocolAuthenticationService"
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
index fcb0e73a..f50829c7 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
@@ -62,6 +62,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
@@ -99,7 +100,7 @@ import szrservices.SignContentResponseType;
 @ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
 public class FullStartUpAndProcessTest {
 
-  private static final String FINAL_REDIRECT = "http://localhost/finalizeAuthProtocol?pendingid=";
+  private static final String FINAL_REDIRECT = "http://localhost/public/secure/finalizeAuthProtocol?pendingid=";
   
   @Autowired private WebApplicationContext wac;
   @Autowired private PvpEndPointCredentialProvider credentialProvider;
@@ -379,7 +380,7 @@ public class FullStartUpAndProcessTest {
     Assert.assertEquals("SAML2 status", Constants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue());
     
     final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2);
-    Assert.assertEquals("wrong resp attr. size", 6, extractor.getAllIncludeAttributeNames().size());
+    Assert.assertEquals("wrong resp attr. size", 7, extractor.getAllIncludeAttributeNames().size());
     Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high", 
         extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108"));
     Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2", 
@@ -392,6 +393,8 @@ public class FullStartUpAndProcessTest {
         extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed"));
     Assert.assertNotNull("Wrong attr: piiTras.Id ", 
         extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId"));
+    Assert.assertEquals("Wrong attr:EID_STATUS_LEVEL ", "http://eid.gv.at/eID/status/identity",
+        extractor.getSingleAttributeValue(PvpAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_NAME));
     
   }
 
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
index d2c4aff2..5b612036 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
@@ -69,7 +69,7 @@ public class ProcessEngineSignalControllerTest {
     Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
     Assert.assertNotNull("redirect header", httpResp.getHeaderValue("Location"));
     Assert.assertTrue("wrong redirect header", 
-        httpResp.getHeader("Location").startsWith("http://localhost/errorHandling?errorid="));
+        httpResp.getHeader("Location").startsWith("http://localhost/public/secure/errorHandling?errorid="));
   
   }
   
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
index 5f1c5dcf..0df8638c 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
@@ -11,6 +11,7 @@ import java.util.Map;
 import javax.xml.transform.TransformerException;
 
 import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.RandomUtils;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -35,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
@@ -42,8 +44,10 @@ import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
@@ -118,8 +122,10 @@ public class AuthenticationDataBuilderTest {
   @Test
   public void eidMode() throws EaafAuthenticationException {
     // initialize state
+    boolean isTestIdentity = RandomUtils.nextBoolean();
     pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
-
+    pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+    
     // execute
     IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
 
@@ -128,6 +134,9 @@ public class AuthenticationDataBuilderTest {
     Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class));
     Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class));
     Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+    Assert.assertEquals("testIdentity flag", 
+        isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, 
+        ((EidAuthenticationData)authData).getEidStatus());
 
     String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);
     String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class);
@@ -159,6 +168,8 @@ public class AuthenticationDataBuilderTest {
   @Test
   public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException {
     //initialize state
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);    
     pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false);
     IIdentityLink idl = buildDummyIdl();
     pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl);
@@ -173,6 +184,9 @@ public class AuthenticationDataBuilderTest {
     Assert.assertNull("piiTransactionId", 
         authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class));
     
+    Assert.assertEquals("testIdentity flag", 
+        isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, 
+        ((EidAuthenticationData)authData).getEidStatus());
     
     Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo());
     Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
diff --git a/connector/src/test/resources/data/metadata_valid_without_encryption.xml b/connector/src/test/resources/data/metadata_valid_without_encryption.xml
index b224c336..32b24e91 100644
--- a/connector/src/test/resources/data/metadata_valid_without_encryption.xml
+++ b/connector/src/test/resources/data/metadata_valid_without_encryption.xml
@@ -71,6 +71,7 @@ ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate>
       <md:RequestedAttribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
       <md:RequestedAttribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
       <md:RequestedAttribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+      <md:RequestedAttribute FriendlyName="EID-IDENTITY-STATUS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.109" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
     </md:AttributeConsumingService>
   </md:SPSSODescriptor>
   <md:Organization>
diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
index ba385cb9..83acf445 100644
--- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml
+++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
@@ -41,6 +41,9 @@
     <property name="pvpIdpCredentials">
       <ref bean="PVPEndPointCredentialProvider" />
     </property>
+    <property name="metadataProvider">
+      <ref bean="PVPMetadataProvider" />
+    </property>       
   </bean>
 
   <bean id="AuthnRequestValidator"
@@ -61,6 +64,9 @@
     <property name="pvpIdpCredentials">
       <ref bean="PVPEndPointCredentialProvider" />
     </property>
+    <property name="metadataProvider">
+      <ref bean="PVPMetadataProvider" />
+    </property>     
   </bean>
 
   <bean id="eaafProtocolAuthenticationService"
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index c175d999..d13dd00f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -41,6 +41,8 @@ public class Constants {
 
   // configuration properties
   public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
+  public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX 
+      + ".eid.testidentity.default";
   public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
   public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
   public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index 684546f7..6cab9214 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -39,7 +39,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import eu.eidas.auth.commons.light.ILightResponse;
 import lombok.extern.slf4j.Slf4j;
@@ -99,10 +99,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
       // update MOA-Session data with received information
       log.debug("Store eIDAS response information into pending-request.");
-      final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+      final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
       authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
       authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
 
+      
+      //inject set flag to inject 
+      authProcessData.setTestIdentity(
+          basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
+            
       // store MOA-session to database
       requestStoreage.storePendingRequest(pendingReq);
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
index de9b2d3b..0e56e2b3 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
@@ -39,7 +39,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -84,6 +84,7 @@ public class ReceiveEidasResponseTaskTest {
     RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
 
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false");
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "false");
     
     final Map<String, String> spConfig = new HashMap<>();
     spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
@@ -153,15 +154,44 @@ public class ReceiveEidasResponseTaskTest {
     IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
     Assert.assertNotNull("pendingReq not stored", storedReq);
     
-    final AuthProcessDataWrapper authProcessData = storedReq.getSessionData(AuthProcessDataWrapper.class);
+    final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
     Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
     Assert.assertNotNull("eIDAS response", 
         authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
     Assert.assertEquals("eIDAS response", eidasResponse, 
         authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+    Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity());
         
   }
   
+  @Test
+  public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException {    
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true");
+    
+    @NotNull        
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");    
+      
+    //execute test
+    task.execute(pendingReq, executionContext);
+    
+    //validate state
+    IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+    Assert.assertNotNull("pendingReq not stored", storedReq);
+    
+    final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
+    Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
+    Assert.assertNotNull("eIDAS response", 
+        authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+    Assert.assertEquals("eIDAS response", eidasResponse, 
+        authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+    Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity());
+        
+  }
+  
+  
+  
   @NotNull
   private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException {
     final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx
index d311fa80..192db5d4 100644
Binary files a/infos/handbook-work_in_progress.docx and b/infos/handbook-work_in_progress.docx differ
diff --git a/pom.xml b/pom.xml
index 46d02706..808d71b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
     <!-- ===================================================================== -->
     <egiz-spring-api>0.3</egiz-spring-api>
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
-    <eaaf-core.version>1.1.11</eaaf-core.version>
+    <eaaf-core.version>1.1.13-SNAPSHOT</eaaf-core.version>
 
     <spring-boot-starter-web.version>2.4.1</spring-boot-starter-web.version>
     <spring-boot-admin-starter-client.version>2.3.1</spring-boot-admin-starter-client.version>
-- 
cgit v1.2.3


From af013acbb41d98b39d5ede56dbd5227858688e33 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 25 Jun 2021 10:26:17 +0200
Subject: fix bug in combination with EidasNode v2.5 and DE Middleware

# Conflicts:
#	connector/src/main/resources/application.properties
---
 .../src/main/resources/application.properties      |   2 +-
 .../specific/modules/auth/eidas/v2/Constants.java  |   2 +
 .../eidas/v2/tasks/GenerateAuthnRequestTask.java   |   3 +-
 .../test/tasks/GenerateAuthnRequestTaskTest.java   |  15 ++++--
 infos/Handbuch_MS-eIDAS-Node.docx                  | Bin 64139 -> 58160 bytes
 infos/handbook-work_in_progress.docx               | Bin 44928 -> 0 bytes
 infos/handbook/Handbuch_MS-eIDAS-Node.pdf          | Bin 871397 -> 162244 bytes
 infos/readme_1.2.2.md                              |  60 +++++++++++++++++++++
 8 files changed, 76 insertions(+), 6 deletions(-)
 delete mode 100644 infos/handbook-work_in_progress.docx
 create mode 100644 infos/readme_1.2.2.md

(limited to 'connector/src/main/resources/application.properties')

diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index 2411fde3..73a83c13 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -69,7 +69,7 @@ eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true
 eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false
 
 
-
+#eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat=
 eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
 
 #eidas.ms.auth.eIDAS.szrclient.useTestService=true
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index d13dd00f..1732a61a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -69,6 +69,8 @@ public class Constants {
   public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER =
       CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier";
   
+  public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT = 
+      CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat";
   
   public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE
       + ".staticProviderNameForPublicSPs";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 92f58877..9900fa98 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -106,7 +106,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
       authnRequestBuilder.id(UUID.randomUUID().toString());
 
       // set nameIDFormat
-      authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+      authnRequestBuilder.nameIdFormat(
+          authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT));
 
       // set citizen country code for foreign uses
       authnRequestBuilder.citizenCountryCode(citizenCountryCode);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index f796bd86..4edfe32d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -1,5 +1,7 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
 
+import static org.junit.Assert.assertNull;
+
 import java.io.UnsupportedEncodingException;
 import java.util.HashMap;
 import java.util.Map;
@@ -91,7 +93,8 @@ public class GenerateAuthnRequestTaskTest {
         "http://test/" + RandomStringUtils.randomAlphabetic(5));  
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
-        
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat");    
+    
   }
   
   @Test
@@ -313,9 +316,8 @@ public class GenerateAuthnRequestTaskTest {
     Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName());
     Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
     Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
-    Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());
-    Assert.assertEquals("NameIdFormat", Constants.eIDAS_REQ_NAMEID_FORMAT, eidasReq.getNameIdFormat());
-    
+    Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());    
+    assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat());
     
   }
 
@@ -337,6 +339,10 @@ public class GenerateAuthnRequestTaskTest {
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
             
+    String nameIdFormat = RandomStringUtils.randomAlphabetic(10);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat);
+    
     String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
@@ -363,6 +369,7 @@ public class GenerateAuthnRequestTaskTest {
         eidasReq.getLevelOfAssurance());
     
     Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+    Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat());
     
   }
   
diff --git a/infos/Handbuch_MS-eIDAS-Node.docx b/infos/Handbuch_MS-eIDAS-Node.docx
index 7bb5c919..aacb3828 100644
Binary files a/infos/Handbuch_MS-eIDAS-Node.docx and b/infos/Handbuch_MS-eIDAS-Node.docx differ
diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx
deleted file mode 100644
index 3f2c6afd..00000000
Binary files a/infos/handbook-work_in_progress.docx and /dev/null differ
diff --git a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf
index dd79201f..1d4195bb 100644
Binary files a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf and b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf differ
diff --git a/infos/readme_1.2.2.md b/infos/readme_1.2.2.md
new file mode 100644
index 00000000..6e7abdd0
--- /dev/null
+++ b/infos/readme_1.2.2.md
@@ -0,0 +1,60 @@
+# MS-Connector v1.2.2 Release vom 26.06.2021
+
+Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
+
+### Änderungen in dieser Version
+
+  - Bugfix
+      - Inkompatibilität zwischen AT MS-Connector, EidasNode v2.5 und Deutscher Middleware behoben
+
+
+
+
+### Durchführen eines Updates 
+
+Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.2. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_
+
+### Ausgehend von einer bestehenden Version 1.2.x 
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.2-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Neue optionale Konfigurationsparameter
+   - *Allgemeine Konfiguration*
+     - ```eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat```
+
+### Ausgehend von einer bestehenden Version 1.1.0 
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.2-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties)  und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie im Handbuch zum AT MS-Connector.
+5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde. Sofern die entsprechenden Datein an die bestehende Infrastruktur angepasst wurden so müssen diese Änderungen übernommen werden.
+   - __MsConnectorPackage__/config/templates/error_message.html 
+   - __MsConnectorPackage__/config/eIDAS/igniteSpecificCommunication.xml  
+     Hinweis: Siehe auch Update-Hinweise zur EIDAS-Node v2.5
+6. Erstellung neuer Dateien
+   - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll.
+7. Neue Konfigurationsparameter
+   - *Allgemeine Konfiguration*
+     - ```eidas.ms.core.configRootDir```
+   - *ID Austria Umsetzung*
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.type```
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.path```
+     - ```eidas.ms.auth.eIDAS.authblock.keystore.password```
+     - ```eidas.ms.auth.eIDAS.authblock.key.alias```
+     - ```eidas.ms.auth.eIDAS.authblock.key.password```
+   - *Service-Provider Konfiguration Konfiguration*
+     - ```eidas.ms.sp.x.newEidMode```
+8. Gelöschte Konfigurationsparameter
+
+   - ```authhandler.modules.bindingservice.bpk.target```
+9. Neue optionale Konfigurationsparameter
+   - *Allgemeine Konfiguration*
+     - ```eidas.ms.core.logging.level.info.errorcodes```
+   - *eIDAS Node Kommunikation*
+     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+     * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll```
+   - *ID Austria Umsetzung*
+     - ```eidas.ms.auth.eIDAS.eid.testidentity.default```
+     - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```
-- 
cgit v1.2.3