aboutsummaryrefslogtreecommitdiff
path: root/id.server/data
diff options
context:
space:
mode:
authorrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-10-24 08:34:56 +0000
committerrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-10-24 08:34:56 +0000
commitdd45e938564249a5e6897bd92dd29808d8990868 (patch)
tree372d8a4b128cff09262ad09d6a4cf5765d672d61 /id.server/data
parent59f78a67d7357fd31de68fc2b623f95b3d654ebc (diff)
downloadmoa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.gz
moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.bz2
moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.zip
MOA-ID version 1.1 (initial)
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/data')
-rw-r--r--id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat40
-rw-r--r--id.server/data/abnahme-test/conf/OAConfBasicAuth.xml10
-rw-r--r--id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml13
-rw-r--r--id.server/data/abnahme-test/conf/OAConfParamAuth.xml10
-rw-r--r--id.server/data/abnahme-test/conf/deploy_AUTH.bat12
-rw-r--r--id.server/data/abnahme-test/conf/log4j.properties41
-rw-r--r--id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml64
-rw-r--r--id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml136
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cerbin0 -> 876 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cerbin0 -> 987 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cerbin0 -> 965 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cerbin0 -> 1321 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cerbin0 -> 1321 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.derbin0 -> 1886 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cerbin0 -> 965 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jarbin0 -> 933730 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jarbin0 -> 78440 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12bin0 -> 2467 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12bin0 -> 1234 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12bin0 -> 2797 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12bin0 -> 3077 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12bin0 -> 3077 bytes
-rw-r--r--id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml19
-rw-r--r--id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml3
-rw-r--r--id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml19
-rw-r--r--id.server/data/abnahme-test/conf/moa/runAbnahme.bat12
-rw-r--r--id.server/data/abnahme-test/conf/moa/server.xml423
-rw-r--r--id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml63
-rw-r--r--id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties94
-rw-r--r--id.server/data/abnahme-test/ixsil/init/properties/init.properties214
-rw-r--r--id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties74
-rw-r--r--id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd328
-rw-r--r--id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd402
-rw-r--r--id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd203
-rw-r--r--id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html177
-rw-r--r--id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html177
-rw-r--r--id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html177
-rw-r--r--id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html30
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml88
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml108
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml87
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml41
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml103
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml98
-rw-r--r--id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml98
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml25
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml121
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml37
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml133
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml28
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml124
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml40
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml136
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml25
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml52
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml25
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml52
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml28
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml52
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml62
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml13
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml65
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml65
-rw-r--r--id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml94
-rw-r--r--id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml136
-rw-r--r--id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml136
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html30
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html14
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html20
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html20
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml35
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html1
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/Configuration.xml35
-rw-r--r--id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp6
-rw-r--r--id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml61
-rw-r--r--id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml24
-rw-r--r--id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml17
-rw-r--r--id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml12
-rw-r--r--id.server/data/abnahme-test/xmldata/Configuration.xml105
-rw-r--r--id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/abnahme-test/xmldata/L000/Configuration.xml105
-rw-r--r--id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml94
-rw-r--r--id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml97
-rw-r--r--id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cerbin0 -> 1110 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cerbin0 -> 864 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/Buergerkarte01Root.cerbin0 -> 876 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/C.CA.DS.cerbin0 -> 1136 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/IAIKRoot.cerbin0 -> 883 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cerbin0 -> 863 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/TestPersonMOA4.cerbin0 -> 1321 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cerbin0 -> 1136 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cerbin0 -> 994 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/ecdsaroot_der.cerbin0 -> 540 bytes
-rw-r--r--id.server/data/certs/TrustProfile1/hsm.cer13
-rw-r--r--id.server/data/certs/TrustProfile1/moahsmcert.cer13
-rw-r--r--id.server/data/certs/ca-certs/GTE CyberTrust Root.cerbin0 -> 510 bytes
-rw-r--r--id.server/data/certs/ca-certs/TrustMark-WebServer-01.cerbin0 -> 1030 bytes
-rw-r--r--id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cerbin0 -> 568 bytes
-rw-r--r--id.server/data/certs/ca-certs/a-sign-corporate-light-01.cerbin0 -> 1065 bytes
-rw-r--r--id.server/data/certs/ca-certs/intermediate.cerbin0 -> 890 bytes
-rw-r--r--id.server/data/certs/ca-certs/root.cerbin0 -> 881 bytes
-rw-r--r--id.server/data/certs/client-certs/key.pem18
-rw-r--r--id.server/data/certs/client-certs/key2.pem18
-rw-r--r--id.server/data/certs/client-certs/req.cerbin0 -> 746 bytes
-rw-r--r--id.server/data/certs/client-certs/req.pem18
-rw-r--r--id.server/data/certs/client-certs/req2.pem18
-rw-r--r--id.server/data/certs/keystores/client.keystorebin0 -> 814 bytes
-rw-r--r--id.server/data/certs/keystores/client.p12bin0 -> 1860 bytes
-rw-r--r--id.server/data/certs/keystores/client2.p12bin0 -> 1856 bytes
-rw-r--r--id.server/data/certs/keystores/server.keystorebin0 -> 1360 bytes
-rw-r--r--id.server/data/certs/keystores/testlinux.keystorebin0 -> 5417 bytes
-rw-r--r--id.server/data/certs/keystores/testlinux_plus_client.keystorebin0 -> 6199 bytes
-rw-r--r--id.server/data/certs/keystores/testlinux_rev.keystorebin0 -> 5417 bytes
-rw-r--r--id.server/data/certs/server-certs/a-trust.cerbin0 -> 1100 bytes
-rw-r--r--id.server/data/certs/server-certs/baltimore.cerbin0 -> 693 bytes
-rw-r--r--id.server/data/certs/server-certs/cio.cerbin0 -> 1185 bytes
-rw-r--r--id.server/data/certs/server-certs/testlinux.crtbin0 -> 1018 bytes
-rw-r--r--id.server/data/certs/server-certs/testlinux_rev.crtbin0 -> 1018 bytes
-rw-r--r--id.server/data/certs/server-certs/testwin.cerbin0 -> 1000 bytes
-rw-r--r--id.server/data/certs/server-certs/testwin_rev.cerbin0 -> 1000 bytes
-rw-r--r--id.server/data/certs/server-certs/tomcat-server.crtbin0 -> 580 bytes
-rw-r--r--id.server/data/certs/server-certs/verisign.cerbin0 -> 977 bytes
-rw-r--r--id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml81
-rw-r--r--id.server/data/deploy/conf/moa-id/log4j.properties22
-rw-r--r--id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml10
-rw-r--r--id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml63
-rw-r--r--id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml14
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8Fbin0 -> 861 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733bin0 -> 864 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6bin0 -> 860 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92bin0 -> 1110 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml19
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cerbin0 -> 1110 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cerbin0 -> 864 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cerbin0 -> 861 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cerbin0 -> 860 bytes
-rw-r--r--id.server/data/deploy/tomcat/moa-id-env.bat1
-rw-r--r--id.server/data/deploy/tomcat/moa-id-env.sh1
-rw-r--r--id.server/data/deploy/tomcat/server.mod_jk.xml201
-rw-r--r--id.server/data/deploy/tomcat/server.xml157
-rw-r--r--id.server/data/deploy/tomcat/uriworkermap.properties7
-rw-r--r--id.server/data/deploy/tomcat/workers.properties6
-rw-r--r--id.server/data/test/conf/ConfigurationTest.xml103
-rw-r--r--id.server/data/test/conf/OAConfBasicAuth.xml10
-rw-r--r--id.server/data/test/conf/OAConfHeaderAuth.xml13
-rw-r--r--id.server/data/test/conf/OAConfParamAuth.xml10
-rw-r--r--id.server/data/test/conf/log4j.properties10
-rw-r--r--id.server/data/test/conf/transforms/TransformsInfosHTML.xml63
-rw-r--r--id.server/data/test/ixsil/init/properties/algorithms.properties94
-rw-r--r--id.server/data/test/ixsil/init/properties/init.properties214
-rw-r--r--id.server/data/test/ixsil/init/properties/keyManager.properties74
-rw-r--r--id.server/data/test/ixsil/init/schemas/Signature.xsd328
-rw-r--r--id.server/data/test/ixsil/init/schemas/XMLSchema.dtd402
-rw-r--r--id.server/data/test/ixsil/init/schemas/datatypes.dtd203
-rw-r--r--id.server/data/test/xmldata/ErrorResponse.xml4
-rw-r--r--id.server/data/test/xmldata/GetIdentityLinkForm.html20
-rw-r--r--id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml127
-rw-r--r--id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml52
-rw-r--r--id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml59
-rw-r--r--id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml2
-rw-r--r--id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml97
186 files changed, 9816 insertions, 0 deletions
diff --git a/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat b/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat
new file mode 100644
index 000000000..3e90dc52e
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat
@@ -0,0 +1,40 @@
+
+echo --------------------
+Echo Richte moa-sp ein
+echo --------------------
+md C:\programme\apacheGroup\abnahme\conf\moa
+md C:\programme\apacheGroup\abnahme\conf\moa\keys
+md C:\programme\apacheGroup\abnahme\conf\moa\profiles
+md C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles
+md C:\programme\apacheGroup\abnahme\conf\moa-id
+md C:\programme\apacheGroup\abnahme\conf\moa-id\Transforms
+
+
+copy moa\server.xml C:\programme\apacheGroup\abnahme\conf\server.xml
+copy server.keystore C:\programme\apacheGroup\abnahme\server.keystore
+
+copy log4j.properties C:\programme\apacheGroup\abnahme\conf\moa\log4j.properties
+copy moa\ConfigurationTest.xml C:\programme\apacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+xcopy moa\common\*.* C:\programme\apacheGroup\abnahme\common\*.* /s/e
+del C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1 /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2 /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\profiles\*.* /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\keys\*.* /S/Q
+copy moa\keys\*.* C:\programme\apacheGroup\abnahme\conf\moa\keys\*.*
+copy moa\profiles\*.* C:\programme\apacheGroup\abnahme\conf\moa\profiles\*.*
+xcopy moa\TrustProfile1\*.* C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1\*.* /s/e
+xcopy moa\TrustProfile2\*.* C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2\*.* /s/e
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\common\moa\endorsed\Cvs /S/Q
+echo --------------------
+Echo Rrichte moa-auth ein
+echo --------------------
+copy moa-id\ConfigurationTest.xml C:\programme\apacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml
+
+copy transforms\TransformsInfosHTML.xml C:\programme\apacheGroup\abnahme\conf\moa-id\Transforms\TransformsInfosHTML.xml
+echo --------------------
+Echo Kopiere Start-Skript
+echo --------------------
+copy moa\runAbnahme.bat C:\programme\apacheGroup\abnahme\runAbnahme.bat
diff --git a/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml b/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml
new file mode 100644
index 000000000..61455f903
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <BasicAuth>
+ <UserID>MOAGivenName</UserID>
+ <Password>MOAFamilyName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml b/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml
new file mode 100644
index 000000000..c92e055e9
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <HeaderAuth>
+ <Header Name="Param1" Value="MOAPublicAuthority"/>
+ <Header Name="Param2" Value="MOABKZ"/>
+ <Header Name="Param3" Value="MOAQualifiedCertificate"/>
+ <Header Name="Param4" Value="MOAZMRZahl"/>
+ <Header Name="Param5" Value="MOAIPAddress"/>
+ </HeaderAuth>
+</Configuration>
diff --git a/id.server/data/abnahme-test/conf/OAConfParamAuth.xml b/id.server/data/abnahme-test/conf/OAConfParamAuth.xml
new file mode 100644
index 000000000..a70f6a6c0
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/OAConfParamAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <ParamAuth>
+ <Parameter Name="Param1" Value="MOADateOfBirth"/>
+ <Parameter Name="Param2" Value="MOAVPK"/>
+ </ParamAuth>
+</Configuration>
diff --git a/id.server/data/abnahme-test/conf/deploy_AUTH.bat b/id.server/data/abnahme-test/conf/deploy_AUTH.bat
new file mode 100644
index 000000000..adb168f09
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/deploy_AUTH.bat
@@ -0,0 +1,12 @@
+
+cd ..\..\..\..\build\scripts\
+Echo Entferne temporäre Projekt-Dateien und erstelle moa-id-auth.war
+call build id.server clean >null
+call build id.server dist-auth >null
+Echo Lösche altes .war-File vom Server und kopiere neu erzeugte Web-App
+del C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth.war /Q/F/S
+rd C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth /S/Q
+copy ..\..\id.server\tmp\dist\auth\moa-id-auth.war C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth.war
+cd ..\..\id.server\data\abnahme-test\conf
+C:
+cd C:\programme\ApacheGroup\abnahme
diff --git a/id.server/data/abnahme-test/conf/log4j.properties b/id.server/data/abnahme-test/conf/log4j.properties
new file mode 100644
index 000000000..86aa9c994
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/log4j.properties
@@ -0,0 +1,41 @@
+#
+# Sample log4j configuration for the MOA-SPSS web service
+#
+
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# Define log4j root loggers for the 'moa.spss.server' and 'iaik.server'
+# logging hierarchies.
+# All logging output is written to the 'stdout' and 'R' appenders.
+# Add JDBC if you also want to write it to the database
+log4j.rootLogger=info, stdout, R
+log4j.logger.moa.spss.server=info
+log4j.logger.iaik.server=info
+log4j.moa=debug
+
+# Configure the 'stdout appender' to write logging output to the console
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
+# Configure the rolling file appender 'R' to write logging output
+# to the file 'moa-spss.log'. The file is rolled over every 1000KB,
+# and a maximum history of 4 log files is being kept.
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=moa-spss.log
+log4j.appender.R.MaxFileSize=1000KB
+log4j.appender.R.MaxBackupIndex=4
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
+# Configure the jdbc appender 'JDBC' to write logging output
+# to the given PostgreSQL database
+# a suitable table called 'spss_log' must have been created in the
+# database using the command:
+# create table spss_log (log_time timestamp, log_level varchar(5), log_msg varchar(256))
+log4j.appender.JDBC=org.apache.log4j.jdbc.JDBCAppender
+log4j.appender.JDBC.driver=org.postgresql.Driver
+log4j.appender.JDBC.URL=jdbc:postgresql://10.16.46.108/moa?user=moa&password=moatest
+log4j.appender.JDBC.layout=org.apache.log4j.PatternLayout
+log4j.appender.JDBC.sql=INSERT INTO spss_log (log_time, log_level, log_msg) VALUES ('%d{ yyyy-MM-dd HH:mm:ss.SSS}', '%5p', '%m') \ No newline at end of file
diff --git a/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml b/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml
new file mode 100644
index 000000000..f2e23f2e2
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/Transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/certs/server-certs</AcceptedServerCertificates>
+ <!--<ClientKeyStore password="Keystore Pass">file:/c:/</ClientKeyStore> -->
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://moatestlinux:18080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:/c:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/OAConf.xml" sessionTimeOut="600">
+ <ConnectionParameter URL="https://moatestlinux:18443/oa/">
+ <AcceptedServerCertificates>file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/server-certs/tomcat</AcceptedServerCertificates>
+<!-- <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://10.16.126.28:9443/moa-id-proxy/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:/c:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/OAConf.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="https://moatestlinux:18443/oa/">
+ <AcceptedServerCertificates>file:/home/moa/id/abnahme/conf/moa-id/oa/server-certs/tomcat</AcceptedServerCertificates>
+ <!-- <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="/home/moa/id/abnahme/conf/moa-id/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:/home/moa/id/abnahme/conf/moa-id/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml b/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml
new file mode 100644
index 000000000..82c45565d
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa-spss="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <CanonicalizationAlgorithm name="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <DigestMethodAlgorithm name="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <GenericConfiguration name="IAIKIXSILinit.properties" value="aValidFileName"/>
+ <GenericConfiguration name="autoAddCertificates" value="true"/>
+ <GenericConfiguration name="useAuthorityInfoAccess" value="true"/>
+ <GenericConfiguration name="maxRevocationAge" value="0"/>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="aValidPathName"/>
+ <GenericConfiguration name="archiveRevocationInfo" value="false"/>
+ <GenericConfiguration name="DataBaseArchiveParameter.JDBCUrl" value="jdbc:postgresql://10.16.46.108/moa?user=moa&amp;password=moatest"/>
+ <GenericConfiguration name="test.ReferenceBase" value="test"/>
+ <!--
+ <HardwareCryptoModule name="validPathToPKCS11Lib" slotID="validSlotID" userPIN="validPIN"/>
+ <HardwareKeyModule name="validPathToPKCS11Lib" slotID="validSlotID" userPIN="validPIN"/>
+
+ <HardwareKeyModule id="HSM" name="cryptoki.dll" slotID="0" userPIN="0000"/>-->
+ <SoftwareKeyModule id="SWKeyModule1" filename="keys/test-ee2003_normal(buergerkarte).p12" password="buergerkarte"/>
+ <SoftwareKeyModule id="SWKeyModule2" filename="keys/normal-eeExpired.p12" password=""/>
+ <SoftwareKeyModule id="SWKeyModule3" filename="keys/ecc(ego).p12" password="ego"/>
+ <SoftwareKeyModule id="SWKeyModule4" filename="keys/DSA.512.p12" password="topSecret"/>
+ <KeyGroup id="HSMRSAKEY">
+ <Key>
+ <KeyModuleID>HSM</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>C=AT,OU=MOA,O=BRZ,CN=HSMRSAKEY</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="PKCS12RSAKey1">
+ <!--PKCS12RSAKey1 maps to test-ee2003_normal(buergerkarte).p12-->
+ <Key>
+ <KeyModuleID>SWKeyModule1</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="PKCS12RSAKeyExpired">
+ <!--PKCS12RSAKey1 maps to sicher-demo(buergerkarte).p12-->
+ <Key>
+ <KeyModuleID>SWKeyModule2</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>10</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="PKCS12ECDSAKey1">
+ <!--PKCS12ECDSAKey1 maps to ecc(ego).p12-->
+ <Key>
+ <KeyModuleID>SWKeyModule3</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK ECDSA Test,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>68172</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="DSAinPKCS12">
+ <!--DSAinPKCS12 maps to DSA.512.p12-->
+ <Key>
+ <KeyModuleID>SWKeyModule4</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK DSA Test CA,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>761791</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroup id="allKeys">
+ <Key>
+ <KeyModuleID>SWKeyModule1</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ <Key>
+ <KeyModuleID>SWKeyModule2</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ <Key>
+ <KeyModuleID>SWKeyModule3</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK ECDSA Test,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>68172</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ <Key>
+ <KeyModuleID>SWKeyModule4</KeyModuleID>
+ <KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=IAIK DSA Test CA,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>761791</dsig:X509SerialNumber>
+ </KeyCertIssuerSerial>
+ </Key>
+ </KeyGroup>
+ <KeyGroupMapping>
+ <KeyGroup id="PKCS12RSAKey1"/>
+ <KeyGroup id="PKCS12RSAKeyExpired"/>
+ <KeyGroup id="PKCS12ECDSAKey1"/>
+ <KeyGroup id="DSAinPKCS12"/>
+ <KeyGroup id="HSMRSAKEY"/>
+ </KeyGroupMapping>
+ <KeyGroupMapping>
+ <X509IssuerSerial>
+ <dsig:X509IssuerName>CN=TestUser,OU=MOA,O=BRZ,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>12345678</dsig:X509SerialNumber>
+ </X509IssuerSerial>
+ <KeyGroup id="allKeys"/>
+ </KeyGroupMapping>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <CRLArchive duration="365"/>
+ <CRLDistributionPoint>
+ <CAIssuerDN>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</CAIssuerDN>
+ <DistributionPoint uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/>
+ </CRLDistributionPoint>
+ <CRLDistributionPoint>
+ <CAIssuerDN>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</CAIssuerDN>
+ <DistributionPoint reasonCodes="keyCompromise affiliationChanged" uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/>
+ <DistributionPoint reasonCodes="certificateHold" uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/>
+ </CRLDistributionPoint>
+ <VerifyTransformsInfoProfile id="TransformsInfoProfile1MOAID" filename="profiles/TransformsInfoProfile1MOAID.xml"/>
+ <VerifyTransformsInfoProfile id="TransformsInfoProfile2MOAID" filename="profiles/TransformsInfoProfile2MOAID.xml"/>
+ <VerifyTransformsInfoProfile id="TransformsInfoProfile3MOAID" filename="profiles/TransformsInfoProfile3MOAID.xml"/>
+ <TrustProfile id="TrustProfile1" uri="C:/Programme/ApacheGroup/abnahme/conf/moa/trustprofiles/TrustProfile1"/>
+ <TrustProfile id="TrustProfile2" uri="C:/Programme/ApacheGroup/abnahme/conf/moa/trustprofiles/TrustProfile2"/>
+</MOAConfiguration>
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer
new file mode 100644
index 000000000..18e6bc109
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer
new file mode 100644
index 000000000..1cdc15c6e
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer
new file mode 100644
index 000000000..b5b39633d
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer
new file mode 100644
index 000000000..81f6fa658
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer
new file mode 100644
index 000000000..99936caa8
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der b/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der
new file mode 100644
index 000000000..3a3aa543d
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer
new file mode 100644
index 000000000..b5b39633d
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar b/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar
new file mode 100644
index 000000000..f25d73cd7
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar b/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar
new file mode 100644
index 000000000..c1fa1d645
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12 b/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12
new file mode 100644
index 000000000..8f7a201ac
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12 b/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12
new file mode 100644
index 000000000..f84e793c5
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12 b/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12
new file mode 100644
index 000000000..ff65f9fde
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12 b/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12
new file mode 100644
index 000000000..efaeb9b98
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12 b/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12
new file mode 100644
index 000000000..efaeb9b98
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12
Binary files differ
diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml
new file mode 100644
index 000000000..c4f5a52af
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml
new file mode 100644
index 000000000..dc4a97716
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml
new file mode 100644
index 000000000..17c4d8d54
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/abnahme-test/conf/moa/runAbnahme.bat b/id.server/data/abnahme-test/conf/moa/runAbnahme.bat
new file mode 100644
index 000000000..8f635081c
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/runAbnahme.bat
@@ -0,0 +1,12 @@
+C:
+cd\programme
+cd apacheGroup
+cd abnahme
+rem set moa.id.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml
+set moa.spss.server.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+rem set CATALINA_OPTS=-Dmoa.id.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml -Dlog4j.configuration=file:/C:\Programme\ApacheGroup\abnahme\conf\log4j.properties -Dmoa.spss.server.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+set MOA_ROOT=C:\Programme\ApacheGroup\abnahme\
+set CATALINA_OPTS=-Dmoa.spss.server.configuration=%MOA_ROOT%conf\moa\ConfigurationTest.xml -Dlog4j.configuration=file:/%MOA_ROOT%conf\moa\log4j.properties -Dmoa.id.configuration=%MOA_ROOT%conf\moa-id\ConfigurationTest.xml
+set CATALINA_HOME=C:\Programme\ApacheGroup\abnahme
+
+call bin\catalina run \ No newline at end of file
diff --git a/id.server/data/abnahme-test/conf/moa/server.xml b/id.server/data/abnahme-test/conf/moa/server.xml
new file mode 100644
index 000000000..75afa9955
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/moa/server.xml
@@ -0,0 +1,423 @@
+<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Comment these entries out to disable JMX MBeans support -->
+ <!-- You may also configure custom components (e.g. Valves/Realms) by
+ including your own mbean-descriptor file(s), and setting the
+ "descriptors" attribute to point to a ';' seperated list of paths
+ (in the ClassLoader sense) of files to add to the default list.
+ e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+ -->
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0"/>
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+ debug="0"/>
+
+ <!-- Global JNDI resources -->
+ <GlobalNamingResources>
+
+ <!-- Test entry for demonstration purposes -->
+ <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved">
+ </Resource>
+ <ResourceParams name="UserDatabase">
+ <parameter>
+ <name>factory</name>
+ <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+ </parameter>
+ <parameter>
+ <name>pathname</name>
+ <value>conf/tomcat-users.xml</value>
+ </parameter>
+ </ResourceParams>
+
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8080" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="100" debug="0" connectionTimeout="20000"
+ useURIValidationHack="false" disableUploadTimeout="true" />
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to -1 -->
+
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="false">
+ <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="server.keystore" keystorePass="changeit"/>
+ </Connector>
+
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" connectionTimeout="0"
+ useURIValidationHack="false"
+ protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <!--
+ <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ acceptCount="10" debug="0"/>
+ -->
+
+ <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+ <!-- See proxy documentation for more information about using this. -->
+ <!--
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8082" minProcessors="5" maxProcessors="75"
+ enableLookups="true"
+ acceptCount="100" debug="0" connectionTimeout="20000"
+ proxyPort="80" useURIValidationHack="false"
+ disableUploadTimeout="true" />
+ -->
+
+ <!-- Define a non-SSL legacy HTTP/1.1 Test Connector on port 8083 -->
+ <!--
+ <Connector className="org.apache.catalina.connector.http.HttpConnector"
+ port="8083" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" />
+ -->
+
+ <!-- Define a non-SSL HTTP/1.0 Test Connector on port 8084 -->
+ <!--
+ <Connector className="org.apache.catalina.connector.http10.HttpConnector"
+ port="8084" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" />
+ -->
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+ <Engine name="Standalone" defaultHost="localhost" debug="0" jmvRoute="jvm1">
+ -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ debug="0" resourceName="UserDatabase"/>
+
+ <!-- Comment out the old realm but leave here for now in case we
+ need to go back quickly -->
+ <!--
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ -->
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="org.gjt.mm.mysql.Driver"
+ connectionURL="jdbc:mysql://localhost/authority"
+ connectionName="test" connectionPassword="test"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="oracle.jdbc.driver.OracleDriver"
+ connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+ connectionName="scott" connectionPassword="tiger"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+ connectionURL="jdbc:odbc:CATALINA"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common" resolveHosts="false"/>
+ -->
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="ROOT" debug="0"/>
+ -->
+
+ <!-- Tomcat Examples Context -->
+ <Context path="/examples" docBase="examples" debug="0"
+ reloadable="true" crossContext="true">
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="localhost_examples_log." suffix=".txt"
+ timestamp="true"/>
+ <Ejb name="ejb/EmplRecord" type="Entity"
+ home="com.wombat.empl.EmployeeRecordHome"
+ remote="com.wombat.empl.EmployeeRecord"/>
+
+ <!-- If you wanted the examples app to be able to edit the
+ user database, you would uncomment the following entry.
+ Of course, you would want to enable security on the
+ application as well, so this is not done by default!
+ The database object could be accessed like this:
+
+ Context initCtx = new InitialContext();
+ Context envCtx = (Context) initCtx.lookup("java:comp/env");
+ UserDatabase database =
+ (UserDatabase) envCtx.lookup("userDatabase");
+ -->
+<!--
+ <ResourceLink name="userDatabase" global="UserDatabase"
+ type="org.apache.catalina.UserDatabase"/>
+-->
+
+
+ <!-- PersistentManager: Uncomment the section below to test Persistent
+ Sessions.
+
+ saveOnRestart: If true, all active sessions will be saved
+ to the Store when Catalina is shutdown, regardless of
+ other settings. All Sessions found in the Store will be
+ loaded on startup. Sessions past their expiration are
+ ignored in both cases.
+ maxActiveSessions: If 0 or greater, having too many active
+ sessions will result in some being swapped out. minIdleSwap
+ limits this. -1 or 0 means unlimited sessions are allowed.
+ If it is not possible to swap sessions new sessions will
+ be rejected.
+ This avoids thrashing when the site is highly active.
+ minIdleSwap: Sessions must be idle for at least this long
+ (in seconds) before they will be swapped out due to
+ activity.
+ 0 means sessions will almost always be swapped out after
+ use - this will be noticeably slow for your users.
+ maxIdleSwap: Sessions will be swapped out if idle for this
+ long (in seconds). If minIdleSwap is higher, then it will
+ override this. This isn't exact: it is checked periodically.
+ -1 means sessions won't be swapped out for this reason,
+ although they may be swapped out for maxActiveSessions.
+ If set to >= 0, guarantees that all sessions found in the
+ Store will be loaded on startup.
+ maxIdleBackup: Sessions will be backed up (saved to the Store,
+ but left in active memory) if idle for this long (in seconds),
+ and all sessions found in the Store will be loaded on startup.
+ If set to -1 sessions will not be backed up, 0 means they
+ should be backed up shortly after being used.
+
+ To clear sessions from the Store, set maxActiveSessions, maxIdleSwap,
+ and minIdleBackup all to -1, saveOnRestart to false, then restart
+ Catalina.
+ -->
+ <!--
+ <Manager className="org.apache.catalina.session.PersistentManager"
+ debug="0"
+ saveOnRestart="true"
+ maxActiveSessions="-1"
+ minIdleSwap="-1"
+ maxIdleSwap="-1"
+ maxIdleBackup="-1">
+ <Store className="org.apache.catalina.session.FileStore"/>
+ </Manager>
+ -->
+ <Environment name="maxExemptions" type="java.lang.Integer"
+ value="15"/>
+ <Parameter name="context.param.name" value="context.param.value"
+ override="false"/>
+ <Resource name="jdbc/EmployeeAppDb" auth="SERVLET"
+ type="javax.sql.DataSource"/>
+ <ResourceParams name="jdbc/EmployeeAppDb">
+ <parameter><name>username</name><value>sa</value></parameter>
+ <parameter><name>password</name><value></value></parameter>
+ <parameter><name>driverClassName</name>
+ <value>org.hsql.jdbcDriver</value></parameter>
+ <parameter><name>url</name>
+ <value>jdbc:HypersonicSQL:database</value></parameter>
+ </ResourceParams>
+ <Resource name="mail/Session" auth="Container"
+ type="javax.mail.Session"/>
+ <ResourceParams name="mail/Session">
+ <parameter>
+ <name>mail.smtp.host</name>
+ <value>localhost</value>
+ </parameter>
+ </ResourceParams>
+ <ResourceLink name="linkToGlobalResource"
+ global="simpleValue"
+ type="java.lang.Integer"/>
+ </Context>
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+
+ <!-- Define an Apache-Connector Service -->
+<!--
+ <Service name="Tomcat-Apache">
+
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true" appBase="webapps"
+ acceptCount="10" debug="0"/>
+
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0">
+
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt"
+ timestamp="true"/>
+
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+
+ </Engine>
+
+ </Service>
+-->
+
+</Server>
diff --git a/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml b/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml
new file mode 100644
index 000000000..e003297f4
--- /dev/null
+++ b/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties b/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties
new file mode 100644
index 000000000..35a41cfdd
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties
@@ -0,0 +1,94 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses to maintain the available algorithms.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Canonicalization algorithms
+#
+# The following properties (starting with "Canonicalization.") are associations between canonicalization
+# algorithm URIs and their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the canonicalization algorithm
+# with the identifying URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", the name of the algorithm
+# property is "Canonicalization.http://www.w3.org/TR/2001/REC-xml-c14n-20010315", i.e. the identifying URI,
+# prepended by the canonicalization algorithm property identifier ("Canonicalization."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard impl. shipped with IXSIL, "iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXMLWithComments
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXML
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments
+
+#----------------------------------------------------------------------------------------------------------
+# Signature algorithms
+#
+# The following properties (starting with "Signature.") are associations between signature algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the signature algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1", the name of the algorithm
+# property is "Signature.http://www.w3.org/2000/09/xmldsig#rsa-sha1", i.e. the identifying URI,
+# prepended by the signature algorithm property identifier ("Signature."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.SignatureAlgorithmImplRSA".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Signature.http\://www.w3.org/2000/09/xmldsig#rsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplRSA
+Signature.http\://www.w3.org/2000/09/xmldsig#dsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplDSA
+Signature.http\://www.w3.org/2000/09/xmldsig#hmac-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Digest algorithms
+#
+# The following properties (starting with "Digest.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the digest algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#sha1", the name of the algorithm
+# property is "Digest.http://www.w3.org/2000/09/xmldsig#sha1", i.e. the identifying URI,
+# prepended by the digest algorithm property identifier ("Digest."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.DigestAlgorithmImplSHA1".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Digest.http\://www.w3.org/2000/09/xmldsig#sha1 = iaik.ixsil.algorithms.DigestAlgorithmImplSHA1
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Transform algorithms
+#
+# The following properties (starting with "Transform.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the transform algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#base64", the name of the algorithm
+# property is "Transform.http://www.w3.org/2000/09/xmldsig#base64", i.e. the identifying URI,
+# prepended by the transform algorithm property identifier ("Transform."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.TransformImplBase64Decode".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.TransformImplCanonicalXML
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXMLWithComments
+Transform.http\://www.w3.org/2000/09/xmldsig#base64 = iaik.ixsil.algorithms.TransformImplBase64Decode
+Transform.http\://www.w3.org/TR/1999/REC-xpath-19991116 = iaik.ixsil.algorithms.TransformImplXPath
+Transform.http\://www.w3.org/2000/09/xmldsig#enveloped-signature = iaik.ixsil.algorithms.TransformImplEnvelopedSignature
+Transform.http\://www.w3.org/TR/1999/REC-xslt-19991116 = iaik.ixsil.algorithms.TransformImplXSLT
+Transform.http\://www.w3.org/2002/06/xmldsig-filter2 = iaik.ixsil.algorithms.TransformImplXPath2
diff --git a/id.server/data/abnahme-test/ixsil/init/properties/init.properties b/id.server/data/abnahme-test/ixsil/init/properties/init.properties
new file mode 100644
index 000000000..a309959cc
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/properties/init.properties
@@ -0,0 +1,214 @@
+# IXSIL init properties
+#
+# This file contains the basic initialization properties for IXSIL.
+
+#----------------------------------------------------------------------------------------------------------
+# Properties for localizing exeption messages
+
+# This property specifies the ISO language code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOLanguageCode = "en"
+
+
+
+# This property specifies the ISO country code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOCountryCode = "US"
+
+
+#----------------------------------------------------------------------------------------------------------
+# Other property files
+
+# This property contains a URI specifying the (virtual) location of the IXSIL init properties file (i. e.
+# this file). The URI MUST be absolute.
+#
+# The use of this property is optional. It is only needed by IXSIL, if the library will be initialized using
+# the method IXSILInit.init(Properties, Properties, Properties). In this case it is used by IXSIL as the
+# base URI for absolutizing other property URIs, such as "DOMUtils.SignatureSchema" (see below).
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/init.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/init.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/init.properties"
+
+location.initProperties = file:data/abnahme/test/ixsil/init/properties/init.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL algorithm properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/algorithms.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/algorithms.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/algorithms.properties"
+# Example 4 (relative URI): "../otherpath/algorithms.properties"
+# Example 5 (relative URI): "algorithms.properties"
+
+location.algorithmsProperties = file:data/abnahme/test/ixsil/init/properties/algorithms.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL keyManager properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/keyManager.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/keyManager.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/keyManager.properties"
+# Example 4 (relative URI): "../otherpath/keyManager.properties"
+# Example 5 (relative URI): "keyManager.properties"
+
+location.keyManagerProperties = file:data/abnahme/test/ixsil/init/properties/keyManager.properties
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# AlgorithmFactory properties
+
+
+
+This property specifies the extension class for the abstract class
+iaik.ixsil.algorithms.AlgorithmFactory, which is instantiated at invokation of method
+iaik.ixsil.algorithms.AlgorithmFactory.createFactory().
+Please specifiy the fully qualified java class name for the class to be instantiated.
+
+AlgorithmFactory.ImplementingClass = iaik.ixsil.algorithms.AlgorithmFactoryDefaultImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# VerifierKeyManager properties
+
+# This property specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.VerifierKeyManager, which is instantiated by IXSIL in the verification use case, if the
+# signature algorithm does not know about the verification key, and if the XML signature bears a KeyInfo
+# element which contains hints that can be used to deduce the verification key.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+VerifierKeyManager.ImplementingClass = iaik.ixsil.keyinfo.KeyManagerImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XML namespace prefix properties
+
+# This property specifies the namespace prefix used for XML elements from the XML-Signature namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSignature = dsig:
+
+
+
+# This property specifies the namespace prefix used for XML elements from the XML Schema instance namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSchemaInstance = xsi:
+
+
+#----------------------------------------------------------------------------------------------------------
+# DOMUtils properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.DOMUtilsInterface, which contains a couple of DOM utility methods, which IXSIL relies
+# on. If you would like to employ a parser different from Apache Xerces, you must implement the
+# DOMUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+DOMUtils.ImplementingClass = iaik.ixsil.util.DOMUtilsImpl
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter WARNINGS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportWarnings = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter ERRORS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter FATAL ERRORS generated by the Apache Xerces parser should lead to a parser
+# exception or not.
+
+DOMUtils.ErrorHandler.reportFatalErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies an URI for the location of the XML schema for an XML signature, which is used as the
+# reference grammar in method iaik.ixsil.util.DOMUtilsImpl.schemaValidateSignatureElement.
+# The URI can be absolute or relative. If the URI is relative, it will be absolutized using the URI for
+# this init property file as the base.
+
+DOMUtils.SignatureSchema = ../schemas/Signature.xsd
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XPathUtils properties
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.XPathUtilsInterface, which contains a couple of XPath utility methods, which IXSIL relies
+# on. If you would like to employ a XPath engine different from Apache Xalan, you must implement the
+# XPathUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+XPathUtils.ImplementingClass = iaik.ixsil.util.XPathUtilsImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# CanonicalXMLSerializer properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.CanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML according
+# to "Canonical XML" (see http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If you would like to employ an
+# implemenation different from the standard implementation shipped with IXSIL, you must implement the
+# CanonicalXMLSerialierInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.CanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.ExclusiveCanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML
+# according to "Exclusive XML Canonicalization" (see http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120).
+# If you would like to employ an implemenation different from the standard implementation shipped with
+# IXSIL, you must implement the ExclusiveCanonicalXMLSerialierInterface and specify your implementation
+# class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.ExclusiveCanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
diff --git a/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties b/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties
new file mode 100644
index 000000000..24ece437a
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties
@@ -0,0 +1,74 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses in context of key management.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties are associations between the fully qualified XMLname of a "KeyInfo" subelement,
+# as used in an XML signature to specify hints how the verifier can obtain the verification key, and that
+# implementation class of the interface iaik.ixsil.keyinfo.KeyProviderInterface, which will manage
+# subelements of that type.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# For instance, if you would like to specify the key provider implementation for "KeyValue" subelements,
+# the property name is the fully qualified XML name for the "KeyValue" element, namely
+# "http://www.w3.org/2000/09/xmldsig#:KeyValue". The value of the property is the fully qualified class
+# name of the key provider implementation class, for instance the standard implementation which ships with
+# IXSIL: "iaik.ixsil.keyinfo.KeyProviderImplKeyValue".
+#
+# PLEASE NOTE (I): A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+#
+# PLEASE NOTE (II): The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+http\://www.w3.org/2000/09/xmldsig#\:KeyValue = iaik.ixsil.keyinfo.KeyProviderImplKeyValue
+http\://www.w3.org/2000/09/xmldsig#\:X509Data = iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data
+http\://www.w3.org/2000/09/xmldsig#\:RetrievalMethod = iaik.ixsil.keyinfo.retrieval.KeyProviderImplRetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties specify the order in which the different types of "KeyInfo" subelements are used
+# by the key manager to deduce the verification key.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# The properties are associations between a two digit number and the fully qualified XML name of a "KeyInfo"
+# subelement. The lower the number, the more important is the associated "KeyInfo" sublement. Consider an
+# example configuration:
+#
+# Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+# Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+#
+# In this configuration, the key manager first tries to use "KeyValue" subelements to deduce the
+# verification key. Only if this does not succeed, the key manager uses "X509Data" subelements as a second
+# chance. Of course you can specify more than only two different subelement types.
+#
+# PLEASE NOTE: A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+
+Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+Subelement.03 = http://www.w3.org/2000/09/xmldsig#:RetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following property is used by standard implementation of the "X509Data" key provider, which ships
+# with IXSIL, namely "KeyProviderImplX509Data". It specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.x509.X509TrustManagerInterface, which is to be instantiated as the backbone trust
+# manager for this key provider.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+KeyProviderImplX509Data.X509TrustManagerDefaultImplementingClass = iaik.ixsil.keyinfo.x509.X509TrustManagerDummyImpl
+
diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd b/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd
new file mode 100644
index 000000000..ed7719dfb
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd
@@ -0,0 +1,328 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ SYSTEM "XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2003/04/08 07:20:16 $ by $Author: knirsch $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<!-- modified to ensure that whiteSpace is preserved
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+ -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="string">
+ <whiteSpace value="preserve"/>
+ <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/>
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="ds:CryptoBinary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="ds:CryptoBinary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="ds:CryptoBinary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="ds:CryptoBinary"/>
+ <element name="X509CRL" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="ds:CryptoBinary"/>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd b/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd
new file mode 100644
index 000000000..c55a9a819
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd
@@ -0,0 +1,402 @@
+<!-- DTD for XML Schemas: Part 1: Structures
+ Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+ Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.1 2003/04/08 07:20:16 knirsch Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. --> <!--d-->
+<!-- prose copy in the structures REC is the definitive version --> <!--d-->
+<!-- (which shouldn't differ from this one except for this --> <!--d-->
+<!-- comment and entity expansions, but just in case) --> <!--d-->
+<!-- With the exception of cases with multiple namespace
+ prefixes for the XML Schema namespace, any XML document which is
+ not valid per this DTD given redefinitions in its internal subset of the
+ 'p' and 's' parameter entities below appropriate to its namespace
+ declaration of the XML Schema namespace is almost certainly not
+ a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+ are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+ schema document to establish a different
+ namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+ also define %s as the suffix for the appropriate
+ namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+ Define one of these if your schema takes advantage of the
+ anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+ <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+ <!-- #all or space-separated list drawn from
+ derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+ which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+ ((%simpleType; | %complexType;
+ | %element; | %attribute;
+ | %attributeGroup; | %group;
+ | %notation; ),
+ (%annotation;)*)* )>
+<!ATTLIST %schema;
+ targetNamespace %URIref; #IMPLIED
+ version CDATA #IMPLIED
+ %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema'
+ xmlns CDATA #IMPLIED
+ finalDefault %complexDerivationSet; ''
+ blockDefault %blockSet; ''
+ id ID #IMPLIED
+ elementFormDefault %formValues; 'unqualified'
+ attributeFormDefault %formValues; 'unqualified'
+ xml:lang CDATA #IMPLIED
+ %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+ because at the Infoset level where schemas operate,
+ xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+
+<!-- The id attribute here and below is for use in external references
+ from non-schemas using simple fragment identifiers.
+ It is NOT used for schema-to-schema reference, internal or
+ external. -->
+
+<!-- a type is a named content type specification which allows attribute
+ declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+ (%simpleContent;|%complexContent;|
+ %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %complexDerivationSet; #IMPLIED
+ mixed (true|false) 'false'
+ %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+ has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+ and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+ mixed (true|false) #IMPLIED
+ id ID #IMPLIED
+ %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+ one from part2; extension should use the full model -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+ id ID #IMPLIED
+ %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the
+ one defined above; extension should have no particle -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+ base %QName; #REQUIRED
+ id ID #IMPLIED
+ %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+ (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ nillable %boolean; #IMPLIED
+ substitutionGroup %QName; #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %blockSet; #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+ substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group;
+ name %NCName; #IMPLIED
+ ref %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+ minOccurs (1) #IMPLIED
+ maxOccurs (1) #IMPLIED
+ id ID #IMPLIED
+ %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+ a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+ If order is 'all' THIS group must be alone (or referenced alone) at
+ the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ minOccurs %nonNegativeInteger; '1'
+ maxOccurs CDATA '1'
+ id ID #IMPLIED
+ %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+ ##any - - any non-conflicting WFXML at all
+
+ ##other - - any non-conflicting WFXML from namespace other
+ than targetNamespace
+
+ ##local - - any unqualified non-conflicting WFXML/attribute
+ one or - - any non-conflicting WFXML from
+ more URI the listed namespaces
+ references
+
+ ##targetNamespace ##local may appear in the above list,
+ with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ id ID #IMPLIED
+ %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ use (prohibited|optional|required) #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+ reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+ (%attribute; | %attributeGroup;)*,
+ (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name. ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %uniqueAttrs;>
+
+<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+ name %NCName; #REQUIRED
+ refer %QName; #REQUIRED
+ id ID #IMPLIED
+ %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+ namespace %URIref; #IMPLIED
+ schemaLocation %URIref; #IMPLIED
+ id ID #IMPLIED
+ %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+ %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ public CDATA #REQUIRED
+ system %URIref; #IMPLIED
+ %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+ as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+ to work -->
+<!ELEMENT %appinfo; ANY> <!-- too restrictive -->
+<!ATTLIST %appinfo;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ %appinfoAttrs;>
+<!ELEMENT %documentation; ANY> <!-- too restrictive -->
+<!ATTLIST %documentation;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ xml:lang CDATA #IMPLIED
+ %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+ 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+ 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd b/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd
new file mode 100644
index 000000000..59bf31d52
--- /dev/null
+++ b/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd
@@ -0,0 +1,203 @@
+<!--
+ DTD for XML Schemas: Part 2: Datatypes
+ $Id: datatypes.dtd,v 1.1 2003/04/08 07:20:16 knirsch Exp $
+ Note this DTD is NOT normative, or even definitive. - - the
+ prose copy in the datatypes REC is the definitive version
+ (which shouldn't differ from this one except for this comment
+ and entity expansions, but just in case)
+ -->
+
+<!--
+ This DTD cannot be used on its own, it is intended
+ only for incorporation in XMLSchema.dtd, q.v.
+ -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+ Customisation entities for the ATTLIST of each element
+ type. Define one of these if your schema takes advantage
+ of the anyAttribute='##other' in the schema for schemas
+ -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+ types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+ #all or space-separated list drawn from derivationChoice
+ -->
+
+<!--
+ Note that the use of 'facet' below is less restrictive
+ than is really intended: There should in fact be no
+ more than one of each of minInclusive, minExclusive,
+ maxInclusive, maxExclusive, totalDigits, fractionDigits,
+ length, maxLength, minLength within datatype,
+ and the min- and max- variants of Inclusive and Exclusive
+ are mutually exclusive. On the other hand, pattern and
+ enumeration may repeat.
+ -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+ "%pattern; | %enumeration; | %whiteSpace; | %length; |
+ %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr
+ "value CDATA #REQUIRED
+ id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+ ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+ name %NCName; #IMPLIED
+ final %simpleDerivationSet; #IMPLIED
+ id ID #IMPLIED
+ %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+ (%restriction1; |
+ ((%simpleType;)?,(%facet;)*)),
+ (%attrDecls;))>
+<!ATTLIST %restriction;
+ base %QName; #IMPLIED
+ id ID #IMPLIED
+ %restrictionAttrs;>
+<!--
+ base and simpleType child are mutually exclusive,
+ one is required.
+
+ restriction is shared between simpleType and
+ simpleContent and complexContent (in XMLSchema.xsd).
+ restriction1 is for the latter cases, when this
+ is restricting a complex type, as is attrDecls.
+ -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+ itemType %QName; #IMPLIED
+ id ID #IMPLIED
+ %listAttrs;>
+<!--
+ itemType and simpleType child are mutually exclusive,
+ one is required
+ -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+ id ID #IMPLIED
+ memberTypes %QNames; #IMPLIED
+ %unionAttrs;>
+<!--
+ At least one item in memberTypes or one simpleType
+ child is required
+ -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+ %facetAttr;
+ %fixedAttr;
+ %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+ %facetAttr;
+ %fixedAttr;
+ %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+ %facetAttr;
+ %fixedAttr;
+ %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+ %facetAttr;
+ %fixedAttr;
+ %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+ %facetAttr;
+ %fixedAttr;
+ %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+ %facetAttr;
+ %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+ %facetAttr;
+ %fixedAttr;
+ %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+ %facetAttr;
+ %patternAttrs;>
diff --git a/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html
new file mode 100644
index 000000000..5f3812dbe
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html
@@ -0,0 +1,177 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login - customized</title>
+</head>
+<body>
+<h1>MOA ID Auth Sample Login - customized</h1>
+<form name="CustomizedForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; ?&gt;&lt;sl10:InfoboxReadRequest xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;sl10:InfoboxIdentifier&gt;IdentityLink&lt;/sl10:InfoboxIdentifier&gt;&lt;sl10:BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/sl10:InfoboxReadRequest&gt;"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;sl11:VerifyXMLSignatureRequest xmlns:sl11=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020831#&quot; xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot; xmlns:xml=&quot;http://www.w3.org/XML/1998/namespace&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ &lt;sl11:SignatureInfo&gt;
+ &lt;sl11:SignatureEnvironment&gt;
+ &lt;sl10:XMLContent xml:space=&quot;preserve&quot;&gt;&lt;dsig:Signature Id=&quot;HS_signature&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;&lt;dsig:SignedInfo&gt;&lt;dsig:CanonicalizationMethod Algorithm=&quot;http://www.w3.org/TR/2001/REC-xml-c14n-20010315&quot;/&gt;&lt;dsig:SignatureMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#rsa-sha1&quot;/&gt;&lt;dsig:Reference Id=&quot;reference-data-1&quot; URI=&quot;#signed-data&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;signed-data&apos;)/node()&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;C0hW5jQojphweuFzPb+CNkHwhe4=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;dsig:Reference Type=&quot;http://uri.etsi.org/01903/v1.1.1#SignedProperties&quot; URI=&quot;#refetsi&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;Bdsc7wAfyMyZ21ChcF+tRh3D7sU=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;/dsig:SignedInfo&gt;&lt;dsig:SignatureValue&gt;lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh
+qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p
+tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=&lt;/dsig:SignatureValue&gt;&lt;dsig:KeyInfo&gt;&lt;dsig:X509Data&gt;&lt;dsig:X509Certificate&gt;MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==&lt;/dsig:X509Certificate&gt;&lt;/dsig:X509Data&gt;&lt;/dsig:KeyInfo&gt;&lt;dsig:Object Id=&quot;signed-data&quot;&gt;&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;&Uuml;berpr&uuml;fung des Namen des Anmelde-Servers&lt;/title&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;h2&gt;Pr&uuml;fung der Identit&auml;t des MOA-ID Servers&lt;/h2&gt;
+
+Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden,
+wird empfohlen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.
+Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates.
+Ihre Aufgabe ist es zu &uuml;berpr&uuml;fen, ob das Server-Zertifikat von einem Unternehmen ausgestellt
+wurde, dem Sie vertrauen.
+&lt;p&gt;
+Die folgenden Abs&auml;tze beschreiben, wie Sie diese &Uuml;berpr&uuml;fung durchf&uuml;hren k&ouml;nnen.
+F&uuml;hren Sie jene Arbeitsschritte durch, die f&uuml;r den von Ihnen verwendeten Webbrowser zutreffend sind.
+&lt;/p&gt;
+&lt;h3&gt;Microsoft Internet Explorer 6.0&lt;/h3&gt;
+
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschlo&szlig; am unteren Rand des Browsers.&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikat&quot; den Karteireiter &quot;Zertifizierungspfad&quot;.&lt;/li&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Karteireiter &quot;Details&quot;, Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck (Karteireiter &quot;Details&quot;, unterster Eintrag) des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das in Schritt 3. ge&ouml;ffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit
+einem roten Kreuz. Sie k&ouml;nnen das Zertifikat installieren, indem Sie die Schaltfl&auml;che &quot;Zertifikat installieren ...&quot;
+(Karteireiter &quot;Allgemein&quot;) aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate
+vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+&lt;h3&gt;Netscape Navigator 7.0&lt;/h3&gt;
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie die Schaltfl&auml;che &quot;Anzeigen&quot;&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikatsanzeige&quot; den Karteireiter &quot;Detail&quot;.&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert k&ouml;nnen Sie das Zertifikat installieren,
+indem Sie die &quot;*.cer&quot; Datei mit Netscape Navigator &ouml;ffnen. In der Folge werden alle von dieser Zertifizierungsstelle
+ausgestellten Zertifikate vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+
+&lt;h2&gt;Zertifikate und ihr Fingerabdruck&lt;/h2&gt;
+
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;111 (0x6f)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;531 (0x213)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;536 (0x0218)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;/body&gt;
+&lt;/html&gt;&lt;/dsig:Object&gt;&lt;dsig:Object Id=&quot;refetsi&quot;&gt;&lt;etsi:QualifyingProperties Target=&quot;#HS_signature&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot;&gt;&lt;etsi:SignedProperties&gt;&lt;etsi:SignedSignatureProperties&gt;&lt;etsi:SigningTime&gt;2003-05-06T07:09:50Z&lt;/etsi:SigningTime&gt;&lt;etsi:SigningCertificate&gt;&lt;etsi:Cert&gt;&lt;etsi:CertDigest&gt;&lt;etsi:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;etsi:DigestValue&gt;Frhu1o4mL4gQHdJcU0xSA/h4COE=&lt;/etsi:DigestValue&gt;&lt;/etsi:CertDigest&gt;&lt;etsi:IssuerSerial&gt;&lt;dsig:X509IssuerName&gt;CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;&lt;dsig:X509SerialNumber&gt;6455&lt;/dsig:X509SerialNumber&gt;&lt;/etsi:IssuerSerial&gt;&lt;/etsi:Cert&gt;&lt;/etsi:SigningCertificate&gt;&lt;etsi:SignaturePolicyIdentifier&gt;&lt;etsi:SignaturePolicyImplied/&gt;&lt;/etsi:SignaturePolicyIdentifier&gt;&lt;/etsi:SignedSignatureProperties&gt;&lt;etsi:SignedDataObjectProperties&gt;&lt;etsi:DataObjectFormat ObjectReference=&quot;#reference-data-1&quot;&gt;&lt;etsi:MimeType&gt;text/html&lt;/etsi:MimeType&gt;&lt;/etsi:DataObjectFormat&gt;&lt;/etsi:SignedDataObjectProperties&gt;&lt;/etsi:SignedProperties&gt;&lt;/etsi:QualifyingProperties&gt;&lt;/dsig:Object&gt;&lt;/dsig:Signature&gt;&lt;/sl10:XMLContent&gt;
+ &lt;/sl11:SignatureEnvironment&gt;
+ &lt;sl11:SignatureLocation&gt;//dsig:Signature&lt;/sl11:SignatureLocation&gt;
+ &lt;/sl11:SignatureInfo&gt;
+&lt;/sl11:VerifyXMLSignatureRequest&gt;
+"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.
+ <input type="submit" value="Weitere Info"/>
+</form></body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html
new file mode 100644
index 000000000..7ba249f98
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html
@@ -0,0 +1,177 @@
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<html>
+<head>
+<title>Auslesen der Personenbindung</title>
+</head>
+<body>
+<form name="GetIdentityLinkForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; ?&gt;&lt;sl10:InfoboxReadRequest xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;sl10:InfoboxIdentifier&gt;IdentityLink&lt;/sl10:InfoboxIdentifier&gt;&lt;sl10:BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/sl10:InfoboxReadRequest&gt;"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/>
+ <input type="submit" value="Auslesen der Personenbindung"/>
+</form>
+<form name="CertificateInfoForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;sl11:VerifyXMLSignatureRequest xmlns:sl11=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020831#&quot; xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot; xmlns:xml=&quot;http://www.w3.org/XML/1998/namespace&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ &lt;sl11:SignatureInfo&gt;
+ &lt;sl11:SignatureEnvironment&gt;
+ &lt;sl10:XMLContent xml:space=&quot;preserve&quot;&gt;&lt;dsig:Signature Id=&quot;HS_signature&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;&lt;dsig:SignedInfo&gt;&lt;dsig:CanonicalizationMethod Algorithm=&quot;http://www.w3.org/TR/2001/REC-xml-c14n-20010315&quot;/&gt;&lt;dsig:SignatureMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#rsa-sha1&quot;/&gt;&lt;dsig:Reference Id=&quot;reference-data-1&quot; URI=&quot;#signed-data&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;signed-data&apos;)/node()&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;C0hW5jQojphweuFzPb+CNkHwhe4=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;dsig:Reference Type=&quot;http://uri.etsi.org/01903/v1.1.1#SignedProperties&quot; URI=&quot;#refetsi&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;Bdsc7wAfyMyZ21ChcF+tRh3D7sU=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;/dsig:SignedInfo&gt;&lt;dsig:SignatureValue&gt;lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh
+qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p
+tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=&lt;/dsig:SignatureValue&gt;&lt;dsig:KeyInfo&gt;&lt;dsig:X509Data&gt;&lt;dsig:X509Certificate&gt;MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==&lt;/dsig:X509Certificate&gt;&lt;/dsig:X509Data&gt;&lt;/dsig:KeyInfo&gt;&lt;dsig:Object Id=&quot;signed-data&quot;&gt;&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;&Uuml;berpr&uuml;fung des Namen des Anmelde-Servers&lt;/title&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;h2&gt;Pr&uuml;fung der Identit&auml;t des MOA-ID Servers&lt;/h2&gt;
+
+Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden,
+wird empfohlen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.
+Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates.
+Ihre Aufgabe ist es zu &uuml;berpr&uuml;fen, ob das Server-Zertifikat von einem Unternehmen ausgestellt
+wurde, dem Sie vertrauen.
+&lt;p&gt;
+Die folgenden Abs&auml;tze beschreiben, wie Sie diese &Uuml;berpr&uuml;fung durchf&uuml;hren k&ouml;nnen.
+F&uuml;hren Sie jene Arbeitsschritte durch, die f&uuml;r den von Ihnen verwendeten Webbrowser zutreffend sind.
+&lt;/p&gt;
+&lt;h3&gt;Microsoft Internet Explorer 6.0&lt;/h3&gt;
+
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschlo&szlig; am unteren Rand des Browsers.&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikat&quot; den Karteireiter &quot;Zertifizierungspfad&quot;.&lt;/li&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Karteireiter &quot;Details&quot;, Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck (Karteireiter &quot;Details&quot;, unterster Eintrag) des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das in Schritt 3. ge&ouml;ffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit
+einem roten Kreuz. Sie k&ouml;nnen das Zertifikat installieren, indem Sie die Schaltfl&auml;che &quot;Zertifikat installieren ...&quot;
+(Karteireiter &quot;Allgemein&quot;) aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate
+vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+&lt;h3&gt;Netscape Navigator 7.0&lt;/h3&gt;
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie die Schaltfl&auml;che &quot;Anzeigen&quot;&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikatsanzeige&quot; den Karteireiter &quot;Detail&quot;.&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert k&ouml;nnen Sie das Zertifikat installieren,
+indem Sie die &quot;*.cer&quot; Datei mit Netscape Navigator &ouml;ffnen. In der Folge werden alle von dieser Zertifizierungsstelle
+ausgestellten Zertifikate vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+
+&lt;h2&gt;Zertifikate und ihr Fingerabdruck&lt;/h2&gt;
+
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;111 (0x6f)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;531 (0x213)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;536 (0x0218)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;/body&gt;
+&lt;/html&gt;&lt;/dsig:Object&gt;&lt;dsig:Object Id=&quot;refetsi&quot;&gt;&lt;etsi:QualifyingProperties Target=&quot;#HS_signature&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot;&gt;&lt;etsi:SignedProperties&gt;&lt;etsi:SignedSignatureProperties&gt;&lt;etsi:SigningTime&gt;2003-05-06T07:09:50Z&lt;/etsi:SigningTime&gt;&lt;etsi:SigningCertificate&gt;&lt;etsi:Cert&gt;&lt;etsi:CertDigest&gt;&lt;etsi:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;etsi:DigestValue&gt;Frhu1o4mL4gQHdJcU0xSA/h4COE=&lt;/etsi:DigestValue&gt;&lt;/etsi:CertDigest&gt;&lt;etsi:IssuerSerial&gt;&lt;dsig:X509IssuerName&gt;CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;&lt;dsig:X509SerialNumber&gt;6455&lt;/dsig:X509SerialNumber&gt;&lt;/etsi:IssuerSerial&gt;&lt;/etsi:Cert&gt;&lt;/etsi:SigningCertificate&gt;&lt;etsi:SignaturePolicyIdentifier&gt;&lt;etsi:SignaturePolicyImplied/&gt;&lt;/etsi:SignaturePolicyIdentifier&gt;&lt;/etsi:SignedSignatureProperties&gt;&lt;etsi:SignedDataObjectProperties&gt;&lt;etsi:DataObjectFormat ObjectReference=&quot;#reference-data-1&quot;&gt;&lt;etsi:MimeType&gt;text/html&lt;/etsi:MimeType&gt;&lt;/etsi:DataObjectFormat&gt;&lt;/etsi:SignedDataObjectProperties&gt;&lt;/etsi:SignedProperties&gt;&lt;/etsi:QualifyingProperties&gt;&lt;/dsig:Object&gt;&lt;/dsig:Signature&gt;&lt;/sl10:XMLContent&gt;
+ &lt;/sl11:SignatureEnvironment&gt;
+ &lt;sl11:SignatureLocation&gt;//dsig:Signature&lt;/sl11:SignatureLocation&gt;
+ &lt;/sl11:SignatureInfo&gt;
+&lt;/sl11:VerifyXMLSignatureRequest&gt;
+"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/>
+ <input type="submit" value="Information zu Wurzelzertifikaten"/>
+</form>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html
new file mode 100644
index 000000000..5f3812dbe
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html
@@ -0,0 +1,177 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login - customized</title>
+</head>
+<body>
+<h1>MOA ID Auth Sample Login - customized</h1>
+<form name="CustomizedForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; ?&gt;&lt;sl10:InfoboxReadRequest xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;sl10:InfoboxIdentifier&gt;IdentityLink&lt;/sl10:InfoboxIdentifier&gt;&lt;sl10:BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/sl10:InfoboxReadRequest&gt;"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;sl11:VerifyXMLSignatureRequest xmlns:sl11=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020831#&quot; xmlns:sl10=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot; xmlns:xml=&quot;http://www.w3.org/XML/1998/namespace&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
+ &lt;sl11:SignatureInfo&gt;
+ &lt;sl11:SignatureEnvironment&gt;
+ &lt;sl10:XMLContent xml:space=&quot;preserve&quot;&gt;&lt;dsig:Signature Id=&quot;HS_signature&quot; xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;&lt;dsig:SignedInfo&gt;&lt;dsig:CanonicalizationMethod Algorithm=&quot;http://www.w3.org/TR/2001/REC-xml-c14n-20010315&quot;/&gt;&lt;dsig:SignatureMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#rsa-sha1&quot;/&gt;&lt;dsig:Reference Id=&quot;reference-data-1&quot; URI=&quot;#signed-data&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;signed-data&apos;)/node()&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;C0hW5jQojphweuFzPb+CNkHwhe4=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;dsig:Reference Type=&quot;http://uri.etsi.org/01903/v1.1.1#SignedProperties&quot; URI=&quot;#refetsi&quot;&gt;&lt;dsig:Transforms&gt;&lt;dsig:Transform Algorithm=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;&lt;xf2:XPath Filter=&quot;intersect&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot; xmlns:xf2=&quot;http://www.w3.org/2002/06/xmldsig-filter2&quot;&gt;id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties&lt;/xf2:XPath&gt;&lt;/dsig:Transform&gt;&lt;/dsig:Transforms&gt;&lt;dsig:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;dsig:DigestValue&gt;Bdsc7wAfyMyZ21ChcF+tRh3D7sU=&lt;/dsig:DigestValue&gt;&lt;/dsig:Reference&gt;&lt;/dsig:SignedInfo&gt;&lt;dsig:SignatureValue&gt;lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh
+qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p
+tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=&lt;/dsig:SignatureValue&gt;&lt;dsig:KeyInfo&gt;&lt;dsig:X509Data&gt;&lt;dsig:X509Certificate&gt;MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==&lt;/dsig:X509Certificate&gt;&lt;/dsig:X509Data&gt;&lt;/dsig:KeyInfo&gt;&lt;dsig:Object Id=&quot;signed-data&quot;&gt;&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;&Uuml;berpr&uuml;fung des Namen des Anmelde-Servers&lt;/title&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;h2&gt;Pr&uuml;fung der Identit&auml;t des MOA-ID Servers&lt;/h2&gt;
+
+Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden,
+wird empfohlen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.
+Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates.
+Ihre Aufgabe ist es zu &uuml;berpr&uuml;fen, ob das Server-Zertifikat von einem Unternehmen ausgestellt
+wurde, dem Sie vertrauen.
+&lt;p&gt;
+Die folgenden Abs&auml;tze beschreiben, wie Sie diese &Uuml;berpr&uuml;fung durchf&uuml;hren k&ouml;nnen.
+F&uuml;hren Sie jene Arbeitsschritte durch, die f&uuml;r den von Ihnen verwendeten Webbrowser zutreffend sind.
+&lt;/p&gt;
+&lt;h3&gt;Microsoft Internet Explorer 6.0&lt;/h3&gt;
+
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschlo&szlig; am unteren Rand des Browsers.&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikat&quot; den Karteireiter &quot;Zertifizierungspfad&quot;.&lt;/li&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Karteireiter &quot;Details&quot;, Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck (Karteireiter &quot;Details&quot;, unterster Eintrag) des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das in Schritt 3. ge&ouml;ffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit
+einem roten Kreuz. Sie k&ouml;nnen das Zertifikat installieren, indem Sie die Schaltfl&auml;che &quot;Zertifikat installieren ...&quot;
+(Karteireiter &quot;Allgemein&quot;) aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate
+vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+&lt;h3&gt;Netscape Navigator 7.0&lt;/h3&gt;
+&lt;ol&gt;
+&lt;li&gt;&Ouml;ffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie die Schaltfl&auml;che &quot;Anzeigen&quot;&lt;/li&gt;
+&lt;li&gt;Selektieren Sie im nun ge&ouml;ffnetem Fenster &quot;Zertifikatsanzeige&quot; den Karteireiter &quot;Detail&quot;.&lt;/li&gt;
+&lt;li&gt;Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie ob als Aussteller dieses Zertifikat (Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu &uuml;berpr&uuml;fen.&lt;/li&gt;
+&lt;li&gt;&Uuml;berpr&uuml;fen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu k&ouml;nnen Sie den
+Fingerabdruck des Zertifikats &uuml;berpr&uuml;fen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle &uuml;berpr&uuml;fte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+&Uuml;berpr&uuml;fen Sie ob das von Ihnen zu &uuml;berpr&uuml;fende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste &uuml;bereinstimmt.
+&lt;ul&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste &uuml;berein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.&lt;/li&gt;
+&lt;li&gt;Ist Ihr zu pr&uuml;fendes Zertifikat nicht in der Liste enthalten m&uuml;ssen Sie eine andere verl&auml;ssliche Quelle f&uuml;r den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.&lt;/li&gt;
+&lt;/ul&gt;&lt;/li&gt;
+&lt;li&gt;Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert k&ouml;nnen Sie das Zertifikat installieren,
+indem Sie die &quot;*.cer&quot; Datei mit Netscape Navigator &ouml;ffnen. In der Folge werden alle von dieser Zertifizierungsstelle
+ausgestellten Zertifikate vom Internet Explorer als vertrauensw&uuml;rdig erkannt.&lt;/li&gt;
+&lt;/ol&gt;
+
+&lt;h2&gt;Zertifikate und ihr Fingerabdruck&lt;/h2&gt;
+
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;111 (0x6f)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;531 (0x213)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;p/&gt;
+&lt;table&gt;
+&lt;tr&gt;
+&lt;td&gt;Aussteller&lt;/td&gt;&lt;td&gt;CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Seriennummer&lt;/td&gt;&lt;td&gt;536 (0x0218)&lt;/td&gt;
+&lt;/tr&gt;
+&lt;tr&gt;
+&lt;td&gt;Fingerabdruck&lt;/td&gt;&lt;td&gt;SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f&lt;/td&gt;
+&lt;/tr&gt;
+&lt;/table&gt;
+
+&lt;/body&gt;
+&lt;/html&gt;&lt;/dsig:Object&gt;&lt;dsig:Object Id=&quot;refetsi&quot;&gt;&lt;etsi:QualifyingProperties Target=&quot;#HS_signature&quot; xmlns:etsi=&quot;http://uri.etsi.org/01903/v1.1.1#&quot;&gt;&lt;etsi:SignedProperties&gt;&lt;etsi:SignedSignatureProperties&gt;&lt;etsi:SigningTime&gt;2003-05-06T07:09:50Z&lt;/etsi:SigningTime&gt;&lt;etsi:SigningCertificate&gt;&lt;etsi:Cert&gt;&lt;etsi:CertDigest&gt;&lt;etsi:DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot;/&gt;&lt;etsi:DigestValue&gt;Frhu1o4mL4gQHdJcU0xSA/h4COE=&lt;/etsi:DigestValue&gt;&lt;/etsi:CertDigest&gt;&lt;etsi:IssuerSerial&gt;&lt;dsig:X509IssuerName&gt;CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;&lt;dsig:X509SerialNumber&gt;6455&lt;/dsig:X509SerialNumber&gt;&lt;/etsi:IssuerSerial&gt;&lt;/etsi:Cert&gt;&lt;/etsi:SigningCertificate&gt;&lt;etsi:SignaturePolicyIdentifier&gt;&lt;etsi:SignaturePolicyImplied/&gt;&lt;/etsi:SignaturePolicyIdentifier&gt;&lt;/etsi:SignedSignatureProperties&gt;&lt;etsi:SignedDataObjectProperties&gt;&lt;etsi:DataObjectFormat ObjectReference=&quot;#reference-data-1&quot;&gt;&lt;etsi:MimeType&gt;text/html&lt;/etsi:MimeType&gt;&lt;/etsi:DataObjectFormat&gt;&lt;/etsi:SignedDataObjectProperties&gt;&lt;/etsi:SignedProperties&gt;&lt;/etsi:QualifyingProperties&gt;&lt;/dsig:Object&gt;&lt;/dsig:Signature&gt;&lt;/sl10:XMLContent&gt;
+ &lt;/sl11:SignatureEnvironment&gt;
+ &lt;sl11:SignatureLocation&gt;//dsig:Signature&lt;/sl11:SignatureLocation&gt;
+ &lt;/sl11:SignatureInfo&gt;
+&lt;/sl11:VerifyXMLSignatureRequest&gt;
+"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.
+ <input type="submit" value="Weitere Info"/>
+</form></body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html b/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html
new file mode 100644
index 000000000..2ecfe9cfd
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html
@@ -0,0 +1,30 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login - customized</title>
+</head>
+<body>
+<h1>MOA ID Auth Sample Login - customized</h1>
+<form name="CustomizedForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<XMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<DataURL>"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<CertInfoXMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<CertInfoDataURL>"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.
+ <input type="submit" value="Weitere Info"/>
+</form></body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml b/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml
new file mode 100644
index 000000000..3877f0950
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<sl11:CreateXMLSignatureRequest xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#' xmlns:sl11='http://www.buergerkarte.at/namespaces/securitylayer/20020831#'>
+ <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>
+ <sl11:DataObjectInfo Structure='detached'>
+ <sl10:DataObject Reference=''/>
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
+ </sl11:DataObjectInfo>
+ <sl11:SignatureInfo>
+ <sl11:SignatureEnvironment>
+ <sl10:XMLContent><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='Hermann Muster' IssueInstant='2003-04-29T09:40:46+02:00'>
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></sl10:XMLContent>
+ </sl11:SignatureEnvironment>
+ <sl11:SignatureLocation Index='2'>/saml:Assertion</sl11:SignatureLocation>
+ </sl11:SignatureInfo>
+</sl11:CreateXMLSignatureRequest> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml
new file mode 100644
index 000000000..f6b2aa57d
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml
new file mode 100644
index 000000000..b38e902f2
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="A" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml
new file mode 100644
index 000000000..ab5315d20
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml
@@ -0,0 +1,108 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a980fabd3
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>000000000000</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="NOCitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="NOCitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml
new file mode 100644
index 000000000..78f5ddd5c
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://WRONG.NAMESPACE">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://WRONG.NAMESPACE">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml
new file mode 100644
index 000000000..764b08361
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml
@@ -0,0 +1,87 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml
new file mode 100644
index 000000000..22ea67174
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml
@@ -0,0 +1,41 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+</saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml
new file mode 100644
index 000000000..e3ca1bf66
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann2</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml b/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml
new file mode 100644
index 000000000..44b4f519b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile2</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile2</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP101:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP102:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA302:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA303:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA304:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA305:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA306:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA307:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA308:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml
new file mode 100644
index 000000000..e894f560e
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-13T08:18:09.803" IssueInstant="2003-02-13T08:18:09.803" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns="" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>987654321098</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Monika</pr:GivenName>
+ <pr:FamilyName primary="undefined">Bürger</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1945-08-02</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>5lEaWEjW+4/6Zcp4TCAx4KDwrhqNCnwSOlyWBgAvHZs57Sg2h3lATP2SJjujzMityxI/r5XFSjNl
+D7BDml4hqy7P2Ro0z/EDKWCo+VMjZS2DKMUWoB4u+QOgovHXMcB/ko6N0MSwQxDxus7LrJ2aYT2G
+naS1u6/zULjkn3rhOjM=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>ZObnb8BKSWDhmGsQhNGWSAboNH+nJPM109g8QlTi3KrLmtbVuuQWByZmRbgT4HfRFsnD8RvG2Lw3
+cC0G8UH/BeSo5LeJSZc5TUTbWm62kjywzGp4TTX0/K1bHp2cZ/lOIpfAI1tsGerWIoX7FRd79lc+
+8Osp1AsguEm/qQH6FTs=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>N37kVznK95fiKaf1sWVHeFkbzwY=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Rk9zppvNedEsGSx9CibYS4eu0jw=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Hte006lAMycSR138EA/LGP/NBuaab4PzleCjl4ZvDTGKBPEzFKtVqrY+evG9aKWi
+B/yw1L5DnIn9UOKqLouwZGBzK33nyAZdr+GWYtWKogbgEeNTLxT2LNoQHthfsTLr
+g2Me//mQEqYdtMcTfmhls/qizjhgZXm16yaCWv2bIoc=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>0DHkFVM0QWLSexFR2MX0VavHHK8=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml
new file mode 100644
index 000000000..9ad95af1f
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?><sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent>
+<saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns="" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHN
+WW5RPGxVlPDz5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfv
+HEcxHQOA6sa42C+dFKsKIvmP3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml
new file mode 100644
index 000000000..03b1fbd3f
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml
new file mode 100644
index 000000000..39d9a864b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml
new file mode 100644
index 000000000..db46fb127
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml
new file mode 100644
index 000000000..804a27e92
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml
new file mode 100644
index 000000000..12cfbb668
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml
new file mode 100644
index 000000000..2067a40c7
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml
new file mode 100644
index 000000000..7e05dbfe1
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml
new file mode 100644
index 000000000..bc1bc17ce
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml
new file mode 100644
index 000000000..124f7e5d0
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml
new file mode 100644
index 000000000..7a2ed2017
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml
new file mode 100644
index 000000000..9b39890d1
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml
new file mode 100644
index 000000000..3750de781
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml
new file mode 100644
index 000000000..499a3908e
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml
new file mode 100644
index 000000000..7400f791a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml
new file mode 100644
index 000000000..32b3d31f9
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml
new file mode 100644
index 000000000..b6b42f267
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml
new file mode 100644
index 000000000..b3e27002e
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml
new file mode 100644
index 000000000..9e523773a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..184615e91
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>DlzOL10xqFzEPMGWmenuvyqB3+c=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Mx68y1JK5jtEyp10w/9p5FYq0Ro5JsjOHQREag5DAfMW5Mf+6qapTjvO+eDZXYub
+Vjzph+QgxIhwfFQtrrM9M9ftuHWtD+HeVaexWNkApOBzijdTjZAS4lph4WM5wJ3M
+/vUhCJzQzC1scg7xRdNGd+aszMtksWKJpPw4oI0PayE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIID1zCCA0SgAwIBAgIGAPMkfTU7MAkGBSsOAwIdBQAwgawxCzAJBgNVBAYTAkFU
+MSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UE
+CxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBh
+bmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAsTDElBSUsgVGVzdCBDQTEVMBMGA1UE
+AxMMSUFJSyBUZXN0IENBMB4XDTAzMDIwMzE2MjA1NVoXDTAzMTIzMDIyNTkzMFow
+gZgxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD
+SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp
+b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGDAWBgNVBAMUD0lzb2xk
+ZSBC/HJnZXJpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA53m0qng6O9zV
+IAuJ22Ps91X+pddhMiA9P0QusMexQ+QEkfe43nEFIToUZ3uuoAQFd+n4MXM6D68t
+ZctGU5O4W5Aq/bEjI4efIHS0EThzgNAymqmT9Z9IIEhqm/1jhQ4SXTW33y3Xn3lx
+26DiTeApftuQB388YlV+Rs+rTyF9iRUCAwEAAaOCARwwggEYMAwGA1UdEwEB/wQC
+MAAwDgYDVR0PAQH/BAQDAgbAMBEGCWCGSAGG+EIBAQQEAwIFIDBnBgNVHSAEYDBe
+MFwGDCsGAQQBlRIBAnsBATBMMEoGCCsGAQUFBwICMD4aPFRoaXMgY2VydGlmaWNh
+dGUgb25seSBtYXkgYmUgdXNlZCBmb3IgZGVtb25zdHJhdGlvbiBwdXJwb3NlczA8
+BgNVHR8ENTAzMDGgL6AthitodHRwOi8vd3d3LmlhaWsuYXQvdGVzdENBL2lhaWtf
+dGVzdF9zaWcuY3JsMB0GA1UdDgQWBBQoOuoIxS8M1o/DTZkJUs0lnN5A7TAfBgNV
+HSMEGDAWgBRMILBWAgz3iAqWiKUUtFHMOrXyvzAJBgUrDgMCHQUAA4GBACY81o8m
+zb8YCuTMgeplySm5nAkxjsv1T5n/Hzz1cLfSDJZ0HyNTVx/GDszY+Dx28MdW+6DL
+o9nWPSE/4P+k9HXJe/wEyAv44OrjvpzGGKjqoc3X8v4rzMo6MBRNluu0m3y1pktT
+V/q4aiWD/nbGXdrn/AoKAvOSAQ3Qe6X+dT/1</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:37</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>dL59VDpBsujcngd207z0ohPl1/U=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+ </saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml
new file mode 100644
index 000000000..b3e27002e
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml
new file mode 100644
index 000000000..9e523773a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..e004eb74c
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Q2VhPYhMbwz4beILYjMDmBsurLQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>lr5L9hxi1rvdm5vT9WpG8yYKv1TIjPrONJUv6O4lTUyC4E8L4nwx8mMFPd8Q7jNb
+WmMmaDCl0uZYOATdu/x2t5wYOYreBUpka3J3wPTIJhMJQwaMMu3rHM3Ewn+1Wlsw
+6VED3ZWKAmI+12Mto5RLbD5BU6757Tx42YuCkw9glZM=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIID5zCCA1SgAwIBAgIGAPR8iAdPMAkGBSsOAwIdBQAwgawxCzAJBgNVBAYTAkFU
+MSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UE
+CxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBh
+bmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAsTDElBSUsgVGVzdCBDQTEVMBMGA1UE
+AxMMSUFJSyBUZXN0IENBMB4XDTAzMDQxMTExNDIwNVoXDTAzMTIzMDIyNTkzMFow
+gZgxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD
+SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp
+b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGDAWBgNVBAMUD0lzb2xk
+ZSBC/HJnZXJpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0bdQqA5YFf32
+OjaZo01tpAsP/Kgor6sWGLQj2uBrQDOAOymVkIPtv4C9XQ1tH8EUexgbYI1QpE9V
+ODvoo49Bi6u9hYnlDFj+8EgQoDCmqFSy/jzwLVnRL7jwN96uAyU5WymEdPWgHRpT
+6oDxYs36MJ7+iWQISA6nl3/QTI4wnJcCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
+MAAwDgYDVR0PAQH/BAQDAgbAMBEGCWCGSAGG+EIBAQQEAwIFIDBnBgNVHSAEYDBe
+MFwGDCsGAQQBlRIBAnsBATBMMEoGCCsGAQUFBwICMD4aPFRoaXMgY2VydGlmaWNh
+dGUgb25seSBtYXkgYmUgdXNlZCBmb3IgZGVtb25zdHJhdGlvbiBwdXJwb3NlczA8
+BgNVHR8ENTAzMDGgL6AthitodHRwOi8vd3d3LmlhaWsuYXQvdGVzdENBL2lhaWtf
+dGVzdF9zaWcuY3JsMB0GA1UdDgQWBBTehKfLADylQ4B6DyYKvUG1+pHZzzAOBgcq
+KAAKAQEBBAMBAf8wHwYDVR0jBBgwFoAUTCCwVgIM94gKloilFLRRzDq18r8wCQYF
+Kw4DAh0FAAOBgQBw2mE3PxdtcSDwCTglkNt7ww4IGmWnUCYUiV8x/lcwWdXhcnRM
+lsjmOYi0vFiV8ne6x8fI6WMQLmHQMTfra+tEBrsHOlhISz5F5VGVfj/w6DcTC2HH
+wGaIkTqAu6GZ+bu8OpXYSIZEy4ZSMTWWnomses0LyrXqmWNWh1InVjAPiw==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:39</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>YrSnK0/o4nCtqxK1IpJF2Qy4ZQc=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1050061309775</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+ </saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml
new file mode 100644
index 000000000..8a66f40cf
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isPublicAuthority' AttributeNamespace='urn:oid:1.2.40.0.10.1.1.1'>
+ <saml:AttributeValue>Musterbehörde</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml
new file mode 100644
index 000000000..9e523773a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
+ <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="authenticationSessionTimeOut" value="600"/>
+ <GenericConfiguration name="authenticationDataTimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..f7346ad2b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nSqJkplafvE6SpfL0JP5Tbanh3Y=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>V5m5I1QA+NXzhU64G/I1vT8LAoWqaoHm2Ck807U8SVG668NmjH4wrfTln+Shx0HD
++q4c2NAb6ZFzTUQ190RlRgvEM0cvtCSpn7/AcJaBd5WuUYPRLPEmP8ca4xhLGi1t
+XZQCTpTLLnRI+5Yf5HJqc1lfs5Pkv9hQZ9W55eJgmiA=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDwTCCAy6gAwIBAgIVAOn21xTCfievvs3qbq8HRBHjXjNPMAkGBSsOAwIdBQAw
+gZUxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD
+SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp
+b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAMTDElBSUsg
+VGVzdCBDQTAeFw0wMjExMTUwOTQwNTBaFw0wMzEyMzEyMjU5MzBaMHkxCzAJBgNV
+BAYTAkFUMQ0wCwYDVQQIEwRXaWVuMQ0wCwYDVQQHEwRXaWVuMRYwFAYDVQQJEw1N
+dXN0ZXJnYXNzZSAxMRswGQYDVQQKExJNdXN0ZXJvcmdhbmlzYXRpb24xFzAVBgNV
+BAMTDk1heCBNdXN0ZXJtYW5uMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDw
+Dxgoc53OFRWuZcGRkuZYYHxTeM7tLoH+9eFpqtokWHruFNn49JNWNdU2PMPeXezO
+6eYwz/214/EB/SvCx5ZRlLC7GikqUX0UyK/r36zq9Q5nOMFfSoG48hEIjzAUWnc4
+FIePYW7hdb0/nW+1CKVdpmsGHChJoN7SCiVvY0eyAQIDAQABo4IBLjCCASowDAYD
+VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0gBGAwXjBcBgwrBgEEAZUS
+AQIDAQEwTDBKBggrBgEFBQcCAjA+GjxUaGlzIGNlcnRpZmljYXRlIG1heSBiZSB1
+c2VkIGZvciBkZW1vbnN0cmF0aW9uIHB1cnBvc2VzIG9ubHkwLwYDVR0RBCgwJoEk
+bWF4Lm11c3Rlcm1hbm5AbXVzdGVyb3JnYW5pc2F0aW9uLmF0MB0GA1UdDgQWBBTp
+9tcUwn4nr77N6m6vB0MgXEvH5TAbBgcqKAAKAQEBBBAMDk11c3RlcmJlaMO2cmRl
+MBMGA1UdJQQMMAoGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFOtWHOnph3q+vzHzdX8q
+/qzlQNOOMAkGBSsOAwIdBQADgYEALbC1Ibymb3DWwB+pEezrt87+r3xi+JGFxkt0
+tw0tOoe+ejSY8AhSuY3LseLdPNDnTtlg/GlkzijCFxBHPgUKhGokA91qIoV++fZt
+3/pxjSVxl+elGDCx9WcrXB5L7m5mxSMgYGOZH2UUlFZQvtKXxU4KrXCXkQVTsg9g
+RWizwj4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:40</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>pMBCPXFi69dO65GgzApHN4TxtvM=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1335699569126441074835341742398412708010421793615</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+ </saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..b9e0e0f9c
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="A" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..4ef49034c
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost2:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..4fe3c4b2b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="gb" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..4736c5dc3
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://wrong.namespace.com">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://wrong.namespace.com">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..7664fbe33
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>noTarget</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..a7ef7a637
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="noOA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..4736c5dc3
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://wrong.namespace.com">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://wrong.namespace.com">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..6e8393033
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>WRONG</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..96032998a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement></saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..ba2749cda
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8081/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml
new file mode 100644
index 000000000..9a358e434
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile2</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml
new file mode 100644
index 000000000..5aade8185
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:8080/moa-id-proxy/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..ec8cefe99
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-05-20T10:30:56+02:00" Issuer="Monika Bürger" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>http://localhost:8080/moa-id-proxy/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Vmmkctd+R7lkSKftZO1UnenfWi0=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>vfTksPSWSacTaSWnvybsm8iV80o=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>wIqspNC5KqReKNMNO7PIemxSKwGId1HIp5r6FFtuj099C304xR5fZoCoC2Zyk6di
+bnoh+rRk9oZFeGoWvhb/JADGgtia7VUO4qc3suCNVpikRgiG5K8LXMGS3w+1wUFb
+JIkDKLuDxmXApG+BEEQXmE07zfwAzRbVBmunpWnG/us=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTkwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzI0MTlaFw0wNjAyMTAxMzI0MjBaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTEgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BMTEVMBMGA1UEBRMMMjI1NjUyMzkyMTA0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmURpYSNb7j/plynhMIDHgoPCu
+Go0KfBI6XJYGAC8dmzntKDaHeUBM/ZImO6PMyK3LEj+vlcVKM2UPsEOaXiGrLs/Z
+GjTP8QMpYKj5UyNlLYMoxRagHi75A6Ci8dcxwH+Sjo3QxLBDEPG6zsusnZphPYad
+pLW7r/NQuOSfeuE6MwIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECEp3ZWggbV5MMA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uMkBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAIuyADBvzJmE7yCCAilQrFl4U+HjMNF5NwbbUqjtVxCj7JliOFJBd
+en46ekG8w57tLHOhg/5N9xdmObX2jgzGZy7uJC7eDnszWjvvfsFev87MwZFy3Pm/
+wdu1+7/+RLDcrOViDn1x2n/JDvkqZJ5WFor2R76wnBIESNeHOqDW9nXHP5F5ERLI
+Ug3tVhIHCkxkBvHJkQOwMD+BhKGh/1jSBRloyrVD/5QUcbQE5wmOjv1I6LLOZRbq
+eXk8cQhwGH+K6p0BdwQc6rg3CXFqTTzP4GuUhnxfJsYtKw7qAfVSf3VRqbeVHX4M
+xDtbjTi15+0lWfB15L4jukJl10D9cFMsWA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-20T08:31:06Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>A6PySg7S5iw8pJEX0i5lwp43lZY=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6457</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml
new file mode 100644
index 000000000..32b3d31f9
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' >
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'>
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml b/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml
new file mode 100644
index 000000000..8dd0f10d6
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<samlp:Response InResponseTo="" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"> <samlp:Status> <samlp:StatusCode Value="samlp:Success"> </samlp:StatusCode> <samlp:StatusMessage>Anfrage erfolgreich beantwortet</samlp:StatusMessage> </samlp:Status> <saml:Assertion Issuer="https://localhost:8443/moa-id-auth/" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier="http://reference.e-government.gv.at/names/vpk/20020221#">kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData><saml:Assertion Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion><saml:Assertion Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person></saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>true</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></samlp:Response> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html b/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html
new file mode 100644
index 000000000..2ecfe9cfd
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html
@@ -0,0 +1,30 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login - customized</title>
+</head>
+<body>
+<h1>MOA ID Auth Sample Login - customized</h1>
+<form name="CustomizedForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<XMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<DataURL>"/>
+ <input type="submit" value="B&uuml;rgerkarte lesen"/>
+</form>
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<CertInfoXMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<CertInfoDataURL>"/>
+ Hier finden Sie weitere Informationen zur &Uuml;berpr&uuml;fung der Zertifikate.
+ <input type="submit" value="Weitere Info"/>
+</form></body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html b/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html
new file mode 100644
index 000000000..92b3f04cd
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html
@@ -0,0 +1,14 @@
+<html>
+<head>
+<title>BKU Auswahl - customized</title>
+</head>
+<body>
+<h1><font color="green">BKU Auswahl - customized</font></h1>
+<p>
+<form method="post" action="<StartAuth>">
+<BKUSelect>
+<input type="submit" value="Ausw&auml;hlen"/>
+</form>
+</p>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html
new file mode 100644
index 000000000..a473a689b
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html
@@ -0,0 +1,20 @@
+<html>
+<head>
+<title>BKU Auswahl - customized</title>
+</head>
+<body>
+<h1><font color="green">BKU Auswahl - customized</font></h1>
+<p>
+<form method="post" action="https://localhost:8443/authStartAuthentication?MOASessionID=6621777788841637660">
+<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale B&uuml;rgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">B&uuml;rgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
+
+<input type="submit" value="Ausw&auml;hlen"/>
+</form>
+</p>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html
new file mode 100644
index 000000000..a213d9de0
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html
@@ -0,0 +1,20 @@
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<html>
+<head>
+<title>Auswahl der B&uuml;rgerkartenumgebung</title>
+</head>
+<body>
+<form name="BKUSelectionForm"
+ action="https://localhost:8443/authStartAuthentication?MOASessionID=7936129366756090040"
+ method="post">
+<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale B&uuml;rgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">B&uuml;rgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
+
+ <input type="submit" value="B&uuml;rgerkartenumgebung ausw&auml;hlen"/>
+</form>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml b/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml
new file mode 100644
index 000000000..f38dc9ee0
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLComplete">
+ <ConnectionParameter URL="https://auswahl.buergerkarte.at/auswahl"/>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+ <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html
new file mode 100644
index 000000000..21e48a844
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html
@@ -0,0 +1 @@
+https://auswahl.buergerkarte.at/auswahl?returnURI=https://localhost:8443/authStartAuthentication?MOASessionID=-1393563939984986204 \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/A700/Configuration.xml b/id.server/data/abnahme-test/xmldata/A700/Configuration.xml
new file mode 100644
index 000000000..44cc09196
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/Configuration.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="file:data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp"/>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+ <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp b/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp
new file mode 100644
index 000000000..028dbd348
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp
@@ -0,0 +1,6 @@
+<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale B&uuml;rgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">B&uuml;rgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml
new file mode 100644
index 000000000..e125e2c38
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <BKUSelection>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </BKUSelection>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>http://localhost:8080/truestedCACerts</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml
new file mode 100644
index 000000000..7a75d85f8
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ </OnlineApplication>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml
new file mode 100644
index 000000000..db84e7b12
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData"/>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml b/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml
new file mode 100644
index 000000000..e3a364514
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <OnlineApplication2 publicURLPrefix="http://localhost:9080/">
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication2>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/Configuration.xml b/id.server/data/abnahme-test/xmldata/Configuration.xml
new file mode 100644
index 000000000..e3f1bd8b4
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/Configuration.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <!--<AcceptedServerCertificates>file:data/abnahme-test/certs/server-certs</AcceptedServerCertificates>-->
+ <!--<ClientKeyStore password="Keystore Pass">file:data/abnahme-test/certs/server-certs/server.keystore</ClientKeyStore>-->
+ </ConnectionParameter>
+
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP101:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP102:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA302:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA303:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA304:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA305:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA306:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA307:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA308:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..5a4759b7a
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a35b7f209
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/L000/Configuration.xml b/id.server/data/abnahme-test/xmldata/L000/Configuration.xml
new file mode 100644
index 000000000..e3f1bd8b4
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/L000/Configuration.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+ <!--<AcceptedServerCertificates>file:data/abnahme-test/certs/server-certs</AcceptedServerCertificates>-->
+ <!--<ClientKeyStore password="Keystore Pass">file:data/abnahme-test/certs/server-certs/server.keystore</ClientKeyStore>-->
+ </ConnectionParameter>
+
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+ <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://localhost:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP101:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="https://testP102:9443/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA302:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA303:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA304:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA305:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA306:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA307:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://localhostA308:9080/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..0ef26ce2f
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-05-07T17:25:10+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>http://10.16.126.28:9080/moa-id-proxy/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>bvM1wMyWDhJeTm6wYNIBeqEMGhc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>SODqS1d8cJD301+Eq0jrCkRjSkI=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>GIWA7SDyFiDbbDxOxipEjm9lNJunrfHsLaSEaDUgzpghZ0ESdP8wkS9fBGXdErm8
+FiitoTNUquYLefUjl6i5lIpPp+FraX/6t2Oxda4N8KMamoBpffcxoiU069JOVAEL
+ohZawwD4ezgeBJSTgwX7dmPCXjpNa1M8l1wm8FhCgqo=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-07T15:25:17Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a35b7f209
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file
diff --git a/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer b/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer b/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer b/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer
new file mode 100644
index 000000000..18e6bc109
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/C.CA.DS.cer b/id.server/data/certs/TrustProfile1/C.CA.DS.cer
new file mode 100644
index 000000000..fc5bd433b
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/C.CA.DS.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/IAIKRoot.cer b/id.server/data/certs/TrustProfile1/IAIKRoot.cer
new file mode 100644
index 000000000..c0c60558a
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/IAIKRoot.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer b/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer
new file mode 100644
index 000000000..21dc972b9
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer b/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer
new file mode 100644
index 000000000..99936caa8
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer b/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer
new file mode 100644
index 000000000..fc5bd433b
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer b/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer
new file mode 100644
index 000000000..84518a6a8
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer b/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer
new file mode 100644
index 000000000..dac166e9a
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer
Binary files differ
diff --git a/id.server/data/certs/TrustProfile1/hsm.cer b/id.server/data/certs/TrustProfile1/hsm.cer
new file mode 100644
index 000000000..278cb8fab
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/hsm.cer
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQEwDQYJKoZIhvcNAQEFBQAwPTESMBAGA1UEAxMJSFNNUlNBS0VZ
+MQwwCgYDVQQKEwNCUloxDDAKBgNVBAsTA01PQTELMAkGA1UEBhMCQVQwHhcNMDMw
+NDAzMTEwNjQ5WhcNMDQwNDAzMTEwNjQ5WjA9MRIwEAYDVQQDEwlIU01SU0FLRVkx
+DDAKBgNVBAoTA0JSWjEMMAoGA1UECxMDTU9BMQswCQYDVQQGEwJBVDCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA2nygG6QL8ksWZFNAUWcLcAkRR7WHck3PFu4z
+ce2D/jeWk2pf3dC+49ZRkmJbKYclySx90BZFG6iSUkhI41eXbrRzIScFz15P9K4F
+rSg8redcdysWY/WJ2ybW05PuK8jNooyc4yAGoSfiNv7GlDfAqsZpSXB2YFvd6erF
+In5e7WECAwDL2zANBgkqhkiG9w0BAQUFAAOBgQCUhQ1YQg14ZtUGj1Zn1J5O3XXu
+RZmckYjRbqMxpY3iim+yH9+eSrDcfESUeoYQHzOB+qfOx+kU33qkWBzvP1079EbC
+v5eVi4mhJ6F/8xItuvroUtuQokiiEY8g8CSM1C124MLcJr0y90Nmb2q2cHhlBkw8
+s5uQpf4EtuqJAwMrcQ==
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/TrustProfile1/moahsmcert.cer b/id.server/data/certs/TrustProfile1/moahsmcert.cer
new file mode 100644
index 000000000..160390f35
--- /dev/null
+++ b/id.server/data/certs/TrustProfile1/moahsmcert.cer
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7zCCAVgCAQEwDQYJKoZIhvcNAQEFBQAwQDEVMBMGA1UEAxMMTU9BSFNNUlNB
+S0VZMQwwCgYDVQQKEwNCUloxDDAKBgNVBAsTA01PQTELMAkGA1UEBhMCQVQwHhcN
+MDMwNDA3MTQwNzM3WhcNMDQwNDA3MTQwNzM3WjBAMRUwEwYDVQQDEwxNT0FIU01S
+U0FLRVkxDDAKBgNVBAoTA0JSWjEMMAoGA1UECxMDTU9BMQswCQYDVQQGEwJBVDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuQJeLj5quuES22ZlXY2W5C/JF/7a
+WZM/EBj2hZff3i66IQYe3272E9p1utzIGvY3AfAlW0sKiOhZUpOnvFlAn+Bl86J2
+kE/mQMgVHd4fxb3onCNA+x/x5BdYVdx35il6iQy9xE0kpc01CMrUMMy0+GMcz4OR
+ziJf0WHsi9JL1nECAwCYrzANBgkqhkiG9w0BAQUFAAOBgQCDpmYSMnkjfJ4JXwwc
+Y6eqqiDBexZeVwNLjjJxwf5md4ZRiewwfY3aydcA8ffjcUh4/5XXdn5y2S2n8JEg
+N2EuHHC+k/CE2JJJylkikltE+nawdfa6MukhQ0sPKjyJ+Nr2nXOwX6O2bveaTw9J
+E2+9uU+Tuf4VG9HEHEL+IaU2tA==
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer b/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer
new file mode 100644
index 000000000..bcbddd2f3
--- /dev/null
+++ b/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer b/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer
new file mode 100644
index 000000000..781d1e4f2
--- /dev/null
+++ b/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer b/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer
new file mode 100644
index 000000000..b76137b1c
--- /dev/null
+++ b/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer b/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer
new file mode 100644
index 000000000..6f97837a2
--- /dev/null
+++ b/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/intermediate.cer b/id.server/data/certs/ca-certs/intermediate.cer
new file mode 100644
index 000000000..c945fa97d
--- /dev/null
+++ b/id.server/data/certs/ca-certs/intermediate.cer
Binary files differ
diff --git a/id.server/data/certs/ca-certs/root.cer b/id.server/data/certs/ca-certs/root.cer
new file mode 100644
index 000000000..dd22e761e
--- /dev/null
+++ b/id.server/data/certs/ca-certs/root.cer
Binary files differ
diff --git a/id.server/data/certs/client-certs/key.pem b/id.server/data/certs/client-certs/key.pem
new file mode 100644
index 000000000..a326186c7
--- /dev/null
+++ b/id.server/data/certs/client-certs/key.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE45B3E14DF98B85
+
+e4AS6U/QUW4/ZDMFdlDAVAsd5lKT7e83SWZXZePOjFXZDO+vXmiHp15uw/xrUiqA
+R5jTMHOmxccdpnoSeEXFRApgpfMgixL8IUzec8xaScOOy1+pbSadWWq5bsnnF4fF
+bztJiF5+2RXbNYe5DO32EuGpTOPZVIdWZkvgn5krPDs0EOJrGHC9SIAn+RNS7WDr
+AgKytCjX/aRQ9lUuoT8eX4e2tzslQ/x8K+0zt0vQZWDSPLZTqJNioILWwUpVapqH
+aC/8foQeWqHc1Dj9CoMZrUsS1Jwi/Hkc70cb1+3uH/DAaDng2gN4Qa2tpbvZhWHV
+rIZYpxN0CBxe/pmSwUZeZQPVcgHniJYRondVIOCCGst2l9XunOTxGoNGE8B7A/im
+FB/kondCVL7X+5gEjuAqjFTUrdQHbjCdDSwXLMAKDJEeY3NZhxsJlbXy2pcviUWz
+k0CfGpT9yANDtNT37OfJM6OZSKjUmgeqNENyL2G3X5gjpLCRTUt4BUh5IpeW3uLu
+f/wDAETyfDvHfyf2PAPSVcecDW+py7mFP87FKDrTb8e9fNleL3mNpdLaHFm7mHMf
+imhEehxiGMRj7TVBvS+WuJp0bFYiyEh6f2cnhwP/iAFkJEx7VDslYhtt9LkDGm3t
+1utow3jc/4t6IDV/rmyfYCoy9wbUymw3trGijjMT9H3L9bBekWXfiNTwOjfBa0G5
+meUUJ+BPnm1b5Y6I0nI5T1a7uJ0WeRL08NbJ26TDALBcV6l1IovgTKCtOofOcMBo
+JexXOTvllSEsNQrEzFUkzobLg48FyV/mwrjuIXuxUFwvcqKaU6Pa4Q==
+-----END RSA PRIVATE KEY-----
diff --git a/id.server/data/certs/client-certs/key2.pem b/id.server/data/certs/client-certs/key2.pem
new file mode 100644
index 000000000..86c1d1d96
--- /dev/null
+++ b/id.server/data/certs/client-certs/key2.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BE4627B155C4DAA7
+
+Ja5FdI9jxs0+96ELq/INvD4LrSg4ELUr9Z12zBEc4mIGZRnmPgxpgKJUaWQy+atI
+X/o+KS0HYSOHfnWiWQD4GFcjGDhs8vxTsPa6I+vtrnEvFByfOq/R8h7wdHAid14J
+2E8MBVim/TxAi/2JG7yVguKkaUR/jP8uvoiTtMQvKe/NHzQywOmiACvpkX5a9G0t
+kMZKZ23q2FuEYuNn7/9E09CWc4YDc7AwhUcuUAwZXGQTmLPWriSTUKgR88G7u2LQ
+/dO0dqpJEtZIz0h7f+s46I6B7jyXNkShx8scS6YOOrdaq2xB6wC0cOAaNMc/kl7f
+9msanW4fJbE/B0rrL6ChI8Mqlr+TJ8oFrBHt1z5wexPa9OGqBOUJmoywXEhp8WUY
+oth8HZf/thJE3DppxgRHfDKgUiv8hCSRvaSFZ33Dx7qISPVBzbmk2CF69Ok05Sc3
+sHahRIA8X01mS8fFGL6fJPLT+xW4ARiP1NnVDMBUbFDg/g9GEMvAnxh9lWLysUv5
+6LMR01H6CVhOsbKfpUqIfqT6U9HmjF1vQGD1jp9KGi12Cu6Yf6Z6OcMBmR93rao3
+50GtG0HLbhuUPIrFMYe3Dl0TfPxLj/ieNvGFgueWE7Y92mw/XGn3wLoSVKAIRrYd
+ZXh09mA3yARqY15UJWmR77WOrh4j1KybADF6F445+H64UtD1QQBHH4/K+ZJ1CUiE
+V9d1F9DAnOeU3yYvRprZU/6nbqzR7dfivgln8PE8Ht2EZf9Rk/n2/ztgKBik37MF
+WPthd+8Y+XKcjg2tZOENAxw7ikzjPIdHxFzxAnr9y5d4F6P5CSIjxw==
+-----END RSA PRIVATE KEY-----
diff --git a/id.server/data/certs/client-certs/req.cer b/id.server/data/certs/client-certs/req.cer
new file mode 100644
index 000000000..9f3f8116f
--- /dev/null
+++ b/id.server/data/certs/client-certs/req.cer
Binary files differ
diff --git a/id.server/data/certs/client-certs/req.pem b/id.server/data/certs/client-certs/req.pem
new file mode 100644
index 000000000..db4a69057
--- /dev/null
+++ b/id.server/data/certs/client-certs/req.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVDET
+MBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9B
+MRswGQYDVQQDExJBYm5haG1ldGVzdCBNT0EtSUQwHhcNMDMwNTA2MTU1NjMxWhcN
+MDMwNjA1MTU1NjMxWjBcMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1TdGF0
+ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9BMRswGQYDVQQDExJBYm5haG1l
+dGVzdCBNT0EtSUQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOJqhoQjXmkj
+E7eX0mhX4p3vz/vlpSDcmFmOw7PJOKYF38eJpPR0IqZqrDeDUJyuPQzSluRy1A6d
+kQBt93FVIND9LBd9yr6nh1bGIMppoJ/qKPHNk3bzEaW1ITgRx8ITc1jVOO2BIvVd
+4KTnLcszRvgr/KpYqpjqHRn+Eh3JwVTBAgMBAAGjgbcwgbQwHQYDVR0OBBYEFI6P
+2FnJlpDgTb/HFhIV3yczz7Q+MIGEBgNVHSMEfTB7gBSOj9hZyZaQ4E2/xxYSFd8n
+M8+0PqFgpF4wXDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxDTAL
+BgNVBAoTBEJSWkcxDDAKBgNVBAsTA01PQTEbMBkGA1UEAxMSQWJuYWhtZXRlc3Qg
+TU9BLUlEggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAECbLNoxp
+6B81lDvab7KVB2HcR+o7DFoejy5HjI+iQL/RoxA5L5t7giROCGXCzjb+0+pxt8fR
+4yR66YmoxUC9kjfCxr70Wob+DrBy73yCnwpw2yndcRoYe3HmyoX0HvYPjnUm0IWt
+BGAALnQn/En/ZDW0YEM5DtOsZPoZd8r49UE=
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/client-certs/req2.pem b/id.server/data/certs/client-certs/req2.pem
new file mode 100644
index 000000000..972c4a344
--- /dev/null
+++ b/id.server/data/certs/client-certs/req2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBeMQswCQYDVQQGEwJBVDET
+MBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9B
+MR0wGwYDVQQDExRBYm5haG1ldGVzdCBNT0EtSUQgMjAeFw0wMzA1MDYxNzU2MDRa
+Fw0wMzA2MDUxNzU2MDRaMF4xCzAJBgNVBAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMQ0wCwYDVQQKEwRCUlpHMQwwCgYDVQQLEwNNT0ExHTAbBgNVBAMTFEFibmFo
+bWV0ZXN0IE1PQS1JRCAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+T1D5
+sxLxeVxkJ04nRj0iP7OnuAsQBvankGkPrWRo/Z8OusG2tKp0CEgIK+nqbRzElmnL
+20ij7QKHNgUYAb/2tkMP1K2m6dr/fjBnJGle9lUCbIuzXndBgYy5+nBXVXERPo7k
+rUcbnh3hXpa2dpySqV2qgIcNWQ1zsjsYTMKOKwIDAQABo4G5MIG2MB0GA1UdDgQW
+BBS2az6C8gFXa9JjsC+7YVOz+kbQHTCBhgYDVR0jBH8wfYAUtms+gvIBV2vSY7Av
+u2FTs/pG0B2hYqRgMF4xCzAJBgNVBAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ0wCwYDVQQKEwRCUlpHMQwwCgYDVQQLEwNNT0ExHTAbBgNVBAMTFEFibmFobWV0
+ZXN0IE1PQS1JRCAyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA
+EEeNYSW9gJrxX04z6G48A+DODPzEtZeyVUE/n/OOox9pHZ0ftOj7M4XdLj6QIrES
++cSo9UWFOkPrYj3TVuJ58LLvB3VqevNu8dq1Q0u7umiCofpuqX9rQ/hcfkVWrg3/
+EZdkckT+PRAZR88omVi5q0uU/CkG8o9+KUeqezmWMg8=
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/keystores/client.keystore b/id.server/data/certs/keystores/client.keystore
new file mode 100644
index 000000000..2304628f4
--- /dev/null
+++ b/id.server/data/certs/keystores/client.keystore
Binary files differ
diff --git a/id.server/data/certs/keystores/client.p12 b/id.server/data/certs/keystores/client.p12
new file mode 100644
index 000000000..de82e3d5e
--- /dev/null
+++ b/id.server/data/certs/keystores/client.p12
Binary files differ
diff --git a/id.server/data/certs/keystores/client2.p12 b/id.server/data/certs/keystores/client2.p12
new file mode 100644
index 000000000..5147f7f9c
--- /dev/null
+++ b/id.server/data/certs/keystores/client2.p12
Binary files differ
diff --git a/id.server/data/certs/keystores/server.keystore b/id.server/data/certs/keystores/server.keystore
new file mode 100644
index 000000000..5ed848e3f
--- /dev/null
+++ b/id.server/data/certs/keystores/server.keystore
Binary files differ
diff --git a/id.server/data/certs/keystores/testlinux.keystore b/id.server/data/certs/keystores/testlinux.keystore
new file mode 100644
index 000000000..99e78638f
--- /dev/null
+++ b/id.server/data/certs/keystores/testlinux.keystore
Binary files differ
diff --git a/id.server/data/certs/keystores/testlinux_plus_client.keystore b/id.server/data/certs/keystores/testlinux_plus_client.keystore
new file mode 100644
index 000000000..cc08a127b
--- /dev/null
+++ b/id.server/data/certs/keystores/testlinux_plus_client.keystore
Binary files differ
diff --git a/id.server/data/certs/keystores/testlinux_rev.keystore b/id.server/data/certs/keystores/testlinux_rev.keystore
new file mode 100644
index 000000000..d7964e93d
--- /dev/null
+++ b/id.server/data/certs/keystores/testlinux_rev.keystore
Binary files differ
diff --git a/id.server/data/certs/server-certs/a-trust.cer b/id.server/data/certs/server-certs/a-trust.cer
new file mode 100644
index 000000000..f87f82561
--- /dev/null
+++ b/id.server/data/certs/server-certs/a-trust.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/baltimore.cer b/id.server/data/certs/server-certs/baltimore.cer
new file mode 100644
index 000000000..514c65c51
--- /dev/null
+++ b/id.server/data/certs/server-certs/baltimore.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/cio.cer b/id.server/data/certs/server-certs/cio.cer
new file mode 100644
index 000000000..560425e95
--- /dev/null
+++ b/id.server/data/certs/server-certs/cio.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/testlinux.crt b/id.server/data/certs/server-certs/testlinux.crt
new file mode 100644
index 000000000..db9201838
--- /dev/null
+++ b/id.server/data/certs/server-certs/testlinux.crt
Binary files differ
diff --git a/id.server/data/certs/server-certs/testlinux_rev.crt b/id.server/data/certs/server-certs/testlinux_rev.crt
new file mode 100644
index 000000000..ac735db10
--- /dev/null
+++ b/id.server/data/certs/server-certs/testlinux_rev.crt
Binary files differ
diff --git a/id.server/data/certs/server-certs/testwin.cer b/id.server/data/certs/server-certs/testwin.cer
new file mode 100644
index 000000000..ff2f369a8
--- /dev/null
+++ b/id.server/data/certs/server-certs/testwin.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/testwin_rev.cer b/id.server/data/certs/server-certs/testwin_rev.cer
new file mode 100644
index 000000000..b899000f2
--- /dev/null
+++ b/id.server/data/certs/server-certs/testwin_rev.cer
Binary files differ
diff --git a/id.server/data/certs/server-certs/tomcat-server.crt b/id.server/data/certs/server-certs/tomcat-server.crt
new file mode 100644
index 000000000..f7cca3e9e
--- /dev/null
+++ b/id.server/data/certs/server-certs/tomcat-server.crt
Binary files differ
diff --git a/id.server/data/certs/server-certs/verisign.cer b/id.server/data/certs/server-certs/verisign.cer
new file mode 100644
index 000000000..85f09ee4e
--- /dev/null
+++ b/id.server/data/certs/server-certs/verisign.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
new file mode 100644
index 000000000..ec6203326
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- für MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLComplete">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/auswahl">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-- Transformationen für die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <TransformsInfo filename="file:conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP über Web Service angesprochen wird -->
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ <!-- TrustProfile für den IdentityLink der Bürgerkarte;
+ muss in MOA-SP konfiguriert sein -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkarteRoot</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <!-- TrustProfile für die Signatur des AUTH-Blocks der Bürgerkarte;
+ muss in MOA-SP konfiguriert sein -->
+ <TrustProfileID>MOAIDBuergerkarteRoot</TrustProfileID>
+ <!-- VerifyTransformsInfoProfile mit den Transformationen für die Anzeige der Anmeldedaten im Secure Viewer;
+ muss in MOA-SP konfiguriert sein -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <!-- Gültige Signatoren des IdentityLink, der von der Bürgerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <!-- für MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="https://localhost:8443/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <!-- Eintrag für jede Online-Applikation -->
+ <OnlineApplication publicURLPrefix="http://localhost:8080/moa-id-proxy/">
+ <!-- für MOA-ID-AUTH -->
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <!-- für MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="file:conf/moa-id/oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+ <!-- <ProxyComponent configFileURL="file:conf/moa-id/oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="http://localhost:8080/oa/">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <!-- ChainingModes für die Zertifikatspfadüberprüfung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <!-- für MOA-ID-AUTH: Rootzertifikate des Servers MOA-SP, falls über HTTPS angesprochen -->
+ <!-- für MOA-ID-PROXY: Rootzertifikate des Servers MOA-ID-AUTH, falls über HTTPS angesprochen,
+ und aller Online-Applikationen, die über HTTPS angesprochen werden -->
+ <TrustedCACertificates>file:conf/moa-id/certs/ca-certs</TrustedCACertificates>
+ <!-- Cache-Verzeichnis für-Zertifikate -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="conf/moa-id/certs/certstore"/>
+ <!-- Time-Out für die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out für die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/deploy/conf/moa-id/log4j.properties b/id.server/data/deploy/conf/moa-id/log4j.properties
new file mode 100644
index 000000000..eada826da
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/log4j.properties
@@ -0,0 +1,22 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=info, stdout, R
+log4j.logger.moa.spss.server=info
+log4j.logger.iaik.server=info
+log4j.logger.moa.id.auth=info
+log4j.logger.moa.id.proxy=info
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
+# configure the rolling file appender (R)
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=logs/moa-id.log
+log4j.appender.R.MaxFileSize=10000KB
+log4j.appender.R.MaxBackupIndex=1
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
diff --git a/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml b/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
new file mode 100644
index 000000000..13d99f1c1
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
new file mode 100644
index 000000000..541089ccb
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
new file mode 100644
index 000000000..900f41252
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa-spss="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <!-- Standardnamen für Kanonisierungs- und Digest-Algorithmus -->
+ <CanonicalizationAlgorithm name="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <DigestMethodAlgorithm name="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <!-- Cache-Verzeichnis für Zertifikate;
+ muss die Root- und Intermediate-CA-Zertifikate der Bürgerkarte beinhalten -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certstore"/>
+ <!-- VerifyTransformsInfoProfile mit den Transformationen für die Anzeige des AUTH-Block im Secure Viewer -->
+ <VerifyTransformsInfoProfile id="MOAIDTransformAuthBlock" filename="profiles/MOAIDTransformAuthBlock.xml"/>
+ <!-- TrustProfile für den IdentityLink der Bürgerkarte;
+ muss die Root- und Intermediate-CA-Zertifikate der Bürgerkarte beinhalten -->
+ <TrustProfile id="MOAIDBuergerkarteRoot" uri="trustprofiles/MOAIDBuergerkarteRoot"/>
+</MOAConfiguration>
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
new file mode 100644
index 000000000..1d1a610b7
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer
Binary files differ
diff --git a/id.server/data/deploy/tomcat/moa-id-env.bat b/id.server/data/deploy/tomcat/moa-id-env.bat
new file mode 100644
index 000000000..319d18f88
--- /dev/null
+++ b/id.server/data/deploy/tomcat/moa-id-env.bat
@@ -0,0 +1 @@
+set CATALINA_OPTS=-Dmoa.id.configuration=%CATALINA_HOME%\conf\moa-id\SampleMOAIDConfiguration.xml -Dmoa.spss.server.configuration=%CATALINA_HOME%\conf\moa-spss\SampleMOASPSSConfiguration.xml -Dlog4j.configuration=file:%CATALINA_HOME%\conf\moa-id\log4j.properties
diff --git a/id.server/data/deploy/tomcat/moa-id-env.sh b/id.server/data/deploy/tomcat/moa-id-env.sh
new file mode 100644
index 000000000..9acfe56c0
--- /dev/null
+++ b/id.server/data/deploy/tomcat/moa-id-env.sh
@@ -0,0 +1 @@
+export CATALINA_OPTS="-Dmoa.id.configuration=$CATALINA_HOME/conf/moa-id/SampleMOAIDConfiguration.xml -Dmoa.spss.server.configuration=$CATALINA_HOME/conf/moa-spss/SampleMOASPSSConfiguration.xml -Dlog4j.configuration=file:$CATALINA_HOME/conf/moa-id/log4j.properties"
diff --git a/id.server/data/deploy/tomcat/server.mod_jk.xml b/id.server/data/deploy/tomcat/server.mod_jk.xml
new file mode 100644
index 000000000..61100b260
--- /dev/null
+++ b/id.server/data/deploy/tomcat/server.mod_jk.xml
@@ -0,0 +1,201 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+<!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" connectionTimeout="0"
+ useURIValidationHack="false"
+ protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common"/>
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="ROOT" debug="0"/>
+ -->
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true"
+ acceptCount="10" debug="0"/>
+
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+
+ </Engine>
+
+ </Service>
+
+</Server>
+
diff --git a/id.server/data/deploy/tomcat/server.xml b/id.server/data/deploy/tomcat/server.xml
new file mode 100644
index 000000000..c99136fa2
--- /dev/null
+++ b/id.server/data/deploy/tomcat/server.xml
@@ -0,0 +1,157 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true"/>
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to -1 -->
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8443" minProcessors="5" maxProcessors="75"
+ enableLookups="uri"
+ acceptCount="100" debug="0" scheme="https" secure="true"
+ useURIValidationHack="false" disableUploadTimeout="true">
+ <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
+ clientAuth="false" protocol="TLS"/>
+ </Connector>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector" port="8008" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine" name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger" prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ </Engine>
+ </Service>
+</Server>
diff --git a/id.server/data/deploy/tomcat/uriworkermap.properties b/id.server/data/deploy/tomcat/uriworkermap.properties
new file mode 100644
index 000000000..daf0dca1a
--- /dev/null
+++ b/id.server/data/deploy/tomcat/uriworkermap.properties
@@ -0,0 +1,7 @@
+# a sample mod_jk uriworkermap.properties file for mapping
+# MOA-ID-AUTH and MOA-ID-PROXY web service requests to workers
+#
+# omit the mappings you don't need
+
+/moa-id-auth/*=moaworker
+/moa-id-proxy/*=moaworker \ No newline at end of file
diff --git a/id.server/data/deploy/tomcat/workers.properties b/id.server/data/deploy/tomcat/workers.properties
new file mode 100644
index 000000000..9350ddc77
--- /dev/null
+++ b/id.server/data/deploy/tomcat/workers.properties
@@ -0,0 +1,6 @@
+# a sample workers.properties file defining a single mod_jk worker
+
+worker.list=moaworker
+worker.moaworker.type=ajp13
+worker.moaworker.host=localhost
+worker.moaworker.port=8009
diff --git a/id.server/data/test/conf/ConfigurationTest.xml b/id.server/data/test/conf/ConfigurationTest.xml
new file mode 100644
index 000000000..5c18e35cc
--- /dev/null
+++ b/id.server/data/test/conf/ConfigurationTest.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <AuthComponent>
+ <SecurityLayer>
+ <TransformsInfo filename="file:data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <ConnectionParameter URL="https://10.16.46.108:8443/moa-spss/services">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ <!-- <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> -->
+ </ConnectionParameter>
+ <VerifyIdentityLink>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <TrustProfileID>TrustProfile1</TrustProfileID>
+ <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <ProxyComponent>
+ <AuthComponent>
+ <ConnectionParameter URL="AuthComponentURL">
+ <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+ <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <OnlineApplication publicURLPrefix="http://localhost:9080/">
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfParamAuth.xml" sessionTimeOut="10" loginParameterResolverImpl="StringloginParameterResolverImpl1" connectionBuilderImpl="StringconnectionBuilderImpl1">
+ <ConnectionParameter URL="ProxyComponentURL">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://verisign.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.verisign.com/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://a-trust.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.a-trust.at/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://baltimore.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.baltimore.com/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="http://cio.moa.gv.at/">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="https://www.cio.gv.at/">
+ <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="StringOALoginURL2">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+ <ConnectionParameter URL="ProxyComponentURL2">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <OnlineApplication publicURLPrefix="StringOALoginURL3">
+ <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+ <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+ <ConnectionParameter URL="ProxyComponentURL3">
+ <AcceptedServerCertificates>url:AcceptedServerCertificates3</AcceptedServerCertificates>
+ <ClientKeyStore password="ClientKeystoreOAPAss3">URL:toClientKeystoreOA3</ClientKeyStore>
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <ChainingModes systemDefaultMode="chaining">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <TrustedCACertificates>file:c:/java/id.server/data/test/certs/ca-certs</TrustedCACertificates>
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="c:/java/id.server/data/test/certs/cert-store-root"/>
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+ <GenericConfiguration name="ProxyComponent.DisableHostnameVerification" value="true"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/test/conf/OAConfBasicAuth.xml b/id.server/data/test/conf/OAConfBasicAuth.xml
new file mode 100644
index 000000000..61455f903
--- /dev/null
+++ b/id.server/data/test/conf/OAConfBasicAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <BasicAuth>
+ <UserID>MOAGivenName</UserID>
+ <Password>MOAFamilyName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/OAConfHeaderAuth.xml b/id.server/data/test/conf/OAConfHeaderAuth.xml
new file mode 100644
index 000000000..c92e055e9
--- /dev/null
+++ b/id.server/data/test/conf/OAConfHeaderAuth.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <HeaderAuth>
+ <Header Name="Param1" Value="MOAPublicAuthority"/>
+ <Header Name="Param2" Value="MOABKZ"/>
+ <Header Name="Param3" Value="MOAQualifiedCertificate"/>
+ <Header Name="Param4" Value="MOAZMRZahl"/>
+ <Header Name="Param5" Value="MOAIPAddress"/>
+ </HeaderAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/OAConfParamAuth.xml b/id.server/data/test/conf/OAConfParamAuth.xml
new file mode 100644
index 000000000..a70f6a6c0
--- /dev/null
+++ b/id.server/data/test/conf/OAConfParamAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateful</LoginType>
+ <ParamAuth>
+ <Parameter Name="Param1" Value="MOADateOfBirth"/>
+ <Parameter Name="Param2" Value="MOAVPK"/>
+ </ParamAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/log4j.properties b/id.server/data/test/conf/log4j.properties
new file mode 100644
index 000000000..9a808f925
--- /dev/null
+++ b/id.server/data/test/conf/log4j.properties
@@ -0,0 +1,10 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=debug, stdout
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
diff --git a/id.server/data/test/conf/transforms/TransformsInfosHTML.xml b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml
new file mode 100644
index 000000000..e003297f4
--- /dev/null
+++ b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@IssueInstant"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/test/ixsil/init/properties/algorithms.properties b/id.server/data/test/ixsil/init/properties/algorithms.properties
new file mode 100644
index 000000000..35a41cfdd
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/algorithms.properties
@@ -0,0 +1,94 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses to maintain the available algorithms.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Canonicalization algorithms
+#
+# The following properties (starting with "Canonicalization.") are associations between canonicalization
+# algorithm URIs and their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the canonicalization algorithm
+# with the identifying URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", the name of the algorithm
+# property is "Canonicalization.http://www.w3.org/TR/2001/REC-xml-c14n-20010315", i.e. the identifying URI,
+# prepended by the canonicalization algorithm property identifier ("Canonicalization."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard impl. shipped with IXSIL, "iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXMLWithComments
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXML
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments
+
+#----------------------------------------------------------------------------------------------------------
+# Signature algorithms
+#
+# The following properties (starting with "Signature.") are associations between signature algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the signature algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1", the name of the algorithm
+# property is "Signature.http://www.w3.org/2000/09/xmldsig#rsa-sha1", i.e. the identifying URI,
+# prepended by the signature algorithm property identifier ("Signature."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.SignatureAlgorithmImplRSA".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Signature.http\://www.w3.org/2000/09/xmldsig#rsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplRSA
+Signature.http\://www.w3.org/2000/09/xmldsig#dsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplDSA
+Signature.http\://www.w3.org/2000/09/xmldsig#hmac-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Digest algorithms
+#
+# The following properties (starting with "Digest.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the digest algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#sha1", the name of the algorithm
+# property is "Digest.http://www.w3.org/2000/09/xmldsig#sha1", i.e. the identifying URI,
+# prepended by the digest algorithm property identifier ("Digest."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.DigestAlgorithmImplSHA1".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Digest.http\://www.w3.org/2000/09/xmldsig#sha1 = iaik.ixsil.algorithms.DigestAlgorithmImplSHA1
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Transform algorithms
+#
+# The following properties (starting with "Transform.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the transform algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#base64", the name of the algorithm
+# property is "Transform.http://www.w3.org/2000/09/xmldsig#base64", i.e. the identifying URI,
+# prepended by the transform algorithm property identifier ("Transform."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.TransformImplBase64Decode".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.TransformImplCanonicalXML
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXMLWithComments
+Transform.http\://www.w3.org/2000/09/xmldsig#base64 = iaik.ixsil.algorithms.TransformImplBase64Decode
+Transform.http\://www.w3.org/TR/1999/REC-xpath-19991116 = iaik.ixsil.algorithms.TransformImplXPath
+Transform.http\://www.w3.org/2000/09/xmldsig#enveloped-signature = iaik.ixsil.algorithms.TransformImplEnvelopedSignature
+Transform.http\://www.w3.org/TR/1999/REC-xslt-19991116 = iaik.ixsil.algorithms.TransformImplXSLT
+Transform.http\://www.w3.org/2002/06/xmldsig-filter2 = iaik.ixsil.algorithms.TransformImplXPath2
diff --git a/id.server/data/test/ixsil/init/properties/init.properties b/id.server/data/test/ixsil/init/properties/init.properties
new file mode 100644
index 000000000..a679a2635
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/init.properties
@@ -0,0 +1,214 @@
+# IXSIL init properties
+#
+# This file contains the basic initialization properties for IXSIL.
+
+#----------------------------------------------------------------------------------------------------------
+# Properties for localizing exeption messages
+
+# This property specifies the ISO language code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOLanguageCode = "en"
+
+
+
+# This property specifies the ISO country code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOCountryCode = "US"
+
+
+#----------------------------------------------------------------------------------------------------------
+# Other property files
+
+# This property contains a URI specifying the (virtual) location of the IXSIL init properties file (i. e.
+# this file). The URI MUST be absolute.
+#
+# The use of this property is optional. It is only needed by IXSIL, if the library will be initialized using
+# the method IXSILInit.init(Properties, Properties, Properties). In this case it is used by IXSIL as the
+# base URI for absolutizing other property URIs, such as "DOMUtils.SignatureSchema" (see below).
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/init.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/init.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/init.properties"
+
+location.initProperties = file:data/test/ixsil/init/properties/init.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL algorithm properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/algorithms.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/algorithms.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/algorithms.properties"
+# Example 4 (relative URI): "../otherpath/algorithms.properties"
+# Example 5 (relative URI): "algorithms.properties"
+
+location.algorithmsProperties = file:data/test/ixsil/init/properties/algorithms.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL keyManager properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+# authority component. This means that the part following the scheme identifier starts with "/"
+# (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/keyManager.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/keyManager.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/keyManager.properties"
+# Example 4 (relative URI): "../otherpath/keyManager.properties"
+# Example 5 (relative URI): "keyManager.properties"
+
+location.keyManagerProperties = file:data/test/ixsil/init/properties/keyManager.properties
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# AlgorithmFactory properties
+
+
+
+This property specifies the extension class for the abstract class
+iaik.ixsil.algorithms.AlgorithmFactory, which is instantiated at invokation of method
+iaik.ixsil.algorithms.AlgorithmFactory.createFactory().
+Please specifiy the fully qualified java class name for the class to be instantiated.
+
+AlgorithmFactory.ImplementingClass = iaik.ixsil.algorithms.AlgorithmFactoryDefaultImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# VerifierKeyManager properties
+
+# This property specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.VerifierKeyManager, which is instantiated by IXSIL in the verification use case, if the
+# signature algorithm does not know about the verification key, and if the XML signature bears a KeyInfo
+# element which contains hints that can be used to deduce the verification key.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+VerifierKeyManager.ImplementingClass = iaik.ixsil.keyinfo.KeyManagerImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XML namespace prefix properties
+
+# This property specifies the namespace prefix used for XML elements from the XML-Signature namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSignature = dsig:
+
+
+
+# This property specifies the namespace prefix used for XML elements from the XML Schema instance namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSchemaInstance = xsi:
+
+
+#----------------------------------------------------------------------------------------------------------
+# DOMUtils properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.DOMUtilsInterface, which contains a couple of DOM utility methods, which IXSIL relies
+# on. If you would like to employ a parser different from Apache Xerces, you must implement the
+# DOMUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+DOMUtils.ImplementingClass = iaik.ixsil.util.DOMUtilsImpl
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter WARNINGS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportWarnings = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter ERRORS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter FATAL ERRORS generated by the Apache Xerces parser should lead to a parser
+# exception or not.
+
+DOMUtils.ErrorHandler.reportFatalErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies an URI for the location of the XML schema for an XML signature, which is used as the
+# reference grammar in method iaik.ixsil.util.DOMUtilsImpl.schemaValidateSignatureElement.
+# The URI can be absolute or relative. If the URI is relative, it will be absolutized using the URI for
+# this init property file as the base.
+
+DOMUtils.SignatureSchema = ../schemas/Signature.xsd
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XPathUtils properties
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.XPathUtilsInterface, which contains a couple of XPath utility methods, which IXSIL relies
+# on. If you would like to employ a XPath engine different from Apache Xalan, you must implement the
+# XPathUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+XPathUtils.ImplementingClass = iaik.ixsil.util.XPathUtilsImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# CanonicalXMLSerializer properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.CanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML according
+# to "Canonical XML" (see http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If you would like to employ an
+# implemenation different from the standard implementation shipped with IXSIL, you must implement the
+# CanonicalXMLSerialierInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.CanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.ExclusiveCanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML
+# according to "Exclusive XML Canonicalization" (see http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120).
+# If you would like to employ an implemenation different from the standard implementation shipped with
+# IXSIL, you must implement the ExclusiveCanonicalXMLSerialierInterface and specify your implementation
+# class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.ExclusiveCanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
diff --git a/id.server/data/test/ixsil/init/properties/keyManager.properties b/id.server/data/test/ixsil/init/properties/keyManager.properties
new file mode 100644
index 000000000..24ece437a
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/keyManager.properties
@@ -0,0 +1,74 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses in context of key management.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties are associations between the fully qualified XMLname of a "KeyInfo" subelement,
+# as used in an XML signature to specify hints how the verifier can obtain the verification key, and that
+# implementation class of the interface iaik.ixsil.keyinfo.KeyProviderInterface, which will manage
+# subelements of that type.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# For instance, if you would like to specify the key provider implementation for "KeyValue" subelements,
+# the property name is the fully qualified XML name for the "KeyValue" element, namely
+# "http://www.w3.org/2000/09/xmldsig#:KeyValue". The value of the property is the fully qualified class
+# name of the key provider implementation class, for instance the standard implementation which ships with
+# IXSIL: "iaik.ixsil.keyinfo.KeyProviderImplKeyValue".
+#
+# PLEASE NOTE (I): A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+#
+# PLEASE NOTE (II): The colon character (":") must be escaped by a leading backslash, if it appears in the
+# property name.
+
+http\://www.w3.org/2000/09/xmldsig#\:KeyValue = iaik.ixsil.keyinfo.KeyProviderImplKeyValue
+http\://www.w3.org/2000/09/xmldsig#\:X509Data = iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data
+http\://www.w3.org/2000/09/xmldsig#\:RetrievalMethod = iaik.ixsil.keyinfo.retrieval.KeyProviderImplRetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties specify the order in which the different types of "KeyInfo" subelements are used
+# by the key manager to deduce the verification key.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# The properties are associations between a two digit number and the fully qualified XML name of a "KeyInfo"
+# subelement. The lower the number, the more important is the associated "KeyInfo" sublement. Consider an
+# example configuration:
+#
+# Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+# Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+#
+# In this configuration, the key manager first tries to use "KeyValue" subelements to deduce the
+# verification key. Only if this does not succeed, the key manager uses "X509Data" subelements as a second
+# chance. Of course you can specify more than only two different subelement types.
+#
+# PLEASE NOTE: A fully qualified name for an XML element consists of an URI indicating the namespace the
+# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+# element (e.g. "KeyValue"). Both components are seperated by a colon.
+
+Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+Subelement.03 = http://www.w3.org/2000/09/xmldsig#:RetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following property is used by standard implementation of the "X509Data" key provider, which ships
+# with IXSIL, namely "KeyProviderImplX509Data". It specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.x509.X509TrustManagerInterface, which is to be instantiated as the backbone trust
+# manager for this key provider.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+KeyProviderImplX509Data.X509TrustManagerDefaultImplementingClass = iaik.ixsil.keyinfo.x509.X509TrustManagerDummyImpl
+
diff --git a/id.server/data/test/ixsil/init/schemas/Signature.xsd b/id.server/data/test/ixsil/init/schemas/Signature.xsd
new file mode 100644
index 000000000..7867883f9
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/Signature.xsd
@@ -0,0 +1,328 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ SYSTEM "XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.3 $ on $Date: 2001/08/28 16:14:01 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<!-- modified to ensure that whiteSpace is preserved
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+ -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="string">
+ <whiteSpace value="preserve"/>
+ <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/>
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="ds:CryptoBinary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="ds:CryptoBinary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="ds:CryptoBinary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="ds:CryptoBinary"/>
+ <element name="X509CRL" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="ds:CryptoBinary"/>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
new file mode 100644
index 000000000..678cfc8dd
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
@@ -0,0 +1,402 @@
+<!-- DTD for XML Schemas: Part 1: Structures
+ Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+ Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. --> <!--d-->
+<!-- prose copy in the structures REC is the definitive version --> <!--d-->
+<!-- (which shouldn't differ from this one except for this --> <!--d-->
+<!-- comment and entity expansions, but just in case) --> <!--d-->
+<!-- With the exception of cases with multiple namespace
+ prefixes for the XML Schema namespace, any XML document which is
+ not valid per this DTD given redefinitions in its internal subset of the
+ 'p' and 's' parameter entities below appropriate to its namespace
+ declaration of the XML Schema namespace is almost certainly not
+ a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+ are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+ schema document to establish a different
+ namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+ also define %s as the suffix for the appropriate
+ namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+ Define one of these if your schema takes advantage of the
+ anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+ <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+ <!-- #all or space-separated list drawn from
+ derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+ which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+ ((%simpleType; | %complexType;
+ | %element; | %attribute;
+ | %attributeGroup; | %group;
+ | %notation; ),
+ (%annotation;)*)* )>
+<!ATTLIST %schema;
+ targetNamespace %URIref; #IMPLIED
+ version CDATA #IMPLIED
+ %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema'
+ xmlns CDATA #IMPLIED
+ finalDefault %complexDerivationSet; ''
+ blockDefault %blockSet; ''
+ id ID #IMPLIED
+ elementFormDefault %formValues; 'unqualified'
+ attributeFormDefault %formValues; 'unqualified'
+ xml:lang CDATA #IMPLIED
+ %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+ because at the Infoset level where schemas operate,
+ xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+
+<!-- The id attribute here and below is for use in external references
+ from non-schemas using simple fragment identifiers.
+ It is NOT used for schema-to-schema reference, internal or
+ external. -->
+
+<!-- a type is a named content type specification which allows attribute
+ declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+ (%simpleContent;|%complexContent;|
+ %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %complexDerivationSet; #IMPLIED
+ mixed (true|false) 'false'
+ %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+ has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+ and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+ mixed (true|false) #IMPLIED
+ id ID #IMPLIED
+ %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+ one from part2; extension should use the full model -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+ id ID #IMPLIED
+ %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the
+ one defined above; extension should have no particle -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+ base %QName; #REQUIRED
+ id ID #IMPLIED
+ %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+ (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ nillable %boolean; #IMPLIED
+ substitutionGroup %QName; #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %blockSet; #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+ substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group;
+ name %NCName; #IMPLIED
+ ref %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+ minOccurs (1) #IMPLIED
+ maxOccurs (1) #IMPLIED
+ id ID #IMPLIED
+ %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+ a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+ If order is 'all' THIS group must be alone (or referenced alone) at
+ the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ minOccurs %nonNegativeInteger; '1'
+ maxOccurs CDATA '1'
+ id ID #IMPLIED
+ %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+ ##any - - any non-conflicting WFXML at all
+
+ ##other - - any non-conflicting WFXML from namespace other
+ than targetNamespace
+
+ ##local - - any unqualified non-conflicting WFXML/attribute
+ one or - - any non-conflicting WFXML from
+ more URI the listed namespaces
+ references
+
+ ##targetNamespace ##local may appear in the above list,
+ with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ id ID #IMPLIED
+ %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ use (prohibited|optional|required) #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+ reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+ (%attribute; | %attributeGroup;)*,
+ (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name. ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %uniqueAttrs;>
+
+<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+ name %NCName; #REQUIRED
+ refer %QName; #REQUIRED
+ id ID #IMPLIED
+ %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+ namespace %URIref; #IMPLIED
+ schemaLocation %URIref; #IMPLIED
+ id ID #IMPLIED
+ %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+ %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ public CDATA #REQUIRED
+ system %URIref; #IMPLIED
+ %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+ as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+ to work -->
+<!ELEMENT %appinfo; ANY> <!-- too restrictive -->
+<!ATTLIST %appinfo;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ %appinfoAttrs;>
+<!ELEMENT %documentation; ANY> <!-- too restrictive -->
+<!ATTLIST %documentation;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ xml:lang CDATA #IMPLIED
+ %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+ 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+ 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
diff --git a/id.server/data/test/ixsil/init/schemas/datatypes.dtd b/id.server/data/test/ixsil/init/schemas/datatypes.dtd
new file mode 100644
index 000000000..8e48553be
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/datatypes.dtd
@@ -0,0 +1,203 @@
+<!--
+ DTD for XML Schemas: Part 2: Datatypes
+ $Id: datatypes.dtd,v 1.23 2001/03/16 17:36:30 ht Exp $
+ Note this DTD is NOT normative, or even definitive. - - the
+ prose copy in the datatypes REC is the definitive version
+ (which shouldn't differ from this one except for this comment
+ and entity expansions, but just in case)
+ -->
+
+<!--
+ This DTD cannot be used on its own, it is intended
+ only for incorporation in XMLSchema.dtd, q.v.
+ -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+ Customisation entities for the ATTLIST of each element
+ type. Define one of these if your schema takes advantage
+ of the anyAttribute='##other' in the schema for schemas
+ -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+ types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+ #all or space-separated list drawn from derivationChoice
+ -->
+
+<!--
+ Note that the use of 'facet' below is less restrictive
+ than is really intended: There should in fact be no
+ more than one of each of minInclusive, minExclusive,
+ maxInclusive, maxExclusive, totalDigits, fractionDigits,
+ length, maxLength, minLength within datatype,
+ and the min- and max- variants of Inclusive and Exclusive
+ are mutually exclusive. On the other hand, pattern and
+ enumeration may repeat.
+ -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+ "%pattern; | %enumeration; | %whiteSpace; | %length; |
+ %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr
+ "value CDATA #REQUIRED
+ id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+ ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+ name %NCName; #IMPLIED
+ final %simpleDerivationSet; #IMPLIED
+ id ID #IMPLIED
+ %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+ (%restriction1; |
+ ((%simpleType;)?,(%facet;)*)),
+ (%attrDecls;))>
+<!ATTLIST %restriction;
+ base %QName; #IMPLIED
+ id ID #IMPLIED
+ %restrictionAttrs;>
+<!--
+ base and simpleType child are mutually exclusive,
+ one is required.
+
+ restriction is shared between simpleType and
+ simpleContent and complexContent (in XMLSchema.xsd).
+ restriction1 is for the latter cases, when this
+ is restricting a complex type, as is attrDecls.
+ -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+ itemType %QName; #IMPLIED
+ id ID #IMPLIED
+ %listAttrs;>
+<!--
+ itemType and simpleType child are mutually exclusive,
+ one is required
+ -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+ id ID #IMPLIED
+ memberTypes %QNames; #IMPLIED
+ %unionAttrs;>
+<!--
+ At least one item in memberTypes or one simpleType
+ child is required
+ -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+ %facetAttr;
+ %fixedAttr;
+ %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+ %facetAttr;
+ %fixedAttr;
+ %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+ %facetAttr;
+ %fixedAttr;
+ %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+ %facetAttr;
+ %fixedAttr;
+ %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+ %facetAttr;
+ %fixedAttr;
+ %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+ %facetAttr;
+ %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+ %facetAttr;
+ %fixedAttr;
+ %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+ %facetAttr;
+ %patternAttrs;>
diff --git a/id.server/data/test/xmldata/ErrorResponse.xml b/id.server/data/test/xmldata/ErrorResponse.xml
new file mode 100644
index 000000000..db70c2560
--- /dev/null
+++ b/id.server/data/test/xmldata/ErrorResponse.xml
@@ -0,0 +1,4 @@
+<?xml version='1.0' encoding='UTF-8'?><sl10:ErrorResponse xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'>
+ <sl10:ErrorCode>29002</sl10:ErrorCode>
+ <sl10:Info>Ein unerwarteter Fehler ist aufgetreten. Die Verarbeitung wurde abgebrochen. Fehler:null</sl10:Info>
+</sl10:ErrorResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/GetIdentityLinkForm.html b/id.server/data/test/xmldata/GetIdentityLinkForm.html
new file mode 100644
index 000000000..b7828e598
--- /dev/null
+++ b/id.server/data/test/xmldata/GetIdentityLinkForm.html
@@ -0,0 +1,20 @@
+<html>
+<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+<head>
+<title>Auslesen der Personenbindung</title>
+
+</head>
+<body>
+<form name="GetIdentityLinkForm"
+ action="http://localhost:3495/http-security-layer-request"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<?xml version='1.0' encoding='ISO-8859-1' ?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="https://localhost:8443/moa-id-auth/VerifyIdentityLink?MOASessionID=3579795857269397498"/>
+ <input type="submit" value="Auslesen der Personenbindung"/>
+</form>
+</body>
+</html> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
new file mode 100644
index 000000000..2cfa65c96
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com) by Paul Ivancsics (My Own) -->
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="-4633313027464114584" Issuer="http://localhost:8080/moa-id-auth/" IssueInstant="2003-04-02T14:55:42+02:00">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier NameQualifier="http://reference.e-government.gv.at/names/vpk/20020221#">MTk2OC0xMC0yMmdi</saml:NameIdentifier>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="any" Issuer="Hermann Muster" IssueInstant="2003-04-02T14:55:27+02:00">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ </saml:Assertion>
+ <saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+ <dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>
+ <dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>
+ <dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ <dsig:Object>
+ <dsig:Manifest>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:Manifest>
+ </dsig:Object>
+ </dsig:Signature>
+ </saml:Assertion>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <saml:AttributeValue>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>false</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion>
diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
new file mode 100644
index 000000000..4a5f02dcd
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
@@ -0,0 +1,52 @@
+<?xml version='1.0' encoding='ISO-8859-1' ?>
+<sl11:CreateXMLSignatureRequest xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#' xmlns:sl11='http://www.buergerkarte.at/namespaces/securitylayer/20020831#'>
+ <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>
+ <sl11:DataObjectInfo Structure='detached'>
+ <sl10:DataObject Reference=''/>
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" >
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br /><br />
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer" /></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant" /></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue" /></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue" /></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier" /></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo> </sl11:DataObjectInfo>
+ <sl11:SignatureInfo>
+ <sl11:SignatureEnvironment>
+ <sl10:XMLContent><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='Hermann Muster' IssueInstant='2003-02-26T09:25:50+01:00'>
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+ <saml:AttributeValue>http://localhost:9080/login.html</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement>
+</saml:Assertion></sl10:XMLContent>
+ </sl11:SignatureEnvironment>
+ <sl11:SignatureLocation Index='2'>/saml:Assertion</sl11:SignatureLocation>
+ </sl11:SignatureInfo>
+</sl11:CreateXMLSignatureRequest> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..5a4759b7a
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+ </saml:Subject>
+ <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>gb</saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+ </saml:Attribute>
+ </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
new file mode 100644
index 000000000..9b8fa743f
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace"><SignerInfo><dsig:X509Data><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>0</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</dsig:X509SubjectName><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate><PublicAuthority><Code>BMOLS-IKT</Code></PublicAuthority></dsig:X509Data></SignerInfo><HashInputData><Base64Content>PFZlcmlmeVhNTFNpZ25hdHVyZVJlcXVlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVu Y2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4 bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4g IDxWZXJpZnlTaWduYXR1cmVJbmZvPiAgICA8VmVyaWZ5U2lnbmF0dXJlRW52aXJv bm1lbnQ+ICAgICAgPFhNTENvbnRlbnQgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHNh bWw6QXNzZXJ0aW9uIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJu bWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5z OnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHht bG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFu Y2UiIEFzc2VydGlvbklEPSJ6bXIuYm1pLmd2LmF0LUFzc2VydGlvbklELTIwMDMt MDItMTJUMjA6Mjg6MzQuNDc0IiBJc3N1ZUluc3RhbnQ9IjIwMDMtMDItMTJUMjA6 Mjg6MzQuNDc0IiBJc3N1ZXI9Imh0dHA6Ly96bXIuYm1pLmd2LmF0L3ptcmEvbmFt ZXMjSXNzdWVyIiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI+CiAg PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgogICAgPHNhbWw6U3ViamVjdD4KICAg ICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgICAgICA8c2FtbDpDb25m aXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNl bmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KICAgICAgICA8 c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KICAgICAgICAgIDxwcjpQZXJz b24geHNpOnR5cGU9InByOlBoeXNpY2FsUGVyc29uVHlwZSI+CiAgICAgICAgICAg IAogICAgICAgICAgICA8cHI6TmFtZT4KICAgICAgICAgICAgICA8cHI6R2l2ZW5O YW1lPkhlcm1hbm48L3ByOkdpdmVuTmFtZT4KICAgICAgICAgICAgICA8cHI6RmFt aWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3RlcjwvcHI6RmFtaWx5TmFt ZT4KICAgICAgICAgICAgPC9wcjpOYW1lPgogICAgICAgICAgICA8cHI6RGF0ZU9m QmlydGg+MTk2OC0xMC0yMjwvcHI6RGF0ZU9mQmlydGg+CiAgICAgICAgICA8L3By OlBlcnNvbj4KICAgICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+ CiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPgogICAgPC9zYW1sOlN1 YmplY3Q+CiAgICA8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXpl blB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJodHRwOi8vd3d3LmJ1ZXJn ZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMi PgogICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgICA8ZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgICAgIDxkc2lnOk1vZHVsdXM+MHYxRnRmN1dYZ29leHgw Sm8vR3JsRXhIT0huUUlFUTVGRlNqcHRMUmQ1Qk4xbVpZUmcyUzlLZk9NYkhTQ3Np UG04QXdqQUV3RTVFTSBBNlAxOFovWXlUSXVQN2ZOR3pja2JCNVBZSWdOTUhMOC9U WUpoSEE4Q2phbXNCckVmWURYaXZFOGlBdkFMZzVJOVJNTFpBRG16TDdhIGYyZGFZ WXVPOGR5Y1F3M3hnNlU9PC9kc2lnOk1vZHVsdXM+CiAgICAgICAgICA8ZHNpZzpF eHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PgogICAgICAgIDwvZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgPC9zYW1s OkF0dHJpYnV0ZT4KICAgIDxzYW1sOkF0dHJpYnV0ZSBBdHRyaWJ1dGVOYW1lPSJD aXRpemVuUHVibGljS2V5IiBBdHRyaWJ1dGVOYW1lc3BhY2U9Imh0dHA6Ly93d3cu YnVlcmdlcmthcnRlLmF0L25hbWVzcGFjZXMvcGVyc29uZW5iaW5kdW5nLzIwMDIw NTA2IyI+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgICAgIDxkc2ln OlJTQUtleVZhbHVlPgogICAgICAgICAgPGRzaWc6TW9kdWx1cz5pMnFhNTZYNGZw WWVYcUZMWEFjUWxqR1UzK0RXblZnTnJBeEk5Z24yYk1lRld0TFhFMlNGYTZxdmw5 RXltVWwwbm9CbEZuMHE5RFdwIEFzeWVMblJoekNBWEplU3hpd3NVRWxvT3ZjUUNW MERmVzJVVnEwWTliVmxKOEtpZkoyQVMrNUJ4WjIxbWtjL1ZZeDVRejZFWWpQcm4g cElwZEF3UjlzdzV4bkl2VHlTYz08L2RzaWc6TW9kdWx1cz4KICAgICAgICAgIDxk c2lnOkV4cG9uZW50PkFRQUI8L2RzaWc6RXhwb25lbnQ+CiAgICAgICAgPC9kc2ln OlJTQUtleVZhbHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICA8 L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+Cjwvc2Ft bDpBc3NlcnRpb24+PC9YTUxDb250ZW50PiAgICA8L1ZlcmlmeVNpZ25hdHVyZUVu dmlyb25tZW50PiAgICA8VmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+Ly9kc2lnOlNp Z25hdHVyZTwvVmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+ICA8L1ZlcmlmeVNpZ25h dHVyZUluZm8+ICA8UmV0dXJuSGFzaElucHV0RGF0YT48L1JldHVybkhhc2hJbnB1 dERhdGE+ICA8VHJ1c3RQcm9maWxlSUQ+VHJ1c3RQcm9maWxlMTwvVHJ1c3RQcm9m aWxlSUQ+PC9WZXJpZnlYTUxTaWduYXR1cmVSZXF1ZXN0Pg==</Base64Content></HashInputData><HashInputData><Base64Content>PGRzaWc6TWFuaWZlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5t ZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4bWxuczpkc2lnPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiB4bWxuczpwcj0iaHR0 cDovL3JlZmVyZW5jZS5lLWdvdmVybm1lbnQuZ3YuYXQvbmFtZXNwYWNlL3BlcnNv bmRhdGEvMjAwMjAyMjgjIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6 U0FNTDoxLjA6YXNzZXJ0aW9uIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3Jn LzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWw6c3BhY2U9InByZXNlcnZlIj48 ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJh bnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxk c2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvZHNpZzpUcmFuc2Zvcm0+PC9kc2ln OlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDov L3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHNpZzpEaWdlc3RN ZXRob2Q+PGRzaWc6RGlnZXN0VmFsdWU+QnF6ZkNCN2ROZzRHM3U0WWF4cEQxdEFM ZEtJPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpN YW5pZmVzdD4=</Base64Content></HashInputData><SignatureCheck><Code>1</Code></SignatureCheck><XMLDSIGManifestCheck><Code>1</Code><Info><ReferringSigReference>1</ReferringSigReference></Info></XMLDSIGManifestCheck><CertificateCheck><Code>1</Code></CertificateCheck></VerifyXMLSignatureResponse> \ No newline at end of file
diff --git a/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a35b7f209
--- /dev/null
+++ b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:SubjectConfirmation>
+ <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+ <saml:SubjectConfirmationData>
+ <pr:Person xsi:type="pr:PhysicalPersonType">
+ <pr:Identification>
+ <pr:Value>123456789012</pr:Value>
+ <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+ </pr:Identification>
+ <pr:Name>
+ <pr:GivenName>Hermann</pr:GivenName>
+ <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+ </pr:Name>
+ <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+ </pr:Person>
+ </saml:SubjectConfirmationData>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute>
+ <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+ <saml:AttributeValue>
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </saml:AttributeValue>
+ </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse> \ No newline at end of file