update PVP Single LogOut request/response signature validation

1 files changed, 9 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index 4d12c38da..75ef7e5a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -57,6 +57,15 @@ public class MOASAMLSOAPClient {
 	    
 		BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
 		soapContext.setOutboundMessage(soapRequest);
+
+		//set security policy context
+//		BasicSecurityPolicy policy = new BasicSecurityPolicy();
+//		policy.getPolicyRules().add(
+//				new MOAPVPSignedRequestPolicyRule(
+//						TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+//						SPSSODescriptor.DEFAULT_ELEMENT_NAME));		
+//		SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
+//		soapContext.setSecurityPolicyResolver(secResolver);
 		 
 		HttpClientBuilder clientBuilder = new HttpClientBuilder();
 		if (destination.startsWith("https")) {