-- Resign IdentityLink: if this feature is enabled, the identitylink is resigned in case of businessservice by using MOASS

 -- GeneralConfigReloadDaemon: Reload general MOA-ID configuration from database every minute if it has changed

11 files changed, 388 insertions, 77 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ff2cee559..1bd9205ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2305,6 +2305,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 				MISMandate mandate = session.getMISMandate();
 				authData.setBPK(mandate.getOWbPK());
 				authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+				authData.setIdentityLink(identityLink);
 				
 			} else {
 			
@@ -2397,14 +2398,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 	public void cleanup() {
 		long now = new Date().getTime();
 		
-		//clean AuthenticationSessionStore
-		//TODO: acutally the StartAuthentificaten timestamp is used!!!!!
-		//TODO: maybe change this to lastupdate timestamp.
+		//clean AuthenticationSessionStore		
+			
 		AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
-				
+			
 		//clean AssertionStore
 		AssertionStorage assertionstore = AssertionStorage.getInstance();
-		assertionstore.clean(now, authDataTimeOut);
+		assertionstore.clean(now, authDataTimeOut);		
 	}
 
 	/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 82c1da74a..7db8adb6f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -37,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger;
 public class AuthenticationSessionCleaner implements Runnable {
 
   /** interval the <code>AuthenticationSessionCleaner</code> is run in */
-  private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min
+  private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 30 min
 
 	/**
 	 * Runs the thread. Cleans the <code>AuthenticationServer</code> session store
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 725773b75..a73d76d68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -39,6 +39,7 @@ import javax.net.ssl.SSLSocketFactory;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigLoader;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
 import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
@@ -174,33 +175,10 @@ public class MOAIDAuthInitializer {
         }
 
         
-        // sets the authentication session and authentication data time outs
-        BigInteger param = authConf.getTimeOuts().getMOASessionCreated();
-        if (param != null) {
-                long sessionTimeOut = param.longValue();
-            if (sessionTimeOut > 0)
-                    AuthenticationServer.getInstance()
-                            .setSecondsSessionTimeOutCreated(sessionTimeOut);
-        }
-        
-        param = authConf.getTimeOuts().getMOASessionUpdated();
-        if (param != null) {
-                long sessionTimeOut = param.longValue();
-            if (sessionTimeOut > 0)
-                    AuthenticationServer.getInstance()
-                            .setSecondsSessionTimeOutUpdated(sessionTimeOut);
-        }
-        
-        param = authConf.getTimeOuts().getAssertion();
-        if (param != null) {
-            long authDataTimeOut = param.longValue();
-            if (authDataTimeOut > 0)
-                    AuthenticationServer.getInstance()
-                            .setSecondsAuthDataTimeOut(authDataTimeOut);
-        }
-
         // Starts the session cleaner thread to remove unpicked authentication data
         AuthenticationSessionCleaner.start();
+        AuthConfigLoader.start();
     }
+    
 
 }
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
new file mode 100644
index 000000000..56105e64d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+public class AuthConfigLoader implements Runnable {
+
+	private static final long INTERVAL = 60; // 60 sec
+	
+	public void run() {
+		while (true) {
+			try {
+				Thread.sleep(INTERVAL * 1000);
+						
+				Logger.info("check for new config.");
+				MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+				Date dbdate = moaidconfig.getTimestampItem();
+				ConfigurationDBUtils.closeSession();
+
+				Date date = AuthConfigurationProvider.getTimeStamp();
+			
+				if (dbdate != null && dbdate.after(date)) {
+					AuthConfigurationProvider instance = AuthConfigurationProvider.getInstance();
+					instance.reloadDataBaseConfig();
+					date = dbdate;
+				}
+			} catch (Exception e) {
+				Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e);
+			}
+		}
+		
+	}
+	
+	public static void start() {
+		// start the session cleanup thread
+		Thread configLoader = new Thread(new AuthConfigLoader());
+		configLoader.setName("ConfigurationLoader");
+		configLoader.setDaemon(true);
+		configLoader.setPriority(Thread.MIN_PRIORITY);
+		configLoader.start();
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 28288815a..df303cde2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -35,6 +35,7 @@ import java.net.MalformedURLException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -187,6 +188,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   
   private static SSO ssoconfig = null;
   
+  private static Date date = null;
+  
  /**
    * Return the single instance of configuration data.
    * 
@@ -202,6 +205,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
     return instance;
   }
 
+  public static Date getTimeStamp() {
+		return date;
+	}
+  
   /**
    * Reload the configuration data and set it if successful.
    * 
@@ -244,7 +251,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	try {					
 		//Initial Hibernate Framework
 		Logger.trace("Initializing Hibernate framework.");
-			
+		
+		date = new Date();
+		
 		//Load MOAID-2.0 properties file
 		File propertiesFile = new File(fileName);
 		FileInputStream fis;
@@ -383,6 +392,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 			Logger.info("XML Configuration load is completed.");
 		}
 		
+		reloadDataBaseConfig();
+		
+		
+    } catch (Throwable t) {
+      throw new ConfigurationException("config.02", null, t);
+  	}
+  }
+
+  public synchronized void reloadDataBaseConfig() throws ConfigurationException {
+		
 		Logger.info("Read MOA-ID 2.0 configuration from database.");
 		moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
 		Logger.info("MOA-ID 2.0 is loaded.");
@@ -431,41 +450,41 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 			throw new ConfigurationException("config.02", null);
 		}
 
-    	//set Trusted CA certs directory 
-    	trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
+  	//set Trusted CA certs directory 
+  	trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
 		
-    	//set CertStoreDirectory
-    	setCertStoreDirectory();
-    	
-    	//set TrustManagerRevocationChecking
-    	setTrustManagerRevocationChecking();
-    	
-    	//set TimeOuts
+  	//set CertStoreDirectory
+  	setCertStoreDirectory();
+  	
+  	//set TrustManagerRevocationChecking
+  	setTrustManagerRevocationChecking();
+  	
+  	//set TimeOuts
 		if (auth.getGeneralConfiguration() != null)  {
-  	  		if (auth.getGeneralConfiguration().getTimeOuts() != null) {
-  	  			
-  	  			timeouts = new TimeOuts();
-  	  			if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
-  	  				timeouts.setAssertion(new BigInteger("120"));
-  	  			else
-  	  				timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-  	  			
-  	  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
-  	  				timeouts.setMOASessionCreated(new BigInteger("2700"));
-  	  			else
-  	  				timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-  	  			
-  	  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
-  	  				timeouts.setMOASessionUpdated(new BigInteger("1200"));
-  	  			else
-  	  				timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
-  	  		}
-  	  	}
-  	  	else {
-  	  		Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
-  	  		throw new ConfigurationException("config.02", null);
-  	  	}
-    	
+	  		if (auth.getGeneralConfiguration().getTimeOuts() != null) {
+	  			
+	  			timeouts = new TimeOuts();
+	  			if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
+	  				timeouts.setAssertion(new BigInteger("120"));
+	  			else
+	  				timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+	  			
+	  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
+	  				timeouts.setMOASessionCreated(new BigInteger("2700"));
+	  			else
+	  				timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+	  			
+	  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
+	  				timeouts.setMOASessionUpdated(new BigInteger("1200"));
+	  			else
+	  				timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+	  		}
+	  	}
+	  	else {
+	  		Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
+	  		throw new ConfigurationException("config.02", null);
+	  	}
+  	
 		//set PVP2 general config
 		Protocols protocols = auth.getProtocols();
 			if (protocols != null) {
@@ -504,6 +523,33 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 		//set alternativeSourceID
 		if (auth.getGeneralConfiguration() != null)		  
 			alternativesourceid =  auth.getGeneralConfiguration().getAlternativeSourceID();
+		
+	        // sets the authentication session and authentication data time outs
+	        BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated();
+	        
+	        if (param != null) {
+	                long sessionTimeOut = param.longValue();
+	            if (sessionTimeOut > 0)
+	                    AuthenticationServer.getInstance()
+	                            .setSecondsSessionTimeOutCreated(sessionTimeOut);
+	        }
+	        
+	        param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated();
+	        if (param != null) {
+	                long sessionTimeOut = param.longValue();
+	            if (sessionTimeOut > 0)
+	                    AuthenticationServer.getInstance()
+	                            .setSecondsSessionTimeOutUpdated(sessionTimeOut);
+	        }
+	        
+	        param = auth.getGeneralConfiguration().getTimeOuts().getAssertion();
+	        if (param != null) {
+	            long authDataTimeOut = param.longValue();
+	            if (authDataTimeOut > 0)
+	                    AuthenticationServer.getInstance()
+	                            .setSecondsAuthDataTimeOut(authDataTimeOut);
+	        }
+
 		else {
 			  Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
 			  throw new ConfigurationException("config.02", null);
@@ -613,15 +659,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 		} else {
 			Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
 		}
-		
+	
     	//close Database
     	ConfigurationDBUtils.closeSession();
-    	
-    } catch (Throwable t) {
-      throw new ConfigurationException("config.02", null, t);
-  	}
-  }
-
+	}
+  
   
   public Properties getGeneralPVP2ProperiesConfig() {
       Properties configProp = new Properties();
@@ -879,7 +921,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	  } 
   }
   
-  private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { 
+  private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { 
 	  AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();	  
 	  if (authgeneral == null) {
 		  Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
@@ -888,7 +930,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	  return authgeneral;
   }
 
-  private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
+  private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
 	  MOASP moasp = authgeneral.getMOASP();
 	  
 	  if (moasp == null) {
@@ -897,4 +939,5 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	  }
 	  return moasp;
   }
+
 }
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 60e510de2..2748d74a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
@@ -54,6 +55,7 @@ public class PVPAttributeBuilder {
 		addBuilder(new EIDCitizenQAALevelAttributeBuilder());
 		addBuilder(new EIDIssuingNationAttributeBuilder());
 		addBuilder(new EIDSectorForIDAttributeBuilder());
+		addBuilder(new EIDIdentityLinkBuilder());
 		
 		// Mandate Attributes
 		addBuilder(new MandateTypeAttributeBuilder());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
new file mode 100644
index 000000000..19f89d6e7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.io.IOException;
+
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+public class EIDIdentityLinkBuilder extends BaseAttributeBuilder {
+
+	public String getName() {
+		return EID_IDENTITY_LINK_NAME;
+	}
+
+	public Attribute build(AuthenticationSession authSession,
+			OAAuthParameter oaParam, AuthenticationData authData)
+			throws PVP2Exception {
+		try {
+			String ilAssertion = null;
+			if (oaParam.getBusinessService()) {
+			
+				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+						
+				Element resignedilAssertion;
+
+				resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
+							.getSamlAssertion());
+				
+				ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+				
+			} else
+				ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
+		
+		
+			return buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+					EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes()));
+			
+		} catch (MOAIDException e) {
+			Logger.warn("IdentityLink serialization error.", e);
+			return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+					EID_IDENTITY_LINK_NAME);
+		} catch (TransformerException e) {
+			Logger.warn("IdentityLink serialization error.", e);
+			return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+					EID_IDENTITY_LINK_NAME);
+		} catch (IOException e) {
+			Logger.warn("IdentityLink serialization error.", e);
+			return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+					EID_IDENTITY_LINK_NAME);
+		}
+		
+	}
+
+	public Attribute buildEmpty() {
+		return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+				EID_IDENTITY_LINK_NAME);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index eaa7e88af..aa8061506 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -18,7 +18,7 @@ public class MandateNaturalPersonSourcePinAttributeBuilder extends
 		BaseAttributeBuilder {
 
 	public String getName() {
-		return MANDATE_NAT_PER_SOURCE_PIN_OID;
+		return MANDATE_NAT_PER_SOURCE_PIN_NAME;
 	}
 
 	public Attribute build(AuthenticationSession authSession,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 7b8f59dd2..6ef2f5fa5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -18,7 +18,7 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends
 		BaseAttributeBuilder {
 
 	public String getName() {
-		return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+		return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME;
 	}
 
 	public Attribute build(AuthenticationSession authSession,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index ee0b4e7e2..76757e28e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -196,7 +196,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 			//set IdentityLink for assortion
 			String ilAssertion = "";
 			if (saml1parameter.isProvideIdentityLink()) {		
-				if (session.getBusinessService()) {
+				if (oaParam.getBusinessService()) {
 					IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
 					
 					Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
@@ -247,6 +247,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 									case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
 										replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
 										break;
+									case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
+										break;
 									default:
 										Logger
 												.info("Invalid return value from method \"getAddToAUTHBlock()\" ("
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
new file mode 100644
index 000000000..da44a3905
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -0,0 +1,169 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureCreationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class IdentityLinkReSigner {
+
+	private static IdentityLinkReSigner instance;
+	
+	public static IdentityLinkReSigner getInstance() {
+		if (instance == null) {
+			instance = new IdentityLinkReSigner();
+		}
+		return instance;
+	}
+	
+	public Element resignIdentityLink(Element idl) throws MOAIDException {
+		
+		try {
+			AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+						
+			if (config.isIdentityLinkResigning()) {
+				
+				if (idl == null) {
+					Logger.warn("IdentityLink is empty");
+					return null;
+					
+				} else {
+					 NodeList signatures = idl.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+					 Node signature = signatures.item(0);				 
+					 Node parent = signature.getParentNode();
+					 parent.removeChild(signature);
+				}
+				
+				SPSSFactory spssFac = SPSSFactory.getInstance();
+				
+				String keyGroupId = config.getIdentityLinkResigningKey();
+				if (MiscUtil.isEmpty(keyGroupId)) {
+					Logger.warn("No IdentityLink reSigning-Key definded");
+					throw new MOAIDException("config.19", new Object[]{});
+				}
+				
+				MetaInfo mi = spssFac.createMetaInfo("text/xml", null, null, null);
+							
+				Transform envelopedSignatureTransform = spssFac.createEnvelopedSignatureTransform();
+				List<Transform> transformsList = new ArrayList<Transform>();
+				transformsList.add(envelopedSignatureTransform);
+				
+				CreateTransformsInfo ct = spssFac.createCreateTransformsInfo(transformsList, mi);
+				CreateTransformsInfoProfile ctip = spssFac.createCreateTransformsInfoProfile(ct, null); 
+				
+				Content content = spssFac.createContent("");
+				DataObjectInfo doi = spssFac.createDataObjectInfo(DataObjectInfo.STRUCTURE_DETACHED, false, content, ctip);
+				
+			    // create signature environment
+			    HashMap<String, String> nsMap = new HashMap<String, String>(); 
+			    nsMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+				nsMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+				nsMap.put(Constants.PD_PREFIX, Constants.PD_NS_URI);
+			    
+			    CreateSignatureLocation csl = spssFac.createCreateSignatureLocation("/" + Constants.SAML_PREFIX + ":" + "Assertion", -1, nsMap);
+			    CreateSignatureEnvironmentProfile csep = spssFac.createCreateSignatureEnvironmentProfile(csl, null);
+
+				
+				InputStream serializedIdl = new ByteArrayInputStream(DOMUtils.serializeNode(idl).getBytes());
+				
+			    Content confirmationContent = spssFac.createContent(serializedIdl, null);
+			    CreateSignatureInfo csi = spssFac.createCreateSignatureInfo(confirmationContent, csep);
+				
+			    List<DataObjectInfo> dataobjectinfoList = new ArrayList<DataObjectInfo>();
+			    dataobjectinfoList.add(doi);
+			    SingleSignatureInfo ssi = spssFac.createSingleSignatureInfo(dataobjectinfoList, csi, false);
+
+			    
+			    List<SingleSignatureInfo> singlesignatureinfolist = new ArrayList<SingleSignatureInfo>();
+			    singlesignatureinfolist.add(ssi);
+			    
+			    CreateXMLSignatureRequest cxsreq = spssFac.createCreateXMLSignatureRequest(keyGroupId, singlesignatureinfolist);
+			    
+			    
+			    // signature creation service
+			    SignatureCreationService scs = SignatureCreationService.getInstance();
+			    CreateXMLSignatureResponse cxresp;
+			    Logger.info("Creating MOA-SS signature");
+			    cxresp = scs.createXMLSignature(cxsreq);
+			
+			    // evaluate response
+			    List<Object> elements = cxresp.getResponseElements();
+			    
+			    if (elements.get(0) instanceof ErrorResponse) {
+			    	ErrorResponse errResponse = (ErrorResponse) elements.get(0);
+				    Logger.warn("Error while calling MOA-SS: " + errResponse.getErrorCode() + " / " + errResponse.getInfo());
+			    	throw new MOAIDException("builder.04", new Object[]{errResponse.getErrorCode(), errResponse.getInfo()});
+			    	
+			    } else if (elements.get(0) instanceof SignatureEnvironmentResponse) {
+			    	 Logger.debug("Successfully created signature.");
+				     SignatureEnvironmentResponse ser = (SignatureEnvironmentResponse) elements.get(0);
+				     int responseType = ser.getResponseType();
+				     if (responseType == SignatureEnvironmentResponse.ERROR_RESPONSE) {
+				    	 Logger.warn("Allgemeiner Fehler beim Aufruf von MOA-SS: Unbekannter ResponseType von MOA-SS");
+				    	 throw new MOAIDException("builder.05", new Object[]{});
+				    	 
+				     } else {
+				    	 return ser.getSignatureEnvironment();
+				     }
+			    	
+			    } else {
+			    	Logger.warn("Allgemeiner Fehler beim Aufruf von MOA-SS: Unbekannter ResponseType von MOA-SS");
+			    	throw new MOAIDException("builder.05", new Object[]{});
+			    }
+			    				
+			} else 
+				return idl;
+						
+		} catch (ConfigurationException e) {
+			Logger.warn("Configuration can not be loaded", e);
+			throw new MOAIDException("config.18", new Object[]{});
+			
+		} catch (TransformerException e) {
+			Logger.warn("IdentityLink serialization error.", e);
+			throw new MOAIDException("builder.05", new Object[]{});
+			
+		} catch (IOException e) {
+			Logger.warn("IdentityLink I/O error.", e);
+			throw new MOAIDException("builder.05", new Object[]{});
+			
+		} catch (MOAException e) {
+			Logger.warn("General IdentityLink signing error.", e);
+			throw new MOAIDException("builder.05", new Object[]{});
+			
+		}		
+	}
+	
+}