store additional information for Single LogOut in database

19 files changed, 269 insertions, 48 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
new file mode 100644
index 000000000..971222b67
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationImpl implements SLOInformationInterface {
+
+	
+	private String sessionIndex = null;
+	private String nameID = null;
+	private String protocolType = null;
+	
+	public SLOInformationImpl(String sessionID, String nameID, String protocolType) {
+		this.sessionIndex = sessionID;
+		this.nameID = nameID;
+		this.protocolType = protocolType;
+				
+	}
+	
+	
+	/**
+	 * 
+	 */
+	public SLOInformationImpl() {
+		
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
+	 */
+	@Override
+	public String getSessionIndex() {
+		return sessionIndex;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
+	 */
+	@Override
+	public String getUserNameIdentifier() {
+		return nameID;
+		
+	}
+
+
+	/**
+	 * @param sessionIndex the sessionIndex to set
+	 */
+	public void setSessionIndex(String sessionIndex) {
+		this.sessionIndex = sessionIndex;
+	}
+
+
+	/**
+	 * @param nameID the nameID to set
+	 */
+	public void setUserNameIdentifier(String nameID) {
+		this.nameID = nameID;
+	}
+
+	
+
+	/**
+	 * @param protocolType the protocolType to set
+	 */
+	public void setProtocolType(String protocolType) {
+		this.protocolType = protocolType;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
+	 */
+	@Override
+	public String getProtocolType() {
+		return protocolType;
+	}
+	
+	
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
new file mode 100644
index 000000000..7290665e9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface SLOInformationInterface {
+	
+
+	/**
+	 * get AssertionID which was used for Service Provider Single LogOut request 
+	 * 
+	 * @return
+	 * SessionID (SessionIndex in case of SAML2)
+	 */
+	public String getSessionIndex();
+	
+	/**
+	 * get user identifier which was used
+	 * 
+	 * @return
+	 * bPK / wbPK (nameID in case of SAML2)
+	 */
+	public String getUserNameIdentifier();
+	
+	
+	/**
+	 * get protocol type which was used for authentication
+	 * 
+	 * @return
+	 * return authentication protocol type
+	 */
+	public String getProtocolType();
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 480deb867..9fb2c7a69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
@@ -408,7 +409,7 @@ public class DispatcherServlet extends AuthServlet{
 
 				}
 		
-				String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
+				SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
 
 				RequestStorage.removePendingRequest(protocolRequestID);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index 9a3d3986b..a2843d026 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -28,9 +28,10 @@ import javax.servlet.http.HttpServletResponse;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 
 public interface IAction extends MOAIDAuthConstants {
-	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) 
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) 
 			throws MOAIDException;
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index d60b8c230..3cc12ff98 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -37,6 +37,8 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
@@ -57,7 +59,7 @@ import at.gv.egovernment.moa.logging.Logger;
 
 class OAuth20AuthAction implements IAction {
 	
-	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
 			AuthenticationSession moasession) throws MOAIDException {
 		
 		OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;		
@@ -100,7 +102,11 @@ class OAuth20AuthAction implements IAction {
 			httpResp.addHeader("Location", finalUrl);
 			Logger.debug("REDIRECT TO: " + finalUrl.toString());
 			
-			return accessToken;
+			
+			//TODO: maybe add bPK / wbPK to SLO information
+			SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, req.requestedModule());
+			
+			return sloInformation;
 		}
 		catch (Exception e) {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 3f6c148eb..be320271a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
@@ -42,7 +43,7 @@ import com.google.gson.JsonObject;
 
 class OAuth20TokenAction implements IAction {
 	
-	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
 			AuthenticationSession moasession) throws MOAIDException {
 		
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 10618071a..1221e7234 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -27,17 +27,24 @@ import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
 
 public class AuthenticationAction implements IAction {
 
-	public String processRequest(IRequest req, HttpServletRequest httpReq,
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 		
 		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
-		return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+		SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+
+		//set protocol type
+		sloInformation.setProtocolType(req.requestedModule());
+		
+		return sloInformation;
 	}
 
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 99cba3277..a29728245 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -57,6 +57,7 @@ import org.w3c.dom.Document;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -69,7 +70,7 @@ public class MetadataAction implements IAction {
 
 	private static final int VALIDUNTIL_IN_HOURS = 24;
 		
-	public String processRequest(IRequest req, HttpServletRequest httpReq,
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 		try {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 9def5d22c..def0d9b80 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -53,7 +53,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.w3c.dom.Element;
 
-import edu.emory.mathcs.backport.java.util.Arrays;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
@@ -66,12 +65,10 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
@@ -86,7 +83,8 @@ import at.gv.egovernment.moa.util.Constants;
 
 public class PVP2AssertionBuilder implements PVPConstants {
 	public static Assertion buildAssertion(AuthnRequest authnRequest,
-			AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService)
+			AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, 
+			AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
 			throws MOAIDException {
 		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
 
@@ -158,10 +156,10 @@ public class PVP2AssertionBuilder implements PVPConstants {
 
 		AuthnStatement authnStatement = SAML2Utils
 				.createSAMLObject(AuthnStatement.class);
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
+		
+		String sessionIndex = SAML2Utils.getSecureIdentifier();
 		authnStatement.setAuthnInstant(date);
-		// currently dummy id ...
-		authnStatement.setSessionIndex(remoteSessionID);
+		authnStatement.setSessionIndex(sessionIndex);
 		authnStatement.setAuthnContext(authnContext);
 
 		assertion.getAuthnStatements().add(authnStatement);
@@ -338,7 +336,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		
 		
 		subject.setNameID(subjectNameID);
-
+		
 		SubjectConfirmation subjectConfirmation = SAML2Utils
 				.createSAMLObject(SubjectConfirmation.class);
 		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
@@ -378,6 +376,10 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		assertion.setID(SAML2Utils.getSecureIdentifier());
 		assertion.setIssueInstant(date);
 
+		//set SLO information
+		sloInformation.setUserNameIdentifier(subjectNameID.getValue());
+		sloInformation.setSessionIndex(sessionIndex);
+		
 		return assertion;
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index 04ef4cdbf..f5fc01b2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -32,6 +32,7 @@ import org.opensaml.saml2.core.ArtifactResponse;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
@@ -45,7 +46,7 @@ public class ArtifactResolution implements IRequestHandler {
 		return (obj.getSamlRequest() instanceof ArtifactResolve);
 	}
 
-	public String process(MOARequest obj, HttpServletRequest req,
+	public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
 		if (!handleObject(obj)) {
 			throw new MOAIDException("pvp2.13", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index fd7ff9885..0e4cd679b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -59,6 +59,8 @@ import org.opensaml.xml.security.x509.X509Credential;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
@@ -80,7 +82,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		return (obj.getSamlRequest() instanceof AuthnRequest);
 	}
 
-	public String process(MOARequest obj, HttpServletRequest req,
+	public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
 		if (!handleObject(obj)) {
 			throw new MOAIDException("pvp2.13", null);
@@ -113,8 +115,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		
 		DateTime date = new DateTime();
 		
+		SLOInformationImpl sloInformation = new SLOInformationImpl();
+		
 		//build Assertion
-		Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date, consumerService);
+		Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, 
+				peerEntity, date, consumerService, sloInformation);
 		
 		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
 
@@ -226,8 +231,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 //			Logger logger = new Logger();
 //			logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse)));
 			
-
-			return assertion.getID();
+			
+			return sloInformation;
 			
 		} catch (MessageEncodingException e) {
 			Logger.error("Message Encoding exception", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 92a47adb3..6c4f460f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -27,11 +27,12 @@ import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
 
 public interface IRequestHandler {
 	public boolean handleObject(MOARequest obj);
 
-	public String process(MOARequest obj, HttpServletRequest req,
+	public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index a4f43a97a..264802f09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
 
@@ -53,7 +54,7 @@ public class RequestManager {
 		handler.add(new ArtifactResolution());
 	}
 	
-	public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) 
+	public SLOInformationInterface handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) 
 			throws SAMLRequestNotSupported, MOAIDException {
 		Iterator<IRequestHandler> it = handler.iterator();
 		while(it.hasNext()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index c337433b6..587ca04e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -37,6 +37,8 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -46,7 +48,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 
 public class GetArtifactAction implements IAction {
 
-	public String processRequest(IRequest req, HttpServletRequest httpReq,
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
 			
 		String oaURL = (String) req.getOAURL();
@@ -122,7 +124,10 @@ public class GetArtifactAction implements IAction {
 				Logger.debug("REDIRECT TO: " + redirectURL);
 			}
 
-			return authData.getAssertionID();
+			SLOInformationInterface sloInformation = 
+					new SLOInformationImpl(authData.getAssertionID(), null, req.requestedModule());
+			
+			return sloInformation;
 			
 		} catch (Exception ex) {
 			Logger.error("SAML1 Assertion build error", ex);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1d9e31674..20351749b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -1,6 +1,5 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
-import java.io.StringWriter;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -10,20 +9,15 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PEPSUtil;
 import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 
 import javax.servlet.http.HttpServletRequest;
@@ -47,7 +41,7 @@ public class AttributeCollector implements IAction {
     /* (non-Javadoc)
      * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
      */
-    public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+    public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 
 		// - fetch the container
 		String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -87,7 +81,14 @@ public class AttributeCollector implements IAction {
         addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
 
         // see if we need some more attributes
-        return processRequest(container, httpReq, httpResp, moasession, oaParam);
+        SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, moasession, oaParam);
+        
+        if (sloInfo == null) {
+        	sloInfo = new SLOInformationImpl(null, null, req.requestedModule());
+        }
+        
+        return sloInfo;
+        
     }
 
     /**
@@ -98,7 +99,7 @@ public class AttributeCollector implements IAction {
      * @return the string
      * @throws MOAIDException
      */
-    public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
+    public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
         // check if there are attributes we need to fetch
 
         IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
@@ -158,7 +159,7 @@ public class AttributeCollector implements IAction {
             else
             	new ConsentEvaluator().generateSTORKResponse(response, container);
 
-            return "12345"; // AssertionId
+            return null; // AssertionId
 
         } catch (ExternalAttributeRequestRequiredException e) {
             // the attribute request is ongoing and requires an external service.
@@ -185,7 +186,8 @@ public class AttributeCollector implements IAction {
                 throw new MOAIDException("stork.11", null);
             }
 
-            return "12345"; // TODO what to do here?
+            //TODO: in case of Single LogOut -> SLO information has to be stored
+            return null; // TODO what to do here?
         }
     }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 5e49fe413..7269e361c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -5,6 +5,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -37,7 +38,7 @@ public class AuthenticationRequest implements IAction {
     private MOASTORKRequest moaStorkRequest = null;
 
 
-    public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+    public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 
         this.moaSession = moasession;
 
@@ -113,6 +114,7 @@ public class AuthenticationRequest implements IAction {
 
             Logger.debug("Data container prepared");
 
+            //TODO: in case of Single LogOut -> SLO information has to be stored
             return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
         } else {
             Logger.error("Could not recognize request.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 9a3376e4c..a08872029 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -8,6 +8,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -40,7 +41,7 @@ public class ConsentEvaluator implements IAction {
     /* (non-Javadoc)
      * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
      */
-    public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+    public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 
 		// - fetch the container
 		String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -64,7 +65,7 @@ public class ConsentEvaluator implements IAction {
         // build and send response
         generateSTORKResponse(httpResp, container);
         
-        return "12345"; // AssertionId
+        return null; // AssertionId
     }
 
 	/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 3bd1686b4..dea74aa75 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.protocols.stork2;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
@@ -13,7 +14,7 @@ import javax.servlet.http.HttpServletResponse;
  *
  */
 public class MandateRetrievalRequest implements IAction {
-    public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+    public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
         Logger.info("Entering mandateretrievalrequest");
         return null;  //
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index e6efa0256..27f219452 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
@@ -221,7 +222,7 @@ public class AuthenticationSessionStoreage {
 	}
 
 	public static void addSSOInformation(String moaSessionID, String SSOSessionID, 
-			String assertionID, String OAUrl) throws AuthenticationException {
+			SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException {
 		
 		AuthenticatedSessionStore dbsession;
 		Transaction tx =  null;
@@ -251,13 +252,31 @@ public class AuthenticationSessionStoreage {
 				  }
 				  
 				  dbsession = (AuthenticatedSessionStore) result.get(0);
-				
+								  
+				  OASessionStore activeOA = null;
+				  //check if OA already has an active OA session
+				  if (dbsession.getActiveOAsessions() != null) {
+					for (OASessionStore el : dbsession.getActiveOAsessions()) {
+						if (el.getOaurlprefix().equals(OAUrl))
+							activeOA = el;						
+					}										 
+				  }
+				  
+				  if (activeOA == null)
+					  activeOA = new OASessionStore();
+				  
 				  //set active OA applications
-				  OASessionStore activeOA = new OASessionStore();
 				  activeOA.setOaurlprefix(OAUrl);
 				  activeOA.setMoasession(dbsession);
 				  activeOA.setCreated(new Date());
-				  activeOA.setAssertionSessionID(assertionID);
+				  
+				  //set additional information for SLO
+				  if (SLOInfo != null) {
+					  activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
+					  activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
+					  activeOA.setProtocolType(SLOInfo.getProtocolType());
+					  
+				  }
 				  
 				  List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();				  
 				  activeOAs.add(activeOA);
@@ -286,7 +305,7 @@ public class AuthenticationSessionStoreage {
 					tx.commit();
 					
 					Logger.debug("Add SSO-Session login information for OA: " + OAUrl 
-							+ " and AssertionID: " + assertionID);
+							+ " and AssertionID: " + SLOInfo.getSessionIndex());
 			}
 			
 		} catch (MOADatabaseException e) {