Merge tag 'MOA-ID-3.1.0' into development_preview

JoinUp Release

35 files changed, 3818 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
new file mode 100644
index 000000000..d93d739b1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
+
+/**
+ * @author tlenz
+ *
+ */
+public class Constants {
+
+	public static final String eIDAS_SAML_ENGINE_NAME = "default";
+	public static final String SSLSOCKETFACTORYNAME = "eIDASMetadataSSLSocketFactory";
+		
+	//default keys for eIDAS SAML-engine configuration
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG = "SignatureConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG = "EncryptionConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_CLASS = "class";
+	
+	//default implementations for eIDAS SAML-engine functionality
+	public static final String SAML_SIGNING_IMPLENTATION = "eu.eidas.auth.engine.core.impl.SignSW";
+	public static final String SAML_ENCRYPTION_IMPLENTATION = "at.gv.egovernment.moa.id.auth.modules.eidas.config.ModifiedEncryptionSW";
+	
+	//configuration property keys
+	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";	
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";	
+	public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
+	
+	//timeouts and clock skews
+	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  			//2 minutes skew time for response validation
+	public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000;  	//20 seconds metadata socked timeout
+	public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000;	//remove unused eIDAS metadata after 7 days
+		
+	//eIDAS attribute names
+	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_PERSONIDENTIFIER;
+	public static final String eIDAS_ATTR_DATEOFBIRTH = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH;
+	public static final String eIDAS_ATTR_CURRENTGIVENNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_FIRSTNAME;
+	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_GIVENNAME;
+		
+	//http endpoint descriptions
+	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";	
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/ColleagueRequest";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
+	public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
+	
+	
+	//Event-Codes for Revisionslog
+	public static final int eIDAS_REVERSIONSLOG_METADATA = 3400;
+	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401;
+	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402;
+	public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403;
+	public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
+		
+	//metadata constants
+    public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
+            new HashMap<String, EidasAttributesTypes>(){
+				private static final long serialVersionUID = 1L;
+				{
+                    put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+
+                    //TODO: add additional attributes for eIDAS with mandates
+                    //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+                    //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+                }
+            }
+    );
+    
+    public static final String METADATA_ALLOWED_ALG_DIGIST = 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" + 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512 ;
+    
+    public static final String METADATA_ALLOWED_ALG_SIGN = 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" + 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
+    
+    public static final String METADATA_ALLOWED_ALG_ENCRYPT = 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM + ";" + 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM + ";" + 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM;
+    
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
new file mode 100644
index 000000000..1759a7281
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.config.ConfigurationException;
+import eu.eidas.samlengineconfig.AbstractCertificateConfigurationManager;
+import eu.eidas.samlengineconfig.EngineInstance;
+import eu.eidas.samlengineconfig.SamlEngineConfiguration;
+import eu.eidas.samlengineconfig.impl.SamlEngineConfigurationImpl;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDCertificateManagerConfigurationImpl extends
+		AbstractCertificateConfigurationManager {
+
+    private SamlEngineConfiguration samlEngineConfiguration =null;
+	
+    @Override
+	public boolean isActive() {
+		return true;
+	}
+    
+    /**
+	 * 
+	 */
+	public MOAIDCertificateManagerConfigurationImpl() {
+		try {
+			initalizeConfiguration();
+			
+		} catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
+			Logger.error("eIDAS SAML-engine initialization FAILED", e);
+			
+		}
+	}
+    
+	
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#addConfiguration(java.lang.String, java.lang.String, java.util.Map, boolean)
+	 */
+	@Override
+	public void addConfiguration(String paramString1, String paramString2,
+			Map<String, String> paramMap, boolean paramBoolean) {
+		throw new ConfigurationException("","not yet implemented");
+
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#getInstance(java.lang.String)
+	 */
+	@Override
+	public EngineInstance getInstance(String paramString) {
+		return getConfiguration().get(paramString);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#getConfiguration()
+	 */
+	@Override
+	public Map<String, EngineInstance> getConfiguration() {
+		if(samlEngineConfiguration == null){
+			try {
+				initalizeConfiguration();
+				
+			} catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
+				Logger.error("eIDAS SAML-engine initialization FAILED", e);
+				
+			}
+			
+		}
+		
+		return samlEngineConfiguration==null?new HashMap<String, EngineInstance>():((MOAeIDASSAMLEngineConfigurationImpl) samlEngineConfiguration).getInstanceMap();
+		
+	}
+	
+	
+	/**
+	 * Initialize eIDAS SAML-engine from MOA-ID configuration
+	 * @throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException 
+	 * 
+	 */
+	private void initalizeConfiguration() throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException {
+		//initialize configuration
+		MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl();
+		tmp.initialize();
+				
+		//set initialized configuration
+		samlEngineConfiguration = tmp;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
new file mode 100644
index 000000000..5d1874157
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -0,0 +1,268 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+import eu.eidas.samlengineconfig.BinaryParameter;
+import eu.eidas.samlengineconfig.ConfigurationParameter;
+import eu.eidas.samlengineconfig.EngineInstance;
+import eu.eidas.samlengineconfig.InstanceConfiguration;
+import eu.eidas.samlengineconfig.PropsParameter;
+import eu.eidas.samlengineconfig.SamlEngineConfiguration;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASSAMLEngineConfigurationImpl extends
+		SamlEngineConfiguration {
+	
+    private static final String KEYSTORE_PATH="keystorePath";
+    private static final String METADATA_KEYSTORE_PATH="metadata.keystorePath";
+    private static final String ENCRYPTION_ACTIVATION="encryptionActivation";
+    private static final String[] BINARY_PARAMETERS={KEYSTORE_PATH, ENCRYPTION_ACTIVATION,METADATA_KEYSTORE_PATH};
+		
+    public List<EngineInstance> getInstances(){
+        return super.getInstances();
+    }
+	
+    @Override
+    public void setInstances(List<EngineInstance> engineInstances) {
+        super.setInstances(engineInstances);
+        
+    }
+    
+    public Map<String, EngineInstance> getInstanceMap() {
+        Map<String, EngineInstance> result = new HashMap<String, EngineInstance>();
+        for(EngineInstance instance:getInstances()) {
+        	
+            result.put(instance.getName(), instance);
+        }
+        
+        return result;
+    }
+    
+    //initialize
+    public void initialize() throws ConfigurationException { 
+    	//create an eIDAS SAML-engine instance
+    	EngineInstance engineInst = new EngineInstance();
+    	engineInst.setName(Constants.eIDAS_SAML_ENGINE_NAME);    	    	
+    	List<InstanceConfiguration> engineConfigs = new ArrayList<InstanceConfiguration>();
+		
+    	
+		//add configurations
+		
+		//add basic eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlBaseConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlBaseConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG);				
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE));
+		engineConfigs.add(samlBaseConfig);
+				
+		//add signing eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlSignConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlSignConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG);		
+		samlSignConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS, 
+				Constants.SAML_SIGNING_IMPLENTATION);
+		
+		//TODO: load signing keys directly from MOA-ID configuration in finale version
+		samlSignConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
+		engineConfigs.add(samlSignConfig);
+		
+		//add encryption eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlEncConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlEncConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG);
+		samlEncConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS, 
+				Constants.SAML_ENCRYPTION_IMPLENTATION);
+
+		//TODO: load encryption keys directly from MOA-ID configuration in finale version
+		samlEncConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE));
+		engineConfigs.add(samlEncConfig);
+		
+		engineInst.setConfigurations(engineConfigs);  
+		super.addInstance(engineInst);
+		
+    }
+    
+    /**
+     *	Load an external eIDAS SAML-engine configuration file, which is referenced from MOA-ID configuration
+     * 
+     * @param key Configuration key, which is used in property based MOA-ID configuration file
+     * @return eIDAS SAML-engine configuration object
+     * @throws ConfigurationException
+     */
+        
+    private ConfigurationParameter loadConfigurationFromExternalFile(String key) throws ConfigurationException {
+		String configFile = 
+				AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key);
+		if (MiscUtil.isEmpty(configFile)) {
+			Logger.warn("No eIDAS SAML-engine configuration key: " 
+					+ key + " found in MOA-ID properties configuration file.");
+			//throw new EIDASEngineConfigurationException("No eIDAS SAML-engine configuration property.", null);
+			return null;
+		}
+		
+		Properties inputProps = loadPropsFromXml(configFile);    	
+		return buildPropsParameter(inputProps, configFile);
+    	
+    }
+    
+    
+    private PropsParameter buildPropsParameter(Properties inputProps, String fileName) throws EIDASEngineConfigurationException {
+    	PropsParameter outputProps = new PropsParameter();
+    	outputProps.setFileName(fileName);
+    	
+    	//original eIDAS SAML-engine use this identifier
+    	outputProps.setName("fileConfiguration");
+    	
+    	outputProps.setValue(inputProps);
+
+    	//post-process special parameters
+    	for(String key:BINARY_PARAMETERS) {
+            Object keystorePath = inputProps.get(key);
+            if (keystorePath != null) {
+            	if (keystorePath instanceof String && 
+            			isBinaryParameter((String)keystorePath) ) {
+            		BinaryParameter bp = new BinaryParameter();
+            		bp.setValue(loadBinaryFile(keystorePath.toString()));
+            		bp.setName(key);
+            		bp.setUrl(keystorePath.toString());
+            		inputProps.put(key, bp);
+                
+            	} else {
+            		Logger.warn("eIDAS SAML-engine keyStore parameter has an unsuspected type. +" +
+            				"(Type: " + keystorePath.toString() + ")");
+            	
+            	}
+            }
+        }
+    	
+    	return outputProps;
+    }
+    
+    private boolean isBinaryParameter(String parameter) {
+    	if (MiscUtil.isNotEmpty(parameter)) {
+    		String absoluteConfigFile;
+			try {
+				absoluteConfigFile = FileUtils.makeAbsoluteURL(
+						parameter,
+						AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+				File file = new File(new URL(absoluteConfigFile).toURI());
+	    		return file.exists();
+	    		
+			} catch (ConfigurationException | MalformedURLException | URISyntaxException e) {
+				Logger.warn("Binary eIDAS SAML-engine configuration parameter: " 
+						+ parameter + " is not loadable.");
+				
+			}
+     		
+    	}
+    	
+    	return false;
+        
+    }
+    
+    private byte[] loadBinaryFile(String fileName) throws EIDASEngineConfigurationException{
+    	InputStream is = null;
+    	byte data[]=null;
+    	try {
+    		String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+    				fileName,
+    				AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+    		
+    		File file = new File(new URL(absoluteConfigFile).toURI());
+    		is = new FileInputStream(file);
+    		data=new byte[is.available()];
+            is.read(data);
+    		
+    	} catch (ConfigurationException | URISyntaxException | IOException e) {
+    		throw new EIDASEngineConfigurationException("eIDAS SAML-engine configuration FAILED", null, e);
+    				
+    	} finally {
+    		if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.warn("eIDAS SAML-engine configuration is not closeable.", e);
+					
+				}
+    		
+    	}
+    	
+    	return data;
+        
+    }
+    
+    private Properties loadPropsFromXml(String configFile) throws EIDASEngineConfigurationException {
+    	Properties props = new Properties();
+    	InputStream is = null;
+    	try {
+    		String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+    				configFile,
+    				AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+    		
+    		File file = new File(new URL(absoluteConfigFile).toURI());
+    		is = new FileInputStream(file);
+    		props.loadFromXML(is);
+    		
+    	} catch (ConfigurationException | URISyntaxException | IOException e) {
+    		throw new EIDASEngineConfigurationException("eIDAS SAML-engine configuration FAILED", null, e);
+    				
+    	} finally {
+    		if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.warn("eIDAS SAML-engine configuration is not closeable.", e);
+					
+				}
+    		
+    	}
+    	
+    	return props;
+    	    	
+    }
+    
+    
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
new file mode 100644
index 000000000..dccd39905
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import eu.eidas.samlengineconfig.ConfigurationParameter;
+import eu.eidas.samlengineconfig.InstanceConfiguration;
+import eu.eidas.samlengineconfig.StringParameter;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASSAMLInstanceConfigurationImpl extends
+		InstanceConfiguration {
+
+	public void addParameter(ConfigurationParameter param) {
+		if (param != null) {
+			List<ConfigurationParameter> paramList = super.getParameters();
+			if (paramList == null) {
+				paramList = new ArrayList<ConfigurationParameter>();
+				super.setParameters(paramList);
+			
+			}
+		
+			paramList.add(param);
+		}		
+	}
+	
+	public void addParameter(String key, String value) {
+		StringParameter param = new StringParameter();
+		param.setName(key);
+		param.setValue(value);		
+		addParameter(param);
+		
+	}
+		
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
new file mode 100644
index 000000000..1ba344fd1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -0,0 +1,29 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.core.impl.EncryptionSW;
+
+/**
+ * This encryption module asks the moa configuration on whether to encrypt the response or not. In doubt, encryption is enforced.
+ */
+public class ModifiedEncryptionSW extends EncryptionSW {
+
+	@Override
+	public boolean isEncryptionEnable(String countryCode) {
+		// - encrypt if so configured
+		try {
+			AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
+			Boolean useEncryption = moaconfig.getStorkConfig().getCPEPS(countryCode).isXMLSignatureSupported();
+			Logger.info(useEncryption ? "using encryption" : "do not use encrpytion");
+			return useEncryption;
+		} catch(NullPointerException | ConfigurationException e) {
+			Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption");
+			if(Logger.isDebugEnabled())
+				e.printStackTrace();
+			return true;
+		}
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
new file mode 100644
index 000000000..7b044522c
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthenticationModulImpl implements AuthModule {
+
+	private int priority = 1;
+
+	@Override
+	public int getPriority() {
+		return priority;
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		if (StringUtils.isNotBlank((String) context.get("ccc")) || 
+				StringUtils.isNotBlank((String) context.get("CCC"))) 
+			return "eIDASAuthentication";
+		else
+			return null;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
new file mode 100644
index 000000000..70bd7b3d7
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider {
+
+	@Override
+	public String getName() {
+		return "MOA-ID eIDAS-Authentication SpringResourceProvider";
+	}
+
+	@Override
+	public String[] getPackagesToScan() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Resource[] getResourcesToLoad() {
+		ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_auth.beans.xml", eIDASAuthenticationSpringResourceProvider.class);					
+		
+		return new Resource[] {eIDASAuthConfig};
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
new file mode 100644
index 000000000..16d909331
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
+
+	public eIDASSignalServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + 
+				" with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + 
+				"' and '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + "'.");
+		
+	}
+	
+	@RequestMapping(value = {	"/eidas/sp/post", 
+			 					"/eidas/sp/redirect"
+							}, 
+					method = {RequestMethod.POST, RequestMethod.GET})
+	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+	}
+	
+	@Override
+	/**
+	 * Protocol specific implementation to get the pending-requestID 
+	 * from http request object
+	 * 
+	 * @param request The http Servlet-Request object
+	 * @return The Pending-request id 
+	 * 
+	 */
+	public String getPendingRequestId(HttpServletRequest request) {
+		String sessionId = super.getPendingRequestId(request);
+		
+		try {
+
+			// use SAML2 relayState
+			if (sessionId == null) {
+				sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState"));
+			} else
+				Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
+
+			// take from InResponseTo attribute of SAMLResponse
+//			if (sessionId == null) {
+//				String base64SamlToken = request.getParameter("SAMLResponse");
+//				if (base64SamlToken != null && false) {
+//					byte[] samlToken = Base64Utils.decode(base64SamlToken, false);
+//					Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken));
+//
+//					XPath xPath = XPathFactory.newInstance().newXPath();
+//					SimpleNamespaceContext nsContext = new SimpleNamespaceContext();
+//					nsContext.bindNamespaceUri("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol");
+//					xPath.setNamespaceContext(nsContext);
+//					XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)");
+//					sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING);
+//					sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId));
+//				} else {
+//					Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
+//				}
+//			}
+
+		} catch (Exception e) {
+			Logger.warn("Unable to retrieve moa session id.", e);
+		}
+
+		return sessionId;
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
new file mode 100644
index 000000000..80a2734f2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -0,0 +1,409 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Timer;
+
+import javax.net.ssl.SSLHandshakeException;
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.engine.AbstractSAMLEngine;
+
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing {
+
+	private static MOAeIDASChainingMetadataProvider instance = null;
+	private static Object mutex = new Object();
+	
+	private MetadataProvider internalProvider;
+	private Map<String, Date> lastAccess = null;
+	
+	
+	public static MOAeIDASChainingMetadataProvider getInstance() {
+		if (instance == null) {
+			synchronized (mutex) {
+				if (instance == null) {
+					instance = new MOAeIDASChainingMetadataProvider();
+					MOAGarbageCollector.addModulForGarbageCollection(instance);
+				}
+			}
+		}
+		return instance;
+	}
+	
+	
+	private MOAeIDASChainingMetadataProvider() {
+		internalProvider = new ChainingMetadataProvider();
+		lastAccess = new HashMap<String, Date>();
+				
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+	 */
+	@Override
+	public void runGarbageCollector() {
+		if (!lastAccess.isEmpty()) {
+			Date now = new Date();
+			Date expioredate = new Date(now.getTime() - 
+					Constants.CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT);
+			Logger.debug("Starting eIDAS Metadata garbag collection (Expioredate:" 
+					+ expioredate + ")");
+			
+			List<String> expiredEntities = new ArrayList<String>();
+			
+			Iterator<Entry<String, Date>> lastAccessInterator = lastAccess.entrySet().iterator();
+			while(lastAccessInterator.hasNext()) {
+				Entry<String, Date> element = lastAccessInterator.next();
+				if (element.getValue().before(expioredate)) {
+					Logger.debug("Remove unused eIDAS Metadate: " + element.getKey());
+					expiredEntities.add(element.getKey());
+					
+				}								
+			}
+		
+			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+			boolean isUpdateRequired = false;
+			
+			//get all actually loaded metadata providers
+			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+						
+			if (!expiredEntities.isEmpty()) {										
+				for (String expired : expiredEntities) {
+					if (loadedproviders.containsKey(expired)) {
+						HTTPMetadataProvider provider = loadedproviders.get(expired);
+					
+						//destroy metadata provider
+						provider.destroy();
+					
+						//remove from map
+						loadedproviders.remove(expired);
+						isUpdateRequired = true;
+						
+						/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+						 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+						//chainProvider.removeMetadataProvider(provider);					
+						Logger.info("Remove not used eIDAS MetadataProvider " + expired 
+								+ " after timeout.");
+										
+					} else
+						Logger.warn("eIDAS metadata for EntityID: " + expired 
+								+ " is marked as unsed, but no loaded metadata provider is found.");
+				
+				}			
+			}
+			
+			//check signature of all metadata which are actually loaded
+			List<String> nonValidMetadataProvider = new ArrayList<String>();
+			for (HTTPMetadataProvider provider : loadedproviders.values()) {
+				try {
+					provider.getMetadataFilter().doFilter(provider.getMetadata());
+					
+				} catch (FilterException | MetadataProviderException e) {
+					Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI() 
+						+ " is not valid any more. Reason:" + e.getMessage());
+					if (Logger.isDebugEnabled())
+						Logger.warn("Reason", e);
+
+					nonValidMetadataProvider.add(provider.getMetadataURI());
+										
+				}										
+			}			
+			for (String el : nonValidMetadataProvider) {
+				loadedproviders.remove(el);
+				isUpdateRequired = true;
+				
+			}
+
+			//update chaining metadata-provider if it is required
+			if (isUpdateRequired) {
+				try {
+					synchronized (chainProvider) {
+						chainProvider.setProviders(new ArrayList<MetadataProvider>(loadedproviders.values()));
+				
+						emitChangeEvent();	
+					}
+				
+				} catch (MetadataProviderException e) {
+					Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
+			
+				}
+			}
+		}					
+	}
+	
+	
+	
+	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
+		HTTPMetadataProvider httpProvider = null;
+		Timer timer= null;
+		MOAHttpClient httpClient = null;
+		try {
+			AuthConfiguration authConfig = AuthConfigurationProviderFactory.getInstance();
+			
+			httpClient = new MOAHttpClient();
+			
+			HttpClientParams httpClientParams = new HttpClientParams();
+			httpClientParams.setSoTimeout(Constants.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+			httpClient.setParams(httpClientParams);
+			
+			if (metadataURL.startsWith("https:")) {
+				try {
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							Constants.SSLSOCKETFACTORYNAME, 
+							authConfig.getCertstoreDirectory(), 
+							authConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							authConfig.isTrustmanagerrevoationchecking());
+					
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+				} catch (MOAHttpProtocolSocketFactoryException e) {
+					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+					
+				}
+			}
+			
+			timer = new Timer();
+			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
+					metadataURL);
+			httpProvider.setParserPool(AbstractSAMLEngine.getNewBasicSecuredParserPool());
+			httpProvider.setRequireValidMetadata(true);
+			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+			//httpProvider.setRefreshDelayFactor(0.1F);
+			
+			//add Metadata filters
+			MetadataFilterChain filter = new MetadataFilterChain();
+			filter.addFilter(new MOASPMetadataSignatureFilter(
+					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
+			httpProvider.setMetadataFilter(filter);
+			
+			httpProvider.initialize();
+			
+			return httpProvider;
+						
+		} catch (Throwable e) {			
+			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+				Logger.warn("SSL-Server certificate for metadata " 
+						+ metadataURL + " not trusted.", e);
+				
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+				Logger.warn("Signature verification for metadata" 
+						+ metadataURL + " FAILED.", e);
+			
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+				Logger.warn("Schema validation for metadata " 
+						+ metadataURL + " FAILED.", e);								
+			}
+			
+			Logger.error(
+					"Failed to add Metadata file for "
+							+ metadataURL + "[ "
+							+ e.getMessage() + " ]", e);
+						
+			if (httpProvider != null) {
+				Logger.debug("Destroy failed Metadata provider");
+				httpProvider.destroy();
+			}
+			
+			if (timer != null) {
+				Logger.debug("Destroy Timer.");
+				timer.cancel();
+			}
+
+			
+		}
+		
+		return null;	
+	}
+
+	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+		
+		//make a Map of all actually loaded HTTPMetadataProvider
+		List<MetadataProvider> providers = chainProvider.getProviders();
+		for (MetadataProvider provider : providers) {
+			if (provider instanceof HTTPMetadataProvider) {
+				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+			}
+		}
+		
+		return loadedproviders;		
+	}
+	
+	public boolean refreshMetadataProvider(String metadataURL) {
+		try {
+			if (MiscUtil.isNotEmpty(metadataURL)) {
+				Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
+
+				// check if MetadataProvider is actually loaded
+				if (actuallyLoadedProviders.containsKey(metadataURL)) {
+					actuallyLoadedProviders.get(metadataURL).refresh();						
+					Logger.info("eIDAS metadata for " 
+							+ metadataURL + " is refreshed.");
+					return true;
+					
+				} else {
+					//load new Metadata Provider				
+					ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
+					HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);										
+					chainProvider.addMetadataProvider(newMetadataProvider);
+					
+					emitChangeEvent();
+					Logger.info("eIDAS metadata for " 
+							+ metadataURL + " is added.");
+					return true;
+										
+				}
+														
+			} else
+				Logger.debug("Can not refresh eIDAS metadata: NO eIDAS metadata URL.");
+																								
+		} catch (MetadataProviderException e) {
+			Logger.warn("Refresh eIDAS metadata for " 
+					+ metadataURL + " FAILED.", e);
+			
+		}
+		
+		return false;
+		
+	}
+	
+	
+	public boolean requireValidMetadata() {
+		return internalProvider.requireValidMetadata();
+	}
+
+	public void setRequireValidMetadata(boolean requireValidMetadata) {
+		internalProvider.setRequireValidMetadata(requireValidMetadata);
+	}
+
+	public MetadataFilter getMetadataFilter() {
+		return internalProvider.getMetadataFilter();
+	}
+
+	public void setMetadataFilter(MetadataFilter newFilter)
+			throws MetadataProviderException {
+		internalProvider.setMetadataFilter(newFilter);
+	}
+
+	public XMLObject getMetadata() throws MetadataProviderException {
+		return internalProvider.getMetadata();
+	}
+
+	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
+			throws MetadataProviderException {
+		Logger.warn("eIDAS metadata not support 'EntitiesDescriptor' elements!");		
+		return null;
+		
+	}
+
+	public EntityDescriptor getEntityDescriptor(String entityID)
+			throws MetadataProviderException {
+		EntityDescriptor entityDesc = null;
+		try {
+			entityDesc = internalProvider.getEntityDescriptor(entityID);
+			if (entityDesc == null) {
+				Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
+						+ " Start refreshing process ...");
+				if (refreshMetadataProvider(entityID))
+					entityDesc =  internalProvider.getEntityDescriptor(entityID);
+									
+			} else {
+				if (!entityDesc.isValid())
+					if (refreshMetadataProvider(entityID))
+						entityDesc = internalProvider.getEntityDescriptor(entityID);
+									
+			}
+			
+			
+		} catch (MetadataProviderException e) {
+			Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
+					+ " Start refreshing process ...");
+			if (refreshMetadataProvider(entityID))
+				entityDesc = internalProvider.getEntityDescriptor(entityID);
+			
+		}
+		
+		if (entityDesc != null)
+			lastAccess.put(entityID, new Date());
+		
+		return entityDesc;
+	}
+
+	public List<RoleDescriptor> getRole(String entityID, QName roleName)
+			throws MetadataProviderException {
+		EntityDescriptor entityDesc = getEntityDescriptor(entityID);
+		if (entityDesc != null)
+			return entityDesc.getRoleDescriptors(roleName);
+		
+		else
+			return null;
+	}
+
+	public RoleDescriptor getRole(String entityID, QName roleName,
+			String supportedProtocol) throws MetadataProviderException {
+		EntityDescriptor entityDesc = getEntityDescriptor(entityID);
+		if (entityDesc != null)		
+			return internalProvider.getRole(entityID, roleName, supportedProtocol);
+		
+		else
+			return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+	 */
+	@Override
+	public List<Observer> getObservers() {
+		return ((ChainingMetadataProvider) internalProvider).getObservers();
+	}
+
+	protected void emitChangeEvent() {
+		if ((getObservers() == null) || (getObservers().size() == 0)) {
+			return;
+		}
+
+		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
+		for (ObservableMetadataProvider.Observer observer : tempObserverList)
+			if (observer != null)
+				observer.onEvent(this);
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
new file mode 100644
index 000000000..7537c4d84
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.security.KeyStore;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataProcessorI;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
+
+	private MetadataProvider metadataprovider = null;
+	
+	/**
+	 * 
+	 */
+	public MOAeIDASMetadataProviderDecorator(MetadataProvider metadataprovider) {
+		this.metadataprovider = metadataprovider;
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntityDescriptor getEntityDescriptor(String url)
+			throws SAMLEngineException {		
+		try {
+			return this.metadataprovider.getEntityDescriptor(url);
+			
+		} catch (MetadataProviderException e) {
+			throw new SAMLEngineException("eIDAS Metadata processing FAILED.", e);
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
+	 */
+	@Override
+	public SPSSODescriptor getSPSSODescriptor(String url)
+			throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
+	 */
+	@Override
+	public IDPSSODescriptor getIDPSSODescriptor(String url)
+			throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+
+		//TODO: maybe signature validation is needed on every request
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, KeyStore trustStore)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+    protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
+        for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
+            if(clazz.isInstance(rd)){
+                return (T)rd;
+            }
+        }
+        return null;
+    }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
new file mode 100644
index 000000000..5837d7dbf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
+import eu.eidas.auth.engine.core.eidas.EidasExtensionProcessor;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDAsExtensionProcessor extends EidasExtensionProcessor implements ExtensionProcessorI {
+
+	/**
+	 * Add only eIDAS attributes which are supported by Austrian eIDAS node
+	 * 
+	 */
+    @Override
+    public Set<String> getSupportedAttributes(){
+        Set<String> supportedAttributes=new HashSet<String>( Constants.METADATA_POSSIBLE_ATTRIBUTES.keySet());
+       
+        return supportedAttributes;
+    }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
new file mode 100644
index 000000000..20f18b772
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDASEngineConfigurationException extends ConfigurationException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 * @param wrapped
+	 */
+	public EIDASEngineConfigurationException(String messageId,
+			Object[] parameters, Throwable wrapped) {
+		super(messageId, parameters, wrapped);
+	}
+
+	/**
+	 * @param string
+	 * @param object
+	 */
+	public EIDASEngineConfigurationException(String string, Object[] object) {
+		super(string, object);
+	}
+
+
+
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
new file mode 100644
index 000000000..234c4e038
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDASEngineException extends eIDASException {
+
+	/**
+	 * @param objects 
+	 * @param string
+	 * @param e
+	 */
+	public EIDASEngineException(String msg, Object[] objects, Throwable e) {
+		super(msg, objects, e);
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1559812927427153879L;
+
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+	 */
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
new file mode 100644
index 000000000..b25895eca
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAttributeException extends eIDASException {
+
+	private static final long serialVersionUID = 1L;
+	
+	public eIDASAttributeException(String message) {
+		super("eIDAS.07", new Object[]{message});
+		
+	}
+
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
new file mode 100644
index 000000000..c96af37ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestProcessingException extends eIDASException {
+
+	private String subStatusCode = null;
+	
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1083563877689098041L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
+		super(messageId, parameters);
+		this.subStatusCode = subStatusCode;
+	}
+	
+	public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e );
+	}
+	
+	public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e );
+		this.subStatusCode = subStatusCode;
+	}
+
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.REQUESTER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+		if (MiscUtil.isNotEmpty(subStatusCode))
+			return subStatusCode;
+		
+		else
+			return StatusCode.REQUEST_DENIED_URI;
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
new file mode 100644
index 000000000..2a15ee18a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestValidationException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 4353716509546972267L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+
+	}
+	
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.REQUESTER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.RESOURCE_NOT_RECOGNIZED_URI;
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
new file mode 100644
index 000000000..f42004abc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class eIDASException extends MOAIDException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	
+	public abstract String getStatusCodeFirstLevel();	
+	public abstract String getStatusCodeSecondLevel();
+
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
new file mode 100644
index 000000000..0ffcf11ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseBuildException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 4446851988854996919L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASResponseBuildException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	public eIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+			return StatusCode.AUTHN_FAILED_URI;
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
new file mode 100644
index 000000000..d10ca1c88
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseNotSuccessException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 6145402939313568907L;
+
+	public eIDASResponseNotSuccessException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 * @param e
+	 */
+	public eIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+	 */
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
new file mode 100644
index 000000000..5d7430dd7
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -0,0 +1,162 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.InputStream;
+import java.text.SimpleDateFormat;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Component;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("CreateIdentityLinkTask")
+public class CreateIdentityLinkTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try{
+			defaultTaskInitialization(request, executionContext);
+												
+			//get eIDAS attributes from MOA-Session
+			IPersonalAttributeList eIDASAttributes = moasession.getGenericDataFromSession(
+					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
+					IPersonalAttributeList.class);
+			
+			IdentityLink identityLink = null;
+			
+			//connect SZR-Gateway
+			//TODO: implement SZR-Gateway communication!!!!
+			if(true) {
+								
+				// create fake IdL
+				// - fetch IdL template from resources
+				InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
+				Element idlTemplate = DOMUtils.parseXmlValidating(s);
+
+			    identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
+
+			    // replace data
+	            Element idlassertion = identityLink.getSamlAssertion();
+	            
+	            // - set bpk/wpbk;
+		        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);		        		        
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+		        String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
+		        prIdentification.getFirstChild().setNodeValue(eIdentifier);
+
+		        // - set last name
+		        Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
+				String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
+				prFamilyName.getFirstChild().setNodeValue(familyName);
+
+		        // - set first name
+		        Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
+				String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
+				prGivenName.getFirstChild().setNodeValue(givenName);
+
+		        // - set date of birth
+		        Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
+				String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
+				dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
+				prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
+
+	            identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
+
+	            //resign IDL
+				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+				Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey());
+				identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+				
+			} else {
+				//contact SZR Gateway
+				Logger.debug("Starting connecting SZR Gateway");
+			
+				//TODO:!!!!!!
+				
+			}
+			
+			Logger.debug("SZR communication was successfull");
+
+			if (identityLink == null) {
+				Logger.error("SZR Gateway did not return an identity link.");
+				throw new MOAIDException("stork.10", null);
+			}
+			
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);			
+			moasession.setForeigner(true);
+			moasession.setIdentityLink(identityLink);
+			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
+			
+			//store MOA-session to database
+			authenticatedSessionStorage.storeSession(moasession);
+		
+		} catch (eIDASAttributeException e) {
+			throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
+						
+		} catch (MOAIDException | MOADatabaseException e) {
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+						
+		} catch (Exception e) {
+			Logger.error("IdentityLink generation for foreign person FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+			
+		}
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
new file mode 100644
index 000000000..c82636a8f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -0,0 +1,207 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.StringWriter;
+import java.util.Collection;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EidasLoaCompareType;
+import eu.eidas.auth.commons.EidasLoaLevels;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("GenerateAuthnRequestTask")
+public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		
+		try{						
+			//get service-provider configuration
+			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+
+			// get target country
+			String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
+
+			if (StringUtils.isEmpty(citizenCountryCode)) {
+				// illegal state; task should not have been executed without a selected country
+				throw new AuthenticationException("eIDAS.03", new Object[] { "" });
+			}
+
+			CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
+			if(null == cpeps) {
+				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
+				throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
+			}
+			Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
+			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
+
+			
+			//TODO: switch to entityID
+			revisionsLogger.logEvent(oaConfig, pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
+					metadataUrl);
+			
+			// assemble requested attributes
+			Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
+
+			// - prepare attribute list
+			IPersonalAttributeList pAttList = new PersonalAttributeList();
+
+			// - fill container
+			for (StorkAttribute current : attributesFromConfig) {
+				PersonalAttribute newAttribute = new PersonalAttribute();
+				newAttribute.setName(current.getName());
+
+				boolean globallyMandatory = false;
+				for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
+					if (current.getName().equals(currentGlobalAttribute.getName())) {
+						globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+						break;
+					}
+
+				newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
+				pAttList.add(newAttribute);
+			}
+
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+			//build eIDAS AuthnRequest
+			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+			authnRequest.setProviderName(pendingReq.getAuthURL());
+			authnRequest.setPersonalAttributeList(pAttList);
+			
+			authnRequest.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+			
+			authnRequest.setDestination(destination); 
+			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
+			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
+			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
+			
+			//set correct SPType for this online application
+			if (oaConfig.getBusinessService())
+				authnRequest.setSPType("private");
+			else
+				authnRequest.setSPType(SPType.DEFAULT_VALUE);
+
+			engine.initRequestedAttributes(pAttList);
+			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
+			
+			//encode AuthnRequest
+			byte[] token = authnRequest.getTokenSaml();		
+			String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
+			
+			
+			//send
+	        try {
+	            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+	            Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm");
+	            VelocityContext context = new VelocityContext();
+
+	            String actionType = "SAMLRequest";
+	            context.put(actionType, SAMLRequest);
+	            Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
+
+	            context.put("RelayState", pendingReq.getRequestID());
+	            
+	            Logger.debug("Using assertion consumer url as action: " + destination);
+	            context.put("action", destination);
+
+	            Logger.debug("Starting template merge");
+	            StringWriter writer = new StringWriter();
+
+	            Logger.debug("Doing template merge");
+	            template.merge(context, writer);
+	            Logger.debug("Template merge done");
+
+	            Logger.debug("Sending html content: " + writer.getBuffer().toString());
+
+	            response.setContentType("text/html;charset=UTF-8");
+	            response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+	            revisionsLogger.logEvent(oaConfig, pendingReq, 
+						MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
+						authnRequest.getSamlId());
+	            	        
+	        } catch (Exception e) {
+	            Logger.error("Velocity general error: " + e.getMessage());
+	            throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e);
+	            
+	        }
+
+		}catch (EIDASSAMLEngineException e){
+			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
+			
+		} catch (MOAIDException  e) {
+			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
+			
+		} catch (Exception e) {
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		}
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
new file mode 100644
index 000000000..fae06031a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -0,0 +1,121 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.core.StatusCode;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+
+@Component("ReceiveAuthnResponseTask")
+public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
+
+		try{			
+			//get SAML Response
+			String base64SamlToken = request.getParameter("SAMLResponse");
+			if (MiscUtil.isEmpty(base64SamlToken)) {
+				Logger.warn("No eIDAS SAMLReponse found in http request.");
+				throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null);
+				
+			}
+			
+			//get MOASession
+			defaultTaskInitialization(request, executionContext);
+			
+			//decode SAML response
+			byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);		
+			
+			//get eIDAS SAML-engine
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			
+			//validate SAML token
+			EIDASAuthnResponse samlResp = engine.validateEIDASAuthnResponse(decSamlToken, 
+					request.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME);
+			
+			boolean encryptedResponse=engine.isEncryptedSamlResponse(decSamlToken);
+			if (encryptedResponse) {
+				Logger.info("Received encrypted eIDAS SAML-Response.");
+				//TODO: check if additional decryption operation is required
+				
+			}
+
+			//check response StatusCode
+			if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
+				Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode()
+				+ " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getMessage());
+				throw new eIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getMessage()});
+				
+			}
+			
+			//MOA-ID specific response validation
+			//TODO: implement MOA-ID specific response validation
+			
+			//update MOA-Session data with received information			
+			Logger.debug("Store eIDAS response information into MOA-session.");
+			moasession.setQAALevel(samlResp.getAssuranceLevel());
+						
+			moasession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
+					new MOAPersonalAttributeList(samlResp.getPersonalAttributeList()));
+						
+			moasession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
+					decSamlToken);
+			
+			//set issuer nation as PVP attribute into MOASession
+			moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
+						
+			//store MOA-session to database
+			authenticatedSessionStorage.storeSession(moasession);
+			
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+					samlResp.getSamlId());
+			
+		}catch (EIDASSAMLEngineException e) {
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
+					
+		} catch (MOADatabaseException e) {
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
+					new MOAIDException("init.04", new Object[]{""}, e));
+			
+		} catch (Exception e) {
+			Logger.error("eIDAS Response processing FAILED.", e);
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), 
+					new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e));
+			
+		}	
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
new file mode 100644
index 000000000..573163af0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAOrderedAttributeIterator  implements Iterator<PersonalAttribute> {
+	
+    private MOAPersonalAttributeList pal;
+    private Iterator<String> keyIterator;
+
+    public MOAOrderedAttributeIterator(MOAPersonalAttributeList palArg) {
+        this.pal = palArg;
+        keyIterator = palArg.getInsertOrder().iterator();
+    }
+
+    @Override
+    public boolean hasNext() {
+        return keyIterator.hasNext();
+    }
+
+    @Override
+    public PersonalAttribute next() {
+        if (!hasNext()) {
+            throw new NoSuchElementException();
+        }
+        return pal.get(keyIterator.next());
+    }
+
+    @Override
+    public void remove() {
+        Logger.error("Not implemented");
+    }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
new file mode 100644
index 000000000..5cc100b70
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
@@ -0,0 +1,343 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.auth.commons.AttributeConstants;
+import eu.eidas.auth.commons.AttributeUtil;
+import eu.eidas.auth.commons.EIDASErrors;
+import eu.eidas.auth.commons.EIDASParameters;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EIDASValues;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.exceptions.InternalErrorEIDASException;
+
+/**
+ * @author tlenz
+ *
+ */
+public final class MOAPersonalAttributeList extends
+	ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList {
+	
+	 /**
+	 * 
+	 */
+	private static final long serialVersionUID = -4488124133022713089L;
+
+    public MOAPersonalAttributeList(IPersonalAttributeList eIDASAttributeList) {
+    	super();
+    	Iterator<PersonalAttribute> element = eIDASAttributeList.iterator();
+    	while(element.hasNext())
+    		add(element.next());    		
+    	
+    }
+	
+	/**
+     * Hash with the latest fetched attribute name alias.
+     */
+    private Map<String, Integer> latestAttrAlias =
+            new HashMap<String, Integer>();
+
+    /**
+     * Hash with mapping number of alias or the attribute name.
+     */
+    private Map<String, Integer> attrAliasNumber =
+            new HashMap<String, Integer>();
+    private List<String> insertOrder = new ArrayList<String>();
+
+    /**
+     * Obtain the insertOrder Collection
+     *
+     * @return defensive copy of the collection
+     */
+    List<String> getInsertOrder() {
+        return Collections.unmodifiableList(this.insertOrder);
+    }
+
+    /**
+     * Default constructor.
+     */
+    public MOAPersonalAttributeList() {
+        super();
+        
+    }
+    
+    /**
+     * Constructor with initial capacity for the PersonalAttributeList size.
+     *
+     * @param capacity The initial capacity for the PersonalAttributeList.
+     */
+    public MOAPersonalAttributeList(final int capacity) {
+        super(capacity);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Iterator<PersonalAttribute> iterator() {
+        return new MOAOrderedAttributeIterator(this);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PersonalAttribute get(final Object key) {
+        String attrName = (String) key;
+
+        if (this.latestAttrAlias == null)
+        	this.latestAttrAlias = new HashMap<String, Integer>();
+        
+        if (this.attrAliasNumber == null)
+        	this.attrAliasNumber = new HashMap<String, Integer>();
+        
+        if (this.latestAttrAlias.containsKey(key)) {
+            attrName = attrName + this.latestAttrAlias.get(key);
+        } else {
+            if (this.attrAliasNumber.containsKey(key)) {
+                this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key));
+            }
+        }
+        return super.get(attrName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void add(final PersonalAttribute value) {
+        if (value != null) {
+            this.put(value.getName(), value);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PersonalAttribute put(final String key, final PersonalAttribute val) {
+        if (StringUtils.isNotEmpty(key) && val != null) {
+            // Validate if attribute name already exists!
+            String attrAlias = key;
+            if (this.containsKey(attrAlias)) {
+            	if (this.attrAliasNumber == null)
+            		this.attrAliasNumber = new HashMap<String, Integer>();
+                if (!val.isEmptyValue() && StringUtils.isNumeric(val.getValue().get(0))) {
+                    final String attrValue = val.getValue().get(0);
+                    attrAlias = key + attrValue;
+                    this.attrAliasNumber.put(key, Integer.valueOf(attrValue));
+                } else {
+                    final PersonalAttribute attr = super.get(key);
+                    if (!attr.isEmptyValue()
+                            && StringUtils.isNumeric(attr.getValue().get(0))) {
+                        attrAlias = key + attr.getValue().get(0);
+                        super.put(key, (PersonalAttribute) attr);
+                        this.attrAliasNumber.put(key, null);
+                    }
+                }
+            } else {
+            	if (insertOrder == null)
+            		insertOrder = new ArrayList<String>();
+            	
+                insertOrder.add(key);
+            }
+            return super.put(attrAlias, val);
+        } else {
+            return null;
+        }
+    }
+
+    @Override
+    public PersonalAttribute remove(Object key) {
+        insertOrder.remove(key);
+        return super.remove(key);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void populate(final String attrList) {
+        final StringTokenizer strToken =
+                new StringTokenizer(attrList, EIDASValues.ATTRIBUTE_SEP.toString());
+
+        while (strToken.hasMoreTokens()) {
+            final PersonalAttribute persAttr = new PersonalAttribute();
+            String[] tuples =
+                    strToken.nextToken().split(EIDASValues.ATTRIBUTE_TUPLE_SEP.toString(),
+                            AttributeConstants.NUMBER_TUPLES.intValue());
+
+            // Convert to the new format if needed!
+            tuples = convertFormat(tuples);
+
+            if (AttributeUtil.hasValidTuples(tuples)) {
+                final int attrValueIndex =
+                        AttributeConstants.ATTR_VALUE_INDEX.intValue();
+                final String tmpAttrValue =
+                        tuples[attrValueIndex].substring(1,
+                                tuples[attrValueIndex].length() - 1);
+                final String[] vals =
+                        tmpAttrValue.split(EIDASValues.ATTRIBUTE_VALUE_SEP.toString());
+
+                persAttr.setName(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]);
+                persAttr.setIsRequired(Boolean
+                        .valueOf(tuples[AttributeConstants.ATTR_TYPE_INDEX.intValue()]));
+                // check if it is a complex value
+                if (tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]
+                        .equals(EIDASParameters.COMPLEX_ADDRESS_VALUE.toString())) {
+                    persAttr.setComplexValue(createComplexValue(vals));
+                } else {
+                    persAttr.setValue(createValues(vals));
+                }
+
+                if (tuples.length == AttributeConstants.NUMBER_TUPLES.intValue()) {
+                    persAttr.setStatus(tuples[AttributeConstants.ATTR_STATUS_INDEX
+                            .intValue()]);
+                }
+                this.put(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()],
+                        persAttr);
+
+            } else {
+                Logger.info("BUSINESS EXCEPTION : Invalid personal attribute list tuples");
+            }
+
+        }
+    }
+
+  /**
+  * Returns a copy of this <tt>IPersonalAttributeList</tt> instance.
+  *
+  * @return The copy of this IPersonalAttributeList.
+  */
+  public Object clone() {
+      try {
+          MOAPersonalAttributeList theClone= (MOAPersonalAttributeList)super.clone();
+          theClone.insertOrder=new ArrayList<String>(insertOrder);
+          return theClone;
+          
+      } catch (CloneNotSupportedException e) {
+          throw new InternalErrorEIDASException(
+                  EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorCode()),
+                  EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorMessage()), e);
+      }
+  }
+
+  /**
+   * Creates a string in the following format.
+   *
+   * attrName:attrType:[attrValue1,attrValue2=attrComplexValue]:attrStatus;
+   *
+   * @return {@inheritDoc}
+   */
+  @Override
+  public String toString() {
+      final StringBuilder strBuilder = new StringBuilder();
+      final Iterator<String> iteratorInsertOrder = insertOrder.iterator();
+      while (iteratorInsertOrder.hasNext()) {
+          String key = iteratorInsertOrder.next();
+          final PersonalAttribute attr = get(key);
+          strBuilder.append(attr.toString());
+          if (isNumberAlias(key)) {
+              strBuilder.append(get(key).toString());
+          }
+      }
+      return strBuilder.toString();
+  }
+
+    /**
+     * Validates and creates the attribute's complex values.
+     *
+     * @param values The complex values.
+     * @return The {@link Map} with the complex values.
+     * @see Map
+     */
+    private Map<String, String> createComplexValue(final String[] values) {
+        final Map<String, String> complexValue = new HashMap<String, String>();
+        for (final String val : values) {
+            final String[] tVal = val.split("=");
+            if (StringUtils.isNotEmpty(val) && tVal.length == 2) {
+                complexValue.put(tVal[0], AttributeUtil.unescape(tVal[1]));
+            }
+        }
+        return complexValue;
+    }
+
+    /**
+     * Validates and creates the attribute values.
+     *
+     * @param vals The attribute values.
+     * @return The {@link List} with the attribute values.
+     * @see List
+     */
+    private List<String> createValues(final String[] vals) {
+        final List<String> values = new ArrayList<String>();
+        for (final String val : vals) {
+            if (StringUtils.isNotEmpty(val)) {
+                values.add(AttributeUtil.unescape(val));
+            }
+        }
+        return values;
+    }
+
+    //////////////////
+    /**
+     * Converts the attribute tuple (attrName:attrType...) to the new format.
+     *
+     * @param tuples The attribute tuples to convert.
+     * @return The attribute tuples in the new format.
+     */
+    private String[] convertFormat(final String[] tuples) {
+        final String[] newFormatTuples =
+                new String[AttributeConstants.NUMBER_TUPLES.intValue()];
+        if (tuples != null) {
+            System.arraycopy(tuples, 0, newFormatTuples, 0, tuples.length);
+
+            for (int i = tuples.length; i < newFormatTuples.length; i++) {
+                if (i == AttributeConstants.ATTR_VALUE_INDEX.intValue()) {
+                    newFormatTuples[i] = "[]";
+                } else {
+                    newFormatTuples[i] = "";
+                }
+            }
+        }
+        return newFormatTuples;
+    }
+
+    public boolean isNumberAlias(String key) {
+        return this.attrAliasNumber.containsKey(key);
+    }
+	
+	
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
new file mode 100644
index 000000000..eeb8305cf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDAsExtensionProcessor;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+import eu.eidas.samlengineconfig.CertificateConfigurationManager;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SAMLEngineUtils {
+
+	private static EIDASSAMLEngine eIDASEngine = null;
+	
+	public static synchronized EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+		
+		if (eIDASEngine == null) {
+			try {
+				//get eIDAS SAMLengine configuration from MOA-ID configuration
+				CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+				
+				//initial eIDAS SAMLengine
+				EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
+							configManager);
+	
+				//set metadata management to eIDAS SAMLengine
+				engine.setMetadataProcessor(
+						new MOAeIDASMetadataProviderDecorator(
+								MOAeIDASChainingMetadataProvider.getInstance()));
+	
+				//set MOA specific extension processor 
+				ExtensionProcessorI extensionProcessor = new MOAeIDAsExtensionProcessor();
+				engine.setExtensionProcessor(extensionProcessor);
+				
+				eIDASEngine = engine;
+				
+			} catch (EIDASSAMLEngineException e) {
+				Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+				throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
+				
+			}
+		}
+		
+		return eIDASEngine;
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
new file mode 100644
index 000000000..563c3a18c
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -0,0 +1,108 @@
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.util.Collection;
+
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+
+@Component("EIDASData")
+@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
+public class EIDASData extends RequestImpl {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 8765755670214923910L;
+	
+	/** The attributes requested by the eIDaS. */
+	private MOAPersonalAttributeList attributes;
+
+	/** The incoming eIDaS SAML2 AuthnRequest. */
+	private EIDASAuthnRequest authnRequest;
+
+	/** The ip address of the requester. */
+	private String remoteIPAddress;
+
+	private String remoteRelayState;
+
+	@Override
+	public Collection<String> getRequestedAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+	
+	/**
+	 * Gets the eidas requested attributes.
+	 *
+	 * @return the requested attributes
+	 */
+	public MOAPersonalAttributeList getEidasRequestedAttributes() {
+		return (MOAPersonalAttributeList) attributes.clone();
+	}
+
+	/**
+	 * Sets the eidas requested attributes.
+	 *
+	 * @param personalAttributeList the requested attributes
+	 */
+	public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
+		attributes = personalAttributeList;
+	}
+
+	/**
+	 * Gets the eidas request.
+	 *
+	 * @return the eidas request
+	 */
+	public EIDASAuthnRequest getEidasRequest() {
+		return authnRequest;
+	}
+	
+	/**
+	 * Sets the eidas request.
+	 *
+	 * @param request the new eidas request
+	 */
+	public void setEidasRequest(EIDASAuthnRequest request) {
+		authnRequest = request;  
+	}
+
+	/**
+	 * Gets the remote address.
+	 *
+	 * @return the remote address
+	 */
+	public String getRemoteAddress() {
+		return remoteIPAddress;
+	}
+	
+	/**
+	 * Sets the remote address.
+	 *
+	 * @param remoteIP the new remote address
+	 */
+	public void setRemoteAddress(String remoteIP) {
+		remoteIPAddress = remoteIP;
+	}
+
+	/**
+	 * Gets the remote relay state.
+	 *
+	 * @return the remote relay state
+	 */
+	public String getRemoteRelayState() {
+		return remoteRelayState;
+	}
+
+	/**
+	 * Sets the remote relay state.
+	 *
+	 * @param relayState the new remote relay state
+	 */
+	public void setRemoteRelayState(String relayState) {
+		remoteRelayState = relayState;
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
new file mode 100644
index 000000000..24134f1d9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -0,0 +1,339 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+
+/**
+ * eIDAS Protocol Support for outbound authentication and metadata generation
+ *
+ * @author tlenz
+ */
+@Controller
+public class EIDASProtocol extends AbstractAuthProtocolModulController {
+
+    public static final String NAME = EIDASProtocol.class.getName();
+    public static final String PATH = "eidas";
+
+	public EIDASProtocol() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + 
+				" with mappings '" + Constants.eIDAS_HTTP_ENDPOINT_METADATA + 
+				"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST + 
+				"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +"'.");
+	
+	}
+    
+    public String getName() {
+        return NAME;
+    }
+
+    public String getPath() {
+        return PATH;
+    }
+
+	//eIDAS metadata end-point
+	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
+	public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+		
+		//create pendingRequest object
+		EIDASData pendingReq = applicationContext.getBean(EIDASData.class);
+		pendingReq.initialize(req);
+		pendingReq.setModule(NAME);
+		pendingReq.setNeedAuthentication(false);
+		pendingReq.setAuthenticated(false);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+
+		EidasMetaDataRequest metadataAction = applicationContext.getBean(EidasMetaDataRequest.class);
+		metadataAction.processRequest(pendingReq, 
+				req, resp, null);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				Constants.eIDAS_REVERSIONSLOG_METADATA);
+	}
+    
+	
+	//PVP2.x IDP POST-Binding end-point
+	@RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST})
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+		
+		//create pending-request object
+		EIDASData pendingReq = applicationContext.getBean(EIDASData.class);
+		pendingReq.initialize(req);
+		pendingReq.setModule(NAME);
+		
+		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+		revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+		//preProcess eIDAS request
+		preProcess(req, resp, pendingReq);
+		
+		revisionsLogger.logEvent(pendingReq, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+		
+		//AuthnRequest needs authentication
+		pendingReq.setNeedAuthentication(true);
+
+		//set protocol action, which should be executed after authentication
+		pendingReq.setAction(eIDASAuthenticationRequest.class.getName());
+		
+		//switch to session authentication
+		performAuthentication(req, resp, pendingReq);
+	}
+    
+    /*
+        First request step - send it to BKU selection for user authentication. After the user credentials
+        and other info are obtained, in the second step the request will be processed and the user redirected
+         */
+    private void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
+
+        Logger.info("received an eIDaS request");
+
+		//get SAML Response and decode it
+		String base64SamlToken = request.getParameter("SAMLRequest");
+		if (MiscUtil.isEmpty(base64SamlToken)) {
+			Logger.warn("No eIDAS SAMLRequest found in http request.");
+			throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
+		}						
+		byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);	
+
+		try {
+			//get eIDAS SAML-engine
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+			//validate SAML token
+			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+
+			// - memorize remote ip
+			pendingReq.setRemoteAddress(request.getRemoteAddr());
+			
+			// - memorize relaystate
+			String relayState = request.getParameter("RelayState");
+			pendingReq.setRemoteRelayState(relayState);
+
+			// - memorize country code of target country
+			pendingReq.setGenericDataToSession(
+					RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
+			
+			// - memorize requested attributes
+			pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+
+			// - memorize whole request
+			samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+			pendingReq.setEidasRequest(samlReq);
+			
+			//validate destination against metadata 
+			String reqDestination = samlReq.getDestination();
+			if (MiscUtil.isNotEmpty(reqDestination)) {
+				boolean isValid = false;
+				List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance())
+						.getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices();
+				
+				for (AssertionConsumerService el : allowedAssertionConsumerUrl) {
+					if (reqDestination.equals(el.getLocation()))
+						isValid = true;
+					
+				}
+				
+				if (!isValid) {
+					Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+					throw new eIDASAuthnRequestValidationException("stork.01", 
+							new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+				}
+				
+			}
+			
+			
+			// - memorize OA url
+			pendingReq.setOAURL(samlReq.getIssuer());
+	
+			// - memorize OA config
+			IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
+			if (oaConfig == null)
+				throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+			
+			pendingReq.setOnlineApplicationConfiguration(oaConfig);
+
+			String spType = samlReq.getSPType();
+			if (MiscUtil.isEmpty(spType)) {
+				Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
+				//TODO: maybe implement this if required
+							
+			}
+
+			Logger.debug("eIDAS request has SPType:" + spType);
+					
+		} catch (MOAIDException e) {
+			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+			throw e;
+					
+		} catch (EIDASSAMLEngineException e) {
+			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+			throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+			
+		} catch(Exception e) {
+			Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
+			throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+			
+		}
+    }
+
+    public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) throws Throwable {
+        if (pendingReq != null && pendingReq instanceof EIDASData) {
+        	EIDASData eidasReq = (EIDASData) pendingReq;
+        	if (eidasReq.getEidasRequest() == null) {
+        		Logger.info("Can not build eIDAS ErrorResponse. No eIDAS AuthnRequest found.");
+        		return false;
+        	}
+        	
+        	try {
+        		EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
+        		eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+        	     		
+        		if (e instanceof eIDASException) {
+        			eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
+        			eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		} else if (e instanceof MOAIDException ) {
+        			eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+        			eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		} else {
+        			eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+        			eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		}
+     		
+        		
+        		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+        		
+        		if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
+    				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+    						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
+    						engine, 
+    						eidasReq.getEidasRequest());
+    				eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+    				
+    			}        		
+        		//get eIDAS SAML-engine
+        		
+        		eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp, 
+        				eidasReq.getRemoteAddress(), true);
+        		
+        		String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+     		
+                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+                VelocityContext context = new VelocityContext();
+
+                context.put("RelayState", eidasReq.getRemoteRelayState());
+
+                context.put("SAMLResponse", token);
+                Logger.debug("SAMLResponse original: " + token);
+
+                Logger.debug("Putting assertion consumer url as action: " + eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+                context.put("action", eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+                Logger.trace("Starting template merge");
+                StringWriter writer = new StringWriter();
+
+                Logger.trace("Doing template merge");
+                template.merge(context, writer);
+                Logger.trace("Template merge done");
+
+                Logger.trace("Sending html content  : " + new String(writer.getBuffer()));
+
+                response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+                response.setContentType(MediaType.TEXT_HTML.getType());
+        		
+                return true;
+                
+        	} catch (Exception e1 ) { 
+        		Logger.error("Generate eIDAS Error-Response failed.", e);
+        		
+        	}
+     		     		
+        }
+    	
+    	return false;
+    }
+
+    public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+        return false;
+    }
+}
+
+
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
new file mode 100644
index 000000000..b4db5c83d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -0,0 +1,162 @@
+/*******************************************************************************
+ *  Copyright 2015 e-SENS project
+ *
+ *  Licensed under the EUPL, Version 1.1 or - as soon they will be
+ *  approved by the European Commission - subsequent versions of
+ *  the EUPL (the "Licence");
+ *  You may not use this work except in compliance with the Licence.
+ *  You may obtain a copy of the Licence at: http://ec.europa.eu/idabc/eupl
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the Licence is distributed on an "AS IS" basis,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ *  implied.
+ *  See the Licence for the specific language governing permissions and
+ *  limitations under the Licence.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.Contact;
+import eu.eidas.auth.engine.metadata.MetadataConfigParams;
+import eu.eidas.auth.engine.metadata.MetadataGenerator;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+
+/**
+ * First version to provide some valid metadata to an asking eIDaS node
+ */
+@Service("EidasMetaDataRequest")
+public class EidasMetaDataRequest implements IAction {
+    
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+	 */
+	@Override
+	public SLOInformationInterface processRequest(IRequest req,
+			HttpServletRequest httpReq, HttpServletResponse httpResp,
+			IAuthData authData) throws MOAIDException {
+       
+		try {            
+            String pubURLPrefix = req.getAuthURL();
+            
+            String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+            
+            String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
+            String metaData = generateMetadata(metadata_url, sp_return_url);
+
+            Logger.trace(metaData);
+
+            httpResp.setContentType(MediaType.APPLICATION_XML.getType());
+            httpResp.getWriter().print(metaData);
+            httpResp.flushBuffer();
+        } catch (Exception e) {        	
+        	Logger.error("eIDAS Metadata generation FAILED.", e);
+        	throw new MOAIDException("eIDAS.05", new Object[]{e.getMessage()}, e);
+            
+        } 
+		
+		
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+			HttpServletResponse httpResp) {
+		return false;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+	 */
+	@Override
+	public String getDefaultActionName() {
+		return "eIDAS-Metadata Action";
+		
+	}
+    
+    public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+        String metadata="invalid metadata";
+
+		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+        
+        MetadataGenerator generator = new MetadataGenerator();
+        MetadataConfigParams mcp=new MetadataConfigParams();
+        generator.setConfigParams(mcp);
+        generator.initialize(engine);
+        
+        mcp.setEntityID(metadata_url);        
+        mcp.setAssertionConsumerUrl(sp_return_url);
+        
+        
+        //TODO: make it configurable
+        mcp.setAuthnRequestsSigned(true);
+        mcp.setWantAssertionsSigned(true);
+        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+        
+        //must be set in request, because it could be different for every online-application
+        //mcp.setSpType(SPType.DEFAULT_VALUE);
+        
+        mcp.setDigestMethods(Constants.METADATA_ALLOWED_ALG_DIGIST);
+        mcp.setSigningMethods(Constants.METADATA_ALLOWED_ALG_SIGN);
+        mcp.setEncryptionAlgorithms(Constants.METADATA_ALLOWED_ALG_ENCRYPT);
+        
+        //add organisation information from PVP metadata information        
+        Organization pvpOrganisation = null;
+		try {
+			pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation();			
+			Contact technicalContact = new Contact();
+			
+			List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
+			if (contacts != null && contacts.size() >= 1) {								
+				technicalContact.setEmail(contacts.get(0).getEmailAddresses().get(0).getAddress());
+				technicalContact.setGivenName(contacts.get(0).getGivenName().getName());
+				technicalContact.setSurName(contacts.get(0).getSurName().getName());
+				technicalContact.setPhone(contacts.get(0).getTelephoneNumbers().get(0).getNumber());
+				mcp.setTechnicalContact(technicalContact );			
+				
+			}
+			
+			if (pvpOrganisation != null) {
+	        	mcp.setNodeUrl(pvpOrganisation.getURLs().get(0).getURL().getLocalString());
+	        	mcp.setCountryName("Austria");		        
+	        	technicalContact.setCompany(pvpOrganisation.getDisplayNames().get(0).getName().getLocalString());
+			}
+									
+		} catch (ConfigurationException | NullPointerException e) {
+			Logger.warn("Can not load Organisation or Contact from Configuration", e);
+			
+		}
+		        
+        generator.addSPRole();
+        generator.addIDPRole();
+        
+        metadata = generator.generateMetadata();
+        return metadata;
+    }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
new file mode 100644
index 000000000..9943cc5fb
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -0,0 +1,189 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.io.StringWriter;
+import java.text.SimpleDateFormat;
+import java.util.Map.Entry;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASStatusCode;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+
+
+/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
+ * @author tlenz
+ */
+
+@Service("eIDASAuthenticationRequest")
+public class eIDASAuthenticationRequest implements IAction {
+
+	@Autowired protected MOAReversionLogger revisionsLogger;
+	
+	@Override
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
+		EIDASData eidasRequest;
+		if(req instanceof EIDASData)
+			eidasRequest = (EIDASData) req;
+		else
+			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
+		
+		
+		// gather attributes
+		MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+		
+		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+			String newValue = "";
+			
+			// TODO make use of proper builder
+			switch(current.getKey()) {
+			case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+			case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
+			case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
+			
+			//TODO: change bPK builder !!!!!!
+			case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = authData.getBPK(); break;
+			}
+			
+			if("".equals(newValue))
+				current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+			else {
+				current.getValue().getValue().clear();
+				current.getValue().getValue().add(newValue);
+				current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+			}
+		}
+		
+		// construct eIDaS response
+		EIDASAuthnResponse response = new EIDASAuthnResponse();
+		response.setPersonalAttributeList(resultingAttributeList);
+		
+		// - create metadata url
+        String pubURLPrefix = req.getAuthURL();
+        String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+		response.setIssuer(metadata_url);
+
+		response.setAssuranceLevel(authData.getEIDASQAALevel());
+		
+		String token = null;
+		try {
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			
+			// encryption is done by the SamlEngine, i.e. by the module we provide in the config
+			// but we need to set the appropriate request issuer
+			engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
+
+
+			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
+						engine, 
+						eidasRequest.getEidasRequest());
+				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+				
+			}
+			
+			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+
+			
+			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+			
+		} catch(Exception e) {
+			e.printStackTrace();
+		}
+		
+		revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+		
+		// send the response
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+
+            context.put("RelayState", eidasRequest.getRemoteRelayState());
+
+            context.put("SAMLResponse", token);
+            Logger.debug("SAMLResponse original: " + token);
+
+            Logger.debug("Putting assertion consumer url as action: " + eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            context.put("action", eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            Logger.trace("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.trace("Doing template merge");
+            template.merge(context, writer);
+            Logger.trace("Template merge done");
+
+            Logger.trace("Sending html content  : " + new String(writer.getBuffer()));
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+            httpResp.setContentType(MediaType.TEXT_HTML.getType());
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+		
+		return null;
+	}
+
+	@Override
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		return true;
+	}
+
+	@Override
+	public String getDefaultActionName() {		
+		return "eIDAS_AuthnRequest";
+	}
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..cd2416a91
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.eidas.eIDASAuthenticationSpringResourceProvider
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
new file mode 100644
index 000000000..4ff64e76d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+
+	<pd:Task id="createAuthnRequest" class="GenerateAuthnRequestTask" />
+	<pd:Task id="receiveAuthnResponse" class="ReceiveAuthnResponseTask" async="true" />
+	<pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+	<pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" />
+
+	<pd:StartEvent id="start" />	
+	<pd:Transition from="start" to="createAuthnRequest" />	
+	<pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" />
+	<pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" />
+	<pd:Transition from="generateIdentityLink" to="finalizeAuthentication" />		
+	<pd:Transition from="finalizeAuthentication"    to="end" />	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.authmodule.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.authmodule.beans.xml
new file mode 100644
index 000000000..0e1b60fe7
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.authmodule.beans.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+	<context:annotation-config />
+
+	<bean id="eIDASAuthModule" class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASAuthenticationModulImpl">
+		<property name="priority" value="1" />
+	</bean>
+
+</beans>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
new file mode 100644
index 000000000..5d79d082a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ 
+	<bean id="eIDASSignalServlet"
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/>
+
+	<bean id="EIDASProtocol"
+				class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
+							
+<!-- Authentication Process Tasks -->
+	<bean id="GenerateAuthnRequestTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask"
+				scope="prototype"/>
+	
+	<bean id="ReceiveAuthnResponseTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask"
+				scope="prototype"/>
+				
+	<bean id="CreateIdentityLinkTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask"
+				scope="prototype"/>
+																						
+</beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm
new file mode 100644
index 000000000..3bd225b00
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm
@@ -0,0 +1,41 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+## Contains target attribute to delegate PEPS authentication out of iFrame
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+		<head>
+			<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+		</head>
+
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post" target="_top">
+            <div>
+                #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+                
+                #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        
+    </body>
+</html>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml
new file mode 100644
index 000000000..09084a34f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+	<saml:AttributeStatement>
+		<saml:Subject>
+			<saml:SubjectConfirmation>
+				<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+				<saml:SubjectConfirmationData>
+					<pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>XXXRúùd</pr:GivenName><pr:FamilyName primary="undefined">XXXVàn Nisteĺrooy</pr:FamilyName></pr:Name><pr:DateOfBirth>1969-02-13</pr:DateOfBirth></pr:Person>
+				</saml:SubjectConfirmationData>
+			</saml:SubjectConfirmation>
+		</saml:Subject>
+	<saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><ecdsa:ECDSAKeyValue><ecdsa:DomainParameters><ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/></ecdsa:DomainParameters><ecdsa:PublicKey><ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/><ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/></ecdsa:PublicKey></ecdsa:ECDSAKeyValue></saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><dsig:RSAKeyValue><dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/
+t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm
+P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg
+gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></saml:AttributeValue></saml:Attribute></saml:AttributeStatement>
+	<dsig:Signature>
+		<dsig:SignedInfo>
+			<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+			<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+			<dsig:Reference URI="">
+				<dsig:Transforms>
+					<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+						<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+					</dsig:Transform>
+					<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+				</dsig:Transforms>
+				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<dsig:DigestValue>KEQEPY2O3Z3IRaISSSoRZVPzsHE=</dsig:DigestValue>
+			</dsig:Reference>
+			<dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest">
+				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<dsig:DigestValue>gzGhjH1kdmPcPbgen0xojNIoJLk=</dsig:DigestValue>
+			</dsig:Reference>
+		</dsig:SignedInfo>
+		<dsig:SignatureValue>
+    06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q==
+  </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
+		<dsig:Object>
+			<dsig:Manifest Id="manifest">
+				<dsig:Reference URI="">
+					<dsig:Transforms>
+						<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+							<dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath>
+						</dsig:Transform>
+					</dsig:Transforms>
+					<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+					<dsig:DigestValue>8e7RjLnA4Mgltq5ruIJzheKGxu0=</dsig:DigestValue>
+				</dsig:Reference>
+			</dsig:Manifest>
+		</dsig:Object>
+	</dsig:Signature>
+</saml:Assertion>
\ No newline at end of file