Merge tag 'MOA-ID-3.1.0' into development_preview

JoinUp Release

21 files changed, 2465 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-elga_mandate_service/.gitignore b/id/server/modules/moa-id-module-elga_mandate_service/.gitignore
new file mode 100644
index 000000000..b83d22266
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/.gitignore
@@ -0,0 +1 @@
+/target/
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
new file mode 100644
index 000000000..3b5d1ba66
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>MOA.id.server.modules</groupId>
+    <artifactId>moa-id-modules</artifactId>
+    <version>${moa-id-version}</version>
+  </parent>
+  <artifactId>moa-id-module-elga_mandate_service</artifactId>
+  <version>${moa-id-module-elga_mandate_client}</version>
+  <name>ELGA mandate-service client</name>
+  <description>This authentication module implements a 
+  	client to integrate ELGA mandates in the MOA-ID identification and authentication process. 
+  </description>
+  <organization>
+  	<name>EGIZ</name>
+  	<url>https://www.egiz.gv.at</url>
+  </organization>
+  <developers>
+  	<developer>
+  		<name>Thomas Lenz</name>
+  		<organization>EGIZ</organization>
+  		<email>thomas.lenz@egiz.gv.at</email>
+  	</developer>
+  </developers>
+  
+ 	<properties>
+		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
+	</properties>
+  
+  	<dependencies>
+  	  	<dependency>
+  					<groupId>MOA.id.server</groupId>
+  					<artifactId>moa-id-lib</artifactId>
+  			</dependency>
+  			
+  			<dependency>
+  				<groupId>MOA.id.server.modules</groupId>
+  				<artifactId>moa-id-modul-citizencard_authentication</artifactId>
+  				<exclusions>
+  					<exclusion>
+  						<groupId>*</groupId>
+  					</exclusion>
+  				</exclusions>
+  			</dependency>
+  	</dependencies>
+  
+</project>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
new file mode 100644
index 000000000..7ca4590bb
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -0,0 +1,116 @@
+package at.gv.egovernment.moa.id.auth.modules.elgamandates;
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandatesAuthConstants {
+
+	public static final String MODULE_NAME_FOR_LOGGING = "ELGA Mandate-Service";
+	
+	public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; 
+	
+	//Service endpoint definitions
+	public static final String ENDPOINT_POST = "/sp/elga_mandate/post";
+	public static final String ENDPOINT_REDIRECT = "/sp/elga_mandate/redirect";
+	public static final String ENDPOINT_METADATA = "/sp/elga_mandate/metadata";
+
+	public static final String TEMPLATE_MANDATE_SERVICE_SELECTION = "/mandate-service-selection.html";
+	
+	//configuration properties
+	public static final String CONFIG_PROPS_PREFIX = "modules.elga_mandate.";
+	
+	public static final String CONFIG_PROPS_SUBJECTNAMEID_TARGET = CONFIG_PROPS_PREFIX + "nameID.target";
+	
+	public static final String CONFIG_PROPS_ENTITYID = CONFIG_PROPS_PREFIX + "service.entityID";
+	public static final String CONFIG_PROPS_METADATAURL = CONFIG_PROPS_PREFIX + "service.metadataurl";
+	public static final String CONFIG_PROPS_METADATA_TRUSTPROFILE = CONFIG_PROPS_PREFIX + "service.metadata.trustprofileID";
+	public static final String CONFIG_PROPS_ALLOWED_MANDATE_TYPES = CONFIG_PROPS_PREFIX + "service.mandateprofiles";
+	
+	public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
+	public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
+	public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password";
+	public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias";
+	public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password";
+	public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias";
+	public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password";
+	public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias";
+	
+	
+	/** 
+	 * 
+	 * Get required PVP attributes
+	 * First : PVP attribute name (OID) 
+	 * Second: FriendlyName
+	 * 
+	 */
+	public static final List<Pair<String, String>> REQUIRED_PVP_ATTRIBUTES = 
+			Collections.unmodifiableList(new ArrayList<Pair<String, String>>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					//add PVP Version attribute
+					add(Pair.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME));
+					
+					//request mandate type					
+					add(Pair.newInstance(PVPConstants.MANDATE_TYPE_NAME, PVPConstants.MANDATE_TYPE_FRIENDLY_NAME));
+					
+					//request attributes for natural mandators  
+					add(Pair.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_NAME, PVPConstants.MANDATE_NAT_PER_BPK_FRIENDLY_NAME));
+					add(Pair.newInstance(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME, PVPConstants.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME));
+					add(Pair.newInstance(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME, PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME));
+					add(Pair.newInstance(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME, PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME));
+					
+					//request reference_value
+					add(Pair.newInstance(PVPConstants.MANDATE_REFERENCE_VALUE_NAME, PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME));
+				}
+			});
+	
+	
+	public static final String CONFIG_DEFAULT_QAA_STORK_LEVEL = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
+	public static final String CONFIG_DEFAULT_QAA_SECCLASS_LEVEL = "http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3";
+
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE = "rc";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI = "http://egiz.gv.at/namespace/subjectconformationdate/elga";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_ROOT = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":Representative";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":FamilyName";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":GivenName";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":DateOfBirth";
+
+	public static List<String> getRequiredAttributeNames() {
+		List<String> list = new ArrayList<String>();
+		for (Pair<String, String> el : REQUIRED_PVP_ATTRIBUTES)
+			list.add(el.getFirst());
+		return list;
+	}
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
new file mode 100644
index 000000000..c2efe5bfc
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -0,0 +1,86 @@
+package at.gv.egovernment.moa.id.auth.modules.elgamandates;
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * This authentication module extens the default citizen  
+ * 
+ * @author tlenz
+ *
+ */
+public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl {
+
+	@Autowired private AuthConfiguration authConfig; 
+	
+	private int priority = 0;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+	 */
+	@Override
+	public int getPriority() {
+		return priority;
+	}
+	
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		String selectedProcessID = super.selectProcess(context);
+	
+		//check if BKU authentication is selected and ELGA-MandateService is configurated
+		if (MiscUtil.isNotEmpty(selectedProcessID)) {
+			if (MiscUtil.isNotEmpty(authConfig.getBasicMOAIDConfiguration(
+					ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID)))
+				return "DefaultAuthenticationWithELGAMandates";
+			
+		}
+		
+		return selectedProcessID;
+		
+	}
+		
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml" };
+	}
+
+	/**
+	 * @param priority the priority to set
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
+		
+	}
+
+	
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java
new file mode 100644
index 000000000..649e8e5f5
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java
@@ -0,0 +1,64 @@
+package at.gv.egovernment.moa.id.auth.modules.elgamandates;
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandatesSpringResourceProvider implements SpringResourceProvider {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+	 */
+	@Override
+	public Resource[] getResourcesToLoad() {
+		ClassPathResource elgaAuthConfig = new ClassPathResource("/moaid_elga_mandate_client_auth.beans.xml", ELGAMandatesSpringResourceProvider.class);					
+		
+		return new Resource[] {elgaAuthConfig};
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+	 */
+	@Override
+	public String[] getPackagesToScan() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+	 */
+	@Override
+	public String getName() {
+		return "MOA-ID Auth-module 'ELGA Mandate-Client'";
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
new file mode 100644
index 000000000..5743590f9
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -0,0 +1,313 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.config;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderConfiguration {
+	
+	private String authURL;
+	private ELGAMandatesCredentialProvider credentialProvider;
+	
+	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) {
+		this.authURL = authURL;
+		this.credentialProvider = credentialProvider;
+				
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil()
+	 */
+	@Override
+	public int getMetadataValidUntil() {
+		return ELGAMandatesAuthConstants.METADATA_VALIDUNTIL_IN_HOURS;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement()
+	 */
+	@Override
+	public boolean buildEntitiesDescriptorAsRootElement() {
+		return false;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor()
+	 */
+	@Override
+	public boolean buildIDPSSODescriptor() {
+		return false;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor()
+	 */
+	@Override
+	public boolean buildSPSSODescriptor() {
+		return true;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix()
+	 */
+	@Override
+	public String getEntityID() {
+		return authURL + ELGAMandatesAuthConstants.ENDPOINT_METADATA;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName()
+	 */
+	@Override
+	public String getEntityFriendlyName() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation()
+	 */
+	@Override
+	public List<ContactPerson> getContactPersonInformation() {
+		try {
+			return PVPConfiguration.getInstance().getIDPContacts();
+			
+		} catch (ConfigurationException e) {
+			Logger.warn("Can not load Metadata entry: Contect Person", e);
+			return null;
+			
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation()
+	 */
+	@Override
+	public Organization getOrgansiationInformation() {
+		try {
+			return PVPConfiguration.getInstance().getIDPOrganisation();
+			
+		} catch (ConfigurationException e) {
+			Logger.warn("Can not load Metadata entry: Organisation", e);
+			return null;
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials()
+	 */
+	@Override
+	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPMetaDataSigningCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials()
+	 */
+	@Override
+	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPAssertionSigningCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials()
+	 */
+	@Override
+	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPAssertionEncryptionCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL()
+	 */
+	@Override
+	public String getIDPWebSSOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL()
+	 */
+	@Override
+	public String getIDPWebSSORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL()
+	 */
+	@Override
+	public String getIDPSLOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL()
+	 */
+	@Override
+	public String getIDPSLORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL()
+	 */
+	@Override
+	public String getSPAssertionConsumerServicePostBindingURL() {
+		return authURL + ELGAMandatesAuthConstants.ENDPOINT_POST;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL()
+	 */
+	@Override
+	public String getSPAssertionConsumerServiceRedirectBindingURL() {
+		return authURL + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL()
+	 */
+	@Override
+	public String getSPSLOPostBindingURL() {
+		//return authURL + ELGAMandatesAuthConstants.ENDPOINT_POST;
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL()
+	 */
+	@Override
+	public String getSPSLORedirectBindingURL() {
+		//return authURL + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT;
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL()
+	 */
+	@Override
+	public String getSPSLOSOAPBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes()
+	 */
+	@Override
+	public List<Attribute> getIDPPossibleAttributes() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes()
+	 */
+	@Override
+	public List<String> getIDPPossibleNameITTypes() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes()
+	 */
+	@Override
+	public List<RequestedAttribute> getSPRequiredAttributes() {
+		List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+		for (Pair<String, String> el : ELGAMandatesAuthConstants.REQUIRED_PVP_ATTRIBUTES)
+			requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), true));	
+					
+		return requestedAttributes;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes()
+	 */
+	@Override
+	public List<String> getSPAllowedNameITTypes() {
+		return Arrays.asList(NameIDType.PERSISTENT);
+		
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging()
+	 */
+	@Override
+	public String getSPNameForLogging() {
+		return ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+	 */
+	@Override
+	public boolean wantAssertionSigned() {
+		return true;
+		
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+	 */
+	@Override
+	public boolean wantAuthnRequestSigned() {
+		return true;
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
new file mode 100644
index 000000000..b67d263fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -0,0 +1,303 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.config;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation {
+
+	private boolean isPassive = false;
+	private String SPEntityID = null;
+	private String QAA_Level = null;
+	private EntityDescriptor idpEntity = null;
+	private Credential signCred = null;
+	private String subjectNameID = null;
+	private String subjectNameIDQualifier = null;
+	private String requestID = null;
+	private Element subjectConformationDate = null;
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest()
+	 */
+	@Override
+	public Boolean isPassivRequest() {
+		return this.isPassive;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId()
+	 */
+	@Override
+	public Integer getAssertionConsumerServiceId() {
+		return 0;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID()
+	 */
+	@Override
+	public String getSPEntityID() {
+		return this.SPEntityID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy()
+	 */
+	@Override
+	public String getNameIDPolicyFormat() {
+		return NameID.PERSISTENT;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy()
+	 */
+	@Override
+	public boolean getNameIDPolicyAllowCreation() {
+		return false;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef()
+	 */
+	@Override
+	public String getAuthnContextClassRef() {
+		return this.QAA_Level;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison()
+	 */
+	@Override
+	public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() {
+		return AuthnContextComparisonTypeEnumeration.MINIMUM;
+	}
+
+	/**
+	 * @param isPassive the isPassive to set
+	 */
+	public void setPassive(boolean isPassive) {
+		this.isPassive = isPassive;
+	}
+
+	/**
+	 * @param sPEntityID the sPEntityID to set
+	 */
+	public void setSPEntityID(String sPEntityID) {
+		SPEntityID = sPEntityID;
+	}
+
+	/**
+	 * @param qAA_Level the qAA_Level to set
+	 */
+	public void setQAA_Level(String qAA_Level) {
+		QAA_Level = qAA_Level;
+	}
+
+	/**
+	 * @param idpEntity the idpEntity to set
+	 */
+	public void setIdpEntity(EntityDescriptor idpEntity) {
+		this.idpEntity = idpEntity;
+	}
+
+	/**
+	 * @param signCred the signCred to set
+	 */
+	public void setSignCred(Credential signCred) {
+		this.signCred = signCred;
+	}
+
+		
+	/**
+	 * @param subjectNameID the subjectNameID to set
+	 */
+	public void setSubjectNameID(String subjectNameID) {
+		this.subjectNameID = subjectNameID;
+	}
+
+	
+	
+	/**
+	 * @param requestID the requestID to set
+	 */
+	public void setRequestID(String requestID) {
+		this.requestID = requestID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential()
+	 */
+	@Override
+	public Credential getAuthnRequestSigningCredential() {
+		return this.signCred;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor()
+	 */
+	@Override
+	public EntityDescriptor getIDPEntityDescriptor() {
+		return this.idpEntity;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID()
+	 */
+	@Override
+	public String getSubjectNameID() {
+		return this.subjectNameID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging()
+	 */
+	@Override
+	public String getSPNameForLogging() {
+		return ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat()
+	 */
+	@Override
+	public String getSubjectNameIDFormat() {
+		return NameID.PERSISTENT;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID()
+	 */
+	@Override
+	public String getRequestID() {
+		return this.requestID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier()
+	 */
+	@Override
+	public String getSubjectNameIDQualifier() {
+		return this.subjectNameIDQualifier;
+	}
+
+	/**
+	 * @param subjectNameIDQualifier the subjectNameIDQualifier to set
+	 */
+	public void setSubjectNameIDQualifier(String subjectNameIDQualifier) {
+		this.subjectNameIDQualifier = subjectNameIDQualifier;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+	 */
+	@Override
+	public String getSubjectConformationMethode() {
+		return SubjectConfirmation.METHOD_BEARER;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+	 */
+	@Override
+	public Element getSubjectConformationDate() {
+		return subjectConformationDate;
+	}
+
+	/**
+	 * @param subjectConformationDate the subjectConformationDate to set
+	 */
+	public void setSubjectConformationDate(String givenName, String familyName, String dateOfBirth) {
+		try {
+			Logger.trace("Build 'SubjectConfirmationData' for ELGA Mandate-Service request ...");
+			//build empty 'SubjectConfirmationData' element
+			SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);					
+			DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+			dbf.setNamespaceAware(true);
+			DocumentBuilder builder = dbf.newDocumentBuilder();			
+			Document doc = builder.newDocument();
+			
+			Marshaller out = Configuration.getMarshallerFactory()
+					.getMarshaller(subjectConformDate);
+			out.marshall(subjectConformDate, doc);
+			
+			//build root element for personal information
+			Element rootDom = doc.createElementNS(
+					ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI, 					 
+					ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_ROOT);
+			rootDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
+			rootDom.setAttributeNS("http://www.w3.org/2000/xmlns/", 
+					"xmlns:" + ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE, 
+					ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI);			
+						
+			//build personal information
+			Element familyNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME);
+			Element givenNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME);
+			Element dateOfBirthDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH);
+			familyNameDom.setTextContent(familyName);						
+			givenNameDom.setTextContent(givenName);						
+			dateOfBirthDom.setTextContent(dateOfBirth);
+						
+			//add personal information to 'SubjectConfirmationData' element
+			doc.getFirstChild().appendChild(rootDom);
+			rootDom.appendChild(givenNameDom);
+			rootDom.appendChild(familyNameDom);
+			rootDom.appendChild(dateOfBirthDom);
+			
+			this.subjectConformationDate = doc.getDocumentElement();
+			Logger.trace("'SubjectConfirmationData' for ELGA Mandate-Service is complete");
+			
+		} catch (ParserConfigurationException | MarshallingException e) {
+			Logger.error("Can not generate 'SubjectConformationDate' for " 
+					+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+			
+		}
+		
+				
+	}
+	
+		
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
new file mode 100644
index 000000000..29bc5ee12
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.controller;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class ELGAMandateMetadataController extends AbstractController {
+	
+	@Autowired PVPMetadataBuilder metadatabuilder;
+	@Autowired AuthConfiguration authConfig;
+	@Autowired ELGAMandatesCredentialProvider credentialProvider; 
+	
+	public ELGAMandateMetadataController() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() 
+				+ " with mappings '" + ELGAMandatesAuthConstants.ENDPOINT_METADATA 
+				+ "'.");
+		
+	}
+	
+	@RequestMapping(value = "/sp/elga_mandate/metadata", 
+					method = {RequestMethod.GET})
+	public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		//check PublicURL prefix
+		try {
+			String authURL = HTTPUtils.extractAuthURLFromRequest(req);		
+			if (!authConfig.getPublicURLPrefix().contains(authURL)) {		
+				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL");
+				return;
+				
+			} else {
+				//initialize metadata builder configuration
+				IPVPMetadataBuilderConfiguration metadataConfig = 
+						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider);
+				
+				//build metadata
+				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
+				
+				//write response
+				resp.setContentType("text/xml");
+				resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
+				resp.getOutputStream().close();
+
+			}
+			
+		} catch (Exception e) {
+			Logger.warn("Build federated-authentication PVP metadata FAILED.", e);
+			handleErrorNoRedirect(e, req, resp, false);
+			
+		}
+		
+	}
+		
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java
new file mode 100644
index 000000000..585e72c2f
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.controller;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class ELGAMandateSignalController extends AbstractProcessEngineSignalController {
+
+	public ELGAMandateSignalController() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() 
+				+ " with mappings '" + ELGAMandatesAuthConstants.ENDPOINT_POST 
+				+ "' and '" + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT + "'.");
+		
+	}
+	
+	@RequestMapping(value = {	"/sp/elga_mandate/post", 
+			 					"/sp/elga_mandate/redirect"
+							}, 
+					method = {RequestMethod.POST, RequestMethod.GET})
+	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+		
+	}
+	
+	public String getPendingRequestId(HttpServletRequest request) {
+		return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState"));
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
new file mode 100644
index 000000000..d27353809
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMetadataException extends MOAIDException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public ELGAMetadataException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+
+	public ELGAMetadataException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
new file mode 100644
index 000000000..f05446771
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("EvaluateMandateServiceTask")
+public class EvaluateMandateServiceTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			boolean useMIS = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEMISMANDATE);
+			boolean useELGA = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEELGAMANDATE);
+			
+			//check if both mandate Services are requested
+			if ( useMIS && useELGA ) {
+				Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
+				throw new MOAIDException("validator.73", null);
+				
+			}
+			
+			//select next process step
+			if (useELGA) {
+				//validate service-provider again
+				if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
+					Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() 
+							+ " does not fulfill requirements to use ELGA-MandateService.");
+					throw new MOAIDException("service.10", new Object[]{
+							ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+							"No valid mandate-profile defined"});
+				
+				}
+				
+				executionContext.put(MOAIDAuthConstants.PARAM_USEELGAMANDATE, useELGA);
+				Logger.debug("ELGA Mandate-Service is selected. Initialize service communication ... ");
+				
+			} else if(useMIS) {
+				executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, useMIS);
+				Logger.debug("MIS Mandate-Service is selected. Initialize service communication ... ");
+				
+				
+			} else {
+				//mark pending-request as aborted
+				Logger.info("No Mandate-Service is selected. Abort authentication process ... ");
+				pendingReq.setAbortedByUser(true);
+				pendingReq.setAuthenticated(false);
+				
+				//store pending-request
+				requestStoreage.storePendingRequest(pendingReq);
+				
+				//redirect to protocol finalization
+				performRedirectToProtocolFinialization(pendingReq, response);
+				
+			}
+			
+		} catch (MOAIDException e) {
+			Logger.info("Evaluation of Mandate-Service selection FAILED. Reason:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.info("Mandate-Service selection evaluation: General Exception. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+			
+		}
+
+	}
+
+	private boolean getUserConfermationFromRequest(HttpServletRequest httpReq, String paramName) throws WrongParametersException {
+		String paramString = httpReq.getParameter(paramName);
+		paramString = StringEscapeUtils.escapeHtml(paramString);
+		if (!ParamValidatorUtils.isValidUseMandate(paramString))
+			throw new WrongParametersException("Mandate-Service selection-evaluation", paramName, null);
+		
+		if (MiscUtil.isNotEmpty(paramString))
+			return Boolean.parseBoolean(paramString);
+		
+		else
+			return false;
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
new file mode 100644
index 000000000..5604b7640
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -0,0 +1,306 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import java.io.IOException;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("ReceiveElgaMandateResponseTask")
+public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
+
+	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired ELGAMandatesCredentialProvider credentialProvider;
+	@Autowired ELGAMandateServiceMetadataProvider metadataProvider;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {		
+		InboundMessage msg = null;
+		
+		try {						
+			IDecoder decoder = null;
+			MOAURICompare comperator = null;
+			//select Response Binding
+			if (request.getMethod().equalsIgnoreCase("POST")) {
+				decoder = new PostBinding();
+				comperator = new MOAURICompare(pendingReq.getAuthURL() 
+						+ ELGAMandatesAuthConstants.ENDPOINT_POST);
+				Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding.");
+				
+			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
+				decoder = new RedirectBinding();
+				comperator = new MOAURICompare(pendingReq.getAuthURL()
+						+ ELGAMandatesAuthConstants.ENDPOINT_REDIRECT);
+				Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding.");
+				
+			} else {
+				Logger.warn("Receive PVP Response, but Binding (" 
+						+ request.getMethod() + ") is not supported.");
+				throw new AuthnResponseValidationException("sp.pvp2.03", 
+						new Object[] {ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING});
+				
+			}
+			
+			//decode PVP response object
+			msg = (InboundMessage) decoder.decode(request, response, metadataProvider, true,
+					comperator);
+			 
+			if (MiscUtil.isEmpty(msg.getEntityID())) {
+				throw new InvalidProtocolRequestException("sp.pvp2.04", 
+						new Object[] {ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING});
+				
+			}
+			
+			//validate response signature
+			if(!msg.isVerified()) {
+				samlVerificationEngine.verify(msg, 
+						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+				msg.setVerified(true);
+								
+			}
+			
+			Logger.debug("PVP Response from ELGA mandate-service is cryptographically valid.");
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP, request.getRemoteAddr());
+			
+			
+			//validate assertion
+			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);			
+			
+			//write ELGA mandate information into MOASession
+			AssertionAttributeExtractor extractor = 
+					new AssertionAttributeExtractor(processedMsg.getResponse());
+			
+			//check if all attributes are include
+			if (!extractor.containsAllRequiredAttributes(
+					ELGAMandatesAuthConstants.getRequiredAttributeNames())) {
+				Logger.warn("PVP Response from ELGA mandate-service contains not all requested attributes.");
+				throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING});
+				
+			}
+
+			
+			
+			//load MOASession object
+			defaultTaskInitialization(request, executionContext);
+			
+			//validate receive mandate reference-value
+			//TODO: update if ReferenceValue Discussion is finished
+			String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); 
+			if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
+				Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
+				throw new AssertionValidationExeption("sp.pvp2.07", 
+						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+								PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
+				
+			}
+			
+			Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
+			
+			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+			for (String el : includedAttrNames) {
+				moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				Logger.debug("Add PVP-attribute " + el + " into MOASession");
+				
+			}
+			
+			//store MOASession
+			authenticatedSessionStorage.storeSession(moasession);
+						
+			//write revisions log entry
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED, 
+						extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
+
+			//write mandate info's to revisions log
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, 
+									 extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME));
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, 
+									 MOAReversionLogger.NAT_PERSON);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, 
+									  revisionsLogger.buildPersonInformationHash(
+											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), 
+											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), 
+											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)));						
+			
+			Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID()); 
+											
+		} catch (MessageDecodingException | SecurityException e) {
+			String samlRequest = request.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
+			throw new TaskExecutionException(pendingReq, 
+					"Receive INVALID PVP Response from ELGA mandate-service", 
+					new AuthnResponseValidationException("sp.pvp2.12", 
+							new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, 
+							e));
+
+		} catch (IOException | MarshallingException | TransformerException e) {
+			Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
+			throw new TaskExecutionException(pendingReq, 
+					"Processing PVP response from ELGA mandate-service FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", 
+							new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, 
+							e));
+			
+		} catch (CredentialsNotAvailableException e) {
+			Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
+			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e);
+
+		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
+			Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
+			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
+		
+		} catch (Exception e) {
+			Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
+			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+			
+		}
+
+	}
+		
+	/**
+	 * PreProcess AuthResponse and Assertion 
+	 * @param msg
+	 * @throws TransformerException 
+	 * @throws MarshallingException 
+	 * @throws IOException 
+	 * @throws CredentialsNotAvailableException 
+	 * @throws AssertionValidationExeption 
+	 * @throws AuthnResponseValidationException 
+	 */
+	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+		Logger.debug("Start PVP-2.1 assertion processing... ");
+		Response samlResp = (Response) msg.getResponse();
+
+		//validate 'inResponseTo' attribute
+		String authnReqID = pendingReq.getGenericData(
+				PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class);
+		String inResponseTo = samlResp.getInResponseTo();
+		
+		if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || 
+				!authnReqID.equals(inResponseTo)) {
+			Logger.info("Validation of request/response IDs FAILED."
+					+ " ReqID:" + authnReqID + " InRespTo:" + inResponseTo);
+			throw new AuthnResponseValidationException("sp.pvp2.07", 
+					new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+							"'InResponseTo'"});
+			
+		}
+		
+		// check SAML2 response status-code
+		if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {				
+			//validate PVP 2.1 assertion
+			samlVerificationEngine.validateAssertion(samlResp, true, 
+					credentialProvider.getIDPAssertionEncryptionCredential(),
+					pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_METADATA,
+					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+
+			msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+			return msg;
+				
+		} else {
+			String errorMsg = "No error message";
+			StatusCode firstCode = samlResp.getStatus().getStatusCode();
+			
+			//get errormessage from response
+			if (samlResp.getStatus().getStatusMessage() != null && 
+					MiscUtil.isNotEmpty(samlResp.getStatus().getStatusMessage().getMessage()))
+				errorMsg = samlResp.getStatus().getStatusMessage().getMessage();
+			
+			//extract response status-codes
+			if (firstCode.getStatusCode() == null) {			
+				Logger.info("Receive StatusCode:" + firstCode.getValue() + " | Msg:" +  errorMsg 
+						+ " from federated IDP.");			
+				throw new AuthnResponseValidationException("sp.pvp2.05", 
+						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, 
+								samlResp.getIssuer().getValue(), 
+								firstCode.getValue(),
+								samlResp.getStatus().getStatusMessage().getMessage()});
+				
+			} else {
+				StatusCode secondCode = firstCode.getStatusCode();
+				Logger.info("Receive StatusCode:" + firstCode.getValue() + " -> StatusCode:" + secondCode.getValue() 
+					+ " | Msg:" +  errorMsg + " from federated IDP.");			
+				throw new AuthnResponseValidationException("sp.pvp2.09", 
+						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, 
+								samlResp.getIssuer().getValue(), 
+								firstCode.getValue(),
+								secondCode.getValue(),
+								samlResp.getStatus().getStatusMessage().getMessage()});
+				
+			}
+					
+		}
+								
+	}	
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
new file mode 100644
index 000000000..6a7858575
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import java.security.NoSuchAlgorithmException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("RequestELGAMandateTask")
+public class RequestELGAMandateTask extends AbstractAuthServletTask {
+
+	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
+	@Autowired ELGAMandatesCredentialProvider credential;
+	@Autowired AuthConfiguration authConfig;
+	@Autowired ELGAMandateServiceMetadataProvider metadataService;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try{
+			// get IDP entityID
+			String elgaMandateServiceEntityID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID);
+					
+			if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) {
+				Logger.info("Connect ELGA Mandate-Service FAILED -> not EntityID found!");
+				throw new TaskExecutionException(pendingReq, "Connect ELGA Mandate-Service FAILED", 
+						new MOAIDException("service.10", 
+								new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Not EntityID found"}));
+				
+			}
+			
+			//load metadata with metadataURL, as backup
+			String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL);
+			if (MiscUtil.isNotEmpty(metadataURL)) {
+				Logger.warn("Use not recommended metadata-provider initialization!"
+						+ " SAML2 'Well-Known-Location' is the preferred methode.");
+				Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + metadataURL);				
+				metadataService.initialize(metadataURL);
+				
+			}
+			
+			//load IDP SAML2 entitydescriptor
+			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);			
+			
+			//load MOASession from database
+			defaultTaskInitialization(request, executionContext);
+			
+			//setup AuthnRequestBuilder configuration
+			ELGAMandatesRequestBuilderConfiguration authnReqConfig = new ELGAMandatesRequestBuilderConfiguration();
+			authnReqConfig.setIdpEntity(entityDesc);
+			authnReqConfig.setPassive(false);
+			authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
+			authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_METADATA);			
+						
+			//set bPK of representative
+			String representativeBPK = null;
+			
+			String configTarget = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET);
+			if (MiscUtil.isEmpty(configTarget)) {
+				Logger.warn("Connect ELGA Mandate-Service FAILED -> No bPK-Type for SubjectNameID found.");
+				throw new MOAIDException("service.10", 
+						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "No bPK-Type for SubjectNameID found in configuration."}); 
+				
+			} else {
+				if (!configTarget.startsWith(Constants.URN_PREFIX_CDID)) {
+					Logger.warn("Connect ELGA Mandate-Service FAILED -> bPK-Type for SubjectNameID has wrong format.");
+					throw new MOAIDException("service.10", 
+							new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "bPK-Type for SubjectNameID has wrong format."});
+					
+				}								
+			}
+
+			//check if identityLink exists in moaSession DAO
+			if (moasession.getIdentityLink() == null) {
+				Logger.error("Connect ELGA Mandate-Service FAILED -> NO identityLink in moaSession DAO");
+				throw new MOAIDException("service.10", 
+						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "NO identityLink in moaSession DAO."});
+				
+			}
+			
+			String sourcePinType = moasession.getIdentityLink().getIdentificationType();
+			String sourcePinValue = moasession.getIdentityLink().getIdentificationValue();			
+			if (sourcePinType.startsWith(Constants.URN_PREFIX_BASEID)) {
+				representativeBPK = new BPKBuilder().buildBPK(sourcePinValue, configTarget);
+				
+			} else {
+				Logger.debug("No 'SourcePin' found for representative. "
+						+ "Check sourcePinType against target from configuration.");
+				if (!configTarget.equals(sourcePinType)) {
+					Logger.warn("Connect ELGA Mandate-Service FAILED -> Generate bPK for configurated bPK-Type is not possible.");
+					throw new MOAIDException("service.10", 
+							new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Generate bPK for configurated bPK-Type is not possible."});
+					
+				} else {
+					representativeBPK = sourcePinValue;
+					
+				}								
+			}
+			
+			//set bPK of representative as SAML2 subjectNameID
+			authnReqConfig.setSubjectNameID(representativeBPK );
+			authnReqConfig.setSubjectNameIDQualifier(configTarget);
+			
+			//set MandateReferenceValue as RequestID
+			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
+			pendingReq.setGenericDataToSession(
+					PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID,
+					authnReqConfig.getRequestID());
+			
+			//set SubjectConformationDate
+			authnReqConfig.setSubjectConformationDate(
+					moasession.getIdentityLink().getGivenName(), 
+					moasession.getIdentityLink().getFamilyName(), 
+					moasession.getIdentityLink().getDateOfBirth());
+			
+			//store pending-request
+			requestStoreage.storePendingRequest(pendingReq);
+			
+			//build and transmit AuthnRequest
+			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
+		
+			//write revisions log entry
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, moasession.getMandateReferenceValue());
+			
+		} catch (MetadataProviderException e) {			
+			throw new TaskExecutionException(pendingReq, "ELGA Mandate-Service metadata problem", new ELGAMetadataException("service.10", 
+						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
+			
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for ELGA Mandate-Service FAILED.", e);
+
+		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
+			Logger.error("Build PVP2.1 AuthnRequest for ELGA Mandate-Service FAILED", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.error("Build PVP2.1 AuthnRequest for ELGA Mandate-Service FAILED", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		}
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
new file mode 100644
index 000000000..8d6ac1762
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("SelectMandateServiceTask")
+public class SelectMandateServiceTask extends AbstractAuthServletTask {
+
+	@Autowired IGUIFormBuilder guiBuilder;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			//check if Service-Provider allows ELGA-mandates
+			if (ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {			
+				Logger.trace("Build GUI for mandate-service selection ...");
+						
+				IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+						pendingReq, 
+						ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, 
+						GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+			
+				guiBuilder.build(response, config, "Mandate-Service selection");
+		
+				Logger.debug("GUI for mandate-service selection is generated. Wait for user interaction ... ");
+				
+			} else {
+				//service-provider does not allow ELGA-mandates  --> switch to MIS mandate-service
+				Logger.debug("Service-Provider does not allow ELGA Mandate-Service. --> Select MIS Mandate-Service as Default.");
+				executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, true);
+				
+			}
+			
+		} catch (GUIBuildException e) {
+			Logger.warn("Can not build GUI:'Mandate-Service selection'. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, 
+					"Can not build GUI. Msg:" + e.getMessage(), 
+					new MOAIDException("builder.09", new Object[]{e.getMessage()}, e));
+						
+		} catch (Exception e) {
+			Logger.info("Mandate-Service selection: General Exception. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+			
+		}
+
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
new file mode 100644
index 000000000..c9485104b
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+
+@Service("ELGAMandate_MetadataProvider")
+public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider {
+
+	@Autowired AuthConfiguration authConfig;
+	
+	private HTTPMetadataProvider metadataProvider = null;
+
+	
+	public void initialize(String metadataURL) throws MetadataProviderException {
+		if (metadataProvider == null) {
+			internalInitialize(metadataURL);
+			
+		} else {
+			Logger.info("ELGA Mandate-Service metadata-provider is already initialized.");
+			
+		}
+		
+	}
+	
+		
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
+	 */
+	@Override
+	public boolean requireValidMetadata() {
+		if (metadataProvider == null) {
+			Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
+			return false;
+			
+		} else
+			return metadataProvider.requireValidMetadata();
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean)
+	 */
+	@Override
+	public void setRequireValidMetadata(boolean requireValidMetadata) {
+		if (metadataProvider == null) {
+			Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
+			
+		} else		
+			metadataProvider.setRequireValidMetadata(requireValidMetadata);;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter()
+	 */
+	@Override
+	public MetadataFilter getMetadataFilter() {
+		if (metadataProvider == null) {
+			Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
+			return null;
+			
+		} else		
+			return metadataProvider.getMetadataFilter();
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter)
+	 */
+	@Override
+	public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException {
+		Logger.fatal("Set Metadata Filter is not implemented her!");
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata()
+	 */
+	@Override
+	public XMLObject getMetadata() throws MetadataProviderException {
+		if (metadataProvider == null) {
+			Logger.error("ELGA Mandate-Service metadata-provider is not initialized");
+			throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized");
+			
+		}
+		
+		return metadataProvider.getMetadata();
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException {
+		if (metadataProvider == null) {
+			Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
+			throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized");
+			
+		} else		
+			return metadataProvider.getEntitiesDescriptor(name);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
+		if (metadataProvider == null) 
+			internalInitialize(entityID);
+										
+		try {
+			EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
+			if (entityDesc == null) {
+				Logger.error("ELGA Mandate-Service Client ERROR: No EntityID with "+ entityID);
+				throw new MetadataProviderException("No EntityID with "+ entityID);
+			}
+			
+			return entityDesc;
+			
+		} catch (MetadataProviderException e) {
+			Logger.error("ELGA Mandate-Service Client ERROR: Metadata extraction FAILED.", e);
+			throw new MetadataProviderException("Metadata extraction FAILED", e);
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName)
+	 */
+	@Override
+	public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException {
+		if (metadataProvider == null)
+			internalInitialize(entityID);
+		
+		return metadataProvider.getRole(entityID, roleName);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String)
+	 */
+	@Override
+	public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
+			throws MetadataProviderException {
+		if (metadataProvider == null)
+			internalInitialize(entityID);
+		
+		return metadataProvider.getRole(entityID, roleName, supportedProtocol);
+	}
+	
+	private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {		
+		if (metadataProvider == null) {
+			Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
+		
+			String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
+			if (MiscUtil.isEmpty(trustProfileID)) {
+				Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
+				throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
+			}
+						
+			//create metadata validation filter chain
+			MetadataFilterChain filter = new MetadataFilterChain();
+			filter.addFilter(new SchemaValidationFilter(true));
+			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
+		
+			metadataProvider = createNewHTTPMetaDataProvider(metdataURL, 
+					filter, 
+					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+		
+			if (metadataProvider == null) {
+				Logger.error("Create ELGA Mandate-Service Client FAILED.");
+				throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
+			
+			}
+		
+			metadataProvider.setRequireValidMetadata(true);
+		}
+	}
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
new file mode 100644
index 000000000..03f8fa195
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandateUtils {
+	/**
+	 * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
+	 * 
+	 * @return true, if ELGA mandateservice is allowed, otherwise false
+	 */
+	public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) {
+		String allowedMandateTypesCSV = 
+				authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);		
+		List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);		
+		List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
+
+		boolean isELGAMandateServiceAllowed = false;
+		if (spMandateProfiles != null) {			
+			for (String el : allowedMandateTypes) {
+				if (spMandateProfiles.contains(el))
+					isELGAMandateServiceAllowed = true;
+			
+			}
+		}
+		
+		return isELGAMandateServiceAllowed;
+	}
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
new file mode 100644
index 000000000..f5bcdb70b
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("ELGAMandatesCredentialProvider")
+public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
+
+	@Autowired AuthConfiguration authConfig;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
+	 */
+	@Override
+	public String getKeyStoreFilePath() {
+		return FileUtils.makeAbsoluteURL(
+					authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), 
+					authConfig.getRootConfigFileDir());
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword()
+	 */
+	@Override
+	public String getKeyStorePassword() {
+		return authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias()
+	 */
+	@Override
+	public String getMetadataKeyAlias() {
+		return authConfig.getBasicMOAIDConfiguration(
+				ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword()
+	 */
+	@Override
+	public String getMetadataKeyPassword() {
+		return authConfig.getBasicMOAIDConfiguration(
+				ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias()
+	 */
+	@Override
+	public String getSignatureKeyAlias() {
+		return authConfig.getBasicMOAIDConfiguration(
+				ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword()
+	 */
+	@Override
+	public String getSignatureKeyPassword() {
+		return authConfig.getBasicMOAIDConfiguration(
+				ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias()
+	 */
+	@Override
+	public String getEncryptionKeyAlias() {
+		return authConfig.getBasicMOAIDConfiguration(
+				ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword()
+	 */
+	@Override
+	public String getEncryptionKeyPassword() {
+		return authConfig.getBasicMOAIDConfiguration(
+				ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName()
+	 */
+	@Override
+	public String getFriendlyName() {
+		return "FederatedAuth-SP";
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..1ebc153ce
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesSpringResourceProvider
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
new file mode 100644
index 000000000..4dee1160e
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="DefaultAuthenticationWithELGAMandates" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+	<pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+	<pd:Task id="createIdentityLinkForm"    class="CreateIdentityLinkFormTask" />
+	<pd:Task id="verifyIdentityLink"        class="VerifyIdentityLinkTask"        async="true" />
+	<pd:Task id="verifyAuthBlock"           class="VerifyAuthenticationBlockTask" async="true" />
+	<pd:Task id="verifyCertificate"         class="VerifyCertificateTask"         async="true" />
+	<pd:Task id="getMISMandate"           	class="GetMISSessionIDTask"           async="true" />
+	<pd:Task id="certificateReadRequest"    class="CertificateReadRequestTask" />
+	<pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+	<pd:Task id="prepareGetMISMandate" 			class="PrepareGetMISMandateTask" />
+	<pd:Task id="finalizeAuthentication" 		class="FinalizeAuthenticationTask" />
+	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />
+	
+	<!-- ELGA Mandate-Service Tasks -->
+	<pd:Task id="selectMandateServiceTask"    			class="SelectMandateServiceTask" />
+	<pd:Task id="evaluateMandateServiceTask"    		class="EvaluateMandateServiceTask" async="true"/>
+	<pd:Task id="requestELGAMandateTask"    				class="RequestELGAMandateTask" />
+	<pd:Task id="receiveElgaMandateResponseTask"    class="ReceiveElgaMandateResponseTask"  async="true"/>
+	
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start"                     			to="initializeBKUAuthentication" />
+	
+	<pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+	
+	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />
+	
+	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"        to="prepareAuthBlockSignature" />
+	
+	<pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+	<!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+	
+	<pd:Transition from="certificateReadRequest"    to="verifyCertificate" />
+	<!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+	
+	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyCertificate"         to="getForeignID" />
+	
+	<pd:Transition from="verifyAuthBlock"           to="selectMandateServiceTask" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyAuthBlock"           to="finalizeAuthentication" />
+		
+	<pd:Transition from="selectMandateServiceTask"   to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+	<pd:Transition from="selectMandateServiceTask"   to="evaluateMandateServiceTask" />
+		
+	<pd:Transition from="evaluateMandateServiceTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+	<pd:Transition from="evaluateMandateServiceTask" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+	<pd:Transition from="evaluateMandateServiceTask" to="end" />
+
+			
+	<pd:Transition from="requestELGAMandateTask"      		to="receiveElgaMandateResponseTask" />
+	<pd:Transition from="receiveElgaMandateResponseTask"  to="finalizeAuthentication" />
+	
+	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />	
+	<pd:Transition from="getMISMandate"           	to="finalizeAuthentication" />
+	
+	<pd:Transition from="getForeignID"              to="finalizeAuthentication" />
+	
+	<pd:Transition from="finalizeAuthentication"    to="end" />
+		
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
new file mode 100644
index 000000000..cbc4e65c1
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ 
+<!-- ELGA mandate-service client beans -->
+	<bean id="elgaMandatesAuthModule" class="at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthModuleImpl">
+		<property name="priority" value="1" />
+	</bean>
+
+	<bean	id="ELGAMandate_MetadataProvider"
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider"/>
+
+	<bean	id="ELGAMandatesCredentialProvider"
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider"/>
+	
+	<bean	id="ELGAMandateMetadataController"
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.controller.ELGAMandateMetadataController"/>
+				
+	<bean	id="ELGAMandateSignalController"
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.controller.ELGAMandateSignalController"/>
+	
+<!-- ELGA-MandateService communication Process Tasks -->
+	<bean id="SelectMandateServiceTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.SelectMandateServiceTask"
+				scope="prototype"/>
+				
+	<bean id="EvaluateMandateServiceTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.EvaluateMandateServiceTask"
+				scope="prototype"/>				
+				
+	<bean id="RequestELGAMandateTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.RequestELGAMandateTask"
+				scope="prototype"/>
+				
+	<bean id="ReceiveElgaMandateResponseTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.ReceiveElgaMandateResponseTask"
+				scope="prototype"/>
+																								
+</beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html
new file mode 100644
index 000000000..b0be4a475
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html> 
+<html>
+<head>
+	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+    <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=#ID#" />
+    
+    <title>Anmeldung an Online-Applikation</title>   
+</head>
+
+
+<body>
+		<div id="page">
+
+			<div id="page1" class="case selected-case" role="main">
+
+<!-- 					<h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+					<div id="main">
+					<!--div id="leftcontent" class="hell"-->
+            <div id=processContent>
+              <div id="bku_header" class="dunkel">
+						    <h2 id="tabheader" class="dunkel" role="heading">
+						      Anmeldeinformationen:							  
+						    </h2>
+              </div>
+					
+						  <div id="selectArea" class="hell" role="application">
+							  <h3>Anmeldung an: $OAName</h3>
+					    
+          
+                <div id="processInfoArea">
+                  <p>Für die Anmeldung 'in Vertretung' stehen Ihnen zwei Systeme zur Vollmachtenauswahl zur Verfügung. Bitte wählen Sie das gewünschte Service.</p> 
+                </div>
+              
+                <div id="processSelectionArea">
+							   <div id="elgaMandateButton" class="processSelectionButtonArea">
+							 		  <form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
+										  <input type="hidden" name="useELGAMandate" value="true">
+                      <input type="hidden" name="pendingid" value="$pendingReqID">
+										  <input type="submit" value="Eltern-Kind Vertretung" class="processSelectionButton" role="button">
+									 </form>
+                    <div class="buttonDescription">
+                      <p>Eltern-Kind Vertretung</p>
+                    </div>
+							     </div>
+							     <div id="misMandateButton" class="processSelectionButtonArea">
+								    <form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+									    <input type="hidden" name="useMISMandate" value="true">
+                      <input type="hidden" name="pendingid" value="$pendingReqID">
+								      <input type="submit" value="allgemeine Vertretung" class="processSelectionButton" role="button">
+								    </form>
+                    <div class="buttonDescription">
+                      <p>Vollmachtenservice der Österreichischen Datenschutzbehörde <a href="https://mms.stammzahlenregister.gv.at/mms/moaid.do">(MMS Service)</a></p>
+                    </div>
+							     </div>
+							     <div id="abortButton" class="processSelectionButtonArea">
+										<form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+                      <input type="hidden" name="pendingid" value="$pendingReqID">
+										  <input type="submit" value="Abbrechen" class="processSelectionButton" role="button">
+									  </form>
+                    <div class="buttonDescription">
+                      <p>Den Anmeldevorgang abbrechen</p>
+                    </div>
+							     </div>
+						      </div>
+                  
+                </div>
+              </div>
+            
+						<!--/div-->												
+					</div>
+				</div>
+		</div>
+</body>
+</html>