Update SSO-transer authentication modul to MOA_ID 3.2.x

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-24 08:07:07 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-24 15:21:05 +0100
commit: 0dc260503a5deb581802e645ddae996ae9298968 (patch)
tree: d62ccd1f16cd84eb4e865e3a53e1bea0f3e023a2 /id/server/modules/moa-id-module-ssoTransfer/src/main
parent: f8b9d30b9c1b25b5e92bbb488394e41dbe8be7f1 (diff)
download: moa-id-spss-0dc260503a5deb581802e645ddae996ae9298968.tar.gz
moa-id-spss-0dc260503a5deb581802e645ddae996ae9298968.tar.bz2
moa-id-spss-0dc260503a5deb581802e645ddae996ae9298968.zip
13 files changed, 2618 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
new file mode 100644
index 000000000..2a2b7bf80
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer;
+
+import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SSOTransferAuthModuleImpl implements AuthModule{
+
+	private int priority = 1;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+	 */
+	@Override
+	public int getPriority() {
+		return priority;
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {		
+		Object restoreSSOSessionObj = context.get("restoreSSOSession");
+		if (restoreSSOSessionObj != null && restoreSSOSessionObj instanceof String) {
+			boolean restoreSSOSession = (boolean) Boolean.parseBoolean((String)restoreSSOSessionObj);
+			if (restoreSSOSession)
+				return "SSOTransferAuthentication";
+			
+		}
+		
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java
new file mode 100644
index 000000000..03f3fcdab
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SSOTransferConstants {
+
+	public static final String SERVLET_SSOTRANSFER_GUI = "/TransferSSOSession";
+	public static final String SERVLET_SSOTRANSFER_TO_SMARTPHONE = "/TransmitSSOSession";	
+	public static final String SERVLET_SSOTRANSFER_FROM_SMARTPHONE = "/SSOTransferSignalEndpoint";
+	
+	public static final String REQ_PARAM_GENERATE_QR = "createQR";
+	public static final String REQ_PARAM_TOKEN = "token";
+	
+	public static final String SSOCONTAINER_KEY_TYPE = "type";
+	public static final String SSOCONTAINER_VALUE_TYPE_TRANSER = "TRANSFER";
+	public static final String SSOCONTAINER_VALUE_TYPE_PERSIST = "PERSIST";
+	
+	public static final String SSOCONTAINER_KEY_URL = "url";
+	
+	public static final String SSOCONTAINER_KEY_VALIDTO = "validTo";
+	public static final String SSOCONTAINER_KEY_ENTITYID = "entityID";
+	public static final String SSOCONTAINER_KEY_USERID = "userID";
+	public static final String SSOCONTAINER_KEY_SESSION = "session";
+	public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint";
+	
+	public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag";
+	
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
new file mode 100644
index 000000000..b9ab4f307
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -0,0 +1,383 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.data;
+
+import java.security.cert.CertificateEncodingException;
+import java.util.Date;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SSOTransferAuthenticationData implements IAuthData {
+
+	private AuthenticationSession authSession = null;
+	boolean isIDPPrivateService = true;
+	
+	public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException {
+		this.authSession = authSession;
+		String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
+		isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK);
+		
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant()
+	 */
+	@Override
+	public Date getIssueInstant() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer()
+	 */
+	@Override
+	public String getIssuer() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+	 */
+	@Override
+	public boolean isBusinessService() {
+		return this.isIDPPrivateService;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isSsoSession()
+	 */
+	@Override
+	public boolean isSsoSession() {
+		return true;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isInterfederatedSSOSession()
+	 */
+	@Override
+	public boolean isInterfederatedSSOSession() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isUseMandate()
+	 */
+	@Override
+	public boolean isUseMandate() {
+		return this.authSession.getUseMandate();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getFamilyName()
+	 */
+	@Override
+	public String getFamilyName() {
+		return this.authSession.getIdentityLink().getFamilyName();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getGivenName()
+	 */
+	@Override
+	public String getGivenName() {
+		return this.authSession.getIdentityLink().getGivenName();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getDateOfBirth()
+	 */
+	@Override
+	public Date getDateOfBirth() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getFormatedDateOfBirth()
+	 */
+	@Override
+	public String getFormatedDateOfBirth() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getBPK()
+	 */
+	@Override
+	public String getBPK() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getBPKType()
+	 */
+	@Override
+	public String getBPKType() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getSsoSessionValidTo()
+	 */
+	@Override
+	public Date getSsoSessionValidTo() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getInterfederatedIDP()
+	 */
+	@Override
+	public String getInterfederatedIDP() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentificationValue()
+	 */
+	@Override
+	public String getIdentificationValue() {
+		return this.authSession.getIdentityLink().getIdentificationValue();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentificationType()
+	 */
+	@Override
+	public String getIdentificationType() {
+		return this.authSession.getIdentityLink().getIdentificationType();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getBkuURL()
+	 */
+	@Override
+	public String getBkuURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList()
+	 */
+	@Override
+	public List<String> getEncbPKList() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentityLink()
+	 */
+	@Override
+	public IdentityLink getIdentityLink() {
+		return this.authSession.getIdentityLink();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getSignerCertificate()
+	 */
+	@Override
+	public byte[] getSignerCertificate() {
+		try {
+			return this.authSession.getSignerCertificate().getEncoded();
+			
+		} catch (CertificateEncodingException e) {
+			Logger.error("SSO-Transfer: SignerCertificate encoding FAILED.", e);
+			return null;
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getAuthBlock()
+	 */
+	@Override
+	public String getAuthBlock() {
+		return this.authSession.getAuthBlock();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getPvpAttribute_OU()
+	 */
+	@Override
+	public String getPvpAttribute_OU() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getAuthenticationRoles()
+	 */
+	@Override
+	public List<AuthenticationRole> getAuthenticationRoles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isPublicAuthority()
+	 */
+	@Override
+	public boolean isPublicAuthority() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getPublicAuthorityCode()
+	 */
+	@Override
+	public String getPublicAuthorityCode() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isQualifiedCertificate()
+	 */
+	@Override
+	public boolean isQualifiedCertificate() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getMISMandate()
+	 */
+	@Override
+	public MISMandate getMISMandate() {
+		return this.authSession.getMISMandate();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getMandate()
+	 */
+	@Override
+	public Element getMandate() {
+		return this.authSession.getMISMandate().getMandateDOM();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getMandateReferenceValue()
+	 */
+	@Override
+	public String getMandateReferenceValue() {
+		return this.authSession.getMandateReferenceValue();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getQAALevel()
+	 */
+	@Override
+	public String getQAALevel() {
+		return this.authSession.getQAALevel();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getSessionIndex()
+	 */
+	@Override
+	public String getSessionIndex() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+	 */
+	@Override
+	public String getNameID() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameIDFormat()
+	 */
+	@Override
+	public String getNameIDFormat() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isForeigner()
+	 */
+	@Override
+	public boolean isForeigner() {
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc()
+	 */
+	@Override
+	public String getCcc() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getEIDASQAALevel()
+	 */
+	@Override
+	public String getEIDASQAALevel() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getGenericData(java.lang.String, java.lang.Class)
+	 */
+	@Override
+	public <T> T getGenericData(String key, Class<T> clazz) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
new file mode 100644
index 000000000..4ba2e1a01
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -0,0 +1,453 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.data;
+
+import java.security.PrivateKey;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
+import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SSOTransferOnlineApplication implements IOAAuthParameters {
+
+	public SSOTransferOnlineApplication() {
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService()
+	 */
+	@Override
+	public boolean getBusinessService() {
+		return false;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
+	 */
+	@Override
+	public boolean useSSO() {
+		return true;
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
+	 */
+	@Override
+	public List<String> getBKUURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFullConfiguration()
+	 */
+	@Override
+	public Map<String, String> getFullConfiguration() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getConfigurationValue(java.lang.String)
+	 */
+	@Override
+	public String getConfigurationValue(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName()
+	 */
+	@Override
+	public String getFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix()
+	 */
+	@Override
+	public String getPublicURLPrefix() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType()
+	 */
+	@Override
+	public String getOaType() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
+	 */
+	@Override
+	public String getTarget() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName()
+	 */
+	@Override
+	public String getTargetFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP()
+	 */
+	@Override
+	public boolean isInderfederationIDP() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway()
+	 */
+	@Override
+	public boolean isSTORKPVPGateway() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
+	 */
+	@Override
+	public String getIdentityLinkDomainIdentifier() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
+	 */
+	@Override
+	public String getKeyBoxIdentifier() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
+	 */
+	@Override
+	public SAML1ConfigurationParameters getSAML1Parameter() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
+	 */
+	@Override
+	public List<String> getTemplateURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
+	 */
+	@Override
+	public String getAditionalAuthBlockText() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
+	 */
+	@Override
+	public String getBKUURL(String bkutype) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
+	 */
+	@Override
+	public boolean useSSOQuestion() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
+	 */
+	@Override
+	public List<String> getMandateProfiles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
+	 */
+	@Override
+	public String getIdentityLinkDomainIdentifierType() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
+	 */
+	@Override
+	public boolean isShowMandateCheckBox() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
+	 */
+	@Override
+	public boolean isOnlyMandateAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
+	 */
+	@Override
+	public boolean isShowStorkLogin() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
+	 */
+	@Override
+	public Map<String, String> getFormCustomizaten() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
+	 */
+	@Override
+	public Integer getQaaLevel() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
+	 */
+	@Override
+	public boolean isRequireConsentForStorkAttributes() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedSTORKAttributes()
+	 */
+	@Override
+	public Collection<StorkAttribute> getRequestedSTORKAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
+	 */
+	@Override
+	public byte[] getBKUSelectionTemplate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
+	 */
+	@Override
+	public byte[] getSendAssertionTemplate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
+	 */
+	@Override
+	public Collection<CPEPS> getPepsList() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
+	 */
+	@Override
+	public String getIDPAttributQueryServiceURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed()
+	 */
+	@Override
+	public boolean isInboundSSOInterfederationAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed()
+	 */
+	@Override
+	public boolean isInterfederationSSOStorageAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed()
+	 */
+	@Override
+	public boolean isOutboundSSOInterfederationAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled()
+	 */
+	@Override
+	public boolean isTestCredentialEnabled() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs()
+	 */
+	@Override
+	public List<String> getTestCredentialOIDs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore()
+	 */
+	@Override
+	public boolean isUseIDLTestTrustStore() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore()
+	 */
+	@Override
+	public boolean isUseAuthBlockTestTestStore() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionKey()
+	 */
+	@Override
+	public PrivateKey getBPKDecBpkDecryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPassivRequestUsedForInterfederation()
+	 */
+	@Override
+	public boolean isPassivRequestUsedForInterfederation() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPerformLocalAuthenticationOnInterfederationError()
+	 */
+	@Override
+	public boolean isPerformLocalAuthenticationOnInterfederationError() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
+	 */
+	@Override
+	public Collection<StorkAttributeProviderPlugin> getStorkAPs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
+	 */
+	@Override
+	public List<Integer> getReversionsLoggingEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRemovePBKFromAuthBlock()
+	 */
+	@Override
+	public boolean isRemovePBKFromAuthBlock() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
new file mode 100644
index 000000000..d33b157e0
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Date;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.VelocityContext;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import net.glxn.qrgen.QRCode;
+import net.glxn.qrgen.image.ImageType;
+
+
+
+/**
+ * @author tlenz
+ *
+ */
+//@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession")
+@Controller
+public class SSOTransferServlet{
+
+	private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes
+	
+	@Autowired SSOManager ssomanager;
+	@Autowired IAuthenticationSessionStoreage authenticationSessionStorage;
+	@Autowired SSOContainerUtils ssoTransferUtils;
+	@Autowired ITransactionStorage transactionStorage;
+	
+	public SSOTransferServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() 
+				+ " with mapping {'/TransferSSOSession','/TransmitSSOSession'}.");
+	}
+
+	@RequestMapping(value = {	"/TransmitSSOSession"
+							}, 
+							method = {RequestMethod.GET})	
+	public void transferToPhone(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);		
+		if (tokenObj != null && tokenObj instanceof String) {
+			String token = (String)tokenObj;
+			try {						
+				String signedEncSession = transactionStorage.get(token, String.class, transmisionTimeOut);
+				if (MiscUtil.isNotEmpty(signedEncSession)) {
+					resp.setContentType("text/html;charset=UTF-8");
+					PrintWriter out = new PrintWriter(resp.getOutputStream()); 
+					out.print(signedEncSession);
+					out.flush(); 
+					
+				} else {
+					Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+							token + ", which references an empty data object.");
+					resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object.");
+					
+				}
+												
+			} catch (MOADatabaseException e) {
+				Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+						token + ", which is UNKNOWN.");
+				resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:");
+				
+				
+			} catch (AuthenticationException e) {
+				Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+						token + ", which has a timeout.");
+				resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more.");
+				
+			}
+		
+		} else {
+			Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request.");
+			resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid.");
+			
+		}
+		
+		
+	}
+	
+	
+	@RequestMapping(value = {	"/TransferSSOSession"
+							}, 
+							method = {RequestMethod.GET})
+	public void transferSSOSessionGUI(HttpServletRequest req, HttpServletResponse resp) throws IOException {		
+		//search SSO session	
+		String ssoid = ssomanager.getSSOSessionID(req);
+		
+		VelocityContext context = new VelocityContext();
+		
+		try {
+			if (ssomanager.isValidSSOSession(ssoid, null)) {
+				Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);		
+				if (createQRObj != null && createQRObj instanceof Integer) {
+					
+					
+					
+				} else {
+					//create first step of SSO Transfer GUI
+					String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+					if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+							contains(authURL)) {						
+						Logger.warn("Requested URL is not allowed.");;
+						resp.sendError(500, "Requested URL is not allowed.");
+						
+					}
+					
+					String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid);
+					if (MiscUtil.isNotEmpty(moaSessionID)) {					
+						AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID);
+						if(authSession != null) {
+							Date now = new Date();
+							String encodedSSOContainer = ssoTransferUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now);
+							
+							String token = Random.nextRandom();
+							transactionStorage.put(token, encodedSSOContainer);
+							
+							String containerURL = authURL
+									+ SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE
+									+ "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token;
+							
+							JsonObject qrResult = new JsonObject();
+							qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, 
+									SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST);
+							qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
+
+							ByteArrayOutputStream qrStream = 
+									QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();							
+							String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());							
+							context.put("QRImage", base64EncodedImage);
+							
+							context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
+							
+							GUIUtils.printSSOTransferGUI(context, resp);
+							
+						}
+					}
+				}
+								
+			} else {
+				context.put("errorMsg", 
+						"No active Single Sign-On session found! SSO Session transfer is not possible.");
+				GUIUtils.printSSOTransferGUI(context, resp);
+			}
+			
+		} catch (MOAIDException | MOADatabaseException e) {
+			e.printStackTrace();
+			resp.sendError(500, e.getMessage());
+		
+		}
+							
+	}
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
new file mode 100644
index 000000000..b53916338
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class SSOTransferSignalServlet extends AbstractProcessEngineSignalController {
+	public SSOTransferSignalServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + " with mappings '/SSOTransferEndpoint'.");
+		
+	}
+	
+	@RequestMapping(value = {	"/SSOTransferSignalEndpoint"
+							}, 
+							method = {RequestMethod.POST, RequestMethod.GET})
+	public void performSSOTransfer(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+
+	}
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
new file mode 100644
index 000000000..e84c60ec5
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.VelocityContext;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("InitializeRestoreSSOSessionTask")
+public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+
+		try {
+			//create first step of SSO Transfer GUI
+			String authURL = HTTPUtils.extractAuthURLFromRequest(request);
+			if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+					contains(authURL)) {						
+				Logger.warn("Requested URL is not allowed.");;
+				response.sendError(500, "Requested URL is not allowed.");
+				
+			}
+									
+			VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID());
+			GUIUtils.printSSOTransferGUI(context, response);
+			
+			
+		} catch (WrongParametersException | AuthenticationException e) {
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+		} catch (Exception e) {
+			Logger.error(this.getClass().getName() + " has an interal Error.", e);
+			throw new TaskExecutionException(pendingReq, this.getClass().getName() + " has an interal Error.", e);
+			
+		}
+		
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
new file mode 100644
index 000000000..9521f264e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -0,0 +1,187 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.BooleanUtils;
+import org.apache.velocity.VelocityContext;
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("RestoreSSOSessionTask")
+public class RestoreSSOSessionTask extends AbstractAuthServletTask {
+
+	@Autowired SSOContainerUtils ssoTransferUtils;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		
+		Logger.debug("Receive " + this.getClass().getName() + " request");
+				
+		StringBuffer sb = new StringBuffer();
+		String receivedPostMessage = null;
+		String authURL =null;
+		try {						
+			BufferedReader reader = request.getReader();
+		    String line = null;
+		    while ((line = reader.readLine()) != null) {
+		    	sb.append(line);
+		    }
+
+		    receivedPostMessage = sb.toString();
+		    
+		} catch (IOException e) {
+			Logger.warn("Received POST-message produce an ERROR.", e);
+			
+		}
+		 
+		if (MiscUtil.isNotEmpty(receivedPostMessage)) {
+			Logger.debug("Receive POST-Message data. Start data-validation process ... ");
+			try {
+			    JsonParser parser = new JsonParser();
+			    JsonObject reveivedData = (JsonObject) parser.parse(sb.toString());		    
+			    JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject();
+			    String validTo = reveivedSession.get("validTo").getAsString();
+			    String entityID = reveivedSession.get("entityID").getAsString();
+			    String sessionBlob = reveivedSession.get("sessionBlob").getAsString();
+			    
+			    Logger.trace("Blob:" + sessionBlob + 
+			    			 " | validTo:" + validTo + 
+			    		     " | entityIS:" + entityID);
+			    
+			    if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) {
+			    	// stored SSO session data is from this IDP - start local session reconstruction
+			    	Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob);
+			    	
+			    	//session is valid --> load MOASession object
+			    	defaultTaskInitialization(request, executionContext);
+			    	
+			    	//transfer SSO Assertion into MOA-Session
+			    	ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation);
+			    		
+			    	// store MOASession into database
+					try {
+						authenticatedSessionStorage.storeSession(moasession);
+							
+					} catch (MOADatabaseException e) {
+						Logger.error("Database Error! MOASession is not stored!");
+						throw new MOAIDException("init.04", new Object[] {
+								moasession.getSessionID()});
+					}
+			    		
+			    	executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
+			    					    				    	
+			    } else {
+			    	Logger.info("Received SSO session-data is from IDP: " + entityID 
+			    			+ ". Start inderfederation process to restore SSO session ... ");
+			    	//change to inderfederated session reconstruction
+			    	
+			    	Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!");
+			    	
+			    }
+			    						
+			 } catch (Exception e) {
+				 Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e);
+				 throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e);
+				 
+			 }
+			
+		} else {
+			Logger.debug("Reveive NO POST-message data. Start check-session process ... ");
+			
+			boolean isSSOSessionRestored = 
+					BooleanUtils.isTrue((Boolean) executionContext.get(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED));
+			
+			if (isSSOSessionRestored) {
+				Logger.info("Found restored SSO session. Resume authentication process ...");
+				executionContext.remove(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED);
+				executionContext.put("sessionRestoreFinished", true);
+				
+			} else {
+				DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime());
+				if (moaSessionCreated.plusMinutes(3).isBeforeNow()) {
+					Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
+					throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", null);
+					
+				} else { 				
+					Logger.debug("No restored SSO session found --> Wait a few minutes and check again.");
+					executionContext.put("sessionRestoreFinished", false);	
+					
+					VelocityContext context;
+					try {
+						//create first step of SSO Transfer GUI
+						authURL = HTTPUtils.extractAuthURLFromRequest(request);
+						if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+								contains(authURL)) {						
+							Logger.warn("Requested URL is not allowed.");;
+							response.sendError(500, "Requested URL is not allowed.");
+							
+						}	
+						
+						context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID());
+						GUIUtils.printSSOTransferGUI(context, response);
+						
+					} catch (IOException | MOAIDException e) {
+						throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+						
+					}
+
+				}												
+			}			
+		}				 
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
new file mode 100644
index 000000000..ee7a397aa
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
+import java.net.URI;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import net.glxn.qrgen.QRCode;
+import net.glxn.qrgen.image.ImageType;
+
+/**
+ * @author tlenz
+ *
+ */
+public class GUIUtils {	
+	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
+	private static final String GUI_HTML_TEMPLATE = "sso_transfer_template.html"; 
+	
+	public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec
+	
+	public static VelocityContext buildSSOTransferGUI(String authURL, String pendingReqID) throws ConfigurationException, IOException {
+		String containerURL = authURL
+				+ SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE
+				+ "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID;
+		
+		JsonObject qrResult = new JsonObject();
+		qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, 
+				SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER);
+		qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
+
+		ByteArrayOutputStream qrStream = 
+				QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();							
+		String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());
+		VelocityContext context = new VelocityContext();
+		context.put("QRImage", base64EncodedImage);
+		
+		context.put("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");
+		
+		context.put("timeoutURL", containerURL);
+		context.put("timeout", REFESH_TIMEOUT);
+		
+		return context;
+		
+	}
+	
+	public static void printSSOTransferGUI(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException {		
+		try {			
+			Logger.trace("Initialize VelocityEngine...");
+			
+			InputStream is = null;
+			String pathLocation = null;
+			try {
+				String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
+				pathLocation = rootconfigdir + HTMLTEMPLATESDIR + GUI_HTML_TEMPLATE;
+				File file = new File(new URI(pathLocation));
+				is = new  FileInputStream(file);
+				evaluateTemplate(context, httpResp, is);
+				
+			} catch (Exception e) {
+				Logger.warn("SLO Template is not found in configuration directory (" +
+						pathLocation + "). Load template from project library ... ");
+				
+				try  {
+					pathLocation = GUI_HTML_TEMPLATE;
+					is = Thread.currentThread()
+							.getContextClassLoader()
+							.getResourceAsStream(pathLocation);				
+					evaluateTemplate(context, httpResp, is);
+					
+				} catch (Exception e1) {
+					Logger.error("Single LogOut form can not created.", e);
+					throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
+				}
+				
+			} finally {
+				if (is != null)
+					is.close();
+				
+			}
+			
+		} catch (Exception e) {
+			Logger.error("Single LogOut form can not created.", e);
+			throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
+		}			
+	}
+	
+	private static void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception {
+		
+		VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
+		
+		BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
+		
+		//set default elements to velocity context
+		context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
+		
+		StringWriter writer = new StringWriter();			
+		//velocityEngine.evaluate(context, writer, "SLO_Template", reader);			
+		engine.evaluate(context, writer, "SSO Transfer Template", reader);
+
+		
+		httpResp.setContentType("text/html;charset=UTF-8");            
+		httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
new file mode 100644
index 000000000..7c8a86f73
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -0,0 +1,481 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.MessageDigest;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.encryption.Encrypter;
+import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.encryption.EncryptionException;
+import org.opensaml.xml.encryption.EncryptionParameters;
+import org.opensaml.xml.encryption.KeyEncryptionParameters;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.parse.XMLParserException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.SecurityHelper;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.validation.ValidationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.MISMandate;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("SSOContainerUtils")
+public class SSOContainerUtils {
+    public static final List<String> REQUIRED_ATTRIBUTES;
+	static {
+		List<String> tmp = new ArrayList<String>();
+		tmp.add(PVPConstants.EID_AUTH_BLOCK_NAME);
+		tmp.add(PVPConstants.EID_IDENTITY_LINK_NAME);
+		tmp.add(PVPConstants.EID_ISSUING_NATION_NAME);
+		tmp.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+		tmp.add(PVPConstants.EID_SOURCE_PIN_NAME);
+		tmp.add(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
+		tmp.add(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
+		tmp.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+		tmp.add(PVPConstants.MANDATE_TYPE_NAME);
+		tmp.add(PVPConstants.MANDATE_PROF_REP_OID_NAME);
+		tmp.add(PVPConstants.MANDATE_PROF_REP_DESC_NAME);
+		tmp.add(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+		
+        REQUIRED_ATTRIBUTES = Collections.unmodifiableList(tmp);
+	}
+	
+	@Autowired IDPCredentialProvider credentials;
+	@Autowired SAMLVerificationEngine samlVerificationEngine;
+	@Autowired AuthConfiguration authConfig;
+	
+	public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException {
+		AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation);
+		
+		//TODO: maybe change to correct URL
+		//set dummy BKU URLx
+		moasession.setBkuURL("http://egiz.gv.at/sso_session-transfer_app");
+		
+		
+		String qaaLevel = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+		if (MiscUtil.isNotEmpty(qaaLevel)) {
+			if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX))
+				moasession.setQAALevel(qaaLevel);
+			else 
+				moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + qaaLevel);
+				
+			
+		} else {
+			Logger.warn("SSO session-container contains NO QAA-level");
+			
+		}
+		
+		String authBlock = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME);
+		if (MiscUtil.isNotEmpty(authBlock))
+			moasession.setAuthBlock(authBlock);
+		else
+			Logger.warn("SSO session-container contains NO AuthBlock");
+		
+		try {
+			String signerCert = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+			if (MiscUtil.isNotEmpty(signerCert))			
+				moasession.setSignerCertificate(new X509Certificate(Base64Utils.decode(signerCert, false)));
+			else
+				Logger.warn("SSO session-container contains NO SignerCertificate");
+			
+		} catch (CertificateException | IOException e) {
+			Logger.error("SignerCertificate is not parseable.", e);
+			
+		}
+		
+		String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME);
+		try {
+			if (MiscUtil.isNotEmpty(idlStr)) {
+				IdentityLinkAssertionParser idlParser = new IdentityLinkAssertionParser(Base64Utils.decodeToStream(idlStr, false));
+				moasession.setIdentityLink(idlParser.parseIdentityLink());
+			
+			} else {
+				Logger.warn("SSO session-container contains NO IdentityLink");
+				throw new AssertionAttributeExtractorExeption("SSO session-container contains NO IdentityLink");
+			
+			}
+			
+		} catch (ParseException e) {
+			Logger.error("IdentityLink is not parseable.", e);
+			throw new AssertionAttributeExtractorExeption("IdentityLink is not parseable.");
+			
+		}
+		
+		
+		String mandateRefValue = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
+		if (MiscUtil.isNotEmpty(mandateRefValue)) {
+			moasession.setMandateReferenceValue(mandateRefValue);
+			moasession.setUseMandate("true");
+			Logger.info("Found mandate information in SSO session-container.");
+			
+			try {
+				MISMandate mandate = new MISMandate();
+				
+				String mandateFull = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+				if (MiscUtil.isNotEmpty(mandateFull)) {					
+					mandate.setMandate(Base64Utils.decode(mandateFull, false));
+							
+				} else {
+					Logger.warn("No Full-Mandate information found in SSO session-container.");
+				
+				}
+				
+				String oid = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_PROF_REP_OID_NAME);
+				if (MiscUtil.isNotEmpty(oid))
+					mandate.setProfRep(oid );
+								
+				NodeList mandateElements = mandate.getMandateDOM().getChildNodes();
+				for (int i=0; i<mandateElements.getLength(); i++) {
+					Element mandateEl = (Element) mandateElements.item(i);									
+					if (mandateEl.hasAttribute("OWbPK")) {
+						mandate.setOWbPK(mandateEl.getAttribute("OWbPK"));
+					}
+				}
+								
+				moasession.setMISMandate(mandate);
+				
+			} catch (IOException e) {
+				Logger.error("Full-Mandate information is not parseable.", e);
+				
+			}			
+		}
+		
+
+		
+			
+		
+	}
+	
+	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException  {
+		byte[] base64decodedContainer = Base64Utils.decode(signedEncryptedContainer, false);
+		
+		final BasicParserPool ppMgr = new BasicParserPool();
+		final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
+		features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+		ppMgr.setBuilderFeatures(features);
+		ppMgr.setNamespaceAware(true);
+		
+		Document document = ppMgr.parse(new ByteArrayInputStream(base64decodedContainer));
+		Element domElement = document.getDocumentElement();
+		
+		UnmarshallerFactory saml2UnmarshallerFactory = Configuration.getUnmarshallerFactory();
+		Unmarshaller saml2Unmarshaller = saml2UnmarshallerFactory.getUnmarshaller(domElement);
+		XMLObject responseXMLObj = saml2Unmarshaller.unmarshall(domElement);
+		
+		if (responseXMLObj instanceof Response) {
+			Response ssoContainer = (Response) responseXMLObj;
+			
+			try {
+				SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+				sigValidator.validate(ssoContainer.getSignature());
+				
+			} catch (ValidationException e) {
+				Logger.error("Failed to validate Signature", e);
+				throw new SAMLRequestNotSignedException(e);
+			}
+			
+			Credential credential = credentials.getIDPAssertionSigningCredential();
+			if (credential == null) {
+				throw new NoCredentialsException("moaID IDP");
+			}
+
+			SignatureValidator sigValidator = new SignatureValidator(credential);
+			try {
+				sigValidator.validate(ssoContainer.getSignature());
+
+			} catch (ValidationException e) {
+				Logger.error("Failed to verfiy Signature", e);
+				throw new SAMLRequestNotSignedException(e);
+			}
+			
+			if (ssoContainer.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+					
+				//validate PVP 2.1 assertion
+				samlVerificationEngine.validateAssertion(ssoContainer, false, credentials.getIDPAssertionEncryptionCredential());
+				return ssoContainer;
+									
+			} else {
+				Logger.debug("Receive StatusCode " + ssoContainer.getStatus().getStatusCode().getValue() 
+						+ " from interfederated IDP.");
+				throw new MOAIDException("SSO Container has a not valid Status Code", null);
+							
+			}
+													
+		} else {
+			Logger.warn("SSO Container is not of type SAML2 Response");
+			throw new MOAIDException("SSO Container is not of type SAML2 Response", null);
+			
+		}				
+	}
+	
+	
+	public String generateSignedAndEncryptedSSOContainer(String authURL,
+			AuthenticationSession authSession, Date date) {		
+		try {
+			String entityID = authURL;
+			AuthnContextClassRef authnContextClassRef = SAML2Utils
+					.createSAMLObject(AuthnContextClassRef.class);
+			authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());			
+					
+			NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+			String random = Random.nextRandom();
+			String nameID = subjectNameID.getValue();			
+			try {
+				MessageDigest md = MessageDigest.getInstance("SHA-1");
+				byte[] hash = md.digest((random).getBytes("ISO-8859-1"));			
+				subjectNameID.setValue(Base64Utils.encode(hash));
+				subjectNameID.setNameQualifier(null);
+				subjectNameID.setFormat(NameID.TRANSIENT);
+				
+			} catch (Exception e) {
+				Logger.warn("PVP2 subjectNameID error", e);
+				
+			}
+						
+			SubjectConfirmationData subjectConfirmationData = SAML2Utils
+					.createSAMLObject(SubjectConfirmationData.class);
+			long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;		
+			Date ssoSessionValidTo = new Date(authSession.getSessionCreated().getTime() + maxSSOSessionTime);
+			subjectConfirmationData.setNotOnOrAfter(new DateTime(ssoSessionValidTo.getTime()));			
+			
+			String sessionIndex = SAML2Utils.getSecureIdentifier();
+
+			IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
+			
+			Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion(
+					authURL,
+					entityID, 
+					new DateTime(date.getTime()), 
+					authnContextClassRef, 
+					buildSSOAttributeForTransfer(authSession, authData), 
+					subjectNameID, 
+					subjectConfirmationData, 
+					sessionIndex, 
+					subjectConfirmationData.getNotOnOrAfter());
+		
+			String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime()));
+			
+			JsonObject container = new JsonObject();
+			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, "SSO");
+			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString());
+			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID);
+			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName());
+			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, ssoDataBlob);
+			
+			//TODO
+			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at");
+						
+			return container.toString();
+												
+		} catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
+			Logger.warn("SSO container generation FAILED.", e);
+		}
+		
+		return null;
+	}
+	
+	private String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException {
+		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
+
+		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+		
+		//change to entity value from entity name to IDP EntityID (URL)
+		nissuer.setValue(authURL);
+		nissuer.setFormat(NameID.ENTITY);
+		authResponse.setIssuer(nissuer);
+
+		//set responseID
+		String remoteSessionID = SAML2Utils.getSecureIdentifier();
+		authResponse.setID(remoteSessionID);
+		
+		
+		//SAML2 response required IssueInstant
+		authResponse.setIssueInstant(date);		
+		authResponse.setStatus(SAML2Utils.getSuccessStatus());
+		
+		//encrypt container
+		X509Credential encryptionCredentials = credentials.getIDPAssertionEncryptionCredential();
+		EncryptionParameters dataEncParams = new EncryptionParameters();
+		dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
+						
+		List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
+		KeyEncryptionParameters  keyEncParam = new KeyEncryptionParameters();
+	
+		keyEncParam.setEncryptionCredential(encryptionCredentials);
+		keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
+		KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
+				.getKeyInfoGeneratorManager().getDefaultManager()
+				.getFactory(encryptionCredentials);
+		keyEncParam.setKeyInfoGenerator(kigf.newInstance());
+		keyEncParamList.add(keyEncParam);
+									
+		Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); 
+		//samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
+		samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
+		
+		EncryptedAssertion encryptAssertion = null;
+		
+		encryptAssertion = samlEncrypter.encrypt(assertion);		
+		authResponse.getEncryptedAssertions().add(encryptAssertion);
+		
+		
+		//sign container
+		Credential signingCredential = credentials.getIDPAssertionSigningCredential();
+		Signature signature = AbstractCredentialProvider.getIDPSignature(signingCredential);
+		
+		SecurityHelper.prepareSignatureParams(signature, signingCredential, null, null);		
+		authResponse.setSignature(signature);
+		
+		DocumentBuilder builder;
+		DocumentBuilderFactory factory = DocumentBuilderFactory
+				.newInstance();
+
+		builder = factory.newDocumentBuilder();
+		Document document = builder.newDocument();
+		Marshaller out = Configuration.getMarshallerFactory()
+				.getMarshaller(authResponse);
+		out.marshall(authResponse, document);
+
+		Signer.signObject(signature);
+
+		Transformer transformer = TransformerFactory.newInstance()
+				.newTransformer();
+
+		StringWriter sw = new StringWriter();
+		StreamResult sr = new StreamResult(sw);
+		DOMSource source = new DOMSource(document);
+		transformer.transform(source, sr);
+		sw.close();
+		
+		return Base64Utils.encode(sw.toString().getBytes());
+		
+	}
+	
+	private static List<Attribute> buildSSOAttributeForTransfer(AuthenticationSession authSession, IAuthData authData) {
+		List<Attribute> attrList = new ArrayList<Attribute>();
+				
+		IOAAuthParameters oaParam = new SSOTransferOnlineApplication();	
+		
+		for (String el : REQUIRED_ATTRIBUTES) {
+			try {
+				Attribute attr = PVPAttributeBuilder.buildAttribute(
+						el, oaParam, authData);
+				if (attr != null)
+					attrList.add(attr);
+				else
+					Logger.info("SSO-Transfer attribute " + el + " is empty!");
+				
+			} catch (Exception e) {
+				Logger.warn("Build SSO-Transfer attribute " + el + " FAILED.", e);
+				
+			}
+		}
+		
+		return attrList;				
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml
new file mode 100644
index 000000000..62e9ac8fd
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+	<context:annotation-config />
+
+	<bean id="ssoTransferAuthModule" class="at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferAuthModuleImpl">
+		<property name="priority" value="1" />
+	</bean>
+
+	<bean	id="SSOContainerUtils"
+				class="at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils"/>
+
+<!-- Federated Authentication Process Tasks -->
+	<bean id="RestoreSSOSessionTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.ssotransfer.task.RestoreSSOSessionTask"
+				scope="prototype"/>
+				
+	<bean id="InitializeRestoreSSOSessionTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.ssotransfer.task.InitializeRestoreSSOSessionTask"
+				scope="prototype"/>
+				
+			
+
+</beans>
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml
new file mode 100644
index 000000000..e7d98c8c8
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="SSOTransferAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+	STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
+-->
+	<pd:Task id="initializeRestoreSSOSessionTask"      class="InitializeRestoreSSOSessionTask" />
+	<pd:Task id="restoreSSOSessionTask"                class="RestoreSSOSessionTask" async="true" />
+	<pd:Task id="finalizeAuthentication" 							 class="FinalizeAuthenticationTask" />
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start" to="initializeRestoreSSOSessionTask" />	
+	<pd:Transition from="initializeRestoreSSOSessionTask" to="restoreSSOSessionTask"/>
+		
+	<pd:Transition from="restoreSSOSessionTask" to="restoreSSOSessionTask" conditionExpression="!ctx['sessionRestoreFinished']"/>
+	<pd:Transition from="restoreSSOSessionTask" to="finalizeAuthentication" />
+	
+	<pd:Transition from="finalizeAuthentication"    to="end" />
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html
new file mode 100644
index 000000000..962faa58f
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html
@@ -0,0 +1,447 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+  
+   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+    <style type="text/css">
+			@media screen and (min-width: 650px) {
+			
+				body {
+					margin:0;
+					padding:0;
+					color : #000;
+					background-color : #fff;
+			  	text-align: center;
+			  	background-color: #6B7B8B;
+				}
+  
+			  #page {
+			    display: block;
+			    border: 2px solid rgb(0,0,0);
+			    width: 650px;
+			    height: 460px;
+			    margin: 0 auto;
+			    margin-top: 5%;
+			    position: relative;
+			    border-radius: 25px;
+			    background: rgb(255,255,255);
+			  }
+			  
+			  #page1 {
+			    text-align: center;
+			  }
+			  
+			  #main {
+			    /*	clear:both; */
+				  position:relative;
+			    margin: 0 auto;
+			    width: 250px;
+			    text-align: center;
+			  }
+			  
+			  .OA_header {
+			/*	  background-color: white;*/
+			    font-size: 20pt;
+			    margin-bottom: 25px;
+			    margin-top: 25px;
+			  }
+			
+			  #leftcontent {
+			    /*float:left; */
+				  width:250px;
+				  margin-bottom: 25px;
+			    text-align: left;
+			    /*border: 1px solid rgb(0,0,0);*/
+			  }
+			
+			  #leftcontent {
+				 width: 300px;
+				 margin-top: 30px;
+			  }
+      
+        h2#tabheader{
+				  font-size: 1.1em; 
+          padding-left: 2%;
+          padding-right: 2%;
+          position: relative;
+			  }
+        		  
+			  .setAssertionButton_full {
+			  	background: #efefef;
+				  cursor: pointer;
+				  margin-top: 15px;
+			    width: 100px;
+			    height: 30px
+			  }
+			
+			  #leftbutton  {
+				 width: 30%; 
+				 float:left; 
+				 margin-left: 40px;
+			  }
+			
+			  #rightbutton {
+				 width: 30%; 
+				 float:right; 
+				 margin-right: 45px; 
+				 text-align: right;
+			  }
+        
+        button {
+          height: 25px;
+          width: 75px;
+          margin-bottom: 10px;
+        }
+        
+       #validation {
+        position: absolute;
+        bottom: 0px;
+        margin-left: 270px;
+        padding-bottom: 10px;
+      }
+			
+			}
+
+      @media screen and (max-width: 205px) {
+        #localBKU p {
+          font-size: 0.6em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.6em;
+          min-width: 60px;
+         /* max-width: 65px; */
+          min-height: 1.0em;
+         /* border-radius: 5px; */
+        }
+        
+      }
+
+      @media screen and (max-width: 249px) and (min-width: 206px) {
+        #localBKU p {
+          font-size: 0.7em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.7em;
+          min-width: 70px;
+       /*    max-width: 75px;    */
+          min-height: 0.95em;
+        /*  border-radius: 6px;    */
+        }
+         
+      }
+
+      @media screen and (max-width: 299px) and (min-width: 250px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+       /*    max-width: 75px;      */
+      /*    border-radius: 6px;  */
+        }
+
+      }
+
+      @media screen and (max-width: 399px) and (min-width: 300px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+      /*     max-width: 75px;     */
+      /*    border-radius: 6px;       */
+        }
+
+      }
+      
+      @media screen and (max-width: 649px) and (min-width: 400px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+      /*     max-width: 80px;       */
+     /*     border-radius: 6px;          */
+        }
+
+      }
+
+
+			
+			@media screen and (max-width: 649px) {
+				
+        body {
+					margin:0;
+					padding:0;
+					color : #000;
+			  	text-align: center;
+          font-size: 100%;
+			  	background-color: #MAIN_BACKGOUNDCOLOR#;
+				}
+        				
+			  #page {
+			     visibility: hidden;
+			     margin-top: 0%;
+			  }
+			  
+			  #page1 {
+			    visibility: hidden;
+			  }
+			  
+			  #main {
+			    visibility: hidden;
+			  }
+        
+        #validation {
+          visibility: hidden;
+          display: none;
+        }
+			  
+			  .OA_header {
+			    margin-bottom: 0px;
+			    margin-top: 0px;
+			    font-size: 0pt;
+			    visibility: hidden;
+			  }
+			
+			  #leftcontent {
+			    visibility: visible;
+			    margin-bottom: 0px;
+			    text-align: left;
+			    border:none;
+          vertical-align: middle;
+          min-height: 173px;
+          min-width: 204px;
+          
+			  }
+        
+        input[type=button] {
+/*          height: 11%;  */
+          width: 70%;
+        }
+			}
+			      
+			* {
+				margin: 0;
+				padding: 0;
+        font-family: #FONTTYPE#;
+			}
+							      			
+			#selectArea {
+				padding-top: 10px;
+				padding-bottom: 55px;
+				padding-left: 10px;
+			}
+			
+			.setAssertionButton {
+				background: #efefef;
+				cursor: pointer;
+				margin-top: 15px;
+			  width: 70px;
+			  height: 25px;
+			}
+			
+			#leftbutton  {
+				width: 35%; 
+				float:left; 
+				margin-left: 15px;
+			}
+			
+			#rightbutton {
+				width: 35%; 
+				float:right; 
+				margin-right: 25px; 
+				text-align: right;
+			}
+
+/*		input[type=button], .sendButton {
+				background: #BUTTON_BACKGROUNDCOLOR#;
+        color: #BUTTON_COLOR#;
+/*				border:1px solid #000;  */
+/*				cursor: pointer;
+/*        box-shadow: 3px 3px 3px #222222;  */
+/*			}
+			
+/*      button:hover, button:focus, button:active, 
+      .sendButton:hover , .sendButton:focus, .sendButton:active,
+      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
+				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
+        color: #BUTTON_COLOR#;
+/*				border:1px solid #000;                */
+/*				cursor: pointer;
+/*        box-shadow: -1px -1px 3px #222222;  */
+/*			}
+      
+*/      
+			input {
+				/*border:1px solid #000;*/
+				cursor: pointer;
+			}
+      
+      #localBKU input {
+/*        color: #BUTTON_COLOR#;  */
+        border: 0px;
+        display: inline-block;
+        
+      }
+			
+      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
+        text-decoration: underline;
+      }
+      
+			#installJava, #BrowserNOK {
+				clear:both;
+				font-size:0.8em;
+				padding:4px;
+			}
+						
+			.selectText{
+			
+			}
+			
+			.selectTextHeader{
+			
+			}
+			
+			.sendButton {
+        width: 30%;
+        margin-bottom: 1%;	
+			}
+			
+			#leftcontent a {
+				text-decoration:none; 
+				color: #000;
+			/*	display:block;*/
+				padding:4px;	
+			}
+			
+			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+				text-decoration:underline;
+				color: #000;	
+			}
+						
+			.infobutton {
+				background-color: #005a00;
+				color: white;
+				font-family: serif;
+				text-decoration: none;
+				padding-top: 2px;
+				padding-right: 4px;
+				padding-bottom: 2px;
+				padding-left: 4px;
+				font-weight: bold;
+			}
+			
+			.hell {
+				background-color : #MAIN_BACKGOUNDCOLOR#;
+        color: #MAIN_COLOR#;	
+			}
+			
+			.dunkel {
+				background-color: #HEADER_BACKGROUNDCOLOR#;
+        color: #HEADER_COLOR#;
+			}
+			      
+			.main_header {
+			   color: black;
+			    font-size: 32pt;
+			    position: absolute;
+			    right: 10%;
+			    top: 40px;
+				
+			}
+      
+     	#alert {
+		    margin: 100px 250px;
+		    font-family: Verdana, Arial, Helvetica, sans-serif;
+		    font-size: 14px;
+		    font-weight: normal;
+		    color: red;
+	    }
+	
+	    .reqframe {
+		    /*display: none;*/
+        visibility: hidden;
+		  
+	    }
+      			                        
+    </style> 
+
+	#if($timeoutURL)
+		<script type="text/javascript">
+			function sloTimeOut() {
+				window.location.href="$timeoutURL";
+			
+			}	
+	
+		</script>
+	#end
+
+
+  <title>Single Sign-On Session Transfer</title>
+</head>
+
+#if($timeoutURL)
+	<body onload='setTimeout(sloTimeOut, $timeout);'>
+#else
+	<body>
+#end
+  <noscript>
+		<p>
+			<strong>Note:</strong> Since your browser does not support
+			JavaScript, you must press the Continue button to resume 
+			the authentication process after the SSO session transfer from smartphone to application is complete.
+		</p>
+		
+		<a href="$timeoutURL">Press this link to resume</a>
+	</noscript>
+
+  <div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">MOA-ID Single Sign-On Session Transfer Service</h2>
+			<div id="main">
+				<div id="leftcontent" class="hell" role="application">
+          
+          #if($errorMsg)
+	         <div class="alert">
+		        <p>$errorMsg</p> 
+	         </div>	
+	        #end
+
+	        #if($successMsg)
+	         <div>
+		        <p>$successMsg</p> 
+	         </div>	
+	        #end
+	        
+	        #if($QRImage)
+	         <div>
+	         	<img src="data:image/gif;base64,$QRImage">
+	         </div>	
+	        #end
+	        
+				</div>
+			</div>
+		</div>
+		<div id="validation">
+			<a href="http://validator.w3.org/check?uri="> <img
+				style="border: 0; width: 88px; height: 31px"
+				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
+			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
+				style="border: 0; width: 88px; height: 31px"
+				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				alt="CSS ist valide!" />
+			</a>
+		</div>
+	</div>
+
+</body>
+</html>
+\ No newline at end of file
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-24 08:07:07 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-24 15:21:05 +0100
commit	0dc260503a5deb581802e645ddae996ae9298968 (patch)
tree	d62ccd1f16cd84eb4e865e3a53e1bea0f3e023a2 /id/server/modules/moa-id-module-ssoTransfer/src/main
parent	f8b9d30b9c1b25b5e92bbb488394e41dbe8be7f1 (diff)
download	moa-id-spss-0dc260503a5deb581802e645ddae996ae9298968.tar.gz moa-id-spss-0dc260503a5deb581802e645ddae996ae9298968.tar.bz2 moa-id-spss-0dc260503a5deb581802e645ddae996ae9298968.zip