Merge tag 'MOA-ID-3.4.2'

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2019-02-27 10:08:31 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2019-02-27 10:08:31 +0100
commit: d23e3745dd4a40196b03f937b9ba8c4ed840a108 (patch)
tree: 2195fbe110c392728b3009aa545363540a94294e /id/server/modules
parent: 86aa898406f539fd06129360c58c654afc62e904 (diff)
parent: f923a89436377f581c6e2ab6637024aa068bf9fb (diff)
download: moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.gz
moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.bz2
moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.zip
76 files changed, 2903 insertions, 225 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
index 5cee90658..cd3f1f788 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
@@ -322,7 +322,9 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider
 			try {
 				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-						PVPConstants.SSLSOCKETFACTORYNAME, 
+						PVPConstants.SSLSOCKETFACTORYNAME,
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 						moaAuthConfig.getTrustedCACertificates(),
 						null,
 						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
diff --git a/id/server/modules/moa-id-module-eIDAS/.gitignore b/id/server/modules/moa-id-module-eIDAS/.gitignore
new file mode 100644
index 000000000..b83d22266
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/.gitignore
@@ -0,0 +1 @@
+/target/
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index cf3325d24..5f4192645 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -12,11 +12,13 @@
   <properties>
 		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
 		
-		<eidas-commons.version>1.4.0</eidas-commons.version>
-		<eidas-light-commons.version>1.4.0</eidas-light-commons.version>
-		<eidas-saml-engine.version>1.4.0</eidas-saml-engine.version>
-		<eidas-encryption.version>1.4.0</eidas-encryption.version>
-		<eidas-configmodule.version>1.4.0</eidas-configmodule.version>
+		<eidas-commons.version>1.4.3</eidas-commons.version>
+		<eidas-light-commons.version>1.4.3</eidas-light-commons.version>
+		<eidas-saml-engine.version>1.4.3</eidas-saml-engine.version>
+		<eidas-encryption.version>1.4.3</eidas-encryption.version>
+		<eidas-configmodule.version>1.4.3</eidas-configmodule.version>
+		
+		<eID4U.module.version>0.2</eID4U.module.version>
 				
 	</properties>
   
@@ -48,18 +50,48 @@
   		<groupId>MOA.id.server</groupId>
   		<artifactId>moa-id-lib</artifactId>
   	</dependency>
+
+			<dependency>
+  				<groupId>MOA.id.server.modules</groupId>
+  				<artifactId>moa-id-modul-citizencard_authentication</artifactId>
+  				<exclusions>
+  					<exclusion>
+  						<groupId>*</groupId>
+  					</exclusion>
+  				</exclusions>
+  			</dependency>
+  			<dependency>
+  				<groupId>MOA.id.server.modules</groupId>
+  				<artifactId>moa-id-module-openID</artifactId>
+  				<exclusions>
+  					<exclusion>
+  						<groupId>*</groupId>
+  					</exclusion>
+  				</exclusions>
+  			</dependency>
   
   	<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-test</artifactId>
-			<scope>test</scope>
-		</dependency>
-
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
+ 		 <groupId>eu.eidas.extension.eID4U</groupId>
+  		<artifactId>eID4U_commons</artifactId>
+  		<version>${eID4U.module.version}</version>
+  	</dependency>
+  
+ 	 <dependency>
+    	<groupId>com.google.code.findbugs</groupId>
+    	<artifactId>jsr305</artifactId>
+    	<version>3.0.1</version>
+   	</dependency>
+  
+   	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-test</artifactId>
+		<scope>test</scope>
+	</dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
   
 		<!-- eidas Commons -->
 		<dependency>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
new file mode 100644
index 000000000..d3aa7b4a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl {
+
+	private int priority = 1;
+	
+	@Autowired private IRequestStorage requestStore;
+	
+	
+	@Override
+	public int getPriority() {
+		return priority; 
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		String selectedProcessID = super.selectProcess(context);
+		if (MiscUtil.isNotEmpty(selectedProcessID)) {
+			String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID);
+			
+			if (StringUtils.isEmpty(pendingReqId))
+				Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!");
+			
+			else {
+				IRequest pendingReq = requestStore.getPendingRequest(pendingReqId);
+				if (pendingReq != null && pendingReq instanceof EIDASData) {
+					return "eID4UAttributCollectionAuthentication";
+				
+				}
+			}
+		}	
+		
+		return selectedProcessID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:eid4u.Authentication.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
new file mode 100644
index 000000000..c8c65ce76
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Controller
+public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController {
+
+	public eID4UAPSignalServlet() {
+		Logger.debug("Registering servlet " + getClass().getName() + 
+				" with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'.");
+		
+	}
+	
+	@RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN }, 
+					method = {RequestMethod.POST, RequestMethod.GET})
+	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+	}
+
+	@Override
+	/**
+	 * Protocol specific implementation to get the pending-requestID 
+	 * from http request object
+	 * 
+	 * @param request The http Servlet-Request object
+	 * @return The Pending-request id 
+	 * 	
+	 */
+	public String getPendingRequestId(HttpServletRequest request) {
+		String pendigReqId = super.getPendingRequestId(request);
+		
+		if (MiscUtil.isEmpty(pendigReqId)) {
+			Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... ");			
+			pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE);			
+			if (MiscUtil.isEmpty(pendigReqId)) {						
+				Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... ");
+				pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+				if (MiscUtil.isEmpty(pendigReqId))
+					Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId.");
+				
+			}
+		}
+		
+		return pendigReqId;
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
new file mode 100644
index 000000000..45eb161d3
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
@@ -0,0 +1,25 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+public class eID4UConstants {
+	
+	//configuration parameter
+	public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID";
+	public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url";		
+	public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full";		
+	public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url";
+	public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype";
+	public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username";
+	public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password";
+	public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url";
+	
+	//session parameter
+	public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId";
+	public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume";
+	
+	//process context
+	public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr";
+	public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK";
+	
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
new file mode 100644
index 000000000..69cc131ff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
@@ -0,0 +1,239 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moaspss.logging.Logger;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+public class AttributeScopeMapper {
+		
+	private static AttributeScopeMapper instance = null;
+
+	public static final String Scope_Delimiter = " ";
+	
+	public static final String Citizenship = "ANY@tugraz.idm.attr.Citizenship";
+	public static final String CityOfBirth = "ANY@tugraz.idm.attr.CityOfBirth";
+	public static final String CountryOfBirth = "ANY@tugraz.idm.attr.CountryOfBirth";
+	public static final String CurrentDegreeName = "ANY@tugraz.idm.attr.CurrentDegreeName";
+	public static final String CurrentFieldOfStudy = "ANY@tugraz.idm.attr.CurrentFieldOfStudy";
+	public static final String CurrentLevelOfStudy = "ANY@tugraz.idm.attr.CurrentLevelOfStudy";
+	public static final String EmailStud = "ANY@tugraz.idm.attr.EmailStud";
+	public static final String Gender = "ANY@tugraz.idm.attr.Gender";
+	public static final String HomeInstitutionName = "ANY@tugraz.idm.attr.HomeInstitutionName";
+	public static final String HomeInstitutionCountry = "ANY@tugraz.idm.attr.HomeInstitutionCountry";
+
+	public static final String HomeInstitutionAddressCountryCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode";
+	public static final String HomeInstitutionAddressPostalCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode";
+	public static final String HomeInstitutionAddressStreet = "ANY@tugraz.idm.attr.HomeInstitutionAddressStreet";
+	public static final String HomeInstitutionAddressCity = "ANY@tugraz.idm.attr.HomeInstitutionAddressCity";
+
+	public static final String PermanentAddressCity = "ANY@tugraz.idm.attr.PermanentAddressCity";
+	public static final String PermanentAddressCountryCode = "ANY@tugraz.idm.attr.PermanentAddressCountryCode";
+	public static final String PermanentAddressPostalCode = "ANY@tugraz.idm.attr.PermanentAddressPostalCode";
+	public static final String PermanentAddressStreet = "ANY@tugraz.idm.attr.PermanentAddressStreet";
+
+	public static final String StudyAddressCity = "ANY@tugraz.idm.attr.StudyAddressCity";
+	public static final String StudyAddressCountryCode = "ANY@tugraz.idm.attr.StudyAddressCountryCode";
+	public static final String StudyAddressPostalCode = "ANY@tugraz.idm.attr.StudyAddressPostalCode";
+	public static final String StudyAddressStreet = "ANY@tugraz.idm.attr.StudyAddressStreet";
+
+	private static List<String> complexeScopes = new ArrayList<String>();
+	
+	private static final Map<String, String> eIDASToScopes = Collections.unmodifiableMap(new HashMap<String,String>() {
+		private static final long serialVersionUID = 1L;
+		{
+			put(Definitions.CITIZENSHIP_NAME, Citizenship);
+			put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), 
+					CityOfBirth);
+			put(Definitions.COUNTRYOFBIRTH_NAME, CountryOfBirth);
+			put(Definitions.CURRENTDEGREE_NAME, CurrentDegreeName);
+			put(Definitions.FIELDOFSTUDY_NAME, CurrentFieldOfStudy);
+			put(Definitions.CURRENTLEVELOFSTUDY_NAME, CurrentLevelOfStudy);
+			put(Definitions.EMAIL_NAME, EmailStud);
+			put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), 
+					Gender);
+			put(Definitions.HOMEINSTITUTIONNAME_NAME, HomeInstitutionName);
+			put(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, HomeInstitutionCountry);
+			
+			put(Definitions.HOMEINSTITUTIONADDRESS_NAME, 
+					      HomeInstitutionAddressCountryCode + Scope_Delimiter 
+						+ HomeInstitutionAddressPostalCode + Scope_Delimiter
+						+ HomeInstitutionAddressStreet + Scope_Delimiter
+						+ HomeInstitutionAddressCity);
+			put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), 
+					      PermanentAddressCity + Scope_Delimiter
+						+ PermanentAddressCountryCode + Scope_Delimiter
+						+ PermanentAddressPostalCode + Scope_Delimiter
+						+ PermanentAddressStreet);
+			put(Definitions.TEMPORARYADDRESS_NAME, 
+					      StudyAddressCity + Scope_Delimiter
+						+ StudyAddressCountryCode + Scope_Delimiter
+						+ StudyAddressPostalCode + Scope_Delimiter
+						+ StudyAddressStreet);
+			
+		}
+	});
+	
+	private static Map<String, String> scopesToeIDAS = Collections.unmodifiableMap(new HashMap<String,String>() {
+		private static final long serialVersionUID = 1L;
+		{
+			Iterator<Entry<String, String>> it = eIDASToScopes.entrySet().iterator();
+			while (it.hasNext()) {
+				Entry<String, String> el = it.next();				
+				String[] value = el.getValue().split(Scope_Delimiter);
+				if (value.length == 1)
+					put(el.getValue(), el.getKey());
+				
+				else {
+					for (String i : value) {
+						put(i, el.getKey());
+						complexeScopes.add(i);
+						
+					}					
+				}				
+			}			
+		}
+	});
+	
+	
+	
+	
+	public static AttributeScopeMapper getInstance() {
+		if (instance == null) {
+			instance = new AttributeScopeMapper();
+			
+		}
+		
+		return instance;
+	}
+	
+	/**
+	 * Map a eID4U attribute-name into a TUG Scope
+	 * 
+	 * @param eID4UAttributeName eID4U attribute-name
+	 * @return TUG Scope
+	 */	
+	public String getTUGScopesForAttribute(String eID4UAttributeName) {
+		if (eIDASToScopes.containsKey(eID4UAttributeName))
+			return eIDASToScopes.get(eID4UAttributeName);
+		
+		else {
+			Logger.info("eID4U attribute '" + eID4UAttributeName + "' CAN NOT provides from TUG");
+			return StringUtils.EMPTY;
+			
+		}
+		
+	}
+	
+	/**
+	 * Map a TUG Scope into an eID4u attribute-name
+	 * 
+	 * @param scope TUG scope
+	 * @return eID4u attribute name
+	 */
+	public String geteIDASAttrFromScope(String scope) {
+		return scopesToeIDAS.get(scope);
+		
+	}
+	
+	/**
+	 * Check if an TUG scope is part of a complex eID4u attribute
+	 * 
+	 * @param scope TUG scope
+	 * @return true if scope is part of a complex attribute, otherwise false
+	 */
+	public boolean isComplexeScope(String scope) {
+		return complexeScopes.contains(scope);
+		
+	}
+	
+	/**
+	 * Convert the TUG Attribute-provider response into a Map<attributeName, attributeValue> of eID4U attributes
+	 *  
+	 * 
+	 * @param jsonObject TUG AP response
+	 * @return Map of eID4U attributes, but never null
+	 */
+	public Map<String, Object> populateEid4uAttributesFromTugResponse(JsonObject jsonObject) {
+		Map<String, Object> result = new HashMap<String, Object>();								
+		Map<String, String> complexAttr = new HashMap<String, String>();
+					
+		Iterator<Entry<String, JsonElement>> it = jsonObject.entrySet().iterator();
+		while (it.hasNext()) {
+			Entry<String, JsonElement> el = it.next();				
+			String key = el.getKey();
+			
+			Logger.trace("Starting TUG scrope mapping for: " + key + " ... ");
+			String eIDASAttr = AttributeScopeMapper.getInstance().geteIDASAttrFromScope(key);				
+			if (StringUtils.isNotEmpty(eIDASAttr)) {
+				if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) {										
+					Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr);
+					result.put(eIDASAttr, el.getValue().getAsString());
+											
+				} else {		
+					Logger.trace("Find complex TUG scope: " + key);						
+					complexAttr.put(eIDASAttr, null);
+					
+				}	
+				
+			} else
+				Logger.info("Can NOT map TUG scope: " + key + " to any eID4U attribute");
+										
+		}
+
+		//TODO: can only Map address attributes
+		Iterator<String> complIt = complexAttr.keySet().iterator();
+		while(complIt.hasNext()) {
+			String attr = complIt.next();
+			
+			eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder address = PostalAddress.builder();
+			if (Definitions.HOMEINSTITUTIONADDRESS_NAME.equals(attr)) {
+				address.postCode(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressPostalCode).getAsString());
+				address.postName(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressCity).getAsString());
+				address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
+				address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());					
+				result.put(attr, address.build());
+									
+			} else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) {
+				address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString());
+				address.postName(jsonObject.get(AttributeScopeMapper.StudyAddressCity).getAsString());
+				address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
+				address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());					
+				result.put(attr, address.build());
+									
+			} else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) {
+				address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString());
+				address.postName(jsonObject.get(AttributeScopeMapper.PermanentAddressCity).getAsString());
+				address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
+				address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());					
+				result.put(attr, address.build());
+									
+			} else {
+				Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!");
+				
+			}
+			
+		}
+		
+		return result;
+		
+	}
+	
+	
+	private AttributeScopeMapper() {
+				
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
index f347022b8..d5b1a9e4e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.util.Collection;
+
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.Response;
 import org.w3c.dom.Document;
@@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
 	 * 
 	 */
 	@Override
-	public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException {
+	public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException {
 		try {
-			return super.unmarshallResponse(responseBytes);
+			return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
 			
 		} catch (EIDASSAMLEngineException e) {
 			if (responseBytes != null ) {
@@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
 				
 				if (startInternalMetadataRefesh(entityID)) {
 					Logger.debug("Metadata refresh success. Revalidate eIDAS Response ...");
-					return super.unmarshallResponse(responseBytes);
+					return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
 					
 				}
 				Logger.info("eIDAS metadata refresh not possible or not successful.");
@@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
 	 * 
 	 */
 	@Override
-	public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException {
+	public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException {
 		try {
-			return super.unmarshallRequest(requestBytes);
+			return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
 			
 			
 		} catch (EIDASSAMLEngineException e) {
@@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
 
 				if (startInternalMetadataRefesh(entityID)) {
 					Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ...");
-					return super.unmarshallRequest(requestBytes);
+					return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
 					
 				}
 				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index aca818532..feeff6f84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
 					AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
 					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
+							PVPConstants.SSLSOCKETFACTORYNAME,
+							basicConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 							moaAuthConfig.getTrustedCACertificates(),
 							null,
 							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
new file mode 100644
index 000000000..b7a9fcba9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
@@ -0,0 +1,32 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class eID4UAPException extends EIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	public eID4UAPException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+
+	public eID4UAPException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+		
+	}
+
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
new file mode 100644
index 000000000..a58bc4f8d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
@@ -0,0 +1,181 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.common.collect.UnmodifiableIterator;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry;
+
+@Component("CollectAddtionalAttributesTask")
+public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
+
+	@Autowired private OAuth20AuthAction openIDAuthAction; 
+	@Autowired private ITransactionStorage transactionStorage;
+	@Autowired private AuthenticationDataBuilder authDataBuilder;
+	
+	@Override
+	public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+			throws TaskExecutionException {
+		try{
+			context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false);
+			
+			if (pendingReq instanceof EIDASData) {
+				EIDASData eidasReq = (EIDASData) pendingReq;
+				Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ...");
+		
+				//select all eID4U attributes from requested attributes
+				Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder();
+				ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes();
+				for (String el : Definitions.EID4UATTRIBUTEELIST) {
+					if(reqAttrList.getAttributeValuesByNameUri(el) != null) {
+						Logger.debug("Find eID4U attr: " + el);
+						reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el));
+						
+					}
+				}
+				
+				//collect eID4U attributes, if some attributes are selected before
+				ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build();
+				if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) {
+					Logger.info("Starting eID4U attribute collection process ... ");
+				
+					//mark execution context with eID4U AP flag
+					context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true);
+					
+					//load connection parameters to TUG
+					String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID);
+					String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL);
+					String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES);
+					
+					if (MiscUtil.isEmpty(scopes)) {
+						//generate scope from attributes
+						scopes = mapReqAttributesIntoScopes(reqEid4uAttrList);
+						
+					}					
+					
+					Logger.debug("Load eID4U AP-Config:"
+							+ " EntityID: " + uniqueID
+							+ " RedirectURL:" + redirectURI
+							+ " Scopes: " + scopes);
+					
+					
+					/*
+					*build openID and set connect token
+					*/
+					
+					//generate fake OpenID_Connect request
+					OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest();
+					fakeOpenIDReq.initialize(httpReq, authConfig);
+					fakeOpenIDReq.setSPEntityId(uniqueID);
+					fakeOpenIDReq.setModule(OAuth20Protocol.NAME);
+					fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID));
+					fakeOpenIDReq.setScope("openId profile");
+										
+					//populate with SessionData
+					fakeOpenIDReq.setRawDataToTransaction(
+							pendingReq.getSessionData(AuthenticationSessionWrapper.class)
+								.getKeyValueRepresentationFromAuthSession());
+										
+					//generate authData
+					IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq);
+
+					//generate OpenIDConenct token
+					String accessToken = Random.nextHexRandom32();
+					OAuth20SessionObject o = new OAuth20SessionObject();					
+					o.setScope(fakeOpenIDReq.getScope());
+					o.setCode(accessToken);
+					Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken);
+					o.setAuthDataSession(idToken);
+					transactionStorage.put(accessToken, o, -1);
+										
+					//forward to TUG
+					httpResp.setStatus(HttpServletResponse.SC_FOUND);					
+					redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken);
+					redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes);
+					redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, 
+							pendingReq.getPendingRequestId());
+					redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI, 
+							pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN);
+															
+					final String finalUrl = redirectURI;
+					httpResp.addHeader("Location", finalUrl);
+					Logger.debug("REDIRECT TO: " + finalUrl.toString());
+					
+					//set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level
+					CookieUtils.setCookie(httpReq, httpResp, 
+							eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, 
+							pendingReq.getPendingRequestId(), -1);
+
+					//set user's bPK into pendingRequst because TUG AttributeProvider needs it
+					pendingReq.setRawDataToTransaction(
+							eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, 
+							new BPKAttributeBuilder().build(
+									fakeOpenIDReq.getServiceProviderConfiguration(), 
+									authData, 
+									new SimpleStringAttributeGenerator()));
+					requestStoreage.storePendingRequest(pendingReq);
+					
+				} else
+					Logger.debug("No eID4U attributes found. Skip eID4U attribute collection");
+				
+			} else
+				Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+			
+		} catch (Exception e) {
+			Logger.error("eID4U AttributeProvider communication FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e);
+			
+		}
+		
+	}
+
+	private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) {
+		String result = StringUtils.EMPTY;
+		UnmodifiableIterator<ImmutableAttributeEntry<?>> it = reqEid4uAttrList.entrySet().iterator();
+		while (it.hasNext()) {
+			ImmutableAttributeEntry<?> el = it.next();
+			String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute(
+								el.getKey().getNameUri().toString());
+			
+			if (result.isEmpty())
+				result = scope;
+			else
+				result += " " + scope;
+							
+		}
+		
+		return result;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 1788facf0..274a23674 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
 						
 			//validate SAML token
+			//TODO: maybe add whitelist
 			IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, 
 					request.getRemoteHost(), 
 					Constants.CONFIG_PROPS_SKEWTIME_BEFORE, 
 					Constants.CONFIG_PROPS_SKEWTIME_AFTER,
-					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA,
+					null,
+					false);
 												
 			if (samlResp.isEncrypted()) {
 				Logger.info("Received encrypted eIDAS SAML-Response.");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
new file mode 100644
index 000000000..e878f8ab1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
@@ -0,0 +1,238 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.Header;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Component("ReceiveConsentForAddtionalAttributesTask")
+public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask {
+
+	private static final int HashMap = 0;
+	@Autowired private AuthConfiguration moaAuthConfig;
+	
+	@Override
+	public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+			throws TaskExecutionException {
+		try{
+			if (pendingReq instanceof EIDASData) {
+				EIDASData eidasReq = (EIDASData) pendingReq;
+			
+				//delete eID4U http Cookie with pendingRequestId 
+				CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+				
+				String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE);	
+				if (MiscUtil.isEmpty(authCode)) {
+					Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... ");
+					throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null);
+					
+				}				
+				Logger.trace("Find OAuth2 'code' with: " + authCode);
+					
+				/*
+				 * access backend service with authCode
+				 * 
+				 */
+				String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL);
+				String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME);
+				String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD);
+				
+				if (MiscUtil.isEmpty(tokenServiceURL)) {
+					Logger.info("NO TokenService URL in configuration for eID4U AP. ");
+					throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null);
+					
+				}
+					
+				//open http client
+				SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+						moaAuthConfig,
+						tokenServiceURL);
+				CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
+						sslFactory,
+						authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+								
+				//build request URL
+				URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL);
+				uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE, 
+						authConfig.getBasicConfiguration(
+								eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE, 
+								OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE));
+				uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode);
+				Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build());
+				
+				HttpGet httpGetToken = new HttpGet(uriBuilderToken.build());
+				
+				HttpClientContext localContext = HttpClientContext.create();
+				if (MiscUtil.isNotEmpty(tokenServiceUsername)) {										
+					Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... ");
+
+					//Raw work-around, because API solution does not work well
+					String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim();
+					byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1));
+					String authHeader = "Basic " + new String(encodedAuth);
+					httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+					
+					//API solutuion
+//					HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString());					
+//					AuthCache authCache = new BasicAuthCache();
+//					authCache.put(targetHost, new BasicScheme());
+//					
+//					CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+//					credentialsProvider.setCredentials(AuthScope.ANY, 
+//							new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim()));					
+//					localContext.setCredentialsProvider(credentialsProvider);
+//					localContext.setAuthCache(authCache);
+					
+				}
+				
+				//request tokenService
+				HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext);
+
+				Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode() 
+						+ " from eID4U AP TokenService");								
+								
+				if (Logger.isTraceEnabled()) {
+					for (Header el : httpResultToken.getAllHeaders())
+						Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+				}
+
+				if (httpResultToken.getStatusLine().getStatusCode() != 200) {
+					Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode()
+							+ " eID4U AP process stopping ... ");
+					if (httpResultToken.getEntity().getContent() != null)
+						Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8"));
+					throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null);
+					
+				}
+				
+				//parse AccessToken from TokenService response
+				JsonElement fullToken = new JsonParser().parse(
+						new InputStreamReader(httpResultToken.getEntity().getContent()));
+				Logger.trace("FullToken: " + fullToken.toString());
+				String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString();
+				
+								
+				//call Attribute Provider to receice eID4U attributes from TUG
+				String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL);				
+				if (MiscUtil.isEmpty(attrProviderServiceURL)) {
+					Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. ");
+					throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null);
+					
+				}
+				
+				
+				URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL);
+				HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build());
+				
+				//encode and add token as header
+				String authHeader = "Bearer " + accessToken;
+				httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+				
+				//get and add bPK as header
+				httpGetData.setHeader(
+						"X-PVP-BPK", 
+						pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class));
+				
+				if (Logger.isTraceEnabled()) {
+					for (Header el : httpGetData.getAllHeaders())
+						Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue());
+				}
+				
+				//request Attribute Provider
+				HttpResponse httpResultData = httpClient.execute(httpGetData);
+
+				//parse response
+				Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode() 
+						+ " from eID4U Attr.Provider Service");								
+								
+				if (Logger.isTraceEnabled()) {
+					for (Header el : httpResultData.getAllHeaders())
+						Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+				}
+
+				if (httpResultData.getStatusLine().getStatusCode() != 200) {
+					Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode()
+							+ " eID4U AP process stopping ... ");
+					if (httpResultData.getEntity().getContent() != null)
+						Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8"));
+					
+					throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null);
+					
+				}
+				
+				
+				//parse eID4U attributes from Attr.Provider service response
+				JsonElement fullAttrSet = new JsonParser().parse(
+						new InputStreamReader(httpResultData.getEntity().getContent()));
+				Logger.trace("FullAttrSet: " + fullAttrSet.toString());
+				
+				//populate eID4U attributes
+				populateEid4uAttributes(fullAttrSet.getAsJsonObject());
+				
+				//store pendingRequest
+				requestStoreage.storePendingRequest(pendingReq);
+				
+													
+			} else
+				Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+			
+		} catch (Exception e) {
+			Logger.error("IdentityLink generation for foreign person FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+			
+		}
+		
+	}
+	
+	private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException {
+		try {
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+			Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject);
+			for (Entry<String, Object> el : eID4UAttributes.entrySet())
+				session.setGenericDataToSession(el.getKey(), el.getValue());
+			
+		} catch (EAAFStorageException e) {
+			Logger.warn("Can NOT inject authentication data into user object.", e);
+			throw e;
+		}
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
index bb52d2ffe..44a313885 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
@@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
 import org.opensaml.xml.signature.KeyInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import com.google.common.collect.ImmutableSortedSet;
 import com.google.common.collect.Ordering;
 
+import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions;
  *
  */
 public class NewMoaEidasMetadata {
-	private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName());
 	private final String metadata;
 	private final String entityId;
 	private static final Set<String> DEFAULT_BINDING = new HashSet() {
@@ -180,7 +178,7 @@ public class NewMoaEidasMetadata {
 						dm.setAlgorithm(digestMethod);
 						eidasExtensions.getUnknownXMLObjects().add(dm);
 					} else {
-						NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension");
+						Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension");
 					}
 				}
 			}
@@ -197,7 +195,7 @@ public class NewMoaEidasMetadata {
 					spTypeObj.setSPType(this.params.getSpType());
 					eidasExtensions.getUnknownXMLObjects().add(spTypeObj);
 				} else {
-					NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension");
+					Logger.info("BUSINESS EXCEPTION error adding SPType extension");
 				}
 			}
 			generateDigest(eidasExtensions);
@@ -212,7 +210,7 @@ public class NewMoaEidasMetadata {
 						sm.setAlgorithm(signMethod);
 						eidasExtensions.getUnknownXMLObjects().add(sm);
 					} else {
-						NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension");
+						Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension");
 					}
 				}
 			}
@@ -378,8 +376,12 @@ public class NewMoaEidasMetadata {
 	                new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural());
 	                
 	        for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) {
-	        	AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
-	        	builder.add(supAttr);
+	        	Logger.trace("Build metadata-attr: " + attr);
+	        	AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);	        	
+	        	if (supAttr == null)
+	        		Logger.warn("Suspect eIDAS attribute definition: " + attr);
+	        	else
+	        		builder.add(supAttr);
 	        }
 
 	        return builder.build();
@@ -444,11 +446,11 @@ public class NewMoaEidasMetadata {
 					url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en"));
 					organization.getURLs().add(url);
 				} catch (IllegalAccessException iae) {
-					NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
-					NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+					Logger.info("ERROR : error generating the OrganizationData: " +  iae.getMessage());
+					Logger.warn("ERROR : error generating the OrganizationData:", iae);
 				} catch (NoSuchFieldException nfe) {
-					NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
-					NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+					Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage());
+					Logger.warn("ERROR : error generating the OrganizationData:", nfe);
 				}
 			}
 			return organization;
@@ -463,11 +465,11 @@ public class NewMoaEidasMetadata {
 				else if (contactType == ContactPersonTypeEnumeration.TECHNICAL)
 					currentContact = this.params.getTechnicalContact();
 				else {
-					NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type");
+					Logger.error("ERROR: unsupported contact type");
 				}
 				contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class);
 				if (currentContact == null) {
-					NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration");
+					Logger.error("ERROR: cannot retrieve contact from the configuration");
 					return contact;
 				}
 
@@ -486,11 +488,11 @@ public class NewMoaEidasMetadata {
 
 				populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber);
 			} catch (IllegalAccessException iae) {
-				NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
-				NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+				Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage());
+				Logger.warn("ERROR : error generating the OrganizationData: ", iae);
 			} catch (NoSuchFieldException nfe) {
-				NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
-				NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+				Logger.info("ERROR : error generating the OrganizationData: " +  nfe.getMessage());
+				Logger.warn("ERROR : error generating the OrganizationData: ", nfe);
 			}
 			return contact;
 		}
@@ -546,8 +548,8 @@ public class NewMoaEidasMetadata {
 				}
 				return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false));
 			} catch (Exception ex) {
-				NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage());
-				NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex);
+				Logger.info("ERROR : SAMLException: " + ex.getMessage());
+				Logger.warn("ERROR : SAMLException ", ex);
 				throw new IllegalStateException(ex);
 			}
 		}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 6d20caa4b..b000c317e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException;
 import org.opensaml.xml.XMLConfigurator;
 
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -112,6 +113,16 @@ public class SAMLEngineUtils {
 				SAMLSchemaBuilder.addExtensionSchema(
 						at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
 				
+				//add eID4U schemes
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION);				
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION);
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION);				
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION);
+				
 				eIDASEngine = engine;
 				
 			} catch (EIDASSAMLEngineException | ConfigurationException e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
deleted file mode 100644
index e3b58d259..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-
-/**
- * @author tlenz
- *
- */
-public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> {
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
-	 */
-	@Override
-	public String buildStringAttribute(String friendlyName, String name, String value) {
-		return value;
-		
-	} 
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
-	 */
-	@Override
-	public String buildIntegerAttribute(String friendlyName, String name, int value) {
-		return String.valueOf(value);
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
-	 */
-	@Override
-	public String buildLongAttribute(String friendlyName, String name, long value) {
-		return String.valueOf(value);
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
-	 */
-	@Override
-	public String buildEmptyAttribute(String friendlyName, String name) {
-		return null;
-	}
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 200215308..d2323d161 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
 import at.gv.egovernment.moa.logging.Logger;
@@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
  *
  */
 public class eIDASAttributeBuilder extends PVPAttributeBuilder {		
-	private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+	private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator();
 	 
 	private static List<String> listOfSupportedeIDASAttributes;
 	private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = 
@@ -105,7 +106,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
 	 * @param authData Authentication data that contains user information for attribute generation
 	 * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES
 	 */
-	public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
+	public static Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
 			IAuthData authData) {
 		
 		String attrName = attr.getNameUri().toString();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index d268dd2f6..7c9e66ba0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -203,7 +203,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			//*****  validate eIDAS request  *********
 			//****************************************			
 			//validate SAML token
-			IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
+			//TODO: maybe add whitelist feature
+			IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode, null, false);
 
 			//validate internal JAVA class type
 			if (!(samlReq instanceof IEidasAuthenticationRequest)) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
index 1ac4560b0..d9232a2f3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
@@ -28,7 +28,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
  * @author tlenz
  *
  */
-@Deprecated
+
+
 @eIDASMetadata
 public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 66359e240..e10f42b37 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -35,7 +35,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-@Deprecated
 @eIDASMetadata
 public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
index 638b01bb1..cea28662e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
@@ -28,7 +28,10 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
  * @author tlenz
  *
  */
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
 public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index fd245c3eb..7c527ff67 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -35,7 +35,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
 public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index f7e135bae..14ba239a1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -61,7 +61,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat
 			throws AttributeBuilderException {	
 		
 		try {
-			Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData);
+			Pair<String, String> calcResult = getBpkForSp(oaParam, authData);
 			if (calcResult != null) {
 				String personalID = calcResult.getFirst();
 				String type = calcResult.getSecond();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
index db072203d..9321182da 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
@@ -1,5 +1,8 @@
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
+import java.lang.annotation.Retention;
+
+@Retention(java.lang.annotation.RetentionPolicy.RUNTIME) 
 public @interface eIDASMetadata {
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
new file mode 100644
index 000000000..2f066bc6b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CititzenshipAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.CITIZENSHIP_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
new file mode 100644
index 000000000..8ef79b774
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CountryOfBirthAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.COUNTRYOFBIRTH_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
new file mode 100644
index 000000000..7b4c16a5a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentDegreeAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.CURRENTDEGREE_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
new file mode 100644
index 000000000..5210676c2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.CURRENTLEVELOFSTUDY_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
new file mode 100644
index 000000000..4b8e6ec29
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentPhotoAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object docObj= authData.getGenericData(getName(), Object.class);
+		
+		if (docObj instanceof Document) {
+			return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), ((Document)docObj).toString());
+			
+			
+		} else if (docObj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)docObj))
+				return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), (String)docObj);
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.CURRENTPHOTO_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
new file mode 100644
index 000000000..4f0a0d2fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.DEGREE_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.DEGREE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.DEGREE_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
new file mode 100644
index 000000000..8b480914b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAwardingInstituteAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.DEGREEAWARDINGINSTITUTION_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
new file mode 100644
index 000000000..b3b58c9da
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeCountryAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.DEGREECOUNTRY_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
new file mode 100644
index 000000000..f37b8ea65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EHICIDAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.EHICID_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.EHICID_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.EHICID_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
new file mode 100644
index 000000000..c1dba7eff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EMailAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.EMAIL_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.EMAIL_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.EMAIL_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
new file mode 100644
index 000000000..ba486079e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class FieldOfStudyAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.FIELDOFSTUDY_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
new file mode 100644
index 000000000..cf1bc4b07
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class GraduationYearAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.GRADUATIONYEAR_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
new file mode 100644
index 000000000..73ab6fdda
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class HomeInstituteAddressAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object obj= authData.getGenericData(getName(), Object.class);
+		
+		if (obj instanceof PostalAddress) {
+			try {
+				return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), 
+					new CurrentAddressAttributeValueMarshaller().marshal(
+							new PostalAddressAttributeValue((PostalAddress) obj)));
+							
+			} catch (AttributeValueMarshallingException e) {
+				Logger.warn("Can NOT build attribute: " + getName(), e);
+				
+			}
+						
+		} else if (obj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)obj)) {
+				try {
+					return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), 
+							Base64Utils.encode(((String) obj).getBytes()));
+					
+				} catch (IOException e) {
+					Logger.warn("Can NOT build attribute: " + getName(), e);
+					
+				}
+				
+			}
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.HOMEINSTITUTIONADDRESS_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
new file mode 100644
index 000000000..4b80b53ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteCountryAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.HOMEINSTITUTIONCOUNTRY_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
new file mode 100644
index 000000000..e8c7a9169
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteIdentifierAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.HOMEINSTITUTIONIDENTIFIER_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
new file mode 100644
index 000000000..1f72b9a37
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteNameAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.HOMEINSTITUTIONNAME_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
new file mode 100644
index 000000000..1983c10d1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdExpireddateAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object dateObj= authData.getGenericData(getName(), Object.class);
+		
+		if (dateObj instanceof Date) {
+			DateFormat pvpDateFormat = new SimpleDateFormat(Definitions.DATE_FORMAT_PATTERN);
+			String dateString = pvpDateFormat.format(dateObj);
+			return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), dateString);
+			
+		} else if (dateObj instanceof String) {
+			return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), (String) dateObj);
+				
+		} else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.IDEXPIREDATE_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
new file mode 100644
index 000000000..7b04069e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdIssuerAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.IDISSUER_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
new file mode 100644
index 000000000..956caab68
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdNumberAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.IDNUMBER_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
new file mode 100644
index 000000000..e2aff59e9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.IdType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdTypeAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object idTypeObj= authData.getGenericData(getName(), Object.class);
+		
+		if (idTypeObj instanceof IdType)
+			return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), ((IdType)idTypeObj).getValue());
+		
+		else if (idTypeObj instanceof String) {
+			String idType = (String)idTypeObj;
+			if (StringUtils.isNotEmpty(idType))
+				return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), idType);
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.IDTYPE_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
new file mode 100644
index 000000000..4c88a54c1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageCertificatesAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object certObj= authData.getGenericData(getName(), Object.class);
+		
+		if (certObj instanceof CertificatesType) {
+			return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), ((CertificatesType)certObj).toString());
+			
+			
+		} else if (certObj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)certObj))
+			return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), (String) certObj);
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.LANGUAGECERTIFICATES_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
new file mode 100644
index 000000000..b3c30a8a2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.LanguageLevelType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageProficiencyAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object certObj= authData.getGenericData(getName(), Object.class);
+		
+		if (certObj instanceof LanguageLevelType) {
+			return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), ((LanguageLevelType)certObj).toString());
+			
+			
+		} else if (certObj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)certObj))
+				
+			return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), (String) certObj);
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.LANGUAGEPROFICIENCY_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
new file mode 100644
index 000000000..98410a606
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.MaritalState;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class MaritalstateAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+			
+		Object valueObj = authData.getGenericData(getName(), Object.class);
+		
+		if (valueObj instanceof MaritalState) 
+			return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), ((MaritalState)valueObj).getValue());
+		
+		else if (valueObj instanceof String) {
+			String value = (String)valueObj;
+			if (StringUtils.isNotEmpty(value));
+				return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), value);
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.EHICID_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
new file mode 100644
index 000000000..724b2494e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class NationalityAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.NATIONALITY_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
new file mode 100644
index 000000000..51e78bac2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class PhoneAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.PHONE_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.PHONE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.PHONE_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
new file mode 100644
index 000000000..9888ce3c0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class TaxIdentificationNumberAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.TAXIDENTIFICATIONNUMBER_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
new file mode 100644
index 000000000..9a57750cf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class TemporaryAddressAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object obj= authData.getGenericData(getName(), Object.class);
+		
+		if (obj instanceof PostalAddress) {			
+			try {
+				return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), 
+						new CurrentAddressAttributeValueMarshaller().marshal(
+								new PostalAddressAttributeValue((PostalAddress) obj)));
+								
+			} catch (AttributeValueMarshallingException e) {
+				Logger.warn("Can NOT build attribute: " + getName(), e);
+				
+			}
+
+		} else if (obj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)obj))
+				try {
+					return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), 
+							Base64Utils.encode(((String) obj).getBytes()));
+					
+				} catch (IOException e) {
+					Logger.warn("Can NOT build attribute: " + getName(), e);
+					
+				}
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.TEMPORARYADDRESS_NAME;
+		
+	}
+
+}
+ 
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index f6a67db9d..b42d3273f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -87,7 +87,9 @@ public class eIDASAuthenticationRequest implements IAction {
 		else
 			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
 		
-				
+		
+		ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+		
 		String subjectNameID = null;
 				
 		//gather attributes
@@ -129,6 +131,21 @@ public class eIDASAuthenticationRequest implements IAction {
 			Logger.trace("eIDAS requsted attr. update process finished");
 			
 		}
+
+		
+		
+		//TODO: eID4U testcode
+		//**************************************************************************
+//		Builder reqAttrWitheID4U = ImmutableAttributeMap.builder(reqAttributeList);
+//		AttributeDefinition<?> attrDef = 
+//				engine.getProtocolProcessor().getAttributeDefinitionNullable(
+//						Definitions.IDTYPE_NAME);
+//		reqAttrWitheID4U.put(AttributeDefinition.builder(attrDef).required(false).build());
+//		
+//		reqAttributeList = reqAttrWitheID4U.build();
+		
+		//**************************************************************************
+		
 		
 		Logger.trace("Starting eIDAS response generation ....");
 		
@@ -164,9 +181,7 @@ public class eIDASAuthenticationRequest implements IAction {
 		
 		String token = null;
 		IResponseMessage eIDASRespMsg = null;
-		try {
-			ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-			
+		try {			
 			// encryption is done by the SamlEngine, i.e. by the module we provide in the config
 			// but we need to set the appropriate request issuer
 			//engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
@@ -247,16 +262,18 @@ public class eIDASAuthenticationRequest implements IAction {
 	}
 
 	private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException {
-		Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
+		Pair<?, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
 				attr, req.getServiceProviderConfiguration(), authData);
 					
 		if(eIDASAttr == null) {				
 			if (attr.isRequired()) {
 				Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available.");
-				throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
+				
+				//TODO!!!!!!!
+				//throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
 									
 			} else
-				Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");	
+				Logger.debug("eIDAS Attr:" + attr.getNameUri() + " is not available.");	
 			
 		} else {
 			//add attribute to Map
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 3c11c725d..3a05c47ac 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,7 +1,8 @@
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
@@ -9,3 +10,30 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentat
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
index ad87adb6a..2a147e18c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
@@ -2,9 +2,38 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
-\ No newline at end of file
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
new file mode 100644
index 000000000..4ab49641f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+	<pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+	<pd:Task id="createIdentityLinkForm"    class="CreateIdentityLinkFormTask" />
+	<pd:Task id="verifyIdentityLink"        class="VerifyIdentityLinkTask"        async="true" />
+	<pd:Task id="verifyAuthBlock"           class="VerifyAuthenticationBlockTask" async="true" />
+	<pd:Task id="verifyCertificate"         class="VerifyCertificateTask"         async="true" />
+	<pd:Task id="getMISMandate"           	class="GetMISSessionIDTask"           async="true" />
+	<pd:Task id="certificateReadRequest"    class="CertificateReadRequestTask" />
+	<pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+	<pd:Task id="prepareGetMISMandate" 		class="PrepareGetMISMandateTask" />
+	<pd:Task id="finalizeAuthentication" 	class="FinalizeAuthenticationTask" />
+	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />	
+	<pd:Task id="userRestrictionTask" 		class="UserRestrictionTask" />
+	<pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/>
+
+	<!-- eID4U extensions -->
+	<pd:Task id="collectAddtionalAttributesTask" 		class="CollectAddtionalAttributesTask" async="true"/>
+	<pd:Task id="receiveConsentForAddtionalAttributesTask" 		class="ReceiveConsentForAddtionalAttributesTask" async="true"/>
+
+
+
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start"                     to="initializeBKUAuthentication" />
+	
+	<pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+	
+	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />
+	
+	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"        to="prepareAuthBlockSignature" />
+	
+	<pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+	<!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+	
+	<pd:Transition from="certificateReadRequest"    to="verifyCertificate" />
+	<!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+	
+	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyCertificate"         to="getForeignID" />
+	
+	<pd:Transition from="verifyAuthBlock"           to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyAuthBlock"           to="userRestrictionTask" />
+	
+	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />
+		
+	<pd:Transition from="getMISMandate"           	to="userRestrictionTask" />
+	<pd:Transition from="getForeignID"              to="userRestrictionTask" />
+	
+	
+	<pd:Transition from="userRestrictionTask"           to="genericFrontChannelRedirectTask" />
+	
+	<!-- eID4U tasks for attribute collection -->	
+	<pd:Transition from="genericFrontChannelRedirectTask"           to="collectAddtionalAttributesTask" />
+	
+	<pd:Transition from="collectAddtionalAttributesTask"           	to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" />
+	<pd:Transition from="collectAddtionalAttributesTask"           	to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" />
+	
+	<pd:Transition from="receiveConsentForAddtionalAttributesTask"  to="finalizeAuthentication" />
+	
+	
+	<pd:Transition from="finalizeAuthentication"    to="end" />
+		
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index 20395f210..da4a2a95b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -9,9 +9,17 @@
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
  
+ 	<bean id="eID4UAuthProcessImpl"
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.AustrianAuthWitheID4UAuthenticationModulImpl">
+		<property name="priority" value="1" />
+	</bean>
+ 
 	<bean id="eIDASSignalServlet"
 				class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/>
 
+	<bean id="eID4UAPSignalServlet"
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.eID4UAPSignalServlet"/>
+
 	<bean id="EIDASProtocol"
 				class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
 				
@@ -30,5 +38,14 @@
 	<bean id="CreateIdentityLinkTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask"
 				scope="prototype"/>
+				
+	<bean id="CollectAddtionalAttributesTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CollectAddtionalAttributesTask"
+				scope="prototype"/>
+	
+	<bean id="ReceiveConsentForAddtionalAttributesTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveConsentForAddtionalAttributesTask"
+				scope="prototype"/>			
+				
 																						
 </beans>
 \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
new file mode 100644
index 000000000..6a8a28dd4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
@@ -0,0 +1,27 @@
+ANY@tugraz.idm.attr.Citizenship=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Citizenship
+ANY@tugraz.idm.attr.CityOfBirth=http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth
+ANY@tugraz.idm.attr.CountryOfBirth=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/CountryOfBirth
+ANY@tugraz.idm.attr.CurrentDegreeName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentDegree
+ANY@tugraz.idm.attr.CurrentFieldOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/FieldOfStudy
+ANY@tugraz.idm.attr.CurrentLevelOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentLevelOfStudy
+ANY@tugraz.idm.attr.EmailStud=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Email
+ANY@tugraz.idm.attr.Gender=http://eidas.europa.eu/attributes/naturalperson/Gender
+ANY@tugraz.idm.attr.HomeInstitutionName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Name
+ANY@tugraz.idm.attr.HomeInstitutionCountry=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Country
+
+
+ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomrInstitutionAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+
+
+ANY@tugraz.idm.attr.PermanentAddressCity=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressCountryCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressPostalCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressStreet=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+
+ANY@tugraz.idm.attr.StudyAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
new file mode 100644
index 000000000..0daa90b40
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
@@ -0,0 +1,253 @@
+package test.at.gv.egovernment.moa.id.modules.eidas.eid4u;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Base64;
+import java.util.Map;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+
+public class AttributeScopeMapperTest {
+	
+	private static final String TUG_AP_RESPONSE_B64 = "ewogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Db3VudHJ5T2ZCaXJ0aCI6IiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnREZWdyZWVOYW1lIjoiRHIudGVjaG4uIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuQ3VycmVudEZpZWxkT2ZTdHVkeSI6IjA2ODg7OTk5OSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnRMZXZlbE9mU3R1ZHkiOiI4IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuRW1haWxTdHVkIjoidC5rZXJuQHN0dWRlbnQudHVncmF6LmF0IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuSG9tZUluc3RpdHV0aW9uQWRkcmVzc0NvdW50cnlDb2RlIjoiQVQiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzUG9zdGFsQ29kZSI6IjgwMTAiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzU3RyZWV0IjoiUmVjaGJhdWVyc3RyYcOfZSAxMiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkNvdW50cnkiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbk5hbWUiOiJHcmF6IFVuaXZlcnNpdHkgT2YgVGVjaG5vbG9neSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkFkZHJlc3NDaXR5IjoiR3JheiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc0NpdHkiOiJGcm9obmxlaXRlbiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1Bvc3RhbENvZGUiOiI4MTMwIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuU3R1ZHlBZGRyZXNzQ291bnRyeUNvZGUiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1N0cmVldCI6IkvDvGhhdSAyMiIKfQ==";
+	
+	private AttributeScopeMapper mapper = null;
+	
+	@Test
+	public void dummyTest() throws Exception {
+		
+		
+	}
+
+	@Test
+	public void checkTugApResponseMapping() throws JsonParseException, UnsupportedEncodingException {
+		JsonElement fullAttrSet = new JsonParser().parse(new String(
+				Base64.getDecoder().decode(TUG_AP_RESPONSE_B64.getBytes()), "UTF-8"));
+		
+		Map<String, Object> result = getMapper().populateEid4uAttributesFromTugResponse(fullAttrSet.getAsJsonObject());
+		
+		Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty());
+		
+		Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME));
+		Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME));
+				
+		Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME));
+		Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.FIELDOFSTUDY_NAME));
+		Assert.assertEquals("0688;9999", result.get(Definitions.FIELDOFSTUDY_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.CURRENTLEVELOFSTUDY_NAME));
+		Assert.assertEquals("8", result.get(Definitions.CURRENTLEVELOFSTUDY_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.EMAIL_NAME));
+		Assert.assertEquals("t.kern@student.tugraz.at", result.get(Definitions.EMAIL_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONNAME_NAME));
+		Assert.assertEquals("Graz University Of Technology", result.get(Definitions.HOMEINSTITUTIONNAME_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONCOUNTRY_NAME));
+		Assert.assertEquals("AT", result.get(Definitions.HOMEINSTITUTIONCOUNTRY_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONADDRESS_NAME));
+		checkComplexeAddress(
+				result.get(Definitions.HOMEINSTITUTIONADDRESS_NAME),
+				"AT",
+				"8010",
+				"Rechbauerstraße 12",
+				"Graz");
+				
+		Assert.assertTrue(result.containsKey(Definitions.TEMPORARYADDRESS_NAME));
+		checkComplexeAddress(
+				result.get(Definitions.TEMPORARYADDRESS_NAME),
+				"AT",
+				"8130",
+				"Kühau 22",
+				"Frohnleiten");
+				
+	}
+	
+	private void checkComplexeAddress(Object toCheck, String cc, String postalCode, String Street, String city) {
+		Assert.assertNotNull(toCheck);
+		Assert.assertTrue(toCheck instanceof PostalAddress);
+		
+		PostalAddress addr = (PostalAddress)toCheck;
+		Assert.assertEquals(postalCode, addr.getPostCode());
+		Assert.assertEquals(Street, addr.getCvAddressArea());
+		Assert.assertEquals(Street, addr.getThoroughfare());
+		Assert.assertEquals(city, addr.getPostName());
+		
+	}
+	
+	@Test
+	public void checkCitizenship() throws Exception {
+		checkBasicMappingInitialization(Definitions.CITIZENSHIP_NAME, AttributeScopeMapper.Citizenship, false);
+		
+	}
+	
+	@Test
+	public void checkCityOfBirth() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), AttributeScopeMapper.CityOfBirth, false);
+			
+	}
+	
+	@Test
+	public void checkCountryOfBirth() throws Exception {
+		checkBasicMappingInitialization(Definitions.COUNTRYOFBIRTH_NAME, AttributeScopeMapper.CountryOfBirth, false);
+			
+	}
+	
+	@Test
+	public void checkCurrentDegreeName() throws Exception {
+		checkBasicMappingInitialization(Definitions.CURRENTDEGREE_NAME, AttributeScopeMapper.CurrentDegreeName, false);
+		
+	}
+	
+	@Test
+	public void checkCurrentFieldOfStudy() throws Exception {
+		checkBasicMappingInitialization(Definitions.FIELDOFSTUDY_NAME, AttributeScopeMapper.CurrentFieldOfStudy, false);
+	}
+	
+	@Test
+	public void checkCurrentLevelOfStudy() throws Exception {
+		checkBasicMappingInitialization(Definitions.CURRENTLEVELOFSTUDY_NAME, AttributeScopeMapper.CurrentLevelOfStudy, false);
+		
+	}
+	
+	@Test
+	public void checkEmailStud() throws Exception {
+		checkBasicMappingInitialization(Definitions.EMAIL_NAME, AttributeScopeMapper.EmailStud, false);
+		
+	}
+	
+	@Test
+	public void checkGender() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), AttributeScopeMapper.Gender, false);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionName() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONNAME_NAME, AttributeScopeMapper.HomeInstitutionName, false);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionCountry() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, AttributeScopeMapper.HomeInstitutionCountry, false);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionAddressCountryCode() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCountryCode, true);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionAddressPostalCode() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressPostalCode, true);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionAddressStreet() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressStreet, true);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionAddressCity() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCity, true);
+		
+	}
+	
+	@Test
+	public void checkPermanentAddressCity() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCity, true);
+		
+	}
+	
+	@Test
+	public void checkPermanentAddressCountryCode() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCountryCode, true);
+		
+	}
+	
+	@Test
+	public void checkPermanentAddressPostalCode() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressPostalCode, true);
+		
+	}
+	
+	@Test
+	public void checkPermanentAddressStreet() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressStreet, true);
+		
+	}
+	
+	@Test
+	public void checkStudyAddressCity() throws Exception {
+		checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCity, true);
+		
+	}
+	
+	@Test
+	public void checkStudyAddressCountryCode() throws Exception {
+		checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCountryCode, true);
+		
+	}
+	
+	@Test
+	public void checkStudyAddressPostalCode() throws Exception {
+		checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressPostalCode, true);
+		
+	}
+	
+	@Test
+	public void checkStudyAddressStreet() throws Exception {
+		checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressStreet, true);
+		
+	}
+	
+	private void checkBasicMappingInitialization(String eid4Uattr, String scope, boolean isComplexe) {
+		Assert.assertTrue((getMapper().isComplexeScope(scope) == isComplexe));
+
+		String eid4UattrRes = getMapper().geteIDASAttrFromScope(scope);
+		Assert.assertEquals(eid4Uattr, eid4UattrRes);
+
+		String scopeRes = getMapper().getTUGScopesForAttribute(eid4Uattr);
+		if (isComplexe) {
+			Assert.assertNotNull(scopeRes);
+			Assert.assertTrue(scopeRes.contains(scope));
+			
+		} else		
+			Assert.assertEquals(scope, scopeRes);
+		
+	}
+	
+	private void checkAddress() {
+		
+		
+	}
+	
+	private AttributeScopeMapper getMapper() {
+		if (mapper == null)
+			mapper = AttributeScopeMapper.getInstance();
+		
+		return mapper;
+	}
+	
+	
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml
new file mode 100644
index 000000000..7af79d60c
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+															
+</beans>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index e8cfae10a..7bb98c719 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -322,7 +322,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
 			try {
 				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-						PVPConstants.SSLSOCKETFACTORYNAME, 
+						PVPConstants.SSLSOCKETFACTORYNAME,
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 						moaAuthConfig.getTrustedCACertificates(),
 						null,
 						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
index b0736ff2e..cc987bfe7 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -56,7 +56,8 @@ public final class OAuth20Constants {
 	public static final String PARAM_SCOPE = "scope";
 	public static final String PARAM_MOA_MOD = "mod";
 	public static final String PARAM_MOA_ACTION = "action";
-
+	public static final String PARAM_OPENID_CODE = "openid_code";
+	
 	
 	// reponse parameters
 	public static final String RESPONSE_CODE = "code";
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 19fdb3fee..9779b0cf4 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -44,16 +44,20 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
@@ -95,8 +99,9 @@ public final class OAuth20AttributeBuilder {
 	private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>();
 	private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>();
 	private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>();
-	private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
-	private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+	private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();		
+	@Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+	
 	static {
 		// openId
 		buildersOpenId.add(new OpenIdIssuerAttribute());
@@ -120,11 +125,14 @@ public final class OAuth20AttributeBuilder {
 		buildersEID.add(new EIDAuthBlock());
 		buildersEID.add(new EIDSignerCertificate());
 		buildersEID.add(new BPKAttributeBuilder());
+		buildersEID.add(new BPKListAttributeBuilder());
+		buildersEID.add(new EncryptedBPKAttributeBuilder());
 		
 		// eID_gov
 		buildersEIDGov.add(new EIDSourcePIN());
 		buildersEIDGov.add(new EIDSourcePINType());
 		buildersEIDGov.add(new EIDIdentityLinkBuilder());
+		buildersEIDGov.add(new BPKListAttributeBuilder());
 		
 		// mandate
 		buildersMandate.add(new MandateTypeAttributeBuilder());
@@ -133,6 +141,8 @@ public final class OAuth20AttributeBuilder {
 		buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder());
+		buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder());
+		buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b00675e7c..3b300c824 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("OAuth20AuthAction")
-class OAuth20AuthAction implements IAction {
+public class OAuth20AuthAction implements IAction {
 	
 	@Autowired protected IRevisionLogger revisionsLogger;
 	@Autowired protected ITransactionStorage transactionStorage;
@@ -131,7 +131,7 @@ class OAuth20AuthAction implements IAction {
 		
 	}
 	
-	private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, 
+	public Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, 
 			OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
 		
 		// create response
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 0350a113c..4dc99262e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -24,19 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
 import at.gv.egovernment.moa.logging.Logger;
@@ -160,7 +161,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	}
 
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oAuthConfig) throws OAuth20Exception {
 		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
 		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
 		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
@@ -178,25 +179,23 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
 		}
 		
-		// check if client id and redirect uri are ok
-		try {
-			// OAOAUTH20 cannot be null at this point. check was done in base request
-			ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-			
-			
-			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
-					|| !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			this.setOnlineApplicationConfiguration(oAuthConfig);
-			Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+		// OAOAUTH20 cannot be null at this point. check was done in base request			
+		if (StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
+				|| StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+				|| StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+			throw new OAuth20OANotSupportedException();
 			
+		}
+					
+		if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+				|| !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+			throw new OAuth20AccessDeniedException();
 			
-		} catch (EAAFConfigurationException e) {
-			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
+		this.setOnlineApplicationConfiguration(oAuthConfig);
+		Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+		
 	}
 
 //	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 118de861c..9cceea7d5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -35,10 +35,8 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -77,21 +75,17 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 			}
 			
-			if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
-					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
-					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
-				throw new OAuth20OANotSupportedException();
-			}
+			// oAuth
+			this.populateSpecialParameters(request, authConfig, oaParam);
+			
+			// cleanup parameters
+			this.checkAllowedParameters(request);
+			
 		}
 		catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
-		
-		// oAuth
-		this.populateSpecialParameters(request, authConfig);
-		
-		// cleanup parameters
-		this.checkAllowedParameters(request);
+				
 	}
 	
 	private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException {
@@ -112,6 +106,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		
 	}
 	
-	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
+	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception;
 	
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 9f4174bf0..0952ba0a6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -21,10 +22,12 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
@@ -47,7 +50,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
 					PVPConstants.BPK_NAME
 			});
-		
+
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+	
 	public String getName() { 
 		return NAME;
 	}
@@ -68,12 +73,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//OpenID Connect auth request
 	@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
-	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-//			Logger.info("OpenID-Connect is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//			
-//		}
+	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException {
+		if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+			Logger.info("OpenID-Connect is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
+		}
 		
 		OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class);
 		try {			
@@ -102,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//openID Connect tokken request
 	@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
-	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-//			Logger.info("OpenID-Connect is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//			
-//		}
+	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException {
+		if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+			Logger.info("OpenID-Connect is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
+		}
 		
 		OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class);
 		try {			
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 89e4252b1..9a3613ea1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -24,20 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Component("OAuth20TokenRequest")
@@ -125,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 	}
 	
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception {
 		this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
 		this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
 		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
@@ -136,26 +136,21 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 			throw new OAuth20InvalidGrantException();
 		}
 		
-		// check if client id and secret are ok
-		try {
-			// OAOAUTH20 cannot be null at this point. check was done in base request
-			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-			
-			if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			this.setOnlineApplicationConfiguration(oaParam);
-			
+		// OAOAUTH20 cannot be null at this point. check was done in base request		
+		if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
+				|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)))
+			throw new OAuth20OANotSupportedException();
+									
+		if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
+			throw new OAuth20AccessDeniedException();
 		}
-		catch (EAAFConfigurationException e) {
-			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+		
+		if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
+			throw new OAuth20AccessDeniedException();
 		}
 		
+		this.setOnlineApplicationConfiguration(oaParam);
+		
 		Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID);
 		
 		//add valid parameters
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
index 87e9e933d..a8c4a941e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -55,6 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController {
 							}, 
 					method = {RequestMethod.POST, RequestMethod.GET})
 	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... ");		
 		signalProcessManagement(req, resp);
 	}
 	
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 6811d1016..0c97641c7 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -77,15 +77,20 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 				//validate eID data			
 				QualifiedeIDVerifier.verifyIdentityLink(idl, 
 						pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), 
-						(AuthConfiguration) authConfig);
+						(AuthConfiguration) authConfig);				
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
 				
+				
+				//validate AuthBlock
 				authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(
 							authBlockB64, 
 							pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), 
 							(AuthConfiguration) authConfig);
-				
+
 				QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult);
-			
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+								
+
 				//TODO: add LoA verification
 				
 			} catch (MOAIDException e) {
@@ -97,24 +102,21 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 					throw e;
 				
 			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
-			
-			
-			
+						
 			//add into session
 			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			moasession.setIdentityLink(idl);
 			moasession.setBkuURL(ccsURL);
-			//TODO: from AuthBlock
-			if (authBlockVerificationResult != null)
+			moasession.setQAALevel(LoA);
+			
+			if (authBlockVerificationResult != null) {
 				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime()));
-			else
+				moasession.setSignerCertificate(authBlockVerificationResult.getX509certificate());
+			
+			} else
 				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
 			
-			moasession.setQAALevel(LoA);
-
+			
 			//store pending request
 			requestStoreage.storePendingRequest(pendingReq);
 						
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
index 69e3e7995..0d6086118 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
@@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters {
 		return false;
 	}
 
+	@Override
+	public List<String> additionalbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 044366eb6..e7280f847 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -197,7 +198,7 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
 	 * @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList()
 	 */
 	@Override
-	public List<String> getEncbPKList() {
+	public List<Pair<String, String>> getEncbPKList() {
 		// TODO Auto-generated method stub
 		return null;
 	}
@@ -374,5 +375,23 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
 		return false;
 	}
 
+	@Override
+	public List<Pair<String, String>> getAdditionalbPKs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isIseIDNewDemoMode() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index c9bccb708..9e7a4fe8c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return null;
 	}
 
+	@Override
+	public List<String> additionalbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 }
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 8b232cf29..3a401d80e 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -38,10 +38,10 @@
   
   	<!-- Only for development to use SAML1 protocol
   			 SAML1 is removed from official OPB release -->
-  	<dependency>
+<!--   	<dependency>
   		<groupId>MOA.id.server.modules</groupId>
   		<artifactId>moa-id-module-eIDAS</artifactId>
-  	</dependency>
+  	</dependency> -->
   
 <!--     <dependency>
 			<groupId>MOA</groupId>
@@ -62,10 +62,10 @@
   		 <artifactId>moa-id-modul-citizencard_authentication</artifactId>
   	</dependency>
   	
-  	<dependency>
+<!--   	<dependency>
   		 <groupId>MOA.id.server.modules</groupId>
   		 <artifactId>moa-id-module-eIDAS</artifactId>
-  	</dependency>
+  	</dependency> -->
   	
   	    <dependency>
             <groupId>junit</groupId>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index c8f01f67d..64a4bae63 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
@@ -71,7 +72,13 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -338,7 +345,92 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
 				
 			}
-									
+			
+			//add additional bPKs and foreign bPKs in case of Austrian eID demo-mode
+			if (Boolean.parseBoolean(
+					oaParam.getConfigurationValue(
+							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
+							String.valueOf(false)))) {
+				Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... ");
+				
+				if (oaAttributes == null)
+					oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
+
+				try {
+					String additionalBpks = new BPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(additionalBpks)) {
+						Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				try {
+					String encryptedBpks = new EncryptedBPKAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(encryptedBpks)) {
+						Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				//for mandates
+				try {
+					String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(additionalMandatorBpks)) {
+						Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				try {
+					String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) {
+						Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
+					
+				}
+								
+			}
+						
 			String samlAssertion = null;
 			//add mandate info's
 			if (authData.isUseMandate()) {								
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 30d740a2a..20c66d7a2 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -41,11 +41,13 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -90,6 +92,8 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 					PVPConstants.EID_SOURCE_PIN_TYPE_NAME
 			});
 	
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+	
 	public String getName() {
 		return NAME;
 	}
@@ -102,11 +106,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 	
 	@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
 	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {		
-//		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
-//			Logger.info("SAML1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
-//			
-//		}
+		if (!moaAuthConfig.getAllowedProtocols().isSAML1Active()) {
+			Logger.info("SAML1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
+			
+		}
 		
 		SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class);
 		pendingReq.initialize(req, authConfig);
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index 06c9a341a..a86090178 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -65,4 +65,4 @@
 		</dependency>
 	</dependencies>
 	
-</project>
-\ No newline at end of file
+</project>
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2019-02-27 10:08:31 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2019-02-27 10:08:31 +0100
commit	d23e3745dd4a40196b03f937b9ba8c4ed840a108 (patch)
tree	2195fbe110c392728b3009aa545363540a94294e /id/server/modules
parent	86aa898406f539fd06129360c58c654afc62e904 (diff)
parent	f923a89436377f581c6e2ab6637024aa068bf9fb (diff)
download	moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.gz moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.bz2 moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.zip