Uppdates:

* Version 1.5.2
* Added: undocumented useCondition and conditionLength configuration parameter (allows to add a saml:Conditions to the SAML assertiopn)

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1273 d688527b-c9ab-4aba-bd8d-4036d912da1d

9 files changed, 262 insertions, 43 deletions

diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index e1aeb2802..816e41df0 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -2,14 +2,14 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.5.1</version>
+		<version>1.5.2</version>
 	</parent>
 	
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-auth</artifactId>
 	<packaging>war</packaging>
-	<version>1.5.1</version>
+	<version>1.5.2</version>
 	<name>MOA ID-Auth WebService</name>
 	
 	<properties>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 9b266e00e..24d9452c2 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -2,14 +2,14 @@
 	<parent>

 		<groupId>MOA.id</groupId>

 		<artifactId>moa-id</artifactId>

-		<version>1.5.1</version>

+		<version>1.5.2</version>

 	</parent>

 

 	<modelVersion>4.0.0</modelVersion>

 	<groupId>MOA.id.server</groupId>

 	<artifactId>moa-id-lib</artifactId>

 	<packaging>jar</packaging>

-	<version>1.5.1</version>

+	<version>1.5.2</version>

 	<name>MOA ID API</name>

 

 	<properties>

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e86db4a5c..5ffff2787 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1508,6 +1508,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
         AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
           session.getPublicOAURLPrefix());
     boolean useUTC = oaParam.getUseUTC();
+    boolean useCondition = oaParam.getUseCondition();
+    int conditionLength = oaParam.getConditionLength();
     
     // builds authentication data and stores it together with a SAML artifact
     AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
@@ -1532,7 +1534,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
               session.getBkuURL(),
               session.getAssertionSignerCertificateBase64(),
               session.getAssertionBusinessService(),
-              session.getExtendedSAMLAttributesOA());
+              session.getExtendedSAMLAttributesOA(),
+              useCondition,
+              conditionLength);
           authData.setSamlAssertion(samlAssertion);
           
           String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
@@ -1661,11 +1665,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 //    	e.printStackTrace();
 //    }
     String mandateData = null;
+    boolean useCondition = false;
+    int conditionLength = -1;
 	try {
 		OAAuthParameter oaParam =
 		      AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
 		        session.getPublicOAURLPrefix());
 		boolean provideStammzahl = oaParam.getProvideStammzahl();
+		useCondition = oaParam.getUseCondition();
+		conditionLength = oaParam.getConditionLength();
 		if (!provideStammzahl) {
 			String isPrPerson = mandatePerson.getAttribute("xsi:type");
 					
@@ -1686,6 +1694,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
 	}
     
+	
     String samlAssertion =
     	new AuthenticationDataAssertionBuilder().buildMandate(
     			authData, 
@@ -1697,7 +1706,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     			session.getAssertionSignerCertificateBase64(),
     			session.getAssertionBusinessService(),
     			session.getSourceID(),
-    			session.getExtendedSAMLAttributesOA());
+    			session.getExtendedSAMLAttributesOA(),
+    			useCondition,
+    			conditionLength);
     authData.setSamlAssertion(samlAssertion);
           
     String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
@@ -1799,6 +1810,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
         AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
           session.getPublicOAURLPrefix());
     boolean useUTC = oaParam.getUseUTC();
+    boolean useCondition = oaParam.getUseCondition();
+    int conditionLength = oaParam.getConditionLength();
     AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
     
     
@@ -1811,7 +1824,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
           session.getBkuURL(),
           session.getAssertionSignerCertificateBase64(),
           session.getAssertionBusinessService(),
-          session.getExtendedSAMLAttributesOA());
+          session.getExtendedSAMLAttributesOA(),
+          useCondition,
+          conditionLength);
       authData.setSamlAssertion(samlAssertion);
       
       String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index b9e44544d..0742261a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -25,6 +25,7 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
 import java.text.MessageFormat;
+import java.util.Calendar;
 import java.util.List;
 
 import at.gv.egovernment.moa.id.BuildException;
@@ -32,6 +33,7 @@ import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
@@ -42,6 +44,10 @@ import at.gv.egovernment.moa.util.StringUtils;
  * @version $Id$
  */
 public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
+	
+	/** 5 minutes (=300 seconds) default length of the assertion */
+	private static int DEFAULT_CONDITIONS_LENGTH = 300;
+	
   /** private static String NL contains the NewLine representation in Java*/
 	private static final String NL = "\n";
 	/**
@@ -76,6 +82,38 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
 	  "</saml:Assertion>";
 	
 	/**
+	 * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built (with Conditions)
+	 */
+	private static final String AUTH_DATA_WITH_CONDITIONS =
+		"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+	  "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+	  " xmlns:si=''" +  XSI_NS_URI + "''" +
+    " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+    "<saml:Conditions NotBefore=''{3}'' NotOnOrAfter=''{4}''/>" + NL + 
+	  "	<saml:AttributeStatement>" + NL + 
+	  "		<saml:Subject>" + NL +
+	  "			<saml:NameIdentifier NameQualifier=''{5}''>{6}</saml:NameIdentifier>" + NL +
+	  "     <saml:SubjectConfirmation>" + NL +
+	  "       <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+	  "       <saml:SubjectConfirmationData>{7}{8}</saml:SubjectConfirmationData>" + NL +
+	  "     </saml:SubjectConfirmation>" + NL +
+	  "		</saml:Subject>" + NL +
+	  "		<saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+	  "			<saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+	  "		</saml:Attribute>" + NL +
+	  "		<saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+	  "			<saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
+	  "		</saml:Attribute>" + NL +
+      "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+      "     <saml:AttributeValue>{11}</saml:AttributeValue>" + NL +
+      "   </saml:Attribute>" + NL +
+      "{12}" +      
+	  "{13}" + 
+      "{14}" +
+	  "	</saml:AttributeStatement>" + NL +
+	  "</saml:Assertion>";
+	
+	/**
 	 * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
 	 */
 	private static final String AUTH_DATA_MANDATE =
@@ -108,6 +146,41 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
       "{13}" +
 	  "	</saml:AttributeStatement>" + NL +
 	  "</saml:Assertion>";
+	
+	/**
+	 * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
+	 */
+	private static final String AUTH_DATA_MANDATE_WITH_CONDITIONS =
+		"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+	  "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+	  " xmlns:si=''" +  XSI_NS_URI + "''" +
+    " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+    "<saml:Conditions NotBefore=''{3}'' NotOnOrAfter=''{4}''/>" + NL +
+	  "	<saml:AttributeStatement>" + NL + 
+	  "		<saml:Subject>" + NL +
+	  "			<saml:NameIdentifier NameQualifier=''{5}''>{6}</saml:NameIdentifier>" + NL +
+	  "     <saml:SubjectConfirmation>" + NL +
+	  "       <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+	  "       <saml:SubjectConfirmationData>{7}{8}</saml:SubjectConfirmationData>" + NL +
+	  "     </saml:SubjectConfirmation>" + NL +
+	  "		</saml:Subject>" + NL +
+	  "		<saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+	  "			<saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+	  "		</saml:Attribute>" + NL +
+	  "		<saml:Attribute AttributeName=''MandateData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+	  "			<saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
+	  "		</saml:Attribute>" + NL +
+	  "		<saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+	  "			<saml:AttributeValue>{11}</saml:AttributeValue>" + NL +
+	  "		</saml:Attribute>" + NL +
+      "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+      "     <saml:AttributeValue>{12}</saml:AttributeValue>" + NL +
+      "   </saml:Attribute>" + NL +
+      "{13}" +
+	  "{14}" + 
+      "{15}" +
+	  "	</saml:AttributeStatement>" + NL +
+	  "</saml:Assertion>";
 	/**
 	 * XML template for the <code>&lt;saml:Attribute&gt;</code> named <code>"isPublicAuthority"</code>,
 	 * to be inserted into the <code>&lt;saml:Assertion&gt;</code>
@@ -156,7 +229,9 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     String bkuURL,
     String signerCertificateBase64,
     boolean businessService,
-    List extendedSAMLAttributes) 
+    List extendedSAMLAttributes, 
+    boolean useCondition,
+    int conditionLength) 
   throws BuildException 
   {
   		
@@ -195,21 +270,51 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
   	String assertion;
     try {
     	
+    	if (!useCondition) {
+    		assertion = MessageFormat.format(AUTH_DATA, new Object[] {
+    		        authData.getAssertionID(), 
+    		        authData.getIssuer(), 
+    		        authData.getIssueInstant(), 
+    		        pkType,
+    		        pkValue, 
+    		        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
+    		        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
+    		        StringUtils.removeXMLDeclaration(xmlPersonData), 
+    		        isQualifiedCertificate,
+    		        bkuURL,
+    		        publicAuthorityAttribute,
+    		        signerCertificateAttribute,
+    		        buildExtendedSAMLAttributes(extendedSAMLAttributes)});	
+    	}
+    	else {
+    		Calendar cal = Calendar.getInstance();
+    		String notBefore = DateTimeUtils.buildDateTimeUTC(cal);
+    		if (conditionLength <= 0)
+    			cal.add(Calendar.SECOND, DEFAULT_CONDITIONS_LENGTH);
+    		else    		
+    			cal.add(Calendar.SECOND, conditionLength);
+    		
+    		String notOnOrAfter = DateTimeUtils.buildDateTimeUTC(cal);
+    		
+    		assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] {
+    		        authData.getAssertionID(), 
+    		        authData.getIssuer(), 
+    		        authData.getIssueInstant(), 
+    		        notBefore,
+    		        notOnOrAfter,
+    		        pkType,
+    		        pkValue, 
+    		        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
+    		        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
+    		        StringUtils.removeXMLDeclaration(xmlPersonData), 
+    		        isQualifiedCertificate,
+    		        bkuURL,
+    		        publicAuthorityAttribute,
+    		        signerCertificateAttribute,
+    		        buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+    	}
    	
-      assertion = MessageFormat.format(AUTH_DATA, new Object[] {
-        authData.getAssertionID(), 
-        authData.getIssuer(), 
-        authData.getIssueInstant(), 
-        pkType,
-        pkValue, 
-        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
-        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
-        StringUtils.removeXMLDeclaration(xmlPersonData), 
-        isQualifiedCertificate,
-        bkuURL,
-        publicAuthorityAttribute,
-        signerCertificateAttribute,
-        buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+      
     } catch (ParseException e) {
       Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
       throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
@@ -246,7 +351,9 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     String signerCertificateBase64,
     boolean businessService,
     String sourceID,
-    List extendedSAMLAttributes) 
+    List extendedSAMLAttributes,
+    boolean useCondition,
+    int conditionLength) 
   throws BuildException 
   {
   		
@@ -285,21 +392,59 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
   	String assertion;
     try {
     	
-      assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
-        authData.getAssertionID(), 
-        authData.getIssuer(), 
-        authData.getIssueInstant(), 
-        pkType,
-        pkValue, 
-        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
-        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
-        StringUtils.removeXMLDeclaration(xmlPersonData),
-        StringUtils.removeXMLDeclaration(xmlMandateData),
-        isQualifiedCertificate,
-        bkuURL,
-        publicAuthorityAttribute,
-        signerCertificateAttribute,
-        buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+    	
+    	
+    	if (!useCondition) {
+    		assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
+    		        authData.getAssertionID(), 
+    		        authData.getIssuer(), 
+    		        authData.getIssueInstant(), 
+    		        pkType,
+    		        pkValue, 
+    		        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
+    		        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
+    		        StringUtils.removeXMLDeclaration(xmlPersonData),
+    		        StringUtils.removeXMLDeclaration(xmlMandateData),
+    		        isQualifiedCertificate,
+    		        bkuURL,
+    		        publicAuthorityAttribute,
+    		        signerCertificateAttribute,
+    		        buildExtendedSAMLAttributes(extendedSAMLAttributes)});	
+    	}
+    	else {
+    		Calendar cal = Calendar.getInstance();
+    		String notBefore = DateTimeUtils.buildDateTimeUTC(cal);
+    		if (conditionLength <= 0)
+    			cal.add(Calendar.SECOND, DEFAULT_CONDITIONS_LENGTH);
+    		else    		
+    			cal.add(Calendar.SECOND, conditionLength);
+    		
+    		String notOnOrAfter = DateTimeUtils.buildDateTimeUTC(cal);
+    		
+    		assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] {
+    		        authData.getAssertionID(), 
+    		        authData.getIssuer(), 
+    		        authData.getIssueInstant(),
+    		        notBefore,
+    		        notOnOrAfter,
+    		        pkType,
+    		        pkValue, 
+    		        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
+    		        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
+    		        StringUtils.removeXMLDeclaration(xmlPersonData),
+    		        StringUtils.removeXMLDeclaration(xmlMandateData),
+    		        isQualifiedCertificate,
+    		        bkuURL,
+    		        publicAuthorityAttribute,
+    		        signerCertificateAttribute,
+    		        buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+    	}
+    	
+    	
+    	
+    	
+    	
+      
     } catch (ParseException e) {
       Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
       throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 8cc51bf93..b7b5bcce6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -24,6 +24,7 @@
 
 package at.gv.egovernment.moa.id.config;
 
+import iaik.ixsil.util.Utils;
 import iaik.pki.pathvalidation.ChainingModes;
 import iaik.utils.RFC2253NameParser;
 import iaik.utils.RFC2253NameParserException;
@@ -44,6 +45,8 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
 
+import com.sun.xml.internal.fastinfoset.stax.events.Util;
+
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.Schema;
 import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
@@ -580,9 +583,15 @@ public class ConfigurationBuilder {
         oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
         oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData")));
         oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC")));
+        oap.setUseCondition(BoolUtils.valueOf(authComponent.getAttribute("useCondition")));
+        oap.setConditionLength(buildConditionLength(authComponent.getAttribute("conditionLength")));        
         oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
         oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));        
       
+        System.out.println(publicURLPrefix);
+        System.out.println("useCondition: " + oap.getUseCondition());
+        System.out.println("conditionLength: " + oap.getConditionLength());
+        
         oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL));        
         // load OA specific transforms if present
         String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH);        
@@ -616,6 +625,19 @@ public class ConfigurationBuilder {
     return result;
 
   }
+
+  /**
+   * Returns the condition length as int
+   * @param length the condition length as int
+   * @return
+   */
+  private int buildConditionLength(String length) {
+
+      if (Util.isEmptyString(length))
+    	  return -1;
+      else 
+    	  return new Integer(length).intValue();
+  }
   
   /**
    * Builds the URL for a BKUSelectionTemplate or a Template. The method selects
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 65e21cbce..2959d9208 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -87,6 +87,12 @@ public class OAAuthParameter extends OAParameter {
   
   /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
   private boolean useUTC;
+  
+  /** determines wheter a saml:Condition is added to the SAML assertion or not */
+  private boolean useCondition;
+  
+  /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */
+  private int conditionLength;
   /**
    * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
    */
@@ -202,6 +208,22 @@ public class OAAuthParameter extends OAParameter {
     return useUTC;
   }
   
+  /**
+   * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+   * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+   */
+  public boolean getUseCondition() {
+    return useCondition;
+  }
+  
+  /**
+   * Returns the validity time of the SAML assertion (if useCondition is true) in seconds 
+   * @return the validity time of the SAML assertion (if useCondition is true) in seconds
+   */
+  public int getConditionLength() {
+	  return conditionLength;
+  }
+  
 
 /**
       * Returns the key box identifier.
@@ -325,6 +347,21 @@ public class OAAuthParameter extends OAParameter {
     this.useUTC = useUTC;
   } 
   
+  /**
+   * Sets the useCondition variable
+   * @param useCondition The useCondition value to set
+   */
+  public void setUseCondition(boolean useCondition) {
+	  this.useCondition = useCondition;
+  }
+  
+  /**
+   * Sets the conditionLength variable
+   * @param conditionLength the conditionLength value to set 
+   */
+  public void setConditionLength(int conditionLength) {
+	  this.conditionLength = conditionLength;
+  }
   
 
    /**
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
index a71fe0181..6e6092b3f 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -619,7 +619,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
         oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
       String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
       String samlAssertion = new AuthenticationDataAssertionBuilder().build(
-        authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null);
+        authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null, false, -1);
       authData.setSamlAssertion(samlAssertion);
       return authData;
     }
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 72a47385c..4590ae1d0 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,14 +4,14 @@
     <parent>

         <groupId>MOA</groupId>

         <artifactId>id</artifactId>

-        <version>1.5.1</version>

+        <version>1.5.2</version>

     </parent>

 

     <modelVersion>4.0.0</modelVersion>

     <groupId>MOA.id</groupId>

     <artifactId>moa-id</artifactId>

     <packaging>pom</packaging>

-    <version>1.5.1</version>

+    <version>1.5.2</version>

     <name>MOA ID Server</name>

 

     <modules>

diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index 50cb3e054..4e7ca3d3a 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -2,7 +2,7 @@
 	<parent>

 		<groupId>MOA.id</groupId>

 		<artifactId>moa-id</artifactId>

-		<version>1.5.1</version>

+		<version>1.5.2</version>

 	</parent>

 	

 	<properties>

@@ -13,7 +13,7 @@
 	<groupId>MOA.id.server</groupId>

 	<artifactId>moa-id-proxy</artifactId>

 	<packaging>war</packaging>

-	<version>1.5.1</version>

+	<version>1.5.2</version>

 	<name>MOA ID-Proxy WebService</name>

 	

 	<build>