aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/history.txt1
-rw-r--r--id/server/data/deploy/conf/moa-id/log4j.properties57
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties7
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml9
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml10
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml10
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml9
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml9
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml70
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/SignModule_outgoing.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml127
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml100
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml98
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml130
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jksbin3013 -> 0 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jksbin4592 -> 0 bytes
-rw-r--r--id/server/doc/handbook/config/config.html5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java71
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java1
27 files changed, 125 insertions, 674 deletions
diff --git a/id/history.txt b/id/history.txt
index c0b12dd1c..8d1495e30 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -8,6 +8,7 @@ Version MOA-ID Release 3.3.0: Änderungen seit Version MOA-ID 3.2.3
- Anpassungen des BKU Auswahl(OnlineBKU entfernt, Detection der lokalen BKU hinzugefügt)
- Anpassungen der Konfigurationsoberfläche (OnlineBKU entfernt)
- Bugfix - Problem mit openSAML welches unsignierte SAML2 AuthnRequests bei Redirect Binding ermöglicht
+ - Bugfix - Nicht spezifikationskonforme Validierung PVP2 AuthnRequest bezüglich NameIDPolicy
- Bugfix - Ungültig kodierter PVP2 Attributwert 'MANDATOR-NATURAL-PERSON-BPK'
- Bugfix - Updates an Endpunten um Cross-Site-Scripting (XSS) zu verhindern
- Code-Cleaning von unbenutzen Methoden und Klassen
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index f37100a5b..2c3b8a311 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -2,34 +2,57 @@
org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
# define log4j root loggers
-log4j.rootLogger=info, stdout
-log4j.logger.at.gv.egovernment.moa=info
-log4j.logger.at.gv.egovernment.moa.spss=info
-log4j.logger.iaik.server=info
-log4j.logger.at.gv.egovernment.moa.id=info,R
-log4j.logger.at.gv.egovernment.moa.id.proxy=info
-log4j.logger.eu.stork=info
-log4j.logger.org.hibernate=warn
+log4j.rootLogger=warn,stdout
+### MOA-ID process log ###
+log4j.logger.at.gv.egovernment.moa.id=info,moaid
+log4j.logger.at.gv.egovernment.moa.spss=info,moaid
+
+### process revision log with event-codes ###
+log4j.logger.at.gv.egiz.eventlog.plain.all=info,reversion
+
+### Signature verification and certificate proofing ####
+log4j.logger.at.gv.egovernment.moa.spss=info,moaspss
+log4j.logger.iaik.server=info,moaspss
+log4j.logger.pki=info,moaspss
+
+### ConfigTool Logs ####
log4j.logger.at.gv.egiz.components.configuration=info,CONFIGTOOL
-log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL R
+log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL
log4j.logger.at.gv.egovernment.moa.id.config.webgui=info,CONFIGTOOL
log4j.logger.at.gv.egovernment.moa.id.configuration=info,CONFIGTOOL
+
+### Log Appender ####
# configure the stdout appender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n
-# configure the rolling file appender (R)
-log4j.appender.R=org.apache.log4j.RollingFileAppender
-log4j.appender.R.File=${catalina.base}/logs/moa-id.log
-log4j.appender.R.MaxFileSize=10000KB
-log4j.appender.R.MaxBackupIndex=1
-log4j.appender.R.layout=org.apache.log4j.PatternLayout
-log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
+# configure the rolling file appender (moaid)
+log4j.appender.moaid=org.apache.log4j.RollingFileAppender
+log4j.appender.moaid.File=${catalina.base}/logs/moa-id.log
+log4j.appender.moaid.MaxFileSize=10000KB
+log4j.appender.moaid.MaxBackupIndex=1
+log4j.appender.moaid.layout=org.apache.log4j.PatternLayout
+log4j.appender.moaid.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
+
+# configure the rolling file appender (moaid)
+log4j.appender.moaspss=org.apache.log4j.RollingFileAppender
+log4j.appender.moaspss.File=${catalina.base}/logs/moa-spss.log
+log4j.appender.moaspss.MaxFileSize=10000KB
+log4j.appender.moaspss.MaxBackupIndex=1
+log4j.appender.moaspss.layout=org.apache.log4j.PatternLayout
+log4j.appender.moaspss.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
+
+log4j.appender.reversion=org.apache.log4j.RollingFileAppender
+log4j.appender.reversion.File=${catalina.base}/moa-id-reversion.log
+log4j.appender.reversion.MaxFileSize=10000KB
+log4j.appender.reversion.MaxBackupIndex=9999
+log4j.appender.reversion.layout=org.apache.log4j.PatternLayout
+log4j.appender.reversion.layout.ConversionPattern=%5p | %d{ISO8601} | %t | %m%n
-# configure the rolling file appender (R)
+# configure the rolling file appender (configtool)
log4j.appender.CONFIGTOOL=org.apache.log4j.RollingFileAppender
log4j.appender.CONFIGTOOL.File=${catalina.base}/logs/moa-id-webgui.log
log4j.appender.CONFIGTOOL.MaxFileSize=10000KB
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 15084b387..4228b0d3a 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -43,12 +43,6 @@ service.foreignidentities.acceptedServerCertificates=
service.foreignidentities.clientKeyStore=keys/....
service.foreignidentities.clientKeyStorePassword=
-##STORK 2
-stork.fakeIdL.active=false
-stork.fakeIdL.countries=
-stork.fakeIdL.keygroup=
-stork.documentservice.url=
-
##Protocol configuration##
#PVP2
protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
@@ -59,6 +53,7 @@ protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
protocols.pvp2.idp.ks.assertion.sign.keypassword=password
protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+protocols.pvp2.metadata.entitycategories.active=false
#OpenID connect (OAuth)
protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
diff --git a/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
deleted file mode 100644
index fc99cea79..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <BasicAuth>
- <UserID>MOAFamilyName</UserID>
- <Password>MOAGivenName</Password>
- </BasicAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
deleted file mode 100644
index 4d34c3646..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Header Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <HeaderAuth>
- <!-- zusaetzlicher Header GivenName -->
- <Header Name="X-MOAParameterGivenName" Value="MOAGivenName"></Header>
- <Header Name="X-MOAParameterFamilyName" Value="MOAFamilyName"></Header>
- </HeaderAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
deleted file mode 100644
index 979faca95..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Parameter Authentication verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <ParamAuth>
- <!-- URL Parameter GivenName und FamilyName -->
- <Parameter Name="GivenName" Value="MOAGivenName"></Parameter>
- <Parameter Name="FamilyName" Value="MOAFamilyName"></Parameter>
- </ParamAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
deleted file mode 100644
index edbfe7aa5..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <BasicAuth>
- <UserID>MOAFamilyName</UserID>
- <Password>MOAGivenName</Password>
- </BasicAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
deleted file mode 100644
index 2cff3bd67..000000000
--- a/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <BasicAuth>
- <UserID>MOAWBPK</UserID>
- <Password>MOAGivenName</Password>
- </BasicAuth>
-</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
deleted file mode 100644
index eca38ec8c..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
+++ /dev/null
@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<instances>
-
-
- <!-- Configuration name-->
- <instance name="outgoing">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_outgoing.xml" />
- </configuration>
-
- <!-- Settings module signature-->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_outgoing.xml" />
- </configuration>
- </instance>
-
- <instance name="incoming">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_incoming.xml" />
- </configuration>
-
- <!-- Settings module signature-->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
- </configuration>
- </instance>
-
-
- <instance name="incoming_attr">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_incoming_attr.xml" />
- </configuration>
-
- <!-- Settings module signature-->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_incoming_attr.xml" />
- </configuration>
- </instance>
-
-
- <instance name="VIDP">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_VIDP.xml" />
- </configuration>
-
- <!-- Settings module signature-->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_VIDP.xml" />
- </configuration>
- </instance>
-
-
-
-</instances>
diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml
deleted file mode 100644
index 68b15e667..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
deleted file mode 100644
index 68b15e667..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_outgoing.xml
deleted file mode 100644
index 7139c5a41..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/SignModule_outgoing.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">projects/stork2/code/moa-idspss/id/server/stork2-saml-engine/src/test/resources/storkDemoKeys.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo-cert, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
-</properties> \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
deleted file mode 100644
index 29973690e..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+++ /dev/null
@@ -1,127 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SAML constants for AuthnRequests and Responses.</comment>
-
- <!--
- Types of consent obtained from the user for this authentication and
- data transfer.
- Allow values: 'unspecified'.
- -->
- <entry key="consentAuthnRequest">unspecified</entry>
-
- <!--
- Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
- -->
- <entry key="consentAuthnResponse">obtained</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- -->
- <entry key="formatEntity">entity</entry>
-
- <!--Only HTTP-POST binding is only supported for inter PEPS-->
- <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
- <entry key="protocolBinding">HTTP-POST</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- <entry key="eIDSectorShare">true</entry>
- <entry key="eIDCrossSectorShare">true</entry>
- <entry key="eIDCrossBorderShare">true</entry>
- -->
-
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="friendlyName">false</entry>
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="isRequired">true</entry>
-
- <!--PEPS in the Service Provider's country-->
- <entry key="requester">https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest</entry>
-
- <!--PEPS in the citizen's origin country-->
- <entry key="responder">https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest</entry>
-
- <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
- <entry key="timeNotOnOrAfter">600</entry>
-
- <!--Validation IP of the response-->
- <entry key="ipAddrValidation">false</entry>
-
- <!--One time use-->
- <entry key="oneTimeUse">true</entry>
-
- <!--Subject Attribute Definitions-->
- <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
- <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
- <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
- <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
- <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
- <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
- <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
- <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
- <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
- <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
- <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
- <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
- <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
- <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
- <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
- <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
-
- <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
- <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
- <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
- <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
- <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
- <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-
- <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
- <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
-
-
- <entry key="diplomaSupplement">http://www.stork.gov.eu/1.0/diplomaSupplement</entry>
- <entry key="currentStudiesSupplement">http://www.stork.gov.eu/1.0/currentStudiesSupplement</entry>
- <entry key="isStudent">http://www.stork.gov.eu/1.0/isStudent</entry>
- <entry key="isAcademicStaff">http://www.stork.gov.eu/1.0/isAcademicStaff</entry>
- <entry key="isTeacherOf">http://www.stork.gov.eu/1.0/isTeacherOf</entry>
- <entry key="isCourseCoordinator">http://www.stork.gov.eu/1.0/isCourseCoordinator</entry>
- <entry key="isAdminStaff">http://www.stork.gov.eu/1.0/isAdminStaff</entry>
- <entry key="habilitation">http://www.stork.gov.eu/1.0/habilitation</entry>
- <entry key="Title">http://www.stork.gov.eu/1.0/Title</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
- <entry key="hasAccountInBank">http://www.stork.gov.eu/1.0/hasAccountInBank</entry>
- <entry key="isHealthCareProfessional">http://www.stork.gov.eu/1.0/isHealthCareProfessional</entry>
-
- <entry key="eLPIdentifier">http://www.stork.gov.eu/1.0/eLPIdentifier</entry>
- <entry key="legalName">http://www.stork.gov.eu/1.0/legalName</entry>
- <entry key="alternativeName">http://www.stork.gov.eu/1.0/alternativeName</entry>
- <entry key="type">http://www.stork.gov.eu/1.0/type</entry>
- <entry key="translatableType">http://www.stork.gov.eu/1.0/translatableType</entry>
- <entry key="status">http://www.stork.gov.eu/1.0/status</entry>
- <entry key="activity">http://www.stork.gov.eu/1.0/activity</entry>
- <entry key="registeredAddress">http://www.stork.gov.eu/1.0/registeredAddress</entry>
- <entry key="registeredCanonicalAddress">http://www.stork.gov.eu/1.0/registeredCanonicalAddress</entry>
- <entry key="contactInformation">http://www.stork.gov.eu/1.0/contactInformation</entry>
- <entry key="LPFiscalNumber">http://www.stork.gov.eu/1.0/LPFiscalNumber</entry>
- <entry key="mandate">http://www.stork.gov.eu/1.0/mandate</entry>
- <entry key="docRequest">http://www.stork.gov.eu/1.0/docRequest</entry>
-
- <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
- <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
- <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-
- <!-- ISA 1.18 attributes-->
- <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
- <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
-
- <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
-
-
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
deleted file mode 100644
index a817e29c0..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SAML constants for AuthnRequests and Responses.</comment>
-
- <!--
- Types of consent obtained from the user for this authentication and
- data transfer.
- Allow values: 'unspecified'.
- -->
- <entry key="consentAuthnRequest">unspecified</entry>
-
- <!--
- Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
- -->
- <entry key="consentAuthnResponse">obtained</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- -->
- <entry key="formatEntity">entity</entry>
-
- <!--Only HTTP-POST binding is only supported for inter PEPS-->
- <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
- <entry key="protocolBinding">HTTP-POST</entry>
-
-
-
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- <entry key="eIDSectorShare">true</entry>
- <entry key="eIDCrossSectorShare">true</entry>
- <entry key="eIDCrossBorderShare">true</entry>
- -->
-
-
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="friendlyName">false</entry>
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="isRequired">true</entry>
-
- <!--PEPS in the Service Provider's country-->
- <entry key="requester">http://S-PEPS.gov.xx</entry>
-
- <!--PEPS in the citizen's origin country-->
- <entry key="responder">http://C-PEPS.gov.xx</entry>
-
- <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
- <entry key="timeNotOnOrAfter">300</entry>
-
- <!--Validation IP of the response-->
- <entry key="ipAddrValidation">false</entry>
-
-
- <!--Subject Attribute Definitions-->
- <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
- <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
- <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
- <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
- <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
- <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
- <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
- <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
- <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
- <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
- <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
- <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
- <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
- <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
- <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
- <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
- <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
- <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
- <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
- <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
- <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
- <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
- <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-
- <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
- <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
- <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
- <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
- <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-
- <!-- ISA 1.18 attributes-->
- <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
- <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
-
- <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
-
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
deleted file mode 100644
index 33437c110..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SAML constants for AuthnRequests and Responses.</comment>
-
- <!--
- Types of consent obtained from the user for this authentication and
- data transfer.
- Allow values: 'unspecified'.
- -->
- <entry key="consentAuthnRequest">unspecified</entry>
-
- <!--
- Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
- -->
- <entry key="consentAuthnResponse">obtained</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- -->
- <entry key="formatEntity">entity</entry>
-
- <!--Only HTTP-POST binding is only supported for inter PEPS-->
- <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
- <entry key="protocolBinding">HTTP-POST</entry>
-
-
-
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- <entry key="eIDSectorShare">true</entry>
- <entry key="eIDCrossSectorShare">true</entry>
- <entry key="eIDCrossBorderShare">true</entry>
- -->
-
-
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="friendlyName">false</entry>
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="isRequired">true</entry>
-
- <!--PEPS in the Service Provider's country-->
- <entry key="requester">http://S-PEPS.gov.xx</entry>
-
- <!--PEPS in the citizen's origin country-->
- <entry key="responder">http://C-PEPS.gov.xx</entry>
-
- <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
- <entry key="timeNotOnOrAfter">300</entry>
-
- <!--Validation IP of the response-->
- <entry key="ipAddrValidation">false</entry>
-
-
- <!--Subject Attribute Definitions-->
- <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
- <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
- <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
- <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
- <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
- <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
- <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
- <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
- <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
- <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
- <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
- <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
- <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
- <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
- <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
- <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
- <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
- <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
- <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
- <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
- <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
- <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
- <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-
- <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
- <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
- <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
- <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
- <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-
- <!-- ISA 1.18 attributes-->
- <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
- <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
-
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
deleted file mode 100644
index b840b4fe5..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+++ /dev/null
@@ -1,130 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SAML constants for AuthnRequests and Responses.</comment>
-
- <!--
- Types of consent obtained from the user for this authentication and
- data transfer.
- Allow values: 'unspecified'.
- -->
- <entry key="consentAuthnRequest">unspecified</entry>
-
- <!--
- Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
- -->
- <entry key="consentAuthnResponse">obtained</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- -->
- <entry key="formatEntity">entity</entry>
-
- <!--Only HTTP-POST binding is only supported for inter PEPS-->
- <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
- <entry key="protocolBinding">HTTP-POST</entry>
-
-
-
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- <entry key="eIDSectorShare">true</entry>
- <entry key="eIDCrossSectorShare">true</entry>
- <entry key="eIDCrossBorderShare">true</entry>
- -->
-
-
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="friendlyName">false</entry>
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="isRequired">true</entry>
-
- <!--PEPS in the Service Provider's country-->
- <entry key="requester">http://S-PEPS.gov.xx</entry>
-
- <!--PEPS in the citizen's origin country-->
- <entry key="responder">http://C-PEPS.gov.xx</entry>
-
- <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
- <entry key="timeNotOnOrAfter">300</entry>
-
- <!--Validation IP of the response-->
- <entry key="ipAddrValidation">false</entry>
-
-
- <!--Subject Attribute Definitions-->
- <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
- <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
- <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
- <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
- <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
- <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
- <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
- <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
- <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
- <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
- <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
- <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
- <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
- <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
- <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
- <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
- <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
- <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
- <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
- <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
- <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
- <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
- <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-
- <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
- <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
-
-
- <entry key="diplomaSupplement">http://www.stork.gov.eu/1.0/diplomaSupplement</entry>
- <entry key="currentStudiesSupplement">http://www.stork.gov.eu/1.0/currentStudiesSupplement</entry>
- <entry key="isStudent">http://www.stork.gov.eu/1.0/isStudent</entry>
- <entry key="isAcademicStaff">http://www.stork.gov.eu/1.0/isAcademicStaff</entry>
- <entry key="isTeacherOf">http://www.stork.gov.eu/1.0/isTeacherOf</entry>
- <entry key="isCourseCoordinator">http://www.stork.gov.eu/1.0/isCourseCoordinator</entry>
- <entry key="isAdminStaff">http://www.stork.gov.eu/1.0/isAdminStaff</entry>
- <entry key="habilitation">http://www.stork.gov.eu/1.0/habilitation</entry>
- <entry key="Title">http://www.stork.gov.eu/1.0/Title</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
- <entry key="hasAccountInBank">http://www.stork.gov.eu/1.0/hasAccountInBank</entry>
- <entry key="isHealthCareProfessional">http://www.stork.gov.eu/1.0/isHealthCareProfessional</entry>
-
- <entry key="eLPIdentifier">http://www.stork.gov.eu/1.0/eLPIdentifier</entry>
- <entry key="legalName">http://www.stork.gov.eu/1.0/legalName</entry>
- <entry key="alternativeName">http://www.stork.gov.eu/1.0/alternativeName</entry>
- <entry key="type">http://www.stork.gov.eu/1.0/type</entry>
- <entry key="translatableType">http://www.stork.gov.eu/1.0/translatableType</entry>
- <entry key="status">http://www.stork.gov.eu/1.0/status</entry>
- <entry key="activity">http://www.stork.gov.eu/1.0/activity</entry>
- <entry key="registeredAddress">http://www.stork.gov.eu/1.0/registeredAddress</entry>
- <entry key="registeredCanonicalAddress">http://www.stork.gov.eu/1.0/registeredCanonicalAddress</entry>
- <entry key="contactInformation">http://www.stork.gov.eu/1.0/contactInformation</entry>
- <entry key="LPFiscalNumber">http://www.stork.gov.eu/1.0/LPFiscalNumber</entry>
- <entry key="mandate">http://www.stork.gov.eu/1.0/mandate</entry>
- <entry key="docRequest">http://www.stork.gov.eu/1.0/docRequest</entry>
-
-
- <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
- <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
- <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-
- <!-- ISA 1.18 attributes-->
- <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
- <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
-
- <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
-
-</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks b/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks
deleted file mode 100644
index f9baad202..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks
+++ /dev/null
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks b/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks
deleted file mode 100644
index efaeac86c..000000000
--- a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index e6b86204a..1972d2150 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -576,6 +576,11 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<td>password</td>
<td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
</tr>
+ <tr>
+ <td>protocols.pvp2.metadata.entitycategories.active</td>
+ <td>true / <strong>false</strong></td>
+ <td>Funktion zum Mappen einer in den Metadaten enthaltenen PVP EntityCategory auf ein Set von PVP Attributen, welche von MOA-ID returniert werden sollen.</td>
+ </tr>
</table>
<p>&nbsp;</p>
<h6><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h6>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 332604257..d3e340a90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1311,7 +1311,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
String value = properties.getProperty(key);
if (MiscUtil.isNotEmpty(value))
- return Boolean.valueOf(value);
+ return Boolean.valueOf(value.trim());
return defaultValue;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 216d7a8b1..cdb85c563 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -259,6 +259,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
} catch (MOAIDException e) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.info("Receive INVALID protocol request: " + samlRequest);
throw e;
} catch (Throwable e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 45539da3f..196aa47af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -373,7 +373,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
//get NameIDFormat from request
AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
- if (authnReq.getNameIDPolicy() != null) {
+ if (authnReq.getNameIDPolicy() != null &&
+ MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
nameIDFormat = authnReq.getNameIDPolicy().getFormat();
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 585aac805..7f6f9b88c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -51,6 +51,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -491,7 +492,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
- filterChain.getFilters().add(new PVPEntityCategoryFilter());
+ filterChain.getFilters().add(
+ new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER,
+ false)));
if (oaParam.isInderfederationIDP()) {
Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
index ab8fab5d1..4ae89466d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -28,6 +28,7 @@ import org.opensaml.saml2.core.NameIDPolicy;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moaspss.logging.Logger;
/**
* @author tlenz
@@ -41,17 +42,20 @@ public class AuthnRequestValidator {
NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
if (nameIDPolicy != null) {
String nameIDFormat = nameIDPolicy.getFormat();
-
- if ( !(nameIDFormat != null &&
- (NameID.TRANSIENT.equals(nameIDFormat) ||
- NameID.PERSISTENT.equals(nameIDFormat) ||
- NameID.UNSPECIFIED.equals(nameIDFormat))) ) {
-
- throw new NameIDFormatNotSupportedException(nameIDFormat);
+ if (nameIDFormat != null) {
+ if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
+ NameID.PERSISTENT.equals(nameIDFormat) ||
+ NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
- }
- }
-
+ throw new NameIDFormatNotSupportedException(nameIDFormat);
+
+ }
+
+ } else
+ Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");
+ } else
+ Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 679bdd10f..589713c4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -22,8 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-import iaik.x509.X509Certificate;
-
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
@@ -31,16 +29,15 @@ import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
import at.gv.egovernment.moa.logging.Logger;
+import iaik.x509.X509Certificate;
public class MetadataSignatureFilter implements MetadataFilter {
@@ -87,8 +84,9 @@ public class MetadataSignatureFilter implements MetadataFilter {
//CHECK if Entity also match MetaData signature.
/*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
+ Logger.debug("Validate metadata for entityID: " + entityID + " ..... ");
byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
-
+
if (entityCert != null) {
X509Certificate cert;
@@ -99,8 +97,10 @@ public class MetadataSignatureFilter implements MetadataFilter {
EntityVerifier.verify(desc, entityCrendential);
- //add entity to verified entity-list
+ //add entity to verified entity-list
verifiedEntIT.add(entity);
+ Logger.debug("Metadata for entityID: " + entityID + " valid");
+
} catch (Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
index 95d30db49..caabfea30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
@@ -54,6 +54,17 @@ import at.gv.egovernment.moaspss.logging.Logger;
public class PVPEntityCategoryFilter implements MetadataFilter {
+ private boolean isUsed = false;
+
+ /**
+ * Filter to map PVP EntityCategories into a set of single PVP attributes
+ *
+ * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
+ *
+ */
+ public PVPEntityCategoryFilter(boolean isUsed) {
+ this.isUsed = isUsed;
+ }
/* (non-Javadoc)
@@ -61,31 +72,38 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
*/
@Override
public void doFilter(XMLObject metadata) throws FilterException {
- String entityId = null;
- try {
- if (metadata instanceof EntitiesDescriptor) {
- Logger.trace("Find EnitiesDescriptor ... ");
- EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
- if (entitiesDesc.getEntityDescriptors() != null) {
- for (EntityDescriptor el : entitiesDesc.getEntityDescriptors())
- resolveEntityCategoriesToAttributes(el);
+
+ if (isUsed) {
+ Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
+ String entityId = null;
+ try {
+ if (metadata instanceof EntitiesDescriptor) {
+ Logger.trace("Find EnitiesDescriptor ... ");
+ EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
+ if (entitiesDesc.getEntityDescriptors() != null) {
+ for (EntityDescriptor el : entitiesDesc.getEntityDescriptors())
+ resolveEntityCategoriesToAttributes(el);
+
+ }
+
+ } else if (metadata instanceof EntityDescriptor) {
+ Logger.trace("Find EntityDescriptor");
+ resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
- }
-
- } else if (metadata instanceof EntityDescriptor) {
- Logger.trace("Find EntityDescriptor");
- resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
+
+ } else
+ throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
- } else
- throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-
-
-
- } catch (Exception e) {
- Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+
+ } catch (Exception e) {
+ Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+
+ }
- }
+ } else
+ Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
+
}
private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
@@ -94,6 +112,7 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
if (extensions != null) {
List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
if (listOfExt != null && !listOfExt.isEmpty()) {
+ Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
for (XMLObject el : listOfExt) {
Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
if (el instanceof EntityAttributes) {
@@ -132,9 +151,13 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
}
- }
- }
- }
+ }
+
+ } else
+ Logger.trace("'Extension' element is 'null' or empty");
+
+ } else
+ Logger.trace("No 'Extension' element found");
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 07b07d980..4dda4c736 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -13,6 +13,7 @@ public interface AuthConfiguration extends ConfigurationProvider{
public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname";
public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname";
+ public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active";
public static final String DEFAULT_X509_CHAININGMODE = "pkix";