1 files changed, 14 insertions, 8 deletions

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index 6eabc0538..b89571fde 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -298,14 +298,20 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 			

 			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);

 

-

-			// first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled

-			// with ALL attributes when there is more than one assertion in the SAML2 STORK message.  

-			IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();

-

-			// if the list is empty, there was just one assertion... probably

-			if(attributeList.isEmpty())

-				attributeList = authnResponse.getPersonalAttributeList();

+			// fetch attribute list from response

+			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();

+			if(authnResponse.getAssertions().size() > 1) {

+				for(IPersonalAttributeList currentList : authnResponse.getPersonalAttributeLists()) {

+					for(PersonalAttribute currentAttribute : currentList.values()) {

+						if(!attributeList.containsKey(currentAttribute.getName()))

+							attributeList.add((PersonalAttribute) currentAttribute.clone());

+						else {

+							if(!attributeList.get(currentAttribute.getName()).getValue().equals(currentAttribute.getValue()))

+								throw new TaskExecutionException("data integrity failure", new Exception("data integrity failure: found non-matching values in multiple attributes of type " + currentAttribute.getName()));

+						}

+					}

+				}

+			}

 

 			// //////////// incorporate gender from parameters if not in stork response