19 files changed, 89 insertions, 64 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 1a8e0048b..6a7087c85 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -359,7 +359,7 @@ ServletResponseAware {
 				if (onlineapplication.getHjid() != null)
 					userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid());
 				
-				if (userdb != null && !authUser.isAdmin()) {
+				if (userdb != null && !userdb.isIsAdmin() ) {
 					try {
 						MailHelper.sendUserOnlineApplicationActivationMail(
 								userdb.getGivenname(), 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 75695d2db..f39fde6be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class DispatcherServlet extends AuthServlet{
 
@@ -329,6 +330,7 @@ public class DispatcherServlet extends AuthServlet{
 				SSOManager ssomanager = SSOManager.getInstance();
 				
 				String moasessionID = null;
+				String newSSOSessionId = null;
 				AuthenticationSession moasession = null;	
 				
 				//get SSO Cookie for Request
@@ -398,7 +400,6 @@ public class DispatcherServlet extends AuthServlet{
 						}
 					}
 					
-									
 					if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension  
 					{
 					
@@ -416,17 +417,13 @@ public class DispatcherServlet extends AuthServlet{
 						}
 						else {
 							
-							//TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
 							moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-							
-//							moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-//												AuthenticationManager.MOA_SESSION, null);
-							
+														
 							moasession = AuthenticationSessionStoreage.getSession(moasessionID);
 						}
 						
 						//save SSO session usage in Database				
-						String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+						newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
 					
 						if (newSSOSessionId != null) {
 							ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
@@ -449,16 +446,28 @@ public class DispatcherServlet extends AuthServlet{
 
 				}
 		
-				moduleAction.processRequest(protocolRequest, req, resp, moasession);
+				String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
 
 				RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
 				
 				if (needAuthentication) {
-					boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
-				
+					//boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
+					boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId);
+					
 					if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension 
-						&& !moasession.getUseMandate()) 
-					{
+						&& !moasession.getUseMandate()) { 
+					
+						try {
+							//Store OA specific SSO session information 
+							AuthenticationSessionStoreage.addSSOInformation(moasessionID, 
+									newSSOSessionId, assertionID, protocolRequest.getOAURL());
+														
+						} catch (AuthenticationException e) {
+							Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");
+							
+							authmanager.logout(req, resp, moasessionID);
+							isSSOSession = false;
+						}
 					
 					} else {
 						authmanager.logout(req, resp, moasessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index aa8a8d9a9..8a5462cc9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -8,7 +8,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 
 public interface IAction extends MOAIDAuthConstants {
-	public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) 
+	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) 
 			throws MOAIDException;
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index e8639a162..78140afc4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -112,7 +112,7 @@ public class SSOManager {
 
 	}
 	
-	public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
+	public String createSSOSessionInformations(String moaSessionID, String OAUrl) {
 		
 		String newSSOId = Random.nextRandom();
 			
@@ -123,15 +123,8 @@ public class SSOManager {
 			return null;
 		}
 		
-		try {
-			AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl);
-			
-			return newSSOId;			
-			
-		} catch (AuthenticationException e) {
-			Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");
-			return null;
-		}
+		return newSSOId;
+		
 	}
 	
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 59a5158bd..0fa5e3e8d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -11,12 +11,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
 
 public class AuthenticationAction implements IAction {
 
-	public void processRequest(IRequest req, HttpServletRequest httpReq,
+	public String processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 		
 		System.out.println("Process PVP2 auth request!");
 		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
-		RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+		return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
 	}
 
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 3d0fd80bd..beae42992 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -44,7 +44,7 @@ import at.gv.egovernment.moa.logging.Logger;
 
 public class MetadataAction implements IAction {
 
-	public void processRequest(IRequest req, HttpServletRequest httpReq,
+	public String processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 		try {
 
@@ -191,6 +191,8 @@ public class MetadataAction implements IAction {
 
 			httpResp.getOutputStream().close();
 
+			return null;
+			
 		} catch (Exception e) {
 			Logger.error("Failed to generate metadata", e);
 			throw new MOAIDException("pvp2.13", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
index 946f62066..313d323a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -1,9 +1,14 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
 
+import java.io.Serializable;
+
 import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 
-public class MOARequest {
+public class MOARequest implements Serializable{
+
+	private static final long serialVersionUID = 2395131650841669663L;
+	
 	private RequestAbstractType samlRequest;
 	private EntityDescriptor entityMetadata; 
 	private boolean verified = false;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index d479de2d7..89c273da6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -23,7 +23,7 @@ public class ArtifactResolution implements IRequestHandler {
 		return (obj.getSamlRequest() instanceof ArtifactResolve);
 	}
 
-	public void process(MOARequest obj, HttpServletRequest req,
+	public String process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
 		if (!handleObject(obj)) {
 			throw new MOAIDException("pvp2.13", null);
@@ -50,7 +50,8 @@ public class ArtifactResolution implements IRequestHandler {
 				Logger.error("Failed to resolve artifact", e);
 			}
 		}
-
+		
+		return null;
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 1444cdecf..ed56dbaaa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -39,7 +39,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		return (obj.getSamlRequest() instanceof AuthnRequest);
 	}
 
-	public void process(MOARequest obj, HttpServletRequest req,
+	public String process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
 		if (!handleObject(obj)) {
 			throw new MOAIDException("pvp2.13", null);
@@ -113,6 +113,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 			binding.encodeRespone(req, resp, authResponse, oaURL);
 			// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
 			
+			return assertion.getID();
+			
 		} catch (MessageEncodingException e) {
 			Logger.error("Message Encoding exception", e);
 			throw new MOAIDException("pvp2.01", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 458316c6d..c8a56e537 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -10,6 +10,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
 public interface IRequestHandler {
 	public boolean handleObject(MOARequest obj);
 
-	public void process(MOARequest obj, HttpServletRequest req,
+	public String process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index a043bfde5..50176b6dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -31,14 +31,13 @@ public class RequestManager {
 		handler.add(new ArtifactResolution());
 	}
 	
-	public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) 
+	public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) 
 			throws SAMLRequestNotSupported, MOAIDException {
 		Iterator<IRequestHandler> it = handler.iterator();
 		while(it.hasNext()) {
 			IRequestHandler handler = it.next();
 			if(handler.handleObject(obj)) {
-				handler.process(obj, req, resp, moasession);
-				return;
+				return handler.process(obj, req, resp, moasession);
 			}
 		}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 75825d92d..8dac55922 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 
 public class GetArtifactAction implements IAction {
 
-	public void processRequest(IRequest req, HttpServletRequest httpReq,
+	public String processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
 		
 //		HttpSession httpSession = httpReq.getSession();
@@ -117,30 +117,9 @@ public class GetArtifactAction implements IAction {
 				httpResp.addHeader("Location", redirectURL);
 				Logger.debug("REDIRECT TO: " + redirectURL);
 			}
-			// CONFIRMATION FOR SSO!
-			/*
-			 * OAAuthParameter oaParam =
-			 * AuthConfigurationProvider.getInstance().
-			 * getOnlineApplicationParameter(oaURL);
-			 * 
-			 * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
-			 * == null) { friendlyName = oaURL; }
-			 * 
-			 * 
-			 * LoginConfirmationBuilder builder = new
-			 * LoginConfirmationBuilder();
-			 * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
-			 * String form = builder.finish(oaURL, session.getIdentityLink()
-			 * .getName(), friendlyName);
-			 */
-
-			/*
-			 * resp.setContentType("text/html");
-			 * 
-			 * OutputStream out = resp.getOutputStream();
-			 * out.write(form.getBytes("UTF-8")); out.flush(); out.close();
-			 */
 
+			return authData.getAssertionID();
+			
 		} catch (WrongParametersException ex) {
 			// handleWrongParameters(ex, req, httpResp);
 			ex.printStackTrace();
@@ -163,6 +142,8 @@ public class GetArtifactAction implements IAction {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		}
+		
+		return null;
 	}
 
 	protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 89ed369f8..1089113b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -204,7 +204,7 @@ public class AuthenticationSessionStoreage {
 	}
 
 	public static void addSSOInformation(String moaSessionID, String SSOSessionID, 
-			String OAUrl) throws AuthenticationException {
+			String assertionID, String OAUrl) throws AuthenticationException {
 		
 		AuthenticatedSessionStore dbsession;
 		Transaction tx =  null;
@@ -237,6 +237,7 @@ public class AuthenticationSessionStoreage {
 				  activeOA.setOaurlprefix(OAUrl);
 				  activeOA.setMoasession(dbsession);
 				  activeOA.setCreated(new Date());
+				  activeOA.setAssertionSessionID(assertionID);
 				  
 				  List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();				  
 				  activeOAs.add(activeOA);
@@ -263,6 +264,9 @@ public class AuthenticationSessionStoreage {
 					
 					//send transaction
 					tx.commit();
+					
+					Logger.debug("Add SSO-Session login information for OA: " + OAUrl 
+							+ " and AssertionID: " + assertionID);
 			}
 			
 		} catch (MOADatabaseException e) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
index 057ccdef7..2d7d21989 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
@@ -44,7 +44,7 @@ public final class MOASessionDBUtils {
        //Create the SessionFactory
        Logger.debug("Creating initial MOASession session factory...");
               
-       config.configure();
+       config.configure("hibernate_moasession.cfg.xml");
        serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
        sessionFactory = config.buildSessionFactory(serviceRegistry);
        Logger.debug("Initial MOASession session factory successfully created.");
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
index b60075788..537f1ca79 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
@@ -44,7 +44,7 @@ public final class StatisticLogDBUtils {
        //Create the SessionFactory
        Logger.debug("Creating initial StatisicLogger session factory...");
               
-       config.configure();
+       config.configure("hibernate_statistic.cfg.xml");
        serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry();
        sessionFactory = config.buildSessionFactory(serviceRegistry);
        Logger.debug("Initial StatisicLogger session factory successfully created.");
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index ed865d70f..3c48efc7b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -20,6 +20,7 @@ import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
+import javax.persistence.Transient;
 
 import org.hibernate.annotations.DynamicUpdate;
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
index 3872397f7..2d3fdb665 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
@@ -31,6 +31,9 @@ public class OASessionStore implements Serializable{
 	@Column(name = "oaurlprefix", unique=false, nullable=false)
 	private String oaurlprefix;
 	
+	@Column(name = "assertionSessionID", unique=false, nullable=true)
+	private String assertionSessionID;
+	
 	@Column(name = "created", updatable=false, nullable=false)
 //    @Temporal(TemporalType.TIMESTAMP)
     private Date created;
@@ -75,8 +78,22 @@ public class OASessionStore implements Serializable{
 	public void setCreated(Date created) {
 		this.created = created;
 	}
-	
 
-    
+	/**
+	 * @return the assertionSessionID
+	 */
+	public String getAssertionSessionID() {
+		return assertionSessionID;
+	}
+
+	/**
+	 * @param assertionSessionID the assertionSessionID to set
+	 */
+	public void setAssertionSessionID(String assertionSessionID) {
+		this.assertionSessionID = assertionSessionID;
+	}
+
+
+
 }
 
diff --git a/id/server/moa-id-commons/src/main/resources/config/hibernate.cfg.xml b/id/server/moa-id-commons/src/main/resources/config/hibernate_moasession.cfg.xml
index 4841481b6..4841481b6 100644
--- a/id/server/moa-id-commons/src/main/resources/config/hibernate.cfg.xml
+++ b/id/server/moa-id-commons/src/main/resources/config/hibernate_moasession.cfg.xml
diff --git a/id/server/moa-id-commons/src/main/resources/config/hibernate_statistic.cfg.xml b/id/server/moa-id-commons/src/main/resources/config/hibernate_statistic.cfg.xml
new file mode 100644
index 000000000..aa77a9c67
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/config/hibernate_statistic.cfg.xml
@@ -0,0 +1,11 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE hibernate-configuration PUBLIC
+"-//Hibernate/Hibernate Configuration DTD 3.0//EN"
+"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
+
+<hibernate-configuration>
+    <session-factory>
+      <!-- MOA advanced statistic handling mapping files -->
+      <mapping class="at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog"/>
+    </session-factory>
+</hibernate-configuration>
\ No newline at end of file