1 files changed, 5 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 280b6495e..6527f03b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -90,6 +90,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -301,6 +302,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 			if(statusMessageValue != null) {
 				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
 			}
+						
 			
 		} else {
 			statusCode.setValue(StatusCode.RESPONDER_URI);
@@ -556,6 +558,9 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 		config.setPassiv(authReq.isPassive());
 		config.setForce(authReq.isForceAuthn());
 		
+		//validate AuthnRequest
+		AuthnRequestValidator.validate(authReq);
+		
 		String useMandate = request.getParameter(PARAM_USEMANDATE);
 		if(useMandate != null) {
 			if(useMandate.equals("true") && attributeConsumer != null) {