4 files changed, 41 insertions, 16 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index b22941216..aa154b84b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -135,8 +135,10 @@ public class SingleLogOutAction implements IAction {
 					if (MiscUtil.isEmpty(ssoID)) {
 						Logger.warn("Can not find active Session. Single LogOut not possible!");
 						SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
-						LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
-						SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+						//LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+						LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
+						Logger.info("Sending SLO success message to requester ...");
+						SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());						
 						return null;
 						
 					} else {
@@ -147,7 +149,9 @@ public class SingleLogOutAction implements IAction {
 						} catch (MOADatabaseException e) {
 							Logger.warn("Can not find active Session. Single LogOut not possible!");
 							SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
-							LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+							//LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+							LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
+							Logger.info("Sending SLO success message to requester ...");
 							SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
 							return null;
 							
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index 01139d95c..50f42d928 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -43,6 +43,7 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.core.StatusMessage;
 import org.opensaml.saml2.core.StatusResponseType;
 import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.SSODescriptor;
 import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -348,17 +349,29 @@ public class SingleLogOutBuilder {
 	public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
 		MOARequest moaReq = (MOARequest) spRequest.getRequest();
 		EntityDescriptor metadata = moaReq.getEntityMetadata();
-		SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		
+		if (ssodesc == null) {
+			Logger.debug("No PVP SPSSO descriptor found --> search IDPSSO descriptor");
+			ssodesc = metadata.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
+						
+		}
+
+		if (ssodesc == null) {
+			Logger.error("Found no SLO ServiceDescriptor in Metadata");				
+			throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
 			
+		}
+		
 		SingleLogoutService sloService = null;			
-		for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+		for (SingleLogoutService el : ssodesc.getSingleLogoutServices()) {
 			if (el.getBinding().equals(spRequest.getBinding()))
 				sloService = el;
 		}
 		
 		if (sloService == null)  {
-			if (spsso.getSingleLogoutServices().size() != 0)		
-				sloService = spsso.getSingleLogoutServices().get(0);
+			if (ssodesc.getSingleLogoutServices().size() != 0)		
+				sloService = ssodesc.getSingleLogoutServices().get(0);
 		
 			else {
 				Logger.error("Found no SLO ServiceDescriptor in Metadata");				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index f0373e214..26b3bfbd1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -54,8 +54,7 @@ public class AssertionAttributeExtractor {
 		
 	private final List<String> minimalAttributeNameList = Arrays.asList(
 			PVPConstants.PRINCIPAL_NAME_NAME, 
-			PVPConstants.GIVEN_NAME_NAME,
-			PVPConstants.BIRTHDATE_NAME);
+			PVPConstants.GIVEN_NAME_NAME);
 	
 	
 	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
@@ -119,16 +118,21 @@ public class AssertionAttributeExtractor {
 		
 		//first check if a bPK or an encrypted bPK is available
 		if (attributs.containsKey(PVPConstants.ENC_BPK_LIST_NAME) || 
-				(attributs.containsKey(PVPConstants.BPK_NAME) && attributs.containsKey(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))) {
+				(attributs.containsKey(PVPConstants.BPK_NAME))) {			
 			boolean flag = true;
 			for (String attr : attributeNameList) {
-				if (!attributs.containsKey(attr))
+				if (!attributs.containsKey(attr)) {
 					flag = false;
+					Logger.debug("Assertion contains no Attribute " + attr);
+					
+				}
+					
 			}
 			
 			return flag;
 			
-		}			
+		}
+		Logger.debug("Assertion contains no bPK or encryptedbPK.");
 		return false;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index bb59e4cc1..257f9dac4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -197,10 +197,14 @@ public class SAMLVerificationEngine {
 						performSchemaValidation(saml2assertion.getDOM());
 											
 						Conditions conditions = saml2assertion.getConditions();
-						DateTime notbefore = conditions.getNotBefore();
-						DateTime notafter = conditions.getNotOnOrAfter();
-						if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
-							Logger.warn("PVP2 Assertion is out of Date");
+					DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
+					DateTime notafter = conditions.getNotOnOrAfter();
+					if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+						Logger.warn("PVP2 Assertion is out of Date. "
+								+ "{ Current : " + new DateTime() 
+								+ " NotBefore: " + notbefore 
+								+ " NotAfter : " + notafter
+								+ " }");;
 											
 						} else {
 							validatedassertions.add(saml2assertion);