1 files changed, 12 insertions, 5 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
index 9d397074b..7b159c73d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
@@ -208,7 +208,12 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
         if (!StringUtils.isEmpty(params.getAssertionConsumerUrl())) {
             addAssertionConsumerService();
         }
-        fillNameIDFormat(spSSODescriptor);
+        
+        //FIX: Austrian eIDAS node SP only needs persistent identifiers
+        NameIDFormat persistentFormat =
+                (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+        persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat());
+        spSSODescriptor.getNameIDFormats().add(persistentFormat);
         
         /**FIXME:
          * 	Double signing of SPSSODescribtor is not required
@@ -221,8 +226,8 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
         entityDescriptor.getRoleDescriptors().add(spSSODescriptor);
 
     }
-
-    private void fillNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException {
+    
+    private void fillIDPNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException {
         NameIDFormat persistentFormat =
                 (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
         persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat());
@@ -269,7 +274,9 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
                     .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getEncryptionCredential(), UsageType.ENCRYPTION));
         }
         idpSSODescriptor.addSupportedProtocol(params.getIdpSamlProtocol());
-        fillNameIDFormat(idpSSODescriptor);
+        
+        //Austrian eIDAS node IDP can provided persistent, transient, and unspecified identifiers
+        fillIDPNameIDFormat(idpSSODescriptor);
         
         
         if (params.getIdpEngine() != null) {
@@ -298,7 +305,7 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
 
     }
 
-    /*TODO: Only a work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
+    /* FIX: Work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
      * If we restrict the eIDAS Engine attribute definitions then also additional incoming attributes can not processed any more.
      */
     public ImmutableSortedSet<AttributeDefinition<?>> getAllSupportedAttributes() {