69 files changed, 5576 insertions, 0 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesBuilder.java
new file mode 100644
index 000000000..74840e135
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesBuilder.java
@@ -0,0 +1,56 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
+
+/**
+ * The Class AuthenticationAttributesBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class AuthenticationAttributesBuilder extends
+	AbstractSAMLObjectBuilder<AuthenticationAttributes> {
+
+
+
+    /**
+     * Builds the object.
+     *
+     * @return the authentication attributes
+     */
+    public final AuthenticationAttributes buildObject() {
+	return buildObject(AuthenticationAttributes.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     * 
+     * @param namespaceURI the namespace URI
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * 
+     * @return the authentication attributes 
+     */
+    public final AuthenticationAttributes buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new AuthenticationAttributesImpl(namespaceURI, localName,
+		namespacePrefix);
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
new file mode 100644
index 000000000..1e43e7ec3
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
@@ -0,0 +1,109 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSignableSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class AuthenticationAttributesImpl.
+ * 
+ * @author fjquevedo
+ */
+public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObject implements
+AuthenticationAttributes {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationAttributesImpl.class.getName());
+
+    /** The indexed children. */
+    private VIDPAuthenticationAttributes vIDPAuthenAttr;
+
+    /**
+     * Instantiates a new authentication attributes implementation.
+     * 
+     * @param namespaceURI the namespace uri
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected AuthenticationAttributesImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {	
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+
+    /**
+     * Gets the ordered children.
+     * 
+     * @return the ordered children
+     * 
+     */
+    public List<XMLObject> getOrderedChildren() {
+	final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+	children.add(vIDPAuthenAttr);
+
+	if (getSignature() != null) {
+	    children.add(getSignature());
+	}
+
+	return Collections.unmodifiableList(children);
+    }
+
+    /**
+     * Gets the signature reference id.
+     * 
+     * @return the signature reference id
+     * 
+     */
+    public String getSignatureReferenceID() {	
+	return null;
+    }
+
+    /**
+     * Gets the vidp authentication attributes.
+     * 
+     * @return the VIDP authentication attributes
+     *
+     */
+    public VIDPAuthenticationAttributes getVIDPAuthenticationAttributes() {	
+	return vIDPAuthenAttr;
+    }
+
+    /**
+     * Sets the vidp authentication attributes.
+     * 
+     * @param newVIDPAuthenAttr the new vidp authen attr
+     *
+     */
+    public void setVIDPAuthenticationAttributes(
+	    final VIDPAuthenticationAttributes newVIDPAuthenAttr) {	
+	vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr);
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesMarshaller.java
new file mode 100644
index 000000000..698bf56b9
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesMarshaller.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+
+/**
+ * The Class AuthenticationAttributesMarshaller.
+ *
+ * @author fjquevedo
+ */
+public class AuthenticationAttributesMarshaller extends AbstractSAMLObjectMarshaller {
+
+
+
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesUnmarshaller.java
new file mode 100644
index 000000000..af3e5c234
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesUnmarshaller.java
@@ -0,0 +1,54 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+
+import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
+
+/**
+ * The Class AuthenticationAttributesUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class AuthenticationAttributesUnmarshaller extends
+	AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process child element.
+     * 
+     * @param parentObject the parent object
+     * @param childObject the child object
+     * 
+     * @throws UnmarshallingException the unmarshalling exception
+     *
+     */
+    protected final void processChildElement(final XMLObject parentObject,
+	    final XMLObject childObject) throws UnmarshallingException {
+	final AuthenticationAttributes attrStatement = (AuthenticationAttributes) parentObject;
+
+	if (childObject instanceof VIDPAuthenticationAttributes) {
+	    attrStatement.setVIDPAuthenticationAttributes((VIDPAuthenticationAttributes) childObject);
+	} else {
+	    super.processChildElement(parentObject, childObject);
+	}
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeBuilder.java
new file mode 100644
index 000000000..64651691f
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeBuilder.java
@@ -0,0 +1,50 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+
+/**
+ * The Class CitizenCountryCodeBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class CitizenCountryCodeBuilder extends AbstractSAMLObjectBuilder<CitizenCountryCode> {
+
+    /**
+     * Builds the object.
+     *
+     * @return the citizen country code
+     */
+    public final CitizenCountryCode buildObject() {
+	return buildObject(CitizenCountryCode.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the citizen country code
+     */
+    public final CitizenCountryCode buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new CitizenCountryCodeImpl(namespaceURI, localName, namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
new file mode 100644
index 000000000..4df8084a9
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
@@ -0,0 +1,82 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class CitizenCountryCodeImpl.
+ * 
+ * @author fjquevedo
+ */
+public class CitizenCountryCodeImpl extends AbstractSAMLObject implements CitizenCountryCode {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(CitizenCountryCodeImpl.class.getName());
+    /** The citizen country code. */
+    private String citizenCountryCode;
+    
+    /**
+     * Instantiates a new sP country impl.
+     * 
+     * @param namespaceURI the namespace uri
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */   
+    protected CitizenCountryCodeImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);	
+    }
+
+    /**
+     * Gets the citizen country code.
+     *
+     * @return the citizen country code
+     */
+    public final String getCitizenCountryCode() {
+	return citizenCountryCode;
+    }
+
+    /**
+     * Sets the citizen country code.
+     *
+     * @param newCitizenCountryCode the new citizen country code
+     */
+    public final void setCitizenCountryCode(final String newCitizenCountryCode) {
+	this.citizenCountryCode = prepareForAssignment(this.citizenCountryCode, newCitizenCountryCode);
+    }
+
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeMarshaller.java
new file mode 100644
index 000000000..decae04c5
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeMarshaller.java
@@ -0,0 +1,45 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+
+/**
+ * The Class SPCountryMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class CitizenCountryCodeMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Marshall element content.
+     *
+     * @param samlObject the SAML object
+     * @param domElement the DOM element
+     * @throws MarshallingException the marshalling exception
+     */
+    protected final void marshallElementContent(final XMLObject samlObject,
+	    final Element domElement) throws MarshallingException {
+	final CitizenCountryCode citizenCountryCode = (CitizenCountryCode) samlObject;
+	XMLHelper.appendTextContent(domElement, citizenCountryCode.getCitizenCountryCode());
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeUnmarshaller.java
new file mode 100644
index 000000000..93132b508
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeUnmarshaller.java
@@ -0,0 +1,41 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+
+/**
+ * The Class CitizenCountryCodeUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class CitizenCountryCodeUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process element content.
+     *
+     * @param samlObject the SAML object
+     * @param elementContent the element content
+     */
+    protected final void processElementContent(final XMLObject samlObject,
+	    final String elementContent) {
+	final CitizenCountryCode citizenCountryCode = (CitizenCountryCode) samlObject;
+	citizenCountryCode.setCitizenCountryCode(elementContent);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryBuilder.java
new file mode 100644
index 000000000..ca529d283
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryBuilder.java
@@ -0,0 +1,26 @@
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+import org.opensaml.common.xml.SAMLConstants;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+
+public class CustomAttributeQueryBuilder extends AbstractSAMLObjectBuilder<CustomAttributeQuery> {
+	/**
+     * Constructor.
+     */
+    public CustomAttributeQueryBuilder() {
+
+    }
+
+    /** {@inheritDoc} */
+    public CustomAttributeQuery buildObject() {
+        return buildObject(SAMLConstants.SAML20P_NS, CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME,
+                SAMLConstants.SAML20P_PREFIX);
+    }
+
+    /** {@inheritDoc} */
+    public CustomAttributeQuery buildObject(String namespaceURI, String localName, String namespacePrefix) {
+        return new CustomAttributeQueryImpl(namespaceURI, localName, namespacePrefix);
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java
new file mode 100644
index 000000000..e485827c8
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java
@@ -0,0 +1,65 @@
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.SubjectQueryImpl;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.XMLObjectChildrenList;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+
+
+public class CustomAttributeQueryImpl extends SubjectQueryImpl implements CustomAttributeQuery {
+	/** Attribute child elements. */
+    private final XMLObjectChildrenList<Attribute> attributes;
+    private String serviceURL;
+
+    /**
+     * Constructor.
+     * 
+     * @param namespaceURI the namespace the element is in
+     * @param elementLocalName the local name of the XML element this Object represents
+     * @param namespacePrefix the prefix for the given namespace
+     */
+    protected CustomAttributeQueryImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+        super(namespaceURI, elementLocalName, namespacePrefix);
+        attributes = new XMLObjectChildrenList<Attribute>(this);
+    }
+
+    /** {@inheritDoc} */
+    public List<Attribute> getAttributes() {
+        return attributes;
+    }
+
+    /** {@inheritDoc} */
+    public List<XMLObject> getOrderedChildren() {
+        ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+        if (super.getOrderedChildren() != null) {
+            children.addAll(super.getOrderedChildren());
+        }
+        children.addAll(attributes);
+
+        if (children.size() == 0) {
+            return null;
+        }
+
+        return Collections.unmodifiableList(children);
+    }
+
+	@Override
+	public String getAssertionConsumerServiceURL() {
+		// TODO Auto-generated method stub
+		return this.serviceURL;
+	}
+
+	@Override
+	public void setAssertionConsumerServiceURL(String newServiceUrl) {
+		// TODO Auto-generated method stub
+		this.serviceURL = newServiceUrl;
+	}
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryMarshaller.java
new file mode 100644
index 000000000..51b6a20f8
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryMarshaller.java
@@ -0,0 +1,50 @@
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.impl.SubjectQueryMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.CustomRequestAbstractType;
+
+public class CustomAttributeQueryMarshaller extends SubjectQueryMarshaller {
+	
+	/** {@inheritDoc} */
+    protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException {
+        CustomRequestAbstractType req = (CustomRequestAbstractType) samlObject;
+
+        if (req.getVersion() != null) {
+            domElement.setAttributeNS(null, RequestAbstractType.VERSION_ATTRIB_NAME, req.getVersion().toString());
+        }
+
+        if (req.getID() != null) {
+            domElement.setAttributeNS(null, RequestAbstractType.ID_ATTRIB_NAME, req.getID());
+            domElement.setIdAttributeNS(null, RequestAbstractType.ID_ATTRIB_NAME, true);
+        }
+
+        if (req.getVersion() != null) {
+            domElement.setAttributeNS(null, RequestAbstractType.VERSION_ATTRIB_NAME, req.getVersion().toString());
+        }
+
+        if (req.getIssueInstant() != null) {
+            String iiStr = Configuration.getSAMLDateFormatter().print(req.getIssueInstant());
+            domElement.setAttributeNS(null, RequestAbstractType.ISSUE_INSTANT_ATTRIB_NAME, iiStr);
+        }
+
+        if (req.getDestination() != null) {
+            domElement.setAttributeNS(null, RequestAbstractType.DESTINATION_ATTRIB_NAME, req.getDestination());
+        }
+        
+        if (req.getAssertionConsumerServiceURL() != null) {
+            domElement.setAttributeNS(null, CustomRequestAbstractType.ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME, req.getAssertionConsumerServiceURL());
+        }
+
+        if (req.getConsent() != null) {
+            domElement.setAttributeNS(null, RequestAbstractType.CONSENT_ATTRIB_NAME, req.getConsent());
+        }
+    }
+
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryUnmarshaller.java
new file mode 100644
index 000000000..f28ec1fef
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryUnmarshaller.java
@@ -0,0 +1,114 @@
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.joda.time.DateTime;
+import org.joda.time.chrono.ISOChronology;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.impl.SubjectQueryUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.AbstractXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.CustomRequestAbstractType;
+
+public class CustomAttributeQueryUnmarshaller extends SubjectQueryUnmarshaller {
+	
+	private final Logger log = LoggerFactory.getLogger(AbstractXMLObjectUnmarshaller.class);
+	/** {@inheritDoc} */
+    protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
+            throws UnmarshallingException {
+        CustomAttributeQuery query = (CustomAttributeQuery) parentSAMLObject;
+
+        if (childSAMLObject instanceof Attribute) {
+            query.getAttributes().add((Attribute) childSAMLObject);
+        } else {
+            super.processChildElement(parentSAMLObject, childSAMLObject);
+        }
+    }
+    
+    /** {@inheritDoc} */
+    public XMLObject unmarshall(Element domElement) throws UnmarshallingException {
+        if (log.isTraceEnabled()) {
+            log.trace("Starting to unmarshall DOM element {}", XMLHelper.getNodeQName(domElement));
+        }
+        
+        checkElementIsTarget(domElement);
+
+        //String namespaceURI, String elementLocalName, String namespacePrefix
+        XMLObject xmlObject = new CustomAttributeQueryImpl(SAMLConstants.SAML20P_NS, CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME,
+                SAMLConstants.SAML20P_PREFIX);
+
+        if (log.isTraceEnabled()) {
+            log.trace("Unmarshalling attributes of DOM Element {}", XMLHelper.getNodeQName(domElement));
+        }
+        
+        NamedNodeMap attributes = domElement.getAttributes();
+        Node attribute;
+        for (int i = 0; i < attributes.getLength(); i++) {
+            attribute = attributes.item(i);
+
+            // These should allows be attribute nodes, but just in case...
+            if (attribute.getNodeType() == Node.ATTRIBUTE_NODE) {
+                unmarshallAttribute(xmlObject, (Attr) attribute);
+            }
+        }
+
+        if (log.isTraceEnabled()) {
+            log.trace("Unmarshalling other child nodes of DOM Element {}", XMLHelper.getNodeQName(domElement));
+        }
+        
+        Node childNode = domElement.getFirstChild();
+        while (childNode != null) {
+
+            if (childNode.getNodeType() == Node.ATTRIBUTE_NODE) {
+                unmarshallAttribute(xmlObject, (Attr) childNode);
+            } else if (childNode.getNodeType() == Node.ELEMENT_NODE) {
+                unmarshallChildElement(xmlObject, (Element) childNode);
+            } else if (childNode.getNodeType() == Node.TEXT_NODE
+                    || childNode.getNodeType() == Node.CDATA_SECTION_NODE) {
+                unmarshallTextContent(xmlObject, (Text) childNode);
+            }
+            
+            childNode = childNode.getNextSibling();
+        }
+
+        xmlObject.setDOM(domElement);
+        return xmlObject;
+    }
+    
+    /** {@inheritDoc} */
+    protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
+        CustomRequestAbstractType req = (CustomRequestAbstractType) samlObject;
+
+        if (attribute.getLocalName().equals(RequestAbstractType.VERSION_ATTRIB_NAME)) {
+            req.setVersion(SAMLVersion.valueOf(attribute.getValue()));
+        } else if (attribute.getLocalName().equals(RequestAbstractType.ID_ATTRIB_NAME)) {
+            req.setID(attribute.getValue());
+            attribute.getOwnerElement().setIdAttributeNode(attribute, true);
+        } else if (attribute.getLocalName().equals(RequestAbstractType.ISSUE_INSTANT_ATTRIB_NAME)
+                && !DatatypeHelper.isEmpty(attribute.getValue())) {
+            req.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
+        } else if (attribute.getLocalName().equals(RequestAbstractType.DESTINATION_ATTRIB_NAME)) {
+            req.setDestination(attribute.getValue());
+        } else if (attribute.getLocalName().equals(RequestAbstractType.CONSENT_ATTRIB_NAME)) {
+            req.setConsent(attribute.getValue());
+        } else if (attribute.getLocalName().equals(CustomRequestAbstractType.ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME)) {
+        	req.setAssertionConsumerServiceURL(attribute.getValue());
+        }else {
+            super.processAttribute(samlObject, attribute);
+        }
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareBuilder.java
new file mode 100644
index 000000000..b939da776
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareBuilder.java
@@ -0,0 +1,52 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+
+/**
+ * The Class EIDCrossBorderShareBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class EIDCrossBorderShareBuilder extends	AbstractSAMLObjectBuilder<EIDCrossBorderShare> {
+
+
+	/**
+	 * Builds the object.
+	 *
+	 * @return the identifier cross border share
+	 */
+	public final EIDCrossBorderShare buildObject() {
+		return buildObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
+	}
+
+
+	/**
+	 * Builds the object.
+	 *
+	 * @param namespaceURI the namespace uri
+	 * @param localName the local name
+	 * @param namespacePrefix the namespace prefix
+	 * @return the eID cross border share
+	 */
+	public final EIDCrossBorderShare buildObject(final String namespaceURI,
+			final String localName, final String namespacePrefix) {
+		return new EIDCrossBorderShareImpl(namespaceURI, localName, namespacePrefix);
+	}
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
new file mode 100644
index 000000000..50a997031
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
@@ -0,0 +1,87 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class EIDCrossBorderShareImpl.
+ * 
+ * @author fjquevedo
+ */
+public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements
+	EIDCrossBorderShare {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(EIDCrossBorderShareImpl.class.getName());
+	/** The citizen country code. */
+    private String eIDCrossBorderShare;
+
+    /**
+     * Instantiates a new eID cross border share implementation.
+     * 
+     * @param namespaceURI the namespace URI
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected EIDCrossBorderShareImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+    
+    
+    
+    /**
+     * Gets the eID cross border share.
+     *
+     * @return the eID cross border share
+     */
+    public final String getEIDCrossBorderShare() {
+    	return eIDCrossBorderShare;
+    }
+
+
+    /**
+     * Sets the eID cross border share.
+     *
+     * @param newEIDCrossBorderShare the new eID cross border share
+     */
+    public final void setEIDCrossBorderShare(String newEIDCrossBorderShare) {
+    	this.eIDCrossBorderShare = prepareForAssignment(this.eIDCrossBorderShare, newEIDCrossBorderShare);
+    }
+    
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     * {@inheritDoc}
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareMarshaller.java
new file mode 100644
index 000000000..58fa8af65
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareMarshaller.java
@@ -0,0 +1,47 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+
+
+/**
+ * The Class EIDCrossBorderShareMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class EIDCrossBorderShareMarshaller extends AbstractSAMLObjectMarshaller {
+
+
+	/**
+	 * Marshall element content.
+	 *
+	 * @param samlObject the SAML object
+	 * @param domElement the DOM element
+	 * @throws MarshallingException the marshalling exception
+	 */
+	protected final void marshallElementContent(final XMLObject samlObject,
+			final Element domElement) throws MarshallingException {
+		final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) samlObject;
+		XMLHelper.appendTextContent(domElement, crossBorderShare.getEIDCrossBorderShare());
+	}
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareUnmarshaller.java
new file mode 100644
index 000000000..457e70c23
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareUnmarshaller.java
@@ -0,0 +1,43 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+
+/**
+ * The Class EIDCrossBorderShareUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class EIDCrossBorderShareUnmarshaller extends
+		AbstractSAMLObjectUnmarshaller {
+
+
+	/**
+	 * Process element content.
+	 *
+	 * @param samlObject the SAML object
+	 * @param elementContent the element content
+	 */
+	protected final void processElementContent(final XMLObject samlObject,
+			final String elementContent) {
+		final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) samlObject;
+		crossBorderShare.setEIDCrossBorderShare(elementContent);
+	}
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareBuilder.java
new file mode 100644
index 000000000..9683d2ad8
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareBuilder.java
@@ -0,0 +1,52 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+
+/**
+ * The Class EIDCrossSectorShareBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class EIDCrossSectorShareBuilder extends
+	AbstractSAMLObjectBuilder<EIDCrossSectorShare> {
+
+    /**
+     * Builds the object.
+     *
+     * @return the eID cross sector share
+     */
+    public final EIDCrossSectorShare buildObject() {
+	return buildObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the eID cross sector share implementation
+     */
+    public final EIDCrossSectorShareImpl buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new EIDCrossSectorShareImpl(namespaceURI, localName,
+		namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
new file mode 100644
index 000000000..30502f429
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The Class EIDCrossSectorShareImpl.
+ * 
+ * @author fjquevedo
+ */
+public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements
+	EIDCrossSectorShare {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(EIDCrossSectorShareImpl.class.getName());
+	/** The citizen country code. */
+    private String eIDCrossSectorShare;
+
+
+    /**
+     * Instantiates a new eID cross sector share implementation.
+     * 
+     * @param namespaceURI the namespace URI
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected EIDCrossSectorShareImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+    
+    
+  
+    /**
+     * Gets the eID cross sector share.
+     *
+     * @return the eID cross sector share
+     */
+    public final String getEIDCrossSectorShare() {
+    	return eIDCrossSectorShare;
+    }
+
+
+    /**
+     * Sets the eID cross sector share.
+     *
+     * @param newEIDCrossSectorShare the new eID cross sector share
+     */
+    public final void setEIDCrossSectorShare(String newEIDCrossSectorShare) {
+    	this.eIDCrossSectorShare = prepareForAssignment(this.eIDCrossSectorShare, newEIDCrossSectorShare);
+    }
+    
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareMarshaller.java
new file mode 100644
index 000000000..dfd2b81dc
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareMarshaller.java
@@ -0,0 +1,46 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+
+
+/**
+ * The Class EIDCrossSectorShareMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class EIDCrossSectorShareMarshaller extends AbstractSAMLObjectMarshaller {
+
+	/**
+	 * Marshall element content.
+	 *
+	 * @param samlObject the SAML object
+	 * @param domElement the DOM element
+	 * @throws MarshallingException the marshalling exception
+	 */
+	protected final void marshallElementContent(final XMLObject samlObject,
+			final Element domElement) throws MarshallingException {
+		final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) samlObject;
+		XMLHelper.appendTextContent(domElement, crossSectorShare.getEIDCrossSectorShare());
+	}
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareUnmarshaller.java
new file mode 100644
index 000000000..6a9711ca2
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareUnmarshaller.java
@@ -0,0 +1,47 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+
+/**
+ * The Class EIDCrossSectorShareUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class EIDCrossSectorShareUnmarshaller extends
+	AbstractSAMLObjectUnmarshaller {
+
+	/**
+	 * Process element content.
+	 *
+	 * @param samlObject the SAML object
+	 * @param domElement the DOM element
+	 * @throws MarshallingException the marshalling exception
+	 */
+	protected final void processElementContent(final XMLObject samlObject,
+			final String domElement)  {
+
+		final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) samlObject;
+		crossSectorShare.setEIDCrossSectorShare(domElement);
+	}
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareBuilder.java
new file mode 100644
index 000000000..75062dc69
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareBuilder.java
@@ -0,0 +1,51 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+
+/**
+ * The Class EIDSectorShareBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class EIDSectorShareBuilder extends
+	AbstractSAMLObjectBuilder<EIDSectorShare> {
+
+    /**
+     * Builds the object.
+     *
+     * @return the eID sector share
+     */
+    public final EIDSectorShare buildObject() {
+	return buildObject(EIDSectorShare.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the eID sector share
+     */
+    public final EIDSectorShare buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new EIDSectorShareImpl(namespaceURI, localName, namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java
new file mode 100644
index 000000000..c548841f7
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java
@@ -0,0 +1,85 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+// TODO: Auto-generated Javadoc
+/**
+ * The Class EIDSectorShareImpl.
+ * 
+ * @author fjquevedo
+ */
+public class EIDSectorShareImpl extends AbstractSAMLObject implements
+	EIDSectorShare {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(EIDSectorShareImpl.class.getName());
+	
+    /** The e id sector share. */
+    private String eIDSectorShare;
+    /**
+     * Instantiates a new eID sector share implementation.
+     * 
+     * @param namespaceURI the namespace URI
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected EIDSectorShareImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+    
+    
+    /**
+     * Gets the eID sector share.
+     *
+     * @return the eID sector share
+     */
+    public final String getEIDSectorShare() {
+    	return eIDSectorShare;	
+    }
+
+    /**
+     * Sets the eID sector share.
+     *
+     * @param newEIDSectorShare the new eID sector share
+     */
+    public final void setEIDSectorShare(String newEIDSectorShare) {
+    	this.eIDSectorShare = prepareForAssignment(this.eIDSectorShare, newEIDSectorShare);
+    }
+    
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareMarshaller.java
new file mode 100644
index 000000000..87ab23660
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareMarshaller.java
@@ -0,0 +1,46 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.saml2.core.impl.AbstractNameIDTypeMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+
+/**
+ * The Class EIDSectorShareMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class EIDSectorShareMarshaller extends AbstractSAMLObjectMarshaller {
+
+	/**
+	 * Marshall element content.
+	 *
+	 * @param samlObject the SAML object
+	 * @param domElement the DOM element
+	 * @throws MarshallingException the marshalling exception
+	 */
+	protected final void marshallElementContent(final XMLObject samlObject,
+			final Element domElement) throws MarshallingException {
+		final EIDSectorShare sectorShare = (EIDSectorShare) samlObject;
+		XMLHelper.appendTextContent(domElement, sectorShare.getEIDSectorShare());
+	}
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareUnmarshaller.java
new file mode 100644
index 000000000..9c661813f
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareUnmarshaller.java
@@ -0,0 +1,47 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+
+
+/**
+ * The Class EIDSectorShareUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class EIDSectorShareUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+
+	/**
+	 * Process element content.
+	 *
+	 * @param samlObject the SAML object
+	 * @param domElement the DOM element
+	 * @throws MarshallingException the marshalling exception
+	 */
+	protected final void processElementContent(final XMLObject samlObject,
+			final String domElement)  {
+		final EIDSectorShare sectorShare = (EIDSectorShare) samlObject;
+		sectorShare.setEIDSectorShare(domElement);
+	}
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeBuilder.java
new file mode 100644
index 000000000..41676931b
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeBuilder.java
@@ -0,0 +1,52 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+
+/**
+ * The Class QAAAttributeBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class QAAAttributeBuilder extends
+	AbstractSAMLObjectBuilder<QAAAttribute> {
+
+    /**
+     * Builds the object.
+     *
+     * @return the quality authentication assurance object
+     */
+    public final QAAAttribute buildObject() {
+	return buildObject(QAAAttribute.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the quality authentication assurance object
+
+     */
+    public final QAAAttribute buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new QAAAttributeImpl(namespaceURI, localName, namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
new file mode 100644
index 000000000..c08986026
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
@@ -0,0 +1,84 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class QAAAttributeImpl.
+ * 
+ * @author fjquevedo
+ */
+public class QAAAttributeImpl extends AbstractSAMLObject implements
+	QAAAttribute {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(QAAAttributeImpl.class.getName());
+    /** The quality authentication assurance level. */
+    private String qaaLevel;
+
+    /**
+     * Constructor.
+     * 
+     * @param namespaceURI the namespace the element is in
+     * @param elementLocalName the local name of the XML element this Object
+     * represents
+     * @param namespacePrefix the prefix for the given namespace
+     */
+    protected QAAAttributeImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+
+    /**
+     * Gets the quality authentication assurance level.
+     *
+     * @return the quality authentication assurance level
+     */
+    public final String getQaaLevel() {
+	return qaaLevel;
+    }
+
+    /**
+     * Sets the quality authentication assurance level.
+     *
+     * @param newQaaLevel the new quality authentication assurance level
+     */
+    public final void setQaaLevel(final String newQaaLevel) {
+	this.qaaLevel = prepareForAssignment(this.qaaLevel, newQaaLevel);
+    }
+
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeMarshaller.java
new file mode 100644
index 000000000..000879368
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeMarshaller.java
@@ -0,0 +1,45 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+
+/**
+ * The Class QAAAttributeMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class QAAAttributeMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Marshall element content.
+     *
+     * @param samlObject the SAML object
+     * @param domElement the DOM element
+     * @throws MarshallingException the marshalling exception
+     */
+    protected final void marshallElementContent(final XMLObject samlObject,
+	    final Element domElement) throws MarshallingException {
+	final QAAAttribute qaaAttribute = (QAAAttribute) samlObject;
+	XMLHelper.appendTextContent(domElement, qaaAttribute.getQaaLevel());
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeUnmarshaller.java
new file mode 100644
index 000000000..8445e4eeb
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeUnmarshaller.java
@@ -0,0 +1,41 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+
+/**
+ * The Class QAAAttributeUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class QAAAttributeUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process element content.
+     *
+     * @param samlObject the SAML object
+     * @param elementContent the element content
+     */
+    protected final void processElementContent(final XMLObject samlObject,
+	    final String elementContent) {
+	final QAAAttribute qaaLevel = (QAAAttribute) samlObject;
+	qaaLevel.setQaaLevel(elementContent);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeBuilder.java
new file mode 100644
index 000000000..70bd6ac1f
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeBuilder.java
@@ -0,0 +1,54 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+
+/**
+ * The Class RequestedAttributeBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class RequestedAttributeBuilder extends
+	AbstractSAMLObjectBuilder<RequestedAttribute> {
+
+
+    /**
+     * Builds the object.
+     *
+     * @return the requested attribute
+     */
+    public final RequestedAttribute buildObject() {
+	return buildObject(RequestedAttribute.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the requested attribute
+     */
+    public final RequestedAttribute buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new RequestedAttributeImpl(namespaceURI, localName,
+		namespacePrefix);
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
new file mode 100644
index 000000000..ad759230a
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
@@ -0,0 +1,220 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSBooleanValue;
+import org.opensaml.xml.util.AttributeMap;
+import org.opensaml.xml.util.XMLObjectChildrenList;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+// TODO: Auto-generated Javadoc
+/**
+ * The Class RequestedAttributeImpl.
+ * 
+ * @author fjquevedo
+ */
+public class RequestedAttributeImpl extends AbstractSAMLObject implements
+	RequestedAttribute {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(RequestedAttributeImpl.class.getName());
+    /**
+     * The attribute values.
+     */
+    private final XMLObjectChildrenList<XMLObject> attributeValues;
+
+    /**
+     * The friendly name.
+     * 
+     */
+    private String friendlyName;
+
+    /**
+     * The is required.
+    */
+    private String isRequired;
+
+    /**
+     * The name.
+     * 
+     */
+    private String name;
+
+    /**
+     * The name format.
+     * 
+     */
+    private String nameFormat;
+
+    /**
+     * The unknown attributes.
+     * 
+     */
+    private AttributeMap unknownAttributes;
+
+    /**
+     * Instantiates a new requested attribute impl.
+     * 
+     * @param namespaceURI the namespace uri
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected RequestedAttributeImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+	unknownAttributes = new AttributeMap(this);
+	attributeValues = new XMLObjectChildrenList<XMLObject>(this);
+    }
+
+
+    /**
+     * Gets the attribute values.
+     *
+     * @return the attribute values
+     */
+    public final List<XMLObject> getAttributeValues() {
+	return attributeValues;
+    }
+
+    /**
+     * Gets the friendly name.
+     *
+     * @return the friendly name.
+     */
+    public final String getFriendlyName() {
+	return friendlyName;
+    }
+
+  
+    /**
+     * Gets the checks if is required.
+     *
+     * @return the boolean if it's required.
+     */
+    public final String isRequired() {
+	return isRequired;
+    }
+
+
+    /**
+     * Gets the is required xs boolean.
+     * 
+     * @return the XSBoolean if it's required.
+     */
+    public final String getIsRequiredXSBoolean() {
+	return isRequired;
+    }
+
+
+    /**
+     * Gets the name.
+     *
+     * @return the name
+     */
+    public final String getName() {
+	return name;
+    }
+
+
+    /**
+     * Gets the name format.
+     *
+     * @return the name format.
+     */
+    public final String getNameFormat() {
+	return nameFormat;
+    }
+
+    /**
+     * Gets the ordered children.
+     * 
+     * @return the list of XMLObject.
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+	children.addAll(attributeValues);
+	return Collections.unmodifiableList(children);
+    }
+
+    /**
+     * Gets the unknown attributes.
+     *
+     * @return the attribute map
+     */
+    public final AttributeMap getUnknownAttributes() {
+	return unknownAttributes;
+    }
+
+    /**
+     * Sets the friendly name.
+     * 
+     * @param newFriendlyName the new friendly name format
+     */
+    public final void setFriendlyName(final String newFriendlyName) {
+	this.friendlyName = prepareForAssignment(this.friendlyName,
+		newFriendlyName);
+    }
+
+    /**
+     * Set new boolean value isRequired.
+     * @param newIsRequired then new value
+     */
+    public final void setIsRequired(final String newIsRequired) {
+	isRequired = prepareForAssignment(this.isRequired, newIsRequired);
+
+    }
+
+    /**
+     * Sets the name.
+     * 
+     * @param newName the new name
+     */
+    public final void setName(final String newName) {
+	this.name = prepareForAssignment(this.name, newName);
+    }
+
+    /**
+     * Sets the name format.
+     * 
+     * @param newNameFormat the new name format
+     */
+    public final void setNameFormat(final String newNameFormat) {
+	this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat);
+    }
+
+    /**
+     * Sets the unknown attributes.
+     * 
+     * @param newUnknownAttr the new unknown attributes
+     */
+    public final void setUnknownAttributes(final AttributeMap newUnknownAttr) {
+	this.unknownAttributes = newUnknownAttr;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeMarshaller.java
new file mode 100644
index 000000000..6d0669241
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeMarshaller.java
@@ -0,0 +1,89 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.Map.Entry;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.Configuration;
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+
+/**
+ * The Class RequestedAttributeMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class RequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Marshall attributes.
+     *
+     * @param samlElement the SAML element
+     * @param domElement the DOM element
+     * @throws MarshallingException the marshalling exception
+     */
+    protected final void marshallAttributes(final XMLObject samlElement,
+	    final Element domElement) throws MarshallingException {
+	final RequestedAttribute requestedAttr = (RequestedAttribute) samlElement;
+
+	if (requestedAttr.getName() != null) {
+	    domElement.setAttributeNS(null,
+		    RequestedAttribute.NAME_ATTRIB_NAME, requestedAttr
+			    .getName());
+	}
+
+	if (requestedAttr.getNameFormat() != null) {
+	    domElement.setAttributeNS(null,
+		    RequestedAttribute.NAME_FORMAT_ATTR, requestedAttr
+			    .getNameFormat());
+	}
+
+	if (requestedAttr.getFriendlyName() != null) {
+	    domElement.setAttributeNS(null,
+		    RequestedAttribute.FRIENDLY_NAME_ATT, requestedAttr
+			    .getFriendlyName());
+	}
+
+	if (requestedAttr.getIsRequiredXSBoolean() != null) {
+	    domElement.setAttributeNS(null,
+		    RequestedAttribute.IS_REQUIRED_ATTR, requestedAttr
+			    .getIsRequiredXSBoolean().toString());
+	}
+
+	Attr attr;
+	for (Entry<QName, String> entry : requestedAttr.getUnknownAttributes()
+		.entrySet()) {
+	    attr = XMLHelper.constructAttribute(domElement.getOwnerDocument(),
+		    entry.getKey());
+	    attr.setValue(entry.getValue());
+	    domElement.setAttributeNodeNS(attr);
+	    if (Configuration.isIDAttribute(entry.getKey())
+		    || requestedAttr.getUnknownAttributes().isIDAttribute(
+			    entry.getKey())) {
+		attr.getOwnerElement().setIdAttributeNode(attr, true);
+	    }
+	}
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeUnmarshaller.java
new file mode 100644
index 000000000..551f4239d
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeUnmarshaller.java
@@ -0,0 +1,96 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.schema.XSBooleanValue;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Attr;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.SAMLCore;
+
+/**
+ * The Class RequestedAttributeUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class RequestedAttributeUnmarshaller extends
+	AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process child element.
+     * 
+     * @param parentSAMLObject parent SAMLObject
+     * @param childSAMLObject child SAMLObject
+     * 
+     * @throws UnmarshallingException error at unmarshall XML object
+     */
+    protected final void processChildElement(final XMLObject parentSAMLObject,
+	    final XMLObject childSAMLObject) throws UnmarshallingException {
+
+	final RequestedAttribute requestedAttr = (RequestedAttribute) parentSAMLObject;
+
+	final QName childQName = childSAMLObject.getElementQName();
+	if (childQName.getLocalPart().equals("AttributeValue")
+		&& childQName.getNamespaceURI().equals(SAMLCore.STORK10_NS.getValue())) {
+	    requestedAttr.getAttributeValues().add(childSAMLObject);
+	} else {
+	    super.processChildElement(parentSAMLObject, childSAMLObject);
+	}
+    }
+
+    /**
+     * Process attribute.
+     *
+     * @param samlObject the SAML object
+     * @param attribute the attribute
+     * @throws UnmarshallingException the unmarshalling exception
+     */
+    protected final void processAttribute(final XMLObject samlObject,
+	    final Attr attribute) throws UnmarshallingException {
+
+	final RequestedAttribute requestedAttr = (RequestedAttribute) samlObject;
+
+	if (attribute.getLocalName()
+		.equals(RequestedAttribute.NAME_ATTRIB_NAME)) {
+	    requestedAttr.setName(attribute.getValue());
+	} else if (attribute.getLocalName().equals(
+		RequestedAttribute.NAME_FORMAT_ATTR)) {
+	    requestedAttr.setNameFormat(attribute.getValue());
+	} else if (attribute.getLocalName().equals(
+		RequestedAttribute.FRIENDLY_NAME_ATT)) {
+	    requestedAttr.setFriendlyName(attribute.getValue());
+	} else if (attribute.getLocalName().equals(
+		RequestedAttribute.IS_REQUIRED_ATTR)) {
+	    requestedAttr.setIsRequired(attribute
+		    .getValue());
+
+	} else {
+	    final QName attribQName = XMLHelper.getNodeQName(attribute);
+	    if (attribute.isId()) {
+		requestedAttr.getUnknownAttributes().registerID(attribQName);
+	    }
+	    requestedAttr.getUnknownAttributes().put(attribQName,
+		    attribute.getValue());
+	}
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesBuilder.java
new file mode 100644
index 000000000..138177995
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesBuilder.java
@@ -0,0 +1,54 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.RequestedAttributes;
+
+/**
+ * The Class RequestedAttributesBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class RequestedAttributesBuilder extends
+	AbstractSAMLObjectBuilder<RequestedAttributes> {
+
+
+    /**
+     * Builds the object.
+     *
+     * @return the requested attributes
+     */
+    public final RequestedAttributes buildObject() {
+	return buildObject(RequestedAttributes.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the requested attributes
+     */
+    public final RequestedAttributes buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new RequestedAttributesImpl(namespaceURI, localName,
+		namespacePrefix);
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesImpl.java
new file mode 100644
index 000000000..a58a08a05
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesImpl.java
@@ -0,0 +1,95 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttributes;
+
+/**
+ * The Class RequestedAttributesImpl.
+ * 
+ * @author fjquevedo
+ */
+public class RequestedAttributesImpl extends AbstractSAMLObject implements
+	RequestedAttributes {
+
+    /**
+     * Instantiates a new requested attributes implement.
+     * 
+     * @param namespaceURI the namespace URI
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected RequestedAttributesImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+	indexedChildren = new IndexedXMLObjectChildrenList<XMLObject>(this);
+    }
+
+    /** The indexed children. */
+    private final IndexedXMLObjectChildrenList<XMLObject> indexedChildren;
+
+    /**
+     * Gets the indexed children.
+     * 
+     * @return the indexed children
+     */
+    public final IndexedXMLObjectChildrenList<XMLObject> getIndexedChildren() {
+	return indexedChildren;
+    }
+
+
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+
+	final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+	children.addAll(indexedChildren);
+
+	return Collections.unmodifiableList(children);
+
+    }
+
+    /**
+     * Gets the attributes.
+     * 
+     * @return the attributes
+     * 
+     * @see eu.stork.peps.auth.engine.core.RequestedAttributes#getAttributes()
+     */
+    @SuppressWarnings("unchecked")
+    public final List<RequestedAttribute> getAttributes() {
+	return (List<RequestedAttribute>) indexedChildren
+		.subList(RequestedAttribute.DEF_ELEMENT_NAME);
+    }
+
+    @Override
+    public int hashCode() {
+        throw new UnsupportedOperationException("hashCode method not implemented");
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesMarshaller.java
new file mode 100644
index 000000000..955fe0318
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesMarshaller.java
@@ -0,0 +1,33 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+
+/**
+ * The Class RequestedAttributesMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class RequestedAttributesMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Instantiates a new requested attributes marshaller.
+     */
+    public RequestedAttributesMarshaller() {
+	super();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesUnmarshaller.java
new file mode 100644
index 000000000..132d6cc59
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesUnmarshaller.java
@@ -0,0 +1,52 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttributes;
+
+/**
+ * The Class RequestedAttributesUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class RequestedAttributesUnmarshaller extends
+	AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process child element.
+     * 
+     * @param parentObject the parent object
+     * @param childObject the child object
+     * 
+     * @throws UnmarshallingException error in unmarshall
+     */
+    protected final void processChildElement(final XMLObject parentObject,
+	    final XMLObject childObject) throws UnmarshallingException {
+	final RequestedAttributes attrStatement = (RequestedAttributes) parentObject;
+
+	if (childObject instanceof RequestedAttribute) {
+	    attrStatement.getAttributes().add((RequestedAttribute) childObject);
+	} else {
+	    super.processChildElement(parentObject, childObject);
+	}
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationBuilder.java
new file mode 100644
index 000000000..a35c77936
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationBuilder.java
@@ -0,0 +1,51 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.SPApplication;
+
+/**
+ * The Class SPApplicationBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class SPApplicationBuilder extends
+	AbstractSAMLObjectBuilder<SPApplication> {
+
+    /**
+     * Builds the object.
+     *
+     * @return the service provider application
+     */
+    public final SPApplication buildObject() {
+	return buildObject(SPApplication.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the service provider application
+     */
+    public final SPApplication buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new SPApplicationImpl(namespaceURI, localName, namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
new file mode 100644
index 000000000..6bb631a74
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
@@ -0,0 +1,84 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPApplication;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class SPApplicationImpl.
+ * 
+ * @author fjquevedo
+ */
+public class SPApplicationImpl extends AbstractSAMLObject implements
+	SPApplication {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(SPApplicationImpl.class.getName());
+    /** The service provider application. */
+    private String spApplication;
+
+    /**
+     * Instantiates a new service provider application.
+     * 
+     * @param namespaceURI the namespace uri
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected SPApplicationImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+
+    /**
+     * Gets the service provider application.
+     *
+     * @return the service provider application
+     */
+    public final String getSPApplication() {
+	return spApplication;
+    }
+
+    /**
+     * Sets the service provider application.
+     *
+     * @param newSpApplication the new service provider application
+     */
+    public final void setSPApplication(final String newSpApplication) {
+	this.spApplication = prepareForAssignment(this.spApplication,
+		newSpApplication);
+    }
+
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationMarshaller.java
new file mode 100644
index 000000000..4866c3535
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationMarshaller.java
@@ -0,0 +1,46 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.SPApplication;
+
+/**
+ * The Class SPApplicationMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class SPApplicationMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Marshall element content.
+     *
+     * @param samlObject the SAML object
+     * @param domElement the DOM element
+     * @throws MarshallingException the marshalling exception
+     */
+    protected final void marshallElementContent(final XMLObject samlObject,
+	    final Element domElement) throws MarshallingException {
+	final SPApplication spApplication = (SPApplication) samlObject;
+	XMLHelper.appendTextContent(domElement, spApplication
+		.getSPApplication());
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationUnmarshaller.java
new file mode 100644
index 000000000..a28432a13
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationUnmarshaller.java
@@ -0,0 +1,42 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPApplication;
+
+
+/**
+ * The Class SPApplicationUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class SPApplicationUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process element content.
+     *
+     * @param samlObject the SAML object
+     * @param elementContent the element content
+     */
+    protected final void processElementContent(final XMLObject samlObject,
+	    final String elementContent) {
+	final SPApplication spApplication = (SPApplication) samlObject;
+	spApplication.setSPApplication(elementContent);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryBuilder.java
new file mode 100644
index 000000000..48ec92f49
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryBuilder.java
@@ -0,0 +1,52 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.SPCountry;
+
+/**
+ * The Class SPCountryBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class SPCountryBuilder extends AbstractSAMLObjectBuilder<SPCountry> {
+
+    
+    /**
+     * Builds the object SPCountry.
+     *
+     * @return the service provider country
+     */
+    public final SPCountry buildObject() {
+	return buildObject(SPCountry.DEF_ELEMENT_NAME);
+    }
+
+    
+    /**
+     * Builds the object SPCountry.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the service provider country
+     */
+    public final SPCountry buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new SPCountryImpl(namespaceURI, localName, namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
new file mode 100644
index 000000000..db58fb8be
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
@@ -0,0 +1,82 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPCountry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class SPCountryImpl.
+ * 
+ * @author fjquevedo
+ */
+public class SPCountryImpl extends AbstractSAMLObject implements SPCountry {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(SPCountryImpl.class.getName());
+    /** The service provider country. */
+    private String spCountry;
+
+    /**
+     * Instantiates a new service provider country.
+     * 
+     * @param namespaceURI the namespace uri
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected SPCountryImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+
+    /**
+     * Gets the service provider country.
+     *
+     * @return the service provider country
+     */
+    public final String getSPCountry() {
+	return spCountry;
+    }
+
+    /**
+     * Sets the service provider country.
+     *
+     * @param newSpCountry the new service provider country
+     */
+    public final void setSPCountry(final String newSpCountry) {
+	this.spCountry = prepareForAssignment(this.spCountry, newSpCountry);
+    }
+
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryMarshaller.java
new file mode 100644
index 000000000..e82634749
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryMarshaller.java
@@ -0,0 +1,45 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.SPCountry;
+
+/**
+ * The Class SPCountryMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class SPCountryMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Marshall element content.
+     *
+     * @param samlObject the SAML object
+     * @param domElement the DOM element
+     * @throws MarshallingException the marshalling exception
+     */
+    protected final void marshallElementContent(final XMLObject samlObject,
+	    final Element domElement) throws MarshallingException {
+	final SPCountry spCountry = (SPCountry) samlObject;
+	XMLHelper.appendTextContent(domElement, spCountry.getSPCountry());
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryUnmarshaller.java
new file mode 100644
index 000000000..deb695ac6
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryUnmarshaller.java
@@ -0,0 +1,42 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPCountry;
+
+
+/**
+ * The Class SPCountryUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class SPCountryUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process element content.
+     *
+     * @param samlObject the SAML object
+     * @param elementContent the element content
+     */
+    protected final void processElementContent(final XMLObject samlObject,
+	    final String elementContent) {
+	final SPCountry spCountry = (SPCountry) samlObject;
+	spCountry.setSPCountry(elementContent);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDBuilder.java
new file mode 100644
index 000000000..b3640947b
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDBuilder.java
@@ -0,0 +1,50 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.SPID;
+
+/**
+ * The Class SPIDBuilder.
+ * 
+ * @author iinigo
+ */
+public class SPIDBuilder extends AbstractSAMLObjectBuilder<SPID> {
+
+    /**
+     * Builds the object.
+     *
+     * @return the SP ID
+     */
+    public final SPID buildObject() {
+	return buildObject(SPID.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the citizen country code
+     */
+    public final SPID buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new SPIDImpl(namespaceURI, localName, namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
new file mode 100644
index 000000000..0c7127273
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
@@ -0,0 +1,82 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPID;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class SPIDImpl.
+ * 
+ * @author iinigo
+ */
+public class SPIDImpl extends AbstractSAMLObject implements SPID {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(SPIDImpl.class.getName());
+    /** The citizen country code. */
+    private String spId;
+    
+    /**
+     * Instantiates a new sP country impl.
+     * 
+     * @param namespaceURI the namespace uri
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */   
+    protected SPIDImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);	
+    }
+
+    /**
+     * Gets the SP ID.
+     *
+     * @return the SP ID
+     */
+    public final String getSPID() {
+    	return spId;
+    }
+
+    /**
+     * Sets the SP ID.
+     *
+     * @param newSPID the new SP ID
+     */
+    public final void setSPID(final String newSPID) {
+    	this.spId = prepareForAssignment(this.spId, newSPID);
+    }
+
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+    	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDMarshaller.java
new file mode 100644
index 000000000..24389522e
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDMarshaller.java
@@ -0,0 +1,45 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.SPID;
+
+/**
+ * The Class SPIDMarshaller.
+ * 
+ * @author iinigo
+ */
+public class SPIDMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Marshall element content.
+     *
+     * @param samlObject the SAML object
+     * @param domElement the DOM element
+     * @throws MarshallingException the marshalling exception
+     */
+    protected final void marshallElementContent(final XMLObject samlObject,
+	    final Element domElement) throws MarshallingException {
+	final SPID spid = (SPID) samlObject;
+	XMLHelper.appendTextContent(domElement, spid.getSPID());
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDUnmarshaller.java
new file mode 100644
index 000000000..e4d230b94
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDUnmarshaller.java
@@ -0,0 +1,41 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPID;
+
+/**
+ * The Class SPIDUnmarshaller.
+ * 
+ * @author iinigo
+ */
+public class SPIDUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process element content.
+     *
+     * @param samlObject the SAML object
+     * @param elementContent the element content
+     */
+    protected final void processElementContent(final XMLObject samlObject,
+	    final String elementContent) {
+	final SPID spid = (SPID) samlObject;
+	spid.setSPID(elementContent);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationBuilder.java
new file mode 100644
index 000000000..a6e1fe686
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationBuilder.java
@@ -0,0 +1,41 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.SAMLCore;
+import eu.stork.peps.auth.engine.core.SPInformation;
+
+/**
+ * The Class SPInformation.
+ * 
+ * @author iinigo
+ */
+public final class SPInformationBuilder extends AbstractSAMLObjectBuilder<SPInformation> {
+    
+
+    /** {@inheritDoc} */
+    public SPInformation buildObject() {
+        return buildObject(SAMLCore.STORK10P_NS.getValue(), SPInformation.DEF_LOCAL_NAME, SAMLCore.STORK10P_PREFIX.getValue());
+    }
+
+    /** {@inheritDoc} */
+    public SPInformation buildObject(final String namespaceURI, final String localName, final String namespacePrefix) {
+        return new SPInformationImpl(namespaceURI, localName, namespacePrefix);
+    }
+    
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
new file mode 100644
index 000000000..b5609600d
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
@@ -0,0 +1,110 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSignableSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPID;
+import eu.stork.peps.auth.engine.core.SPInformation;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The Class SPInformationImpl.
+ * 
+ * @author iinigo
+ */
+public final class SPInformationImpl extends AbstractSignableSAMLObject implements
+SPInformation {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(SPInformationImpl.class.getName());
+    /** The citizen country code. */
+    private SPID spId;
+    
+    
+	/**
+     * Instantiates a new requested attributes implement.
+     * 
+     * @param namespaceURI the namespace URI
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected SPInformationImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {	
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+    
+   
+    /**
+     * getSPId.
+     * 
+     * @return the SP ID
+     */    
+    public SPID getSPID() {
+    	return spId;
+    }        
+
+    /**
+     * Gets the ordered children.
+     * 
+     * @return the ordered children
+     *
+     */
+    public List<XMLObject> getOrderedChildren() {
+	final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+	children.add(spId);
+		
+	if (getSignature() != null) {
+	    children.add(getSignature());
+	}
+	
+	return Collections.unmodifiableList(children);
+
+    }
+
+    /**
+     * Gets the signature reference id.
+     * 
+     * @return the signature reference id
+     *
+     */
+    public String getSignatureReferenceID() {
+	return null;
+    }
+    
+    /**
+     * Sets the SP Id.
+     * 
+     * @param newSPId the new SP Id
+     *
+     */
+    public void setSPID(SPID newSPId) {
+    	this.spId = prepareForAssignment(this.spId, newSPId);	
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationMarshaller.java
new file mode 100644
index 000000000..44845948c
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationMarshaller.java
@@ -0,0 +1,33 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+
+/**
+ * The Class SPInformationMarshaller.
+ * 
+ * @author iinigo
+ */
+public class SPInformationMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Instantiates a new SP Information marshaller.
+     */
+    public SPInformationMarshaller() {
+	super();
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationUnmarshaller.java
new file mode 100644
index 000000000..79b0b0f35
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationUnmarshaller.java
@@ -0,0 +1,52 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.peps.auth.engine.core.SPID;
+import eu.stork.peps.auth.engine.core.SPInformation;
+
+/**
+ * The Class SPInformationUnmarshaller.
+ * 
+ * @author iinigo
+ */
+public class SPInformationUnmarshaller extends
+	AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process child element.
+     * 
+     * @param parentObject the parent object
+     * @param childObject the child object
+     * 
+     * @throws UnmarshallingException the unmarshalling exception
+     *
+     */
+    protected final void processChildElement(final XMLObject parentObject,
+	    final XMLObject childObject) throws UnmarshallingException {
+	final SPInformation spInformation = (SPInformation) parentObject;
+
+	if (childObject instanceof SPID) {
+        spInformation.setSPID((SPID) childObject);
+	} else {
+	    super.processChildElement(parentObject, childObject);
+	}	
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionBuilder.java
new file mode 100644
index 000000000..fe47cf99c
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionBuilder.java
@@ -0,0 +1,51 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.SPInstitution;
+
+/**
+ * The Class SPInstitutionBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class SPInstitutionBuilder extends
+	AbstractSAMLObjectBuilder<SPInstitution> {
+
+    /**
+     * Builds the object.
+     *
+     * @return the service provider institution
+     */
+    public final SPInstitution buildObject() {
+	return buildObject(SPInstitution.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object SPInstitution.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the service provider institution
+     */
+    public final SPInstitution buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new SPInstitutionImpl(namespaceURI, localName, namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
new file mode 100644
index 000000000..cf1760446
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
@@ -0,0 +1,84 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPInstitution;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class SPInstitutionImpl.
+ * 
+ * @author fjquevedo
+ */
+public class SPInstitutionImpl extends AbstractSAMLObject implements
+	SPInstitution {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(SPInstitutionImpl.class.getName());
+    /** The service provider institution. */
+    private String spInstitution;
+
+    /**
+     * Instantiates a new service provider institution.
+     * 
+     * @param namespaceURI the namespace uri
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected SPInstitutionImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+
+    /**
+     * Gets the service provider institution.
+     *
+     * @return the service provider institution
+     */
+    public final String getSPInstitution() {
+	return spInstitution;
+    }
+
+    /**
+     * Sets the service provider institution.
+     *
+     * @param newSpInstitution the new service provider institution
+     */
+    public final void setSPInstitution(final String newSpInstitution) {
+	this.spInstitution = prepareForAssignment(this.spInstitution,
+		newSpInstitution);
+    }
+
+    /**
+     * Gets the ordered children.
+     *
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+ }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionMarshaller.java
new file mode 100644
index 000000000..504a1f035
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionMarshaller.java
@@ -0,0 +1,46 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.SPInstitution;
+
+/**
+ * The Class SPInstitutionMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class SPInstitutionMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Marshall element content.
+     *
+     * @param samlObject the SAML object
+     * @param domElement the DOM element
+     * @throws MarshallingException the marshalling exception
+     */
+    protected final void marshallElementContent(final XMLObject samlObject,
+	    final Element domElement) throws MarshallingException {
+	final SPInstitution spInstitution = (SPInstitution) samlObject;
+	XMLHelper.appendTextContent(domElement, spInstitution
+		.getSPInstitution());
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionUnmarshaller.java
new file mode 100644
index 000000000..103d5f2b2
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionUnmarshaller.java
@@ -0,0 +1,41 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPInstitution;
+
+/**
+ * The Class SPInstitutionUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class SPInstitutionUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process element content.
+     *
+     * @param samlObject the SAML object
+     * @param elementContent the element content
+     */
+    protected final void processElementContent(final XMLObject samlObject,
+	    final String elementContent) {
+	final SPInstitution spInstitution = (SPInstitution) samlObject;
+	spInstitution.setSPInstitution(elementContent);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorBuilder.java
new file mode 100644
index 000000000..a691b9008
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorBuilder.java
@@ -0,0 +1,50 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.SPSector;
+
+/**
+ * The Class SPSectorBuilder.
+ * 
+ * @author fjquevedo
+ */
+public class SPSectorBuilder extends AbstractSAMLObjectBuilder<SPSector> {
+
+    /**
+     * Builds the object SPSector.
+     *
+     * @return the service provider sector.
+     */
+    public final SPSector buildObject() {
+	return buildObject(SPSector.DEF_ELEMENT_NAME);
+    }
+
+    /**
+     * Builds the object SPSector.
+     *
+     * @param namespaceURI the namespace uri
+     * @param localName the local name
+     * @param namespacePrefix the namespace prefix
+     * @return the service provider sector
+     */
+    public final SPSector buildObject(final String namespaceURI,
+	    final String localName, final String namespacePrefix) {
+	return new SPSectorImpl(namespaceURI, localName, namespacePrefix);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorImpl.java
new file mode 100644
index 000000000..a29810dd4
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorImpl.java
@@ -0,0 +1,84 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPSector;
+
+
+/**
+ * The Class SPSectorImpl.
+ * 
+ * @author fjquevedo
+ */
+public class SPSectorImpl extends AbstractSAMLObject implements SPSector {
+
+    /** The service provider sector. */
+    private String spSector;
+
+    /**
+     * Instantiates a new Service provider sector implementation.
+     * 
+     * @param namespaceURI the namespace URI
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected SPSectorImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+
+    
+    /**
+     * Gets the service provider sector.
+     * 
+     * @return the SP sector
+     * 
+     * @see eu.stork.peps.auth.engine.core.SPSector#getSPSector()
+     */
+    public final String getSPSector() {
+	return spSector;
+    }
+
+    
+    /**
+     * Sets the service provider sector.
+     * 
+     * @param newSpSector the new service provider sector
+     */
+    public final void setSPSector(final String newSpSector) {
+	this.spSector = prepareForAssignment(this.spSector, newSpSector);
+    }
+
+   
+    /**
+     * Gets the ordered children.
+     * 
+     * @return the ordered children
+     */
+    public final List<XMLObject> getOrderedChildren() {
+	return null;
+    }
+
+    @Override
+    public int hashCode() {
+        throw new UnsupportedOperationException("hashCode method not implemented");
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorMarshaller.java
new file mode 100644
index 000000000..c5331e8f4
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorMarshaller.java
@@ -0,0 +1,45 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.SPSector;
+
+/**
+ * The Class SPSectorMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class SPSectorMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Marshall element content.
+     *
+     * @param samlObject the SAML object
+     * @param domElement the DOM element
+     * @throws MarshallingException the marshalling exception
+     */
+    protected final void marshallElementContent(final XMLObject samlObject,
+	    final Element domElement) throws MarshallingException {
+	final SPSector spSector = (SPSector) samlObject;
+	XMLHelper.appendTextContent(domElement, spSector.getSPSector());
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorUnmarshaller.java
new file mode 100644
index 000000000..cbb05c6e5
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorUnmarshaller.java
@@ -0,0 +1,42 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPSector;
+
+/**
+ * The Class SPSectorUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class SPSectorUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+    
+    /**
+     * Process element content.
+     *
+     * @param samlObject the SAML object
+     * @param elementContent the element content
+     */
+    protected final void processElementContent(final XMLObject samlObject,
+	    final String elementContent) {
+	final SPSector spSector = (SPSector) samlObject;
+	spSector.setSPSector(elementContent);
+    }
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
new file mode 100644
index 000000000..5e9c753ae
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
@@ -0,0 +1,468 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.NotImplementedException;
+import org.bouncycastle.jce.X509Principal;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityConfiguration;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
+import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
+import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
+import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.validation.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
+/**
+ * The Class HWSign. Module of sign.
+ * 
+ * @author fjquevedo
+ */
+public final class SignHW implements SAMLEngineSignI {
+
+    /** The Constant CONFIGURATION_FILE. */
+    private static final String CONF_FILE = "configurationFile";
+
+    /** The Constant KEYSTORE_TYPE.
+    private static final String KEYSTORE_TYPE = "keystoreType" */
+
+    /** The logger. */
+    private static final Logger LOG = LoggerFactory.getLogger(SignHW.class
+	    .getName());
+
+    /** The stork own key store. */
+    private KeyStore storkOwnKeyStore = null;
+
+    /**
+     * Gets the stork own key store.
+     * 
+     * @return the stork own key store
+     */
+    public KeyStore getStorkOwnKeyStore() {
+	return storkOwnKeyStore;
+    }
+    
+    /**
+     * Gets the stork trustStore.
+     * 
+     * @return the stork own key store
+     */
+    public KeyStore getTrustStore() {
+	return storkOwnKeyStore;
+    }
+
+    /**
+     * Sets the stork own key store.
+     * 
+     * @param newkOwnKeyStore the new stork own key store
+     */
+    public void setStorkOwnKeyStore(final KeyStore newkOwnKeyStore) {
+	this.storkOwnKeyStore = newkOwnKeyStore;
+    }
+
+    /**
+     * Gets the properties.
+     * 
+     * @return the properties
+     */
+    public Properties getProperties() {
+	return properties;
+    }
+
+    /**
+     * Sets the properties.
+     * 
+     * @param newProperties the new properties
+     */
+    public void setProperties(final Properties newProperties) {
+	this.properties = newProperties;
+    }
+
+    /** The HW sign prop. */
+    private Properties properties = null;
+
+    /**
+     * @see
+     * eu.stork.peps.auth.engine.core.SAMLEngineSignI#init(java.lang.String)
+     * @param fileConf file of configuration
+     * @throws SAMLEngineException error in read file
+     */
+    public void init(final String fileConf)
+	    throws SAMLEngineException {
+	InputStream inputStr = null;
+	try {
+	inputStr = SignHW.class.getResourceAsStream("/"
+		+ fileConf);
+	properties = new Properties();
+	
+	    properties.loadFromXML(inputStr);
+	} catch (final InvalidPropertiesFormatException e) {
+	    LOG.info("Exception: invalid properties format.");
+	    throw new SAMLEngineException(e);
+	} catch (IOException e) {
+	    LOG.info("Exception: invalid file: " + fileConf);
+	    throw new SAMLEngineException(e);
+	} finally {
+	    IOUtils.closeQuietly(inputStr);
+	}
+    }
+
+
+    /**
+     * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#getCertificate()
+     * @return the X509Certificate.
+     */
+    public X509Certificate getCertificate() {
+	throw new NotImplementedException();
+    }
+
+    /**
+     * @see
+     * eu.stork.peps.auth.engine.core.SAMLEngineSignI#sign(SignableSAMLObject tokenSaml)
+     * @param tokenSaml signable SAML Object
+     * @return the SAMLObject signed.
+     * @throws SAMLEngineException error in sign token saml
+     */
+    public SAMLObject sign(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
+
+	try {
+	    LOG.info("Star procces of sign");
+	    final char[] pin = properties.getProperty("keyPassword")
+		    .toCharArray();
+
+	    storkOwnKeyStore.load(null, pin);
+
+	    final String serialNumber = properties.getProperty("serialNumber");
+	    final String issuer = properties.getProperty("issuer");
+
+	    String alias = null;
+	    String aliasCert;
+	    X509Certificate certificate;
+
+	    boolean find = false;
+	    for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+		    .hasMoreElements() && !find;) {
+		aliasCert = e.nextElement();
+		certificate = (X509Certificate) storkOwnKeyStore
+			.getCertificate(aliasCert);
+		// Verified serial number, issuer
+
+		final String serialNum = certificate.getSerialNumber()
+			.toString(16);
+		X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+		X509Principal issuerDNConf = new X509Principal(issuer);
+
+            if(serialNum.equalsIgnoreCase(serialNumber)
+                    && X509PrincipalUtil.equals(issuerDN, issuerDNConf)){
+		              alias = aliasCert;
+		              find = true;
+		}
+		
+	    }
+
+        if (!find) {
+            throw new SAMLEngineException("Certificate cannot be found in keystore ");
+        }
+	    certificate = (X509Certificate) storkOwnKeyStore.getCertificate(alias);
+	    final PrivateKey privateKey = (PrivateKey) storkOwnKeyStore.getKey(
+		    alias, pin);
+
+	    LOG.info("Recover BasicX509Credential.");
+	    final BasicX509Credential credential = new BasicX509Credential();
+
+	    LOG.debug("Load certificate");
+	    credential.setEntityCertificate(certificate);
+
+	    LOG.debug("Load privateKey");
+	    credential.setPrivateKey(privateKey);
+
+	    LOG.info("Star procces of sign");
+	    final Signature signature = (Signature) org.opensaml.xml.Configuration
+		    .getBuilderFactory().getBuilder(
+			    Signature.DEFAULT_ELEMENT_NAME).buildObject(
+			    Signature.DEFAULT_ELEMENT_NAME);
+
+	    LOG.debug("Begin signature with openSaml");
+	    signature.setSigningCredential(credential);
+
+	    /*signature.setSignatureAlgorithm(
+	    SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);*/
+	    signature.setSignatureAlgorithm(
+		    SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+	 
+
+	    final SecurityConfiguration securityConf =
+		org.opensaml.xml.Configuration.getGlobalSecurityConfiguration();
+	    final NamedKeyInfoGeneratorManager keyInfoManager = securityConf
+		    .getKeyInfoGeneratorManager();
+	    final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
+		    .getDefaultManager();
+	    final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
+		    .getFactory(credential);
+	    final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
+		    .newInstance();
+	    
+	    final KeyInfo keyInfo = keyInfoGenerator.generate(credential);
+
+	    signature.setKeyInfo(keyInfo);
+
+	    LOG.debug("Set Canonicalization Algorithm");
+	    signature.setCanonicalizationAlgorithm(
+		    SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+	  //Create a second signature which will be used when signing assertion and response
+	    final Signature signature2 = (Signature) Configuration
+	    .getBuilderFactory().getBuilder(
+		    Signature.DEFAULT_ELEMENT_NAME).buildObject(
+		    Signature.DEFAULT_ELEMENT_NAME);
+	    final SecurityConfiguration secConfiguration2 = Configuration
+	    .getGlobalSecurityConfiguration();
+	    final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
+		    .getKeyInfoGeneratorManager();
+	    final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
+		    .getDefaultManager();
+	    final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
+		    .getFactory(credential);
+	    final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
+		    .newInstance();
+	    
+	    KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
+	    signature2.setSigningCredential(credential);
+	    signature2.setSignatureAlgorithm(
+			    SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+	    signature2.setKeyInfo(keyInfo2);
+	    signature2.setCanonicalizationAlgorithm(
+		    SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+	    	 	    
+
+	    LOG.info("Marshall samlToken.");
+	    String qn = tokenSaml.getElementQName().toString();
+	    
+	    if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+	    {	    
+	  		tokenSaml.setSignature(signature);
+	    	CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
+	    	mars.marshall(tokenSaml);
+	    	Signer.signObject(signature);
+	    }
+	    else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME))
+	    {
+	    	Response res = (Response)tokenSaml;
+	    	List<Assertion> asserts = res.getAssertions();
+	    	//If multiple assertions we just sign the response and not the assertion
+	    	if (asserts.size() > 1)
+	    	{	    		
+	    		tokenSaml.setSignature(signature);
+	    		Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+			    .marshall(tokenSaml);
+	    		LOG.info("Sign samlToken.");
+	    	    Signer.signObject(signature);
+	    	}
+	    	//If single assertion we sign the assertion and response
+	    	else
+	    	{
+			    Assertion assertion = (Assertion)asserts.get(0);
+			    assertion.setSignature(signature);			    
+			    tokenSaml.setSignature(signature2);
+			    Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+			    .marshall(tokenSaml);
+			    LOG.info("Sign samlToken.");
+			    Signer.signObject(signature);
+			    Signer.signObject(signature2);
+	    	}
+	    }
+	    //Normally we just sign the total saml response
+	    else
+	    {
+	    	tokenSaml.setSignature(signature);
+	    	Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+		    .marshall(tokenSaml);
+	    	LOG.info("Sign samlToken.");
+		    Signer.signObject(signature);
+	    }
+
+	} catch (final MarshallingException e) {
+	    LOG.error("MarshallingException");
+	    throw new SAMLEngineException(e);
+	} catch (final NoSuchAlgorithmException e) {
+	    LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
+	    throw new SAMLEngineException(e);
+	} catch (final KeyStoreException e) {
+	    LOG.error("Generic KeyStore exception.");
+	    throw new SAMLEngineException(e);
+	} catch (final SignatureException e) {
+	    LOG.error("Signature exception.");
+	    throw new SAMLEngineException(e);
+	} catch (final SecurityException e) {
+	    LOG.error("Security exception.");
+	    throw new SAMLEngineException(e);
+	} catch (final CertificateException e) {
+	    LOG.error("Certificate exception.");
+	    throw new SAMLEngineException(e);
+	} catch (final IOException e) {
+	    LOG.error("IO exception.");
+	    throw new SAMLEngineException(e);
+	} catch (final UnrecoverableKeyException e) {
+	    LOG.error("UnrecoverableKeyException exception.");
+	    throw new SAMLEngineException(e);
+	}
+
+	return tokenSaml;
+    }
+
+    /**
+     * @see
+     * eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(SignableSAMLObject)
+     * @param tokenSaml the token saml
+     * @return the SAMLObject validated.
+     * @throws SAMLEngineException exception in validate signature
+     */
+    public SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
+	    throws SAMLEngineException {
+	LOG.info("Start signature validation.");
+	try {
+
+	    // Validate structure signature
+	    final SAMLSignatureProfileValidator signProfValidator = 
+		new SAMLSignatureProfileValidator();
+
+	    // Indicates signature id conform to SAML Signature profile
+	    signProfValidator.validate(tokenSaml.getSignature());
+
+	    String aliasCert;
+	    X509Certificate certificate;
+
+	    final List<Credential> trustedCred = new ArrayList<Credential>();
+
+	    for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+		    .hasMoreElements();) {
+		aliasCert = e.nextElement();
+		final BasicX509Credential credential = new BasicX509Credential();
+		certificate = (X509Certificate) storkOwnKeyStore
+			.getCertificate(aliasCert);
+		credential.setEntityCertificate(certificate);
+		trustedCred.add(credential);
+	    }
+
+	    final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
+	    final List<X509Certificate> listCertificates = KeyInfoHelper
+		    .getCertificates(keyInfo);
+
+	    if (listCertificates.size() != 1) {
+		throw new SAMLEngineException("Only must be one certificate");
+	    }
+
+	    // Exist only one certificate
+	    final BasicX509Credential entityX509Cred = new BasicX509Credential();
+	    entityX509Cred.setEntityCertificate(listCertificates.get(0));
+
+	    final ExplicitKeyTrustEvaluator keyTrustEvaluator = 
+		new ExplicitKeyTrustEvaluator();
+	    if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) {
+		throw new SAMLEngineException("Certificate it is not trusted.");
+	    }
+
+	    final SignatureValidator sigValidator = new SignatureValidator(
+		    entityX509Cred);
+
+	    sigValidator.validate(tokenSaml.getSignature());
+
+	} catch (final ValidationException e) {
+	    LOG.error("ValidationException.", e);
+	    throw new SAMLEngineException(e);
+	} catch (final KeyStoreException e) {
+	    LOG.error("ValidationException.", e);
+	    throw new SAMLEngineException(e);
+	} catch (final CertificateException e) {
+	    LOG.error("CertificateException.", e);
+	    throw new SAMLEngineException(e);
+	}
+	return tokenSaml;
+    }
+
+    /**
+     * load cryptographic service provider.
+     * 
+     * @throws SAMLEngineException the SAML engine exception
+     * Note this class was using pkcs11Provider
+     * final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream)
+     * if (Security.getProperty(pkcs11Provider.getName()) == null) {
+     * Security.insertProviderAt(pkcs11Provider, Security .getProviders().length)
+     * }
+     * storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE))
+     */
+    public void loadCryptServiceProvider() throws SAMLEngineException {
+	LOG.info("Load Cryptographic Service Provider");
+	InputStream inputStream = null; 
+	 
+	try {
+	    inputStream = SignHW.class.getResourceAsStream("/"
+		    + properties.getProperty(CONF_FILE));
+
+	} catch (final Exception e) {	       
+	    throw new SAMLEngineException(
+		    "Error loading CryptographicServiceProvider", e);
+	} finally {
+	    IOUtils.closeQuietly(inputStream);
+	}
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignModuleFactory.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignModuleFactory.java
new file mode 100644
index 000000000..2adefddbd
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignModuleFactory.java
@@ -0,0 +1,64 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+/**
+ * The Class ModuleSignFactory.
+ * 
+ * @author fjquevedo
+ * 
+ */
+
+public final class SignModuleFactory {
+
+    /** The Constant LOG. */
+    private static final Logger LOG = LoggerFactory
+	    .getLogger(SignModuleFactory.class.getName());
+
+    /**
+     * Instantiates a new module sign factory.
+     */
+    private SignModuleFactory() {
+
+    }
+
+    /**
+     * Gets the single instance of SignModuleFactory.
+     * 
+     * @param className the class name
+     * 
+     * @return single instance of SignModuleFactory
+     * 
+     * @throws STORKSAMLEngineException the STORKSAML engine exception
+     */
+    public static SAMLEngineSignI getInstance(final String className)
+	    throws STORKSAMLEngineException {
+	LOG.info("[START]SignModuleFactory static");
+	try {
+	    final Class cls = Class.forName(className);
+	    return (SAMLEngineSignI) cls.newInstance();
+	} catch (Exception e) {
+	    throw new STORKSAMLEngineException(e);
+	}
+
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
new file mode 100644
index 000000000..50ad9936d
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
@@ -0,0 +1,556 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.NotImplementedException;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityConfiguration;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
+import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
+import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.validation.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
+/**
+ * The Class SWSign. Class responsible for signing and validating of messages
+ * SAML with a certificate store software.
+ * 
+ * @author fjquevedo
+ */
+public final class SignP12 implements SAMLEngineSignI {
+
+    /** The logger. */
+    private static final Logger LOG = LoggerFactory.getLogger(SignP12.class
+	    .getName());
+
+    
+    /** The p12 store. */
+    private KeyStore p12Store = null;
+    
+    
+    /** The trust store. */
+    private KeyStore trustStore = null;
+    
+
+    /**
+     * Gets the trust store.
+     * 
+     * @return the trust store
+     */
+    public KeyStore getTrustStore() {
+        return trustStore;
+    }
+
+    /**
+     * Sets the trust store.
+     * 
+     * @param newTrustStore the new trust store
+     */
+    public void setTrustStore(final KeyStore newTrustStore) {
+        this.trustStore = newTrustStore;
+    }
+
+    /**
+     * The instance.
+     * 
+     * @return the properties
+     */
+
+    public Properties getProperties() {
+	return properties;
+    }
+
+
+
+    /**
+     * Gets the p12 store.
+     * 
+     * @return the p12 store
+     */
+    public KeyStore getP12Store() {
+        return p12Store;
+    }
+
+
+
+    /**
+     * Sets the p12 store.
+     * 
+     * @param newP12Store the new p12 store
+     */
+    public void setP12Store(final KeyStore newP12Store) {
+        this.p12Store = newP12Store;
+    }
+
+
+
+    /**
+     * Sets the properties.
+     * 
+     * @param newProperties the new properties
+     */
+    public void setProperties(final Properties newProperties) {
+	this.properties = newProperties;
+    }
+
+    /** The SW sign prop. */
+    private Properties properties = null;
+
+
+    /**
+     * Initialize the file configuration.
+     * 
+     * @param fileConf name of the file configuration
+     * 
+     * @throws SAMLEngineException error at the load from  file configuration
+     */
+    public void init(final String fileConf) throws SAMLEngineException {
+    	InputStream fileProperties = null;
+    	properties = new Properties();
+    	try {
+    		try {
+    			LOG.debug("Fichero a cargar " + fileConf);
+    			fileProperties = new FileInputStream(fileConf);
+    			properties.loadFromXML(fileProperties);
+    		} catch (Exception e) {
+    			LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno.");
+    			fileProperties = SignP12.class.getResourceAsStream("/" + fileConf);
+    			if (fileProperties == null) {
+    				fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf);
+    				if (fileProperties == null) {
+    					Enumeration<URL> files = ClassLoader.getSystemClassLoader().getResources(fileConf);
+    					if (files != null && files.hasMoreElements()) {
+    						LOG.info("Se han encontrado recurso/s. Se toma el primero.");
+    						fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile());
+    					} else {
+    						throw new IOException("No se pudo recuperar el fichero: " + fileConf, e);
+                        }
+    				}
+    			}
+    			LOG.debug("Recuperados " + fileProperties.available() + " bytes");
+    			properties.loadFromXML(fileProperties);
+    		}
+    	} catch (InvalidPropertiesFormatException e) {
+    	    LOG.info("Exception: invalid properties format.");
+    	    throw new SAMLEngineException(e);
+    	} catch (IOException e) {
+    	    LOG.info("Exception: invalid file: " + fileConf);
+    	    throw new SAMLEngineException(e);
+    	} finally {
+    	    IOUtils.closeQuietly(fileProperties);
+    	}
+    }
+
+    /**
+     * Gets the certificate.
+     * 
+     * @return the X509Certificate
+     *     
+     */
+    public X509Certificate getCertificate() {
+	throw new NotImplementedException();
+    }
+
+    /**
+     * Sign the token SAML.
+     * 
+     * @param tokenSaml token SAML
+     * 
+     * @return the X509Certificate signed.
+     * 
+     * @throws SAMLEngineException error at sign SAML token
+     *
+     */
+    public SAMLObject sign(final SignableSAMLObject tokenSaml)
+	    throws SAMLEngineException {
+	LOG.info("Start Sign process");
+	try {
+
+	    final String serialNumber = properties.getProperty("serialNumber");
+	    final String issuer = properties.getProperty("issuer");
+
+	    String alias = null;
+	    String aliasCert;
+	    X509Certificate certificate;
+
+	    boolean find = false;
+	    for (final Enumeration<String> e = p12Store.aliases(); e
+		    .hasMoreElements() && !find;) {
+		aliasCert = e.nextElement();
+		certificate = (X509Certificate) p12Store
+			.getCertificate(aliasCert);
+
+		final String serialNum = certificate.getSerialNumber()
+			.toString(16);
+		
+		X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+		X509Principal issuerDNConf = new X509Principal(issuer);
+						                             
+		if(serialNum.equalsIgnoreCase(serialNumber)
+                && X509PrincipalUtil.equals(issuerDN, issuerDNConf)){
+		              alias = aliasCert;
+		              find = true;
+		}
+		
+	    }
+
+	    certificate = (X509Certificate) p12Store
+		    .getCertificate(alias);
+	    final PrivateKey privateKey = (PrivateKey) p12Store.getKey(
+		    alias, properties.getProperty("keyPassword").toCharArray());
+
+	    LOG.info("Recover BasicX509Credential.");
+	    final BasicX509Credential credential = new BasicX509Credential();
+
+	    LOG.debug("Load certificate");
+	    credential.setEntityCertificate(certificate);
+
+	    LOG.debug("Load privateKey");
+	    credential.setPrivateKey(privateKey);
+
+	    LOG.debug("Begin signature with openSaml");
+	    final Signature signature = (Signature) Configuration
+		    .getBuilderFactory().getBuilder(
+			    Signature.DEFAULT_ELEMENT_NAME).buildObject(
+			    Signature.DEFAULT_ELEMENT_NAME);
+
+	    signature.setSigningCredential(credential);
+
+	    /*signature.setSignatureAlgorithm(
+	    SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);*/
+	    signature.setSignatureAlgorithm(
+		    SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+	    
+	    final SecurityConfiguration secConfiguration = Configuration
+		    .getGlobalSecurityConfiguration();
+	    final NamedKeyInfoGeneratorManager keyInfoManager = secConfiguration
+		    .getKeyInfoGeneratorManager();
+	    final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
+		    .getDefaultManager();
+	    final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
+		    .getFactory(credential);
+	    final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
+		    .newInstance();
+	    
+	    final KeyInfo keyInfo = keyInfoGenerator.generate(credential);
+
+	    signature.setKeyInfo(keyInfo);
+	    signature.setCanonicalizationAlgorithm(
+		    SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+	  //Create a second signature which will be used when signing assertion and response
+	    final Signature signature2 = (Signature) Configuration
+	    .getBuilderFactory().getBuilder(
+		    Signature.DEFAULT_ELEMENT_NAME).buildObject(
+		    Signature.DEFAULT_ELEMENT_NAME);
+	    final SecurityConfiguration secConfiguration2 = Configuration
+	    .getGlobalSecurityConfiguration();
+	    final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
+		    .getKeyInfoGeneratorManager();
+	    final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
+		    .getDefaultManager();
+	    final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
+		    .getFactory(credential);
+	    final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
+		    .newInstance();
+	    
+	    KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
+	    signature2.setSigningCredential(credential);
+	    signature2.setSignatureAlgorithm(
+			    SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+	    signature2.setKeyInfo(keyInfo2);
+	    signature2.setCanonicalizationAlgorithm(
+		    SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+	    	 	    
+
+	    LOG.info("Marshall samlToken.");
+	    String qn = tokenSaml.getElementQName().toString();
+	    
+	    if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+	    {	    
+	  		tokenSaml.setSignature(signature);
+	    	CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
+	    	mars.marshall(tokenSaml);
+	    	Signer.signObject(signature);
+	    }
+	    else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME))
+	    {
+	    	Response res = (Response)tokenSaml;
+	    	List<Assertion> asserts = res.getAssertions();
+	    	//If multiple assertions we just sign the response and not the assertion
+	    	if (asserts.size() > 1)
+	    	{	    		
+	    		tokenSaml.setSignature(signature);
+	    		Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+			    .marshall(tokenSaml);
+	    		LOG.info("Sign samlToken.");
+	    	    Signer.signObject(signature);
+	    	}
+	    	//If single assertion we sign the assertion and response
+	    	else
+	    	{
+			    Assertion assertion = (Assertion)asserts.get(0);
+			    assertion.setSignature(signature);			    
+			    tokenSaml.setSignature(signature2);
+			    Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+			    .marshall(tokenSaml);
+			    LOG.info("Sign samlToken.");
+			    Signer.signObject(signature);
+			    Signer.signObject(signature2);
+	    	}
+	    }
+	    //Normally we just sign the total saml response
+	    else
+	    {
+	    	tokenSaml.setSignature(signature);
+	    	Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+		    .marshall(tokenSaml);
+	    	LOG.info("Sign samlToken.");
+		    Signer.signObject(signature);
+	    }
+
+	} catch (MarshallingException e) {
+	    LOG.error("MarshallingException");
+	    throw new SAMLEngineException(e);
+	} catch (NoSuchAlgorithmException e) {
+	    LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
+	    throw new SAMLEngineException(e);
+	} catch (KeyStoreException e) {
+	    LOG.error("Generic KeyStore exception.");
+	    throw new SAMLEngineException(e);
+	} catch (SignatureException e) {
+	    LOG.error("Signature exception.");
+	    throw new SAMLEngineException(e);
+	} catch (SecurityException e) {
+	    LOG.error("Security exception.");
+	    throw new SAMLEngineException(e);
+	} catch (UnrecoverableKeyException e) {
+	    LOG.error("UnrecoverableKey exception.");
+	    throw new SAMLEngineException(e);
+	}
+
+	return tokenSaml;
+    }
+
+    /**
+     * Validate signature.
+     * 
+     * @param tokenSaml token SAML
+     * 
+     * @return the SAMLObject validated.
+     * 
+     * @throws SAMLEngineException error validate signature
+     * 
+     */
+    public SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
+	    throws SAMLEngineException {
+	LOG.info("Start signature validation.");
+	try {
+
+	    // Validate structure signature
+	    final SAMLSignatureProfileValidator sigProfValidator = 
+		new SAMLSignatureProfileValidator();
+	    try {
+		// Indicates signature id conform to SAML Signature profile
+		sigProfValidator.validate(tokenSaml.getSignature());
+	    } catch (ValidationException e) {
+		LOG.error("ValidationException: signature isn't conform to SAML Signature profile.");
+		throw new SAMLEngineException(e);
+	    }
+
+	    String aliasCert = null;
+	    X509Certificate certificate;
+
+	    /*final List<Credential> trustCred = new ArrayList<Credential>();
+
+	    for (final Enumeration<String> e = trustStore.aliases(); e
+		    .hasMoreElements();) {
+		aliasCert = e.nextElement();
+		final BasicX509Credential credential = new BasicX509Credential();
+		certificate = (X509Certificate) trustStore
+			.getCertificate(aliasCert);
+		credential.setEntityCertificate(certificate);
+		trustCred.add(credential);
+	    }*/
+
+	    final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
+
+	    final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
+		    .getX509Datas().get(0).getX509Certificates().get(0);
+
+	    final CertificateFactory certFact = CertificateFactory
+		    .getInstance("X.509");
+	    final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
+		    .decode(xmlCert.getValue()));
+	    final X509Certificate cert = (X509Certificate) certFact
+		    .generateCertificate(bis);
+
+	    // Exist only one certificate
+	    final BasicX509Credential entityX509Cred = new BasicX509Credential();
+	    entityX509Cred.setEntityCertificate(cert);
+	    
+	    boolean trusted = false;
+		
+		for (final Enumeration<String> e = trustStore.aliases(); e.hasMoreElements();) 
+	    {
+	    	aliasCert = e.nextElement();		
+	    	certificate = (X509Certificate) trustStore.getCertificate(aliasCert);					
+	    	try {
+	    		cert.verify(certificate.getPublicKey());
+	    		trusted = true;
+	    		break;
+	    	}
+	    	catch (Exception ex) {
+	    		//Do nothing - cert not trusted yet
+	    	}
+	    }
+		
+		if (!trusted)
+		    throw new SAMLEngineException("Certificate is not trusted.");
+
+		/*
+	    // Validate trust certificates
+	    final ExplicitKeyTrustEvaluator keyTrustEvaluator = 
+		new ExplicitKeyTrustEvaluator();
+	    if (!keyTrustEvaluator.validate(entityX509Cred, trustCred)) {
+		throw new SAMLEngineException("Certificate it is not trusted.");
+	    }*/
+
+	    // Validate signature
+	    final SignatureValidator sigValidator = new SignatureValidator(
+		    entityX509Cred);
+	    sigValidator.validate(tokenSaml.getSignature());
+
+	} catch (ValidationException e) {
+	    LOG.error("ValidationException.");
+	    throw new SAMLEngineException(e);
+	} catch (KeyStoreException e) {
+	    LOG.error("KeyStoreException.", e);
+	    throw new SAMLEngineException(e);
+	} catch (GeneralSecurityException e) {
+	    LOG.error("GeneralSecurityException.", e);
+	    throw new SAMLEngineException(e);
+	}
+	return tokenSaml;
+    }
+
+
+    /**
+     * Load cryptographic service provider.
+     * 
+     * @throws SAMLEngineException the SAML engine exception
+     */
+    public void loadCryptServiceProvider() throws SAMLEngineException {
+	LOG.info("Load Cryptographic Service Provider");
+	
+	FileInputStream fis = null;
+	FileInputStream fisTrustStore = null;
+	
+	try {
+	    // Dynamically register Bouncy Castle provider.
+	    boolean found = false;
+	    // Check if BouncyCastle is already registered as a provider
+	    final Provider[] providers = Security.getProviders();
+	    for (int i = 0; i < providers.length; i++) {
+		if (providers[i].getName().equals(
+			BouncyCastleProvider.PROVIDER_NAME)) {
+		    found = true;
+		}
+	    }
+
+	    // Register only if the provider has not been previously registered
+	    if (!found) {
+		LOG.debug("SAMLCore: Register Bouncy Castle provider.");
+		Security.insertProviderAt(new BouncyCastleProvider(), Security
+			.getProviders().length);
+	    }
+
+	    p12Store = KeyStore.getInstance(properties
+		    .getProperty("keystoreType"));
+
+	    fis = new FileInputStream(properties
+		    .getProperty("keystorePath"));
+
+	    p12Store.load(fis, properties.getProperty(
+		    "keyStorePassword").toCharArray());
+	    
+	    
+	    trustStore = KeyStore.getInstance(properties
+		    .getProperty("trustStoreType"));
+	    
+	    fisTrustStore = new FileInputStream(properties
+		    .getProperty("trustStorePath"));
+	    trustStore.load(fisTrustStore, properties.getProperty(
+	    "trustStorePassword").toCharArray());
+
+	} catch (Exception e) {
+	    throw new SAMLEngineException(
+		    "Error loading CryptographicServiceProvider", e);
+	}  finally {
+	    IOUtils.closeQuietly(fis);
+	    IOUtils.closeQuietly(fisTrustStore);
+	}	
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
new file mode 100644
index 000000000..4554a9586
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -0,0 +1,538 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
+import eu.stork.peps.auth.engine.SAMLEngineUtils;
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.NotImplementedException;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityConfiguration;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
+import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
+import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
+import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.validation.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.configuration.ConfigurationReader;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
+
+/**
+ * The Class SWSign. Class responsible for signing and validating of messages
+ * SAML with a certificate store software.
+ * 
+ * @author fjquevedo
+ */
+public class SignSW implements SAMLEngineSignI {
+
+    /** The Constant KEYSTORE_TYPE. */
+    private static final String KEYSTORE_TYPE = "keystoreType";
+
+    /** The Constant KEY_STORE_PASSWORD. */
+    private static final String KEY_STORE_PASS = "keyStorePassword";
+
+    /** The logger. */
+    private static final Logger LOG = LoggerFactory.getLogger(SignSW.class
+	    .getName());
+
+    /** The stork own key store. */
+    private KeyStore storkOwnKeyStore = null;
+
+    /**
+     * The instance.
+     * 
+     * @return the properties
+     */
+
+    public final Properties getProperties() {
+	return properties;
+    }
+
+    /**
+     * Gets the stork own key store.
+     * 
+     * @return the stork own key store
+     */
+    public final KeyStore getStorkOwnKeyStore() {
+	return storkOwnKeyStore;
+    }
+    
+    /**
+     * Gets the stork trustStore.
+     * 
+     * @return the stork own key store
+     */
+    public KeyStore getTrustStore() {
+	return storkOwnKeyStore;
+    }
+
+    /**
+     * Sets the stork own key store.
+     * 
+     * @param newkOwnKeyStore the new stork own key store
+     */
+    public final void setStorkOwnKeyStore(final KeyStore newkOwnKeyStore) {
+	this.storkOwnKeyStore = newkOwnKeyStore;
+    }
+
+    /**
+     * Sets the properties.
+     * 
+     * @param newProperties the new properties
+     */
+    public final void setProperties(final Properties newProperties) {
+	this.properties = newProperties;
+    }
+
+    /** The SW sign prop. */
+    private Properties properties = null;
+
+
+    /**
+     * Inits the file configuration.
+     * 
+     * @param fileConf name of the file configuration
+     * 
+     * @throws SAMLEngineException error at the load from  file configuration
+     */
+    public final void init(final String fileConf)
+	    throws SAMLEngineException {
+	InputStream fileProperties = null;
+	try {
+		// fetch base from system properties, give a default if there is nothing configured
+		String base = System.getProperty("eu.stork.samlengine.config.location");
+		if(null != base)
+		    if(!base.endsWith("/"))
+		    	base += "/";
+		
+	    if(null != base)
+	    	fileProperties = new FileInputStream(base + fileConf);
+	    else
+	    	fileProperties = SignSW.class.getResourceAsStream("/" + fileConf);
+	properties = new Properties();
+	
+	    properties.loadFromXML(fileProperties);
+	    fileProperties.close();
+	} catch (InvalidPropertiesFormatException e) {
+	    LOG.info("Exception: invalid properties format.");
+	    throw new SAMLEngineException(e);
+	} catch (IOException e) {
+	    LOG.info("Exception: invalid file: " + fileConf);
+	    throw new SAMLEngineException(e);
+	} finally {
+	    IOUtils.closeQuietly(fileProperties);
+	}
+    }
+
+    /**
+     * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#getCertificate()
+     * @return the X509Certificate
+     */
+    public final X509Certificate getCertificate() {
+	throw new NotImplementedException();
+    }
+
+
+    /**
+     * Sign the token SAML.
+     * 
+     * @param tokenSaml the token SAML.
+     * 
+     * @return the SAML object
+     * 
+     * @throws SAMLEngineException the SAML engine exception
+     *     
+     */
+    public final SAMLObject sign(final SignableSAMLObject tokenSaml)
+	    throws SAMLEngineException {
+	LOG.info("Start Sign process.");
+	try {
+	    final String serialNumber = properties.getProperty("serialNumber");
+	    final String issuer = properties.getProperty("issuer");
+
+	    String alias = null;
+	    String aliasCert;
+	    X509Certificate certificate;
+	    boolean find = false;
+
+        for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+                .hasMoreElements() && !find; ) {
+            aliasCert = e.nextElement();
+            certificate = (X509Certificate) storkOwnKeyStore
+                    .getCertificate(aliasCert);
+
+            final String serialNum = certificate.getSerialNumber()
+                    .toString(16);
+
+            X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+            X509Principal issuerDNConf = new X509Principal(issuer);
+
+            if(serialNum.equalsIgnoreCase(serialNumber)
+                    && X509PrincipalUtil.equals(issuerDN, issuerDNConf)){
+                alias = aliasCert;
+                find = true;
+            }
+        }
+        if (!find) {
+            throw new SAMLEngineException("Certificate cannot be found in keystore ");
+        }
+	    certificate = (X509Certificate) storkOwnKeyStore.getCertificate(alias);
+	    final PrivateKey privateKey = (PrivateKey) storkOwnKeyStore.getKey(
+		    alias, properties.getProperty("keyPassword").toCharArray());
+
+	    LOG.info("Recover BasicX509Credential.");
+	    final BasicX509Credential credential = new BasicX509Credential();
+
+	    LOG.debug("Load certificate");
+	    credential.setEntityCertificate(certificate);
+
+	    LOG.debug("Load privateKey");
+	    credential.setPrivateKey(privateKey);
+
+	    LOG.debug("Begin signature with openSaml");
+	    final Signature signature = (Signature) Configuration
+			    .getBuilderFactory().getBuilder(
+				    Signature.DEFAULT_ELEMENT_NAME).buildObject(
+				    Signature.DEFAULT_ELEMENT_NAME);
+
+	    signature.setSigningCredential(credential);
+	    signature.setSignatureAlgorithm(
+			    SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+	   
+	    final SecurityConfiguration secConfiguration = Configuration
+		    .getGlobalSecurityConfiguration();
+	    final NamedKeyInfoGeneratorManager keyInfoManager = secConfiguration
+		    .getKeyInfoGeneratorManager();
+	    final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
+		    .getDefaultManager();
+	    final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
+		    .getFactory(credential);
+	    final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
+		    .newInstance();
+	    
+	    KeyInfo keyInfo = keyInfoGenerator.generate(credential);
+
+	    signature.setKeyInfo(keyInfo);
+	    signature.setCanonicalizationAlgorithm(
+		    SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+	    
+	    //Create a second signature which will be used when signing assertion and response
+	    final Signature signature2 = (Signature) Configuration
+	    .getBuilderFactory().getBuilder(
+		    Signature.DEFAULT_ELEMENT_NAME).buildObject(
+		    Signature.DEFAULT_ELEMENT_NAME);
+	    final SecurityConfiguration secConfiguration2 = Configuration
+	    .getGlobalSecurityConfiguration();
+	    final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
+		    .getKeyInfoGeneratorManager();
+	    final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
+		    .getDefaultManager();
+	    final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
+		    .getFactory(credential);
+	    final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
+		    .newInstance();
+	    
+	    KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
+	    signature2.setSigningCredential(credential);
+	    signature2.setSignatureAlgorithm(
+			    SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+	    signature2.setKeyInfo(keyInfo2);
+	    signature2.setCanonicalizationAlgorithm(
+		    SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+	    	 	    
+
+	    LOG.info("Marshall samlToken.");
+	    String qn = tokenSaml.getElementQName().toString();
+	    
+	    if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+	    {	    
+	  		tokenSaml.setSignature(signature);
+	    	CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
+	    	mars.marshall(tokenSaml);
+	    	Signer.signObject(signature);
+	    }
+	    else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME))
+	    {
+	    	Response res = (Response)tokenSaml;
+	    	List<Assertion> asserts = res.getAssertions();
+	    	//If multiple assertions we just sign the response and not the assertion
+	    	if (asserts.size() > 1)
+	    	{	    		
+	    		tokenSaml.setSignature(signature);
+	    		Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+			    .marshall(tokenSaml);
+	    		LOG.info("Sign samlToken.");
+	    	    Signer.signObject(signature);
+	    	}
+	    	//If single assertion we sign the assertion and response
+	    	else
+	    	{
+			    Assertion assertion = (Assertion)asserts.get(0);
+			    assertion.setSignature(signature);			    
+			    tokenSaml.setSignature(signature2);
+			    Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+			    .marshall(tokenSaml);
+			    LOG.info("Sign samlToken.");
+			    Signer.signObject(signature);
+			    Signer.signObject(signature2);
+	    	}
+	    }
+	    //Normally we just sign the total saml response
+	    else
+	    {
+	    	tokenSaml.setSignature(signature);
+	    	Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+		    .marshall(tokenSaml);
+	    	LOG.info("Sign samlToken.");
+		    Signer.signObject(signature);
+	    }
+	    
+
+	} catch (MarshallingException e) {
+	    LOG.error("MarshallingException");
+	    throw new SAMLEngineException(e);
+	} catch (NoSuchAlgorithmException e) {
+	    LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
+	    throw new SAMLEngineException(e);
+	} catch (KeyStoreException e) {
+	    LOG.error("Generic KeyStore exception.");
+	    throw new SAMLEngineException(e);
+	} catch (SignatureException e) {
+	    LOG.error("Signature exception.");
+	    throw new SAMLEngineException(e);
+	} catch (SecurityException e) {
+	    LOG.error("Security exception.");
+	    throw new SAMLEngineException(e);
+	} catch (UnrecoverableKeyException e) {
+	    LOG.error("UnrecoverableKey exception.");
+	    throw new SAMLEngineException(e);
+	}
+
+	return tokenSaml;
+    }
+
+    /**
+     * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)
+     * @param tokenSaml token SAML
+     * @return the SAMLObject validated.
+     * @throws SAMLEngineException error validate signature
+     */
+    public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
+	    throws SAMLEngineException {
+	LOG.info("Start signature validation.");
+	try {
+
+	    // Validate structure signature
+	    final SAMLSignatureProfileValidator sigProfValidator = 
+		new SAMLSignatureProfileValidator();
+	    try {
+		// Indicates signature id conform to SAML Signature profile
+		sigProfValidator.validate(tokenSaml.getSignature());
+	    } catch (ValidationException e) {
+		LOG.error("ValidationException: signature isn't conform to SAML Signature profile.");
+		throw new SAMLEngineException(e);
+	    }
+
+	    String aliasCert = null;
+	    X509Certificate certificate;
+
+	    /*final List<Credential> trustCred = new ArrayList<Credential>();	    
+
+	    for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+		    .hasMoreElements();) {
+		aliasCert = e.nextElement();
+		final BasicX509Credential credential = new BasicX509Credential();
+		certificate = (X509Certificate) storkOwnKeyStore
+			.getCertificate(aliasCert);
+		credential.setEntityCertificate(certificate);
+		trustCred.add(credential);
+	    }*/
+	    	    
+	    final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
+
+	    final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
+		    .getX509Datas().get(0).getX509Certificates().get(0);
+
+	    final CertificateFactory certFact = CertificateFactory
+		    .getInstance("X.509");
+	    final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
+		    .decode(xmlCert.getValue()));
+	    final X509Certificate cert = (X509Certificate) certFact
+		    .generateCertificate(bis);
+	    
+	    // Exist only one certificate
+	    final BasicX509Credential entityX509Cred = new BasicX509Credential();
+	    entityX509Cred.setEntityCertificate(cert);	    
+	    
+	    try {
+			cert.checkValidity();
+		} 
+	    catch (CertificateExpiredException exp) {
+			throw new SAMLEngineException("Certificate expired.");
+		}
+		catch (CertificateNotYetValidException exp) {
+			throw new SAMLEngineException("Certificate not yet valid.");
+		}		
+		
+		boolean trusted = false;
+		
+		for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();) 
+	    {
+	    	aliasCert = e.nextElement();		
+	    	certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert);					
+	    	try {
+	    		cert.verify(certificate.getPublicKey());
+	    		trusted = true;
+	    		break;
+	    	}
+	    	catch (Exception ex) {
+	    		//Do nothing - cert not trusted yet
+	    	}
+	    }
+		
+		if (!trusted)
+		    throw new SAMLEngineException("Certificate is not trusted.");
+	    
+		/*	    
+	    // Validate trust certificates
+	    final ExplicitX509CertificateTrustEvaluator chainTrustEvaluator = new ExplicitX509CertificateTrustEvaluator();
+	    	    
+	    if (!chainTrustEvaluator.validate(entityX509Cred, trustCred)) {
+		    throw new SAMLEngineException("Certificate is not trusted.");
+	    }
+	    /*final ExplicitKeyTrustEvaluator keyTrustEvaluator = 
+		new ExplicitKeyTrustEvaluator();
+
+	    if (!keyTrustEvaluator.validate(entityX509Cred, trustCred)) {
+		    throw new SAMLEngineException("Certificate is not trusted.");
+	    }*/
+
+	    // Validate signature
+	    final SignatureValidator sigValidator = new SignatureValidator(
+		    entityX509Cred);
+	    sigValidator.validate(tokenSaml.getSignature());
+
+	} catch (ValidationException e) {
+	    LOG.error("ValidationException.");
+	    throw new SAMLEngineException(e);
+	} catch (KeyStoreException e) {
+	    LOG.error("KeyStoreException.", e);
+	    throw new SAMLEngineException(e);
+	} catch (GeneralSecurityException e) {
+	    LOG.error("GeneralSecurityException.", e);
+	    throw new SAMLEngineException(e);
+	}
+	LOG.info(tokenSaml.getSignatureReferenceID());
+	LOG.info("Start signature validation - END." );
+	return tokenSaml;
+    }
+
+
+    /**
+     * Load cryptographic service provider.
+     * 
+     * @throws SAMLEngineException the SAML engine exception
+     */
+    public final void loadCryptServiceProvider() throws SAMLEngineException {
+	LOG.info("Load Cryptographic Service Provider");
+	FileInputStream fis = null;
+	try {
+	    // Dynamically register Bouncy Castle provider.
+	    boolean found = false;
+	    // Check if BouncyCastle is already registered as a provider
+	    final Provider[] providers = Security.getProviders();
+	    for (int i = 0; i < providers.length; i++) {
+		if (providers[i].getName().equals(
+			BouncyCastleProvider.PROVIDER_NAME)) {
+		    found = true;
+		}
+	    }
+
+	    // Register only if the provider has not been previously registered
+	    if (!found) {
+		LOG.info("SAMLCore: Register Bouncy Castle provider.");
+		Security.insertProviderAt(new BouncyCastleProvider(), Security
+			.getProviders().length);
+	    }
+
+	    storkOwnKeyStore = KeyStore.getInstance(properties
+		    .getProperty(KEYSTORE_TYPE));
+
+        LOG.info("Loading KeyInfo from keystore file " + properties.getProperty("keystorePath"));
+	    fis = new FileInputStream(properties
+		    .getProperty("keystorePath"));
+
+	    storkOwnKeyStore.load(fis, properties.getProperty(
+		    KEY_STORE_PASS).toCharArray());	    
+
+	} catch (Exception e) {
+        LOG.error("Error loading CryptographicServiceProvider", e);
+	    throw new SAMLEngineException(
+		    "Error loading CryptographicServiceProvider", e);
+	} finally {
+	    IOUtils.closeQuietly(fis);
+	}
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesBuilder.java
new file mode 100644
index 000000000..a60515593
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesBuilder.java
@@ -0,0 +1,41 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.SAMLCore;
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+
+/**
+ * The Class VIDPAuthenticationAttributesBuilder.
+ * 
+ * @author fjquevedo
+ */
+public final class VIDPAuthenticationAttributesBuilder extends AbstractSAMLObjectBuilder<VIDPAuthenticationAttributes> {
+    
+
+    /** {@inheritDoc} */
+    public VIDPAuthenticationAttributes buildObject() {
+        return buildObject(SAMLCore.STORK10P_NS.getValue(), VIDPAuthenticationAttributes.DEF_LOCAL_NAME, SAMLCore.STORK10P_PREFIX.getValue());
+    }
+
+    /** {@inheritDoc} */
+    public VIDPAuthenticationAttributes buildObject(final String namespaceURI, final String localName, final String namespacePrefix) {
+        return new VIDPAuthenticationAttributesImpl(namespaceURI, localName, namespacePrefix);
+    }
+    
+}
+\ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
new file mode 100644
index 000000000..a6e7e7f60
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
@@ -0,0 +1,132 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSignableSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+import eu.stork.peps.auth.engine.core.SPInformation;
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class VIDPAuthenticationAttributesImpl.
+ * 
+ * @author fjquevedo
+ */
+public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAMLObject implements
+VIDPAuthenticationAttributes {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(VIDPAuthenticationAttributesImpl.class.getName());
+    /** The citizen country code. */
+    private CitizenCountryCode citizenCountryCode;
+    
+    /** The SP information. */
+    private SPInformation spInformation;
+
+	/**
+     * Instantiates a new requested attributes implement.
+     * 
+     * @param namespaceURI the namespace URI
+     * @param elementLocalName the element local name
+     * @param namespacePrefix the namespace prefix
+     */
+    protected VIDPAuthenticationAttributesImpl(final String namespaceURI,
+	    final String elementLocalName, final String namespacePrefix) {	
+	super(namespaceURI, elementLocalName, namespacePrefix);
+    }
+    
+   
+    /**
+     * getCitizenCountryCode.
+     * 
+     * @return the citizen country code
+     */    
+    public CitizenCountryCode getCitizenCountryCode() {
+    	return citizenCountryCode;
+    }
+    
+    /**
+     * getSPInformation
+     * 
+     * @return the SP information
+     */
+    public SPInformation getSPInformation() {
+		return spInformation;
+	}
+
+    /**
+     * Gets the ordered children.
+     * 
+     * @return the ordered children
+     *
+     */
+    public List<XMLObject> getOrderedChildren() {
+	final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+	children.add(citizenCountryCode);
+	children.add(spInformation);
+		
+	if (getSignature() != null) {
+	    children.add(getSignature());
+	}
+	
+	return Collections.unmodifiableList(children);
+
+    }
+
+    /**
+     * Gets the signature reference id.
+     * 
+     * @return the signature reference id
+     *
+     */
+    public String getSignatureReferenceID() {
+	return null;
+    }
+    
+    /**
+     * Sets the citizen country code.
+     * 
+     * @param newCitizenCountryCode the new citizen country code
+     *
+     */
+    public void setCitizenCountryCode(CitizenCountryCode newCitizenCountryCode) {
+	this.citizenCountryCode = prepareForAssignment(this.citizenCountryCode, newCitizenCountryCode);	
+    }    
+    
+    /**
+     * Sets the SP information.
+     * 
+     * @param newSPInformation the new SP information
+     *
+     */
+    public void setSPInformation(SPInformation newSPInformation) {
+		this.spInformation = prepareForAssignment(this.spInformation, newSPInformation);
+	}
+
+    @Override
+    public int hashCode() {
+        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+        return super.hashCode();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesMarshaller.java
new file mode 100644
index 000000000..5635ddd6b
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesMarshaller.java
@@ -0,0 +1,33 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+
+/**
+ * The Class VIDPAuthenticationAttributesMarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class VIDPAuthenticationAttributesMarshaller extends AbstractSAMLObjectMarshaller {
+
+    /**
+     * Instantiates a new vIDP authentication attributes marshaller.
+     */
+    public VIDPAuthenticationAttributesMarshaller() {
+	super();
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesUnmarshaller.java
new file mode 100644
index 000000000..1de300c03
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesUnmarshaller.java
@@ -0,0 +1,55 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+import eu.stork.peps.auth.engine.core.SPInformation;
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+
+/**
+ * The Class VIDPAuthenticationAttributesUnmarshaller.
+ * 
+ * @author fjquevedo
+ */
+public class VIDPAuthenticationAttributesUnmarshaller extends
+	AbstractSAMLObjectUnmarshaller {
+
+    /**
+     * Process child element.
+     * 
+     * @param parentObject the parent object
+     * @param childObject the child object
+     * 
+     * @throws UnmarshallingException the unmarshalling exception
+     *
+     */
+    protected final void processChildElement(final XMLObject parentObject,
+	    final XMLObject childObject) throws UnmarshallingException {
+	final VIDPAuthenticationAttributes vIDPAuthenticationAttr = (VIDPAuthenticationAttributes) parentObject;
+
+	if (childObject instanceof CitizenCountryCode) {
+	    vIDPAuthenticationAttr.setCitizenCountryCode((CitizenCountryCode) childObject);
+	} else if (childObject instanceof SPInformation) {
+		vIDPAuthenticationAttr.setSPInformation((SPInformation) childObject);
+	} else {
+	    super.processChildElement(parentObject, childObject);
+	}	
+    }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/package-info.java
new file mode 100644
index 000000000..e26da6d04
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/package-info.java
@@ -0,0 +1,19 @@
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+/**
+ * Implementations of STORK 1.0 core specification types and elements.
+ */
+package eu.stork.peps.auth.engine.core.impl;
+\ No newline at end of file