From 5d83525a967b66e74b4bd868de7f9805d5d52f84 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 16 Dec 2015 08:07:12 +0100
Subject: add empty eIDAS module

---
 id/server/auth/pom.xml                        | 16 +++++++++----
 id/server/modules/moa-id-module-eIDAS/pom.xml | 33 +++++++++++++++++++++++++++
 id/server/modules/pom.xml                     |  1 +
 pom.xml                                       |  8 ++++++-
 4 files changed, 53 insertions(+), 5 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/pom.xml

diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 665c97964..10e031ac4 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -132,17 +132,25 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
-        <dependency>
+		
+		<!-- Adding eIDAS module dependency automatically adds eIDAS protocol capabilities. -->
+		<dependency>
+			<groupId>MOA.id.server.modules</groupId>
+			<artifactId>moa-id-module-eIDAS</artifactId>
+		</dependency>
+		
+		
+<!--         <dependency>
             <groupId>eu.stork</groupId>
             <artifactId>oasis-dss-api</artifactId>
             <version>1.0.0-RELEASE</version>
-        </dependency>
+        </dependency> -->
         
-        <!-- Adding stork module dependency automatically adds stork capabilities. -->
+<!--         Adding stork module dependency automatically adds stork capabilities.
 		<dependency>
 			<groupId>MOA.id.server.modules</groupId>
 			<artifactId>moa-id-module-stork</artifactId>
-		</dependency>
+		</dependency> -->
 		
 		<!-- Adding monitoring module dependency automatically adds monitoring capabilities. -->
 		<dependency>
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
new file mode 100644
index 000000000..efd903cdb
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -0,0 +1,33 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>MOA.id.server.modules</groupId>
+    <artifactId>moa-id-modules</artifactId>
+    <version>${moa-id-version}</version>
+  </parent>
+  <artifactId>moa-id-module-eIDAS</artifactId>
+  <name>MOA-ID eIDAS Module</name>
+  <description>Inbound / outbound implemention of eIDAS protocol for MOA-ID</description>
+  
+  <properties>
+		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
+	</properties>
+  
+  <dependencies>
+  	<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>${junit.version}</version>
+			<scope>test</scope>
+		</dependency>
+  
+  
+  </dependencies>
+  
+</project>
\ No newline at end of file
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index db03326ea..d44e2a18a 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -25,6 +25,7 @@
 		<module>moa-id-modules-saml1</module>
 		<module>moa-id-module-openID</module>
 		<module>moa-id-modul-citizencard_authentication</module>
+		<module>moa-id-module-eIDAS</module>
 	</modules>
 	
 	<dependencies>
diff --git a/pom.xml b/pom.xml
index 28c2d1588..b991b92e9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -455,7 +455,13 @@
 				<groupId>MOA.id.server.modules</groupId>
 				<artifactId>moa-id-modul-citizencard_authentication</artifactId>
 				<version>${moa-id-version}</version>
-			</dependency>   
+			</dependency>
+			<dependency>
+				<groupId>MOA.id.server.modules</groupId>
+				<artifactId>moa-id-module-eIDAS</artifactId>
+				<version>${moa-id-version}</version>
+			</dependency>
+			   
 			              
             <dependency>
                 <groupId>MOA.spss.server</groupId>
-- 
cgit v1.2.3


From 18e5a374e82b7243a50d371d1a77032db37897d1 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 16 Dec 2015 08:08:49 +0100
Subject: add basic authentication modul implementation and eIDAS protocol
 endpoints

---
 .../eidas/eIDASAuthenticationModulImpl.java        | 60 ++++++++++++++++++++
 .../id/auth/modules/eidas/eIDASSignalServlet.java  | 66 ++++++++++++++++++++++
 .../modules/eidas/eIDAS.Authentication.process.xml | 16 ++++++
 .../auth/modules/eidas/eIDAS.authmodule.beans.xml  | 14 +++++
 4 files changed, 156 insertions(+)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.authmodule.beans.xml

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
new file mode 100644
index 000000000..5ad13970e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthenticationModulImpl implements AuthModule {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+	 */
+	@Override
+	public int getPriority() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthentication.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
new file mode 100644
index 000000000..0c31a87a4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@WebServlet(urlPatterns = { "/eidas/post",  "/eidas/redirect"}, loadOnStartup = 1)
+public class eIDASSignalServlet extends ProcessEngineSignalServlet {
+
+	private static final long serialVersionUID = 8215688005533754459L;
+
+	public eIDASSignalServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + 
+				" with mappings '/eidas/post' and '/eidas/redirect'.");
+		
+	}
+	
+	
+	@Override
+	/**
+	 * Protocol specific implementation to get the sessionID 
+	 * from http request object
+	 * 
+	 * @param request The http Servlet-Request object
+	 * @return The SessionId 
+	 * 
+	 */
+	public String getMoaSessionId(HttpServletRequest request) {
+		//TODO: implement eIDAs specific session synchronization
+		
+		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID));
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
new file mode 100644
index 000000000..111ef972e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+
+	<pd:Task id="finalizeAuthentication" 							 class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start" to="finalizeAuthentication" />
+	
+	<pd:Transition from="finalizeAuthentication"    to="end" />
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.authmodule.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.authmodule.beans.xml
new file mode 100644
index 000000000..0e1b60fe7
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.authmodule.beans.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+	<context:annotation-config />
+
+	<bean id="eIDASAuthModule" class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASAuthenticationModulImpl">
+		<property name="priority" value="1" />
+	</bean>
+
+</beans>
-- 
cgit v1.2.3


From 5abe951ec537b63b0cf70c4be203d96b308e5985 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 18 Dec 2015 12:59:33 +0100
Subject: fix broken STORK depentencies

---
 id/server/auth/pom.xml                             |  4 +-
 id/server/modules/module-stork/pom.xml             | 44 ++++++++++++++++++++++
 .../id/auth/modules/stork/STORKAuthModuleImpl.java |  6 ++-
 3 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 10e031ac4..ed809aee9 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -146,11 +146,11 @@
             <version>1.0.0-RELEASE</version>
         </dependency> -->
         
-<!--         Adding stork module dependency automatically adds stork capabilities.
+ <!--         Adding stork module dependency automatically adds stork capabilities.  -->
 		<dependency>
 			<groupId>MOA.id.server.modules</groupId>
 			<artifactId>moa-id-module-stork</artifactId>
-		</dependency> -->
+		</dependency>
 		
 		<!-- Adding monitoring module dependency automatically adds monitoring capabilities. -->
 		<dependency>
diff --git a/id/server/modules/module-stork/pom.xml b/id/server/modules/module-stork/pom.xml
index 234c8d28a..1b2e3f008 100644
--- a/id/server/modules/module-stork/pom.xml
+++ b/id/server/modules/module-stork/pom.xml
@@ -34,6 +34,50 @@
 			<scope>test</scope>
 		</dependency>
 
+		<dependency>
+			<groupId>eu.stork</groupId>
+			<artifactId>oasis-dss-api</artifactId>
+			<version>1.0.0-RELEASE</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.commons</groupId>
+					<artifactId>commons-io</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		
+		<!--         <dependency>
+            <groupId>eu.stork</groupId>
+            <artifactId>Commons</artifactId>
+            <version>1.4.0</version>
+        </dependency> -->
+        <dependency>
+            <groupId>eu.stork</groupId>
+            <artifactId>SamlEngine</artifactId>
+            <version>1.5.1</version>
+        </dependency>
+
+		<dependency>
+			<groupId>eu.stork</groupId>
+			<artifactId>DocumentService</artifactId>
+			<version>0.0.1-SNAPSHOT</version>
+			<classifier>classes</classifier>
+			<exclusions>
+				<exclusion>
+					<artifactId>axis</artifactId>
+					<groupId>org.apache.axis</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk16</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>jaxws-tools</artifactId>
+					<groupId>com.sun.xml.ws</groupId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+
 	</dependencies>
 
 </project>
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
index 41384690e..ecb568635 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
@@ -28,7 +28,11 @@ public class STORKAuthModuleImpl implements AuthModule {
 
 	@Override
 	public String selectProcess(ExecutionContext context) {
-		return StringUtils.isNotBlank((String) context.get("ccc")) ? "STORKAuthentication" : null;
+		if (StringUtils.isNotBlank((String) context.get("ccc")) || 
+				StringUtils.isNotBlank((String) context.get("CCC"))) 
+			return "STORKAuthentication";
+		else
+			return null;
 	}
 
 	@Override
-- 
cgit v1.2.3


From 3314af0442eba4bce469b21585a75c1a327f53b5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 18 Dec 2015 13:00:30 +0100
Subject: add first untested parts for eIDAS SAML-engine configuration

---
 .../moa/id/config/auth/AuthConfiguration.java      |   8 +
 .../PropertyBasedAuthConfigurationProvider.java    |   5 +
 id/server/modules/moa-id-module-eIDAS/pom.xml      |  73 +++++-
 .../moa/id/auth/modules/eidas/Constants.java       |  56 +++++
 .../MOAIDCertificateManagerConfigurationImpl.java  | 118 +++++++++
 .../MOAeIDASSAMLEngineConfigurationImpl.java       | 265 +++++++++++++++++++++
 .../MOAeIDASSAMLInstanceConfigurationImpl.java     |  60 +++++
 .../eidas/eIDASAuthenticationModulImpl.java        |  28 ++-
 .../EIDASEngineConfigurationException.java         |  60 +++++
 .../eidas/exceptions/EIDASEngineException.java     |  45 ++++
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  98 ++++++++
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |  78 ++++++
 .../modules/eidas/eIDAS.Authentication.process.xml |   5 +-
 13 files changed, 889 insertions(+), 10 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
index c98a7d537..ad3268b90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
@@ -25,6 +25,14 @@ public interface AuthConfiguration extends ConfigurationProvider{
 	
 	public String getConfigurationWithKey(final String key);
 	
+	/**
+	 * Get a configuration value from basic file based MOA-ID configuration
+	 * 
+	 * @param key configuration key 
+	 * @return configuration value
+	 */
+	public String getBasicMOAIDConfiguration(final String key);
+	
 	public int getTransactionTimeOut();
 	public int getSSOCreatedTimeOut();
 	public int getSSOUpdatedTimeOut();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 645831479..dce7de526 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -173,6 +173,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		}
 	}
 	
+	public String getBasicMOAIDConfiguration(final String key) {
+		return properties.getProperty(key);
+		
+	}
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertyWithKey(java.lang.String)
 	 */
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index efd903cdb..43ba6bc20 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -11,6 +11,10 @@
   
   <properties>
 		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
+		
+		<eidas-commons.version>eidas.1.0</eidas-commons.version>
+		<eidas-saml-engine.version>eidas.1.0</eidas-saml-engine.version>
+		
 	</properties>
   
   <dependencies>
@@ -23,10 +27,77 @@
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
-			<version>${junit.version}</version>
 			<scope>test</scope>
 		</dependency>
   
+		<!-- eidas Commons -->
+		<dependency>
+    		<groupId>eu.eidas</groupId>
+    		<artifactId>eidas-commons</artifactId>
+    		<version>${eidas-commons.version}</version>
+			<!--scope>provided</scope-->
+            <exclusions>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+                <exclusion>
+                	<artifactId>log4j-over-slf4j</artifactId>
+                	<groupId>org.slf4j</groupId>
+                </exclusion>
+            </exclusions>
+		</dependency>
+
+		<!-- eidas SAML Engine -->
+		<dependency> 
+    		<groupId>eu.eidas</groupId>
+    		<artifactId>saml-engine</artifactId>
+    		<version>${eidas-saml-engine.version}</version>
+    		<scope>compile</scope>
+			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>slf4j-simple</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>jcl-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>slf4j-api</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>jul-to-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+                <exclusion>
+                    <groupId>xalan</groupId>
+                    <artifactId>serializer</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xalan</groupId>
+                    <artifactId>xalan</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xerces</groupId>
+                    <artifactId>xercesImpl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xml-resolver</groupId>
+                    <artifactId>xml-resolver</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
+			</exclusions>
+		</dependency>  
+  
   
   </dependencies>
   
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
new file mode 100644
index 000000000..14fde95a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+/**
+ * @author tlenz
+ *
+ */
+public class Constants {
+
+	public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
+		
+	//default keys for eIDAS SAML-engine configuration
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG = "SignatureConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG = "EncryptionConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_CLASS = "class";
+	
+	//default implementations for eIDAS SAML-engine functionality
+	public static final String SAML_SIGNING_IMPLENTATION = "eu.eidas.auth.engine.core.impl.SignSW";
+	public static final String SAML_ENCRYPTION_IMPLENTATION = "eu.eidas.auth.engine.core.impl.EncryptionSW";
+	
+	//configuration property keys
+	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
+	
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
new file mode 100644
index 000000000..9b634ff4d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.config.ConfigurationException;
+import eu.eidas.samlengineconfig.AbstractCertificateConfigurationManager;
+import eu.eidas.samlengineconfig.EngineInstance;
+import eu.eidas.samlengineconfig.SamlEngineConfiguration;
+import eu.eidas.samlengineconfig.impl.SamlEngineConfigurationImpl;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDCertificateManagerConfigurationImpl extends
+		AbstractCertificateConfigurationManager {
+
+    private SamlEngineConfiguration samlEngineConfiguration =null;
+	
+    @Override
+	public boolean isActive() {
+		return true;
+	}
+    
+    /**
+	 * 
+	 */
+	public MOAIDCertificateManagerConfigurationImpl() {
+		try {
+			initalizeConfiguration();
+			
+		} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+			Logger.error("eIDAS SAML-engine initialization FAILED", e);
+			
+		}
+	}
+    
+	
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#addConfiguration(java.lang.String, java.lang.String, java.util.Map, boolean)
+	 */
+	@Override
+	public void addConfiguration(String paramString1, String paramString2,
+			Map<String, String> paramMap, boolean paramBoolean) {
+		throw new ConfigurationException("","not yet implemented");
+
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#getInstance(java.lang.String)
+	 */
+	@Override
+	public EngineInstance getInstance(String paramString) {
+		return getConfiguration().get(paramString);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#getConfiguration()
+	 */
+	@Override
+	public Map<String, EngineInstance> getConfiguration() {
+		if(samlEngineConfiguration == null){
+			try {
+				initalizeConfiguration();
+				
+			} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+				Logger.error("eIDAS SAML-engine initialization FAILED", e);
+				
+			}
+			
+		}
+		
+		return samlEngineConfiguration==null?new HashMap<String, EngineInstance>():((MOAeIDASSAMLEngineConfigurationImpl) samlEngineConfiguration).getInstanceMap();
+		
+	}
+	
+	
+	/**
+	 * Initialize eIDAS SAML-engine from MOA-ID configuration
+	 * @throws at.gv.egovernment.moa.id.config.ConfigurationException 
+	 * 
+	 */
+	private void initalizeConfiguration() throws at.gv.egovernment.moa.id.config.ConfigurationException {
+		//initialize configuration
+		MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl();
+		tmp.initialize();
+				
+		//set initialized configuration
+		samlEngineConfiguration = tmp;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
new file mode 100644
index 000000000..28bd2fc04
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+import eu.eidas.samlengineconfig.BinaryParameter;
+import eu.eidas.samlengineconfig.ConfigurationParameter;
+import eu.eidas.samlengineconfig.EngineInstance;
+import eu.eidas.samlengineconfig.InstanceConfiguration;
+import eu.eidas.samlengineconfig.PropsParameter;
+import eu.eidas.samlengineconfig.SamlEngineConfiguration;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASSAMLEngineConfigurationImpl extends
+		SamlEngineConfiguration {
+	
+    private static final String KEYSTORE_PATH="keystorePath";
+    private static final String METADATA_KEYSTORE_PATH="metadata.keystorePath";
+    private static final String ENCRYPTION_ACTIVATION="encryptionActivation";
+    private static final String[] BINARY_PARAMETERS={KEYSTORE_PATH, ENCRYPTION_ACTIVATION,METADATA_KEYSTORE_PATH};
+		
+    public List<EngineInstance> getInstances(){
+        return super.getInstances();
+    }
+	
+    @Override
+    public void setInstances(List<EngineInstance> engineInstances) {
+        super.setInstances(engineInstances);
+        
+    }
+    
+    public Map<String, EngineInstance> getInstanceMap() {
+        Map<String, EngineInstance> result = new HashMap<String, EngineInstance>();
+        for(EngineInstance instance:getInstances()) {
+        	
+            result.put(instance.getName(), instance);
+        }
+        
+        return result;
+    }
+    
+    //initialize
+    public void initialize() throws ConfigurationException { 
+    	//create an eIDAS SAML-engine instance
+    	EngineInstance engineInst = new EngineInstance();
+    	engineInst.setName(Constants.eIDAS_SAML_ENGINE_NAME);    	    	
+    	List<InstanceConfiguration> engineConfigs = new ArrayList<InstanceConfiguration>();
+		engineInst.setConfigurations(engineConfigs);
+    	
+		//add configurations
+		
+		//add basic eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlBaseConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlBaseConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG);				
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE));
+		engineConfigs.add(samlBaseConfig);
+				
+		//add signing eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlSignConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlSignConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG);		
+		samlSignConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS, 
+				Constants.SAML_SIGNING_IMPLENTATION);
+		
+		//TODO: load signing keys directly from MOA-ID configuration in finale version
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
+		engineConfigs.add(samlSignConfig);
+		
+		//add encryption eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlEncConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlEncConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG);		
+
+		//TODO: load encryption keys directly from MOA-ID configuration in finale version
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE));
+		engineConfigs.add(samlEncConfig);
+		
+		super.addInstance(engineInst);
+		
+    }
+    
+    /**
+     *	Load an external eIDAS SAML-engine configuration file, which is referenced from MOA-ID configuration
+     * 
+     * @param key Configuration key, which is used in property based MOA-ID configuration file
+     * @return eIDAS SAML-engine configuration object
+     * @throws ConfigurationException
+     */
+        
+    private ConfigurationParameter loadConfigurationFromExternalFile(String key) throws ConfigurationException {
+		String configFile = 
+				AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key);
+		if (MiscUtil.isEmpty(configFile)) {
+			Logger.warn("No eIDAS SAML-engine configuration key: " 
+					+ key + " found in MOA-ID properties configuration file.");
+			//throw new EIDASEngineConfigurationException("No eIDAS SAML-engine configuration property.", null);
+			return null;
+		}
+		
+		Properties inputProps = loadPropsFromXml(configFile);    	
+		return buildPropsParameter(inputProps, configFile);
+    	
+    }
+    
+    
+    private PropsParameter buildPropsParameter(Properties inputProps, String fileName) throws EIDASEngineConfigurationException {
+    	PropsParameter outputProps = new PropsParameter();
+    	outputProps.setFileName(fileName);
+    	
+    	//original eIDAS SAML-engine use this identifier
+    	outputProps.setName("fileConfiguration");
+    	
+    	outputProps.setValue(inputProps);
+
+    	//post-process special parameters
+    	for(String key:BINARY_PARAMETERS) {
+            Object keystorePath = inputProps.get(key);
+            if (keystorePath != null) {
+            	if (keystorePath instanceof String && 
+            			isBinaryParameter((String)keystorePath) ) {
+            		BinaryParameter bp = new BinaryParameter();
+            		bp.setValue(loadBinaryFile(keystorePath.toString()));
+            		bp.setName(key);
+            		bp.setUrl(keystorePath.toString());
+            		inputProps.put(key, bp);
+                
+            	} else {
+            		Logger.warn("eIDAS SAML-engine keyStore parameter has an unsuspected type. +" +
+            				"(Type: " + keystorePath.toString() + ")");
+            	
+            	}
+            }
+        }
+    	
+    	return outputProps;
+    }
+    
+    private boolean isBinaryParameter(String parameter) {
+    	if (MiscUtil.isNotEmpty(parameter)) {
+    		String absoluteConfigFile;
+			try {
+				absoluteConfigFile = FileUtils.makeAbsoluteURL(
+						parameter,
+						AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+				File file = new File(new URL(absoluteConfigFile).toURI());
+	    		return file.exists();
+	    		
+			} catch (ConfigurationException | MalformedURLException | URISyntaxException e) {
+				Logger.warn("Binary eIDAS SAML-engine configuration parameter: " 
+						+ parameter + " is not loadable.");
+				
+			}
+     		
+    	}
+    	
+    	return false;
+        
+    }
+    
+    private byte[] loadBinaryFile(String fileName) throws EIDASEngineConfigurationException{
+    	InputStream is = null;
+    	byte data[]=null;
+    	try {
+    		String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+    				fileName,
+    				AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+    		
+    		File file = new File(new URL(absoluteConfigFile).toURI());
+    		is = new FileInputStream(file);
+    		data=new byte[is.available()];
+            is.read(data);
+    		
+    	} catch (ConfigurationException | URISyntaxException | IOException e) {
+    		throw new EIDASEngineConfigurationException("eIDAS SAML-engine configuration FAILED", null, e);
+    				
+    	} finally {
+    		if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.warn("eIDAS SAML-engine configuration is not closeable.", e);
+					
+				}
+    		
+    	}
+    	
+    	return data;
+        
+    }
+    
+    private Properties loadPropsFromXml(String configFile) throws EIDASEngineConfigurationException {
+    	Properties props = new Properties();
+    	InputStream is = null;
+    	try {
+    		String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+    				configFile,
+    				AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+    		
+    		File file = new File(new URL(absoluteConfigFile).toURI());
+    		is = new FileInputStream(file);
+    		props.loadFromXML(is);
+    		
+    	} catch (ConfigurationException | URISyntaxException | IOException e) {
+    		throw new EIDASEngineConfigurationException("eIDAS SAML-engine configuration FAILED", null, e);
+    				
+    	} finally {
+    		if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.warn("eIDAS SAML-engine configuration is not closeable.", e);
+					
+				}
+    		
+    	}
+    	
+    	return props;
+    	    	
+    }
+    
+    
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
new file mode 100644
index 000000000..dccd39905
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import eu.eidas.samlengineconfig.ConfigurationParameter;
+import eu.eidas.samlengineconfig.InstanceConfiguration;
+import eu.eidas.samlengineconfig.StringParameter;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASSAMLInstanceConfigurationImpl extends
+		InstanceConfiguration {
+
+	public void addParameter(ConfigurationParameter param) {
+		if (param != null) {
+			List<ConfigurationParameter> paramList = super.getParameters();
+			if (paramList == null) {
+				paramList = new ArrayList<ConfigurationParameter>();
+				super.setParameters(paramList);
+			
+			}
+		
+			paramList.add(param);
+		}		
+	}
+	
+	public void addParameter(String key, String value) {
+		StringParameter param = new StringParameter();
+		param.setName(key);
+		param.setValue(value);		
+		addParameter(param);
+		
+	}
+		
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
index 5ad13970e..7b044522c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import org.apache.commons.lang3.StringUtils;
+
 import at.gv.egovernment.moa.id.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
@@ -31,13 +33,19 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
  */
 public class eIDASAuthenticationModulImpl implements AuthModule {
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
-	 */
+	private int priority = 1;
+
 	@Override
 	public int getPriority() {
-		// TODO Auto-generated method stub
-		return 0;
+		return priority;
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
 	}
 
 	/* (non-Javadoc)
@@ -45,8 +53,12 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {
-		// TODO Auto-generated method stub
-		return null;
+		if (StringUtils.isNotBlank((String) context.get("ccc")) || 
+				StringUtils.isNotBlank((String) context.get("CCC"))) 
+			return "eIDASAuthentication";
+		else
+			return null;
+		
 	}
 
 	/* (non-Javadoc)
@@ -54,7 +66,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String[] getProcessDefinitions() {
-		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthentication.process.xml" };
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml" };
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
new file mode 100644
index 000000000..98bc559d2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDASEngineConfigurationException extends ConfigurationException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 * @param wrapped
+	 */
+	public EIDASEngineConfigurationException(String messageId,
+			Object[] parameters, Throwable wrapped) {
+		super(messageId, parameters, wrapped);
+	}
+
+	/**
+	 * @param string
+	 * @param object
+	 */
+	public EIDASEngineConfigurationException(String string, Object[] object) {
+		super(string, object);
+	}
+
+
+
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
new file mode 100644
index 000000000..95690bbeb
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDASEngineException extends Exception {
+
+	/**
+	 * @param string
+	 * @param e
+	 */
+	public EIDASEngineException(String string, Throwable e) {
+		super(string, e);
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1559812927427153879L;
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
new file mode 100644
index 000000000..0d9816f65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		
+		
+		
+		IPersonalAttributeList pAttList = new PersonalAttributeList();
+		
+		//create template requested attribute
+		//TODO: load required attributes from OA configuration
+		PersonalAttribute attr = new PersonalAttribute();
+		
+		pAttList.add(attr);
+		
+		
+		
+		
+		//build eIDAS AuthnRequest
+		EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+		
+		
+		try{
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+            engine.initRequestedAttributes(pAttList);
+			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
+			
+		}catch (EIDASSAMLEngineException e){
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("Could not generate token for Saml Request", e));
+			
+		} catch (EIDASEngineException e) {
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
+			
+		}	
+
+		//encode AuthnRequest
+		byte[] token = authnRequest.getTokenSaml();		
+		String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
+		
+		
+		//send
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
new file mode 100644
index 000000000..0d6a49a47
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+import eu.eidas.samlengineconfig.CertificateConfigurationManager;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SAMLEngineUtils {
+
+	public static EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+		
+		try {
+			//get eIDAS SAMLengine configuration from MOA-ID configuration
+			CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+			
+			//initial eIDAS SAMLengine
+			EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
+						configManager);
+
+			//set Metadata managment to eIDAS SAMLengine
+			//TODO: implement Metadata processor
+			engine.setMetadataProcessor(null);
+			
+			return engine;
+			
+		} catch (EIDASSAMLEngineException e) {
+			Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+			throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+			
+		}
+								
+	}
+	
+	public static void main(String[] args) {
+		try {
+			EIDASSAMLEngine test = createSAMLEngine();
+			
+			
+		} catch (EIDASEngineException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+			
+		}
+		
+		System.out.println("Success");
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
index 111ef972e..fe1974b4d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -2,12 +2,15 @@
 <pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
 
 
+	<pd:Task id="createAuthnRequest" 							 		 class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" />
 	<pd:Task id="finalizeAuthentication" 							 class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
 	
-	<pd:Transition from="start" to="finalizeAuthentication" />
+	<pd:Transition from="start" to="createAuthnRequest" />
+	
+	<pd:Transition from="createAuthnRequest" to="finalizeAuthentication" />
 	
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 	
-- 
cgit v1.2.3


From 1da87c34732751c0262bc62adbad6ae139b3bfeb Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 18 Dec 2015 13:02:00 +0100
Subject: add basic eIDAS modul default configuration

---
 .../deploy/conf/moa-id/eIDAS/EncryptModule.xml     |  22 +++++
 .../deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml |  98 +++++++++++++++++++++
 .../data/deploy/conf/moa-id/eIDAS/SignModule.xml   |  12 +++
 .../deploy/conf/moa-id/eIDAS/encryptionConf.xml    |  14 +++
 .../data/deploy/conf/moa-id/keys/eidasKeyStore.jks | Bin 0 -> 5657 bytes
 .../data/deploy/conf/moa-id/moa-id.properties      |   6 ++
 6 files changed, 152 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks

diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
new file mode 100644
index 000000000..9fef4fa2e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+    <comment>SWModule encrypt with JKS.</comment>
+    <entry key="keystorePath">keys/eidasKeyStore.jks</entry>
+    <entry key="keyStorePassword">local-demo</entry>
+    <entry key="keyPassword">local-demo</entry>
+
+    <!-- Management of the encryption activation -->
+    <entry key="encryptionActivation">eIDAS/encryptionConf.xml</entry>
+
+
+    <entry key="responseToPointIssuer.BE">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium,C=BE</entry>
+    <entry key="responseToPointSerialNumber.BE">54C8F779</entry>
+
+    <!--  If not present then no decryption will be applied on response -->
+    <entry key="responseDecryptionIssuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry>
+    <entry key="serialNumber">54C8F779</entry>
+
+    <entry key="keystoreType">JKS</entry>
+</properties>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml
new file mode 100644
index 000000000..2327fb0d8
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SAML constants for AuthnRequests and Responses.</comment>
+
+	<!--
+		Types of consent obtained from the user for this authentication and
+		data transfer.
+		Allow values: 'unspecified'.
+	-->
+	<entry key="consentAuthnRequest">unspecified</entry>
+	<!--
+	Allow values: 'obtained', 'prior', 'curent-implicit', 'curent-explicit', 'unspecified'.
+	-->
+	<entry key="consentAuthnResponse">obtained</entry>
+
+	<!--URI representing the classification of the identifier
+		Allow values: 'entity'.
+	-->
+	<entry key="formatEntity">entity</entry>
+	
+	<!--Only HTTP-POST binding is only supported for inter PEPS-->
+	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+	<entry key="protocolBinding">HTTP-POST</entry>
+	
+	<entry key="eIDSectorShare">false</entry>
+	<entry key="eIDCrossSectorShare">false</entry>
+	<entry key="eIDCrossBorderShare">false</entry>
+	
+	<!-- Attributes with require option -->
+	<entry key="isRequired">true</entry>
+	
+	<!-- A friendly name for the attribute that can be displayed to a user -->
+	<entry key="friendlyName">false</entry>
+	
+	<!--PEPS in the Service Provider's country-->
+	<entry key="requester">http://S-PEPS.gov.xx</entry>
+
+	<!--PEPS in the citizen's origin country-->
+	<entry key="responder">http://C-PEPS.gov.xx</entry>
+
+	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+	<entry key="timeNotOnOrAfter">300</entry>
+
+	<!--Validation IP of the response-->
+	<entry key="ipAddrValidation">false</entry>
+	
+	<!--One time use-->
+	<entry key="oneTimeUse">true</entry>
+
+	<!--Subject Attribute Definitions-->
+	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+ 	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+	<entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
+	<entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
+	<entry key="unknown">http://www.stork.gov.eu/1.0/unknown</entry>
+
+
+	<!--Subject Attribute Definitions eidas format, natural person -->
+	<entry key="eidas/attributes/CurrentFamilyName">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry>
+	<entry key="eidas/attributes/CurrentGivenName">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry>
+	<entry key="eidas/attributes/DateOfBirth">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry>
+	<entry key="eidas/attributes/PersonIdentifier">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry>
+	<entry key="eidas/attributes/BirthName">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry>
+	<entry key="eidas/attributes/PlaceOfBirth">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry>
+	<entry key="eidas/attributes/CurrentAddress">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry>
+	<entry key="eidas/attributes/Gender">http://eidas.europa.eu/attributes/naturalperson/Gender</entry>
+	<!--Subject Attribute Definitions eidas format, legal person -->
+	<entry key="eidas/attributes/LegalPersonIdentifier">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry>
+	<entry key="eidas/attributes/LegalAddress">http://eidas.europa.eu/attributes/legalperson/LegalAddress</entry>
+	<entry key="eidas/attributes/LegalName">http://eidas.europa.eu/attributes/legalperson/LegalName</entry>
+	<entry key="eidas/attributes/VATRegistration">http://eidas.europa.eu/attributes/legalperson/VATRegistration</entry>
+	<entry key="eidas/attributes/TaxReference">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry>
+	<entry key="eidas/attributes/D-2012-17-EUIdentifier">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry>
+	<entry key="eidas/attributes/LEI">http://eidas.europa.eu/attributes/legalperson/LEI</entry>
+	<entry key="eidas/attributes/EORI">http://eidas.europa.eu/attributes/legalperson/EORI</entry>
+	<entry key="eidas/attributes/SEED">http://eidas.europa.eu/attributes/legalperson/SEED</entry>
+	<entry key="eidas/attributes/SIC">http://eidas.europa.eu/attributes/legalperson/SIC</entry>
+
+</properties>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
new file mode 100644
index 000000000..04edaf41d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SWModule sign with JKS.</comment>
+	<entry key="keystorePath">keys/eidasKeyStore.jks</entry>
+	<entry key="keyStorePassword">local-demo</entry>
+	<entry key="keyPassword">local-demo</entry>
+	<entry key="issuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry>
+	<entry key="serialNumber">54c8f779</entry>
+	<entry key="keystoreType">JKS</entry>
+</properties>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml
new file mode 100644
index 000000000..ff8307f10
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+	<entry key="EncryptTo.CA">false</entry>
+
+	<entry key="EncryptTo.CB">false</entry>
+
+	<entry key="EncryptTo.CC">false</entry>
+
+	<entry key="EncryptTo.CD">false</entry>
+
+	<entry key="EncryptTo.CF">false</entry>
+
+</properties>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks
new file mode 100644
index 000000000..c8a28d0ae
Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks differ
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 49e69c561..aefc0801a 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -48,6 +48,12 @@ stork.fakeIdL.keygroup=
 stork.documentservice.url=
 
 
+## eIDAS protocol configuration
+moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml
+moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml
+moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml
+
+
 ##Protocol configuration##
 #PVP2
 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
-- 
cgit v1.2.3


From 5df604a0ae5f1433c37759d4f7ebaa7d4f8af8d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Sun, 20 Dec 2015 21:19:57 +0100
Subject: Fix problems with MOA-ID eIDAS SAML-engine configuration

---
 .../gv/egovernment/moa/id/auth/modules/eidas/Constants.java   |  3 ++-
 .../eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java     | 11 +++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 14fde95a0..3f94ca5e5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -28,7 +28,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
  */
 public class Constants {
 
-	public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
+	//public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
+	public static final String eIDAS_SAML_ENGINE_NAME = "default";
 		
 	//default keys for eIDAS SAML-engine configuration
 	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index 28bd2fc04..584910ea5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -88,7 +88,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
     	EngineInstance engineInst = new EngineInstance();
     	engineInst.setName(Constants.eIDAS_SAML_ENGINE_NAME);    	    	
     	List<InstanceConfiguration> engineConfigs = new ArrayList<InstanceConfiguration>();
-		engineInst.setConfigurations(engineConfigs);
+		
     	
 		//add configurations
 		
@@ -105,17 +105,20 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
 				Constants.SAML_SIGNING_IMPLENTATION);
 		
 		//TODO: load signing keys directly from MOA-ID configuration in finale version
-		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
+		samlSignConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
 		engineConfigs.add(samlSignConfig);
 		
 		//add encryption eIDAS SAML-engine configuration
 		MOAeIDASSAMLInstanceConfigurationImpl samlEncConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
-		samlEncConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG);		
+		samlEncConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG);
+		samlEncConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS, 
+				Constants.SAML_ENCRYPTION_IMPLENTATION);
 
 		//TODO: load encryption keys directly from MOA-ID configuration in finale version
-		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE));
+		samlEncConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE));
 		engineConfigs.add(samlEncConfig);
 		
+		engineInst.setConfigurations(engineConfigs);  
 		super.addInstance(engineInst);
 		
     }
-- 
cgit v1.2.3


From bd13b36516fc5a57409348fba2d266c8fa8d8f99 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Sun, 20 Dec 2015 22:06:37 +0100
Subject: add very simple metadata processor without signature validation

---
 .../engine/MOAeIDASSimpleMetadataProvider.java     | 50 ++++++++++++++++++++++
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  | 20 ++-------
 2 files changed, 53 insertions(+), 17 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
new file mode 100644
index 000000000..2aec81db5
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.security.KeyStore;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.SimpleMetadataProcessor;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+public class MOAeIDASSimpleMetadataProvider extends SimpleMetadataProcessor {
+
+	@Override
+	public EntityDescriptor getEntityDescriptor(String url) {
+        EntityDescriptor entityDescriptor=getEntityDescriptorHelper(url);
+        
+        if(Logger.isDebugEnabled()){
+            Logger.debug("got entityDescriptor: " + entityDescriptor);
+        }
+        return entityDescriptor;
+	}
+
+	@Override
+	public SPSSODescriptor getSPSSODescriptor(String url) throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
+		
+	}
+
+	@Override
+	public IDPSSODescriptor getIDPSSODescriptor(String url) throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
+		
+	}
+
+    @Override
+    public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine) throws SAMLEngineException {
+        //TODO: implement Metadata signature validation
+        Logger.warn("MetadataProcessor in demo SP does not actually check the signature of metadata");
+   
+    }
+    @Override
+    public void checkValidMetadataSignature(String url, KeyStore store) throws SAMLEngineException {
+        //not implemented
+    	
+    }
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 0d6a49a47..2c2435ff6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASSimpleMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
@@ -47,8 +48,8 @@ public class SAMLEngineUtils {
 						configManager);
 
 			//set Metadata managment to eIDAS SAMLengine
-			//TODO: implement Metadata processor
-			engine.setMetadataProcessor(null);
+			//TODO: implement final Metadata processor (this is only a first solution!!!)
+			engine.setMetadataProcessor(new MOAeIDASSimpleMetadataProvider());
 			
 			return engine;
 			
@@ -60,19 +61,4 @@ public class SAMLEngineUtils {
 								
 	}
 	
-	public static void main(String[] args) {
-		try {
-			EIDASSAMLEngine test = createSAMLEngine();
-			
-			
-		} catch (EIDASEngineException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			
-		}
-		
-		System.out.println("Success");
-		
-	}
-	
 }
-- 
cgit v1.2.3


From 8438e00eb12f34b2b5da0b8c07f39eaa49e96e37 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Sun, 20 Dec 2015 22:07:54 +0100
Subject: load service-provider configuration and moa-session object in eIDAS
 create-AuthnRequest task

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 69 ++++++++++++++--------
 1 file changed, 44 insertions(+), 25 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 0d9816f65..6483656ec 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -32,12 +32,19 @@ import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.commons.PersonalAttributeList;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
-
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,45 +61,57 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		
+		try{
+			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
+			String pendingRequestID = (String) executionContext.get("pendingRequestID");
+
+			//load pending request
+			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+			
+			}
+    	
+			//load MOASession object and OA-configuration
+			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			
+			
+			//build eIDAS AuthnRequest
+			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+			IPersonalAttributeList pAttList = new PersonalAttributeList();
+			
+			//create template requested attribute
+			//TODO: load required attributes from OA configuration
+			PersonalAttribute attr = new PersonalAttribute();
 		
+			pAttList.add(attr);
+			
 		
-		IPersonalAttributeList pAttList = new PersonalAttributeList();
-		
-		//create template requested attribute
-		//TODO: load required attributes from OA configuration
-		PersonalAttribute attr = new PersonalAttribute();
-		
-		pAttList.add(attr);
-		
-		
-		
-		
-		//build eIDAS AuthnRequest
-		EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
-		
-		
-		try{
+			
 			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
             engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
+			//encode AuthnRequest
+			byte[] token = authnRequest.getTokenSaml();		
+			String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
+			
+			
+			//send
+			
+			
 		}catch (EIDASSAMLEngineException e){
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
 					new EIDASEngineException("Could not generate token for Saml Request", e));
 			
-		} catch (EIDASEngineException e) {
+		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
 			
 		}	
 
-		//encode AuthnRequest
-		byte[] token = authnRequest.getTokenSaml();		
-		String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
-		
-		
-		//send
-
 	}
 
 }
-- 
cgit v1.2.3


From 819cd7dddb38811ea869321d951e8a9ace36440b Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Mon, 4 Jan 2016 15:45:16 +0100
Subject: send a saml assertion to the demo node

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 70 ++++++++++++++++++----
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 18 ++++++
 .../modules/eidas/eIDAS.Authentication.process.xml |  6 +-
 .../templates/eidas_postbinding_template.vm        | 38 ++++++++++++
 4 files changed, 117 insertions(+), 15 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 6483656ec..159728e92 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,9 +22,17 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.Security;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.IPersonalAttributeList;
@@ -45,6 +53,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -76,22 +85,29 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//load MOASession object and OA-configuration
 			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-			
-			
-			//build eIDAS AuthnRequest
-			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
 			
 			//create template requested attribute
 			//TODO: load required attributes from OA configuration
 			PersonalAttribute attr = new PersonalAttribute();
-		
+			attr.setName("eidas/attributes/CurrentFamilyName");
+
 			pAttList.add(attr);
-			
-		
-			
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-            engine.initRequestedAttributes(pAttList);
+
+			//build eIDAS AuthnRequest
+			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ServiceProvider";
+			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
+			String providerName = "sp3fr-moa";
+			authnRequest.setProviderName(providerName);
+			int qaaLevel = 1;
+			authnRequest.setQaa(qaaLevel);
+			authnRequest.setPersonalAttributeList(pAttList);
+
+			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
 			//encode AuthnRequest
@@ -100,8 +116,38 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			
 			//send
-			
-			
+	        try {
+	            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+	            Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm");
+	            VelocityContext context = new VelocityContext();
+
+	            String actionType = "SAMLRequest";
+	            context.put(actionType, SAMLRequest);
+	            Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
+
+	            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
+	            context.put("action", assertionConsumerURL);
+
+	            Logger.debug("Starting template merge");
+	            StringWriter writer = new StringWriter();
+
+	            Logger.debug("Doing template merge");
+	            template.merge(context, writer);
+	            Logger.debug("Template merge done");
+
+	            Logger.debug("Sending html content: " + writer.getBuffer().toString());
+
+	            response.setContentType("text/html;charset=UTF-8");
+	            response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+	        } catch (IOException e) {
+	            Logger.error("Velocity IO error: " + e.getMessage());
+	            throw new MOAIDException("stork.15", null); // TODO
+	        } catch (Exception e) {
+	            Logger.error("Velocity general error: " + e.getMessage());
+	            throw new MOAIDException("stork.15", null); // TODO
+	        }
+
 		}catch (EIDASSAMLEngineException e){
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
new file mode 100644
index 000000000..8fdb40065
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
+
+			System.out.println(request.getContentLength());
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
index fe1974b4d..09f10a7ef 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -2,15 +2,15 @@
 <pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
 
 
-	<pd:Task id="createAuthnRequest" 							 		 class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" />
-	<pd:Task id="finalizeAuthentication" 							 class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
+	<pd:Task id="receiveAuthnResponse" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask" async="true" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
 	
 	<pd:Transition from="start" to="createAuthnRequest" />
 	
-	<pd:Transition from="createAuthnRequest" to="finalizeAuthentication" />
+	<pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" />
+	<pd:Transition from="receiveAuthnResponse" to="finalizeAuthentication" />
 	
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm
new file mode 100644
index 000000000..8beb601c6
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm
@@ -0,0 +1,38 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+## Contains target attribute to delegate PEPS authentication out of iFrame
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post" target="_top">
+            <div>
+                #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+                
+                #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        
+    </body>
+</html>
\ No newline at end of file
-- 
cgit v1.2.3


From 0aecf1865143cf6dc86980a279836f443616495c Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 Jan 2016 09:16:10 +0100
Subject: fixed eidas process configuration

---
 .../moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml          | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
index 09f10a7ef..2a16b2e23 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -2,7 +2,9 @@
 <pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
 
 
+	<pd:Task id="createAuthnRequest" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" />
 	<pd:Task id="receiveAuthnResponse" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask" async="true" />
+	<pd:Task id="finalizeAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
-- 
cgit v1.2.3


From 5371cce8ad520a49840c37cdf1d952c233f47320 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 Jan 2016 11:01:00 +0100
Subject: metadata delivery. draft but working.

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  2 +
 .../modules/eidas/utils/EidasMetaDataServlet.java  | 89 ++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 159728e92..c4f7bdae0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -106,6 +106,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			int qaaLevel = 1;
 			authnRequest.setQaa(qaaLevel);
 			authnRequest.setPersonalAttributeList(pAttList);
+			String issuer = "http://localhost:12344/moa-id-auth/eidas/metadata";
+			authnRequest.setIssuer(issuer);
 
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
new file mode 100644
index 000000000..dd7671765
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -0,0 +1,89 @@
+/*******************************************************************************
+ *  Copyright 2015 e-SENS project
+ *
+ *  Licensed under the EUPL, Version 1.1 or - as soon they will be
+ *  approved by the European Commission - subsequent versions of
+ *  the EUPL (the "Licence");
+ *  You may not use this work except in compliance with the Licence.
+ *  You may obtain a copy of the Licence at: http://ec.europa.eu/idabc/eupl
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the Licence is distributed on an "AS IS" basis,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ *  implied.
+ *  See the Licence for the specific language governing permissions and
+ *  limitations under the Licence.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+
+import java.io.IOException;
+import java.security.Security;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataConfigParams;
+import eu.eidas.auth.engine.metadata.MetadataGenerator;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+
+/**
+ * First version to provide some valid metadata to an asking eIDaS node
+ */
+@WebServlet("/eidas/metadata")
+public class EidasMetaDataServlet extends HttpServlet {
+    private static final long serialVersionUID = -2129228304760706063L;
+    private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataServlet.class); 
+    /**
+     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+     *      response)
+     */
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        try {
+            logger.info("EidasMetaDataServlet GET");
+            
+            String metadata_url = "metadataurl";
+            String sp_return_url = "sp_return_url";
+            String metaData = generateMetadata(metadata_url, sp_return_url);
+
+            response.setContentType("text/html");
+            response.getWriter().print(metaData);
+            response.flushBuffer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        } 
+    }
+
+    public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+        String metadata="invalid metadata";
+        
+		// FIXME workaround!?
+		Security.removeProvider("IAIK");
+		Security.removeProvider("IAIK_ECC");
+
+		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+		IAIK.addAsProvider();
+		ECCProvider.addAsProvider(true);
+        
+        MetadataGenerator generator = new MetadataGenerator();
+        MetadataConfigParams mcp=new MetadataConfigParams();
+        generator.setConfigParams(mcp);
+        generator.initialize(engine);
+        mcp.setEntityID(metadata_url);
+        generator.addSPRole(); // TODO addIDPRole();
+        String returnUrl = sp_return_url;
+        mcp.setAssertionConsumerUrl(returnUrl);
+        metadata = generator.generateMetadata();
+        return metadata;
+    }
+}
-- 
cgit v1.2.3


From f2cb73708f9bf18f0d71a950662e7701e33e0ee5 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Mon, 11 Jan 2016 08:59:01 +0100
Subject: fixing request (in progress)

---
 .../auth/modules/eidas/tasks/GenerateAuthnRequestTask.java  | 13 ++++++++++---
 .../id/auth/modules/eidas/utils/EidasMetaDataServlet.java   | 10 +++++++---
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index c4f7bdae0..8b1dae22e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -35,6 +35,8 @@ import org.apache.velocity.app.VelocityEngine;
 
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EidasLoaCompareType;
+import eu.eidas.auth.commons.EidasLoaLevels;
 import eu.eidas.auth.commons.IPersonalAttributeList;
 import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.commons.PersonalAttributeList;
@@ -99,15 +101,20 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
-			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ServiceProvider";
+			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ColleagueRequest";
 			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
 			String providerName = "sp3fr-moa";
 			authnRequest.setProviderName(providerName);
-			int qaaLevel = 1;
-			authnRequest.setQaa(qaaLevel);
+//			int qaaLevel = 1;
+//			authnRequest.setQaa(qaaLevel); // not needed anymore. furthermore this may make the node think the request at hand is a stork request and we do not want that.
 			authnRequest.setPersonalAttributeList(pAttList);
 			String issuer = "http://localhost:12344/moa-id-auth/eidas/metadata";
 			authnRequest.setIssuer(issuer);
+			authnRequest.setDestination(assertionConsumerURL);
+			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
+			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
+			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
+			authnRequest.setAlias(providerName);
 
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index dd7671765..c8df9ca97 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -51,10 +51,12 @@ public class EidasMetaDataServlet extends HttpServlet {
         try {
             logger.info("EidasMetaDataServlet GET");
             
-            String metadata_url = "metadataurl";
-            String sp_return_url = "sp_return_url";
+            String metadata_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
+            String sp_return_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
             String metaData = generateMetadata(metadata_url, sp_return_url);
 
+            logger.debug(metaData);
+
             response.setContentType("text/html");
             response.getWriter().print(metaData);
             response.flushBuffer();
@@ -80,7 +82,9 @@ public class EidasMetaDataServlet extends HttpServlet {
         generator.setConfigParams(mcp);
         generator.initialize(engine);
         mcp.setEntityID(metadata_url);
-        generator.addSPRole(); // TODO addIDPRole();
+        mcp.setAssertionConsumerUrl(metadata);
+        generator.addSPRole();
+        generator.addIDPRole();
         String returnUrl = sp_return_url;
         mcp.setAssertionConsumerUrl(returnUrl);
         metadata = generator.generateMetadata();
-- 
cgit v1.2.3


From 10d7450deaa812bb26026b4de09df5609bd6545b Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Mon, 11 Jan 2016 09:02:13 +0100
Subject: added more correct config to deploy examples

---
 id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml   |  15 +++++++++++----
 .../deploy/conf/moa-id/keys/eidasKeyStore_METADATA.jks   | Bin 0 -> 3844 bytes
 .../deploy/conf/moa-id/keys/eidasKeyStore_Service_CB.jks | Bin 0 -> 5257 bytes
 3 files changed, 11 insertions(+), 4 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_METADATA.jks
 create mode 100644 id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_Service_CB.jks

diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
index 04edaf41d..745580428 100644
--- a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
@@ -3,10 +3,17 @@
 
 <properties>
 	<comment>SWModule sign with JKS.</comment>
-	<entry key="keystorePath">keys/eidasKeyStore.jks</entry>
+	<entry key="keystorePath">keys/eidasKeyStore_Service_CB.jks</entry>
 	<entry key="keyStorePassword">local-demo</entry>
 	<entry key="keyPassword">local-demo</entry>
-	<entry key="issuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry>
-	<entry key="serialNumber">54c8f779</entry>
+	<entry key="issuer">CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB</entry>
+	<entry key="serialNumber">54C8F839</entry>
 	<entry key="keystoreType">JKS</entry>
-</properties>
\ No newline at end of file
+
+	<entry key="metadata.keystorePath">keys/eidasKeyStore_METADATA.jks</entry>
+	<entry key="metadata.keyStorePassword">local-demo</entry>
+	<entry key="metadata.keyPassword">local-demo</entry>
+	<entry key="metadata.issuer">CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE</entry>
+	<entry key="metadata.serialNumber">561BC0C8</entry>
+	<entry key="metadata.keystoreType">JKS</entry>
+</properties>
diff --git a/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_METADATA.jks b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_METADATA.jks
new file mode 100644
index 000000000..e52051dd8
Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_METADATA.jks differ
diff --git a/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_Service_CB.jks b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_Service_CB.jks
new file mode 100644
index 000000000..9275f9fdd
Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_Service_CB.jks differ
-- 
cgit v1.2.3


From 1df90d0efe126150b5e1cfa245a5ad9280068243 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 09:46:57 +0100
Subject: update eIDAS inbound process managment implementation

---
 id/server/modules/moa-id-module-eIDAS/pom.xml      |  7 ++
 .../moa/id/auth/modules/eidas/Constants.java       |  1 +
 .../id/auth/modules/eidas/eIDASSignalServlet.java  | 44 ++++++++++++-
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 21 +++++-
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 74 +++++++++++++++++++++-
 5 files changed, 141 insertions(+), 6 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index 43ba6bc20..b43efac9e 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -98,6 +98,13 @@
 			</exclusions>
 		</dependency>  
   
+  	<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcprov-jdk15on</artifactId>
+			<version>1.52</version>
+			<!-- <scope>provided</scope> -->
+		</dependency>
+  
   
   </dependencies>
   
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 3f94ca5e5..8e38facbf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -54,4 +54,5 @@ public class Constants {
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
 			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
 	
+	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  //2 minutes skew time for response validation
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 0c31a87a4..556947572 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -22,14 +22,24 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import java.io.ByteArrayInputStream;
+
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathFactory;
 
 import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.util.xml.SimpleNamespaceContext;
+import org.w3c.dom.Document;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 
 /**
  * @author tlenz
@@ -58,9 +68,39 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 	 * 
 	 */
 	public String getMoaSessionId(HttpServletRequest request) {
-		//TODO: implement eIDAs specific session synchronization
+		String sessionId = super.getMoaSessionId(request);
 		
-		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID));
+		try {
+
+			// use SAML2 relayState
+			if (sessionId == null) {
+				sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState"));
+			}
+
+			// take from InResponseTo attribute of SAMLResponse
+			if (sessionId == null) {
+				String base64SamlToken = request.getParameter("SAMLResponse");
+				if (base64SamlToken != null && false) {
+//					byte[] samlToken = Base64Utils.decode(base64SamlToken, false);
+//					Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken));
+//
+//					XPath xPath = XPathFactory.newInstance().newXPath();
+//					SimpleNamespaceContext nsContext = new SimpleNamespaceContext();
+//					nsContext.bindNamespaceUri("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol");
+//					xPath.setNamespaceContext(nsContext);
+//					XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)");
+//					sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING);
+//					sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId));
+				} else {
+					Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
+				}
+			}
+
+		} catch (Exception e) {
+			Logger.warn("Unable to retrieve moa session id.", e);
+		}
+
+		return sessionId;
 	}
 	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 8b1dae22e..9ae61edd9 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -96,19 +96,30 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//TODO: load required attributes from OA configuration
 			PersonalAttribute attr = new PersonalAttribute();
 			attr.setName("eidas/attributes/CurrentFamilyName");
-
 			pAttList.add(attr);
 
+			PersonalAttribute attr1 = new PersonalAttribute();
+			attr1.setName("eidas/attributes/CurrentGivenName");
+			pAttList.add(attr1);
+			
+			PersonalAttribute attr2 = new PersonalAttribute();
+			attr2.setName("eidas/attributes/DateOfBirth");
+			pAttList.add(attr2);
+			
+			PersonalAttribute attr3 = new PersonalAttribute();
+			attr3.setName("eidas/attributes/PersonIdentifier");
+			pAttList.add(attr3);
+			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ColleagueRequest";
-			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
+//			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
 			String providerName = "sp3fr-moa";
 			authnRequest.setProviderName(providerName);
 //			int qaaLevel = 1;
 //			authnRequest.setQaa(qaaLevel); // not needed anymore. furthermore this may make the node think the request at hand is a stork request and we do not want that.
 			authnRequest.setPersonalAttributeList(pAttList);
-			String issuer = "http://localhost:12344/moa-id-auth/eidas/metadata";
+			String issuer = "http://localhost:12343/moa-id-auth/eidas/metadata";
 			authnRequest.setIssuer(issuer);
 			authnRequest.setDestination(assertionConsumerURL);
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
@@ -116,6 +127,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
 			authnRequest.setAlias(providerName);
 
+			authnRequest.setSPType("public");
+			
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
@@ -134,6 +147,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            context.put(actionType, SAMLRequest);
 	            Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
 
+	            context.put("RelayState", moasessionid);
+	            
 	            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
 	            context.put("action", assertionConsumerURL);
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 8fdb40065..e80d62535 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -3,16 +3,88 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
 
-			System.out.println(request.getContentLength());
+		try{
+			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
+			String pendingRequestID = (String) executionContext.get("pendingRequestID");
+
+			//load pending request
+			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+			
+			}
+    	
+			//load MOASession object and OA-configuration
+			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			
+			//get SAML Response and decode it
+			String base64SamlToken = request.getParameter("SAMLResponse");
+			if (MiscUtil.isEmpty(base64SamlToken)) {
+				Logger.warn("No eIDAS SAMLReponse found in http request.");
+				throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null);
+				
+			}						
+			byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);		
+			
+			//get eIDAS SAML-engine
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			
+			//validate SAML token
+			EIDASAuthnResponse samlResp = engine.validateEIDASAuthnResponse(decSamlToken, 
+					request.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME);
+			
+			boolean encryptedResponse=engine.isEncryptedSamlResponse(decSamlToken);
+			if (encryptedResponse) {
+				Logger.info("Received encrypted eIDAS SAML-Response.");
+				//TODO: check if additional decryption operation is required
+				
+			}
+			
+			
+			
+			
+			System.out.println(new String(decSamlToken));
+			
+			
+		}catch (EIDASSAMLEngineException e) {
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("Could not generate token for Saml Request", e));
+			
+		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
+			
+		}	
+		
 	}
 
 }
-- 
cgit v1.2.3


From 74e36f95b4fb49b37b05d5e93c9404f795c964df Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 10:43:11 +0100
Subject: refactor MOASession data-object to store generice information from
 authentication modules

---
 .../moa/id/auth/data/AuthenticationSession.java    | 374 ++++++---------------
 .../AuthenticationSessionStorageConstants.java     |  38 +++
 .../exception/SessionDataStorageException.java     |  45 +++
 .../moa/id/data/AuthenticationData.java            | 122 ++++---
 .../at/gv/egovernment/moa/id/data/IAuthData.java   |   8 +-
 5 files changed, 256 insertions(+), 331 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 59482c4a8..ae3ec9a9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -44,13 +44,15 @@ import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
+import java.util.Map;
 
+import org.apache.commons.collections4.map.HashedMap;
 
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * Session data to be stored between <code>AuthenticationServer</code> API calls.
@@ -215,129 +217,28 @@ public class AuthenticationSession implements Serializable {
 	 * accept. The infobox identifiers are comma separated.
 	 */
 	private String pushInfobox;
-	
-	/**
-	 * The STORK AuthRequest to be sent to the C-PEPS
-	 */
-	private STORKAuthnRequest storkAuthnRequest;
-	
-	private String storkAuthnResponse;
-	
+		
 	// private AuthenticationData authData;
 	
 	// protocol selection
 	private String action;
 	private String modul;
 	
+	private String processInstanceId;
+	
 	private boolean authenticated;
 	private boolean authenticatedUsed = false;
 	
 	private boolean ssoRequested = false;
-	
+		
 	private String QAALevel = null;
-	
-//	private OAuth20SessionObject oAuth20SessionObject;
-	
-	// /**
-	// * Indicates if target from configuration is used or not
-	// */
-	// private boolean useTargetFromConfig;
-	
-	// /**
-	// * Authentication data for the assertion
-	// */
-	// private AuthenticationData assertionAuthData;
-	//
-	// /**
-	// * Persondata for the assertion
-	// */
-	// private String assertionPrPerson;
-	//
-	// /**
-	// * Authblock for the assertion
-	// */
-	// private String assertionAuthBlock;
-	//
-	// /**
-	// * Identitylink assertion for the (MOA) assertion
-	// */
-	// private String assertionIlAssertion;
-	//
-	// /**
-	// * Signer certificate (base64 encoded) for the assertion
-	// */
-	// private String assertionSignerCertificateBase64;
-	//
-	// /**
-	// * bussiness service for the assertion
-	// */
-	// boolean assertionBusinessService;
-	//
-	// /**
-	// * timestamp logging when authentication session has been created
-	// */
-	// private Date timestampStart;
-	// private CreateXMLSignatureResponse XMLCreateSignatureResponse;
-	
+		
 	private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
 	
 	private boolean isForeigner;
-
-	private IPersonalAttributeList storkAttributes;
 	
+	private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>();
 	
-	//Temporary store SignRequest for local processing
-	private String signedDoc;
-	//Temporary store SAMLResponse for processing after user signed signedDoc locally
-	private String SAMLResponse;
-	//
-	private StringBuffer returnURL;
-	private IPersonalAttributeList authnResponseGetPersonalAttributeList;
-	private String authnContextClassRef;
-	// private String requestedProtocolURL = null;
-	
-	private String processInstanceId;
-	
-	public String getAuthnContextClassRef() {
-		return authnContextClassRef;
-	}
-
-	public void setAuthnContextClassRef(String authnContextClassRef) {
-		this.authnContextClassRef = authnContextClassRef;
-	}
-
-	public IPersonalAttributeList getAuthnResponseGetPersonalAttributeList() {
-		return authnResponseGetPersonalAttributeList;
-	}
-
-	public void setAuthnResponseGetPersonalAttributeList(IPersonalAttributeList authnResponseGetPersonalAttributeList) {
-		this.authnResponseGetPersonalAttributeList = authnResponseGetPersonalAttributeList;
-	}
-
-	public String getSAMLResponse() {
-		return SAMLResponse;
-	}
-
-	public void setSAMLResponse(String samlResponse) {
-		SAMLResponse = samlResponse;
-	}
-
-	public StringBuffer getReturnURL() {
-		return returnURL;
-	}
-
-	public void setReturnURL(StringBuffer returnURL) {
-		this.returnURL = returnURL;
-	}
-
-	public String getSignedDoc() {
-		return signedDoc;
-	}
-
-	public void setSignedDoc(String signedDoc) {
-		this.signedDoc = signedDoc;
-	}
-
 	public String getModul() {
 		return modul;
 	}
@@ -353,15 +254,7 @@ public class AuthenticationSession implements Serializable {
 	public void setAction(String action) {
 		this.action = action;
 	}
-	
-	// public AuthenticationData getAuthData() {
-	// return authData;
-	// }
-	//
-	// public void setAuthData(AuthenticationData authData) {
-	// this.authData = authData;
-	// }
-	
+		
 	public boolean isAuthenticatedUsed() {
 		return authenticatedUsed;
 	}
@@ -378,14 +271,6 @@ public class AuthenticationSession implements Serializable {
 		this.authenticated = authenticated;
 	}
 	
-	// public String getRequestedProtocolURL() {
-	// return requestedProtocolURL;
-	// }
-	//
-	// public void setRequestedProtocolURL(String requestedProtocolURL) {
-	// this.requestedProtocolURL = requestedProtocolURL;
-	// }
-	
 	/**
 	 * Constructor for AuthenticationSession.
 	 * 
@@ -395,8 +280,7 @@ public class AuthenticationSession implements Serializable {
 	public AuthenticationSession(String id, Date created) {
 		sessionID = id;
 		sessionCreated = created;
-		// setTimestampStart();
-//		infoboxValidators = new ArrayList();
+		
 	}
 	
 	public X509Certificate getSignerCertificate() {
@@ -760,98 +644,7 @@ public class AuthenticationSession implements Serializable {
 	public void setIssueInstant(String issueInstant) {
 		this.issueInstant = issueInstant;
 	}
-	
-//	/**
-//	 * Returns the iterator to the stored infobox validators.
-//	 * 
-//	 * @return Iterator
-//	 */
-//	public Iterator getInfoboxValidatorIterator() {
-//		if (infoboxValidators == null) return null;
-//		return infoboxValidators.iterator();
-//	}
-	
-	// /**
-	// * Adds an infobox validator class to the stored infobox validators.
-	// *
-	// * @param infoboxIdentifier
-	// * the identifier of the infobox the validator belongs to
-	// * @param infoboxFriendlyName
-	// * the friendly name of the infobox
-	// * @param infoboxValidator
-	// * the infobox validator to add
-	// */
-	// public Iterator addInfoboxValidator(String infoboxIdentifier,
-	// String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
-	// if (infoboxValidators == null)
-	// infoboxValidators = new ArrayList();
-	// Vector v = new Vector(3);
-	// v.add(infoboxIdentifier);
-	// v.add(infoboxFriendlyName);
-	// v.add(infoboxValidator);
-	// infoboxValidators.add(v);
-	// return infoboxValidators.iterator();
-	// }
-	
-//	/**
-//	 * Tests for pending input events of the infobox validators.
-//	 * 
-//	 * @return true if a validator has a form to show
-//	 */
-//	public boolean isValidatorInputPending() {
-//		boolean result = false;
-//		Iterator iter = getInfoboxValidatorIterator();
-//		if (iter != null) {
-//			while (!result && iter.hasNext()) {
-//				Vector infoboxValidatorVector = (Vector) iter.next();
-//				InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
-//				if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
-//			}
-//		}
-//		return result;
-//	}
-	
-	// /**
-	// * Returns the first pending infobox validator.
-	// *
-	// * @return the infobox validator class
-	// */
-	// public InfoboxValidator getFirstPendingValidator() {
-	// Iterator iter = getInfoboxValidatorIterator();
-	// if (iter != null) {
-	// while (iter.hasNext()) {
-	// Vector infoboxValidatorVector = (Vector) iter.next();
-	// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-	// .get(2);
-	// String form = infoboxvalidator.getForm();
-	// if (!ParepUtils.isEmpty(form))
-	// return infoboxvalidator;
-	// }
-	// }
-	// return null;
-	// }
-	
-	// /**
-	// * Returns the input form of the first pending infobox validator input
-	// * processor.
-	// *
-	// * @return the form to show
-	// */
-	// public String getFirstValidatorInputForm() {
-	// Iterator iter = getInfoboxValidatorIterator();
-	// if (iter != null) {
-	// while (iter.hasNext()) {
-	// Vector infoboxValidatorVector = (Vector) iter.next();
-	// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-	// .get(2);
-	// String form = infoboxvalidator.getForm();
-	// if (!ParepUtils.isEmpty(form))
-	// return form;
-	// }
-	// }
-	// return null;
-	// }
-	
+		
 	/**
 	 * Returns domain identifier (the register and number in the register parameter).
 	 * <code>null</code> in the case of not a business service.
@@ -954,26 +747,7 @@ public class AuthenticationSession implements Serializable {
 	public void setMandateReferenceValue(String mandateReferenceValue) {
 		this.mandateReferenceValue = mandateReferenceValue;
 	}
-	
-	/**
-	 * Gets the STORK SAML AuthnRequest
-	 * 
-	 * @return STORK SAML AuthnRequest
-	 */
-	public STORKAuthnRequest getStorkAuthnRequest() {
-		return storkAuthnRequest;
-	}
-	
-	/**
-	 * Sets the STORK SAML AuthnRequest
-	 * 
-	 * @param storkAuthnRequest
-	 *            STORK SAML AuthnRequest
-	 */
-	public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
-		this.storkAuthnRequest = storkAuthnRequest;
-	}
-	
+		
 	public String getCcc() {
 		return ccc;
 	}
@@ -1054,24 +828,8 @@ public class AuthenticationSession implements Serializable {
 	}
 
 	/**
-	 * Memorizes the stork attribute list.
-	 *
-	 * @param personalAttributeList the new stork attributes
-	 */
-	public void setStorkAttributes(IPersonalAttributeList personalAttributeList) {
-		this.storkAttributes = personalAttributeList;
-	}
-	
-	/**
-	 * Recalls the stork attribute list.
-	 *
-	 * @return the stork attributes
-	 */
-	public IPersonalAttributeList getStorkAttributes() {
-		return this.storkAttributes;
-	}
-
-	/**
+	 * eIDAS QAA level
+	 * 
 	 * @return the qAALevel
 	 */
 	public String getQAALevel() {
@@ -1079,26 +837,14 @@ public class AuthenticationSession implements Serializable {
 	}
 
 	/**
+	 * set QAA level in eIDAS form
+	 * 
 	 * @param qAALevel the qAALevel to set
 	 */
 	public void setQAALevel(String qAALevel) {
 		QAALevel = qAALevel;
 	}
 
-	/**
-	 * @return the storkAuthnResponse
-	 */
-	public String getStorkAuthnResponse() {
-		return storkAuthnResponse;
-	}
-
-	/**
-	 * @param storkAuthnResponse the storkAuthnResponse to set
-	 */
-	public void setStorkAuthnResponse(String storkAuthnResponse) {
-		this.storkAuthnResponse = storkAuthnResponse;
-	}
-
 	/**
 	 * @return the sessionCreated
 	 */
@@ -1121,5 +867,89 @@ public class AuthenticationSession implements Serializable {
 	public void setProcessInstanceId(String processInstanceId) {
 		this.processInstanceId = processInstanceId;
 	}
+
+	public Map<String, Object> getGenericSessionDataStorage() {
+		return genericSessionDataStorate;
+	}
+	
+	/**
+	 * Returns a generic session-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the session-data object
+	 * @return The session-data object or null if no data is found with this key
+	 */
+	public Object getGenericDataFromSession(String key) {
+		if (MiscUtil.isNotEmpty(key)) {
+			return genericSessionDataStorate.get(key);
+			
+		} 
+		
+		Logger.warn("Can not load generic session-data with key='null'");
+		return null;
+				
+	}
+	
+	/**
+	 * Returns a generic session-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the session-data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The session-data object or null if no data is found with this key
+	 */
+	public <T> T getGenericDataFromSession(String key, final Class<T> clazz) {
+		if (MiscUtil.isNotEmpty(key)) {
+			Object data =  genericSessionDataStorate.get(key);
+			
+			if (data == null)
+				return null;
+			
+			try {
+				@SuppressWarnings("unchecked")
+				T test = (T) data;
+				return test;
+				
+			} catch (Exception e) {
+				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+				return null;
+				
+			}
+			
+		} 
+		
+		Logger.warn("Can not load generic session-data with key='null'");
+		return null;
+				
+	}
+	
+	/**
+	 * Store a generic data-object to session with a specific identifier
+	 * 
+	 * @param key Identifier for this data-object
+	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+	 */
+	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+		if (MiscUtil.isEmpty(key)) {
+			Logger.warn("Generic session-data can not be stored with a 'null' key");
+			throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null);
+			
+		}
+		
+		if (object != null) {
+			if (!Serializable.class.isInstance(object)) {
+				Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface");
+				throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null);
+				
+			}						
+		}
+		
+		if (genericSessionDataStorate.containsKey(key))
+			Logger.debug("Overwrite generic session-data with key:" + key);
+		else
+			Logger.trace("Add generic session-data with key:" + key + " to session.");
+		
+		genericSessionDataStorate.put(key, object);
+	}
+	
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
new file mode 100644
index 000000000..f67f41dd3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionStorageConstants {
+
+	public static final String PREFIX_STORK = "stork_"; 
+	public static final String PREFIX_eIDAS = "eIDAS_";
+	
+	public static final String STORK_ATTRIBUTELIST = PREFIX_STORK + "attributelist";
+	public static final String STORK_REQUEST = PREFIX_STORK + "request";
+	public static final String STORK_RESPONSE = PREFIX_STORK + "response";
+	public static final String STORK_CCC = PREFIX_STORK + "ccc";
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
new file mode 100644
index 000000000..203be784e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SessionDataStorageException extends MOAIDException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 5743057708136365929L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public SessionDataStorageException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index e2892e70a..a5dfe7524 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -29,13 +29,13 @@ import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
+import java.util.Map;
 
+import org.apache.commons.collections4.map.HashedMap;
 import org.w3c.dom.Element;
 
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -122,9 +122,8 @@ public class AuthenticationData  implements IAuthData, Serializable {
 	  * STORK attributes from response
 	  */
 	  private String ccc = null;
-	  private IPersonalAttributeList storkAttributes = null;
-	  private String storkAuthnResponse;
-	  private STORKAuthnRequest storkRequest = null;
+	  
+	  private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
 	  
 	  private byte[] signerCertificate = null;
 	  	  
@@ -397,23 +396,6 @@ public class AuthenticationData  implements IAuthData, Serializable {
 		this.identityLink = identityLink;
 	}
 
-
-	/**
-	 * @return the storkAttributes
-	 */
-	public IPersonalAttributeList getStorkAttributes() {
-		return storkAttributes;
-	}
-
-
-	/**
-	 * @param storkAttributes the storkAttributes to set
-	 */
-	public void setStorkAttributes(IPersonalAttributeList storkAttributes) {
-		this.storkAttributes = storkAttributes;
-	}
-
-
 	/**
 	 * @return the signerCertificate
 	 */
@@ -538,35 +520,6 @@ public class AuthenticationData  implements IAuthData, Serializable {
 		this.ssoSession = ssoSession;
 	}
 
-	/**
-	 * @param storkRequest the storkRequest to set
-	 */
-	public void setStorkRequest(STORKAuthnRequest storkRequest) {
-		this.storkRequest = storkRequest;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnRequest()
-	 */
-	@Override
-	public STORKAuthnRequest getStorkAuthnRequest() {
-		return this.storkRequest;
-	}
-
-	/**
-	 * @return the storkAuthnResponse
-	 */
-	public String getStorkAuthnResponse() {
-		return storkAuthnResponse;
-	}
-
-	/**
-	 * @param storkAuthnResponse the storkAuthnResponse to set
-	 */
-	public void setStorkAuthnResponse(String storkAuthnResponse) {
-		this.storkAuthnResponse = storkAuthnResponse;
-	}
-
 	/**
 	 * @return the mandateReferenceValue
 	 */
@@ -743,5 +696,68 @@ public class AuthenticationData  implements IAuthData, Serializable {
 	public void setIsBusinessService(boolean flag) {
 		this.businessService = flag;
 		
-	}	
+	}
+	
+	/**
+	 * Returns a generic data-object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The data object or null if no data is found with this key
+	 */
+	public <T> T getGenericData(String key, final Class<T> clazz) {
+		if (MiscUtil.isNotEmpty(key)) {
+			Object data = genericDataStorate.get(key);			
+			
+			if (data == null)
+				return null;
+			
+			try {
+				@SuppressWarnings("unchecked")
+				T test = (T) data;
+				return test;
+				
+			} catch (Exception e) {
+				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+				return null;
+				
+			}
+			
+		} 
+		
+		Logger.warn("Can not load generic session-data with key='null'");
+		return null;
+				
+	}
+	
+	/**
+	 * Store a generic data-object to session with a specific identifier
+	 * 
+	 * @param key Identifier for this data-object
+	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+	 */
+	public void setGenericData(String key, Object object) throws SessionDataStorageException {
+		if (MiscUtil.isEmpty(key)) {
+			Logger.warn("Generic session-data can not be stored with a 'null' key");
+			throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
+			
+		}
+		
+		if (object != null) {
+			if (!Serializable.class.isInstance(object)) {
+				Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
+				throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
+				
+			}						
+		}
+		
+		if (genericDataStorate.containsKey(key))
+			Logger.debug("Overwrite generic data with key:" + key);
+		else
+			Logger.trace("Add generic data with key:" + key + " to session.");
+		
+		genericDataStorate.put(key, object);
+	}
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index 09b0d7971..915242787 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -27,9 +27,6 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 
 /**
@@ -89,8 +86,7 @@ public interface IAuthData {
 	 
 	 boolean isForeigner();
 	 String getCcc();
-	 STORKAuthnRequest getStorkAuthnRequest();
-	 String getStorkAuthnResponse();
-	 IPersonalAttributeList getStorkAttributes();
+	 
+	 public <T> T getGenericData(String key, final Class<T> clazz);
 	 	 
 }
-- 
cgit v1.2.3


From 68017565392861db4958716971d5be38faf5fff6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 10:44:13 +0100
Subject: refactore STORK authentication module to use generic MOASession
 data-storage

---
 .../id/auth/builder/AuthenticationDataBuilder.java | 55 ++++++++++++++++------
 .../builder/attributes/EIDSTORKTOKEN.java          |  4 +-
 .../pvp2x/utils/AssertionAttributeExtractor.java   | 17 +++----
 .../moa/id/protocols/saml1/GetArtifactAction.java  | 10 +++-
 .../AbstractPepsConnectorWithLocalSigningTask.java |  5 +-
 .../tasks/CreateStorkAuthRequestFormTask.java      |  7 ++-
 .../PepsConnectorHandleLocalSignResponseTask.java  | 14 ++++--
 ...onnectorHandleResponseWithoutSignatureTask.java | 33 ++++++++-----
 .../modules/stork/tasks/PepsConnectorTask.java     | 19 +++++---
 .../builder/attributes/STORKAttributHelper.java    |  8 ++--
 .../id/protocols/stork2/MOAAttributeProvider.java  | 13 +++--
 11 files changed, 126 insertions(+), 59 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 998fa495f..b79b99a65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -32,7 +32,9 @@ import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.Iterator;
 import java.util.List;
+import java.util.Map.Entry;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -62,6 +64,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameTy
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
@@ -69,6 +72,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -788,16 +792,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	
 		//set STORK attributes
 		if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {				
-			authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));				
-			authData.setForeigner(true);
+			try {
+				authData.setGenericData(AuthenticationSessionStorageConstants.STORK_RESPONSE, 
+						extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
+				authData.setForeigner(true);
+				
+			} catch (SessionDataStorageException e) {
+				Logger.warn("STORK Response can not stored into generic authData.", e);
+				
+			}				
 			
-		}
-	
-		if (!extractor.getSTORKAttributes().isEmpty()) {
-			authData.setStorkAttributes(extractor.getSTORKAttributes());
-			authData.setForeigner(true);
 			
 		}
+	
+//		if (!extractor.getSTORKAttributes().isEmpty()) {
+//			authData.setStorkAttributes(extractor.getSTORKAttributes());
+//			authData.setForeigner(true);
+//			
+//		}
 				
 		authData.setSsoSession(true);
 		authData.setInterfederatedSSOSession(true);
@@ -887,10 +899,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 		authData.setBkuURL(session.getBkuURL());
 		
-		authData.setStorkAttributes(session.getStorkAttributes());
-		authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
-		authData.setStorkRequest(session.getStorkAuthnRequest());
-		
+		//copy all generic authentication information to authData
+		if (session.getGenericSessionDataStorage() != null &&  
+				!session.getGenericSessionDataStorage().isEmpty()) {
+			Iterator<Entry<String, Object>> copyInterator = session.getGenericSessionDataStorage().entrySet().iterator();
+			while (copyInterator.hasNext()) {
+				Entry<String, Object> element = copyInterator.next();
+				try {
+					authData.setGenericData(element.getKey(), element.getValue());
+					
+				} catch (SessionDataStorageException e) {
+					Logger.warn("Can not add generic authData with key:" + element.getKey(), e);
+					
+				}				
+			}									
+		}
+								
 		authData.setSignerCertificate(session.getEncodedSignerCertificate());
 		authData.setAuthBlock(session.getAuthBlock());
 		
@@ -921,9 +945,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			}
 			
 			if (MiscUtil.isEmpty(authData.getCcc())) {
-				if (authData.getStorkAuthnRequest() != null) {
-					authData.setCcc(authData.getStorkAuthnRequest().getCitizenCountryCode());
-					Logger.info("Can not extract country from certificate -> Use country from STORK request.");
+				String storkCCC = authData.getGenericData(
+						AuthenticationSessionStorageConstants.STORK_CCC, String.class);
+				
+				if (MiscUtil.isNotEmpty(storkCCC)) {
+					authData.setCcc(storkCCC);
+					Logger.info("Can not extract country from certificate -> Use country:" + storkCCC + " from STORK request.");
 					
 				}
 								
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
index 84b791708..43a0458cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -47,7 +48,8 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder  {
 			throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
 			
 		} else {
-			String storkResponse = authData.getStorkAuthnResponse();
+			String storkResponse = authData.getGenericData(
+					AuthenticationSessionStorageConstants.STORK_RESPONSE, String.class);
 						
 			if ( MiscUtil.isEmpty(storkResponse) ) {
 				throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 26b3bfbd1..9c294245f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -38,9 +38,6 @@ import org.opensaml.saml2.core.StatusResponseType;
 import org.opensaml.saml2.core.Subject;
 import org.opensaml.xml.XMLObject;
 
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.logging.Logger;
@@ -50,7 +47,7 @@ public class AssertionAttributeExtractor {
 	
 	private Assertion assertion = null;
 	private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
-	private PersonalAttributeList storkAttributes = new PersonalAttributeList();
+	//private PersonalAttributeList storkAttributes = new PersonalAttributeList();
 		
 	private final List<String> minimalAttributeNameList = Arrays.asList(
 			PVPConstants.PRINCIPAL_NAME_NAME, 
@@ -77,9 +74,9 @@ public class AssertionAttributeExtractor {
 						for (XMLObject el : attr.getAttributeValues())
 							storkAttrValues.add(el.getDOM().getTextContent());
 						
-						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
-								false, storkAttrValues , "Available");
-						storkAttributes.put(attr.getName(), storkAttr );
+//						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
+//								false, storkAttrValues , "Available");
+//						storkAttributes.put(attr.getName(), storkAttr );
 						
 					} else {
 						List<String> attrList = new ArrayList<String>();
@@ -155,9 +152,9 @@ public class AssertionAttributeExtractor {
 		
 	}
 	
-	public PersonalAttributeList getSTORKAttributes() {
-		return storkAttributes;
-	}
+//	public PersonalAttributeList getSTORKAttributes() {
+//		return storkAttributes;
+//	}
 	
 	
 	public String getNameID() throws AssertionAttributeExtractorExeption {		
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b94348856..5bdf51e7d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,7 +27,10 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -71,8 +74,11 @@ public class GetArtifactAction implements IAction {
 			SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
 						
 			// add other stork attributes to MOA assertion if available
-			if(null != authData.getStorkAttributes()) {
-				List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(authData.getStorkAttributes());
+			IPersonalAttributeList storkAttributes = authData.getGenericData(
+					AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+					IPersonalAttributeList.class);
+			if(null != storkAttributes) {
+				List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(storkAttributes);
 				authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
 				Logger.info("MOA assertion assembled and SAML Artifact generated.");
 			}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
index 939390847..ee4961d5e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
@@ -21,6 +21,7 @@ import org.apache.commons.io.IOUtils;
 import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BKUException;
@@ -113,7 +114,9 @@ public abstract class AbstractPepsConnectorWithLocalSigningTask extends Abstract
 		moaSession.setIdentityLink(identityLink);
 
 		Logger.debug("Adding addtional STORK attributes to MOA session");
-		moaSession.setStorkAttributes(personalAttributeList);
+		moaSession.setGenericDataToSession(
+				AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+				personalAttributeList);
 
 		// We don't have BKUURL, setting from null to "Not applicable"
 		moaSession.setBkuURL("Not applicable (STORK Authentication)");
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index ef61739f8..901762f17 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -46,6 +46,7 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException;
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -264,7 +265,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 			//attributeList.add(newAttribute);
 
 			//store SignRequest for later...
-			moasession.setSignedDoc(signedDoc);
+			moasession.setGenericDataToSession("STORK_signDoc", signedDoc);
 
 			acsURL = issuerValue + AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;
 			// TODO[branch]: STORK AuthReq acsURL "/PEPSConnectorWithLocalSigning"
@@ -339,7 +340,9 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 		Logger.debug("STORK AuthnRequest successfully internally validated.");
 
 		//send
-		moasession.setStorkAuthnRequest(authnRequest);
+		moasession.setGenericDataToSession(
+				AuthenticationSessionStorageConstants.STORK_REQUEST, 
+				authnRequest);
 
 		// do PEPS-conform logging for easier evaluation
 		try {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
index 7b9fa3f12..f872241ae 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -142,7 +143,10 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 			moaSession.setXMLVerifySignatureResponse(tmp);
 			executionContext.put("identityLinkAvailable", false);
 			try {
-				IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
+				IPersonalAttributeList personalAttributeList = 
+						moaSession.getGenericDataFromSession(
+								AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+								IPersonalAttributeList.class);
 				// Add SignResponse TODO Add signature (extracted from signResponse)?
 				List<String> values = new ArrayList<String>();
 				values.add(signResponseString);
@@ -151,7 +155,8 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 				PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available");
 				personalAttributeList.add(signedDocAttribute);
 
-				String authnContextClassRef = moaSession.getAuthnContextClassRef();
+				String authnContextClassRef = moaSession.getGenericDataFromSession(
+						"STORK_authContextClass", String.class);
 				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
 				executionContext.put("identityLinkAvailable", true);
 			} catch (STORKException e) {
@@ -187,8 +192,9 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 			}
 
 			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
-																					// authnResponse?
+			moaSession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.STORK_RESPONSE, 
+					request.getParameter("SAMLResponse"));
 			
 			MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED);
 			
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 304e5f495..8240f6d00 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -2,18 +2,15 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
 
 import iaik.x509.X509Certificate;
 
-import java.io.IOException;
 import java.io.StringWriter;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.Source;
 import javax.xml.transform.stream.StreamSource;
 
-import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.velocity.Template;
@@ -24,6 +21,7 @@ import org.opensaml.saml2.core.StatusCode;
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -204,7 +202,10 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 
 			Logger.debug("MOA session is still valid");
 
-			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+			STORKAuthnRequest storkAuthnRequest = 
+					moaSession.getGenericDataFromSession(
+							AuthenticationSessionStorageConstants.STORK_REQUEST, 
+							STORKAuthnRequest.class);
 
 			if (storkAuthnRequest == null) {
 				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
@@ -263,11 +264,15 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 				} else {
 
 					// store SAMLResponse
-					moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));
+					moaSession.setGenericDataToSession(
+							AuthenticationSessionStorageConstants.STORK_RESPONSE, 
+							request.getParameter("SAMLResponse"));
 					// store authnResponse
 
 					// moaSession.setAuthnResponse(authnResponse);//not serializable
-					moaSession.setAuthnResponseGetPersonalAttributeList(attributeList);
+					moaSession.setGenericDataToSession(
+							AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+							attributeList);
 
 					String authnContextClassRef = null;
 					try {
@@ -277,12 +282,12 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 						Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
 					}
 
-					moaSession.setAuthnContextClassRef(authnContextClassRef);
-					moaSession.setReturnURL(request.getRequestURL());
+					moaSession.setGenericDataToSession("STORK_authContextClass", authnContextClassRef);
+					moaSession.setGenericDataToSession("STORK_returnURL", request.getRequestURL());
 
 					// load signedDoc
-					String signRequest = moaSession.getSignedDoc();
-
+					String signRequest = moaSession.getGenericDataFromSession("STORK_signDoc", String.class);
+					
 					// session is implicit stored in changeSessionID!!!!
 					String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
 
@@ -380,9 +385,11 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 			}
 
 			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
-																					// authnResponse?
-
+			moaSession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.STORK_RESPONSE, 
+					request.getParameter("SAMLResponse"));
+			
+			
 			// session is implicit stored in changeSessionID!!!!
 			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
 
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index b505605ab..8322d1a02 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
 
 import iaik.x509.X509Certificate;
 
-import java.io.IOException;
 import java.io.InputStream;
 import java.io.StringWriter;
 import java.net.URL;
@@ -11,7 +10,6 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
-import java.util.Properties;
 
 import javax.activation.DataSource;
 import javax.servlet.http.HttpServletRequest;
@@ -39,6 +37,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -243,7 +242,10 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 
 			Logger.debug("MOA session is still valid");
 
-			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+			STORKAuthnRequest storkAuthnRequest = 
+					moaSession.getGenericDataFromSession(
+							AuthenticationSessionStorageConstants.STORK_REQUEST, 
+							STORKAuthnRequest.class);
 
 			if (storkAuthnRequest == null) {
 				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
@@ -575,10 +577,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 			moaSession.setIdentityLink(identityLink);
 
 			Logger.debug("Adding addtional STORK attributes to MOA session");
-			moaSession.setStorkAttributes(attributeList);
-
+			moaSession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+					attributeList);
+			
 			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
+			moaSession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.STORK_RESPONSE, 
+					request.getParameter("SAMLResponse"));
+
 
 			// We don't have BKUURL, setting from null to "Not applicable"
 			moaSession.setBkuURL("Not applicable (STORK Authentication)");
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
index 9a0598cf6..fb9172f6e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
@@ -24,8 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import eu.stork.peps.auth.commons.IPersonalAttributeList;
 import eu.stork.peps.auth.commons.PersonalAttribute;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
@@ -43,7 +42,10 @@ public class STORKAttributHelper {
 			throw new UnavailableAttributeException(attributName);
 			
 		} else {
-			IPersonalAttributeList storkAttributes = authSession.getStorkAttributes();
+			IPersonalAttributeList storkAttributes = 
+					authSession.getGenericData(
+							AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+							IPersonalAttributeList.class);
 			
 			if ( storkAttributes == null ) {
 				throw new UnavailableAttributeException(attributName);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 2c7e5b539..f9f38e2d5 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -30,6 +31,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
 import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.commons.PersonalAttributeList;
 import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
@@ -83,12 +85,17 @@ public class MOAAttributeProvider {
 
     public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
         String storkAttribute = requestedAttribute.getName();
-
+        
+        IPersonalAttributeList storkAttributes = 
+        		authData.getGenericData(
+						AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+						IPersonalAttributeList.class);
+        
         // TODO: check if authData gets populated with stork attributtes during previous steps; it seems it is not
-        if (null != authData && null != authData.getStorkAttributes() && authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
+        if (null != authData && null != storkAttributes && storkAttributes.containsKey(requestedAttribute.getName())) {
             Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
             try {
-                PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
+                PersonalAttribute tmp = storkAttributes.get(requestedAttribute.getName());
                 attributeList.add((PersonalAttribute) tmp.clone());
             } catch(Exception e) {
                 Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);
-- 
cgit v1.2.3


From 05e959fac7cca57540a768afb81fb06c3a0ae121 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 10:44:45 +0100
Subject: remove STORK authentication module from build process

---
 id/server/auth/pom.xml        | 4 ++--
 id/server/idserverlib/pom.xml | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index ed809aee9..3a84ca37d 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -147,10 +147,10 @@
         </dependency> -->
         
  <!--         Adding stork module dependency automatically adds stork capabilities.  -->
-		<dependency>
+<!-- 		<dependency>
 			<groupId>MOA.id.server.modules</groupId>
 			<artifactId>moa-id-module-stork</artifactId>
-		</dependency>
+		</dependency> -->
 		
 		<!-- Adding monitoring module dependency automatically adds monitoring capabilities. -->
 		<dependency>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index ee697926b..3aa5d9869 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -33,7 +33,7 @@
 			<version>6.1.1</version>
 			<scope>test</scope>
 		</dependency>
-	<dependency>
+<!-- 	<dependency>
 		<groupId>eu.stork</groupId>
 		<artifactId>oasis-dss-api</artifactId>
 		<version>1.0.0-RELEASE</version>
@@ -43,7 +43,7 @@
 				<artifactId>commons-io</artifactId>
 			</exclusion>
 		</exclusions>
-	</dependency>
+	</dependency> -->
     
     <dependency>
     	<groupId>at.gv.egiz.components</groupId>
@@ -90,11 +90,11 @@
             <artifactId>Commons</artifactId>
             <version>1.4.0</version>
         </dependency> -->
-        <dependency>
+<!--         <dependency>
             <groupId>eu.stork</groupId>
             <artifactId>SamlEngine</artifactId>
             <version>1.5.1</version>
-        </dependency>
+        </dependency> -->
 
 		<dependency>
 			<groupId>MOA</groupId>
-- 
cgit v1.2.3


From 31d5edb552ba03ce474f050bf2e69316af1ee623 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:34:46 +0100
Subject: use general config eidas (in progress)

---
 .../java/at/gv/egovernment/moa/logging/Logger.java | 22 +++++++++
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 54 ++++++++++++++--------
 2 files changed, 56 insertions(+), 20 deletions(-)

diff --git a/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java b/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java
index 7cb2e7daf..3730b36ce 100644
--- a/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java
+++ b/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java
@@ -167,6 +167,17 @@ public class Logger {
 		logger.info(prepareMessage(message));
   }
   
+  /**
+   * Info.
+   *
+   * @param string the string
+   * @param args the objects
+   */
+  public static void info(String message, Object[] args) {
+		org.slf4j.Logger logger = getLogger();
+		logger.info(prepareMessage(message), args);
+	}
+  
   /**
    * Log a warning message.
    * 
@@ -209,6 +220,17 @@ public class Logger {
 		logger.error(prepareMessage(message), t);
   }
   
+  /**
+   * Log an error message with additional information.
+   *
+   * @param message The message to log.
+   * @param variables The values to substitute {} of the logmessage with.
+   */
+  public static void error(Object message, Object[] variables) {
+		org.slf4j.Logger logger = getLogger();
+	  logger.error(prepareMessage(message), variables);
+  }
+  
   /**
    * Log a fatal error message.
    * 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 9ae61edd9..9b289a435 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -24,11 +24,11 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.IOException;
 import java.io.StringWriter;
-import java.security.Security;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
@@ -41,16 +41,21 @@ import eu.eidas.auth.commons.IPersonalAttributeList;
 import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.commons.PersonalAttributeList;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -79,19 +84,36 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//load pending request
 			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
 			if (pendingReq == null) {
-				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				Logger.info("No PendingRequest with Id: '{}' Maybe, a transaction timeout occure.", new Object[] {pendingRequestID});
 				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
 			
 			}
-    	
-			//load MOASession object and OA-configuration
+
+			//load MOASession object, configuration and OA-configuration
 			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
 
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			// get target country
+			String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
+
+			if (StringUtils.isEmpty(citizenCountryCode)) {
+				// illegal state; task should not have been executed without a selected country
+				throw new AuthenticationException("stork.22", new Object[] { moasessionid });
+			}
+
+			CPEPS cpeps = moaconfig.getStorkConfig().getCPEPS(citizenCountryCode);
+			if(null == cpeps) {
+				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
+				throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
+			}
+			Logger.debug("Found C-PEPS configuration for citizen of country: " + citizenCountryCode);
+			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
-			
+
 			//create template requested attribute
 			//TODO: load required attributes from OA configuration
 			PersonalAttribute attr = new PersonalAttribute();
@@ -112,23 +134,15 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
-			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ColleagueRequest";
-//			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
-			String providerName = "sp3fr-moa";
-			authnRequest.setProviderName(providerName);
-//			int qaaLevel = 1;
-//			authnRequest.setQaa(qaaLevel); // not needed anymore. furthermore this may make the node think the request at hand is a stork request and we do not want that.
+			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
 			authnRequest.setPersonalAttributeList(pAttList);
-			String issuer = "http://localhost:12343/moa-id-auth/eidas/metadata";
-			authnRequest.setIssuer(issuer);
-			authnRequest.setDestination(assertionConsumerURL);
+			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
+			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
 			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
 			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
-			authnRequest.setAlias(providerName);
+			authnRequest.setSPType(SPType.DEFAULT_VALUE);
 
-			authnRequest.setSPType("public");
-			
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
@@ -149,8 +163,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 	            context.put("RelayState", moasessionid);
 	            
-	            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
-	            context.put("action", assertionConsumerURL);
+	            Logger.debug("Using assertion consumer url as action: " + destination);
+	            context.put("action", destination);
 
 	            Logger.debug("Starting template merge");
 	            StringWriter writer = new StringWriter();
-- 
cgit v1.2.3


From 1092129203ea1f5c17ae8a10ec43f7907140759c Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:35:50 +0100
Subject: fixed bug of missing citizen country code for stork module

---
 .../id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index ef61739f8..e19947313 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -41,9 +41,10 @@ import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.commons.PersonalAttributeList;
 import eu.stork.peps.auth.commons.STORKAuthnRequest;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -126,6 +127,9 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 			AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID);			
 			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
 			
+			// bugfix: the new task system fails to initialize the CCC - set it here
+			moasession.setCcc((String) executionContext.get(MOAIDAuthConstants.PARAM_CCC));
+
 			if (StringUtils.isEmpty(moasession.getCcc())) {
 				// illegal state; task should not have been executed without a selected country
 				throw new AuthenticationException("stork.22", new Object[] { sessionID });
-- 
cgit v1.2.3


From 29f01a4975f637c26fbcd0b43a9c844d7d3d2e54 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:57:30 +0100
Subject: fetch requested attributes from configuration

---
 .../validation/moaconfig/StorkConfigValidator.java |  5 +--
 .../task/impl/GeneralSTORKConfigurationTask.java   |  3 +-
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 42 ++++++++++++----------
 3 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index b69d37d57..b73859d81 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -90,12 +90,13 @@ public class StorkConfigValidator {
 		// check attributes
 		if (MiscUtil.isNotEmpty(form.getAttributes())) {
 			for(StorkAttribute check : form.getAttributes()) {
-				if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) {
+				String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
+				if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { 
 					log.warn("default attributes contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
 							new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
 				}
-				if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) {
+				if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
 						log.warn("default attributes do not match the requested format : " + check);
 						errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
 								new Object[] {check}, request ));
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index c6086583a..1747e2207 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -210,6 +210,7 @@ public static final List<String> KEYWHITELIST;
 			for(String key : attributeList.keySet()) {
 				if (key.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME)) {
 					String value = attributeList.get(key);
+					value = value.replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
 					if (!validatedAttributes.contains(value)) {
 						if (ValidationHelper.containsPotentialCSSCharacter(value, true)) {
 							log.warn("default attributes contains potentail XSS characters: " + value);
@@ -219,7 +220,7 @@ public static final List<String> KEYWHITELIST;
 									LanguageHelper.getErrorString("validation.stork.requestedattributes",
 											new Object[] {ValidationHelper.getPotentialCSSCharacter(true)})));
 						}
-						if(!value.toLowerCase().matches("^[a-z0-9]*$")) {
+						if(!value.toLowerCase().matches("^[A-Za-z]*$")) {
 							log.warn("default attributes do not match the requested format : " + value);
 							errors.add(new ValidationObjectIdentifier(
 									MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 9b289a435..57588287d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -24,10 +24,12 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.IOException;
 import java.io.StringWriter;
+import java.util.Collection;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -111,27 +114,30 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			// assemble requested attributes
+			Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
+
+			// - prepare attribute list
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
 
-			//create template requested attribute
-			//TODO: load required attributes from OA configuration
-			PersonalAttribute attr = new PersonalAttribute();
-			attr.setName("eidas/attributes/CurrentFamilyName");
-			pAttList.add(attr);
+			// - fill container
+			for (StorkAttribute current : attributesFromConfig) {
+				PersonalAttribute newAttribute = new PersonalAttribute();
+				newAttribute.setName(current.getName());
+
+				boolean globallyMandatory = false;
+				for (StorkAttribute currentGlobalAttribute : moaconfig.getStorkConfig().getStorkAttributes())
+					if (current.getName().equals(currentGlobalAttribute.getName())) {
+						globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+						break;
+					}
+
+				newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
+				pAttList.add(newAttribute);
+			}
+
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 
-			PersonalAttribute attr1 = new PersonalAttribute();
-			attr1.setName("eidas/attributes/CurrentGivenName");
-			pAttList.add(attr1);
-			
-			PersonalAttribute attr2 = new PersonalAttribute();
-			attr2.setName("eidas/attributes/DateOfBirth");
-			pAttList.add(attr2);
-			
-			PersonalAttribute attr3 = new PersonalAttribute();
-			attr3.setName("eidas/attributes/PersonIdentifier");
-			pAttList.add(attr3);
-			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
-- 
cgit v1.2.3


From 2683e6eee3b6f820fe5fa4ef1b76a94cdfcd846d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 08:48:15 +0100
Subject: add STORK-QAA <--> eIdAS-QAA level mapper

---
 .../moa/id/data/AuthenticationData.java            | 50 ++++++++++++++++++++--
 .../at/gv/egovernment/moa/id/data/IAuthData.java   |  1 +
 .../moa/id/protocols/pvp2x/PVPConstants.java       |  5 +++
 .../egovernment/moa/id/util/PVPtoSTORKMapper.java  | 48 ++++++++++++++++++++-
 .../properties/pvp-stork_mapping.properties        | 20 +++++++--
 5 files changed, 116 insertions(+), 8 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index a5dfe7524..53be0881b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -36,6 +36,9 @@ import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -477,9 +480,47 @@ public class AuthenticationData  implements IAuthData, Serializable {
 	 * @return
 	 */
 	public String getQAALevel() {
-		return this.QAALevel;
+		if (this.QAALevel != null && 
+				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
+			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			if (MiscUtil.isNotEmpty(mappedQAA))
+				return mappedQAA;
+			
+			else {
+				Logger.error("eIDAS QAA-level:" + this.QAALevel 
+						+ " can not be mapped to STORK QAA-level! Use "
+						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
+				return PVPConstants.STORK_QAA_1_1;
+				
+			}
+			
+			
+		} else
+			return this.QAALevel;
 	}
 
+	
+	public String getEIDASQAALevel() {
+		if (this.QAALevel != null && 
+				this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+			String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
+			if (MiscUtil.isNotEmpty(mappedQAA))
+				return mappedQAA;
+			
+			else {
+				Logger.error("STORK QAA-level:" + this.QAALevel 
+						+ " can not be mapped to eIDAS QAA-level! Use "
+						+ PVPConstants.EIDAS_QAA_LOW + " as default value.");
+				return PVPConstants.EIDAS_QAA_LOW;
+				
+			}
+			
+			
+		} else
+			return this.QAALevel;
+		
+	}
+	
 
 	/**
 	 * @return
@@ -498,13 +539,16 @@ public class AuthenticationData  implements IAuthData, Serializable {
 
 
 	/**
+	 * Store QAA level in eIDAS format to authentication Data
+	 * 
 	 * @param qAALevel the qAALevel to set
+	 * @throws AssertionAttributeExtractorExeption 
 	 */
 	public void setQAALevel(String qAALevel) {
-		QAALevel = qAALevel;
+			QAALevel = qAALevel;
+			
 	}
 
-
 	/**
 	 * @return the ssoSession
 	 */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index 915242787..91d40fcc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -79,6 +79,7 @@ public interface IAuthData {
 	 String getMandateReferenceValue();
 
 	 String getQAALevel();
+	 public String getEIDASQAALevel();
 	 
 	 String getSessionIndex();
 	 String getNameID(); 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 168f2362a..dc0cab8c3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -41,6 +41,11 @@ public interface PVPConstants {
 	public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
 	public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
 	
+	public static final String EIDAS_QAA_PREFIX = "http://eidas.europa.eu/LoA/";
+	public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low";
+	public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial";
+	public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high";
+	
 	public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
 	
 	public static final String URN_OID_PREFIX = "urn:oid:";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index 5ef9494f4..d0da0003f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -37,10 +37,14 @@ public class PVPtoSTORKMapper {
 
 	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
 	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
+	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
 	
 	private static final String MAPPING_RESOURCE = 
 			"resources/properties/pvp-stork_mapping.properties";
 	
+	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
+	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
+	
 	private Properties mapping = null;
 	
 	private static PVPtoSTORKMapper instance = null;
@@ -68,6 +72,47 @@ public class PVPtoSTORKMapper {
 		
 	}
 
+	/**
+	 * Map STORK QAA level to eIDAS QAA level
+	 * 
+	 * @param storkQAA STORK QAA level
+	 * @return
+	 */
+	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
+		if (mapping != null) {
+			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
+		return null;
+		
+	}
+	
+	/**
+	 * Map eIDAS QAA-level to STORK QAA-level
+	 * 
+	 * @param qaaLevel eIDAS QAA-level
+	 * @return STORK QAA-level
+	 */
+	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
+		if (mapping != null) {
+			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
+		return null;
+	}
+	
 	/**Map a STORK QAA level to PVP SecClass
 	 * 
 	 * @param STORK-QAA level
@@ -76,7 +121,7 @@ public class PVPtoSTORKMapper {
 	public String mapToSecClass(String storkQAALevel) {
 		if (mapping != null) {
 			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(input);
+			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
 			if (MiscUtil.isNotEmpty(mappedQAA)) {
 				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
 				return mappedQAA;
@@ -125,4 +170,5 @@ public class PVPtoSTORKMapper {
 		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
 		return null;
 	}
+
 }
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
index ca12fada4..63a679db5 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -25,7 +25,19 @@ secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/4
 secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4
 
 ##STORK-QAA to PVP SecClass mapping
-citizenQAALevel/1=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0
-citizenQAALevel/2=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-1
-citizenQAALevel/3=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
-citizenQAALevel/4=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
\ No newline at end of file
+secclass_citizenQAALevel/1=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0
+secclass_citizenQAALevel/2=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-1
+secclass_citizenQAALevel/3=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
+secclass_citizenQAALevel/4=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
+
+
+##STORK-QAA to eIDAS-QAA mapping
+eidas_citizenQAALevel/1=http://eidas.europa.eu/LoA/low
+eidas_citizenQAALevel/2=http://eidas.europa.eu/LoA/low
+eidas_citizenQAALevel/3=http://eidas.europa.eu/LoA/substantial
+eidas_citizenQAALevel/4=http://eidas.europa.eu/LoA/high
+
+##eIDAS-QAA to STORK-QAA mapping
+LoA/low=http://www.stork.gov.eu/1.0/citizenQAALevel/1
+LoA/substantial=http://www.stork.gov.eu/1.0/citizenQAALevel/2
+LoA/high=http://www.stork.gov.eu/1.0/citizenQAALevel/4
\ No newline at end of file
-- 
cgit v1.2.3


From 22820de6b6fa074be1d9990766fa631a6f7f5818 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 08:57:23 +0100
Subject: add test IDL generation

---
 .../AuthenticationSessionStorageConstants.java     |   4 +
 .../moa/id/auth/modules/eidas/Constants.java       |   6 +
 .../eidas/exceptions/eIDASAttributeException.java  |  38 +++
 .../eidas/tasks/CreateIdentityLinkTask.java        | 185 +++++++++++
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  33 +-
 .../eidas/utils/MOAOrderedAttributeIterator.java   |  66 ++++
 .../eidas/utils/MOAPersonalAttributeList.java      | 343 +++++++++++++++++++++
 .../modules/eidas/eIDAS.Authentication.process.xml |  15 +-
 .../resources/xmldata/fakeIdL_IdL_template.xml     |  51 +++
 9 files changed, 725 insertions(+), 16 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
index f67f41dd3..648dcf6f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
@@ -35,4 +35,8 @@ public class AuthenticationSessionStorageConstants {
 	public static final String STORK_REQUEST = PREFIX_STORK + "request";
 	public static final String STORK_RESPONSE = PREFIX_STORK + "response";
 	public static final String STORK_CCC = PREFIX_STORK + "ccc";
+	
+	public static final String eIDAS_ATTRIBUTELIST = PREFIX_eIDAS + "attributeList";
+	public static final String eIDAS_RESPONSE = PREFIX_eIDAS + "response";
 }
+
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 8e38facbf..9f347b4ee 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -55,4 +55,10 @@ public class Constants {
 			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
 	
 	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  //2 minutes skew time for response validation
+	
+	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
+	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
+	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
+	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
new file mode 100644
index 000000000..7840ae2e6
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAttributeException extends Exception {
+
+	private static final long serialVersionUID = 1L;
+	
+	public eIDASAttributeException(String message) {
+		super(message);
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
new file mode 100644
index 000000000..f4d6c4ad4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
+
+import eu.eidas.auth.commons.IPersonalAttributeList;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class CreateIdentityLinkTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try{
+			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
+			String pendingRequestID = (String) executionContext.get("pendingRequestID");
+
+			//load pending request
+			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+			
+			}
+    	
+			//load MOASession object and OA-configuration
+			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			
+			//get eIDAS attributes from MOA-Session
+			IPersonalAttributeList eIDASAttributes = moasession.getGenericDataFromSession(
+					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
+					IPersonalAttributeList.class);
+			
+			AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+			IdentityLink identityLink = null;
+			
+			//connect SZR-Gateway
+			//TODO: implement SZR-Gateway communication!!!!
+			if(true) {
+								
+				// create fake IdL
+				// - fetch IdL template from resources
+				InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
+				Element idlTemplate = DOMUtils.parseXmlValidating(s);
+
+			    identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
+
+			    // replace data
+	            Element idlassertion = identityLink.getSamlAssertion();
+	            
+	            // - set bpk/wpbk;
+		        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);		        		        
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+		        	throw new eIDASAttributeException("PersonalIdentifier is missing");
+		        String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
+		        prIdentification.getFirstChild().setNodeValue(eIdentifier);
+
+		        // - set last name
+		        Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
+		        	throw new eIDASAttributeException("currentFamilyName is missing");
+				String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
+				prFamilyName.getFirstChild().setNodeValue(familyName);
+
+		        // - set first name
+		        Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
+		        	throw new eIDASAttributeException("currentGivenName is missing");
+				String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
+				prGivenName.getFirstChild().setNodeValue(givenName);
+
+		        // - set date of birth
+		        Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
+		        	throw new eIDASAttributeException("dateOfBirth is missing");
+				String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
+				dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
+				prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
+
+	            identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
+
+	            //resign IDL
+				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+				Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey());
+				identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+				
+			} else {
+				//contact SZR Gateway
+				Logger.debug("Starting connecting SZR Gateway");
+			
+				//TODO:!!!!!!
+				
+			}
+			
+			Logger.debug("SZR communication was successfull");
+
+			if (identityLink == null) {
+				Logger.error("SZR Gateway did not return an identity link.");
+				throw new MOAIDException("stork.10", null);
+			}
+			
+			MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);			
+			moasession.setForeigner(true);
+			moasession.setIdentityLink(identityLink);
+			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
+			
+			//store MOA-session to database
+			AuthenticationSessionStoreage.storeSession(moasession);
+			
+		} catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
+			throw new TaskExecutionException("IdentityLink generation for foreign person FAILED.", e);
+			
+		} catch (eIDASAttributeException e) {
+			throw new TaskExecutionException("Minimum required eIDAS attributeset not found.", e);
+				
+		}	
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index e80d62535..693807d63 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -10,13 +10,16 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
@@ -68,20 +71,36 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				//TODO: check if additional decryption operation is required
 				
 			}
+						
+			//MOA-ID specific response validation
+			//TODO: implement MOA-ID specific response validation
 			
+			//update MOA-Session data with received information			
+			Logger.debug("Store eIDAS response information into MOA-session.");
+			moasession.setQAALevel(samlResp.getAssuranceLevel());
+			moasession.setCcc(samlResp.getCountry());
+						
+			moasession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
+					new MOAPersonalAttributeList(samlResp.getPersonalAttributeList()));
+						
+			moasession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
+					decSamlToken);
+
+			//set general information to MOA-Session
+			moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/");
 			
-			
-			
-			System.out.println(new String(decSamlToken));
-			
+			//store MOA-session to database
+			AuthenticationSessionStoreage.storeSession(moasession);
 			
 		}catch (EIDASSAMLEngineException e) {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
-			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
-					new EIDASEngineException("Could not generate token for Saml Request", e));
+			throw new TaskExecutionException("eIDAS Response processing FAILED.", 
+					new EIDASEngineException("Could not validate eIDAS response", e));
 			
 		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
-			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException("eIDAS Response processing FAILED.", e);
 			
 		}	
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
new file mode 100644
index 000000000..573163af0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAOrderedAttributeIterator  implements Iterator<PersonalAttribute> {
+	
+    private MOAPersonalAttributeList pal;
+    private Iterator<String> keyIterator;
+
+    public MOAOrderedAttributeIterator(MOAPersonalAttributeList palArg) {
+        this.pal = palArg;
+        keyIterator = palArg.getInsertOrder().iterator();
+    }
+
+    @Override
+    public boolean hasNext() {
+        return keyIterator.hasNext();
+    }
+
+    @Override
+    public PersonalAttribute next() {
+        if (!hasNext()) {
+            throw new NoSuchElementException();
+        }
+        return pal.get(keyIterator.next());
+    }
+
+    @Override
+    public void remove() {
+        Logger.error("Not implemented");
+    }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
new file mode 100644
index 000000000..5cc100b70
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
@@ -0,0 +1,343 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.auth.commons.AttributeConstants;
+import eu.eidas.auth.commons.AttributeUtil;
+import eu.eidas.auth.commons.EIDASErrors;
+import eu.eidas.auth.commons.EIDASParameters;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EIDASValues;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.exceptions.InternalErrorEIDASException;
+
+/**
+ * @author tlenz
+ *
+ */
+public final class MOAPersonalAttributeList extends
+	ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList {
+	
+	 /**
+	 * 
+	 */
+	private static final long serialVersionUID = -4488124133022713089L;
+
+    public MOAPersonalAttributeList(IPersonalAttributeList eIDASAttributeList) {
+    	super();
+    	Iterator<PersonalAttribute> element = eIDASAttributeList.iterator();
+    	while(element.hasNext())
+    		add(element.next());    		
+    	
+    }
+	
+	/**
+     * Hash with the latest fetched attribute name alias.
+     */
+    private Map<String, Integer> latestAttrAlias =
+            new HashMap<String, Integer>();
+
+    /**
+     * Hash with mapping number of alias or the attribute name.
+     */
+    private Map<String, Integer> attrAliasNumber =
+            new HashMap<String, Integer>();
+    private List<String> insertOrder = new ArrayList<String>();
+
+    /**
+     * Obtain the insertOrder Collection
+     *
+     * @return defensive copy of the collection
+     */
+    List<String> getInsertOrder() {
+        return Collections.unmodifiableList(this.insertOrder);
+    }
+
+    /**
+     * Default constructor.
+     */
+    public MOAPersonalAttributeList() {
+        super();
+        
+    }
+    
+    /**
+     * Constructor with initial capacity for the PersonalAttributeList size.
+     *
+     * @param capacity The initial capacity for the PersonalAttributeList.
+     */
+    public MOAPersonalAttributeList(final int capacity) {
+        super(capacity);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Iterator<PersonalAttribute> iterator() {
+        return new MOAOrderedAttributeIterator(this);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PersonalAttribute get(final Object key) {
+        String attrName = (String) key;
+
+        if (this.latestAttrAlias == null)
+        	this.latestAttrAlias = new HashMap<String, Integer>();
+        
+        if (this.attrAliasNumber == null)
+        	this.attrAliasNumber = new HashMap<String, Integer>();
+        
+        if (this.latestAttrAlias.containsKey(key)) {
+            attrName = attrName + this.latestAttrAlias.get(key);
+        } else {
+            if (this.attrAliasNumber.containsKey(key)) {
+                this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key));
+            }
+        }
+        return super.get(attrName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void add(final PersonalAttribute value) {
+        if (value != null) {
+            this.put(value.getName(), value);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PersonalAttribute put(final String key, final PersonalAttribute val) {
+        if (StringUtils.isNotEmpty(key) && val != null) {
+            // Validate if attribute name already exists!
+            String attrAlias = key;
+            if (this.containsKey(attrAlias)) {
+            	if (this.attrAliasNumber == null)
+            		this.attrAliasNumber = new HashMap<String, Integer>();
+                if (!val.isEmptyValue() && StringUtils.isNumeric(val.getValue().get(0))) {
+                    final String attrValue = val.getValue().get(0);
+                    attrAlias = key + attrValue;
+                    this.attrAliasNumber.put(key, Integer.valueOf(attrValue));
+                } else {
+                    final PersonalAttribute attr = super.get(key);
+                    if (!attr.isEmptyValue()
+                            && StringUtils.isNumeric(attr.getValue().get(0))) {
+                        attrAlias = key + attr.getValue().get(0);
+                        super.put(key, (PersonalAttribute) attr);
+                        this.attrAliasNumber.put(key, null);
+                    }
+                }
+            } else {
+            	if (insertOrder == null)
+            		insertOrder = new ArrayList<String>();
+            	
+                insertOrder.add(key);
+            }
+            return super.put(attrAlias, val);
+        } else {
+            return null;
+        }
+    }
+
+    @Override
+    public PersonalAttribute remove(Object key) {
+        insertOrder.remove(key);
+        return super.remove(key);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void populate(final String attrList) {
+        final StringTokenizer strToken =
+                new StringTokenizer(attrList, EIDASValues.ATTRIBUTE_SEP.toString());
+
+        while (strToken.hasMoreTokens()) {
+            final PersonalAttribute persAttr = new PersonalAttribute();
+            String[] tuples =
+                    strToken.nextToken().split(EIDASValues.ATTRIBUTE_TUPLE_SEP.toString(),
+                            AttributeConstants.NUMBER_TUPLES.intValue());
+
+            // Convert to the new format if needed!
+            tuples = convertFormat(tuples);
+
+            if (AttributeUtil.hasValidTuples(tuples)) {
+                final int attrValueIndex =
+                        AttributeConstants.ATTR_VALUE_INDEX.intValue();
+                final String tmpAttrValue =
+                        tuples[attrValueIndex].substring(1,
+                                tuples[attrValueIndex].length() - 1);
+                final String[] vals =
+                        tmpAttrValue.split(EIDASValues.ATTRIBUTE_VALUE_SEP.toString());
+
+                persAttr.setName(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]);
+                persAttr.setIsRequired(Boolean
+                        .valueOf(tuples[AttributeConstants.ATTR_TYPE_INDEX.intValue()]));
+                // check if it is a complex value
+                if (tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]
+                        .equals(EIDASParameters.COMPLEX_ADDRESS_VALUE.toString())) {
+                    persAttr.setComplexValue(createComplexValue(vals));
+                } else {
+                    persAttr.setValue(createValues(vals));
+                }
+
+                if (tuples.length == AttributeConstants.NUMBER_TUPLES.intValue()) {
+                    persAttr.setStatus(tuples[AttributeConstants.ATTR_STATUS_INDEX
+                            .intValue()]);
+                }
+                this.put(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()],
+                        persAttr);
+
+            } else {
+                Logger.info("BUSINESS EXCEPTION : Invalid personal attribute list tuples");
+            }
+
+        }
+    }
+
+  /**
+  * Returns a copy of this <tt>IPersonalAttributeList</tt> instance.
+  *
+  * @return The copy of this IPersonalAttributeList.
+  */
+  public Object clone() {
+      try {
+          MOAPersonalAttributeList theClone= (MOAPersonalAttributeList)super.clone();
+          theClone.insertOrder=new ArrayList<String>(insertOrder);
+          return theClone;
+          
+      } catch (CloneNotSupportedException e) {
+          throw new InternalErrorEIDASException(
+                  EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorCode()),
+                  EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorMessage()), e);
+      }
+  }
+
+  /**
+   * Creates a string in the following format.
+   *
+   * attrName:attrType:[attrValue1,attrValue2=attrComplexValue]:attrStatus;
+   *
+   * @return {@inheritDoc}
+   */
+  @Override
+  public String toString() {
+      final StringBuilder strBuilder = new StringBuilder();
+      final Iterator<String> iteratorInsertOrder = insertOrder.iterator();
+      while (iteratorInsertOrder.hasNext()) {
+          String key = iteratorInsertOrder.next();
+          final PersonalAttribute attr = get(key);
+          strBuilder.append(attr.toString());
+          if (isNumberAlias(key)) {
+              strBuilder.append(get(key).toString());
+          }
+      }
+      return strBuilder.toString();
+  }
+
+    /**
+     * Validates and creates the attribute's complex values.
+     *
+     * @param values The complex values.
+     * @return The {@link Map} with the complex values.
+     * @see Map
+     */
+    private Map<String, String> createComplexValue(final String[] values) {
+        final Map<String, String> complexValue = new HashMap<String, String>();
+        for (final String val : values) {
+            final String[] tVal = val.split("=");
+            if (StringUtils.isNotEmpty(val) && tVal.length == 2) {
+                complexValue.put(tVal[0], AttributeUtil.unescape(tVal[1]));
+            }
+        }
+        return complexValue;
+    }
+
+    /**
+     * Validates and creates the attribute values.
+     *
+     * @param vals The attribute values.
+     * @return The {@link List} with the attribute values.
+     * @see List
+     */
+    private List<String> createValues(final String[] vals) {
+        final List<String> values = new ArrayList<String>();
+        for (final String val : vals) {
+            if (StringUtils.isNotEmpty(val)) {
+                values.add(AttributeUtil.unescape(val));
+            }
+        }
+        return values;
+    }
+
+    //////////////////
+    /**
+     * Converts the attribute tuple (attrName:attrType...) to the new format.
+     *
+     * @param tuples The attribute tuples to convert.
+     * @return The attribute tuples in the new format.
+     */
+    private String[] convertFormat(final String[] tuples) {
+        final String[] newFormatTuples =
+                new String[AttributeConstants.NUMBER_TUPLES.intValue()];
+        if (tuples != null) {
+            System.arraycopy(tuples, 0, newFormatTuples, 0, tuples.length);
+
+            for (int i = tuples.length; i < newFormatTuples.length; i++) {
+                if (i == AttributeConstants.ATTR_VALUE_INDEX.intValue()) {
+                    newFormatTuples[i] = "[]";
+                } else {
+                    newFormatTuples[i] = "";
+                }
+            }
+        }
+        return newFormatTuples;
+    }
+
+    public boolean isNumberAlias(String key) {
+        return this.attrAliasNumber.containsKey(key);
+    }
+	
+	
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
index 2a16b2e23..f24ff1c28 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -5,17 +5,14 @@
 	<pd:Task id="createAuthnRequest" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" />
 	<pd:Task id="receiveAuthnResponse" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask" async="true" />
 	<pd:Task id="finalizeAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
+	<pd:Task id="generateIdentityLink" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask" />
 
-	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
-	<pd:StartEvent id="start" />
-	
-	<pd:Transition from="start" to="createAuthnRequest" />
-	
+	<pd:StartEvent id="start" />	
+	<pd:Transition from="start" to="createAuthnRequest" />	
 	<pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" />
-	<pd:Transition from="receiveAuthnResponse" to="finalizeAuthentication" />
-	
-	<pd:Transition from="finalizeAuthentication"    to="end" />
-	
+	<pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" />
+	<pd:Transition from="generateIdentityLink" to="finalizeAuthentication" />		
+	<pd:Transition from="finalizeAuthentication"    to="end" />	
 	<pd:EndEvent id="end" />
 
 </pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml
new file mode 100644
index 000000000..09084a34f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+	<saml:AttributeStatement>
+		<saml:Subject>
+			<saml:SubjectConfirmation>
+				<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+				<saml:SubjectConfirmationData>
+					<pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>XXXRúùd</pr:GivenName><pr:FamilyName primary="undefined">XXXVàn Nisteĺrooy</pr:FamilyName></pr:Name><pr:DateOfBirth>1969-02-13</pr:DateOfBirth></pr:Person>
+				</saml:SubjectConfirmationData>
+			</saml:SubjectConfirmation>
+		</saml:Subject>
+	<saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><ecdsa:ECDSAKeyValue><ecdsa:DomainParameters><ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/></ecdsa:DomainParameters><ecdsa:PublicKey><ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/><ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/></ecdsa:PublicKey></ecdsa:ECDSAKeyValue></saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><dsig:RSAKeyValue><dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/
+t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm
+P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg
+gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></saml:AttributeValue></saml:Attribute></saml:AttributeStatement>
+	<dsig:Signature>
+		<dsig:SignedInfo>
+			<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+			<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+			<dsig:Reference URI="">
+				<dsig:Transforms>
+					<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+						<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+					</dsig:Transform>
+					<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+				</dsig:Transforms>
+				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<dsig:DigestValue>KEQEPY2O3Z3IRaISSSoRZVPzsHE=</dsig:DigestValue>
+			</dsig:Reference>
+			<dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest">
+				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<dsig:DigestValue>gzGhjH1kdmPcPbgen0xojNIoJLk=</dsig:DigestValue>
+			</dsig:Reference>
+		</dsig:SignedInfo>
+		<dsig:SignatureValue>
+    06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q==
+  </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
+		<dsig:Object>
+			<dsig:Manifest Id="manifest">
+				<dsig:Reference URI="">
+					<dsig:Transforms>
+						<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+							<dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath>
+						</dsig:Transform>
+					</dsig:Transforms>
+					<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+					<dsig:DigestValue>8e7RjLnA4Mgltq5ruIJzheKGxu0=</dsig:DigestValue>
+				</dsig:Reference>
+			</dsig:Manifest>
+		</dsig:Object>
+	</dsig:Signature>
+</saml:Assertion>
\ No newline at end of file
-- 
cgit v1.2.3


From 320485ae06e93da206049f4c3706db4e4fec554b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:03:03 +0100
Subject: refactor PVP Metadata provider functionality

---
 .../auth/builder/SignatureVerificationUtils.java   | 172 +++++++++++++++++
 .../auth/invoke/SignatureVerificationInvoker.java  | 142 ++++++++++++++
 .../parser/VerifyXMLSignatureResponseParser.java   | 211 +++++++++++++++++++++
 .../pvp2x/metadata/MOAMetadataProvider.java        |  10 +-
 .../verification/metadata/MetadataFilterChain.java |  82 --------
 .../metadata/PVPMetadataFilterChain.java           |  54 ++++++
 .../moa/id/saml2/MetadataFilterChain.java          |  73 +++++++
 .../auth/invoke/SignatureVerificationInvoker.java  | 142 --------------
 .../parser/VerifyXMLSignatureResponseParser.java   | 211 ---------------------
 .../engine/MOAeIDASMetadataSignatureFilter.java    | 132 +++++++++++++
 10 files changed, 789 insertions(+), 440 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
 delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
 delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
new file mode 100644
index 000000000..e321c9d05
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -0,0 +1,172 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureVerificationUtils {
+	  /** shortcut for XMLNS namespace URI */
+	  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+	  /** shortcut for MOA namespace URI */
+	  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+	  /** The DSIG-Prefix */
+	  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+	  
+	  /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+	  private Document requestDoc_;
+	  /** the <code>VerifyXMLsignatureRequest</code> root element */
+	  private Element requestElem_;
+	
+	  
+	  public SignatureVerificationUtils() throws BuildException {
+		  try {
+		        DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();        
+		        requestDoc_ = docBuilder.newDocument();
+		        requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+		        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+		        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+		        requestDoc_.appendChild(requestElem_); 
+		        
+		  } catch (Throwable t) {
+		        throw new BuildException(
+		          "builder.00", 
+		          new Object[] {"VerifyXMLSignatureRequest", t.toString()}, 
+		          t);
+		  }
+	  }
+	  
+	  public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {		  
+		  try {
+			  //build signature-verification request
+			  Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
+
+			  //send signature-verification to MOA-SP 
+			  Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+			  		.verifyXMLSignature(domVerifyXMLSignatureRequest);
+			
+			// parses the <VerifyXMLSignatureResponse>
+			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+					domVerifyXMLSignatureResponse).parseData();
+			
+			return verifyXMLSignatureResponse;
+			  
+		  } catch (ParseException e) {
+			  Logger.error("Build signature-verification request FAILED." ,e);
+			  throw e;
+			
+		  } catch (ServiceException e) {
+			  Logger.error("MOA-SP signature verification FAILED." ,e);
+			  throw e;
+			  
+		}
+		 				  
+	  }
+	  
+	/**
+	   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+	   * from an IdentityLink with a known trustProfileID which 
+	   * has to exist in MOA-SP
+	   * @param signature - The XML signature as byte[]
+	   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+	   * 
+	   * @return Element - The complete request as Dom-Element
+	   * 
+	   * @throws ParseException
+	   */
+	  private Element build(byte[] signature, String trustProfileID)
+	    throws ParseException 
+	  { 
+	    try {
+	      // build the request
+	      Element verifiySignatureInfoElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+	      requestElem_.appendChild(verifiySignatureInfoElem);
+	      Element verifySignatureEnvironmentElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+	      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+	      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+	      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+
+	      // insert the base64 encoded signature	      
+	      String base64EncodedAssertion = Base64Utils.encode(signature);
+	      //replace all '\r' characters by no char.
+	      StringBuffer replaced = new StringBuffer();
+	      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+	        char c = base64EncodedAssertion.charAt(i);
+	        if (c != '\r') {
+	          replaced.append(c);
+	        }
+	      }
+	      base64EncodedAssertion = replaced.toString();
+	      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+	      base64ContentElem.appendChild(base64Content);      
+	     
+	      // specify the signature location
+	      Element verifySignatureLocationElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+	      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+	      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+	      verifySignatureLocationElem.appendChild(signatureLocation);      
+	      
+	      // signature manifest params
+	      Element signatureManifestCheckParamsElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+	      requestElem_.appendChild(signatureManifestCheckParamsElem);
+	      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+
+	      Element returnHashInputDataElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+	      requestElem_.appendChild(returnHashInputDataElem);
+
+	      //add trustProfileID
+	      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+	      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+	      requestElem_.appendChild(trustProfileIDElem);
+	    } catch (Throwable t) {
+	      throw new ParseException("builder.00", 
+	        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+	    }
+
+	    return requestElem_;
+	  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
new file mode 100644
index 000000000..72a7d3ba1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.invoke;
+
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
+ * Either invokes the web service, or calls the corresponding API, depending on configuration data.
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class SignatureVerificationInvoker {
+  /** This QName Object identifies the SignatureVerification endpoint of the web service */
+  private static final QName SERVICE_QNAME = new QName("SignatureVerification");
+
+  /**
+   * Method verifyXMLSignature.
+   * @param request to be sent
+   * @return Element with the answer
+   * @throws ServiceException if an error occurs
+   */
+  public Element verifyXMLSignature(Element request) throws ServiceException {
+    return doCall(SERVICE_QNAME, request);
+  }
+
+  /**
+   * Method doCall.
+   * @param serviceName the name of the service
+   * @param request the request to be sent
+   * @return Element the answer
+   * @throws ServiceException if an error occurs
+   */
+  protected Element doCall(QName serviceName, Element request) throws ServiceException {
+    ConnectionParameter authConnParam = null;
+    try {
+      Service service = ServiceFactory.newInstance().createService(serviceName);
+      Call call = service.createCall();
+      SOAPBodyElement body = new SOAPBodyElement(request);
+      SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+      Vector responses;
+      SOAPBodyElement response;
+
+      String endPoint;
+      AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
+      authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+      //If the ConnectionParameter do NOT exist, we try to get the api to work....
+      if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
+        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
+        endPoint = authConnParam.getUrl();
+        call.setTargetEndpointAddress(endPoint);
+        responses = (Vector) call.invoke(serviceName, params);
+        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
+        response = (SOAPBodyElement) responses.get(0);
+        return response.getAsDOM();
+      }
+      else {
+        SignatureVerificationService svs = SignatureVerificationService.getInstance();
+        VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
+		
+        VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
+        Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
+
+        //Logger.setHierarchy("moa.id.auth");
+        return result.getDocumentElement();
+      }
+    }
+    catch (Exception ex) {
+      if (authConnParam != null) {
+	      throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
+      } else {
+        throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
+      }
+    }
+  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
new file mode 100644
index 000000000..7bce406e0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -0,0 +1,211 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.parser;
+
+import iaik.utils.Base64InputStream;
+import iaik.x509.X509Certificate;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
+ * MOA-SPSS.
+ * This class implements the Singleton pattern
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+
+public class VerifyXMLSignatureResponseParser {
+  //
+  // XPath namespace prefix shortcuts
+  //
+  /** Xpath prefix for reaching MOA Namespaces */
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  /** Xpath prefix for reaching DSIG Namespaces */
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  /** Xpath expression to the root element */    
+  private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
+  
+    /** Xpath expression to the X509SubjectName element */  
+  private static final String DSIG_SUBJECT_NAME_XPATH = 
+      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      DSIG + "X509SubjectName";        
+  /** Xpath expression to the X509Certificate element */  
+  private static final String DSIG_X509_CERTIFICATE_XPATH = 
+      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+          DSIG + "X509Certificate";        
+  /** Xpath expression to the PublicAuthority element */  
+  private static final String PUBLIC_AUTHORITY_XPATH =
+     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      MOA + "PublicAuthority";        
+  /** Xpath expression to the PublicAuthorityCode element */  
+  private static final String PUBLIC_AUTHORITY_CODE_XPATH =
+     PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";        
+  /** Xpath expression to the QualifiedCertificate element */  
+   private static final String QUALIFIED_CERTIFICATE_XPATH =
+     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
+      MOA + "QualifiedCertificate";        
+   
+  /** Xpath expression to the SignatureCheckCode element */    
+  private static final String SIGNATURE_CHECK_CODE_XPATH = 
+   ROOT + MOA + "SignatureCheck/" + MOA + "Code";
+  /** Xpath expression to the XMLDSIGManifestCheckCode element */    
+  private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = 
+   ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
+  /** Xpath expression to the SignatureManifestCheckCode element */    
+  private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = 
+   ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code";
+  /** Xpath expression to the CertificateCheckCode element */      
+  private static final String CERTIFICATE_CHECK_CODE_XPATH = 
+   ROOT + MOA + "CertificateCheck/" + MOA + "Code";
+  
+    
+  /** This is the root element of the XML-Document provided by the Security Layer Card*/
+  private Element verifyXMLSignatureResponse;
+
+  /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * A DOM-representation of the incoming String will be created
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+   * @throws ParseException on any parsing error
+   */
+  public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
+   try {
+  InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+  
+  verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); 
+     }
+     catch (Throwable t) {
+      throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+    } 
+  }
+  
+  /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * A DOM-representation of the incoming Inputstream will be created
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+   * @throws Exception on any parsing error
+   */
+  public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
+  {
+    try {
+       verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);                        
+    }
+     catch (Throwable t) {
+      throw new ParseException("parser.01", null, t);
+    } 
+  } 
+  
+   /**
+   * Constructor for VerifyXMLSignatureResponseParser.
+   * The incoming Element will be used for further operations
+   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
+   */
+  public VerifyXMLSignatureResponseParser(Element xmlResponse)
+  {
+      verifyXMLSignatureResponse =xmlResponse;                        
+  
+  }
+  
+  /**
+   * Parse identity link from <code>&lt;InfoboxReadResponse&gt;</code>
+   * @return Identity link
+   * @throws ParseException on any parsing error
+   */
+
+  public VerifyXMLSignatureResponse parseData() throws ParseException {
+
+    VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+
+    try {
+    	
+      String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
+      respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
+      Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
+      respData.setQualifiedCertificate(e!=null);
+
+      Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
+        verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
+
+      respData.setX509certificate(new X509Certificate(in));
+      Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
+      respData.setPublicAuthority(publicAuthority != null);
+      respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
+      respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
+
+      String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
+      if (xmlDsigCheckCode!=null) { 
+        respData.setXmlDSIGManigest(true);
+        respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
+      } else {
+        respData.setXmlDSIGManigest(false);
+      }
+      String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null);
+      if (signatureManifestCheckCode != null) {
+        respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
+      }
+      respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());             
+    }
+    catch (Throwable t) {
+      throw new ParseException("parser.01", null, t);
+    }        
+    return respData;
+  }
+  
+  
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index f33cadc41..f4c099878 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -422,8 +422,8 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 		internalProvider = chainProvider;
 	}
 	
-	private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
-		MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+	private PVPMetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
+		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
 		
 		if (oaParam.isInderfederationIDP()) {
@@ -435,7 +435,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 		return filterChain;		
 	}
 	
-	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) {
+	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, PVPMetadataFilterChain filter) {
 		HTTPMetadataProvider httpProvider = null;
 		Timer timer= null;
 		MOAHttpClient httpClient = null;
@@ -470,7 +470,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 			//httpProvider.setRefreshDelayFactor(0.1F);
 			
 			if (filter == null) {			
-				filter = new MetadataFilterChain(metadataURL, certificate);
+				filter = new PVPMetadataFilterChain(metadataURL, certificate);
 			}
 			httpProvider.setMetadataFilter(filter);
 			httpProvider.initialize();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
deleted file mode 100644
index 4e1d939ff..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.security.cert.CertificateException;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MetadataFilterChain implements MetadataFilter {
-
-	private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-	
-	/**
-	 * @throws CertificateException 
-	 * 
-	 */
-	public MetadataFilterChain(String url, byte[] certificate) throws CertificateException {
-		addDefaultFilters(url, certificate);
-	}
-	
-	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
-		filters.add(new MetadataSignatureFilter(url, certificate));
-		
-	}
-	
-	/**
-	 * @return the filter
-	 */
-	public List<MetadataFilter> getFilters() {
-		return filters;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws FilterException {
-		for (MetadataFilter filter : filters) {
-			Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName());
-			filter.doFilter(arg0);
-		}
-
-	}
-
-
-
-
-
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
new file mode 100644
index 000000000..4c1da747b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.security.cert.CertificateException;
+
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPMetadataFilterChain extends MetadataFilterChain {
+
+		
+	/**
+	 * @throws CertificateException 
+	 * 
+	 */
+	public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+		addDefaultFilters(url, certificate);
+	}
+	
+	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
+		addFilter(new MetadataSignatureFilter(url, certificate));
+		
+	}
+
+
+
+
+
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
new file mode 100644
index 000000000..e7412a0fc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.saml2;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MetadataFilterChain implements MetadataFilter {
+
+	private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
+		
+	/**
+	 * Return all actually used Metadata filters
+	 * 
+	 * @return List of Metadata filters
+	 */
+	public List<MetadataFilter> getFilters() {
+		return filters;
+	}
+	
+	/**
+	 * Add a new Metadata filter to filterchain
+	 * 
+	 * @param filter 
+	 */
+	public void addFilter(MetadataFilter filter) {
+		filters.add(filter);
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+	 */
+	@Override
+	public void doFilter(XMLObject arg0) throws FilterException {
+		for (MetadataFilter filter : filters) {
+			Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName());
+			filter.doFilter(arg0);
+		}
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
deleted file mode 100644
index 72a7d3ba1..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ /dev/null
@@ -1,142 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.invoke;
-
-import java.util.Vector;
-
-import javax.xml.namespace.QName;
-import javax.xml.rpc.Call;
-import javax.xml.rpc.Service;
-import javax.xml.rpc.ServiceFactory;
-
-import org.apache.axis.message.SOAPBodyElement;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
-import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
-import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
- * Either invokes the web service, or calls the corresponding API, depending on configuration data.
- * 
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class SignatureVerificationInvoker {
-  /** This QName Object identifies the SignatureVerification endpoint of the web service */
-  private static final QName SERVICE_QNAME = new QName("SignatureVerification");
-
-  /**
-   * Method verifyXMLSignature.
-   * @param request to be sent
-   * @return Element with the answer
-   * @throws ServiceException if an error occurs
-   */
-  public Element verifyXMLSignature(Element request) throws ServiceException {
-    return doCall(SERVICE_QNAME, request);
-  }
-
-  /**
-   * Method doCall.
-   * @param serviceName the name of the service
-   * @param request the request to be sent
-   * @return Element the answer
-   * @throws ServiceException if an error occurs
-   */
-  protected Element doCall(QName serviceName, Element request) throws ServiceException {
-    ConnectionParameter authConnParam = null;
-    try {
-      Service service = ServiceFactory.newInstance().createService(serviceName);
-      Call call = service.createCall();
-      SOAPBodyElement body = new SOAPBodyElement(request);
-      SOAPBodyElement[] params = new SOAPBodyElement[] { body };
-      Vector responses;
-      SOAPBodyElement response;
-
-      String endPoint;
-      AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
-      authConnParam = authConfigProvider.getMoaSpConnectionParameter();
-      //If the ConnectionParameter do NOT exist, we try to get the api to work....
-      if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
-        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
-        endPoint = authConnParam.getUrl();
-        call.setTargetEndpointAddress(endPoint);
-        responses = (Vector) call.invoke(serviceName, params);
-        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
-        response = (SOAPBodyElement) responses.get(0);
-        return response.getAsDOM();
-      }
-      else {
-        SignatureVerificationService svs = SignatureVerificationService.getInstance();
-        VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
-		
-        VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
-        Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
-
-        //Logger.setHierarchy("moa.id.auth");
-        return result.getDocumentElement();
-      }
-    }
-    catch (Exception ex) {
-      if (authConnParam != null) {
-	      throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
-      } else {
-        throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
-      }
-    }
-  }
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
deleted file mode 100644
index 7bce406e0..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ /dev/null
@@ -1,211 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.parser;
-
-import iaik.utils.Base64InputStream;
-import iaik.x509.X509Certificate;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
- * MOA-SPSS.
- * This class implements the Singleton pattern
- * 
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-
-public class VerifyXMLSignatureResponseParser {
-  //
-  // XPath namespace prefix shortcuts
-  //
-  /** Xpath prefix for reaching MOA Namespaces */
-  private static final String MOA = Constants.MOA_PREFIX + ":";
-  /** Xpath prefix for reaching DSIG Namespaces */
-  private static final String DSIG = Constants.DSIG_PREFIX + ":";
-  /** Xpath expression to the root element */    
-  private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
-  
-    /** Xpath expression to the X509SubjectName element */  
-  private static final String DSIG_SUBJECT_NAME_XPATH = 
-      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
-      DSIG + "X509SubjectName";        
-  /** Xpath expression to the X509Certificate element */  
-  private static final String DSIG_X509_CERTIFICATE_XPATH = 
-      ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
-          DSIG + "X509Certificate";        
-  /** Xpath expression to the PublicAuthority element */  
-  private static final String PUBLIC_AUTHORITY_XPATH =
-     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
-      MOA + "PublicAuthority";        
-  /** Xpath expression to the PublicAuthorityCode element */  
-  private static final String PUBLIC_AUTHORITY_CODE_XPATH =
-     PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";        
-  /** Xpath expression to the QualifiedCertificate element */  
-   private static final String QUALIFIED_CERTIFICATE_XPATH =
-     ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + 
-      MOA + "QualifiedCertificate";        
-   
-  /** Xpath expression to the SignatureCheckCode element */    
-  private static final String SIGNATURE_CHECK_CODE_XPATH = 
-   ROOT + MOA + "SignatureCheck/" + MOA + "Code";
-  /** Xpath expression to the XMLDSIGManifestCheckCode element */    
-  private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = 
-   ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
-  /** Xpath expression to the SignatureManifestCheckCode element */    
-  private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = 
-   ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code";
-  /** Xpath expression to the CertificateCheckCode element */      
-  private static final String CERTIFICATE_CHECK_CODE_XPATH = 
-   ROOT + MOA + "CertificateCheck/" + MOA + "Code";
-  
-    
-  /** This is the root element of the XML-Document provided by the Security Layer Card*/
-  private Element verifyXMLSignatureResponse;
-
-  /**
-   * Constructor for VerifyXMLSignatureResponseParser.
-   * A DOM-representation of the incoming String will be created
-   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
-   * @throws ParseException on any parsing error
-   */
-  public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
-   try {
-  InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
-  
-  verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); 
-     }
-     catch (Throwable t) {
-      throw new ParseException("parser.01", new Object[] { t.toString() }, t);
-    } 
-  }
-  
-  /**
-   * Constructor for VerifyXMLSignatureResponseParser.
-   * A DOM-representation of the incoming Inputstream will be created
-   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
-   * @throws Exception on any parsing error
-   */
-  public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
-  {
-    try {
-       verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);                        
-    }
-     catch (Throwable t) {
-      throw new ParseException("parser.01", null, t);
-    } 
-  } 
-  
-   /**
-   * Constructor for VerifyXMLSignatureResponseParser.
-   * The incoming Element will be used for further operations
-   * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
-   */
-  public VerifyXMLSignatureResponseParser(Element xmlResponse)
-  {
-      verifyXMLSignatureResponse =xmlResponse;                        
-  
-  }
-  
-  /**
-   * Parse identity link from <code>&lt;InfoboxReadResponse&gt;</code>
-   * @return Identity link
-   * @throws ParseException on any parsing error
-   */
-
-  public VerifyXMLSignatureResponse parseData() throws ParseException {
-
-    VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
-
-    try {
-    	
-      String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
-      respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
-      Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
-      respData.setQualifiedCertificate(e!=null);
-
-      Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
-        verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
-
-      respData.setX509certificate(new X509Certificate(in));
-      Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
-      respData.setPublicAuthority(publicAuthority != null);
-      respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
-      respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
-
-      String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
-      if (xmlDsigCheckCode!=null) { 
-        respData.setXmlDSIGManigest(true);
-        respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
-      } else {
-        respData.setXmlDSIGManigest(false);
-      }
-      String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null);
-      if (signatureManifestCheckCode != null) {
-        respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
-      }
-      respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());             
-    }
-    catch (Throwable t) {
-      throw new ParseException("parser.01", null, t);
-    }        
-    return respData;
-  }
-  
-  
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
new file mode 100644
index 000000000..c9f3e5bcd
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.io.IOException;
+import java.io.StringWriter;
+
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataSignatureFilter implements MetadataFilter {
+
+	private String trustProfileID = null;
+	
+	/**
+	 * 
+	 */
+	public MOAeIDASMetadataSignatureFilter(String trustProfileID) {
+		this.trustProfileID = trustProfileID;
+		
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+	 */
+	@Override
+	public void doFilter(XMLObject metadata) throws FilterException {
+		if (metadata instanceof EntityDescriptor) {
+			if (((EntityDescriptor) metadata).isSigned()) {				
+				EntityDescriptor entityDes = (EntityDescriptor) metadata;
+				//check signature;
+				try {
+					Transformer transformer = TransformerFactory.newInstance()
+							.newTransformer();	
+					StringWriter sw = new StringWriter();
+					StreamResult sr = new StreamResult(sw);
+					DOMSource source = new DOMSource(metadata.getDOM());
+					transformer.transform(source, sr);
+					sw.close();
+					String metadataXML = sw.toString();
+					
+					SignatureVerificationUtils sigVerify = 
+							new SignatureVerificationUtils();
+					VerifyXMLSignatureResponse result = sigVerify.verify(
+							metadataXML.getBytes(), trustProfileID);
+					
+					//check signature-verification result
+					if (result.getSignatureCheckCode() != 0) {
+						Logger.warn("eIDAS Metadata signature-verification FAILED!"
+								+ " Metadata: " + entityDes.getEntityID()
+								+ " StatusCode:" + result.getSignatureCheckCode());
+						throw new FilterException("eIDAS Metadata signature-verification FAILED!"
+								+ " Metadata: " + entityDes.getEntityID()
+								+ " StatusCode:" + result.getSignatureCheckCode());
+						
+					}
+					
+					if (result.getCertificateCheckCode() != 0) {
+						Logger.warn("eIDAS Metadata certificate-verification FAILED!"
+								+ " Metadata: " + entityDes.getEntityID()
+								+ " StatusCode:" + result.getCertificateCheckCode());
+						throw new FilterException("eIDAS Metadata certificate-verification FAILED!"
+								+ " Metadata: " + entityDes.getEntityID()
+								+ " StatusCode:" + result.getCertificateCheckCode());
+						
+					}
+					
+				
+				} catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
+					Logger.error("eIDAS Metadata verification has an interal error.", e);
+					throw new FilterException("eIDAS Metadata verification has an interal error."
+							+ " Message:" + e.getMessage());
+					
+				}
+				
+				
+			} else {
+				Logger.warn("eIDAS Metadata root-element MUST be signed.");
+				throw new FilterException("eIDAS Metadata root-element MUST be signed.'");
+				
+			}
+						
+		} else {
+			Logger.warn("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
+			throw new FilterException("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
+			
+		}
+		
+	}
+
+}
-- 
cgit v1.2.3


From ced2df85fa74ea2db9949b18e075e20af6168df0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:03:37 +0100
Subject: add JavaDoc

---
 .../java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
index ad3268b90..1d8ea4cd4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
@@ -89,6 +89,11 @@ public interface AuthConfiguration extends ConfigurationProvider{
 
 	public boolean isAdvancedLoggingActive();
 
+	/**
+	 * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set.
+	 * 
+	 * @return the PublicURLPrefix without trailing slash or {@code null}
+	 */
 	public String getPublicURLPrefix();
 
 	public boolean isPVP2AssertionEncryptionActive();
-- 
cgit v1.2.3


From 28884c5d5ee4685aaf88309b1b6b340b65ffbe86 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:04:58 +0100
Subject: update eIDAS http(s) endpoints

---
 .../moa/id/auth/modules/eidas/Constants.java        | 18 ++++++++++++++----
 .../id/auth/modules/eidas/eIDASSignalServlet.java   | 15 ++-------------
 .../eidas/tasks/GenerateAuthnRequestTask.java       |  4 ++++
 .../modules/eidas/utils/EidasMetaDataServlet.java   | 21 ++++++++++++++++-----
 4 files changed, 36 insertions(+), 22 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 9f347b4ee..1c20a81bf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -45,20 +45,30 @@ public class Constants {
 	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
-	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
-	
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";	
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
 			+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
-			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";	
+	public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
 	
-	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  //2 minutes skew time for response validation
+	//timeouts and clock skews
+	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  			//2 minutes skew time for response validation
+	public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000;  	//20 seconds metadata socked timeout
 	
+	//eIDAS attribute names
 	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
 	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
 	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
 	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+		
+	//http endpoint descriptions
+	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
+	public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
 	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 556947572..49f0451cb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -22,30 +22,19 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
-import java.io.ByteArrayInputStream;
-
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathFactory;
 
 import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.util.xml.SimpleNamespaceContext;
-import org.w3c.dom.Document;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
 
 /**
  * @author tlenz
  *
  */
-@WebServlet(urlPatterns = { "/eidas/post",  "/eidas/redirect"}, loadOnStartup = 1)
+@WebServlet(urlPatterns = { "/eidas/sp/post",  "/eidas/sp/redirect"}, loadOnStartup = 1)
 public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 
 	private static final long serialVersionUID = 8215688005533754459L;
@@ -53,7 +42,7 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 	public eIDASSignalServlet() {
 		super();
 		Logger.debug("Registering servlet " + getClass().getName() + 
-				" with mappings '/eidas/post' and '/eidas/redirect'.");
+				" with mappings '/eidas/sp/post' and '/eidas/sp/redirect'.");
 		
 	}
 	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 57588287d..963fe70c1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -142,7 +142,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
 			authnRequest.setPersonalAttributeList(pAttList);
+			
 			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
+			//TODO: only for development and reverse proxy 
+			authnRequest.setIssuer("http://localhost:12343/moa-id-auth/eidas/metadata");
+			
 			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
 			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index c8df9ca97..cd30f2bec 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -29,7 +29,10 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 import eu.eidas.auth.engine.metadata.MetadataConfigParams;
 import eu.eidas.auth.engine.metadata.MetadataGenerator;
@@ -49,15 +52,23 @@ public class EidasMetaDataServlet extends HttpServlet {
      */
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         try {
-            logger.info("EidasMetaDataServlet GET");
+            logger.debug("EidasMetaDataServlet GET");
             
-            String metadata_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
-            String sp_return_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
+            AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+            String pubURLPrefix = config.getPublicURLPrefix();
+            
+            
+            String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+            
+            //TODO: only for development and reverse proxy 
+            metadata_url = "http://localhost:12343/moa-id-auth/eidas/metadata";
+            
+            String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
             String metaData = generateMetadata(metadata_url, sp_return_url);
 
-            logger.debug(metaData);
+            logger.trace(metaData);
 
-            response.setContentType("text/html");
+            response.setContentType("text/xml");
             response.getWriter().print(metaData);
             response.flushBuffer();
         } catch (Exception e) {
-- 
cgit v1.2.3


From 0247b654a6278acff55999e8b6318a6db4354510 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:05:48 +0100
Subject: reimplement eIDAS metadata provider which use MOA-SP to verify
 metadata

---
 .../engine/MOAeIDASSimpleMetadataProvider.java     | 184 ++++++++++++++++++---
 1 file changed, 165 insertions(+), 19 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
index 2aec81db5..a8099f42e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
@@ -1,50 +1,196 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
 import java.security.KeyStore;
+import java.util.Timer;
 
+import javax.net.ssl.SSLHandshakeException;
+
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.apache.commons.lang.StringUtils;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.parse.BasicParserPool;
 
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.SimpleMetadataProcessor;
+import eu.eidas.auth.engine.metadata.MetadataProcessorI;
 import eu.eidas.engine.exceptions.SAMLEngineException;
 
-public class MOAeIDASSimpleMetadataProvider extends SimpleMetadataProcessor {
+public class MOAeIDASSimpleMetadataProvider implements MetadataProcessorI {
 
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+	 */
 	@Override
-	public EntityDescriptor getEntityDescriptor(String url) {
-        EntityDescriptor entityDescriptor=getEntityDescriptorHelper(url);
-        
-        if(Logger.isDebugEnabled()){
-            Logger.debug("got entityDescriptor: " + entityDescriptor);
+	public EntityDescriptor getEntityDescriptor(String url)
+			throws SAMLEngineException {
+		EntityDescriptor entityDescriptor=null;
+        try {
+        	if (StringUtils.isNotEmpty(url)) {        	
+        		HTTPMetadataProvider provider = createNewHTTPMetaDataProvider(url);            
+                entityDescriptor = provider.getEntityDescriptor(url);
+                
+            } else {
+                throw new MetadataProviderException("the metadata url parameter is null or empty");
+                
+            }
+        } catch (MetadataProviderException mpe) {
+            Logger.error("error getting a metadataprovider {}", mpe);
+            
         }
         return entityDescriptor;
+        
 	}
 
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
+	 */
 	@Override
-	public SPSSODescriptor getSPSSODescriptor(String url) throws SAMLEngineException {
+	public SPSSODescriptor getSPSSODescriptor(String url)
+			throws SAMLEngineException {
 		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
 		
 	}
 
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
+	 */
 	@Override
-	public IDPSSODescriptor getIDPSSODescriptor(String url) throws SAMLEngineException {
+	public IDPSSODescriptor getIDPSSODescriptor(String url)
+			throws SAMLEngineException {
 		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
 		
 	}
 
-    @Override
-    public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine) throws SAMLEngineException {
-        //TODO: implement Metadata signature validation
-        Logger.warn("MetadataProcessor in demo SP does not actually check the signature of metadata");
-   
-    }
-    @Override
-    public void checkValidMetadataSignature(String url, KeyStore store) throws SAMLEngineException {
-        //not implemented
-    	
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, KeyStore trustStore)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+    protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
+        for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
+            if(clazz.isInstance(rd)){
+                return (T)rd;
+            }
+        }
+        return null;
     }
+    
+	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
+		HTTPMetadataProvider httpProvider = null;
+		Timer timer= null;
+		MOAHttpClient httpClient = null;
+		try {
+			AuthConfiguration authConfig = AuthConfigurationProviderFactory.getInstance();
+			
+			httpClient = new MOAHttpClient();
+			
+			HttpClientParams httpClientParams = new HttpClientParams();
+			httpClientParams.setSoTimeout(Constants.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+			httpClient.setParams(httpClientParams);
+			
+			if (metadataURL.startsWith("https:")) {
+				try {
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							authConfig.getCertstoreDirectory(), 
+							authConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							authConfig.isTrustmanagerrevoationchecking());
+					
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+				} catch (MOAHttpProtocolSocketFactoryException e) {
+					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+					
+				}
+			}
+			
+			timer = new Timer();
+			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
+					metadataURL);
+			httpProvider.setParserPool(new BasicParserPool());
+			httpProvider.setRequireValidMetadata(true);
+			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+			//httpProvider.setRefreshDelayFactor(0.1F);
+			
+			//add Metadata filters
+			MetadataFilterChain filter = new MetadataFilterChain();
+			filter.addFilter(new MOAeIDASMetadataSignatureFilter(
+					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
+			httpProvider.setMetadataFilter(filter);
+			
+			httpProvider.initialize();
+			
+						
+			return httpProvider;
+						
+		} catch (Throwable e) {			
+			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+				Logger.warn("SSL-Server certificate for metadata " 
+						+ metadataURL + " not trusted.", e);
+				
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+				Logger.warn("Signature verification for metadata" 
+						+ metadataURL + " FAILED.", e);
+			
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+				Logger.warn("Schema validation for metadata " 
+						+ metadataURL + " FAILED.", e);								
+			}
+			
+			Logger.error(
+					"Failed to add Metadata file for "
+							+ metadataURL + "[ "
+							+ e.getMessage() + " ]", e);
+						
+			if (httpProvider != null) {
+				Logger.debug("Destroy failed Metadata provider");
+				httpProvider.destroy();
+			}
+			
+			if (timer != null) {
+				Logger.debug("Destroy Timer.");
+				timer.cancel();
+			}
+
+			
+		}
+		
+		return null;	
+	}
 	
 }
-- 
cgit v1.2.3


From 0157665fca46fc9a22d562a3438025a5934ec468 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:06:57 +0100
Subject: add parameters  to default config

---
 id/server/data/deploy/conf/moa-id/moa-id.properties                | 2 +-
 id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index aefc0801a..09568ce68 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -52,7 +52,7 @@ stork.documentservice.url=
 moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml
 moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml
 moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml
-
+moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata
 
 ##Protocol configuration##
 #PVP2
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 9d130971d..ce5a21d57 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -47,6 +47,10 @@
 					<cfg:Id>C-PEPS</cfg:Id>
 					<cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
+        <cfg:TrustProfile>
+					<cfg:Id>eIDAS_metadata</cfg:Id>
+					<cfg:TrustAnchorsLocation>trustProfiles/eIDAS_metadata</cfg:TrustAnchorsLocation>
+				</cfg:TrustProfile>
 			</cfg:PathValidation>
 			<cfg:RevocationChecking>
 				<cfg:EnableChecking>true</cfg:EnableChecking>
-- 
cgit v1.2.3


From 5eee67461938a372665b71c7ff9f6365450c01b5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:07:52 +0100
Subject: add test eIDAS-Node metadata certificate

---
 .../eIDAS_metadata/eIDAS_test_node.crt             | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt

diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt
new file mode 100644
index 000000000..14e5e5cb5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIFMTCCAxkCBFYbwMgwDQYJKoZIhvcNAQENBQAwXTELMAkGA1UEBhMCQkUxCzAJBgNVBAgMAkVV
+MREwDwYDVQQHDAhCcnVzc2VsczELMAkGA1UECgwCRUMxDjAMBgNVBAsMBURJR0lUMREwDwYDVQQD
+DAhtZXRhZGF0YTAeFw0xNTEwMTIxNDE2NDBaFw0xNjEwMTExNDE2NDBaMF0xCzAJBgNVBAYTAkJF
+MQswCQYDVQQIDAJFVTERMA8GA1UEBwwIQnJ1c3NlbHMxCzAJBgNVBAoMAkVDMQ4wDAYDVQQLDAVE
+SUdJVDERMA8GA1UEAwwIbWV0YWRhdGEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCN
+5mYsOKzSJ9ksT9dHtFOztF1M8GIMeBLm6chIvtKHwXVLzO53RKhcOwt0j847VL6m5PcAAp57SutC
+DeukA8p6UCUA905p+m7+dt7iEsUV3yje4M8dDFS/LwEF9GhFm3v471ZRYPDW769v14QkmnA9vxWB
+WAj4WcMRMats9choHJdnRa1xUnVjx8yMojoVaPwt1tkG/rRnPev2o0g+VI63XkYd1pLKAU5Pt+n7
+LevLPJsvgkKLQhEB7bvMG1tZ1P4fJ0n3FOHmfLHJ/yEWA+hHXorX5T3G8Fq6GsI5O/c1zkZ7QMSw
+WwzXDbq5qrfyzesdlTPfdsPnFIRddCgx8NuVwI+brlYDSdLGEm+byfM9W4WmfDN6SK1oGMSibuz7
+K49Xh0MFVKNyxT9hCz309UiV71RGnveZxdMGu4vdzP74Ll3G48IIgQ4ymFPMONYBesuorxDunSqs
+R2F1+Th7k7UXL1xblFRaEyqdHlvhVrJqDP6sM9k3lM75aN4L4QMOyKRAqar+Q7f7NoUcx8cvHfqD
+GLJUPcqn2msMa3mAXO5ihA2ERN41wmnmeJzsd/UiFkaqIvXUTZVwxUfQWn3D9uCg2lRAvOTHydkP
+Cfwj4BtL0P9L3eSZ9NM8IGlTmlyApp2bPlzO92BsE8RE7feOmSLZESDKosqkQzZo2CMr/7V9XQID
+AQABMA0GCSqGSIb3DQEBDQUAA4ICAQALfSi+sa90MbJkAeTIA/la1ibtRkPX6jIjHBvkeq8IYEZi
+XxjJvI4CuQY6WSPMoDY0w9iJvKIygCxRlVi77CtFzu/otOLrXb8ozInopykRMIH4TyVmKYf//CoE
+fkQ3vThaf1JLpKpLuhtqHwV03f7jwODaJBqvqdaBX3VHHMPDOeAWQTAd2abMoHgYRlUgB9TKcbJ1
+akWUyX7hnwZSCiKWbL4nrwsFJc0skFVkfjEQxlZUeRXj/bKgnb0BYUsPsFfxXKJIsIc8CmXGvxKz
+B5TSpYIR79WliT9Fo8T1dJ9a/wr+bOXeM/aSUxLechCl+uDuP8yI2iRz9LT++/16HOrRSUuefHpo
+7wJLJnALMABW21eMwS2XBInUBrBN9CVGAJUDF6GQWMbfxA8x0uh4oKoa/4stP5maaf/FBe52pNNv
+Tacb7P3xJc0mS7jatuAHH0UfXy3+3D3z+SJY4Vy2a1cj5U1nUuxxwIRwsoRtWph0BER4RlOz4lXS
+N8ZK9ahgmCsndm+eDvIJm706s7bd8m/X8Xc/lMK+eKhrK6uIIMmkwbdzbgsOS7Plj9IMGm0S4Kdb
+rnAKhkhAXUi4zbd55aTx1kDodpid/dYPiqxSauyYmCXKbyFCAfY76Zw9SuFBRJClx4h5Mxb/EEpq
+1WHM9IyZshufnuZ587WzqtGmJJubTA==
+-----END CERTIFICATE-----
\ No newline at end of file
-- 
cgit v1.2.3


From 1d65e35ef38e8a7405ec25def325080b7da2ab4d Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 16:47:05 +0100
Subject: moa learned how to receive eidas node requests

---
 .../auth/src/main/webapp/WEB-INF/urlrewrite.xml    |   4 +
 .../modules/eidas/utils/EidasMetaDataServlet.java  |   9 +-
 .../id/protocols/eidas/AuthenticationRequest.java  |  62 ++++++++++
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 135 +++++++++++++++++++++
 .../at.gv.egovernment.moa.id.moduls.IModulInfo     |   1 +
 5 files changed, 208 insertions(+), 3 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo

diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 8f01ca22b..c3cf396b3 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -93,6 +93,10 @@
         <from>^/stork2/RetrieveMandate$</from>
         <to type="forward">/dispatcher?mod=id_stork2&amp;action=MandateRetrievalRequest&amp;%{query-string}</to>
     </rule>
+    <rule match-type="regex">
+        <from>^/eidas/ColleagueRequest$</from>
+        <to type="forward">/dispatcher?mod=eidas&amp;action=AuthenticationRequest&amp;%{query-string}</to>
+    </rule>
 
 
     <rule match-type="regex">
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index c8df9ca97..6a573d0f2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -57,7 +57,7 @@ public class EidasMetaDataServlet extends HttpServlet {
 
             logger.debug(metaData);
 
-            response.setContentType("text/html");
+            response.setContentType("text/xml");
             response.getWriter().print(metaData);
             response.flushBuffer();
         } catch (Exception e) {
@@ -82,11 +82,14 @@ public class EidasMetaDataServlet extends HttpServlet {
         generator.setConfigParams(mcp);
         generator.initialize(engine);
         mcp.setEntityID(metadata_url);
-        mcp.setAssertionConsumerUrl(metadata);
+
         generator.addSPRole();
-        generator.addIDPRole();
         String returnUrl = sp_return_url;
         mcp.setAssertionConsumerUrl(returnUrl);
+
+        generator.addIDPRole();
+        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+
         metadata = generator.generateMetadata();
         return metadata;
     }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
new file mode 100644
index 000000000..6a13cba60
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -0,0 +1,62 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
+ * @author bsuzic
+ */
+
+public class AuthenticationRequest implements IAction {
+
+	@Override
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getDefaultActionName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
new file mode 100644
index 000000000..01052c698
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -0,0 +1,135 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.stork.peps.auth.commons.*;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import java.util.HashMap;
+
+/**
+ * Stork 2 Protocol Support
+ *
+ * @author bsuzic
+ */
+public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
+
+    public static final String NAME = EIDASProtocol.class.getName();
+    public static final String PATH = "eidas";
+
+    public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
+
+    private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+    static {
+        actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
+    }
+
+    public String getName() {
+        return NAME;
+    }
+
+    public String getPath() {
+        return PATH;
+    }
+
+    public IAction getAction(String action) {
+        return actions.get(action);
+    }
+
+    public EIDASProtocol() {
+        super();
+    }
+
+    /*
+        First request step - send it to BKU selection for user authentication. After the user credentials
+        and other info are obtained, in the second step the request will be processed and the user redirected
+         */
+    public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
+			String sessionId, String transactionId) throws MOAIDException {
+    	
+        Logger.info("received an eIDaS request");
+			
+		//get SAML Response and decode it
+		String base64SamlToken = request.getParameter("SAMLRequest");
+		if (MiscUtil.isEmpty(base64SamlToken)) {
+			Logger.warn("No eIDAS SAMLRequest found in http request.");
+			throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
+			
+		}						
+		byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);	
+        
+		try {
+		//get eIDAS SAML-engine
+		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+		
+		//validate SAML token
+		EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+
+		
+		} catch(Exception e) {
+			
+		}
+		
+		return null;
+    }
+
+    public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+        return null;
+    }
+
+    public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
+        return false;
+    }
+
+    public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+        return false;
+    }
+}
+
+
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo
new file mode 100644
index 000000000..31d15951c
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol
\ No newline at end of file
-- 
cgit v1.2.3


From 587d9f326ce905f9b60fda37af747df5dfcb33ec Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 16:54:50 +0100
Subject: change MOA eIDAS metadata provider to a cached version as chaining
 metadata provider

---
 .../engine/MOAeIDASChainingMetadataProvider.java   | 290 +++++++++++++++++++++
 .../engine/MOAeIDASMetadataProviderDecorator.java  | 120 +++++++++
 .../engine/MOAeIDASSimpleMetadataProvider.java     | 196 --------------
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |   8 +-
 4 files changed, 415 insertions(+), 199 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
 delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
new file mode 100644
index 000000000..4d6cd62fa
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -0,0 +1,290 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+
+import javax.net.ssl.SSLHandshakeException;
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.engine.AbstractSAMLEngine;
+
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider {
+
+	private static MOAeIDASChainingMetadataProvider instance = null;
+	private static Object mutex = new Object();
+	
+	private MetadataProvider internalProvider;
+	
+	
+	public static MOAeIDASChainingMetadataProvider getInstance() {
+		if (instance == null) {
+			synchronized (mutex) {
+				if (instance == null) {
+					instance = new MOAeIDASChainingMetadataProvider();
+				}
+			}
+		}
+		return instance;
+	}
+	
+	
+	private MOAeIDASChainingMetadataProvider() {
+		internalProvider = new ChainingMetadataProvider();
+		
+	}
+	    
+	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
+		HTTPMetadataProvider httpProvider = null;
+		Timer timer= null;
+		MOAHttpClient httpClient = null;
+		try {
+			AuthConfiguration authConfig = AuthConfigurationProviderFactory.getInstance();
+			
+			httpClient = new MOAHttpClient();
+			
+			HttpClientParams httpClientParams = new HttpClientParams();
+			httpClientParams.setSoTimeout(Constants.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+			httpClient.setParams(httpClientParams);
+			
+			if (metadataURL.startsWith("https:")) {
+				try {
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							authConfig.getCertstoreDirectory(), 
+							authConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							authConfig.isTrustmanagerrevoationchecking());
+					
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+				} catch (MOAHttpProtocolSocketFactoryException e) {
+					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+					
+				}
+			}
+			
+			timer = new Timer();
+			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
+					metadataURL);
+			httpProvider.setParserPool(AbstractSAMLEngine.getNewBasicSecuredParserPool());
+			httpProvider.setRequireValidMetadata(true);
+			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+			//httpProvider.setRefreshDelayFactor(0.1F);
+			
+			//add Metadata filters
+			MetadataFilterChain filter = new MetadataFilterChain();
+			filter.addFilter(new MOAeIDASMetadataSignatureFilter(
+					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
+			httpProvider.setMetadataFilter(filter);
+			
+			httpProvider.initialize();
+									
+			return httpProvider;
+						
+		} catch (Throwable e) {			
+			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+				Logger.warn("SSL-Server certificate for metadata " 
+						+ metadataURL + " not trusted.", e);
+				
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+				Logger.warn("Signature verification for metadata" 
+						+ metadataURL + " FAILED.", e);
+			
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+				Logger.warn("Schema validation for metadata " 
+						+ metadataURL + " FAILED.", e);								
+			}
+			
+			Logger.error(
+					"Failed to add Metadata file for "
+							+ metadataURL + "[ "
+							+ e.getMessage() + " ]", e);
+						
+			if (httpProvider != null) {
+				Logger.debug("Destroy failed Metadata provider");
+				httpProvider.destroy();
+			}
+			
+			if (timer != null) {
+				Logger.debug("Destroy Timer.");
+				timer.cancel();
+			}
+
+			
+		}
+		
+		return null;	
+	}
+
+	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+		
+		//make a Map of all actually loaded HTTPMetadataProvider
+		List<MetadataProvider> providers = chainProvider.getProviders();
+		for (MetadataProvider provider : providers) {
+			if (provider instanceof HTTPMetadataProvider) {
+				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+			}
+		}
+		
+		return loadedproviders;		
+	}
+	
+	public boolean refreshMetadataProvider(String metadataURL) {
+		try {
+			if (MiscUtil.isNotEmpty(metadataURL)) {
+				Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
+
+				// check if MetadataProvider is actually loaded
+				if (actuallyLoadedProviders.containsKey(metadataURL)) {
+					actuallyLoadedProviders.get(metadataURL).refresh();						
+					Logger.info("eIDAS metadata for " 
+							+ metadataURL + " is refreshed.");
+					return true;
+					
+				} else {
+					//load new Metadata Provider				
+					ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
+					HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);					
+					chainProvider.addMetadataProvider(newMetadataProvider);
+					
+					emitChangeEvent();
+					Logger.info("eIDAS metadata for " 
+							+ metadataURL + " is added.");
+					return true;
+										
+				}
+														
+			} else
+				Logger.debug("Can not refresh eIDAS metadata: NO eIDAS metadata URL.");
+																								
+		} catch (MetadataProviderException e) {
+			Logger.warn("Refresh eIDAS metadata for " 
+					+ metadataURL + " FAILED.", e);
+			
+		}
+		
+		return false;
+		
+	}
+	
+
+	public boolean requireValidMetadata() {
+		return internalProvider.requireValidMetadata();
+	}
+
+	public void setRequireValidMetadata(boolean requireValidMetadata) {
+		internalProvider.setRequireValidMetadata(requireValidMetadata);
+	}
+
+	public MetadataFilter getMetadataFilter() {
+		return internalProvider.getMetadataFilter();
+	}
+
+	public void setMetadataFilter(MetadataFilter newFilter)
+			throws MetadataProviderException {
+		internalProvider.setMetadataFilter(newFilter);
+	}
+
+	public XMLObject getMetadata() throws MetadataProviderException {
+		return internalProvider.getMetadata();
+	}
+
+	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
+			throws MetadataProviderException {
+		Logger.warn("eIDAS metadata not support 'EntitiesDescriptor' elements!");		
+		return null;
+		
+	}
+
+	public EntityDescriptor getEntityDescriptor(String entityID)
+			throws MetadataProviderException {
+		EntityDescriptor entityDesc = null;
+		try {
+			entityDesc = internalProvider.getEntityDescriptor(entityID);
+			if (entityDesc == null) {
+				Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
+						+ " Start refreshing process ...");
+				if (refreshMetadataProvider(entityID))
+					return internalProvider.getEntityDescriptor(entityID);
+									
+			} else {
+				if (!entityDesc.isValid())
+					if (refreshMetadataProvider(entityID))
+						return internalProvider.getEntityDescriptor(entityID);
+									
+			}
+			
+			
+		} catch (MetadataProviderException e) {
+			Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
+					+ " Start refreshing process ...");
+			if (refreshMetadataProvider(entityID))
+				return internalProvider.getEntityDescriptor(entityID);
+			
+		}
+		
+		return entityDesc;
+	}
+
+	public List<RoleDescriptor> getRole(String entityID, QName roleName)
+			throws MetadataProviderException {
+		return internalProvider.getRole(entityID, roleName);
+	}
+
+	public RoleDescriptor getRole(String entityID, QName roleName,
+			String supportedProtocol) throws MetadataProviderException {
+		return internalProvider.getRole(entityID, roleName, supportedProtocol);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+	 */
+	@Override
+	public List<Observer> getObservers() {
+		return ((ChainingMetadataProvider) internalProvider).getObservers();
+	}
+
+	protected void emitChangeEvent() {
+		if ((getObservers() == null) || (getObservers().size() == 0)) {
+			return;
+		}
+
+		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
+		for (ObservableMetadataProvider.Observer observer : tempObserverList)
+			if (observer != null)
+				observer.onEvent(this);
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
new file mode 100644
index 000000000..e3ae5c046
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.security.KeyStore;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataProcessorI;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
+
+	private MetadataProvider metadataprovider = null;
+	
+	/**
+	 * 
+	 */
+	public MOAeIDASMetadataProviderDecorator(MetadataProvider metadataprovider) {
+		this.metadataprovider = metadataprovider;
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntityDescriptor getEntityDescriptor(String url)
+			throws SAMLEngineException {		
+		try {
+			return this.metadataprovider.getEntityDescriptor(url);
+			
+		} catch (MetadataProviderException e) {
+			throw new SAMLEngineException("eIDAS Metadata processing FAILED.", e);
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
+	 */
+	@Override
+	public SPSSODescriptor getSPSSODescriptor(String url)
+			throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
+	 */
+	@Override
+	public IDPSSODescriptor getIDPSSODescriptor(String url)
+			throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, KeyStore trustStore)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+    protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
+        for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
+            if(clazz.isInstance(rd)){
+                return (T)rd;
+            }
+        }
+        return null;
+    }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
deleted file mode 100644
index a8099f42e..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
+++ /dev/null
@@ -1,196 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
-
-import java.security.KeyStore;
-import java.util.Timer;
-
-import javax.net.ssl.SSLHandshakeException;
-
-import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.commons.httpclient.params.HttpClientParams;
-import org.apache.commons.lang.StringUtils;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.parse.BasicParserPool;
-
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataProcessorI;
-import eu.eidas.engine.exceptions.SAMLEngineException;
-
-public class MOAeIDASSimpleMetadataProvider implements MetadataProcessorI {
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
-	 */
-	@Override
-	public EntityDescriptor getEntityDescriptor(String url)
-			throws SAMLEngineException {
-		EntityDescriptor entityDescriptor=null;
-        try {
-        	if (StringUtils.isNotEmpty(url)) {        	
-        		HTTPMetadataProvider provider = createNewHTTPMetaDataProvider(url);            
-                entityDescriptor = provider.getEntityDescriptor(url);
-                
-            } else {
-                throw new MetadataProviderException("the metadata url parameter is null or empty");
-                
-            }
-        } catch (MetadataProviderException mpe) {
-            Logger.error("error getting a metadataprovider {}", mpe);
-            
-        }
-        return entityDescriptor;
-        
-	}
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
-	 */
-	@Override
-	public SPSSODescriptor getSPSSODescriptor(String url)
-			throws SAMLEngineException {
-		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
-	 */
-	@Override
-	public IDPSSODescriptor getIDPSSODescriptor(String url)
-			throws SAMLEngineException {
-		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
-	 */
-	@Override
-	public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
-			throws SAMLEngineException {
-		//Do nothing, because metadata signature is already validated during 
-		//metadata provider initialization 
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
-	 */
-	@Override
-	public void checkValidMetadataSignature(String url, KeyStore trustStore)
-			throws SAMLEngineException {
-		//Do nothing, because metadata signature is already validated during 
-		//metadata provider initialization 
-		
-	}
-
-    protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
-        for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
-            if(clazz.isInstance(rd)){
-                return (T)rd;
-            }
-        }
-        return null;
-    }
-    
-	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
-		HTTPMetadataProvider httpProvider = null;
-		Timer timer= null;
-		MOAHttpClient httpClient = null;
-		try {
-			AuthConfiguration authConfig = AuthConfigurationProviderFactory.getInstance();
-			
-			httpClient = new MOAHttpClient();
-			
-			HttpClientParams httpClientParams = new HttpClientParams();
-			httpClientParams.setSoTimeout(Constants.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
-			httpClient.setParams(httpClientParams);
-			
-			if (metadataURL.startsWith("https:")) {
-				try {
-					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
-							authConfig.getCertstoreDirectory(), 
-							authConfig.getTrustedCACertificates(),
-							null,
-							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
-							authConfig.isTrustmanagerrevoationchecking());
-					
-					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
-
-				} catch (MOAHttpProtocolSocketFactoryException e) {
-					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-					
-				}
-			}
-			
-			timer = new Timer();
-			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
-					metadataURL);
-			httpProvider.setParserPool(new BasicParserPool());
-			httpProvider.setRequireValidMetadata(true);
-			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			//add Metadata filters
-			MetadataFilterChain filter = new MetadataFilterChain();
-			filter.addFilter(new MOAeIDASMetadataSignatureFilter(
-					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
-			httpProvider.setMetadataFilter(filter);
-			
-			httpProvider.initialize();
-			
-						
-			return httpProvider;
-						
-		} catch (Throwable e) {			
-			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
-				Logger.warn("SSL-Server certificate for metadata " 
-						+ metadataURL + " not trusted.", e);
-				
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
-				Logger.warn("Signature verification for metadata" 
-						+ metadataURL + " FAILED.", e);
-			
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
-				Logger.warn("Schema validation for metadata " 
-						+ metadataURL + " FAILED.", e);								
-			}
-			
-			Logger.error(
-					"Failed to add Metadata file for "
-							+ metadataURL + "[ "
-							+ e.getMessage() + " ]", e);
-						
-			if (httpProvider != null) {
-				Logger.debug("Destroy failed Metadata provider");
-				httpProvider.destroy();
-			}
-			
-			if (timer != null) {
-				Logger.debug("Destroy Timer.");
-				timer.cancel();
-			}
-
-			
-		}
-		
-		return null;	
-	}
-	
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 2c2435ff6..548d05da6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -24,7 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASSimpleMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
@@ -48,8 +49,9 @@ public class SAMLEngineUtils {
 						configManager);
 
 			//set Metadata managment to eIDAS SAMLengine
-			//TODO: implement final Metadata processor (this is only a first solution!!!)
-			engine.setMetadataProcessor(new MOAeIDASSimpleMetadataProvider());
+			engine.setMetadataProcessor(
+					new MOAeIDASMetadataProviderDecorator(
+							MOAeIDASChainingMetadataProvider.getInstance()));
 			
 			return engine;
 			
-- 
cgit v1.2.3


From be6c425ea5a82ecc3d57ae365ea2c49866d29705 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 14 Jan 2016 08:58:44 +0100
Subject: temporary problem fix for default security definitions (PVP / eIDAS
 SAML-engine)

---
 ...s-with-OracleDB-and-configuration-storage.patch | 1158 ++++++++++++++++++++
 ...ult-filename-in-configuration-download-di.patch |   25 +
 0003-update-handbook-and-release-information.patch |  752 +++++++++++++
 .../ts_119612v010201_additionaltypes_xsd.xsd       |   35 +
 .../resources/schemas/ts_119612v010201_sie_xsd.xsd |   81 ++
 .../resources/schemas/ts_119612v010201_xsd.xsd     |  337 ++++++
 .../opemsaml/MOAStringRedirectDeflateEncoder.java  |    4 +
 .../id/protocols/pvp2x/binding/PostBinding.java    |    8 +
 .../protocols/pvp2x/binding/RedirectBinding.java   |    8 +
 .../id/protocols/pvp2x/binding/SoapBinding.java    |    5 +
 .../pvp2x/config/MOADefaultBootstrap.java          |    5 +-
 .../iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar  |  Bin 0 -> 232486 bytes
 .../iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom  |    8 +
 13 files changed, 2425 insertions(+), 1 deletion(-)
 create mode 100644 0001-fix-problems-with-OracleDB-and-configuration-storage.patch
 create mode 100644 0002-change-default-filename-in-configuration-download-di.patch
 create mode 100644 0003-update-handbook-and-release-information.patch
 create mode 100644 common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd
 create mode 100644 common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd
 create mode 100644 common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd
 create mode 100644 repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar
 create mode 100644 repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom

diff --git a/0001-fix-problems-with-OracleDB-and-configuration-storage.patch b/0001-fix-problems-with-OracleDB-and-configuration-storage.patch
new file mode 100644
index 000000000..c03696599
--- /dev/null
+++ b/0001-fix-problems-with-OracleDB-and-configuration-storage.patch
@@ -0,0 +1,1158 @@
+From fa3f73a46151d06c4f80eb0c43d3eda6c23c3709 Mon Sep 17 00:00:00 2001
+From: Thomas Lenz <tlenz@iaik.tugraz.at>
+Date: Tue, 15 Sep 2015 12:55:30 +0200
+Subject: [PATCH 1/3] fix problems with OracleDB and configuration storage
+ implementation
+
+---
+ .../config/ConfigurationProvider.java              |   7 +
+ .../validation/oa/OAPVP2ConfigValidation.java      |   6 +-
+ .../moa-id-configtool.properties                   |   1 +
+ .../data/deploy/conf/moa-id/moa-id.properties      |   1 +
+ .../PropertyBasedAuthConfigurationProvider.java    |  12 +-
+ .../id/storage/AuthenticationSessionStoreage.java  | 569 ++++++++++++---------
+ .../main/resources/moaid.configuration.beans.xml   |   2 +-
+ .../config/persistence/MOAIDConfiguration.java     |  12 +
+ .../config/persistence/MOAIDConfigurationImpl.java | 110 ++--
+ .../moa/id/commons/db/MOASessionDBUtils.java       |  10 +-
+ .../moa/id/commons/db/NewConfigurationDBRead.java  |   7 +-
+ .../db/dao/config/DatabaseConfigPropertyImpl.java  |  35 +-
+ .../src/main/resources/moaid.migration.beans.xml   |   2 +-
+ 13 files changed, 494 insertions(+), 280 deletions(-)
+
+diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+index 849e819..e2a55db 100644
+--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
++++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+@@ -188,6 +188,13 @@ public class ConfigurationProvider {
+ 	
+ 	
+ 	/**
++	 * @return the props
++	 */
++	public Properties getConfigurationProperties() {
++		return props;
++	}
++
++	/**
+ 	 * @return the deprecatedDBWrite
+ 	 */
+ 	public FileBasedUserConfiguration getUserManagement() {
+diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+index 18452ed..35b6927 100644
+--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
++++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+@@ -76,7 +76,11 @@ public class OAPVP2ConfigValidation {
+ 			
+ 			else {
+ 				try {
+-					Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID);
++					//OracleDB does not allow the selection of a lob in SQL where expression  
++					String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class");
++					boolean backupVersion = MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc.");
++
++					Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion);
+ 					if (oa != null && 
+ 							MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) {
+ 						certSerialized = Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false);
+diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+index 9a3b367..825a9f1 100644
+--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
++++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+@@ -35,6 +35,7 @@ dbcp.maxWaitMillis=-1
+ dbcp.testOnBorrow=true
+ dbcp.testOnReturn=false
+ dbcp.testWhileIdle=false
++dbcp.validationQuery=SELECT 1
+ 
+ ##Mail
+ general.mail.host=smtp.localhost...
+diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
+index 66f9afa..49e69c5 100644
+--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
++++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
+@@ -107,6 +107,7 @@ configuration.dbcp.maxWaitMillis=-1
+ configuration.dbcp.testOnBorrow=true
+ configuration.dbcp.testOnReturn=false
+ configuration.dbcp.testWhileIdle=false
++configuration.dbcp.validationQuery=SELECT 1
+ 
+ #
+ #Hibnerate configuration for MOA-ID 2.0 advanced statistic logging
+diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+index 190c5f0..6458314 100644
+--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
++++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+@@ -980,9 +980,17 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
+ 	 * @return the requested online application or {@code null}
+ 	 */
+ 	public Map<String, String> getActiveOnlineApplication(String id) {
+-		Logger.trace("Get active OnlineApplication with ID " + id + " from database.");		
++		Logger.trace("Get active OnlineApplication with ID " + id + " from database.");
++		Map<String, String> oaConfig = null;
+ 		try {
+-			Map<String, String> oaConfig = configuration.getOnlineApplication(id);
++			//OracleDB does not allow the selection of a lob in SQL where expression  
++			String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class");
++			if (MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc."))
++				oaConfig = configuration.getOnlineApplicationBackupVersion(id);
++			
++			else
++				oaConfig = configuration.getOnlineApplication(id);
++									
+ 			if (oaConfig != null) {
+ 				String isActiveString = oaConfig.get(MOAIDConfigurationConstants.SERVICE_ISACTIVE);
+ 				if (isActiveString != null && Boolean.valueOf(isActiveString))
+diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+index 4b4b5dd..829383c 100644
+--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
++++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+@@ -206,26 +206,34 @@ public class AuthenticationSessionStoreage {
+ 		Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List<AuthenticatedSessionStore> result;
+-		  
+-		  synchronized (session) {
+-			  
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getSessionWithID");
+-			  query.setParameter("sessionid", moaSessionID);
+-			  result = query.list();
+-
+-		  
+-			  Logger.trace("Found entries: " + result.size());
++		  Transaction tx = null;
++		  try {
++			  synchronized (session) {
++				  
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getSessionWithID");
++				  query.setParameter("sessionid", moaSessionID);
++				  result = query.list();
++	
+ 			  
+-			  //Assertion requires an unique artifact
+-			  if (result.size() != 1) {
+-				 Logger.trace("No entries found.");
+-			   	throw new MOADatabaseException("No session found with this sessionID");
++				  Logger.trace("Found entries: " + result.size());
++				  
++				  //Assertion requires an unique artifact
++				  if (result.size() != 1) {
++					 Logger.trace("No entries found.");
++				   	throw new MOADatabaseException("No session found with this sessionID");
++				  }
++				  
++				 AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);			 
++				 tx.commit();
++				 cleanDelete(dbsession);			
+ 			  }
+ 			  
+-			 AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);			 
+-			 session.getTransaction().commit();			  
+-			 cleanDelete(dbsession);			
++		  } catch (Exception e) {
++			  if (tx != null && !tx.wasCommitted())
++				  tx.rollback();
++			  throw e;
++			  
+ 		  }
+ 				
+ 	}
+@@ -290,28 +298,36 @@ public class AuthenticationSessionStoreage {
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List<AuthenticatedSessionStore> result;
+-		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getSessionWithSSOID");
+-			  query.setParameter("sessionid", SSOSessionID);
+-			  result = query.list();
++		  Transaction tx = null;
++		  try {		  
++			  synchronized (session) {
++
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getSessionWithSSOID");
++				  query.setParameter("sessionid", SSOSessionID);
++				  result = query.list();
+ 			  
+-			  //send transaction
+-			  session.getTransaction().commit();
+-		  }
++				  //send transaction
++				  tx.commit();
++				  
++			  }
+ 		  
+-		  Logger.trace("Found entries: " + result.size());
++			  Logger.trace("Found entries: " + result.size());
+ 		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() != 1) {
+-			 Logger.trace("No entries found.");
+-			 return null;
++			  //Assertion requires an unique artifact
++			  if (result.size() != 1) {
++				  Logger.trace("No entries found.");
++				  return null;
+ 					 
+-		  } else {
+-			  return result.get(0).getSessionid();
++			  } else {
++				  return result.get(0).getSessionid();
+ 			 
+-		  }		  
++			  }
++		  } catch (Exception e) {
++			  if (tx != null && !tx.wasCommitted())
++				  tx.rollback();
++			  throw e;
++		  }
+ 	}
+ 	
+ 	public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+@@ -331,27 +347,33 @@ public class AuthenticationSessionStoreage {
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List<AuthenticatedSessionStore> result;
+-		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getSessionWithSSOID");
+-			  query.setParameter("sessionid", SSOId);
+-			  result = query.list();
++		  Transaction tx = null;
++		  try {	
++			  synchronized (session) {
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getSessionWithSSOID");
++				  query.setParameter("sessionid", SSOId);
++				  result = query.list();
++				  
++				  //send transaction
++				  tx.commit();
++			  }
++			  
++			  Logger.trace("Found entries: " + result.size());
+ 			  
+-			  //send transaction
+-			  session.getTransaction().commit();
++			  //Assertion requires an unique artifact
++			  if (result.size() != 1) {
++				 Logger.trace("No entries found.");
++				 return null;
++						 
++			  } else {
++				  return result.get(0);
++			  }
++		  } catch (Exception e) {
++			  if (tx != null && !tx.wasCommitted())
++				  tx.rollback();
++			  throw e;
+ 		  }
+-		  
+-		  Logger.trace("Found entries: " + result.size());
+-		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() != 1) {
+-			 Logger.trace("No entries found.");
+-			 return null;
+-					 
+-		  } else {
+-			  return result.get(0);
+-		  }		
+ 	}
+ 	
+ 	public static void addSSOInformation(String moaSessionID, String SSOSessionID, 
+@@ -453,13 +475,15 @@ public class AuthenticationSessionStoreage {
+ 			
+ 		} catch(HibernateException e) {
+ 	  		Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+-	  		 tx.rollback();
+-	  		 throw new AuthenticationException("SSO Session information can not be stored!  --> SSO is deactivated", null);	
+-	  	 }
++	  		if (tx != null && !tx.wasCommitted())
++	  			tx.rollback();
++	  		throw new AuthenticationException("SSO Session information can not be stored!  --> SSO is deactivated", null);	
++	  	}
+ 	}
+ 
+ 	public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ 		MiscUtil.assertNotNull(moaSession, "MOASession");
++		Session session = null;
+ 		
+ 		try {
+ 			List<OASessionStore> oas = new ArrayList<OASessionStore>();
+@@ -467,7 +491,7 @@ public class AuthenticationSessionStoreage {
+ 			AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false);
+ 			oas.addAll(dbsession.getActiveOAsessions());
+ 			
+-			Session session = MOASessionDBUtils.getCurrentSession();
++			session = MOASessionDBUtils.getCurrentSession();
+ 			session.getTransaction().commit();
+ 			
+ 			return oas;
+@@ -475,6 +499,14 @@ public class AuthenticationSessionStoreage {
+ 		} catch (MOADatabaseException e) {
+ 			Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
+ 			
++		} catch (Exception e) {
++			if (session != null && session.getTransaction() != null 
++					&& !session.getTransaction().wasCommitted()) {
++				session.getTransaction().rollback();
++				throw e;
++				
++			}
++			
+ 		}
+ 				
+ 		return null;
+@@ -482,13 +514,13 @@ public class AuthenticationSessionStoreage {
+ 	
+ 	public static List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
+ 		MiscUtil.assertNotNull(moaSession, "MOASession");
+-		
++		Session session = null;
+ 		try {
+ 			List<InterfederationSessionStore> idps = new ArrayList<InterfederationSessionStore>();			
+ 			AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false);
+ 			idps.addAll(dbsession.getInderfederation());
+ 			
+-			Session session = MOASessionDBUtils.getCurrentSession();
++			session = MOASessionDBUtils.getCurrentSession();
+ 			session.getTransaction().commit();
+ 			
+ 			return idps;
+@@ -496,6 +528,14 @@ public class AuthenticationSessionStoreage {
+ 		} catch (MOADatabaseException e) {
+ 			Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
+ 			
++		} catch (Exception e) {
++			if (session != null && session.getTransaction() != null 
++					&& !session.getTransaction().wasCommitted()) {
++				session.getTransaction().rollback();
++				throw e;
++				
++			}
++			
+ 		}
+ 				
+ 		return null;
+@@ -507,35 +547,42 @@ public class AuthenticationSessionStoreage {
+ 		  Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " 
+ 				  + oaID + " from database.");
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+-
+-		  List<AuthenticatedSessionStore> result;
++		  Transaction tx = null;
+ 		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
+-			  query.setParameter("oaID", oaID);
+-			  query.setParameter("nameID", userNameID);
+-			  result = query.list();
++		  List<AuthenticatedSessionStore> result = null;;
++		  try {  
++			  synchronized (session) {
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
++				  query.setParameter("oaID", oaID);
++				  query.setParameter("nameID", userNameID);
++				  result = query.list();
++				  
++				  //send transaction
++				  tx.commit();
++			  }
+ 			  
+-			  //send transaction
+-			  session.getTransaction().commit();
+-		  }
+-		  
+-		  Logger.trace("Found entries: " + result.size());
+-		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() != 1) {
+-			 Logger.trace("No unique entry found.");
+-		   	 return null;
+-		   	
+-		  }
+-		try {  		  
+-			return  decryptSession(result.get(0));
++			  Logger.trace("Found entries: " + result.size());
++			  
++			  //Assertion requires an unique artifact
++			  if (result.size() != 1) {
++				 Logger.trace("No unique entry found.");
++			   	 return null;
++			   	
++			  }
++			  		  
++			  return  decryptSession(result.get(0));
+ 			
+ 		} catch (BuildException e) {
+-			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
++			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);			
+ 			return null;
++			
++		} catch (Exception e) {
++			if (tx != null && !tx.wasCommitted())
++				tx.rollback();
++			throw e;
+ 		}
++		
+ 	}
+ 	
+ 	public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+@@ -547,29 +594,36 @@ public class AuthenticationSessionStoreage {
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List<AuthenticatedSessionStore> result;
+-		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
+-			  query.setParameter("sessionID", moaSession.getSessionID());
+-			  query.setParameter("oaID", oaID);
+-			  query.setParameter("protocol", protocolType);
+-			  result = query.list();
++		  Transaction tx = null;
++		  try {
++			  synchronized (session) {
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
++				  query.setParameter("sessionID", moaSession.getSessionID());
++				  query.setParameter("oaID", oaID);
++				  query.setParameter("protocol", protocolType);
++				  result = query.list();
++				  
++				  //send transaction
++				  tx.commit();
++			  }
+ 			  
+-			  //send transaction
+-			  session.getTransaction().commit();
+-		  }
+-		  
+-		  Logger.trace("Found entries: " + result.size());
+-		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() == 0) {
+-			 Logger.trace("No entries found.");
+-		   	 return null;
+-		   	
+-		  }
+-		  
+-		  return  result.get(0).getActiveOAsessions().get(0);
++			  Logger.trace("Found entries: " + result.size());
++			  
++			  //Assertion requires an unique artifact
++			  if (result.size() == 0) {
++				 Logger.trace("No entries found.");
++			   	 return null;
++			   	
++			  }
++			  
++			  return  result.get(0).getActiveOAsessions().get(0);
++			  
++		  } catch (Exception e) {
++				if (tx != null && !tx.wasCommitted())
++					tx.rollback();
++				throw e;
++			}
+ 	}
+ 	
+ 	public static String getPendingRequestID(String sessionID) {
+@@ -584,6 +638,7 @@ public class AuthenticationSessionStoreage {
+ 	}
+ 	
+ 	public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
++		Transaction tx = null;
+ 		try {
+ 			  MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");	  
+ 			  Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
+@@ -592,13 +647,13 @@ public class AuthenticationSessionStoreage {
+ 			  List<AuthenticatedSessionStore> result;
+ 			  
+ 			  synchronized (session) {
+-				  session.beginTransaction();
++				  tx  = session.beginTransaction();
+ 				  Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ 				  query.setParameter("sessionid", pedingRequestID);
+ 				  result = query.list();
+ 				  
+ 				  //send transaction
+-				  session.getTransaction().commit();
++				  tx.commit();
+ 			  }
+ 			  
+ 			  Logger.trace("Found entries: " + result.size());
+@@ -613,8 +668,13 @@ public class AuthenticationSessionStoreage {
+ 			  								
+ 		} catch (Throwable e) {
+ 			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
++			
++			if (tx != null && !tx.wasCommitted())
++				tx.rollback();
++			
+ 			return null;
+-		}
++			
++		} 
+ 	}
+ 	
+ 	public static boolean deleteSessionWithPendingRequestID(String id) {
+@@ -623,34 +683,39 @@ public class AuthenticationSessionStoreage {
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List<AuthenticatedSessionStore> result;
+-		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+-			  query.setParameter("sessionid", id);
+-			  result = query.list();
++		  Transaction tx = null;
++		  try {
++			  synchronized (session) {
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getSessionWithPendingRequestID");
++				  query.setParameter("sessionid", id);
++				  result = query.list();
++				  
++				  //send transaction
++				  tx.commit();
++			  }
+ 			  
+-			  //send transaction
+-			  session.getTransaction().commit();
+-		  }
+-		  
+-		  Logger.trace("Found entries: " + result.size());
+-		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() != 1) {
+-			 Logger.trace("No entries found.");
+-			 return false;
+-					 
+-		  } else {
+-			  cleanDelete(result.get(0));
+-			  return true;
+-		  }
+-		
+-		
++			  Logger.trace("Found entries: " + result.size());
++			  
++			  //Assertion requires an unique artifact
++			  if (result.size() != 1) {
++				 Logger.trace("No entries found.");
++				 return false;
++						 
++			  } else {
++				  cleanDelete(result.get(0));
++				  return true;
++			  }
++		  } catch (Exception e) {
++				if (tx != null && !tx.wasCommitted())
++					tx.rollback();
++				throw e;
++		  }		
+ 	}
+ 			
+ 	public static AuthenticationSession getSessionWithUserNameID(String nameID) {
+ 		
++		Transaction tx = null;
+ 		try {
+ 			  MiscUtil.assertNotNull(nameID, "nameID");	  
+ 			  Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
+@@ -659,13 +724,13 @@ public class AuthenticationSessionStoreage {
+ 			  List<AuthenticatedSessionStore> result;
+ 			  
+ 			  synchronized (session) {
+-				  session.beginTransaction();
++				  tx  = session.beginTransaction();
+ 				  Query query = session.getNamedQuery("getMOAISessionWithUserNameID");
+ 				  query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
+ 				  result = query.list();
+ 				  
+ 				  //send transaction
+-				  session.getTransaction().commit();
++				  tx.commit();
+ 			  }
+ 			  
+ 			  Logger.trace("Found entries: " + result.size());
+@@ -679,7 +744,9 @@ public class AuthenticationSessionStoreage {
+ 			  return decryptSession(result.get(0));
+ 											
+ 		} catch (Throwable e) {
+-			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
++			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);			
++			if (tx != null && !tx.wasCommitted())
++				tx.rollback();
+ 			return null;
+ 		}
+ 		
+@@ -691,27 +758,33 @@ public class AuthenticationSessionStoreage {
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List<AuthenticatedSessionStore> result;
+-		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
+-			  query.setParameter("sessionID", sessionID);
+-			  result = query.list();
++		  Transaction tx = null;
++		  try {
++			  synchronized (session) {
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
++				  query.setParameter("sessionID", sessionID);
++				  result = query.list();
++				  
++				  //send transaction
++				  tx.commit();
++			  }
+ 			  
+-			  //send transaction
+-			  session.getTransaction().commit();
+-		  }
+-		  
+-		  Logger.trace("Found entries: " + result.size());
+-		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() == 0) {
+-			 Logger.trace("No entries found.");
+-		   	return null;
+-		   	
+-		  }
+-		  
+-		  return result.get(0).getInderfederation().get(0);
++			  Logger.trace("Found entries: " + result.size());
++			  
++			  //Assertion requires an unique artifact
++			  if (result.size() == 0) {
++				 Logger.trace("No entries found.");
++			   	return null;
++			   	
++			  }
++			  
++			  return result.get(0).getInderfederation().get(0);
++		} catch (Exception e) {
++			if (tx != null && !tx.wasCommitted())
++				tx.rollback();
++			throw e;
++		}	
+ 	}
+ 	
+ 	public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
+@@ -721,28 +794,34 @@ public class AuthenticationSessionStoreage {
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List<AuthenticatedSessionStore> result;
+-		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
+-			  query.setParameter("sessionID", sessionID);
+-			  query.setParameter("idpID", idpID);
+-			  result = query.list();
++		  Transaction tx = null;
++		  try {		  
++			  synchronized (session) {
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
++				  query.setParameter("sessionID", sessionID);
++				  query.setParameter("idpID", idpID);
++				  result = query.list();
++				  
++				  //send transaction
++				  tx.commit();
++			  }
+ 			  
+-			  //send transaction
+-			  session.getTransaction().commit();
+-		  }
+-		  
+-		  Logger.trace("Found entries: " + result.size());
+-		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() == 0) {
+-			 Logger.trace("No entries found.");
+-		   	return null;
+-		   	
+-		  }
+-		  
+-		  return result.get(0).getInderfederation().get(0);
++			  Logger.trace("Found entries: " + result.size());
++			  
++			  //Assertion requires an unique artifact
++			  if (result.size() == 0) {
++				 Logger.trace("No entries found.");
++			   	return null;
++			   	
++			  }
++			  
++			  return result.get(0).getInderfederation().get(0);
++		  } catch (Exception e) {
++				if (tx != null && !tx.wasCommitted())
++					tx.rollback();
++				throw e;
++		  }	
+ 	}
+ 	
+ 	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		
+@@ -847,27 +926,33 @@ public class AuthenticationSessionStoreage {
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List<AuthenticatedSessionStore> result;
+-		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
+-			  query.setParameter("sessionID", moaSession.getSessionID());
+-			  result = query.list();
++		  Transaction tx = null;
++		  try {
++			  synchronized (session) {
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
++				  query.setParameter("sessionID", moaSession.getSessionID());
++				  result = query.list();
++				  
++				  //send transaction
++				  tx.commit();
++			  }
+ 			  
+-			  //send transaction
+-			  session.getTransaction().commit();
+-		  }
+-		  
+-		  Logger.trace("Found entries: " + result.size());
+-		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() == 0) {
+-			 Logger.trace("No entries found.");
+-		   	return null;
+-		   	
+-		  }
+-		  
+-		  return result.get(0).getInderfederation().get(0);
++			  Logger.trace("Found entries: " + result.size());
++			  
++			  //Assertion requires an unique artifact
++			  if (result.size() == 0) {
++				 Logger.trace("No entries found.");
++			   	return null;
++			   	
++			  }
++			  
++			  return result.get(0).getInderfederation().get(0);
++		} catch (Exception e) {
++			if (tx != null && !tx.wasCommitted())
++				tx.rollback();
++			throw e;
++		}	
+ 	}
+ 	
+ 	/**
+@@ -930,28 +1015,34 @@ public class AuthenticationSessionStoreage {
+ 		
+ 		List<AuthenticatedSessionStore> results;
+ 		Session session = MOASessionDBUtils.getCurrentSession();
+-		
+-		synchronized (session) {			
+-			session.beginTransaction();
+-			Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
+-			query.setTimestamp("timeoutcreate", expioredatecreate);
+-			query.setTimestamp("timeoutupdate", expioredateupdate);
+-			results = query.list();
+-			session.getTransaction().commit();
+-		}
+-		
+-		if (results.size() != 0) {
+-			for(AuthenticatedSessionStore result : results) {
+-				try { 
+-					cleanDelete(result);
+-					Logger.info("Authenticated session with sessionID=" + result.getSessionid() 
+-							+ " after session timeout.");
+-				
+-				} catch (HibernateException e){
+-					Logger.warn("Authenticated session with sessionID=" + result.getSessionid() 
+-							+ " not removed after timeout! (Error during Database communication)", e);
+-				}
+-			}	
++		Transaction tx = null;
++		try {
++			synchronized (session) {			
++				tx = session.beginTransaction();
++				Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
++				query.setTimestamp("timeoutcreate", expioredatecreate);
++				query.setTimestamp("timeoutupdate", expioredateupdate);
++				results = query.list();
++				tx.commit();
++			}
++			
++			if (results.size() != 0) {
++				for(AuthenticatedSessionStore result : results) {
++					try { 
++						cleanDelete(result);
++						Logger.info("Authenticated session with sessionID=" + result.getSessionid() 
++								+ " after session timeout.");
++					
++					} catch (HibernateException e){
++						Logger.warn("Authenticated session with sessionID=" + result.getSessionid() 
++								+ " not removed after timeout! (Error during Database communication)", e);
++					}
++				}	
++			}
++		} catch (Exception e) {
++			if (tx != null && !tx.wasCommitted())
++				tx.rollback();
++			throw e;
+ 		}	
+ 	}
+ 	
+@@ -1004,26 +1095,32 @@ public class AuthenticationSessionStoreage {
+ 		  Session session = MOASessionDBUtils.getCurrentSession();
+ 		  
+ 		  List result;
+-		  
+-		  synchronized (session) {
+-			  session.beginTransaction();
+-			  Query query = session.getNamedQuery("getSessionWithID");
+-			  query.setParameter("sessionid", sessionID);
+-			  result = query.list();
++		  Transaction tx = null;
++		  try {
++			  synchronized (session) {
++				  tx = session.beginTransaction();
++				  Query query = session.getNamedQuery("getSessionWithID");
++				  query.setParameter("sessionid", sessionID);
++				  result = query.list();
++				  
++				  //send transaction
++				  if (commit)
++					  tx.commit();
++			  }
+ 			  
+-			  //send transaction
+-			  if (commit)
+-				  session.getTransaction().commit();
+-		  }
+-		  
+-		  Logger.trace("Found entries: " + result.size());
+-		  
+-		  //Assertion requires an unique artifact
+-		  if (result.size() != 1) {
+-			 Logger.trace("No entries found.");
+-		   	throw new MOADatabaseException("No session found with this sessionID");
+-		  }
+-		  
+-		  return (AuthenticatedSessionStore) result.get(0);
++			  Logger.trace("Found entries: " + result.size());
++			  
++			  //Assertion requires an unique artifact
++			  if (result.size() != 1) {
++				 Logger.trace("No entries found.");
++			   	throw new MOADatabaseException("No session found with this sessionID");
++			  }
++			  
++			  return (AuthenticatedSessionStore) result.get(0);
++		  } catch (Exception e) {
++				if (tx != null && !tx.wasCommitted() && commit)
++					tx.rollback();
++				throw e;
++		}	
+ 	}
+ }
+diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+index 206fde8..7e319e2 100644
+--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
++++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+@@ -29,7 +29,7 @@
+ 		<property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
+ 		<property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
+ 		<property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
+-		<property name="validationQuery" value="SELECT 1" />
++		<property name="validationQuery" value="${configuration.dbcp.validationQuery}" />
+ 	</bean>
+ 	
+ 	<bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java
+index 223f29a..4bd459f 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfiguration.java
+@@ -61,4 +61,16 @@ public interface MOAIDConfiguration extends Configuration {
+ 	 * @throws ConfigurationException in case of an configuration access error
+ 	 */
+ 	public Map<String, String> getOnlineApplication(String publicURLPrefix) throws ConfigurationException;
++	
++	
++	/**
++	 * Load an OnlineApplication configuration and remove the OA key prefix
++	 * This is a backup version if direct UniqueID selection does not work
++	 * 
++	 * @param publicURLPrefix: Unique identifier of online application
++	 * @return Properties of the online application or null if no OA is found
++	 * @throws ConfigurationException in case of an configuration access error
++	 */
++	public Map<String, String> getOnlineApplicationBackupVersion(String publicURLPrefix) throws ConfigurationException;
++	
+ }
+\ No newline at end of file
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
+index 297c63d..b9b5ad6 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
+@@ -1,5 +1,7 @@
+ package at.gv.egovernment.moa.id.commons.config.persistence;
+ 
++import java.sql.SQLSyntaxErrorException;
++import java.util.ArrayList;
+ import java.util.HashMap;
+ import java.util.Iterator;
+ import java.util.List;
+@@ -131,13 +133,88 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement
+ 		String keyId = MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
+ 				+ ".%."
+ 				+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER;
+-				
++		
++		List<ConfigProperty> oaSearchResult = null;
+ 		TypedQuery<ConfigProperty> oaSearchQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key and dbconfig.value = SUBSTRING(:uniqueID, 1, LENGTH(dbconfig.value))", ConfigProperty.class);
+ 		oaSearchQuery.setParameter("key", keyId);
+ 		oaSearchQuery.setParameter("uniqueID", publicURLPrefix);
+-		List<ConfigProperty> oaSearchResult = oaSearchQuery.getResultList();
++		oaSearchResult = oaSearchQuery.getResultList();
++			
++		return postProcessLoadOnlineApplication(em, oaSearchResult);
++
++	}
++		
++	/* (non-Javadoc)
++	 * @see at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration#getOnlineApplicationBackupVersion(java.lang.String)
++	 */
++	@Override
++	public Map<String, String> getOnlineApplicationBackupVersion(
++			String publicURLPrefix) throws ConfigurationException {
++		Logger.debug("Use backup implementation to query configuration database");
++		
++		EntityManager em = this.getPersistenceContext();
++		if (null == em) {
++			Logger.error("No EntityManager set!");
++			throw new ConfigurationException("No EntityManager set!");
++			
++		}
++		
++		//search key prefix for online application with this publicURLPrefix
++		String keyId = MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
++				+ ".%."
++				+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER;
+ 		
+-        if (oaSearchResult.size() == 0) {
++		List<ConfigProperty> oaSearchResult = new ArrayList<ConfigProperty>();
++		
++		TypedQuery<ConfigProperty> oaSearchQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key", ConfigProperty.class);
++		oaSearchQuery.setParameter("key", keyId);
++		List<ConfigProperty> intermResult = oaSearchQuery.getResultList();
++		if (intermResult != null) {			
++			for (ConfigProperty el : intermResult) {
++				if (publicURLPrefix.startsWith(el.getValue()))
++					oaSearchResult.add(el);
++				
++			}				
++		}	
++		
++		return postProcessLoadOnlineApplication(em, oaSearchResult);
++		
++	}
++	
++	/**
++	 * Small helper method. NOTE: may return empty configuration properties, but never {@code null}.
++	 * 
++	 * @param propPrefix: the prefix of the desired property.
++	 * @param input: List of database objects with key/value information.
++	 * @param removePrefix: Indicates if the prefix should be removed from the result key
++	 * @return the {@link Map} of configuration properties
++	 */
++	private Map<String, String> getKeyValueFromDatabaseDAO(Iterator<ConfigProperty> input, final String prefix, boolean removePrefix) {
++		Map<String, String> configProp = new HashMap<String, String>();
++		 while (input.hasNext()) {
++	        ConfigProperty el = input.next();
++	        if (removePrefix) {
++	        	if (el.getKey().startsWith(prefix)) {	        	
++	        		String propertyName = KeyValueUtils.removePrefixFromKey(el.getKey(), prefix);	        		
++	        		configProp.put(propertyName, el.getValue());
++	        		
++	        	}	
++	        } else
++	        	configProp.put(el.getKey(), el.getValue());
++	        		                	
++		}
++		return configProp;
++	}
++
++	/**
++	 * Online-Application load operation post-processing
++	 * 
++	 * @param em EntityManager for Database access
++	 * @param oaSearchResult Search result of first OA selection operation
++	 * @return Map of post-processed OA configuration key/value pairs
++	 */	
++	private Map<String, String> postProcessLoadOnlineApplication(EntityManager em, List<ConfigProperty> oaSearchResult) {		
++		if (oaSearchResult == null || oaSearchResult.size() == 0) {
+             Logger.debug("No entries found.");
+             return null;      }
+ 
+@@ -170,31 +247,6 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement
+ 		result.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, oaType);
+ 					        
+ 		return result;
++		
+ 	}
+-	
+-	/**
+-	 * Small helper method. NOTE: may return empty configuration properties, but never {@code null}.
+-	 * 
+-	 * @param propPrefix: the prefix of the desired property.
+-	 * @param input: List of database objects with key/value information.
+-	 * @param removePrefix: Indicates if the prefix should be removed from the result key
+-	 * @return the {@link Map} of configuration properties
+-	 */
+-	private Map<String, String> getKeyValueFromDatabaseDAO(Iterator<ConfigProperty> input, final String prefix, boolean removePrefix) {
+-		Map<String, String> configProp = new HashMap<String, String>();
+-		 while (input.hasNext()) {
+-	        ConfigProperty el = input.next();
+-	        if (removePrefix) {
+-	        	if (el.getKey().startsWith(prefix)) {	        	
+-	        		String propertyName = KeyValueUtils.removePrefixFromKey(el.getKey(), prefix);	        		
+-	        		configProp.put(propertyName, el.getValue());
+-	        		
+-	        	}	
+-	        } else
+-	        	configProp.put(el.getKey(), el.getValue());
+-	        		                	
+-		}
+-		return configProp;
+-	}
+-
+ }
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+index 7621552..49e0634 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+@@ -163,8 +163,9 @@ public final class MOASessionDBUtils {
+ 		     
+ 	  	 } catch(HibernateException e) {
+ 	  		Logger.warn("Error during MOASession database saveOrUpdate. Rollback.", e);
+-	  		 tx.rollback();
+-	  		 throw new MOADatabaseException(e);
++	  		if (tx != null)
++	  			tx.rollback();
++	  		throw new MOADatabaseException(e);
+ 	  	 }
+ 	   }
+ 	   
+@@ -183,8 +184,9 @@ public final class MOASessionDBUtils {
+ 		     
+ 	  	 } catch(HibernateException e) {
+ 	  		Logger.warn("Error during MOASession database delete. Rollback.", e);
+-	  		 tx.rollback();
+-	  		 return false;
++	  		if (tx != null)
++	  			tx.rollback();
++	  		return false;
+ 	  	 }
+ 	   }
+    
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
+index 0f157f1..c049eeb 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
+@@ -41,9 +41,12 @@ public class NewConfigurationDBRead {
+ 		
+ 	}
+ 
+-	public Map<String, String> getOnlineApplicationKeyValueWithId(String id) {
++	public Map<String, String> getOnlineApplicationKeyValueWithId(String id, boolean backupVersion) {
+ 		try {
+-			return conf.getOnlineApplication(id);
++			if (backupVersion)
++				return conf.getOnlineApplicationBackupVersion(id);
++			else
++				return conf.getOnlineApplication(id);
+ 			
+ 		} catch (ConfigurationException e) {
+ 			Logger.warn("OnlineApplication with Id: " + id + " not found.", e);
+diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java
+index f59e39a..aad830d 100644
+--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java
++++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/DatabaseConfigPropertyImpl.java
+@@ -1,6 +1,10 @@
+ package at.gv.egovernment.moa.id.commons.db.dao.config;
+ 
++import java.util.ArrayList;
++import java.util.Iterator;
+ import java.util.List;
++import java.util.Map.Entry;
++import java.util.regex.Pattern;
+ 
+ import javax.persistence.EntityManager;
+ import javax.persistence.PersistenceContext;
+@@ -137,10 +141,33 @@ public class DatabaseConfigPropertyImpl extends AbstractConfigurationImpl {
+ 			throw new ConfigurationException("No EntityManager set!");
+ 		}
+ 		
+-		TypedQuery<String> query = em.createQuery("select key from ConfigProperty dbconfig where dbconfig.value like :value", String.class);
+-		query.setParameter("value", searchString.replace("*", "%"));
+-		List<String> result = query.getResultList();
+-		return result.toArray(new String[result.size()]);
++		TypedQuery<ConfigProperty> query = em.createQuery("select * from ConfigProperty dbconfig", ConfigProperty.class);
++		List<ConfigProperty> all = query.getResultList();
++		
++		searchString = searchString.replace(".", "\\.");
++		String regex = searchString.replace("*", ".*");
++		regex = regex.replace("%", "\\w*");
++		log.debug("Searching with regex: {}", regex);	
++		Pattern pattern = Pattern.compile(regex);
++		
++		List<String> keyList = new ArrayList<String>();	
++		Iterator<ConfigProperty> keyIt;
++		if (all != null) {
++			keyIt = all.iterator();
++			while(keyIt.hasNext()) {
++				ConfigProperty entry = keyIt.next();
++				String value = entry.getValue();
++				String key = entry.getKey();
++				
++				if(pattern.matcher(value).matches()) {
++					keyList.add(key);
++				}								
++			}
++		}
++				
++		String[] result = new String[keyList.size()];		
++		return keyList.toArray(result);
++			
+ 	}
+ 
+ 	/* (non-Javadoc)
+diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
+index 3bd1222..c758e23 100644
+--- a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
++++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
+@@ -31,7 +31,7 @@
+ 		<property name="testOnBorrow" value="${dbcp.testOnBorrow}" />
+ 		<property name="testOnReturn" value="${dbcp.testOnReturn}" />
+ 		<property name="testWhileIdle" value="${dbcp.testWhileIdle}" />
+-		<property name="validationQuery" value="SELECT 1" />
++		<property name="validationQuery" value="${dbcp.validationQuery}" />
+ 	</bean>
+ 	
+ 
+-- 
+1.9.5.msysgit.0
+
diff --git a/0002-change-default-filename-in-configuration-download-di.patch b/0002-change-default-filename-in-configuration-download-di.patch
new file mode 100644
index 000000000..d95f57e38
--- /dev/null
+++ b/0002-change-default-filename-in-configuration-download-di.patch
@@ -0,0 +1,25 @@
+From 2362892f59b8daccb8c0a2155048c5adc7a1a7ea Mon Sep 17 00:00:00 2001
+From: Thomas Lenz <tlenz@iaik.tugraz.at>
+Date: Tue, 15 Sep 2015 12:56:17 +0200
+Subject: [PATCH 2/3] change default filename in configuration download dialog
+
+---
+ id/ConfigWebTool/src/main/resources/struts.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml
+index 701cc99..f978e93 100644
+--- a/id/ConfigWebTool/src/main/resources/struts.xml
++++ b/id/ConfigWebTool/src/main/resources/struts.xml
+@@ -284,7 +284,7 @@
+ 			<result name="success" type="stream">
+ 				<param name="contentType">application/octet-stream</param>
+ 	  		<param name="inputName">fileInputStream</param>
+-	  		<param name="contentDisposition">attachment;filename="MOAID-2.0_config.xml"</param>
++	  		<param name="contentDisposition">attachment;filename="MOAID-3.0_config.properties"</param>
+ 	  		<param name="bufferSize">1024</param>   
+ 			</result>
+ 			<result name="reauthentication" type="redirectAction">
+-- 
+1.9.5.msysgit.0
+
diff --git a/0003-update-handbook-and-release-information.patch b/0003-update-handbook-and-release-information.patch
new file mode 100644
index 000000000..6c8a4ee2a
--- /dev/null
+++ b/0003-update-handbook-and-release-information.patch
@@ -0,0 +1,752 @@
+From 8149f22dc110b82ef2910db0037d037062628dd5 Mon Sep 17 00:00:00 2001
+From: Thomas Lenz <tlenz@iaik.tugraz.at>
+Date: Tue, 15 Sep 2015 13:02:59 +0200
+Subject: [PATCH 3/3]  - update handbook and release information  - change
+ version to 3.0.2
+
+---
+ id/history.txt                            |   7 +
+ id/readme_3.0.2.txt                       | 644 ++++++++++++++++++++++++++++++
+ id/server/doc/handbook/config/config.html |  16 +-
+ pom.xml                                   |  12 +-
+ 4 files changed, 672 insertions(+), 7 deletions(-)
+ create mode 100644 id/readme_3.0.2.txt
+
+diff --git a/id/history.txt b/id/history.txt
+index f1b9adf..6ad08d9 100644
+--- a/id/history.txt
++++ b/id/history.txt
+@@ -1,5 +1,12 @@
+ Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.
+ 
++Version MOA-ID Release 3.0.2: Änderungen seit Version MOA-ID 3.0.1
++- Änderungen
++  - Bug-Fix für Zugriff auf Oracle Datenbanken
++  - 
++
++
++  ------------------------------------------------------------------------------
+ Version MOA-ID Release 3.0.1: Änderungen seit Version MOA-ID 3.0.0
+ - Änderungen
+   - Bug-Fix für Testkarten mit Testkarten-OID
+diff --git a/id/readme_3.0.2.txt b/id/readme_3.0.2.txt
+new file mode 100644
+index 0000000..cd752a6
+--- /dev/null
++++ b/id/readme_3.0.2.txt
+@@ -0,0 +1,644 @@
++===============================================================================
++MOA ID Version Release 3.0.2 - Wichtige Informationen zur Installation
++===============================================================================
++
++-------------------------------------------------------------------------------
++A. Neuerungen/Änderungen
++-------------------------------------------------------------------------------
++
++Mit MOA ID Version 3.0.2 wurden folgende Neuerungen und Änderungen eingeführt, 
++die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch 
++history.txt im gleichen Verzeichnis). Da es sich bei der Version 3.0.2 nur um
++Version mit minimaler Fehlerbereinigung handelt sind zusätzlich auch alle 
++Änderungen aus der Version 3.0.0 und 3.0.1 zur Information gelisted:
++   
++- Änderungen
++  - Bug-Fix für Zugriff auf Oracle Datenbanken
++
++Anpassungen aus MOA-ID 3.0.0 und 3.0.1
++- Änderungen
++  - Redesign des Datenmodels für die Configuration
++  - Redesign des Authentifizierungsprozessmanagment
++  - Anpassung VIDP Code für STORK
++  - Update von TrustStore und CertSTore
++  - Kleinere Bug-Fixes
++  - Update von Libraries
++  - Bug-Fix für Testkarten mit Testkarten-OID
++
++-------------------------------------------------------------------------------
++B. Durchführung eines Updates
++-------------------------------------------------------------------------------
++
++Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
++eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
++MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend 
++angebebenen Updateschritte.
++
++Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 3.0.x
++reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
++Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
++Diese Datei dient dann als Basis für den Import in MOA-ID 3.0.x. 
++
++...............................................................................
++B.0 Durchführung eines Updates von Version 3.0.1 auf Version 3.0.2
++...............................................................................
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war 
++   als auch das komplette Verzeichnis moa-id-auth. 
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.
++   
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.
++
++6. Hinzufügen der zusätzlichen Konfigurationsparameter in der 
++   MOA-ID-Configuration Konfigurationsdatei
++   CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties     
++     a.) dbcp.validationQuery=.....         (SQL Query zum Validieren der
++         Datenbankverbindung 
++           z.B: "SELECT 1" für mySQL
++                "select 1 from dual" für OracleDB)
++
++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
++   Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties     
++     a.) configuration.dbcp.validationQuery=.....         (SQL Query zum 
++         Validieren der Datenbankverbindung 
++           z.B: "SELECT 1" für mySQL
++                "select 1 from dual" für OracleDB)
++
++8.  Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++    Logging von MOA ID beim Einlesen der Konfiguration.
++         
++
++...............................................................................
++B.1 Durchführung eines Updates von Version 3.0.0 auf Version 3.0.2
++...............................................................................
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war 
++   als auch das komplette Verzeichnis moa-id-auth. 
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.   
++
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.
++
++6. Update der TrustStores für WebService Zugriffe.
++     a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\ca-certs
++         in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\ca-certs.         
++     b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\certstore\toBeAdded
++         in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\certstore\toBeAdded.
++
++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der 
++   MOA-ID-Configuration Konfigurationsdatei
++   CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties     
++     a.) dbcp.validationQuery=.....         (SQL Query zum Validieren der
++         Datenbankverbindung 
++           z.B: "SELECT 1" für mySQL
++                "select 1 from dual" für OracleDB)
++
++8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
++   Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties     
++     a.) configuration.dbcp.validationQuery=.....         (SQL Query zum 
++         Validieren der Datenbankverbindung 
++           z.B: "SELECT 1" für mySQL
++                "select 1 from dual" für OracleDB)
++
++9.  Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++    Logging von MOA ID beim Einlesen der Konfiguration.
++         
++...............................................................................
++B.2 Durchführung eines Updates von Version 2.2.1 auf Version 3.0.2 
++...............................................................................
++
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.0.0.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
++   moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth 
++   und das komplette Verzeichnis moa-id-configuration.
++
++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
++	 CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
++   	
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.
++   
++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.
++                                 
++7. Update des Cert-Stores.
++   Kopieren Sie den Inhalt des Verzeichnisses
++   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
++   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
++   bejahen sie das.
++
++8. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen 
++   wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile 
++   beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++    2)  Kopieren Sie das Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
++        CATALINA_HOME\conf\moa-spss.
++
++   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie 
++      folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++    1)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
++        entsprechenden Profilen im Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
++        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt 
++        der einzelnen Profile aus der Distribution 
++        (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
++        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
++        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
++        überschreiben), also z.B: Kopieren des Inhalts von 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
++        CATALINA_HOME\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. 
++
++9. Update der Default html-Templates für die Bürgerkartenauswahl.
++
++     a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
++         in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.         
++     b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
++         in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. 
++
++10. Update der STORK Konfiguration
++     a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
++         in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
++     b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->   
++         2.4 Konfiguration des SamlEngines an.
++         
++11. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
++    CATALINA_HOME\conf\moa-id\moa-id.properties
++   
++12. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configration Konfigurationsdatei
++    CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
++
++13. Hinzufügen der zusätzlichen Konfigurationsdatei in der MOA-ID-Configuration
++    CATALINA_HOME\conf\moa-id-configuration\userdatabase.properties
++
++14. Update der Tomcat Start-Skripts:
++    - Die Konfigurationsdateien für MOA-ID-Auth und MOA-ID-Configuration müssen
++      nur als URI (file:/...) übergeben werden. 
++                 
++15.  Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++    Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.1 Durchführung eines Updates von Version 2.2.0 auf Version 2.2.1 
++...............................................................................
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.1.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
++   moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth 
++   und das komplette Verzeichnis moa-id-configuration.
++	
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.
++   
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.
++                                 
++6. Update des Cert-Stores.
++   Kopieren Sie den Inhalt des Verzeichnisses
++   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
++   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
++   bejahen sie das.
++
++7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen 
++   wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile 
++   beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++    2)  Kopieren Sie das Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
++        CATALINA_HOME\conf\moa-spss.
++
++   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie 
++      folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++    1)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
++        entsprechenden Profilen im Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
++        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt 
++        der einzelnen Profile aus der Distribution 
++        (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
++        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
++        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
++        überschreiben), also z.B: Kopieren des Inhalts von 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
++        CATALINA_HOME\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. 
++                 
++8.  Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++    Logging von MOA ID beim Einlesen der Konfiguration.
++
++...............................................................................
++B.1 Durchführung eines Updates von Version 2.1.2 auf Version 2.2.0 
++...............................................................................
++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.0.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
++   moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth 
++   und das komplette Verzeichnis moa-id-configuration.
++   
++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
++	 CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
++	
++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.
++   
++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.
++   
++8. Kopieren der folgenden Dateien:
++      Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der 
++      Datei bevor Sie diese durch die neue Version ersetzen.  
++      a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
++          CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
++      b.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_outgoing.xml ->
++          CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_outgoing.xml          
++                    
++9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks 
++   (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
++   Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
++   verwendeten KeyStore ab. 
++
++10. Update des Cert-Stores.
++   Kopieren Sie den Inhalt des Verzeichnisses
++   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
++   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
++   bejahen sie das.
++
++11. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen 
++   wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile 
++   beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++    2)  Kopieren Sie das Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
++        CATALINA_HOME\conf\moa-spss.
++
++   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie 
++      folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++    1)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
++        entsprechenden Profilen im Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
++        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt 
++        der einzelnen Profile aus der Distribution 
++        (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
++        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
++        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
++        überschreiben), also z.B: Kopieren des Inhalts von 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
++        CATALINA_HOME\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. 
++
++                 
++12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++    Logging von MOA ID beim Einlesen der Konfiguration.
++
++...............................................................................
++B.2 Durchführung eines Updates von Version 2.1.1 auf Version 2.1.2 
++...............................................................................
++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.2.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
++   moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth 
++   und das komplette Verzeichnis moa-id-configuration.
++   
++4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
++	 CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
++	
++5. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das 
++   Verzeichnis	CATALINA_HOME_ID\endorsed   
++
++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.
++   
++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.
++   
++8. Kopieren der folgenden Dateien  
++      a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
++          CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
++          Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der 
++          Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
++          
++9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks 
++   (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
++   Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
++   verwendeten KeyStore ab. 
++                 
++10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++    Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.3 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1 
++...............................................................................
++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++
++3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
++	 JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
++	
++4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das 
++   Verzeichnis	JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr 
++   unterstuetzt).
++
++5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
++   auch das komplette Verzeichnis moa-id-auth.
++
++6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.
++   
++7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.
++   
++8. Hinzufügen der zusätzlichen Konfigurationsparameter in der 
++   MOA-ID-Configuration Konfigurationsdatei
++   CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties     
++     a.) general.moaconfig.key=.....         (Passwort zum Ver- und 
++         Entschlüsseln von Konfigurationsparametern in der Datenbank)
++
++9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
++   Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties     
++     a.) configuration.moaconfig.key=.....   (Passwort zum Ver- und 
++         Entschlüsseln von Konfigurationsparametern in der Datenbank)
++
++10. Kopieren der folgenden Dateien  
++      a.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
++          CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
++          Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der 
++          Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
++         
++11. Update des Cert-Stores.
++   Kopieren Sie den Inhalt des Verzeichnisses
++   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
++   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
++   bejahen sie das.
++
++12. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen 
++   wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile 
++   beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++    2)  Kopieren Sie das Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
++        CATALINA_HOME\conf\moa-spss.
++
++   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie 
++      folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++    1)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
++        entsprechenden Profilen im Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
++        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt 
++        der einzelnen Profile aus der Distribution 
++        (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
++        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
++        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
++        überschreiben), also z.B: Kopieren des Inhalts von 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
++        CATALINA_HOME\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw. 
++        
++13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++    Logging von MOA ID beim Einlesen der Konfiguration.
++    
++    
++...............................................................................
++B.4 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0 
++...............................................................................
++ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
++   auch das komplette Verzeichnis moa-id-auth.
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.
++   
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.   
++
++6. Update der STORK Konfiguration
++     a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
++         in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
++     b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->   
++         2.4 Konfiguration des SamlEngines an.
++         
++7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei
++   CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties     
++     a.) general.ssl.certstore=certs/certstore
++     b.) general.ssl.truststore=certs/truststore
++ 
++8. Kopieren des folgenden zusätzlichen Ordners  MOA_ID_AUTH_INST/conf/moa-id-configuration/certs
++   nach CATALINA_HOME\conf\moa-id-configuration\
++   
++9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
++   CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar.     
++     a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
++         protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
++ 
++10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/
++    nach CATALINA_HOME\conf\moa-id\
++      a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\    
++      b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
++          CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
++      
++11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen 
++    zwei Varianten zur Verfügung.
++      a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth 
++          CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile 
++               moasession.hibernate.hbm2ddl.auto=update
++          zu
++               moasession.hibernate.hbm2ddl.auto=create
++          Danach werden die Tabellen beim nächsten Startvorgang neu generiert.
++               
++      b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson 
++          Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert.   
++       
++12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++   Logging von MOA ID beim Einlesen der Konfiguration.
++
++
++...............................................................................
++B.5 Durchführung eines Updates von Version 2.0-RC1  auf Version 2.0.1
++...............................................................................
++
++1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
++   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
++
++2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
++   bezeichnet.
++   Für MOA ID Proxy:
++   Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in
++   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
++   bezeichnet.
++
++3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
++   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
++   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
++   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
++   auch das komplette Verzeichnis moa-id-auth.
++
++4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
++   CATALINA_HOME_ID/webapps.
++
++5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
++   CATALINA_HOME_ID/webapps.  
++
++6. Update des Cert-Stores.
++   Kopieren Sie den Inhalt des Verzeichnisses
++   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
++   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
++   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
++   bejahen sie das.
++
++7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen 
++   wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile 
++   beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
++
++   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
++
++    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
++    2)  Kopieren Sie das Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
++        CATALINA_HOME\conf\moa-spss.
++
++   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie 
++      folgt vor, um die Profile auf den aktuellen Stand zu bringen:
++
++    1)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
++        entsprechenden Profilen im Verzeichnis 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
++        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt 
++        der einzelnen Profile aus der Distribution 
++        (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
++        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
++        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
++        überschreiben), also z.B: Kopieren des Inhalts von 
++        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
++        CATALINA_HOME\conf\moa-spss\trustProfiles\
++        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
++           
++8. Update der Default html-Templates für die Bürgerkartenauswahl.
++
++     a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
++         in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.         
++     b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
++         in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. 
++
++9. Update der STORK Konfiguration
++     a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
++         in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
++     b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->   
++         2.4 Konfiguration des SamlEngines an.
++         
++10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
++   CATALINA_HOME\conf\moa-id\moa-id.properties
++     
++     a.) configuration.validation.certificate.QC.ignore=false
++     b.) protocols.pvp2.assertion.encryption.active=false          
++                                    
++11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
++   Logging von MOA ID beim Einlesen der Konfiguration.
++
++   
++...............................................................................
++B.6 Durchführung eines Updates von Version <= 1.5.1
++...............................................................................
++
++Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
++Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter 
++Zuhilfenahme Ihrer bisherigen Konfiguration an.
++
+diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
+index 6f6d13d..4eb5ea2 100644
+--- a/id/server/doc/handbook/config/config.html
++++ b/id/server/doc/handbook/config/config.html
+@@ -259,6 +259,13 @@ UNIX: -Duser.properties=file:C:/Programme/apache/tomcat-8.x.x/conf/moa-id-config
+     <td>moaconfigpassword</td>
+     <td>Passwort f&uuml;r den Zugriff auf das Datenbank Schema</td>
+   </tr>
++  <tr>
++    <td><p>dbcp.validationQuery</p></td>
++    <td>SELECT 1</td>
++    <td><p>SQL Query zum Validieren der Datenbank Verbindung</p>
++      <p><strong>mySQL:</strong> SELECT 1</p>
++      <p><strong>Oracle:</strong> select 1 from dual</p></td>
++  </tr>
+ </table>
+ <p>&nbsp;</p>
+ <p>Die Beispielkonfiguration beinhaltet noch zus&auml;tzliche Konfigurationsparameter f&uuml;r den Datenbankzugriff welche direkt aus der Beispielkonfiguration &uuml;bernommen werden k&ouml;nnen. Eine detaillierte Beschreibung der einzelnen Einstellungsparameter kann der <a href="http://docs.jboss.org/hibernate/core/4.2/manual/en-US/html/">Hibernate Dokumention</a> entnommen werden.</p>
+@@ -612,10 +619,17 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
+     <td>Benutzername f&uuml;r den Zugriff auf das Datenbank Schema</td>
+   </tr>
+   <tr>
+-    <td><p>configuration.hibernate.connection.password</p></td>
++    <td>configuration.hibernate.connection.password</td>
+     <td>moaconfigpassword</td>
+     <td>Passwort f&uuml;r den Zugriff auf das Datenbank Schema</td>
+   </tr>
++  <tr>
++    <td><p>configuration.dbcp.validationQuery</p></td>
++    <td>SELECT 1</td>
++    <td><p>SQL Query zum Validieren der Datenbank Verbindung</p>
++      <p><strong>mySQL:</strong> SELECT 1</p>
++      <p><strong>Oracle:</strong> select 1 from dual</p></td>
++  </tr>
+ </table>
+ <p>&nbsp;</p>
+   <h6><a name="basisconfig_moa_id_auth_param_database_session" id="uebersicht_bekanntmachung13"></a>2.2.2.4.2 Session Informationen</h6>
+diff --git a/pom.xml b/pom.xml
+index cdffb90..3e7e4ea 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -22,12 +22,12 @@
+ 		-->
+ 		
+ 			<!-- Project Version -->
+-			<moa-commons-version>3.0.1-Snapshot</moa-commons-version>
+-			<moa-id-version>3.0.2-Snapshot</moa-id-version>
++			<moa-commons-version>3.0.2</moa-commons-version>
++			<moa-id-version>3.0.2</moa-id-version>
+ 			<moa-id-proxy-version>2.0.1-Snapshot</moa-id-proxy-version>
+-			<moa-spss-version>2.0.5-Snapshot</moa-spss-version>
+-			<configtool-version>2.0.1-Snapshot</configtool-version>
+-			<demo-oa-version>2.0.5-Snapshot</demo-oa-version>
++			<moa-spss-version>2.0.5</moa-spss-version>
++			<configtool-version>2.0.2</configtool-version>
++			<demo-oa-version>2.0.5</demo-oa-version>
+ 		
+ 			<!-- Library Versions -->
+ 			<org.springframework.version>4.1.6.RELEASE</org.springframework.version>
+@@ -236,7 +236,7 @@
+                     </goals>
+                   </execution>
+               </executions>
+-            </ plugin>-->
++            </plugin> -->
+             
+         </plugins>
+         
+-- 
+1.9.5.msysgit.0
+
diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd
new file mode 100644
index 000000000..4af373cf0
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--                  ****** NOTICE ******
+This document is part of ETSI TS 119 612. In the event that any
+part of this document in conflict with the text of TS 119 612 
+then that text shall prevail as the authoritative source
+-->
+<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<xsd:import namespace="http://uri.etsi.org/02231/v2#" schemaLocation="http://uri.etsi.org/19612/v1.2.1/tsl.xsd"/>
+	<xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/>
+	<xsd:element name="MimeType" type="xsd:string"/>
+	<xsd:element name="X509CertificateLocation" type="tsl:NonEmptyURIType"/>
+	<xsd:element name="PublicKeyLocation" type="tsl:NonEmptyURIType"/>
+	<xsd:element name="ExtendedKeyUsage" type="tslx:ExtendedKeyUsageType"/>
+	<xsd:complexType name="ExtendedKeyUsageType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="KeyPurposeId" type="xades:ObjectIdentifierType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="TakenOverBy" type="tslx:TakenOverByType"/>
+	<xsd:complexType name="TakenOverByType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
+			<xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
+			<xsd:element ref="tsl:SchemeOperatorName"/>
+			<xsd:element ref="tsl:SchemeTerritory"/>
+			<xsd:element name="OtherQualifier" type="tsl:AnyType" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="CertSubjectDNAttribute" type="tslx:CertSubjectDNAttributeType"/>
+	<xsd:complexType name="CertSubjectDNAttributeType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="AttributeOID" type="xades:ObjectIdentifierType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd
new file mode 100644
index 000000000..42a96b78c
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--                  ****** NOTICE ******
+This document is part of ETSI TS 119 612. In the event that any
+part of this document in conflict with the text of TS 119 612 
+then that text shall prevail as the authoritative source
+-->
+<xsd:schema targetNamespace="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/> 
+	<xsd:element name="Qualifications" type="tns:QualificationsType"/>
+	<xsd:complexType name="QualificationsType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="QualificationElement" type="tns:QualificationElementType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="QualificationElementType">
+		<xsd:sequence>
+			<xsd:element name="Qualifiers" type="tns:QualifiersType"/>
+			<xsd:element name="CriteriaList" type="tns:CriteriaListType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CriteriaListType">
+		<xsd:annotation>
+			<xsd:documentation>Please first try to use the CriteriaList before doing the OtherCriteria extension point.</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="KeyUsage" type="tns:KeyUsageType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="PolicySet" type="tns:PoliciesListType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CriteriaList" type="tns:CriteriaListType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>
+			<xsd:element name="otherCriteriaList" type="xades:AnyType" minOccurs="0"/>
+		</xsd:sequence>
+		<xsd:attribute name="assert">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="all"/>
+					<xsd:enumeration value="atLeastOne"/>
+					<xsd:enumeration value="none"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="QualifiersType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="Qualifier" type="tns:QualifierType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="QualifierType">
+		<xsd:attribute name="uri" type="anyURI"/>
+	</xsd:complexType>
+	<xsd:complexType name="PoliciesListType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="PolicyIdentifier" type="xades:ObjectIdentifierType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="KeyUsageType">
+		<xsd:sequence maxOccurs="9">
+			<xsd:element name="KeyUsageBit" type="tns:KeyUsageBitType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="KeyUsageBitType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:boolean">
+				<xsd:attribute name="name">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:string">
+							<xsd:enumeration value="digitalSignature"/>
+							<xsd:enumeration value="nonRepudiation"/>
+							<xsd:enumeration value="keyEncipherment"/>
+							<xsd:enumeration value="dataEncipherment"/>
+							<xsd:enumeration value="keyAgreement"/>
+							<xsd:enumeration value="keyCertSign"/>
+							<xsd:enumeration value="crlSign"/>
+							<xsd:enumeration value="encipherOnly"/>
+							<xsd:enumeration value="decipherOnly"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd b/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd
new file mode 100644
index 000000000..fb1852ec0
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd
@@ -0,0 +1,337 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--                  ****** NOTICE ******
+This document is part of ETSI TS 119 612. In the event that any
+part of this document in conflict with the text of TS 119 612 
+then that text shall prevail as the authoritative source
+
+This is a review done in October 2013 as a result of mismatches between the XML Schema and the specification of some data types within TS 119 612,
+-->
+<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<!-- Imports -->
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+	<!-- Begin auxiliary types -->
+	<!--InternationalNamesType-->
+	<xsd:complexType name="InternationalNamesType">
+		<xsd:sequence>
+			<xsd:element name="Name" type="tsl:MultiLangNormStringType" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="MultiLangNormStringType">
+		<xsd:simpleContent>
+			<xsd:extension base="tsl:NonEmptyNormalizedString">
+				<xsd:attribute ref="xml:lang" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="MultiLangStringType">
+		<xsd:simpleContent>
+			<xsd:extension base="tsl:NonEmptyString">
+				<xsd:attribute ref="xml:lang" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:simpleType name="NonEmptyString">
+		<xsd:restriction base="xsd:string">
+			<xsd:minLength value="1"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="NonEmptyNormalizedString">
+		<xsd:restriction base="xsd:normalizedString">
+			<xsd:minLength value="1"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!-- AddressType -->
+	<xsd:complexType name="AddressType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:PostalAddresses"/>
+			<xsd:element ref="tsl:ElectronicAddress"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--PostalAddressList Type-->
+	<xsd:element name="PostalAddresses" type="tsl:PostalAddressListType"/>
+	<xsd:complexType name="PostalAddressListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:PostalAddress" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--PostalAddress Type-->
+	<xsd:element name="PostalAddress" type="tsl:PostalAddressType"/>
+	<xsd:complexType name="PostalAddressType">
+		<xsd:sequence>
+			<xsd:element name="StreetAddress" type="tsl:NonEmptyString"/>
+			<xsd:element name="Locality" type="tsl:NonEmptyString"/>
+			<xsd:element name="StateOrProvince" type="tsl:NonEmptyString" minOccurs="0"/>
+			<xsd:element name="PostalCode" type="tsl:NonEmptyString" minOccurs="0"/>
+			<xsd:element name="CountryName" type="tsl:NonEmptyString"/>
+		</xsd:sequence>
+		<xsd:attribute ref="xml:lang" use="required"/>
+	</xsd:complexType>
+	<!--ElectronicAddressType-->
+	<!-- 2013-10. XML Schema CHANGE-->
+	<!-- ElectronicAddress changed to include MultilLan URIs for e-mails and web sites URIs as specified in TS 119 612-->
+	<xsd:element name="ElectronicAddress" type="tsl:ElectronicAddressType"/>
+	<xsd:complexType name="ElectronicAddressType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- Types for extensions in TSL -->
+	<xsd:complexType name="AnyType" mixed="true">
+		<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+			<xsd:any processContents="lax"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="Extension" type="tsl:ExtensionType"/>
+	<xsd:complexType name="ExtensionType">
+		<xsd:complexContent>
+			<xsd:extension base="tsl:AnyType">
+				<xsd:attribute name="Critical" type="xsd:boolean" use="required"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ExtensionsListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:Extension" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--NonEmptyURIType-->
+	<xsd:simpleType name="NonEmptyURIType">
+		<xsd:restriction base="xsd:anyURI">
+			<xsd:minLength value="1"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--NonEmptyURIType with language indication-->
+	<xsd:complexType name="NonEmptyMultiLangURIType">
+		<xsd:simpleContent>
+			<xsd:extension base="tsl:NonEmptyURIType">
+				<xsd:attribute ref="xml:lang" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<!--List of NonEmptyURIType with language indication-->
+	<xsd:complexType name="NonEmptyMultiLangURIListType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--List of NonEmptyURIType-->
+	<xsd:complexType name="NonEmptyURIListType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyURIType" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- End auxiliary types -->
+	<!-- ROOT Element -->
+	<xsd:element name="TrustServiceStatusList" type="tsl:TrustStatusListType"/>
+	<!-- Trust Status List Type Definition -->
+	<!-- 2013-10. XML Schema CHANGE-->
+	<!-- Attribute TSLTag declared as xsd:anyURI -->
+	<xsd:complexType name="TrustStatusListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:SchemeInformation"/>
+			<xsd:element ref="tsl:TrustServiceProviderList" minOccurs="0"/>
+			<xsd:element ref="ds:Signature" minOccurs="0"/>
+		</xsd:sequence>
+		<xsd:attribute name="TSLTag" type="xsd:anyURI" use="required"/>
+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+	</xsd:complexType>
+	<!-- 2013-10. XML Schema CHANGE-->
+	<!-- Supressed the type TSLTagType that served to restrict the value of TSLTag by XML Schema-->
+	<!-- In this way, the XML Schema is independent of the TSLTag value and this may change from version to version-->
+	<!-- TrustServiceProviderListType-->
+	<xsd:element name="TrustServiceProviderList" type="tsl:TrustServiceProviderListType"/>
+	<xsd:complexType name="TrustServiceProviderListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:TrustServiceProvider" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSL Scheme Information -->
+	<xsd:element name="SchemeInformation" type="tsl:TSLSchemeInformationType"/>
+	<xsd:complexType name="TSLSchemeInformationType">
+		<xsd:sequence>
+			<xsd:element name="TSLVersionIdentifier" type="xsd:integer"/>
+			<xsd:element name="TSLSequenceNumber" type="xsd:positiveInteger"/>
+			<xsd:element ref="tsl:TSLType"/>
+			<xsd:element ref="tsl:SchemeOperatorName"/>
+			<xsd:element name="SchemeOperatorAddress" type="tsl:AddressType"/>
+			<xsd:element ref="tsl:SchemeName"/>
+			<xsd:element ref="tsl:SchemeInformationURI"/>
+			<xsd:element name="StatusDeterminationApproach" type="tsl:NonEmptyURIType"/>
+			<xsd:element ref="tsl:SchemeTypeCommunityRules" minOccurs="0"/>
+			<xsd:element ref="tsl:SchemeTerritory" minOccurs="0"/>
+			<xsd:element ref="tsl:PolicyOrLegalNotice" minOccurs="0"/>
+			<xsd:element name="HistoricalInformationPeriod" type="xsd:nonNegativeInteger"/>
+			<xsd:element ref="tsl:PointersToOtherTSL" minOccurs="0"/>
+			<xsd:element name="ListIssueDateTime" type="xsd:dateTime"/>
+			<xsd:element ref="tsl:NextUpdate"/>
+			<xsd:element ref="tsl:DistributionPoints" minOccurs="0"/>
+			<xsd:element name="SchemeExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="TSLType" type="tsl:NonEmptyURIType"/>
+	<xsd:element name="SchemeOperatorName" type="tsl:InternationalNamesType"/>
+	<xsd:element name="SchemeName" type="tsl:InternationalNamesType"/>
+	<xsd:element name="SchemeInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
+	<!-- 2013-10. XML Schema CHANGE-->
+	<!-- SchemeTypeCommunityRules changed to include MultilLang URIs for e-mails and web sites URIs as specified in TS 119 612-->
+	<xsd:element name="SchemeTypeCommunityRules" type="tsl:NonEmptyMultiLangURIListType"/>
+	<!-- SchemeTerritory -->
+	<!-- 2014-04. XML Schema CHANGE-->
+	<!-- element SchemeTerritory is now of type xsd:string. Suppressed the restriction of having only 2 characters,
+	as this element may contain other values than the country codes-->
+	<xsd:element name="SchemeTerritory" type="xsd:string"/>	
+	<!-- Policy or Legal Notice -->
+	<xsd:element name="PolicyOrLegalNotice" type="tsl:PolicyOrLegalnoticeType"/>
+	<xsd:complexType name="PolicyOrLegalnoticeType">
+		<xsd:choice>
+			<xsd:element name="TSLPolicy" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
+			<xsd:element name="TSLLegalNotice" type="tsl:MultiLangStringType" maxOccurs="unbounded"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="NextUpdate" type="tsl:NextUpdateType"/>
+	<xsd:complexType name="NextUpdateType">
+		<xsd:sequence>
+			<xsd:element name="dateTime" type="xsd:dateTime" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--OtherTSLPointersType-->
+	<xsd:element name="PointersToOtherTSL" type="tsl:OtherTSLPointersType"/>
+	<xsd:complexType name="OtherTSLPointersType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:OtherTSLPointer" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="OtherTSLPointer" type="tsl:OtherTSLPointerType"/>
+	<xsd:complexType name="OtherTSLPointerType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceDigitalIdentities" minOccurs="0"/>
+			<xsd:element name="TSLLocation" type="tsl:NonEmptyURIType"/>
+			<xsd:element ref="tsl:AdditionalInformation" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="ServiceDigitalIdentities" type="tsl:ServiceDigitalIdentityListType"/>
+	<xsd:complexType name="ServiceDigitalIdentityListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceDigitalIdentity" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="AdditionalInformation" type="tsl:AdditionalInformationType"/>
+	<xsd:complexType name="AdditionalInformationType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:element name="TextualInformation" type="tsl:MultiLangStringType"/>
+			<xsd:element name="OtherInformation" type="tsl:AnyType"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--DistributionPoints element-->
+	<!-- 2013-10. XML Schema CHANGE-->
+	<!-- DistributionPointschanged from ElectronicAddress to nonEmptyURIListType as ElectronicAddress does
+	now contain a list of multilang URIs, which is not required for distribution points-->
+	<xsd:element name="DistributionPoints" type="tsl:NonEmptyURIListType"/>
+	<!-- TSPType -->
+	<xsd:element name="TrustServiceProvider" type="tsl:TSPType"/>
+	<xsd:complexType name="TSPType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:TSPInformation"/>
+			<xsd:element ref="tsl:TSPServices"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSPInformationType -->
+	<xsd:element name="TSPInformation" type="tsl:TSPInformationType"/>
+	<xsd:complexType name="TSPInformationType">
+		<xsd:sequence>
+			<xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
+			<xsd:element name="TSPTradeName" type="tsl:InternationalNamesType" minOccurs="0"/>
+			<xsd:element name="TSPAddress" type="tsl:AddressType"/>
+			<xsd:element name="TSPInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
+			<xsd:element name="TSPInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSP Services-->
+	<xsd:element name="TSPServices" type="tsl:TSPServicesListType"/>
+	<xsd:complexType name="TSPServicesListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:TSPService" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="TSPService" type="tsl:TSPServiceType"/>
+	<xsd:complexType name="TSPServiceType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceInformation"/>
+			<xsd:element ref="tsl:ServiceHistory" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSPServiceInformationType -->
+	<xsd:element name="ServiceInformation" type="tsl:TSPServiceInformationType"/>
+	<xsd:complexType name="TSPServiceInformationType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceTypeIdentifier"/>
+			<xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
+			<xsd:element ref="tsl:ServiceDigitalIdentity"/>
+			<xsd:element ref="tsl:ServiceStatus"/>
+			<xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
+			<xsd:element name="SchemeServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
+			<xsd:element ref="tsl:ServiceSupplyPoints" minOccurs="0"/>
+			<xsd:element name="TSPServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
+			<xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- Service status -->
+	<xsd:element name="ServiceStatus" type="tsl:NonEmptyURIType"/>
+	<!-- Type for Service Supply Points -->
+	<xsd:element name="ServiceSupplyPoints" type="tsl:ServiceSupplyPointsType"/>
+	<xsd:complexType name="ServiceSupplyPointsType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="ServiceSupplyPoint" type="tsl:NonEmptyURIType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSPServiceIdentifier -->
+	<xsd:element name="ServiceTypeIdentifier" type="tsl:NonEmptyURIType"/>
+	<!-- DigitalIdentityType  -->
+	<xsd:element name="ServiceDigitalIdentity" type="tsl:DigitalIdentityListType"/>
+	<xsd:complexType name="DigitalIdentityListType">
+		<xsd:sequence>
+			<xsd:element name="DigitalId" type="tsl:DigitalIdentityType" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="DigitalIdentityType">
+		<xsd:choice>
+			<xsd:element name="X509Certificate" type="xsd:base64Binary"/>
+			<xsd:element name="X509SubjectName" type="xsd:string"/>
+			<xsd:element ref="ds:KeyValue"/>
+			<xsd:element name="X509SKI" type="xsd:base64Binary"/>
+			<xsd:element name="Other" type="tsl:AnyType" minOccurs="0"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!-- ServiceHistory element-->
+	<xsd:element name="ServiceHistory" type="tsl:ServiceHistoryType"/>
+	<xsd:complexType name="ServiceHistoryType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceHistoryInstance" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="ServiceHistoryInstance" type="tsl:ServiceHistoryInstanceType"/>
+	<xsd:complexType name="ServiceHistoryInstanceType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceTypeIdentifier"/>
+			<xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
+			<xsd:element ref="tsl:ServiceDigitalIdentity"/>
+			<xsd:element ref="tsl:ServiceStatus"/>
+			<xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
+			<xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- Elements and types for Extensions -->
+	<!-- Extensions children of tsl:VaExtension-->
+	<!-- Element ExpiredCertsRevocationInfo -->
+	<xsd:element name="ExpiredCertsRevocationInfo" type="xsd:dateTime"/>
+	<!-- Element additionalServiceInformation -->
+	<xsd:element name="AdditionalServiceInformation" type="tsl:AdditionalServiceInformationType"/>
+	<xsd:complexType name="AdditionalServiceInformationType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
+			<xsd:element name="InformationValue" type="xsd:string" minOccurs="0"/>
+			<xsd:element name="OtherInformation" type="tsl:AnyType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
index ece1a805d..acbb67b34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
@@ -27,6 +27,7 @@ import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
 import org.opensaml.ws.message.MessageContext;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -45,6 +46,9 @@ public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder
 					"Invalid message context type, this encoder only support SAMLMessageContext");
 		}
 
+		//load default PVP security configurations
+		MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+		
 		SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
 
 		String endpointURL = getEndpointURL(samlMsgCtx).buildURL();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 5402e3dce..65400444d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.velocity.app.VelocityEngine;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
@@ -51,6 +52,7 @@ import org.opensaml.xml.security.x509.X509Credential;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -74,6 +76,9 @@ public class PostBinding implements IDecoder, IEncoder {
 			X509Credential credentials = CredentialProvider
 					.getIDPAssertionSigningCredential();
 		
+			//load default PVP security configurations
+			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+			
 			VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
 			HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
 					"resources/templates/pvp_postbinding_template.html");
@@ -109,6 +114,9 @@ public class PostBinding implements IDecoder, IEncoder {
 			X509Credential credentials = CredentialProvider
 					.getIDPAssertionSigningCredential();
 
+			//load default PVP security configurations
+			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+			
 			Logger.debug("create SAML POSTBinding response");
 			
 			 VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 81863f48f..9a505a7b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
 import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
@@ -51,6 +52,7 @@ import org.opensaml.xml.security.x509.X509Credential;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
@@ -73,6 +75,9 @@ public class RedirectBinding implements IDecoder, IEncoder {
 			X509Credential credentials = CredentialProvider
 					.getIDPAssertionSigningCredential();
 
+			//load default PVP security configurations
+			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+			
 			Logger.debug("create SAML RedirectBinding response");
 			
 			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
@@ -103,6 +108,9 @@ public class RedirectBinding implements IDecoder, IEncoder {
 			X509Credential credentials = CredentialProvider
 					.getIDPAssertionSigningCredential();
 
+			//load default PVP security configurations
+			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+			
 			Logger.debug("create SAML RedirectBinding response");
 			
 			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index a2583c706..fee508d33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
 import org.opensaml.saml2.core.RequestAbstractType;
@@ -48,6 +49,7 @@ import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.signature.SignableXMLObject;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -130,6 +132,9 @@ public class SoapBinding implements IDecoder, IEncoder {
 			Credential credentials = CredentialProvider
 					.getIDPAssertionSigningCredential();
 			
+			//load default PVP security configurations
+			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+			
 			HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
 			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
 					resp, true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
index 80789cd12..b731e2a95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
@@ -50,7 +50,10 @@ public class MOADefaultBootstrap extends DefaultBootstrap {
         
     }
   
-    
+    public static void initializeDefaultPVPConfiguration() {
+    	initializeGlobalSecurityConfiguration();
+    	
+    }
     
     /**
      * Initializes the default global security configuration.
diff --git a/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar
new file mode 100644
index 000000000..d53fcb398
Binary files /dev/null and b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.jar differ
diff --git a/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom
new file mode 100644
index 000000000..21a800dd7
--- /dev/null
+++ b/repository/iaik/iaik_eccelerate/2.51/iaik_eccelerate-2.51.pom
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik</groupId>
+  <artifactId>iaik_eccelerate</artifactId>
+  <version>2.51</version>
+  <description>POM was created by Sonatype Nexus</description>
+</project>
\ No newline at end of file
-- 
cgit v1.2.3


From 78c50331e83269f25286e172fdfd4f8ae32c8633 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 14 Jan 2016 09:28:59 +0100
Subject: fix problem with eIDAS QAA to STORK QAA mapping

---
 .../src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index d0da0003f..099a70470 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -102,7 +102,7 @@ public class PVPtoSTORKMapper {
 	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
 		if (mapping != null) {
 			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+			String mappedQAA = mapping.getProperty(input);
 			if (MiscUtil.isNotEmpty(mappedQAA)) {
 				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
 				return mappedQAA;
-- 
cgit v1.2.3


From b8b01a93311156704c9c003e3128c544a5e2ba48 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Thu, 14 Jan 2016 17:26:07 +0100
Subject: moa learned how to trigger an authentication after receiving an eidas
 request

---
 .../id/protocols/eidas/AuthenticationRequest.java  |  3 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 48 +++++++++++-----------
 2 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 6a13cba60..3144d08e8 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -48,8 +48,7 @@ public class AuthenticationRequest implements IAction {
 
 	@Override
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
-		// TODO Auto-generated method stub
-		return false;
+		return true;
 	}
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 01052c698..3e2122315 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -23,29 +23,19 @@
 package at.gv.egovernment.moa.id.protocols.eidas;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.stork.peps.auth.commons.*;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -92,31 +82,43 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
          */
     public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
 			String sessionId, String transactionId) throws MOAIDException {
-    	
+
         Logger.info("received an eIDaS request");
-			
+
 		//get SAML Response and decode it
 		String base64SamlToken = request.getParameter("SAMLRequest");
 		if (MiscUtil.isEmpty(base64SamlToken)) {
 			Logger.warn("No eIDAS SAMLRequest found in http request.");
 			throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
-			
 		}						
 		byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);	
-        
+
 		try {
-		//get eIDAS SAML-engine
-		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-		
-		//validate SAML token
-		EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+			//get eIDAS SAML-engine
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+			//validate SAML token
+			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+
+			// memorize important stuff
+			EIDASRequest result = new EIDASRequest();
+			// - memorize requested attributes
+			// TODO memorize requested attributes
+
+			// - memorize OA url
+			result.setOAURL("https://demo.a-sit.at/EidasNode"); // TODO use metadata url?
+
+			// - memorize OA config
+			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
+			if (oaConfig == null)
+				throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()});
+			result.setOnlineApplicationConfiguration(oaConfig);
 
-		
+			return result;
 		} catch(Exception e) {
-			
+			Logger.error("error in preprocessing step", e);
+			throw new MOAIDException("error in preprocessing step", null);
 		}
-		
-		return null;
     }
 
     public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
-- 
cgit v1.2.3


From bf0f1eaee2e5b79427ec979d9c68b6c321de20a2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 14 Jan 2016 21:07:15 +0100
Subject: change eIDAS SAML-engine to singelton

---
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  | 47 ++++++++++++----------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 548d05da6..8e46f0ef1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -38,29 +38,34 @@ import eu.eidas.samlengineconfig.CertificateConfigurationManager;
  */
 public class SAMLEngineUtils {
 
-	public static EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+	private static EIDASSAMLEngine eIDASEngine = null;
+	
+	public static synchronized EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
 		
-		try {
-			//get eIDAS SAMLengine configuration from MOA-ID configuration
-			CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
-			
-			//initial eIDAS SAMLengine
-			EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
-						configManager);
-
-			//set Metadata managment to eIDAS SAMLengine
-			engine.setMetadataProcessor(
-					new MOAeIDASMetadataProviderDecorator(
-							MOAeIDASChainingMetadataProvider.getInstance()));
-			
-			return engine;
-			
-		} catch (EIDASSAMLEngineException e) {
-			Logger.error("eIDAS SAMLengine initialization FAILED!", e);
-			throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
-			
+		if (eIDASEngine == null) {
+			try {
+				//get eIDAS SAMLengine configuration from MOA-ID configuration
+				CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+				
+				//initial eIDAS SAMLengine
+				EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
+							configManager);
+	
+				//set Metadata managment to eIDAS SAMLengine
+				engine.setMetadataProcessor(
+						new MOAeIDASMetadataProviderDecorator(
+								MOAeIDASChainingMetadataProvider.getInstance()));
+				
+				eIDASEngine = engine;
+				
+			} catch (EIDASSAMLEngineException e) {
+				Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+				throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+				
+			}
 		}
-								
+		
+		return eIDASEngine;
 	}
 	
 }
-- 
cgit v1.2.3


From 58e0da935069fb68e456830414ccead10a36f4b0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 14 Jan 2016 21:08:03 +0100
Subject: remove IAIK security-provider fix in eIDAS metadata generation

---
 .../moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index cd30f2bec..130eb1026 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -80,13 +80,13 @@ public class EidasMetaDataServlet extends HttpServlet {
         String metadata="invalid metadata";
         
 		// FIXME workaround!?
-		Security.removeProvider("IAIK");
-		Security.removeProvider("IAIK_ECC");
+//		Security.removeProvider("IAIK");
+//		Security.removeProvider("IAIK_ECC");
 
 		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 
-		IAIK.addAsProvider();
-		ECCProvider.addAsProvider(true);
+//		IAIK.addAsProvider();
+//		ECCProvider.addAsProvider(true);
         
         MetadataGenerator generator = new MetadataGenerator();
         MetadataConfigParams mcp=new MetadataConfigParams();
-- 
cgit v1.2.3


From 2d8bef6716671c96575f4ab3e0ca97f094705c15 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 08:24:18 +0100
Subject: fix problem with certificate validation

---
 .../java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java     | 2 +-
 .../id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 1c20a81bf..1d4556459 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -28,8 +28,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
  */
 public class Constants {
 
-	//public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
 	public static final String eIDAS_SAML_ENGINE_NAME = "default";
+	public static final String SSLSOCKETFACTORYNAME = "eIDASMetadataSSLSocketFactory";
 		
 	//default keys for eIDAS SAML-engine configuration
 	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 4d6cd62fa..f1b14015b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -76,7 +76,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			if (metadataURL.startsWith("https:")) {
 				try {
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
+							Constants.SSLSOCKETFACTORYNAME, 
 							authConfig.getCertstoreDirectory(), 
 							authConfig.getTrustedCACertificates(),
 							null,
-- 
cgit v1.2.3


From a91f760c83b1aebc782b28ddbf387f051d4e38e2 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 11:31:42 +0100
Subject: added EIDAS Request class

---
 .../moa/id/protocols/eidas/EIDASRequest.java       | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java
new file mode 100644
index 000000000..6f9a04e28
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java
@@ -0,0 +1,23 @@
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+
+public class EIDASRequest extends RequestImpl {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 8765755670214923910L;
+	
+	/** The attributes requested by the eIDaS. */
+	private MOAPersonalAttributeList attributes;
+
+	@Override
+	public List<Attribute> getRequestedAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+}
-- 
cgit v1.2.3


From 135583cbc0b9041648ab24456d6cf7081705b814 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 13:48:58 +0100
Subject: add garbage collector to remove unsed SAML2 metadata provider
 (influence PVP and eIDAS metadata)

---
 .../moa/id/auth/MOAIDAuthInitializer.java          |  5 +-
 .../moa/id/config/auth/AuthConfigLoader.java       | 60 --------------
 .../config/auth/IGarbageCollectorProcessing.java   | 36 +++++++++
 .../moa/id/config/auth/MOAGarbageCollector.java    | 77 ++++++++++++++++++
 .../pvp2x/metadata/MOAMetadataProvider.java        | 22 ++++-
 .../moa/id/auth/modules/eidas/Constants.java       |  3 +-
 .../engine/MOAeIDASChainingMetadataProvider.java   | 94 ++++++++++++++++++++--
 7 files changed, 223 insertions(+), 74 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 953a478be..b3055eb34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -4,7 +4,6 @@
 package at.gv.egovernment.moa.id.auth;
 
 import iaik.pki.PKIException;
-import iaik.pki.jsse.IAIKX509TrustManager;
 import iaik.security.ecc.provider.ECCProvider;
 import iaik.security.provider.IAIK;
 
@@ -17,9 +16,9 @@ import javax.net.ssl.SSLSocketFactory;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigLoader;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
 import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -184,7 +183,7 @@ public class MOAIDAuthInitializer {
         
         // Starts the session cleaner thread to remove unpicked authentication data
         AuthenticationSessionCleaner.start();
-        AuthConfigLoader.start();
+        MOAGarbageCollector.start();
     }
     
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
deleted file mode 100644
index 1f43a0d8a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.config.auth;
-
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-
-public class AuthConfigLoader implements Runnable {
-
-	private static final long INTERVAL = 24 * 60 * 60; // 24 hours
-	
-	public void run() {
-		while (true) {
-			try {
-				Thread.sleep(INTERVAL * 1000);						
-				Logger.trace("Check consistence of PVP2X metadata");										
-				MOAMetadataProvider.reInitialize();
-					
-						
-			} catch (Throwable e) {
-				Logger.warn("MOA-ID Configuration validation is not possible, actually. Reuse old configuration.", e);
-				
-			} finally {
-				
-				
-			}
-		}	
-	}
-	
-	public static void start() {
-		// start the session cleanup thread
-		Thread configLoader = new Thread(new AuthConfigLoader(), "ConfigurationChecker");
-		configLoader.setName("ConfigurationChecker");
-		configLoader.setDaemon(true);
-		configLoader.setPriority(Thread.MIN_PRIORITY);
-		configLoader.start();
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java
new file mode 100644
index 000000000..a1008e883
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IGarbageCollectorProcessing.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IGarbageCollectorProcessing {
+
+	/**
+	 * This method gets executed by the MOA garbage collector at regular intervals.
+	 * 
+	 */
+	public void runGarbageCollector();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java
new file mode 100644
index 000000000..1072bec5c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/MOAGarbageCollector.java
@@ -0,0 +1,77 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.config.auth;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOAGarbageCollector implements Runnable {
+
+	private static final long INTERVAL = 24 * 60 * 60; // 24 hours	
+	private static final List<IGarbageCollectorProcessing> processModules = 
+			new ArrayList<IGarbageCollectorProcessing>(); 
+	
+	public void run() {
+		while (true) {
+			try {
+				Thread.sleep(INTERVAL * 1000);
+				
+				try {
+					for (IGarbageCollectorProcessing element : processModules)
+						element.runGarbageCollector();
+					
+				} catch (Throwable e1) {
+					Logger.warn("Garbage collection FAILED in some module.", e1);
+				}
+								
+			} catch (Throwable e) {
+				Logger.warn("MOA-ID garbage collection is not possible, actually.", e);
+				
+			} finally {
+								
+			}
+		}	
+	}
+	
+	/**
+	 * Add a module to MOA internal garbage collector. Every module is executed once a day 
+	 * 
+	 * @param modul Module which should be executed by the garbage collector.
+	 */
+	public static void addModulForGarbageCollection(IGarbageCollectorProcessing modul) {
+		processModules.add(modul);
+		
+	}
+	
+	public static void start() {				
+		// start the session cleanup thread
+		Thread configLoader = new Thread(new MOAGarbageCollector(), "MOAGarbageCollector");
+		configLoader.setName("MOAGarbageCollectorr");
+		configLoader.setDaemon(true);
+		configLoader.setPriority(Thread.MIN_PRIORITY);
+		configLoader.start();
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index f4c099878..03fa686f9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -55,6 +55,8 @@ import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
@@ -66,7 +68,7 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-public class MOAMetadataProvider implements ObservableMetadataProvider{
+public class MOAMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing {
 
 	private static MOAMetadataProvider instance = null;
 	private static Object mutex = new Object();
@@ -77,18 +79,32 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
 			synchronized (mutex) {
 				if (instance == null) {
 					instance = new MOAMetadataProvider();
+					
+					//add this to MOA garbage collector
+					MOAGarbageCollector.addModulForGarbageCollection(instance);
+										
 				}
 			}
 		}
 		return instance;
 	}
 	
-	public static void reInitialize() {
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+	 */
+	@Override
+	public void runGarbageCollector() {
+		reInitialize();
+		
+	}
+	
+	private static void reInitialize() {
 		synchronized (mutex) {
 			
 			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
 			if (instance != null)
-				try {					
+				try {
+					Logger.trace("Check consistence of PVP2X metadata");	
 					instance.addAndRemoveMetadataProvider();
 					
 				} catch (ConfigurationException e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 1d4556459..5166f090d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -57,7 +57,8 @@ public class Constants {
 	//timeouts and clock skews
 	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  			//2 minutes skew time for response validation
 	public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000;  	//20 seconds metadata socked timeout
-	
+	public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000;	//remove unused eIDAS metadata after 7 days
+		
 	//eIDAS attribute names
 	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
 	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index f1b14015b..965abcde1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -1,9 +1,12 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Timer;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -27,7 +30,8 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
@@ -35,12 +39,13 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.engine.AbstractSAMLEngine;
 
-public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider {
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing {
 
 	private static MOAeIDASChainingMetadataProvider instance = null;
 	private static Object mutex = new Object();
 	
 	private MetadataProvider internalProvider;
+	private Map<String, Date> lastAccess = null;
 	
 	
 	public static MOAeIDASChainingMetadataProvider getInstance() {
@@ -48,6 +53,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			synchronized (mutex) {
 				if (instance == null) {
 					instance = new MOAeIDASChainingMetadataProvider();
+					MOAGarbageCollector.addModulForGarbageCollection(instance);
 				}
 			}
 		}
@@ -57,9 +63,79 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 	
 	private MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
+		lastAccess = new HashMap<String, Date>();
 		
 	}
-	    
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+	 */
+	@Override
+	public void runGarbageCollector() {
+		if (!lastAccess.isEmpty()) {
+			Date now = new Date();
+			Date expioredate = new Date(now.getTime() - 
+					Constants.CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT);
+			Logger.debug("Starting eIDAS Metadata garbag collection (Expioredate:" 
+					+ expioredate + ")");
+			
+			List<String> expiredEntities = new ArrayList<String>();
+			
+			Iterator<Entry<String, Date>> lastAccessInterator = lastAccess.entrySet().iterator();
+			while(lastAccessInterator.hasNext()) {
+				Entry<String, Date> element = lastAccessInterator.next();
+				if (element.getValue().before(expioredate)) {
+					Logger.debug("Remove unused eIDAS Metadate: " + element.getKey());
+					expiredEntities.add(element.getKey());
+					
+				}								
+			}
+		
+			if (!expiredEntities.isEmpty()) {			
+				ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+			
+				//get all actually loaded metadata providers
+				Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+			
+				for (String expired : expiredEntities) {
+					if (loadedproviders.containsKey(expired)) {
+						HTTPMetadataProvider provider = loadedproviders.get(expired);
+					
+						//destroy metadata provider
+						provider.destroy();
+					
+						//remove from map
+						loadedproviders.remove(expired);
+					
+						/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+						 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+						//chainProvider.removeMetadataProvider(provider);					
+						Logger.info("Remove not used eIDAS MetadataProvider " + expired 
+								+ " after timeout.");
+										
+					} else
+						Logger.warn("eIDAS metadata for EntityID: " + expired 
+								+ " is marked as unsed, but no loaded metadata provider is found.");
+				
+				}
+			
+				try {
+					synchronized (chainProvider) {
+						chainProvider.setProviders(new ArrayList<MetadataProvider>(loadedproviders.values()));
+					
+						emitChangeEvent();	
+					}
+					
+				} catch (MetadataProviderException e) {
+					Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
+				
+				}
+			}
+		}					
+	}
+	
+	
+	
 	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
 		HTTPMetadataProvider httpProvider = null;
 		Timer timer= null;
@@ -177,7 +253,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 				} else {
 					//load new Metadata Provider				
 					ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
-					HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);					
+					HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);										
 					chainProvider.addMetadataProvider(newMetadataProvider);
 					
 					emitChangeEvent();
@@ -238,12 +314,12 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 				Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
 						+ " Start refreshing process ...");
 				if (refreshMetadataProvider(entityID))
-					return internalProvider.getEntityDescriptor(entityID);
+					entityDesc =  internalProvider.getEntityDescriptor(entityID);
 									
 			} else {
 				if (!entityDesc.isValid())
 					if (refreshMetadataProvider(entityID))
-						return internalProvider.getEntityDescriptor(entityID);
+						entityDesc = internalProvider.getEntityDescriptor(entityID);
 									
 			}
 			
@@ -252,10 +328,13 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
 					+ " Start refreshing process ...");
 			if (refreshMetadataProvider(entityID))
-				return internalProvider.getEntityDescriptor(entityID);
+				entityDesc = internalProvider.getEntityDescriptor(entityID);
 			
 		}
 		
+		if (entityDesc != null)
+			lastAccess.put(entityID, new Date());
+		
 		return entityDesc;
 	}
 
@@ -287,4 +366,5 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			if (observer != null)
 				observer.onEvent(this);
 	}
+
 }
-- 
cgit v1.2.3


From eecc9331869975937ec8c191a769b5939f8c01c1 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 15:22:47 +0100
Subject: removed workaround for class loader issue

---
 .../modules/eidas/utils/EidasMetaDataServlet.java  |  7 -------
 .../moa/id/protocols/eidas/EIDASData.java          | 23 ++++++++++++++++++++++
 .../moa/id/protocols/eidas/EIDASRequest.java       | 23 ----------------------
 3 files changed, 23 insertions(+), 30 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
 delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index d1bc02766..bedd0b6dc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -78,15 +78,8 @@ public class EidasMetaDataServlet extends HttpServlet {
 
     public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
         String metadata="invalid metadata";
-        
-		// FIXME workaround!?
-//		Security.removeProvider("IAIK");
-//		Security.removeProvider("IAIK_ECC");
 
 		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-
-//		IAIK.addAsProvider();
-//		ECCProvider.addAsProvider(true);
         
         MetadataGenerator generator = new MetadataGenerator();
         MetadataConfigParams mcp=new MetadataConfigParams();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
new file mode 100644
index 000000000..6f9a04e28
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -0,0 +1,23 @@
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+
+public class EIDASRequest extends RequestImpl {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 8765755670214923910L;
+	
+	/** The attributes requested by the eIDaS. */
+	private MOAPersonalAttributeList attributes;
+
+	@Override
+	public List<Attribute> getRequestedAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java
deleted file mode 100644
index 6f9a04e28..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.eidas;
-
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-
-public class EIDASRequest extends RequestImpl {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 8765755670214923910L;
-	
-	/** The attributes requested by the eIDaS. */
-	private MOAPersonalAttributeList attributes;
-
-	@Override
-	public List<Attribute> getRequestedAttributes() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-}
-- 
cgit v1.2.3


From a8a923ddda874437efb87c9fdecfb65dd722fed0 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 15:24:19 +0100
Subject: moa can do outbound eidas

---
 .../id/protocols/eidas/AuthenticationRequest.java  | 116 ++++++++++++++++++++-
 .../moa/id/protocols/eidas/EIDASData.java          |  63 ++++++++++-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  18 +++-
 3 files changed, 192 insertions(+), 5 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 3144d08e8..6adefdb86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -22,14 +22,45 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.eidas;
 
+import java.io.StringWriter;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Map.Entry;
+
+import iaik.pkcs.pkcs11.objects.Object;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.format.datetime.DateFormatter;
+
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASStatusCode;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.eidas.EidasConstants;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.stork.peps.auth.commons.PEPSUtil;
+
 
 /**
  * Second request step - after authentication of the user is done and moasession obtained,
@@ -42,7 +73,90 @@ public class AuthenticationRequest implements IAction {
 
 	@Override
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		// TODO Auto-generated method stub
+		EIDASData eidasRequest;
+		if(req instanceof EIDASData)
+			eidasRequest = (EIDASData) req;
+		else
+			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
+		
+		
+		// gather attributes
+		MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+		
+		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+			String newValue = "";
+			
+			switch(current.getKey()) {
+			case "DateOfBirth": newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+			case "CurrentFamilyName": newValue = authData.getFamilyName();break;
+			case "CurrentGivenName": newValue = authData.getGivenName();break;
+			case "PersonIdentifier": newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+                    eidasRequest.getTarget()); break;
+			}
+			
+			if("".equals(newValue))
+				current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+			else {
+				current.getValue().getValue().clear();
+				current.getValue().getValue().add(newValue);
+				current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+			}
+		}
+		
+		// construct eIDaS response
+		EIDASAuthnResponse response = new EIDASAuthnResponse();
+		response.setPersonalAttributeList(resultingAttributeList);
+		response.setIssuer("http://localhost:12344/moa-id-auth/eidas/metadata");
+		response.setAssuranceLevel(authData.getEIDASQAALevel());
+		
+		String token = null;
+		try {
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			
+			// check if we have the destination available, supply it if not
+			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
+						engine, 
+						eidasRequest.getEidasRequest());
+				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+			}
+			
+			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+
+			
+			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+		} catch(Exception e) {
+			e.printStackTrace();
+		}
+		
+		// send the response
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+            
+            context.put("SAMLResponse", token);
+            Logger.debug("SAMLResponse original: " + token);
+
+            Logger.debug("Putting assertion consumer url as action: " + eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            context.put("action", eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            Logger.trace("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.trace("Doing template merge");
+            template.merge(context, writer);
+            Logger.trace("Template merge done");
+
+            Logger.trace("Sending html content: " + writer.getBuffer().toString());
+            Logger.trace("Sending html content2  : " + new String(writer.getBuffer()));
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+		
 		return null;
 	}
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 6f9a04e28..0bedf0432 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -4,10 +4,11 @@ import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
 
+import eu.eidas.auth.commons.EIDASAuthnRequest;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 
-public class EIDASRequest extends RequestImpl {
+public class EIDASData extends RequestImpl {
 
 	/** The Constant serialVersionUID. */
 	private static final long serialVersionUID = 8765755670214923910L;
@@ -15,9 +16,69 @@ public class EIDASRequest extends RequestImpl {
 	/** The attributes requested by the eIDaS. */
 	private MOAPersonalAttributeList attributes;
 
+	/** The incoming eIDaS SAML2 AuthnRequest. */
+	private EIDASAuthnRequest authnRequest;
+
+	/** The ip address of the requester. */
+	private String remoteIPAddress;
+
 	@Override
 	public List<Attribute> getRequestedAttributes() {
 		// TODO Auto-generated method stub
 		return null;
 	}
+	
+	/**
+	 * Gets the eidas requested attributes.
+	 *
+	 * @return the requested attributes
+	 */
+	public MOAPersonalAttributeList getEidasRequestedAttributes() {
+		return (MOAPersonalAttributeList) attributes.clone();
+	}
+
+	/**
+	 * Sets the eidas requested attributes.
+	 *
+	 * @param personalAttributeList the requested attributes
+	 */
+	public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
+		attributes = personalAttributeList;
+	}
+
+	/**
+	 * Gets the eidas request.
+	 *
+	 * @return the eidas request
+	 */
+	public EIDASAuthnRequest getEidasRequest() {
+		return authnRequest;
+	}
+	
+	/**
+	 * Sets the eidas request.
+	 *
+	 * @param request the new eidas request
+	 */
+	public void setEidasRequest(EIDASAuthnRequest request) {
+		authnRequest = request;  
+	}
+
+	/**
+	 * Gets the remote address.
+	 *
+	 * @return the remote address
+	 */
+	public String getRemoteAddress() {
+		return remoteIPAddress;
+	}
+	
+	/**
+	 * Sets the remote address.
+	 *
+	 * @param remoteIP the new remote address
+	 */
+	public void setRemoteAddress(String remoteIP) {
+		remoteIPAddress = remoteIP;
+	}
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 3e2122315..a94e136b4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -101,12 +102,23 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
 			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
 
 			// memorize important stuff
-			EIDASRequest result = new EIDASRequest();
+			EIDASData result = new EIDASData();
+
+			// - memorize remote ip
+			result.setRemoteAddress(request.getRemoteAddr());
+			
+			// - memorize country code of target country
+			result.setTarget(samlReq.getCountry());
+			
 			// - memorize requested attributes
-			// TODO memorize requested attributes
+			result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
 
+			// - memorize whole request
+			samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+			result.setEidasRequest(samlReq);
+			
 			// - memorize OA url
-			result.setOAURL("https://demo.a-sit.at/EidasNode"); // TODO use metadata url?
+			result.setOAURL(samlReq.getIssuer());
 
 			// - memorize OA config
 			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
-- 
cgit v1.2.3


From 1672ef1dc32bf37c966660c33e422729addd5b41 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 15:43:54 +0100
Subject: cleanup

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  7 +++---
 .../modules/eidas/utils/EidasMetaDataServlet.java  |  6 +----
 .../id/protocols/eidas/AuthenticationRequest.java  | 29 +++++++++++-----------
 3 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 963fe70c1..18432fd1c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -110,7 +111,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
 				throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
 			}
-			Logger.debug("Found C-PEPS configuration for citizen of country: " + citizenCountryCode);
+			Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
@@ -143,9 +144,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
 			authnRequest.setPersonalAttributeList(pAttList);
 			
-			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
-			//TODO: only for development and reverse proxy 
-			authnRequest.setIssuer("http://localhost:12343/moa-id-auth/eidas/metadata");
+			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
 			
 			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index bedd0b6dc..470e3b0fc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -57,12 +57,8 @@ public class EidasMetaDataServlet extends HttpServlet {
             AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
             String pubURLPrefix = config.getPublicURLPrefix();
             
-            
             String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
             
-            //TODO: only for development and reverse proxy 
-            metadata_url = "http://localhost:12343/moa-id-auth/eidas/metadata";
-            
             String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
             String metaData = generateMetadata(metadata_url, sp_return_url);
 
@@ -92,7 +88,7 @@ public class EidasMetaDataServlet extends HttpServlet {
         mcp.setAssertionConsumerUrl(returnUrl);
 
         generator.addIDPRole();
-        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
 
         metadata = generator.generateMetadata();
         return metadata;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 6adefdb86..1012be1b7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -24,22 +24,21 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.StringWriter;
 import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Iterator;
 import java.util.Map.Entry;
 
-import iaik.pkcs.pkcs11.objects.Object;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -49,17 +48,12 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
-import org.springframework.format.datetime.DateFormatter;
-
 import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASStatusCode;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
-import eu.eidas.auth.engine.core.eidas.EidasConstants;
 import eu.eidas.auth.engine.metadata.MetadataUtil;
-import eu.stork.peps.auth.commons.PEPSUtil;
 
 
 /**
@@ -86,11 +80,12 @@ public class AuthenticationRequest implements IAction {
 		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
 			String newValue = "";
 			
+			// TODO make use of proper builder
 			switch(current.getKey()) {
-			case "DateOfBirth": newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
-			case "CurrentFamilyName": newValue = authData.getFamilyName();break;
-			case "CurrentGivenName": newValue = authData.getGivenName();break;
-			case "PersonIdentifier": newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+			case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+			case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
+			case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
+			case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
                     eidasRequest.getTarget()); break;
 			}
 			
@@ -106,7 +101,13 @@ public class AuthenticationRequest implements IAction {
 		// construct eIDaS response
 		EIDASAuthnResponse response = new EIDASAuthnResponse();
 		response.setPersonalAttributeList(resultingAttributeList);
-		response.setIssuer("http://localhost:12344/moa-id-auth/eidas/metadata");
+		
+		// - create metadata url
+        AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+        String pubURLPrefix = config.getPublicURLPrefix();
+        String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+		response.setIssuer(metadata_url);
+
 		response.setAssuranceLevel(authData.getEIDASQAALevel());
 		
 		String token = null;
-- 
cgit v1.2.3