From b166ec2361980aeb9f288125afd5716099a21f7c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 10 Jul 2014 12:42:05 +0200
Subject: solve TrustManagerRevocationCheck problem with legacy config import

---
 .../at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 864be253a..1240ed8f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -151,6 +151,8 @@ public class BuildFromLegacyConfig {
 	    	if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
 	    		authGeneral.setTrustManagerRevocationChecking(
 	    				Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)));
+	    	else
+	    		authGeneral.setTrustManagerRevocationChecking(true);
 	    	
 	    	if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
 	    		authGeneral.setCertStoreDirectory(
-- 
cgit v1.2.3


From 96407baacd66fef7f3581a5377180a152795bd78 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 14 Jul 2014 09:02:30 +0200
Subject: add additionl trustmanagerrevoationchecking default value

---
 .../gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java | 3 ++-
 .../java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java  | 2 +-
 .../gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java | 5 +++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index 681641834..f29780f05 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -159,7 +159,8 @@ public class GeneralMOAIDConfig {
 				if (authgen != null) {
 					alternativeSourceID = authgen.getAlternativeSourceID();
 					certStoreDirectory = authgen.getCertStoreDirectory();
-					trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking();
+					if (authgen.isTrustManagerRevocationChecking() != null)
+						trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking();
 					
 					publicURLPrefix = authgen.getPublicURLPreFix();
 					
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index 88ed7885f..24def1e02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -124,7 +124,7 @@ public class ConfigurationProvider {
 
 	protected String certstoreDirectory;
 	
-	protected boolean trustmanagerrevoationchecking;
+	protected boolean trustmanagerrevoationchecking = true;
 	
 	/**
 		 * Returns the main configuration file directory used to configure MOA-ID
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 6fc1d28c1..32625ca03 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -1038,10 +1038,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   private void setTrustManagerRevocationChecking() throws ConfigurationException {
 	  AuthComponentGeneral auth = getAuthComponentGeneral();
 	  
-	  if (auth.getGeneralConfiguration() != null)		  
+	  if (auth.getGeneralConfiguration() != null &&
+			  auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null)		  
 		  trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
 	  else {
-		  Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
+		  Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE");
 		  throw new ConfigurationException("config.02", null);
 	  } 
   }
-- 
cgit v1.2.3


From a25c112bc34957cdaaf7dbb950c229666da52499 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 15 Jul 2014 12:32:46 +0200
Subject: solve Sub-Target problems in MOA-ID-Configuration

---
 .../data/oa/OATargetConfiguration.java             | 23 ++++++++++++++++++++--
 .../webapp/jsp/snippets/OA/targetConfiguration.jsp |  4 ++--
 pom.xml                                            |  2 +-
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index e988cc292..550844700 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -83,7 +83,6 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 	@Override
 	public List<String> parse(OnlineApplication dbOA,
 			AuthenticatedUser authUser, HttpServletRequest request) {
-        subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector());
 		
 		String target_full = dbOA.getTarget();
 		if (MiscUtil.isNotEmpty(target_full)) {
@@ -95,8 +94,10 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 				
 				if (TargetValidator.isValidTarget(target_split[0])) {
 					target = target_split[0];
-					if (target_split.length > 1)
+					if (target_split.length > 1) {
 						target_subsector = target_split[1];
+						subTargetSet = true;
+					}
 					
 				} else {
 					target = "";
@@ -367,4 +368,22 @@ public class OATargetConfiguration implements IOnlineApplicationData {
     public void setDeaktivededBusinessService(boolean deaktivededBusinessService) {
         this.deaktivededBusinessService = deaktivededBusinessService;
     }
+
+
+	/**
+	 * @return the subTargetSet
+	 */
+	public boolean isSubTargetSet() {
+		return subTargetSet;
+	}
+
+
+	/**
+	 * @param subTargetSet the subTargetSet to set
+	 */
+	public void setSubTargetSet(boolean subTargetSet) {
+		this.subTargetSet = subTargetSet;
+	}
+    
+    
 }
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index 261966a86..b8bd1dc02 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -46,8 +46,8 @@
 								</s:select>
 							</s:else>
 							
-							<s:checkbox name="subTargetSet" 
-								value="%{subTargetSet}"
+							<s:checkbox name="targetConfig.subTargetSet" 
+								value="%{targetConfig.subTargetSet}"
 								labelposition="left"
 								key="webpages.oaconfig.general.target.subsector.checkbox"
 								cssClass="checkbox"
diff --git a/pom.xml b/pom.xml
index 2888425d1..27ac723e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -15,7 +15,7 @@
 				<moa-id-version>2.1.0</moa-id-version>
 				<moa-id-proxy-version>2.0.0</moa-id-proxy-version>
         <moa-spss-version>2.0.1</moa-spss-version>
-				<configtool-version>1.1.0</configtool-version>
+				<configtool-version>1.1.0.1</configtool-version>
 				<demo-oa-version>2.0.2</demo-oa-version>
     </properties>
 
-- 
cgit v1.2.3


From 234f17d14f9f48655c27d54114df0aa2593cf6d8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 18 Jul 2014 08:28:37 +0200
Subject: add gitignore file

---
 .gitignore | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..80cf5e7da
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,11 @@
+bin
+gen
+target
+*~
+*.orig
+*.log
+.settings
+.project
+.classpath
+.directory
+.checkstyle
-- 
cgit v1.2.3


From a9a7499e0158f437e26e20cb2a489f2d47281ea7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 16 Sep 2014 16:49:25 +0200
Subject: solve problem with xml-apis.jar and xercesImpl.jar

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4010333eb..cac36a91c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -445,7 +445,7 @@
             <dependency>
                 <groupId>xerces</groupId>
                 <artifactId>xercesImpl</artifactId>
-                <version>2.11.0</version>
+                <version>2.9.1</version>
                 <scope>compile</scope>	
             </dependency>
             <!-- The xmlParserAPIs.jar of the official xalan distribution
-- 
cgit v1.2.3


From 6f70c39d276b3758da06e3121208e2f1ed0009a3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 4 Nov 2014 10:03:08 +0100
Subject: remove subject->nameID from AuthnRequest

---
 .../at/gv/egovernment/moa/id/moduls/AuthenticationManager.java    | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a4d63b144..dab89b7c3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -422,16 +422,10 @@ public class AuthenticationManager extends AuthServlet {
 
 					authReq.setAssertionConsumerServiceIndex(0);
 					authReq.setIssueInstant(new DateTime());
-					Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-					NameID name = SAML2Utils.createSAMLObject(NameID.class);
-					Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-					
+					Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);					
 					String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath();
-					name.setValue(serviceURL);
 					issuer.setValue(serviceURL);
 
-					subject.setNameID(name);
-					authReq.setSubject(subject);
 					issuer.setFormat(NameIDType.ENTITY);
 					authReq.setIssuer(issuer);
 					NameIDPolicy policy = SAML2Utils
-- 
cgit v1.2.3


From 99b46131e3ef3753af9f1d17516cf900fd095b4d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 4 Nov 2014 10:43:51 +0100
Subject: add STORK-QAA to PVP SecClass mapping

---
 .../id/auth/builder/AuthenticationDataBuilder.java |  2 +-
 .../moa/id/moduls/AuthenticationManager.java       | 58 +++++++++++++++++++---
 .../egovernment/moa/id/util/PVPtoSTORKMapper.java  | 22 +++++++-
 .../properties/pvp-stork_mapping.properties        | 10 +++-
 4 files changed, 82 insertions(+), 10 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 52488c3cb..7aa4cd1f7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -536,7 +536,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				
 			} else {
 				Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-				String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel);
+				String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel);
 				if (MiscUtil.isNotEmpty(mappedQAA))
 					authData.setQAALevel(mappedQAA);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index dab89b7c3..333bd35f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -77,6 +77,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
@@ -87,9 +88,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
@@ -381,6 +384,7 @@ public class AuthenticationManager extends AuthServlet {
 		//get IDP metadata
 		try {
 			OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+			OAAuthParameter sp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getOAURL());
 			
 			if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
 				Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
@@ -389,7 +393,7 @@ public class AuthenticationManager extends AuthServlet {
 				return;
 				
 			} 
-						
+			
 			EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
 					getEntityDescriptor(target.getRequestedIDP());
 			
@@ -409,7 +413,7 @@ public class AuthenticationManager extends AuthServlet {
 							redirectEndpoint == null )
 						redirectEndpoint = sss;
 				}
-				
+								
 				if (redirectEndpoint != null) {
 					
 					AuthnRequest authReq = SAML2Utils
@@ -440,13 +444,55 @@ public class AuthenticationManager extends AuthServlet {
 							SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
 					
 					AuthnContextClassRef authnClassRef = 
-							SAML2Utils.createSAMLObject(AuthnContextClassRef.class);					
-					authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+							SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+					
+					if (sp != null && sp.isSTORKPVPGateway()){
+						//use PVP SecClass instead of STORK QAA level
+						String secClass = null;
+						if (target instanceof MOASTORKRequest) {
+							
+							try {
+								MOASTORKRequest storkReq = (MOASTORKRequest) target;	
+								secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
+										PVPConstants.STORK_QAA_PREFIX + storkReq.getStorkAuthnRequest().getQaa());
+							
+							} catch (Exception e) {
+								Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e);
+
+							}							
+						}
+						
+						if (MiscUtil.isNotEmpty(secClass))
+							authnClassRef.setAuthnContextClassRef(secClass);
+						else
+							authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3");
+											
+					} else {
+						if (target instanceof MOASTORKRequest) {
+							//use requested QAA level from STORK request
+							try {
+								MOASTORKRequest storkReq = (MOASTORKRequest) target;
+								authnClassRef.setAuthnContextClassRef(
+										PVPConstants.STORK_QAA_PREFIX + storkReq.getStorkAuthnRequest().getQaa());
+								Logger.debug("Use STORK-QAA level " + authnClassRef.getAuthnContextClassRef() 
+										+ " from STORK request");
+								
+							} catch (Exception e) {
+								Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e);
+								
+							}
+							
+						}
+						
+						if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef()))						
+							authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+						
+					}
+					
 					reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);					
 					reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);					
 					authReq.setRequestedAuthnContext(reqAuthContext);
-					
-					
+										
 					IEncoder binding = null;
 					if (redirectEndpoint.getBinding().equals(
 							SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index 0ea03e29d..fe3b780fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -36,6 +36,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class PVPtoSTORKMapper {
 
 	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
 	
 	private static final String MAPPING_RESOURCE = 
 			"resources/properties/pvp-stork_mapping.properties";
@@ -67,12 +68,31 @@ public class PVPtoSTORKMapper {
 		
 	}
 
+	/**Map a STORK QAA level to PVP SecClass
+	 * 
+	 * @param STORK-QAA level
+	 * @return PVP SecClass pvpQAALevel
+	 */	
+	public String mapToSecClass(String storkQAALevel) {
+		if (mapping != null) {
+			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
+		return null;
+	}
+	
 	/**Map a PVP SecClass to STORK QAA level
 	 * 
 	 * @param PVP SecClass pvpQAALevel
 	 * @return STORK-QAA level
 	 */	
-	public String mapQAALevel(String pvpQAALevel) {
+	public String mapToQAALevel(String pvpQAALevel) {
 		if (mapping != null) {
 			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(input);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
index 63745f826..1a8d8db58 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -2,8 +2,14 @@
 viewer=CIRCABC/viewer
 CIRCABC-viewer=CIRCABC/viewer
 
-##PVP SecClass mapping
+##PVP SecClass to STORK-QAA mapping
 secclass/0=http://www.stork.gov.eu/1.0/citizenQAALevel/1
 secclass/0-1=http://www.stork.gov.eu/1.0/citizenQAALevel/2
 secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/3
-secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4
\ No newline at end of file
+secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4
+
+##STORK-QAA to PVP SecClass mapping
+citizenQAALevel/1=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0
+citizenQAALevel/2=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-1
+citizenQAALevel/3=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
+citizenQAALevel/4=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3
\ No newline at end of file
-- 
cgit v1.2.3


From 3e3109fbf3f93f52919f0ba6089b5488f598c149 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 4 Nov 2014 11:40:33 +0100
Subject: add clock screw to assertion time validation

---
 .../id/protocols/pvp2x/verification/SAMLVerificationEngine.java   | 8 ++++++--
 pom.xml                                                           | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 4ba93f8fe..2247ad227 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -174,10 +174,14 @@ public class SAMLVerificationEngine {
 				for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
 					
 					Conditions conditions = saml2assertion.getConditions();
-					DateTime notbefore = conditions.getNotBefore();
+					DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
 					DateTime notafter = conditions.getNotOnOrAfter();
 					if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
-						Logger.warn("PVP2 Assertion is out of Date");
+						Logger.warn("PVP2 Assertion is out of Date. "
+								+ "{ Current : " + new DateTime() 
+								+ " NotBefore: " + notbefore 
+								+ " NotAfter : " + notafter
+								+ " }");
 											
 					} else {
 						validatedassertions.add(saml2assertion);
diff --git a/pom.xml b/pom.xml
index 3407bfcd9..280c1c012 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         
         <moa-commons-version>2.0.1</moa-commons-version>
-				<moa-id-version>2.1.2</moa-id-version>
+				<moa-id-version>2.1.2.1</moa-id-version>
 				<moa-id-proxy-version>2.0.0</moa-id-proxy-version>
         <moa-spss-version>2.0.3</moa-spss-version>
 				<configtool-version>1.1.4</configtool-version>
-- 
cgit v1.2.3


From b8ce6db7bdc9576ae8daef6ea2b1a8da45a2a735 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 4 Nov 2014 12:11:21 +0100
Subject: update minimal required attribute set for interfederated assertions

---
 .../protocols/pvp2x/utils/AssertionAttributeExtractor.java | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index f0373e214..26b3bfbd1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -54,8 +54,7 @@ public class AssertionAttributeExtractor {
 		
 	private final List<String> minimalAttributeNameList = Arrays.asList(
 			PVPConstants.PRINCIPAL_NAME_NAME, 
-			PVPConstants.GIVEN_NAME_NAME,
-			PVPConstants.BIRTHDATE_NAME);
+			PVPConstants.GIVEN_NAME_NAME);
 	
 	
 	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
@@ -119,16 +118,21 @@ public class AssertionAttributeExtractor {
 		
 		//first check if a bPK or an encrypted bPK is available
 		if (attributs.containsKey(PVPConstants.ENC_BPK_LIST_NAME) || 
-				(attributs.containsKey(PVPConstants.BPK_NAME) && attributs.containsKey(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))) {
+				(attributs.containsKey(PVPConstants.BPK_NAME))) {			
 			boolean flag = true;
 			for (String attr : attributeNameList) {
-				if (!attributs.containsKey(attr))
+				if (!attributs.containsKey(attr)) {
 					flag = false;
+					Logger.debug("Assertion contains no Attribute " + attr);
+					
+				}
+					
 			}
 			
 			return flag;
 			
-		}			
+		}
+		Logger.debug("Assertion contains no bPK or encryptedbPK.");
 		return false;
 		
 	}
-- 
cgit v1.2.3


From 0acb196f1a070ae31ca9cdb888dbf966460441c6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 4 Nov 2014 12:12:11 +0100
Subject: fix sessionTimeOut extraction from interfederated session

---
 .../id/auth/builder/AuthenticationDataBuilder.java  | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 7aa4cd1f7..d5a6a1b70 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -43,6 +43,7 @@ import javax.xml.bind.Marshaller;
 
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.AuthnStatement;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
@@ -271,12 +272,13 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			AssertionAttributeExtractor extractor = 
 					new AssertionAttributeExtractor(intfResp);			
 						
-			if (!extractor.containsAllRequiredAttributes()) {				
+			if (!extractor.containsAllRequiredAttributes()) {
+				Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ...");
 				//collect attributes by using BackChannel communication
 				String endpoint = idp.getIDPAttributQueryServiceURL();			
 				if (MiscUtil.isEmpty(endpoint)) {
-					Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
-					throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
+					Logger.error("No AttributeQueryURL for interfederationIDP " + idp.getPublicURLPrefix());
+					throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + idp.getPublicURLPrefix(), null);
 				}
 				
 				//build attributQuery request
@@ -761,8 +763,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		authData.setSsoSession(true);
 		authData.setInterfederatedSSOSession(true);
 		
-		if (extractor.getFullAssertion().getConditions() != null && extractor.getFullAssertion().getConditions().getNotOnOrAfter() != null)
+		if (extractor.getFullAssertion().getAuthnStatements() != null 
+				&& extractor.getFullAssertion().getAuthnStatements().size() > 0) {
+			for (AuthnStatement el : extractor.getFullAssertion().getAuthnStatements()) {
+				if (el.getSessionNotOnOrAfter() != null) {
+					authData.setSsoSessionValidTo(el.getSessionNotOnOrAfter().toDate());
+					break;
+				}
+			}
+			
+		} else {
 			authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate());
+			
+		}
 		
 		//only for SAML1
 		if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel()))
-- 
cgit v1.2.3


From 37384244fd52e2ee22608f1504aee825a1966113 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 4 Nov 2014 12:32:23 +0100
Subject: remove a not standardize prefix from PVP BPK attribute value.   -
 this is a workaround for LFRZ Stammportal interfederation

---
 .../moa/id/auth/builder/AuthenticationDataBuilder.java            | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index d5a6a1b70..d19080c25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -368,6 +368,14 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		
 		if (extractor.containsAttribute(PVPConstants.BPK_NAME)) {
 			String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME);
+			
+			if (pvpbPK.startsWith("bPK:")) {
+				Logger.warn("Attribute " + PVPConstants.BPK_NAME 
+					+ " contains a not standardize prefix! Staring attribute value correction process ...");
+				pvpbPK = pvpbPK.substring("bPK:".length());
+				
+			}
+			
 			String[] spitted = pvpbPK.split(":");
 			authData.setBPK(spitted[1]);
 			if (MiscUtil.isEmpty(authData.getBPKType())) {
-- 
cgit v1.2.3


From 6865934e3b6e20dd145025703e51af8b4b259e1b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 4 Nov 2014 14:45:38 +0100
Subject: add fix to correct invalid encoded EID_SECTOR_FOR_IDENTIFIER PVP
 attribute values

---
 .../moa/id/auth/builder/AuthenticationDataBuilder.java    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index d19080c25..bae5bb1f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -360,12 +360,25 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME));		
 		authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME));		
 		authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME));
-		authData.setBPKType(extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME));
 		authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME));		
 		authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME));
 		authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME));		
 		authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME));
 		
+		
+		if (extractor.containsAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+			String bpkType = extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME);
+			if (bpkType.startsWith(Constants.URN_PREFIX_CDID) && 
+					!bpkType.substring(Constants.URN_PREFIX_CDID.length(), 
+							Constants.URN_PREFIX_CDID.length() + 1).equals("+")) {				
+				Logger.warn("Receive uncorrect encoded bBKType attribute " + bpkType + " Starting attribute value correction ... ");
+				bpkType = Constants.URN_PREFIX_CDID + "+" + bpkType.substring(Constants.URN_PREFIX_CDID.length() + 1); 
+				
+			}
+									
+			authData.setBPKType(bpkType);			
+		}
+				
 		if (extractor.containsAttribute(PVPConstants.BPK_NAME)) {
 			String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME);
 			
-- 
cgit v1.2.3


From 9a859b2e6f94042ef0665eb4f63248e48978a059 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 4 Nov 2014 14:46:07 +0100
Subject: update STORK attribute provider implementation

---
 .../id/protocols/stork2/AttributeCollector.java    | 31 ++++++++-----
 .../id/protocols/stork2/MOAAttributeProvider.java  |  2 +-
 .../PVPAuthenticationProvider.java                 | 53 +++++++++++-----------
 3 files changed, 48 insertions(+), 38 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index e3b9992aa..192f139eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -121,7 +121,7 @@ public class AttributeCollector implements IAction {
 
             if (authnResponse.getPersonalAttributeList().size() > 0) {
                 Logger.info("Response from external attribute provider contains " + authnResponse.getPersonalAttributeList().size() + " attributes.");
-                addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList());
+                container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList()));
             }
 
         }
@@ -157,7 +157,7 @@ public class AttributeCollector implements IAction {
 
         // - insert the embedded attribute(s) into the container
         if (null != newAttributes)
-            addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
+        	container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes));
 
         // see if we need some more attributes
         SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam);
@@ -203,7 +203,8 @@ public class AttributeCollector implements IAction {
 				IPersonalAttributeList aquiredAttributes = new PersonalAttributeList();
 				currentAttribute.setStatus(AttributeStatusType.NOT_AVAILABLE.value());
 				aquiredAttributes.add((PersonalAttribute) currentAttribute.clone());
-				addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
+				container.getResponse().setPersonalAttributeList(
+						addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes));
             	// - check if we can find a suitable AttributeProvider Plugin
 
 		        Iterator<AttributeProvider> attibuteProvidersInterator = AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs());        
@@ -247,7 +248,7 @@ public class AttributeCollector implements IAction {
 					Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'");
 				} else
 					// else, update any existing attributes
-					addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
+					container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes));
             }
             Logger.info("collecting attributes done");
             
@@ -296,15 +297,21 @@ public class AttributeCollector implements IAction {
      *
      * @param target the target
      * @param source the source
+     * @return 
      * @throws MOAIDException 
      */
-	private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException {
+	private PersonalAttributeList addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException {
+
+		PersonalAttributeList updatedList = new PersonalAttributeList();
+		for (PersonalAttribute el : target)
+			updatedList.add(el);
+		
 		Logger.debug("Updating " + source.size() + " attributes...");
 		for (PersonalAttribute current : source) {
 			Logger.debug("treating " + current.getName());
 	        
 			// check if we need to update the current pa
-			if (target.containsKey(current.getName())) {
+			if (updatedList.containsKey(current.getName())) {
 				PersonalAttribute existing = target.get(current.getName());
 				if(!(existing.isEmptyValue() && existing.isEmptyComplexValue()))
 					if(!(existing.getValue().equals(current.getValue()) || existing.getComplexValue().equals(current.getComplexValue()))) {
@@ -312,14 +319,16 @@ public class AttributeCollector implements IAction {
 		                throw new MOAIDException("stork.16", new Object[] {existing.getName()});
 					}
 
-				target.get(current.getName()).setStatus(current.getStatus());
-				target.get(current.getName()).setValue(current.getValue());
-				target.get(current.getName()).setComplexValue(current.getComplexValue());
+				updatedList.get(current.getName()).setStatus(current.getStatus());
+				updatedList.get(current.getName()).setValue(current.getValue());
+				updatedList.get(current.getName()).setComplexValue(current.getComplexValue());
 			} else
-				target.add(current);
+				updatedList.add(current);
 
-			Logger.debug("...successfully treated " + current.getName());
+			Logger.debug("...successfully treated " + current.getName());			
 		}
+		
+		return updatedList;
 	}
 
     /* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 993514ec7..755102bf3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -71,7 +71,7 @@ public class MOAAttributeProvider {
     public MOAAttributeProvider(IAuthData authData, MOASTORKRequest moastorkRequest) {
         this.authData = authData;
         this.moastorkRequest = moastorkRequest;
-        Logger.debug("identity " + authData.getIdentificationType() + " " + authData.getIdentificationValue());
+        
     }
 
     public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
index 96aa55bcf..a026bac81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
@@ -193,33 +193,34 @@ public class PVPAuthenticationProvider extends AttributeProvider {
 	public IPersonalAttributeList parse(HttpServletRequest httpReq)
 			throws UnsupportedAttributeException, MOAIDException {
 		
-		Logger.info(this.getClass().getSimpleName() + " tries to extract SAMLResponse out of HTTP Request");
+		throw new UnsupportedAttributeException();
 		
-		//extract STORK Response from HTTP Request
-		//Decodes SAML Response
-		byte[] decSamlToken;
-		try {
-			decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse"));
-		} catch(NullPointerException e) {
-			throw new UnsupportedAttributeException();
-		}
-
-		//Get SAMLEngine instance
-		STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
-
-		STORKAuthnResponse authnResponse = null;
-		try {
-			//validate SAML Token
-			Logger.debug("Starting validation of SAML response");
-			authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) httpReq.getRemoteHost());
-			Logger.info("SAML response successfully verified!");
-			
-		}catch(STORKSAMLEngineException e){
-			Logger.error("Failed to verify STORK SAML Response", e);
-			throw new MOAIDException("stork.05", null);
-		}
-		
-		return authnResponse.getPersonalAttributeList();
+//		Logger.info(this.getClass().getSimpleName() + " tries to extract SAMLResponse out of HTTP Request");		
+//		//extract STORK Response from HTTP Request
+//		//Decodes SAML Response
+//		byte[] decSamlToken;
+//		try {
+//			decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse"));
+//		} catch(NullPointerException e) {
+//			throw new UnsupportedAttributeException();
+//		}
+//
+//		//Get SAMLEngine instance
+//		STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+//
+//		STORKAuthnResponse authnResponse = null;
+//		try {
+//			//validate SAML Token
+//			Logger.debug("Starting validation of SAML response");
+//			authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) httpReq.getRemoteHost());
+//			Logger.info("SAML response successfully verified!");
+//			
+//		}catch(STORKSAMLEngineException e){
+//			Logger.error("Failed to verify STORK SAML Response", e);
+//			throw new MOAIDException("stork.05", null);
+//		}
+//		
+//		return authnResponse.getPersonalAttributeList();
 			
 	}
 
-- 
cgit v1.2.3


From a3802bee2df66bf55b09db98e438818a3bc2e9ea Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 6 Nov 2014 09:49:29 +0100
Subject: add new role mapping entries update STORK-QAA <--> PVP SecClass
 mapping

---
 .../resources/resources/properties/pvp-stork_mapping.properties   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
index 1a8d8db58..a953d72e5 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -1,15 +1,19 @@
 ##PVP role mapping
 viewer=CIRCABC/viewer
 CIRCABC-viewer=CIRCABC/viewer
+CIRCABC-IGLeader=CIRCABC/IGLeader
+CIRCABC-Secretary=CIRCABC/Secretary
+CIRCABC-Access=CIRCABC/Access
+
 
 ##PVP SecClass to STORK-QAA mapping
 secclass/0=http://www.stork.gov.eu/1.0/citizenQAALevel/1
 secclass/0-1=http://www.stork.gov.eu/1.0/citizenQAALevel/2
-secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/3
+secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/4
 secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4
 
 ##STORK-QAA to PVP SecClass mapping
 citizenQAALevel/1=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0
 citizenQAALevel/2=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-1
 citizenQAALevel/3=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
-citizenQAALevel/4=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3
\ No newline at end of file
+citizenQAALevel/4=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
\ No newline at end of file
-- 
cgit v1.2.3


From 856502356028dc85e19e1b47e0cc569095404c6e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 07:46:05 +0100
Subject: add additional role mappping

---
 .../resources/properties/pvp-stork_mapping.properties          | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
index a953d72e5..b552118d4 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -5,6 +5,16 @@ CIRCABC-IGLeader=CIRCABC/IGLeader
 CIRCABC-Secretary=CIRCABC/Secretary
 CIRCABC-Access=CIRCABC/Access
 
+ecas-demo-EUROPEAN_COMMISSION=ecas-demo/EUROPEAN_COMMISSION
+ecas-demo-EXTERNAL_INTRAMUROS=ecas-demo/EXTERNAL_INTRAMUROS
+ecas-demo-INTERNET=ecas-demo/INTERNET
+ecas-demo-LIVENEWS=ecas-demo/LIVENEWS
+
+DIGIT-EUROPEAN_COMMISSION=DIGIT/EUROPEAN_COMMISSION
+DIGIT-EXTERNAL_INTRAMUROS=DIGIT/EXTERNAL_INTRAMUROS
+DIGIT-INTERNET=DIGIT/INTERNET
+DIGIT-LIVENEWS=DIGIT/LIVENEWS
+
 
 ##PVP SecClass to STORK-QAA mapping
 secclass/0=http://www.stork.gov.eu/1.0/citizenQAALevel/1
-- 
cgit v1.2.3


From b39bc0239d1e4a4d4a8b0fe708ee24c7709b9454 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 08:14:16 +0100
Subject: add MSOrganisation attribute for ISA 1.18

---
 .../conf/moa-id/stork/StorkSamlEngine_VIDP.xml     |  1 +
 .../conf/moa-id/stork/StorkSamlEngine_incoming.xml |  6 ++++-
 .../moa-id/stork/StorkSamlEngine_incoming_attr.xml |  6 ++++-
 .../conf/moa-id/stork/StorkSamlEngine_outgoing.xml |  4 ++++
 .../id/auth/builder/AuthenticationDataBuilder.java |  6 +++++
 .../moa/id/data/AuthenticationData.java            | 28 ++++++++++++++--------
 .../at/gv/egovernment/moa/id/data/IAuthData.java   |  7 ++++--
 .../id/protocols/stork2/MOAAttributeProvider.java  |  8 +++++--
 .../moa/id/protocols/stork2/STORKPVPUtilits.java   |  2 +-
 9 files changed, 51 insertions(+), 17 deletions(-)

diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
index ee4c636ce..b45b69054 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
@@ -119,5 +119,6 @@
         
         <!-- ISA 1.18 attributes-->
         <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
+        <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
 
 </properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
index 83e69ac23..3370978b3 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
@@ -90,5 +90,9 @@
 	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
 	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
 	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-	
+  
+  <!-- ISA 1.18 attributes-->
+  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
+  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+  	
 </properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
index 83e69ac23..33437c110 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
@@ -90,5 +90,9 @@
 	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
 	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
 	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-	
+        
+  <!-- ISA 1.18 attributes-->
+  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
+  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+  	
 </properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
index b095b9e7e..2b0c05b88 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
@@ -91,4 +91,8 @@
 	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
 	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
 	
+  <!-- ISA 1.18 attributes-->
+  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
+  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+  
 </properties>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index bae5bb1f6..731925c1b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -767,6 +767,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			}			
 		}
 		
+		//set PVP OU attribute
+		if (extractor.containsAttribute(PVPConstants.OU_NAME)) {
+			authData.setPvpAttribute_OU(extractor.getSingleAttributeValue(PVPConstants.OU_NAME));
+			Logger.debug("Found PVP 'OU' attribute in response -> " + authData.getPvpAttribute_OU());
+			
+		}
 	
 		//set STORK attributes
 		if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 65c413ef9..05b008515 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -133,7 +133,9 @@ public class AuthenticationData  implements IAuthData, Serializable {
 	  private String authBlock = null; 
 	  private List<String> encbPKList = null;
 	  
+	  //ISA 1.18 attributes
 	  private List<AuthenticationRole> roles = null;
+	  private String pvpAttribute_OU = null;
 	  
 	  private boolean useMandate = false;
 	  private MISMandate mandate = null;
@@ -707,6 +709,7 @@ public class AuthenticationData  implements IAuthData, Serializable {
 		return roles;
 	}
 
+	//ISA 1.18 attributes
 	/**
 	 * @param roles the roles to set
 	 */
@@ -716,26 +719,31 @@ public class AuthenticationData  implements IAuthData, Serializable {
 
 		this.roles.add(role);
 	}
+	
+	/**
+	 * @return the pvpAttribute_OU
+	 */
+	public String getPvpAttribute_OU() {
+		return pvpAttribute_OU;
+	}
+
+	/**
+	 * @param pvpAttribute_OU the pvpAttribute_OU to set
+	 */
+	public void setPvpAttribute_OU(String pvpAttribute_OU) {
+		this.pvpAttribute_OU = pvpAttribute_OU;
+	}
 
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
 	 */
 	@Override
 	public boolean isBusinessService() {
-		// TODO Auto-generated method stub
 		return this.businessService;
 	}
 	
 	public void setIsBusinessService(boolean flag) {
 		this.businessService = flag;
 		
-	}
-
-	
-	
-
-	
-
-	
-	
+	}	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index ebbf62ce7..ccc90a031 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -69,7 +69,9 @@ public interface IAuthData {
 	 IdentityLink getIdentityLink();
 	 byte[] getSignerCertificate();
 	 String getAuthBlock();
-	 
+
+	 //ISA 1.18 attributes
+	 String getPvpAttribute_OU();
 	 List<AuthenticationRole> getAuthenticationRoles();
 	 
 	 boolean isPublicAuthority();
@@ -90,5 +92,6 @@ public interface IAuthData {
 	 String getCcc();
 	 STORKAuthnRequest getStorkAuthnRequest();
 	 String getStorkAuthnResponse();
-	 IPersonalAttributeList getStorkAttributes();	 	 
+	 IPersonalAttributeList getStorkAttributes();
+	 	 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 755102bf3..499265319 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -59,13 +59,17 @@ public class MOAAttributeProvider {
     static {
         Map<String, String> tempSimpleMap = new HashMap<String, String>();
         tempSimpleMap.put("givenName", "getGivenName");
-        tempSimpleMap.put("surname", "getFamilyName");
+        tempSimpleMap.put("surname", "getFamilyName");        
+        tempSimpleMap.put("MSOrganization", "getPvpAttribute_OU");
         storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap);
+                
         Map<String, String> tempFunctionMap = new HashMap<String, String>();
         tempFunctionMap.put("eIdentifier", "geteIdentifier");
         tempFunctionMap.put("ECApplicationRole","getECApplicationRole");
         tempFunctionMap.put("dateOfBirth", "getFormatedDateOfBirth");
+        tempFunctionMap.put("MSOrganization", "getMSOrganization");
         storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
+        
     }
 
     public MOAAttributeProvider(IAuthData authData, MOASTORKRequest moastorkRequest) {
@@ -129,7 +133,7 @@ public class MOAAttributeProvider {
     	}    	
     	return storkRoles;
     }
-
+    
     private String getFormatedDateOfBirth() {
 		if (authData.getDateOfBirth() != null) {
 			DateFormat fmt = new SimpleDateFormat("yyyyMMdd");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java
index d923eccde..123d32af4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java
@@ -32,7 +32,7 @@ import java.util.List;
 public class STORKPVPUtilits {
 	
 	public static final List<String> attributesRequirePVPAuthentication = 
-			Arrays.asList("ECApplicationRole");
+			Arrays.asList("ECApplicationRole", "MSOrganization");
 	
 	
 	
-- 
cgit v1.2.3


From 50416e97cfe3c633cf3e146b85856bc0b418bfd0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 08:15:53 +0100
Subject: use OA target from request, if SAML1 is used. for legacy applications

---
 .../id/auth/parser/StartAuthentificationParameterParser.java  | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 1bc3702e4..a123569d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -132,12 +132,13 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 			String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
 			 			
 			if (StringUtils.isEmpty(targetConfig)
-//					|| (module.equals(SAML1Protocol.PATH) && 
-//							!StringUtils.isEmpty(target)) 
+					|| (module.equals(SAML1Protocol.PATH) && 
+							!StringUtils.isEmpty(target)) 
 				) {
-			    	// no target attribut is given in OA config
-			    	// target is used from request
-			    	// check parameter
+					//INFO: ONLY SAML1 legacy mode
+			    	// if SAML1 is used and target attribute is given in request
+			    	// use requested target
+			    	// check target parameter
 				if (!ParamValidatorUtils.isValidTarget(target)) {
                     Logger.error("Selected target is invalid. Using target: " + target);
 			   		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
-- 
cgit v1.2.3


From 306b421d07f29ed6a0e6a009a38c2f558a7e310d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 09:29:34 +0100
Subject: fix configTool list OA problem

---
 .../at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
index 150483dd8..b66bf878a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
@@ -60,7 +60,8 @@ public class FormDataHelper {
 
 		for (OnlineApplication dboa : dbOAs) {
 			
-			if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || 
+			if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) ||
+					(dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) ||
 					(dboa.getAuthComponentOA().getOASTORK() != null 
 						&& dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
 						&& dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) {
-- 
cgit v1.2.3


From 720477bf5951aa4a307e1150e8a34d373f66e62b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 09:29:51 +0100
Subject: fix problem with SLO and interfederation

---
 .../pvp2x/builder/SingleLogOutBuilder.java          | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index 01139d95c..50f42d928 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -43,6 +43,7 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.core.StatusMessage;
 import org.opensaml.saml2.core.StatusResponseType;
 import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.SSODescriptor;
 import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -348,17 +349,29 @@ public class SingleLogOutBuilder {
 	public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
 		MOARequest moaReq = (MOARequest) spRequest.getRequest();
 		EntityDescriptor metadata = moaReq.getEntityMetadata();
-		SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		
+		if (ssodesc == null) {
+			Logger.debug("No PVP SPSSO descriptor found --> search IDPSSO descriptor");
+			ssodesc = metadata.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
+						
+		}
+
+		if (ssodesc == null) {
+			Logger.error("Found no SLO ServiceDescriptor in Metadata");				
+			throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
 			
+		}
+		
 		SingleLogoutService sloService = null;			
-		for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+		for (SingleLogoutService el : ssodesc.getSingleLogoutServices()) {
 			if (el.getBinding().equals(spRequest.getBinding()))
 				sloService = el;
 		}
 		
 		if (sloService == null)  {
-			if (spsso.getSingleLogoutServices().size() != 0)		
-				sloService = spsso.getSingleLogoutServices().get(0);
+			if (ssodesc.getSingleLogoutServices().size() != 0)		
+				sloService = ssodesc.getSingleLogoutServices().get(0);
 		
 			else {
 				Logger.error("Found no SLO ServiceDescriptor in Metadata");				
-- 
cgit v1.2.3


From 539feb77b1244e691f1735403a5c040cf11ebd9f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 09:54:56 +0100
Subject: send SLO success statuscode if no active SSO session is found   - no
 SSO session cookie   - no SP information in session database for requested
 nameID

---
 .../egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index b22941216..aa154b84b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -135,8 +135,10 @@ public class SingleLogOutAction implements IAction {
 					if (MiscUtil.isEmpty(ssoID)) {
 						Logger.warn("Can not find active Session. Single LogOut not possible!");
 						SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
-						LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
-						SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+						//LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+						LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
+						Logger.info("Sending SLO success message to requester ...");
+						SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());						
 						return null;
 						
 					} else {
@@ -147,7 +149,9 @@ public class SingleLogOutAction implements IAction {
 						} catch (MOADatabaseException e) {
 							Logger.warn("Can not find active Session. Single LogOut not possible!");
 							SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
-							LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+							//LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+							LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
+							Logger.info("Sending SLO success message to requester ...");
 							SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
 							return null;
 							
-- 
cgit v1.2.3


From a904d1ef6313a7d510882ada132f7e90b39a0c64 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 14:33:54 +0100
Subject: fix possible problems with PVP roles and role parameters

---
 .../moa/id/data/AuthenticationRoleFactory.java     | 35 +++++++++++++---------
 .../egovernment/moa/id/util/PVPtoSTORKMapper.java  |  9 ++++--
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java
index 8915b2442..b3b29f6c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java
@@ -26,6 +26,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -51,23 +52,29 @@ public class AuthenticationRoleFactory {
 			List<String> param = Arrays.asList(params.split(","));
 			String test = new String();
 			for (String el : param) {
-				test = test.concat(el);
-				if (!test.endsWith("\\") || 
-						(test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) {
-					String[] keyValue = test.split("=");
-					if (keyValue.length < 2) {
-						role.addParameter(keyValue[0].trim(), "");
-						Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim());
+				if (MiscUtil.isNotEmpty(el)) {
+					test = test.concat(el);
+					if (!test.endsWith("\\") || 
+							(test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) {
+						String[] keyValue = test.split("=");
+						if (keyValue.length < 2) {
+							role.addParameter(keyValue[0].trim(), "");
+							Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim());
 						
-					} else {
-						role.addParameter(keyValue[0].trim(), keyValue[1].trim());
-						Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim() 
-								+ " value=" + keyValue[1].trim());
+						} else {
+							role.addParameter(keyValue[0].trim(), keyValue[1].trim());
+							Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim() 
+									+ " value=" + keyValue[1].trim());
 						
-					}
+						}
 					
-					test = new String();
-				}									
+						test = new String();
+						
+					} else { 
+						test = test.substring(0, test.length()-1).concat(",");
+						
+					}
+				}
 			}			
 		}
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index fe3b780fb..5ef9494f4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -113,13 +113,16 @@ public class PVPtoSTORKMapper {
 	 */
 	public String map(AuthenticationRole el) {
 		if (mapping != null) {
-			String ecRole = mapping.getProperty(el.getRawRoleString());
+			//String ecRole = mapping.getProperty(el.getRawRoleString());
+			String ecRole = mapping.getProperty(el.getRoleName());
 			if (MiscUtil.isNotEmpty(ecRole)) {
-				Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
 				return ecRole;
 			}			
 		}
-		Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
 		return null;
 	}
 }
-- 
cgit v1.2.3


From ac46b082c7dc004f7c7237d8bda5d73cd646d861 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 16:29:30 +0100
Subject: add new A-Trust test CA certs

---
 ...Test-Sig-02.20141124-20141118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes
 ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer |  23 +++++++++++++++++++++
 ...est-Qual-02.20141124-20141118.SerNo3969edbf.cer | Bin 0 -> 996 bytes
 ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer |  23 +++++++++++++++++++++
 ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer |  23 +++++++++++++++++++++
 5 files changed, 69 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Qual-02.20141124-20141118.SerNo3969edbf.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer

diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Qual-02.20141124-20141118.SerNo3969edbf.cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Qual-02.20141124-20141118.SerNo3969edbf.cer
new file mode 100644
index 000000000..d71177a4e
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Qual-02.20141124-20141118.SerNo3969edbf.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
-- 
cgit v1.2.3


From f02943b7b4257bb9f16bd2e9f9d9dfb5a2f17944 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 17:17:41 +0100
Subject: change interfederation with short SAML1 assertion: insert baseID if
 it is requested and available

---
 .../moa/id/protocols/saml1/SAML1AuthenticationServer.java     | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 65e520cc3..c8a480cac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -64,6 +64,7 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.util.xsd.persondata.IdentificationType;
 import at.gv.util.xsd.persondata.IdentificationType.Value;
@@ -222,8 +223,14 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				Value value = new Value();
 				id.setValue(value  );
 				
-				id.setType(Constants.URN_PREFIX_BASEID);
-				value.setValue("");				
+				id.setType(authData.getIdentificationType());
+				//add baseID if it is requested and available
+				if ( MiscUtil.isNotEmpty(authData.getIdentificationValue()) && 
+						saml1parameter.isProvideIdentityLink() )
+					value.setValue(authData.getIdentificationValue());
+				else
+					value.setValue("");
+				
 				familyName.setValue(authData.getFamilyName());
 				familyName.setPrimary("undefined");
 				name.getGivenName().add(authData.getGivenName());
-- 
cgit v1.2.3


From 9ebec8cfa0e56467314bbd983d87640411b12ce3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 17:19:27 +0100
Subject: rebuild SAML1 target parameter functionality for legacy applications

---
 .../id/auth/builder/AuthenticationDataBuilder.java | 27 ++++++++++++++--------
 .../servlet/GenerateIFrameTemplateServlet.java     | 17 ++++++++++----
 .../moa/id/protocols/saml1/GetArtifactAction.java  |  4 ++--
 .../moa/id/protocols/saml1/SAML1Protocol.java      | 11 ++++++---
 4 files changed, 39 insertions(+), 20 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 731925c1b..5fb4d6be8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -215,7 +215,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			
 		} else {
 			//build AuthenticationData from MOASession
-			buildAuthDataFormMOASession(authdata, session, oaParam);
+			buildAuthDataFormMOASession(authdata, session, oaParam, protocolRequest);
 					
 		}
 		
@@ -323,7 +323,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				
 			}
 			//parse response information to authData
-			buildAuthDataFormInterfederationResponse(authdata, session, extractor, oaParam);			
+			buildAuthDataFormInterfederationResponse(authdata, session, extractor, oaParam, req);			
 			
 		} catch (SOAPException e) {
 			throw new BuildException("builder.06", null, e);
@@ -350,7 +350,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			AuthenticationData authData, 
 			AuthenticationSession session, 
 			AssertionAttributeExtractor extractor,
-			IOAAuthParameters oaParam) 
+			IOAAuthParameters oaParam,
+			IRequest req) 
 					throws BuildException, AssertionAttributeExtractorExeption {
 		
 		Logger.debug("Build AuthData from assertion starts ....");
@@ -536,7 +537,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			}
 			
 			//build OA specific bPK/wbPK information
-			buildOAspecificbPK(oaParam, authData, 
+			buildOAspecificbPK(req, oaParam, authData, 
 					authData.getIdentificationValue(), 
 					authData.getIdentificationType());
 			
@@ -544,7 +545,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		
 		if (MiscUtil.isEmpty(authData.getBPK())) {
 			Logger.debug("Calcutlate bPK from baseID");
-			buildOAspecificbPK(oaParam, authData, 
+			buildOAspecificbPK(req, oaParam, authData, 
 					authData.getIdentificationValue(), 
 					authData.getIdentificationType());
 			
@@ -845,7 +846,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 	}
 
 	private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, 
-			IOAAuthParameters oaParam) throws BuildException, ConfigurationException {
+			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 		
 		IdentityLink identityLink = session.getIdentityLink();
 
@@ -959,7 +960,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
 
             } else {
-            	buildOAspecificbPK(oaParam, authData, 
+            	buildOAspecificbPK(protocolRequest, oaParam, authData, 
             			identityLink.getIdentificationValue(), 
             			identityLink.getIdentificationType());
             	
@@ -1003,7 +1004,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		
 	}		
 	
-	private static void buildOAspecificbPK(IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  {
+	private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  {
 		
         if (oaParam.getBusinessService()) {
             //since we have foreigner, wbPK is not calculated in BKU
@@ -1024,9 +1025,15 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 
             if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) {
                 // only compute bPK if online application is a public service and we have the Stammzahl
-                String bpkBase64 = new BPKBuilder().buildBPK(baseID, oaParam.getTarget());
+            	String target = null;
+            	if (protocolRequest instanceof SAML1RequestImpl)
+            		target = protocolRequest.getTarget();
+            	else
+            		target = oaParam.getTarget();
+            	
+                String bpkBase64 = new BPKBuilder().buildBPK(baseID, target);
                 authData.setBPK(bpkBase64);
-                authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+                authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + target);
             }
 
             Logger.trace("Authenticate user with bPK " + authData.getBPK());           
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 2ef8ab5ec..99a7dce89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -45,6 +45,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
@@ -116,11 +119,15 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 			
 			else {
 	    	
-				//load Parameters from config
-		    	String target = oaParam.getTarget();
-
-
-
+				//get Target from config or from request in case of SAML 1				
+				String target = null;
+				IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+				if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && 
+						pendingReq.requestedModule().equals(SAML1Protocol.PATH))
+					target = pendingReq.getTarget();
+				else
+					target = oaParam.getTarget();
+				
 		    	String bkuURL = oaParam.getBKUURL(bkuid);
 		    	if (MiscUtil.isEmpty(bkuURL)) {
 		    		Logger.info("No OA specific BKU defined. Use BKU from default configuration");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 67f780b3a..4cdd1db01 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -83,7 +83,7 @@ public class GetArtifactAction implements IAction {
 				String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
 				url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
 				if (!oaParam.getBusinessService())
-					url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+					url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8"));
 				url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 				url = httpResp.encodeRedirectURL(url);
 				
@@ -95,7 +95,7 @@ public class GetArtifactAction implements IAction {
 				String redirectURL = oaURL;		
 				if (!oaParam.getBusinessService()) {
 					redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-					URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+					URLEncoder.encode(req.getTarget(), "UTF-8"));
 
 				}
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 8f7f17e2e..9934c339d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -132,7 +132,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 		if (!ParamValidatorUtils.isValidOA(oaURL))
 			throw new WrongParametersException("StartAuthentication", PARAM_OA,
 					"auth.12");
-	
+		
 		config.setOAURL(oaURL);
 		
 		Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
@@ -156,8 +156,13 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 					new Object[] { null });
 		}
 		
-		config.setSourceID(sourceID);		
-		config.setTarget(oaParam.getTarget());
+		config.setSourceID(sourceID);
+		if (MiscUtil.isNotEmpty(target))
+			config.setTarget(target);
+		
+		else
+			config.setTarget(oaParam.getTarget());
+			
 				
 		return config;
 	}
-- 
cgit v1.2.3


From 6e32481ed5ac19a82165f229e690184e824a3008 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 27 Nov 2014 07:04:29 +0100
Subject: fix wrong error message if SSL server certificate is not trusted

---
 .../moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 40e243d0b..964a10a1b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -126,6 +126,9 @@ public class OAPVP2ConfigValidation {
 							} catch (ConfigurationException e) {
 								log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
 								
+							} catch (CertificateException e) {
+								log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
+								
 							}
 						
 						httpProvider = 
@@ -157,6 +160,8 @@ public class OAPVP2ConfigValidation {
 			
 		} catch (MetadataProviderException e) {
 			
+			
+			//TODO: check exception handling
 			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
 				log.info("SSL Server certificate not trusted.", e);
 				errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
-- 
cgit v1.2.3


From 69cd6c71b77ef6fb454701cfa05b81b323744819 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 27 Nov 2014 07:05:51 +0100
Subject: change ISA 1.18 roles yet another time

---
 .../resources/resources/properties/pvp-stork_mapping.properties   | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
index b552118d4..ca12fada4 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -1,9 +1,9 @@
 ##PVP role mapping
 viewer=CIRCABC/viewer
 CIRCABC-viewer=CIRCABC/viewer
-CIRCABC-IGLeader=CIRCABC/IGLeader
-CIRCABC-Secretary=CIRCABC/Secretary
-CIRCABC-Access=CIRCABC/Access
+CIRCABC-DIRECTOR=CIRCABC/DIRECTOR
+CIRCABC-SECRETARY=CIRCABC/SECRETARY
+CIRCABC-MEMBER=CIRCABC/MEMBER
 
 ecas-demo-EUROPEAN_COMMISSION=ecas-demo/EUROPEAN_COMMISSION
 ecas-demo-EXTERNAL_INTRAMUROS=ecas-demo/EXTERNAL_INTRAMUROS
@@ -16,6 +16,8 @@ DIGIT-INTERNET=DIGIT/INTERNET
 DIGIT-LIVENEWS=DIGIT/LIVENEWS
 
 
+
+
 ##PVP SecClass to STORK-QAA mapping
 secclass/0=http://www.stork.gov.eu/1.0/citizenQAALevel/1
 secclass/0-1=http://www.stork.gov.eu/1.0/citizenQAALevel/2
-- 
cgit v1.2.3


From 309f381c1ef98a82a23da42cda99734032b73bf4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 4 Dec 2014 09:56:03 +0100
Subject: change exception handling for TrustStore configuration

---
 .../moa/id/configuration/config/ConfigurationProvider.java        | 8 ++++----
 .../id/configuration/validation/oa/OAPVP2ConfigValidation.java    | 5 +----
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index 957479b29..e6000319e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -437,23 +437,23 @@ public class ConfigurationProvider {
 		return parseVersionFromManifest();
 	}
 	
-	public String getCertStoreDirectory() throws CertificateException {
+	public String getCertStoreDirectory() throws ConfigurationException {
 		String dir = props.getProperty("general.ssl.certstore");
 		if (MiscUtil.isNotEmpty(dir))
 				return FileUtils.makeAbsoluteURL(dir, configRootDir);
 		
 		else
-			throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore.");
+			throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore.");
 		
 	}
 	
-	public String getTrustStoreDirectory() throws CertificateException {
+	public String getTrustStoreDirectory() throws ConfigurationException {
 		String dir = props.getProperty("general.ssl.truststore");
 		if (MiscUtil.isNotEmpty(dir))
 				return FileUtils.makeAbsoluteURL(dir, configRootDir);
 		
 		else
-			throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore.");
+			throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore.");
 		
 	}
 	
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 964a10a1b..d122b6bde 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -126,10 +126,7 @@ public class OAPVP2ConfigValidation {
 							} catch (ConfigurationException e) {
 								log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
 								
-							} catch (CertificateException e) {
-								log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
-								
-							}
+							} 
 						
 						httpProvider = 
 								new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
-- 
cgit v1.2.3


From d222f975e7ad212264dab7cb7a0c39ec40478222 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 4 Dec 2014 09:57:17 +0100
Subject: STORK<->PVP AttributeProvider : fix problem with more then one
 attribute in configuration

---
 .../protocols/stork2/attributeproviders/PVPAuthenticationProvider.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
index a026bac81..7f06c604b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
@@ -80,7 +80,7 @@ public class PVPAuthenticationProvider extends AttributeProvider {
 		
 		this.moastorkRequest = moastorkRequest;
         // break if we cannot handle the requested attribute
-        if (!attributes.contains(attribute.getName())) {
+        if (!getSupportedAttributeNames().contains(attribute.getName())) {
             Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName());
             throw new UnsupportedAttributeException();
             
-- 
cgit v1.2.3


From c0ce67ebe2c4882b71ef04d64a6db7e3db416ce4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 4 Dec 2014 09:58:08 +0100
Subject: do not use deprecated Methode in MOAHttpClient

---
 .../src/main/java/org/apache/commons/httpclient/MOAHttpClient.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
index e4aa6a284..d708c2603 100644
--- a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
+++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
@@ -34,6 +34,7 @@ import org.apache.commons.httpclient.HttpMethodDirector;
 import org.apache.commons.httpclient.HttpState;
 import org.apache.commons.httpclient.URI;
 import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
 import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
@@ -47,7 +48,7 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
 public class MOAHttpClient extends HttpClient {
 
 	
-	public void setCustomSSLTrustStore(String metadataURL, SecureProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException {
+	public void setCustomSSLTrustStore(String metadataURL, ProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException {
 		;
 		
 		URL url = new URL(metadataURL);	
-- 
cgit v1.2.3