From b53d2f387282b731ea72806ec7d410a1c27a878d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jun 2018 06:25:41 +0200
Subject: add foreign bPK generation into AuthenticationDataBuilder

---
 id/ConfigWebTool/src/main/resources/applicationResources_en.properties | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'id/ConfigWebTool/src/main/resources/applicationResources_en.properties')

diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index d642994de..694294df7 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -249,6 +249,7 @@ webpages.oaconfig.general.friendlyname=Name of the Online-Application
 webpages.oaconfig.general.isbusinessservice=Private sector application
 webpages.oaconfig.general.isstorkservice=Stork application
 webpages.oaconfig.general.public.header=Public sector
+webpages.oaconfig.general.foreignbpk.header=Foreign sectors configuration
 webpages.oaconfig.general.stork.header=STORK sector
 webpages.oaconfig.general.stork.countrycode=Country code
 webpages.oaconfig.general.target.friendlyname=Name of the sector (arbitrary defined)
@@ -268,6 +269,7 @@ webpages.oaconfig.general.aditional.iframe=Selection of citizen card in IFrame
 webpages.oaconfig.general.aditional.useUTC=Use UTC time
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
+webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV)
 
 webpages.oaconfig.general.szrgw.header=SZR-Gateway Service
 webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL
-- 
cgit v1.2.3


From 30e324851d67bd900471457e3c30a19b4073ec77 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 25 Jun 2018 13:22:20 +0200
Subject: add SP specific configuration for SL2.0

---
 .../data/oa/OAAuthenticationData.java              | 55 +++++++++++++++-
 .../oa/OAAuthenticationDataValidation.java         | 61 ++++++++++++++++-
 .../resources/applicationResources_de.properties   |  8 +++
 .../resources/applicationResources_en.properties   |  8 +++
 .../main/webapp/jsp/snippets/OA/authentication.jsp | 21 ++++++
 .../ServicesAuthenticationInformationTask.java     | 76 ++++++++++++++++++++++
 .../moa/id/moduls/AuthenticationManager.java       |  4 +-
 .../moa/id/commons/MOAIDAuthConstants.java         |  1 +
 .../moa/id/commons/api/IOAAuthParameters.java      |  3 +-
 .../config/ConfigurationMigrationUtils.java        | 24 +++++++
 .../config/MOAIDConfigurationConstants.java        |  3 +
 .../db/dao/config/deprecated/AuthComponentOA.java  | 38 ++++++++---
 .../moa/id/commons/utils/KeyValueUtils.java        | 26 ++++++++
 .../moa/id/auth/modules/sl20_auth/Constants.java   |  5 +-
 .../sl20_auth/SL20AuthenticationModulImpl.java     | 43 +++++++++---
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  | 37 +++++------
 16 files changed, 366 insertions(+), 47 deletions(-)

(limited to 'id/ConfigWebTool/src/main/resources/applicationResources_en.properties')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index ad99f5d22..2f51e68b4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -85,6 +85,11 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 	private boolean useTestIDLValidationTrustStore = false;
 	private boolean useTestAuthblockValidationTrustStore = false;
 	
+	
+	//SL2.0
+	private boolean sl20Active = false;
+	private String sl20EndPoints = null;
+	
 	/**
 	 * 
 	 */
@@ -253,6 +258,29 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 			useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore();		
 		}
 		
+		//parse SL2.0 information
+		if (oaauth.isSl20Active()) {
+			//parse SL2.0 endpoint information
+			if (oaauth.getSl20EndPoints() != null) {
+				if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints()))
+					sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints());
+				
+				else {
+					if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) {
+						//remove trailing comma if exist
+						sl20EndPoints = oaauth.getSl20EndPoints().substring(0, 
+								oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER));
+													
+					} else
+						sl20EndPoints = oaauth.getSl20EndPoints();
+					
+				}
+			}
+			sl20Active = oaauth.isSl20Active();
+			
+		}
+		
+		
 		return null;
 		
 	}
@@ -392,7 +420,10 @@ public class OAAuthenticationData implements IOnlineApplicationData {
         testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore);
         
         
-        
+        //store SL2.0 information
+        authoa.setSl20Active(isSl20Active());        
+        authoa.setSl20EndPoints(getSl20EndPoints());
+                
         return null;
 	}
 
@@ -768,6 +799,28 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 	public List<String> getSzrgwServicesList() {
 		return szrgwServicesList;
 	}
+
+	
+	public boolean isSl20Active() {
+		return sl20Active;
+	}
+
+	public void setSl20Active(boolean sl20Active) {
+		this.sl20Active = sl20Active;
+	}
+
+	public String getSl20EndPoints() {
+		return sl20EndPoints;
+	}
+
+	public void setSl20EndPoints(String sl20EndPoints) {
+		if (MiscUtil.isNotEmpty(sl20EndPoints))
+			this.sl20EndPoints = 
+				KeyValueUtils.removeAllNewlineFromString(sl20EndPoints);
+		else
+			this.sl20EndPoints = sl20EndPoints;
+	}
 		
 	
+	
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index a758088b1..32ef4a6cc 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.log4j.Logger;
 
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
@@ -187,7 +188,65 @@ public class OAAuthenticationDataValidation {
 			
 			
 		}
-				
+		
+		if (form.isSl20Active()) {
+			if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) {
+				log.debug("Validate SL2.0 configuration ... ");				
+				List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints());
+				if (sl20Endpoints.size() == 1) {
+					String value = sl20Endpoints.get(0);
+					
+					if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && 
+							value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+						log.warn("SL2.0 endpoint '" + value + "' has wrong format");
+						errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", 
+							new Object[] {value}, request ));
+												
+					} else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && 
+							!value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) {
+						log.info("Find one SL2.0 endpoint without 'default='. Start update ... ");
+						form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value);	
+						
+					}
+					
+				} else {
+					boolean findDefault = false;
+					for (String el : sl20Endpoints) {
+						if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+							log.warn("SL2.0 endpoint '" + el + "' has wrong format");
+							errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", 
+								new Object[] {el}, request ));
+							
+						} else {
+							if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) {
+								log.debug("Find default endpoint.");
+								findDefault = true;
+								
+							} else {
+								String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0];
+								try {	
+									Integer.valueOf(firstPart);
+									
+								} catch (NumberFormatException e) {
+									log.warn("SL2.0 endpoint '" + el + "' has wrong format", e);
+									errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", 
+											new Object[] {el}, request ));
+									
+								}																										
+							}							
+						}
+					}
+					
+					if (!findDefault) {
+						log.warn("SL2.0 endpoints contains NO default endpoint");
+						errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", 
+								new Object[] {}, request ));
+						
+					}
+				}								
+			}			
+		}
+		
 		return errors;
 	}
 }
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 2006625ff..047d4b200 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -562,3 +562,11 @@ validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen
 validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
 validation.general.form.applet.width=Die Appleth\u00F6he ist keine g\\u00FCltige Zahl.
 validation.general.form.applet.height=Die Appletbreite ist keine g\\u00FCltige Zahl.
+
+
+###new
+webpages.oaconfig.general.sl20.header=Security Layer für mobile Authententifizierung
+webpages.oaconfig.general.sl20.enable=SL2.0 aktivieren
+webpages.oaconfig.general.sl20.endpoints=VDA Endpunkt URLs
+validation.general.sl20.endpoints.default=SL2.0 Endpunkt beinhaltet keinen 'default' Endpunkt.
+validation.general.sl20.endpoints.wrong=SL2.0 Endpunkt ist ung\\u00FCltig formatiert {0}.  
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 694294df7..43fa0f3ae 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -559,3 +559,11 @@ validation.general.form.appletredirecttarget=RedirectTarget contains invalud val
 validation.general.form.fonttype=Font type for CCE selection contains forbidden characters. The following characters are not allowed\: {0}
 validation.general.form.applet.width=The height of applet is invalid number.
 validation.general.form.applet.height=The width of applet is invalid number.
+
+
+###new
+webpages.oaconfig.general.sl20.header=Security Layer for mobile Authentication
+webpages.oaconfig.general.sl20.enable=Activate SL2.0
+webpages.oaconfig.general.sl20.endpoints=VDA endPoint URLs
+validation.general.sl20.endpoints.default=SL2.0 endpoint contains NO 'default'.
+validation.general.sl20.endpoints.wrong=SL2.0 endpoint {0} is not valid.  
\ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
index 59661091b..d2668e264 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
@@ -67,6 +67,27 @@
 					</div>
 				</s:if>	
 
+				<div class="oa_config_block">
+						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.sl20.header", request) %></h3>
+						<s:checkbox name="authOA.sl20Active" 
+								value="%{authOA.sl20Active}"
+								labelposition="left"
+								key="webpages.oaconfig.general.sl20.enable"
+								cssClass="checkbox">
+						</s:checkbox>
+						
+						<s:textarea name="authOA.sl20EndPoints" 
+									value="%{authOA.sl20EndPoints}" 
+									labelposition="left"
+									key="webpages.oaconfig.general.sl20.endpoints"
+									cssClass="textfield_long"
+									rows="3"								
+									requiredLabel="true"
+									style="height:120px;">								
+						</s:textarea>							
+				</div>
+
+
 				<div class="oa_config_block">
 						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.testing.header", request) %></h3>
 						
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
index 25855dcb6..956d07c44 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -279,6 +279,82 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator
 					LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{check})));
 		}
 		
+		
+		
+		
+		
+		
+		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
+		if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED) != null && 
+				Boolean.valueOf(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) {
+			if (MiscUtil.isNotEmpty(check)) {
+				log.debug("Validate SL2.0 configuration ... ");				
+				List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(check);
+				if (sl20Endpoints.size() == 1) {
+					String value = sl20Endpoints.get(0);
+					
+					if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && 
+							value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+						log.warn("SL2.0 endpoint '" + value + "' has wrong format");
+						errors.add(new ValidationObjectIdentifier(
+								MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, 
+								"SL2.0 - EndPoint URLs",
+								LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{value})));
+																				
+					} else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && 
+							!value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) {
+						log.info("Find one SL2.0 endpoint without 'default='. Start updateing ... ");
+						sl20Endpoints.remove(0);
+						sl20Endpoints.add(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value);	
+						
+					}
+					
+				} else {
+					boolean findDefault = false;
+					for (String el : sl20Endpoints) {
+						if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+							log.warn("SL2.0 endpoint '" + el + "' has wrong format");
+							errors.add(new ValidationObjectIdentifier(
+									MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, 
+									"SL2.0 - EndPoint URLs",
+									LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el})));
+							
+						} else {
+							if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) {
+								log.debug("Find default endpoint.");
+								findDefault = true;
+								
+							} else {
+								String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0];
+								try {	
+									Integer.valueOf(firstPart);
+									
+								} catch (NumberFormatException e) {
+									log.warn("SL2.0 endpoint '" + el + "' has wrong format", e);
+									errors.add(new ValidationObjectIdentifier(
+											MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, 
+											"SL2.0 - EndPoint URLs",
+											LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el})));
+									
+								}																										
+							}							
+						}
+					}
+					
+					if (!findDefault) {
+						log.warn("SL2.0 endpoints contains NO default endpoint");
+						errors.add(new ValidationObjectIdentifier(
+								MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, 
+								"SL2.0 - EndPoint URLs",
+								LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", new Object[]{})));
+						
+					}
+				}								
+			}			
+		}
+		
+		
+		
 		if (!errors.isEmpty())
 			throw new ConfigurationTaskValidationException(errors);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index e093ce1e2..db0170e54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -476,7 +476,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		try {
 			//put pending-request ID on execurtionContext
 			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());			
-						
+			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG, pendingReq.getOnlineApplicationConfiguration());
+			
+			
 			// create process instance
 			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 6f6735d48..58f930590 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -190,6 +190,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest";
   public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId";
   public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE;
+  public static final String PROCESSCONTEXT_SP_CONFIG = "spConfig";
   
   //General protocol-request data-store keys
   public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 332764edf..4e697f099 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.commons.api;
 
+import java.io.Serializable;
 import java.security.PrivateKey;
 import java.util.Collection;
 import java.util.List;
@@ -37,7 +38,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
  * @author tlenz
  *
  */
-public interface IOAAuthParameters {
+public interface IOAAuthParameters extends Serializable{
 
 	public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing";
 	public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 48d64225c..f42c1eb69 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -181,12 +181,26 @@ public class ConfigurationMigrationUtils {
 			else
 				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY);
 			
+						
 			//convert selected SZR-GW service
 			if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
 				result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
 			
 	        AuthComponentOA oaauth = oa.getAuthComponentOA();
 			if (oaauth != null) {
+			
+				//convert SL20 infos
+				if (oaauth.isSl20Active() != null)
+					result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, oaauth.isSl20Active().toString());
+				else
+					result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, Boolean.FALSE.toString());
+				
+				if (MiscUtil.isNotEmpty(oaauth.getSl20EndPoints()))
+					result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, oaauth.getSl20EndPoints());
+				else
+					result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, StringUtils.EMPTY);
+				
+				
 				
 				//convert business identifier
 				IdentificationNumber idnumber = oaauth.getIdentificationNumber();
@@ -777,6 +791,16 @@ public class ConfigurationMigrationUtils {
 	        	
 	        }
 
+	        //set SL20 things
+	        if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)))
+	        	authoa.setSl20Active(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)));
+	        else 
+	        	authoa.setSl20Active(false);
+	        
+	        authoa.setSl20EndPoints(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS));
+	        
+	        
+	        
 	        dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL));
 
 	        dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL));
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 8b52e4e0c..9d5553277 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -84,6 +84,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
 	public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = AUTH + ".authblock.additionaltext";
 	public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = AUTH + ".authblock.removebPK";
 
+	public static final String SERVICE_AUTH_SL20_ENABLED = AUTH + ".sl20.enabled";
+	public static final String SERVICE_AUTH_SL20_ENDPOINTS = AUTH + ".sl20.endpoints";
+	
 	private static final String SERVICE_AUTH_TEMPLATES = AUTH + "." + TEMPLATES;
 	public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA = SERVICE_AUTH_TEMPLATES + ".bkuselection.data";
 	public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".bkuselection.preview";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
index 04efb0afe..852df16e6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
@@ -11,23 +11,17 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
+
 import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
 import javax.persistence.OneToMany;
-import javax.persistence.Table;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlTransient;
 import javax.xml.bind.annotation.XmlType;
+
 import org.jvnet.jaxb2_commons.lang.Equals;
 import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
 import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -162,6 +156,13 @@ public class AuthComponentOA
     @XmlAttribute(name = "Hjid")
     protected Long hjid;
 
+    
+    @XmlTransient
+    protected Boolean sl20Active;    
+    @XmlTransient
+    protected String sl20EndPoints;
+    
+    
     /**
      * Gets the value of the bkuurls property.
      * 
@@ -522,11 +523,28 @@ public class AuthComponentOA
     
     
     
+    
     public Long getHjid() {
         return hjid;
     }
 
-    /**
+    public Boolean isSl20Active() {
+		return sl20Active;
+	}
+
+	public void setSl20Active(Boolean sl20Active) {
+		this.sl20Active = sl20Active;
+	}
+
+	public String getSl20EndPoints() {
+		return sl20EndPoints;
+	}
+
+	public void setSl20EndPoints(String sl20EndPoints) {
+		this.sl20EndPoints = sl20EndPoints;
+	}
+
+	/**
      * Sets the value of the hjid property.
      * 
      * @param value
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index 40ef5a23a..a206c9125 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -34,6 +34,7 @@ import java.util.Set;
 
 import org.apache.commons.lang3.StringUtils;
 
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
@@ -44,6 +45,8 @@ public class KeyValueUtils {
 	
 	public static final String KEY_DELIMITER = ".";
 	public static final String CSV_DELIMITER = ",";
+	public static final String KEYVVALUEDELIMITER = "=";
+	public static final String DEFAULT_VALUE = "default";
 	
 	/**
 	 * Convert Java properties into a Map<String, String>
@@ -327,6 +330,29 @@ public class KeyValueUtils {
 		return list;
 	}
 	
+	/**
+	 * Convert a List of String elements to a Map of Key/Value pairs
+	 * <br>
+	 * Every List element used as a key/value pair and the '=' sign represents the delimiter between key and value 
+	 * 
+	 * @param elements List of key/value elements
+	 * @return Map of Key / Value pairs, but never null
+	 */
+	public static Map<String, String> convertListToMap(List<String> elements) {
+		Map<String, String> map = new HashMap<String, String>();
+		for (String el : elements) {
+			if (el.contains(KEYVVALUEDELIMITER)) {
+				String[] split = el.split(KEYVVALUEDELIMITER);
+				map.put(split[0], split[1]);
+				
+			} else
+				Logger.debug("Key/Value Mapper: '" + el + "' contains NO '='. Ignore it.");
+			
+		}
+		
+		return map;
+	}
+	
 	/**
 	 * This method remove all newline delimiter (\n or \r\n) from input data
 	 * 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
index 9fcb3aa58..f474461bf 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
@@ -6,7 +6,8 @@ public class Constants {
 	public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume";
 	
 	public static final String CONFIG_PROP_PREFIX = "modules.sl20";
-	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint";
+	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint.";
+	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = "default";
 	public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id";
 	public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id";	
 	public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path";
@@ -16,7 +17,7 @@ public class Constants {
 	public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";;
 	public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password";
 	
-	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ".";
+	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID;
 	public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds.";
 	
 	public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index 367e7b604..2c106b52e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -27,15 +27,18 @@ import java.util.List;
 
 import javax.annotation.PostConstruct;
 
-import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -75,23 +78,43 @@ public class SL20AuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {
+		Object spConfigObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG);
+		IOAAuthParameters spConfig = null;
+		if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters)
+			spConfig = (IOAAuthParameters)spConfigObj;
+					
 		String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
 		String sl20VDATypeHeader = (String)  context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
 		
-		if ( StringUtils.isNotBlank(sl20ClientTypeHeader) 
-//				&& (
-//						StringUtils.isNotBlank(sl20VDATypeHeader) 
-//						//&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
-//				   ) 
-				) {
-			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");			
+		if (spConfig != null && 
+				MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)) &&
+					Boolean.valueOf(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) {
+			Logger.debug("SL2.0 is enabled for " + spConfig.getPublicURLPrefix());
+			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  ": " + sl20ClientTypeHeader);			
+			Logger.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE +  ": " + sl20VDATypeHeader);
 			return "SL20Authentication";
 			
 		} else {
-			Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
+			Logger.trace("SL2.0 is NOT enabled for " + spConfig.getPublicURLPrefix());
 			return null;
 			
-		}		
+		}
+		
+		
+//		if ( StringUtils.isNotBlank(sl20ClientTypeHeader) 
+////				&& (
+////						StringUtils.isNotBlank(sl20VDATypeHeader) 
+////						//&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
+////				   ) 
+//				) {
+//			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");			
+//			return "SL20Authentication";
+//			
+//		} else {
+//			Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
+//			return null;
+//			
+//		}		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index b87d614c5..883ae07f2 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -39,7 +39,9 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -202,30 +204,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 	}
 	
 	private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) {		
+		String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);		
+		Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+		if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) {
+			endPointMap.putAll(KeyValueUtils.convertListToMap(
+							KeyValueUtils.getListOfCSVValues(
+								KeyValueUtils.normalizeCSVValueString(spSpecificVDAEndpoints))));
+			Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... ");
+			
+		} 
+		
+		Logger.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... ");
 		
-		//selection based on EntityID
-//		Map<String, String> listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
-//		Map<String, String> listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST);
-//		
-//		for (Entry<String, String> el : listOfSPs.entrySet()) {
-//			List<String> spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue());
-//			if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) {
-//				Logger.trace("Select VDA endPoint with Id: " + el.getKey());
-//				if (listOfVDAs.containsKey(el.getKey()))					
-//					return listOfVDAs.get(el.getKey());
-//				
-//				else
-//					Logger.info("No VDA endPoint with Id: " + el.getKey());
-//				
-//			} else
-//				Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix());
-//			
-//		}
-
 		//selection based on request Header
 		String sl20VDATypeHeader = (String)  executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
 		if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) {
-			String vdaURL = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST + sl20VDATypeHeader);
+			String vdaURL = endPointMap.get(sl20VDATypeHeader);
 			if (MiscUtil.isNotEmpty(vdaURL))
 				return vdaURL.trim();
 			
@@ -235,7 +229,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 		}
 		
 		Logger.info("NO SP specific VDA endpoint found. Use default VDA");
-		return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
+		return endPointMap.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT,
+				Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
 		
 	}
 
-- 
cgit v1.2.3


From 3535ae9500b29d0b2d0f317ea7f47a6c25c6f70e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 10 Jul 2018 16:53:03 +0200
Subject: some small updates and handbook update

---
 .../resources/applicationResources_de.properties   |   8 +-
 .../resources/applicationResources_en.properties   |   8 +-
 .../data/deploy/conf/moa-id/moa-id.properties      |  36 +-
 .../conf/moa-spss/SampleMOASPSSConfiguration.xml   |   3 +
 id/server/doc/handbook/additional/additional.html  |  25 ++
 id/server/doc/handbook/config/config.html          | 414 ++++-----------------
 .../id/advancedlogging/MOAIDEventConstants.java    |   8 +-
 .../moa/id/advancedlogging/MOAReversionLogger.java |   6 +
 .../EidasCentralAuthConstants.java                 |   2 +-
 ...idasCentralAuthRequestBuilderConfiguration.java |  12 +-
 .../tasks/CreateAuthnRequestTask.java              |  10 +
 .../tasks/ReceiveAuthnResponseTask.java            |  39 +-
 12 files changed, 179 insertions(+), 392 deletions(-)

(limited to 'id/ConfigWebTool/src/main/resources/applicationResources_en.properties')

diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 4b29f901a..030a30adc 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -152,7 +152,7 @@ webpages.moaconfig.moasp.url=URL zum MOA-SP Service
 webpages.moaconfig.identitylinksigners=IdentityLinkSigners
 webpages.moaconfig.services.header=Externe Services
 webpages.moaconfig.services.mandates=Online-Vollmachten Service URLs (CSV)
-webpages.moaconfig.services.szrgw=SZR Gateway Service URLs (CSV)
+webpages.moaconfig.services.szrgw=Zentraler nationaler eIDAS Connector URLs (CSV)
 webpages.moaconfig.services.elgamandateservice=ELGA Mandate Service EntityIDs (CSV)
 webpages.moaconfig.sso.header=Single Sign-On
 webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix
@@ -263,8 +263,8 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
 
-webpages.oaconfig.general.szrgw.header=SZR-Gateway Service
-webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL
+webpages.oaconfig.general.szrgw.header=Zentraler nationaler eIDAS Connector
+webpages.oaconfig.general.szrgw.selected=URL zum zentralen eIDAS Connector
 
 webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden
 webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden
@@ -409,7 +409,7 @@ validation.general.IdentityLinkSigners.empty=Es wurde kein IdentityLinkSigner an
 validation.general.IdentityLinkSigners.valid=Der IdentityLinkSigner in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1}
 validation.general.mandateservice.valid=Die URL {0} zum Online-Vollmachten Service hat kein g\u00F6ltiges Format.
 validation.general.elga.mandateservice.valid=Die EntityID {0} zum ELGA Vertretungsservice hat kein g\u00F6ltiges Format.
-validation.general.szrgw.url.valid=Die URL {0} des SZR Gateways hat kein g\u00F6ltiges Format.
+validation.general.szrgw.url.valid=Die URL {0} des zentralen eIDAS Connectors hat kein g\u00F6ltiges Format.
 validation.general.moasp.auth.transformation.empty=Die Transformation f\u00F6r den Authentfizierungsblock ist leer.
 validation.general.moasp.auth.transformation.valid=Die Transformation f\u00F6r den Authentfizierungsblock  in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1}
 validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index d642994de..cf87394b9 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -151,7 +151,7 @@ webpages.moaconfig.moasp.url=URL for MOA-SP Service
 webpages.moaconfig.identitylinksigners=IdentityLinkSigners
 webpages.moaconfig.services.header=External Services
 webpages.moaconfig.services.mandates=Online-Mandate Service URLs (CSV)
-webpages.moaconfig.services.szrgw=SZR Gateway Service URLs (CSV)
+webpages.moaconfig.services.szrgw=Central national eIDAS Conenctor URLs (CSV)
 webpages.moaconfig.services.elgamandateservice=ELGA Mandate Service EntityIDs (CSV)
 webpages.moaconfig.sso.header=Single Sign-On
 webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix
@@ -269,8 +269,8 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
 
-webpages.oaconfig.general.szrgw.header=SZR-Gateway Service
-webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL
+webpages.oaconfig.general.szrgw.header=Central national eIDAS Connector
+webpages.oaconfig.general.szrgw.selected=URL to central eIDAS Connector
 
 webpages.oaconfig.menu.saml1.show=Show SAML1 configuration
 webpages.oaconfig.menu.saml1.hidden=Hide SAML1 configuration
@@ -408,7 +408,7 @@ validation.general.IdentityLinkSigners.empty=There is no IdentityLinkSigner give
 validation.general.IdentityLinkSigners.valid=IdentityLinkSigner in the line {0} contains forbidden characters. The following characters are not allowed\: {1}
 validation.general.mandateservice.valid=URL {0} for Online-Mandating Service has invalid format.
 validation.general.elga.mandateservice.valid=EntityID {0} for ELGA Mandate-Service has invalid format.
-validation.general.szrgw.url.valid=URL {0} for SZR Gateway has invalid format.
+validation.general.szrgw.url.valid=URL {0} for central eIDAs Connector has invalid format.
 validation.general.moasp.auth.transformation.empty=Transformation for authentication block is blank.
 validation.general.moasp.auth.transformation.valid=Transformation for authentication block in the line {0} contians forbidden characters. The following characters are not allowed\: {1}
 validation.general.moasp.auth.trustprofile.empty=TrustProfile for checking of authentication block is blank.
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index fa6bccef0..e8cdcf74d 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -27,22 +27,11 @@ configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/moni
 #MOA-ID 3.x Advanced Logging
 configuration.advancedlogging.active=false
 
-##Webservice Client Configuration
-#MOA-SP webservice
-#service.moasp.acceptedServerCertificates=
-#service.moasp.clientKeyStore=
-#service.moasp.clientKeyStorePassword=
-
 #Online mandates webservice (MIS)
 service.onlinemandates.acceptedServerCertificates=
 service.onlinemandates.clientKeyStore=keys/....
 service.onlinemandates.clientKeyStorePassword=
 
-#Foreign Identities (SZRGW)
-service.foreignidentities.acceptedServerCertificates=
-service.foreignidentities.clientKeyStore=keys/....
-service.foreignidentities.clientKeyStorePassword=
-
 ##Protocol configuration##
 #PVP2
 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
@@ -61,6 +50,31 @@ protocols.oauth20.jwt.ks.password=password
 protocols.oauth20.jwt.ks.key.name=oauth
 protocols.oauth20.jwt.ks.key.password=password
 
+
+
+######## central eIDAS-node connector module ##########
+modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+modules.eidascentralauth.keystore.password=password
+modules.eidascentralauth.metadata.sign.alias=pvp_metadata
+modules.eidascentralauth.metadata.sign.password=password
+modules.eidascentralauth.request.sign.alias=pvp_assertion 
+modules.eidascentralauth.request.sign.password=password
+modules.eidascentralauth.response.encryption.alias=pvp_assertion 
+modules.eidascentralauth.response.encryption.password=password
+ 
+modules.eidascentralauth.node.trustprofileID=centralnode_metadata
+
+
+#modules.eidascentralauth.required.additional.attributes.0=urn:oid:1.2.40.0.10.2.1.1.261.36,false
+#modules.eidascentralauth.required.additional.attributes.1=urn:oid:1.2.40.0.10.2.1.1.261.104,false
+#modules.eidascentralauth.required.additional.attributes.2=urn:oid:1.2.40.0.10.2.1.1.261.38,false
+
+##########################################################
+
+
+
+
+
 ##Database configuration##
 configuration.database.byteBasedValues=false
 
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 31fc8a16c..18952eaf7 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -64,6 +64,9 @@
 				<cfg:Id>PVP_metadata</cfg:Id>
 					<cfg:TrustAnchorsLocation>trustProfiles/PVP_metadata</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
+        <cfg:Id>centralnode_metadata</cfg:Id>
+					<cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation>
+				</cfg:TrustProfile>
 			</cfg:PathValidation>
 			<cfg:RevocationChecking>
 				<cfg:EnableChecking>true</cfg:EnableChecking>
diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html
index 9e3cdf11e..557f3d528 100644
--- a/id/server/doc/handbook/additional/additional.html
+++ b/id/server/doc/handbook/additional/additional.html
@@ -610,6 +610,31 @@
       <td valign="top">&nbsp;</td>
       <td valign="top">Personenbindung f&uuml;r Authentifizierung &uuml;ber eIDAS Node erstellt</td>
     </tr>
+    <tr>
+      <td valign="top">6200</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Anmeldung via nationalen zentralen eIDAS Knoten gestartet</td>
+    </tr>
+    <tr>
+      <td valign="top">6201</td>
+      <td valign="top">RequestID</td>
+      <td valign="top">Weiterleitung an zentralen eIDAS Knoten mit RequestID</td>
+    </tr>
+    <tr>
+      <td valign="top">6202</td>
+      <td valign="top">ResponseID</td>
+      <td valign="top">Antwort von zentralem eIDAS Knoten mit ResponseID erhalten</td>
+    </tr>
+    <tr>
+      <td valign="top">6203</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Antwort von zentralem eIDAS Knoten enth&auml;lt einen Fehler</td>
+    </tr>
+    <tr>
+      <td valign="top">6204</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Antwort von zentralem eIDAS Knoten vollst&auml;ndig und g&uuml;ltig</td>
+    </tr>
   </table>
 <p>&nbsp;</p>
 <p>Einzelne  Events werden um einen Transaktionsparameter erg&auml;nzt, welcher in der Spalte  Wert beschrieben ist. <br>
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 30624d3b0..26925709e 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -59,7 +59,7 @@
   <ol>
     <li><a href="#basisconfig_moa_id_auth_param_services_moasp">MOA-SP</a></li>
     <li><a href="#basisconfig_moa_id_auth_param_services_mandates">Online-Vollmachen</a></li>
-    <li><a href="#">Foreign Identities</a></li>
+    <li><a href="#">Zentraler eIDAS Knoten</a></li>
     </ol>
     </li>
   <li><a href="#basisconfig_moa_id_auth_param_protocol">Protokolle</a>
@@ -77,7 +77,6 @@
     </li>
   <li>  <a href="#basisconfig_moa_id_auth_param_testing">Testing</a></li>
   <li><a href="#basisconfig_moa_id_auth_szrclient">SZR Client f&uuml;r STORK &lt;-&gt; PVP Gateway Betrieb</a></li>
-  <li><a href="#basisconfig_moaid_stork2">STORK 2.0</a></li>
 </ol>
 </li>
           </ol>
@@ -98,14 +97,13 @@
             <li><a href="#konfigurationsparameter_allgemein_moasp">MOA-SP</a></li>
             <li><a href="#konfigurationsparameter_allgemein_services">Externe Services</a></li>
             <li><a href="#konfigurationsparameter_allgemein_sso">Single-Sign On (SSO)</a></li>
-            <li><a href="#konfigurationsparameter_allgemein_stork">Secure idenTity acrOss boRders linKed (STORK)</a></li>
             <li><a href="#konfigurationsparameter_allgemein_protocol">Protokolle</a>
-<ol>
-            <li><a href="#konfigurationsparameter_allgemein_protocol_allowed">Protkolle aktivieren</a></li>
-                <li><a href="#konfigurationsparameter_allgemein_protocol_legacy">Legacy Modus</a></li>
-                <li><a href="#konfigurationsparameter_allgemein_protocol_saml1">SAML1 Konfiguration</a></li>
-                <li><a href="#konfigurationsparameter_allgemein_protocol_pvp21">PVP2.1 Konfiguration </a></li>
-              </ol>
+  <ol>
+    <li><a href="#konfigurationsparameter_allgemein_protocol_allowed">Protkolle aktivieren</a></li>
+    <li><a href="#konfigurationsparameter_allgemein_protocol_legacy">Legacy Modus</a></li>
+    <li><a href="#konfigurationsparameter_allgemein_protocol_saml1">SAML1 Konfiguration</a></li>
+    <li><a href="#konfigurationsparameter_allgemein_protocol_pvp21">PVP2.1 Konfiguration </a></li>
+    </ol>
             </li>
             <li><a href="#konfigurationsparameter_allgemein_sltransform">Security-Layer Transformationen</a></li>
             <li><a href="#general_revision">Revisionssicherheit</a></li>
@@ -122,9 +120,9 @@
             <li><a href="#konfigurationsparameter_oa_bku">BKU Konfiguration</a></li>
             <li><a href="#konfigurationsparameter_oa_testcredentials">Test Credentials</a></li>
             <li><a href="#konfigurationsparameter_oa_mandates">Vollmachten</a></li>
-            <li><a href="#konfigurationsparameter_oa_szr-gw-service">SZR-Gateway Service</a></li>
+            <li><a href="#konfigurationsparameter_oa_szr-gw-service">Zentraler eIDAS Connector</a></li>
             <li><a href="#konfigurationsparameter_oa_sso">Single Sign-On (SSO)</a></li>
-            <li><a href="#konfigurationsparameter_oa_stork">Secure idenTity acrOss boRders linKed (STORK)</a></li>
+            <li><a href="#konfigurationsparameter_oa_stork">Authentifizierung via eIDAS</a></li>
             <li><a href="#konfigurationsparameter_oa_protocol">Authentifizierungsprotokolle</a>
 <ol>
             <li><a href="#konfigurationsparameter_oa_protocol_saml1">SAML 1</a></li>
@@ -504,8 +502,8 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
   </tr>
 </table>
 <p>&nbsp;</p>
-<h6><a name="basisconfig_moa_id_auth_param_services_foreign" id="uebersicht_bekanntmachung8"></a>2.2.2.2.3 Foreign Identities</h6>
-<p>MOA-ID-Auth bietet die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten oder die Anmeldung ausl&auml;ndischer Personen mittels STORK. Hierf&uuml;r ist   eine Verbindung zum Stammzahlenregister-Gateway n&ouml;tig, das einen entsprechenden Zugang   zum Stammzahlenregister bereitstellt. F&uuml;r diesen Zugriff muss das   Client-Zertifikat f&uuml;r die SSL-Verbindung zum Gateway angegeben werden.   Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit   Verwaltungseigenschaft  oder Dienstleistereigenschaft. Wenn ihr MOA-ID-Auth   Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.</p>
+<h6><a name="basisconfig_moa_id_auth_param_services_foreign" id="uebersicht_bekanntmachung8"></a>2.2.2.2.3 Zentraler eIDAS Knoten</h6>
+<p>MOA-ID-Auth bietet die M&ouml;glichkeit  die Anmeldung ausl&auml;ndischer Personen mittels eIDAS. Hierf&uuml;r ist   eine Verbindung zum &ouml;sterreichischen zentralen eIDAS Knoten notwendig.  F&uuml;r diesen Zugriff muss der Zugriff auf den zentralen eIDAS Knoten wie unten angegeben konfiguriert werden. Der Zugriff auf den zentralen eIDAS Knoten erfolgt via PVP2 S-Profil wobei das Signaturzertifikat f&uuml;r die PVP2 Metadaten beim Betreiber des zentralen eIDAS Knoten registriert werden muss.</p>
 <table class="configtable">
   <tr>
     <th>Name</th>
@@ -513,19 +511,55 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
     <th>Beschreibung</th>
   </tr>
   <tr>
-    <td>service.foreignidentities.clientKeyStore</td>
+    <td>modules.eidascentralauth.keystore.path</td>
     <td>keys/szrgw.p12</td>
-    <td>Dateiname des PKCS#12 Keystores, relativ zur MOA-ID Konfigurationsdatei.                Diesem Keystore wird der private Schl&uuml;ssel f&uuml;r                die TLS-Client-Authentisierung entnommen.</td>
+    <td>Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung von PVP 2.1 spezifischen Inhalten. (PVP 2.1 Metadaten, PVP 2.1 Assertion)</td>
   </tr>
   <tr>
-    <td>service.foreignidentities.clientKeyStorePassword</td>
+    <td>modules.eidascentralauth.keystore.password</td>
     <td>pass1234</td>
     <td>Passwort zum Keystore</td>
   </tr>
   <tr>
-    <td>service.foreignidentities.acceptedServerCertificates</td>
-    <td>certs/szrgw-server/</td>
-    <td>Hier kann ein Verzeichnisname              (relativ zur MOA-ID Konfigurationsdatei) angegeben werden, in dem              die akzeptierten Zertifikate der TLS-Verbindung hinterlegt sind. In              diesem Verzeichnis werden nur Serverzertifikate abgelegt. Fehlt dieser              Parameter wird lediglich &uuml;berpr&uuml;ft ob ein Zertifikatspfad              zu den im Element &lt;TrustedCACertificates&gt; (siehe <a href="#konfigurationsparameter_allgemein_certvalidation">Kapitel 3.1.4</a>) angegebenen              Zertifikaten erstellt werden kann.</td>
+    <td>modules.eidascentralauth.metadata.sign.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels der zur Signierung der PVP 2.1 Metadaten des eIDAS Authentifizierungsmoduls</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.metadata.sign.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels der zur Signierung der PVP 2.1 Metadaten  des eIDAS Authentifizierungsmoduls</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.request.sign.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels mit dem der PVP 2.1 Authn. Request durch MOA-ID-Auth unterschieben wird</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.request.sign.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels mit dem der PVP 2.1 Authn. Request durch MOA-ID-Auth unterschieben wird</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.response.encryption.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels mit dem die PVP 2.1 Assertion f&uuml;r MOA-ID-Auth verschl&uuml;sselt werden soll</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.response.encryption.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth verschl&uuml;sselt werden soll</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.node.trustprofileID</td>
+    <td>&nbsp;</td>
+    <td>MOA-SP TrustProfil welches die vertrauensw&uuml;rdigen Zertifikate zur Validierung der Metadaten des zentralen eIDAS Knoten beinhaltet</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.required.additional.attributes.x</td>
+    <td>&nbsp;</td>
+    <td><p><strong>Optional:</strong> zus&auml;tzliche Attribute welche vom zentralen eIDAS Knoten angefordert werden</p>
+      <p>Attribute werden entspechend PVP2 Attribute-Profil angegeben. Beispiele f&uuml;r die Konfiguration finden Sie in der Beispielkonfiguration</p></td>
   </tr>
 </table>
 <p>&nbsp;</p>
@@ -911,38 +945,6 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
   </table>
   <p>&nbsp;</p>
   <p><strong>Hinweis:</strong> Detaillierte Informationen zu den einzelnen PVP spezifischen Konfigurationsparametern finden Sie in der entsprechenden PVP Spezifikation.</p>
-  <h5><a name="basisconfig_moaid_stork2" id="uebersicht_bekanntmachung17"></a>2.2.2.6 STORK 2</h5>
-  <p>Dieses Abschnitt beschreibt Konfigurationswerte welche nur f&uuml;r den <strong>Testbetrieb von STORK 2</strong> erforderlich sind.</p>
-  <table class="configtable">
-    <tr>
-      <th>Name</th>
-      <th>Beispielwert</th>
-      <th>Beschreibung</th>
-    </tr>
-    <tr>
-      <td>stork.fakeIdL.active</td>
-      <td>true / false</td>
-      <td><p>Im Produktivbetrieb ist eine Anmeldung nur f&uuml;r jene L&auml;nder mittels STORK 2 m&ouml;glich welche in der <em>Gleichwertigkeitsverordnung</em> aufgelistet sind. Um einen Testbetrieb mit weiteren L&auml;ndern zu erm&ouml;glichen bietet das Modul MOA-ID-Auth die M&ouml;glichkeit zur Ausstellung eines Fake-Identititlink, welcher im Testbetrieb f&uuml;r die Anmeldung an einer &ouml;sterreichischen Test Online Applikation verwendet werden kann.</p>
-        <p><strong>Hinweis:</strong> Diese Funktion ist standardm&auml;&szlig;ig <strong>deaktiviert</strong>. Eine Aktivierung ist nur im Testbetrieb f&uuml;r STORK 2 empfohlen.</p></td>
-    </tr>
-    <tr>
-      <td>stork.fakeIdL.countries</td>
-      <td>DE,CH</td>
-      <td>K&uuml;rzel jener L&auml;nder f&uuml;r welche ein Fake-Identitilink ausgestellt werden soll.</td>
-    </tr>
-    <tr>
-      <td>stork.fakeIdL.keygroup</td>
-      <td>IDL_signing</td>
-      <td>MOA-SS Schl&uuml;sselgruppe, welche f&uuml;r die Signatur des Fake-Identitilinks verwendet werden soll.</td>
-    </tr>
-    <tr>
-      <td>stork.documentservice.url</td>
-      <td>http://testvidp.buergerkarte.at/<br>
-      DocumentService/DocumentService?wsdl</td>
-      <td>URL zum STORK 2 Dokumentenservice</td>
-    </tr>
-  </table>
-  <p>&nbsp;</p>
 <h3><a name="uebersicht_logging" id="uebersicht_logging"></a>2.3 Konfiguration des Loggings</h3>
   <p>Die Module MOA-ID-Auth und MOA-ID-Configuration verwendet als Framework f&uuml;r Logging-Information die Open Source Software <code>log4j</code>. Die Konfiguration der Logging-Information erfolgt  nicht direkt durch die einzelnen Module, sondern &uuml;ber eine eigene Konfigurationsdatei, die der <span class="term">Java Virtual Machine</span> durch eine <span class="term">System Property </span>  mitgeteilt wird. Der Name der <span class="term">System Property </span>  lautet <code>log4j.configuration</code>; als Wert der <span class="term">System Property </span>  ist eine URL anzugeben, die auf die <code>log4j</code>-Konfigurationsdatei verweist, z.B.  </p>
 <pre>log4j.configuration=file:/C:/Programme/apache/tomcat-8.x.x/conf/moa-id/log4j.properties</pre>
@@ -953,99 +955,8 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
   <p>Weitere Informationen zur Konfiguration des Loggings erhalten Sie in <a href="../install/install.html#webservice_basisinstallation_logging">Abschnitt 2.1.3</a> des Installationshandbuchs.
   </p>
   <p></p>
-<h3><a name="uebersicht_samlengine" id="uebersicht_samlengine"></a>2.4 Konfiguration des SamlEngines</h3>
-<p>F&uuml;r die Untest&uuml;tzung des STORK2 Protokols verwendet MOA-ID eine zus&auml;tzliche Bibliothek, die &uuml;ber gesonderte Dateien konfiguriert wird. Diese Dateien sind unter einem Verzeichnis gespeichert, das sich &uuml;blicherweise im MOA-ID-Auth Konfigurationsverzeichnis befindet. Der Name der <span class="term">System Property </span>  lautet <code>eu.stork.samlengine.config.location</code>; als Wert der <span class="term">System Property </span>  ist das Verzeichnis anzugeben, wo die entsprechende SamlEngine Konfigurationsdateien gespeichert werden, z.B.  </p>
-<pre>eu.stork.samlengine.config.location=file:/C:/Programme/apache/tomcat-8.x.x/conf/moa-id/conf/moa-id/stork</pre>
-<p>Dieses Verzeichnis muss mindestens folgende Dateien enthalten:</p>
-<table class="configtable">
-  <tr>
-    <th>Datei</th>
-    <th>Beschreibung</th>
-  </tr>
-  <tr>
-    <td>SamlEngine.xml</td>
-    <td>Die Hauptdatei, in welcher die Konfigurationen von verschiedenen Instanzen des SamlEngines angegeben werden.</td>
-  </tr>
-   <tr>
-    <td>StorkSamlEngine_<span class="term">XXX</span>.xml</td>
-    <td>Enth&auml;lt allgemeine Konfigurationsparametern einer spezifischen Instanz des SamlEngines.</td>
-  </tr> <tr>
-    <td>SignModule_<span class="term">XXX</span>.xml</td>
-    <td>Enth&auml;lt Konfigurationsparametern f&uuml;r Trust- und Keystore einer spezifischen Instanz des SamlEngines.</td>
-  </tr>
-</table>
-<p></p>
-<p>In der Hauptkonfigurations-Datei (<span class="term">SamlEngine.xml</span>) verweist auf alle Konfigurationsdateien f&uuml;r sie SamlEngine, welche f&uuml;r unterschiedliche Anwendungsszenarien verwendet werden k&ouml;nnen. Die Beispielkonfiguration dieser Datei sieht wie folgendes: 
-</p>
-<pre>
-&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
-&lt;instances&gt;
-        &lt;!-- Configuration name--&gt;
-        &lt;instance name=&quot;<span class="strongerterm">VIDP</span>&quot;&gt;
-                &lt;!-- Configurations parameters StorkSamlEngine  --&gt;
-                &lt;configuration name=&quot;SamlEngineConf&quot;&gt;
-                        &lt;parameter name=&quot;fileConfiguration&quot; value=&quot;StorkSamlEngine_<span class="strongerterm">VIDP</span>.xml&quot; /&gt;
-                &lt;/configuration&gt;
-
-                &lt;!-- Settings module signature--&gt;
-                &lt;configuration name=&quot;SignatureConf&quot;&gt;
-                        &lt;!-- Specific signature module --&gt;
-                        &lt;parameter name=&quot;class&quot; value=&quot;eu.stork.peps.auth.engine.core.impl.SignSW&quot; /&gt;
-                        &lt;!-- Settings specific module --&gt;
-                        &lt;parameter name=&quot;fileConfiguration&quot; value=&quot;SignModule_<span class="strongerterm">VIDP</span>.xml&quot; /&gt;
-                &lt;/configuration&gt;
-        &lt;/instance&gt;
-&lt;/instances&gt;
-</pre>
-<p>In diesem Beispiel ist nur eine Instanz <em>VIDP</em> definiert deren spezifischen Parametern in zwei Konfigurationsdateien aufgeteilt werden.</p>
-<p>Die Datei <span class="strongerterm">StorkSamlEngine_VIDP.xml</span> enth&auml;lt STORK-spezifische Parameter, die im Normalbetrieb nicht ge&auml;ndert werden m&uuml;ssen. Die zweite Datei, <span class="strongerterm">SignModule_VIDP.xml</span>, definiert   den von der SamlEngine verwendeten Trust- und Keystore. Die Beispielkonfiguration dieser Datei sieht wie folgendes:</p>
-<pre>
-&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
-&lt;!DOCTYPE properties SYSTEM &quot;http://java.sun.com/dtd/properties.dtd&quot;&gt;
-
-&lt;properties&gt;
-        &lt;comment&gt;SWModule sign with JKS.&lt;/comment&gt;
-        &lt;entry key=&quot;keystorePath&quot;&gt;C:/Programme/apache/tomcat-4.1.30/conf/moa-id/keys/storkDemoKeys.jks&lt;/entry&gt;
-        &lt;entry key=&quot;keyStorePassword&quot;&gt;local-demo&lt;/entry&gt;
-        &lt;entry key=&quot;keyPassword&quot;&gt;<span class="strongerterm">XXX</span>&lt;/entry&gt;
-        &lt;entry key=&quot;issuer&quot;&gt;C=AT, L=Graz, OU=Institute for Applied Information Processing and Communications&lt;/entry&gt;
-        &lt;entry key=&quot;serialNumber&quot;&gt;123AA2CDB1123&lt;/entry&gt;
-        &lt;entry key=&quot;keystoreType&quot;&gt;JKS&lt;/entry&gt;
-&lt;/properties&gt;
-</pre>
-<p>Diese Parameter m&uuml;ssen bei der Installation angepasst werden, um die Zugriff an Keystore und die Schl&uuml;ssel zu erm&ouml;glichen. Die einzelne Parameter werden in folgender Tabelle erl&auml;utert:</p>
-<table class="configtable">
-  <tr>
-    <th>Name</th>
-    <th>Beschreibung</th>
-  </tr>
-  <tr>
-    <td>keystorePath</td>
-    <td>Keystore mit Schl&uuml;ssel und Zertifikaten welche f&uuml;r das Signieren und Verschl&uuml;sseln von STORK Nachrichten verwendet werden sollen. </td>
-  </tr>
-  <tr>
-    <td>keyStorePassword</td>
-    <td>Passwort des Keystores. Keystore soll den Schl&uuml;ssel f&uuml;r das Signieren von Nachrichten enthalten, ebenso wie die vertrauensw&uuml;rdige Zertifikate von anderen Parteien, wie z.B. ausl&auml;ndische PEPSes. </td>
-  </tr>
-  <tr>
-    <td>keyPassword</td>
-    <td>Password des Schl&uuml;ssels, der f&uuml;r das Signieren der STORK Nachrichten verwendet werden soll.</td>
-  </tr>
-  <tr>
-    <td>issuer</td>
-    <td>Issuer des Keypairs, der f&uuml;r das Signieren der STORK Nachrichten verwendet werden soll.</td>
-  </tr>
-  <tr>
-    <td>serialNumber</td>
-    <td>Nummer des Keypairs, der f&uuml;r das Signieren der STORK Nachrichten verwendet werden soll.</td>
-  </tr>
-  <tr>
-    <td>keystoreType</td>
-    <td>Typ und Format des Keystores. <span class="term">JKS</span> steht f&uuml;r <span class="term">Java Key Store</span>.</td>
-  </tr>
-</table>
-<h2><a name="konfigurationsparameter"></a>3 Konfiguration MOA-ID-Auth</h2>
-  <p>Dieser Abschnitt beschreibt die Konfiguration des Modules MOA-ID-Auth mithilfe der durch das Modul MOA-ID-Configuration zur Verf&uuml;gung gestellten Web-Oberfl&auml;che. Hierzu muss das Konfigurationstool (Module MOA-ID-Konfiguration) bereits installiert und konfiguriert sein (siehe <a href="#uebersicht_zentraledatei_aktualisierung">Kapitel 2.1</a>). Nach erfolgreichem Login am Konfigurationstool kann das Modul MOA-ID-Auth &uuml;ber die Web-Oberfl&auml;che konfiguriert werden.</p>
+<h3><a name="uebersicht_samlengine" id="uebersicht_samlengine"></a>3 Konfiguration MOA-ID-Auth</h3>
+<p>Dieser Abschnitt beschreibt die Konfiguration des Modules MOA-ID-Auth mithilfe der durch das Modul MOA-ID-Configuration zur Verf&uuml;gung gestellten Web-Oberfl&auml;che. Hierzu muss das Konfigurationstool (Module MOA-ID-Konfiguration) bereits installiert und konfiguriert sein (siehe <a href="#uebersicht_zentraledatei_aktualisierung">Kapitel 2.1</a>). Nach erfolgreichem Login am Konfigurationstool kann das Modul MOA-ID-Auth &uuml;ber die Web-Oberfl&auml;che konfiguriert werden.</p>
   <p>Die Konfiguration von MOA-ID-Auth ist in zwei Teilbereiche unterteilet. Diese behandeln die Allgemeine Konfiguration der MOA-ID-Auth Instanz und die Konfiguration von Online-Applikationen (Service Providern) welche dieser MOA-ID-Auth Instanz zugeordnet sind.</p>
 <h3><a name="konfigurationsparameter_allgemein" id="konfigurationsparameter_allgemein"></a>3.1
     Allgemeine Konfiguration</h3>
@@ -1212,9 +1123,9 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
 <p>Hiermit werden die URLs  zum Online-Vollmachten Service und zum SZR-Gateway konfiguriert. Die Konfiguration der f&uuml;r den Zugriff ben&ouml;tigen Client-Zertifikate wurden bereits im Abschnitt <a href="#basisconfig_moa_id_auth_param_services">2.2.2.2</a> behandelt.</p>
 <table class="configtable">
   <tr>
-    <th>Name</th>
-    <th>Beispielwert</th>
-    <th>Beschreibung</th>
+    <th width="10%">Name</th>
+    <th width="23%">Beispielwert</th>
+    <th width="67%">Beschreibung</th>
   </tr>
   <tr>
     <td><span id="wwlbl_loadGeneralConfig_moaconfig_mandateURL">Online-Vollmachten Service (CSV)</span></td>
@@ -1229,16 +1140,15 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
       <p><strong>Hinweis:</strong> Erfolgt in der Online Applikation keine konkrete Auswahl wird Standardm&auml;&szlig;ig <strong>das erste eingetragen Service</strong> verwendet.</p></td>
   </tr>
   <tr>
-    <td>SZR-Gateway Service (CSV)</td>
-    <td>https://szrgw.egiz.gv.at:8443/szr-gateway_2.0/services/IdentityLinkCreation</td>
-    <td><p>URL(s) zum Stammzahlen-Register Gateway</p>
-      <p><strong>Hinweis:</strong> Der SZR-Gateway Service welcher in der MOA-ID 1.5.1 Konfiguration verwendet wurde ist nicht mehr kompatibel zu MOA-ID 2.0. Das aktualisierte Test SZR-Gateway Service f&uuml;r MOA-ID 2.x steht unter folgender URL zur Verf&uuml;gung. <em>https://szrgw.egiz.gv.at:8443/szr-gateway_2.0/services/IdentityLinkCreation</em></p>
+    <td>Zentraler nationaler eIDAS Connector (CSV)</td>
+    <td>https://vidp.gv.at.at/ms_connector/pvp/metadata</td>
+    <td><p>URL(s) zum zentralen nationalen eIDAS Connector</p>
       <ul>
-        <li>Produktivsystem: <a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">https://szrgw.egiz.gv.at/services_2.0/IdentityLinkCreation</a></li>
-        <li>Testsystem: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://szrgw.egiz.gv.at:8443/services_2.0/IdentityLinkCreation</a></li>
+        <li>Produktivsystem: </li>
+        <li>Testsystem: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://vidp.gv.at.at/ms_connector/pvp/metadata</a></li>
       </ul>
-      <p><strong>Hinweis:</strong> Die URLs auf die unterschiedlichen Instanzen des SZR-Gateway Services k&ouml;nnen auch als Comma Separatet Value (CSV) eingetragen werden. Bei CSV werden die einzelnen URLs durch Beistrich (',') getrennt. Sind mehrere URLs hinterlegt kann das zu verwendeten Service je Online Applikation konfiguriert werden (siehe <a href="#konfigurationsparameter_oa_mandates">Kapitel 3.2.4</a>).<br>
-        (z.B.: <a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">https://szrgw.egiz.gv.at/services_2.0/IdentityLinkCreation</a>,<a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://szrgw.egiz.gv.at:8443/services_2.0/IdentityLinkCreation</a>)</p>
+      <p><strong>Hinweis:</strong> Die URLs auf die unterschiedlichen Instanzen des zentralen eIDAS Connectos k&ouml;nnen auch als Comma Separatet Value (CSV) eingetragen werden. Bei CSV werden die einzelnen URLs durch Beistrich (',') getrennt. Sind mehrere URLs hinterlegt kann das zu verwendeten Service je Online Applikation konfiguriert werden (siehe <a href="#konfigurationsparameter_oa_mandates">Kapitel 3.2.4</a>).<br>
+        (z.B.: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://vidp.gv.at.at/ms_connector/pvp/metadata</a><a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest"></a>,<a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://eid.gv.at/ms_connector/pvp/metadata</a>)</p>
       <p><strong>Hinweis:</strong> Erfolgt in der Online Applikation keine konkrete Auswahl wird Standardm&auml;&szlig;ig <strong>das erste eingetragen Service</strong> verwendet.</p></td>
     </tr>
   <tr>
@@ -1308,166 +1218,6 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
     <p><em>Ich Max Mustermann, geboren am 01.01.1978 stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td>
   </tr>
 </table>
-<h4><a name="konfigurationsparameter_allgemein_stork" id="konfigurationsparameter_allgemein_bku8"></a>3.1.8 Secure idenTity acrOss boRders linKed (STORK)</h4>
-<p>Hierbei werden allgemeine Parameter f&uuml;r STORK Protokoll konfiguriert.</p>
-<table class="configtable">
-  <tr>
-    <th>Name</th>
-    <th>Beispielwerte</th>
-    <th>Beschreibung</th>
-  </tr>
-  <tr>
-    <td>Standard QAA-Level</td>
-    <td>4</td>
-    <td>QAA <span class="term">(Attribute Quality Authentication Assurance)</span> stellt Mindestanforderung von QAA fest. </td>
-  </tr>
-  <tr>
-    <td>Country Code</td>
-    <td>ES</td>
-    <td>Der zweistelligen Code vom unterst&uuml;tzten PEPS-Staat.</td>
-  </tr>
-  <tr>
-    <td>PEPS URL</td>
-    <td>https://prespanishpeps.redsara.es/PEPS/ColleagueRequest</td>
-    <td>Die Adresse von PEPS eines unterst&uuml;tzten PEPS-Staat.</td>
-  </tr>
-  <tr>
-    <td>Attributname</td>
-    <td>eIdentifier</td>
-    <td>Der Name des unterst&uuml;tzten Attributes. Die als <span class="term">zwingend</span>  markierte Attribute m&uuml;ssen im Response von dem gegenstehendem PEPS enthalten sein. Jedes Attribut wird gesondert eingetragen. <br/>Die Liste von vorhandenen und unterst&uuml;tzen Attributes ist in Konfigurationsdatei von SamlEngine <span class="term">(StorkSamlEngine_XXX.xml)</span>  vorhanden. </td>
-  </tr>
-</table>
-<p>&nbsp;</p>
-<p>Folgende PEPS URLs stehen aktuell zur Verf&uuml;gung:</p>
-<table class="configtable">
-  <tr>
-    <th>L&auml;ndercode</th>
-    <th>TestInstanz</th>
-    <th>URL</th>
-  </tr>
-  <tr>
-    <td>AT </td>
-    <td align="center">X</td>
-    <td><a href="https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest">https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest</a></td>
-  </tr>
-  <tr>
-    <td>EE </td>
-    <td align="center">X</td>
-    <td><a href="https://testpeps.sk.ee/PEPS/ColleagueRequest">https://testpeps.sk.ee/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>EE </td>
-    <td align="center">&nbsp;</td>
-    <td><a href="https://peps.sk.ee/PEPS/ColleagueRequest">https://peps.sk.ee/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>ES </td>
-    <td align="center">X</td>
-    <td><a href="https://prespanishpeps.redsara.es/PEPS/ColleagueRequest">https://prespanishpeps.redsara.es/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>IS </td>
-    <td align="center">X</td>
-    <td><a href="https://storktest.advania.is/PEPS/ColleagueRequest">https://storktest.advania.is/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>IS </td>
-    <td align="center">&nbsp;</td>
-    <td><a href="https://peps.island.is/PEPS/ColleagueRequest">https://peps.island.is/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>LT </td>
-    <td align="center">X</td>
-    <td><a href="https://testpeps.eid.lt/PEPS/ColleagueRequest">https://testpeps.eid.lt/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>PT</td>
-    <td align="center">X</td>
-    <td><a href="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest">https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>SI</td>
-    <td align="center">X</td>
-    <td><a href="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">https://peps-test.mju.gov.si/PEPS/ColleagueRequest</a></td>
-  </tr>
-</table>
-<p>&nbsp;</p>
-<p>Folgende Attribute m&uuml;ssen jedoch mindestens angefordert werden, wobei die erforderlichen Attribute je nach Anmeldeart unterschiedlich sind. Eine Liste mit weiteren m&ouml;glichen Attribute finden Sie im Kapitel <a href="./../protocol/protocol.html#allgemeines_attribute">Protokolle</a> oder in der <a href="#referenzierte_spezifikation">STORK Spezifikation</a>.</p>
-<table class="configtable">
-  <tr>
-    <th>Name</th>
-    <th>nat&uuml;rliche Person</th>
-    <th>Anmeldung in Vertretung</th>
-    <th>Beschreibung</th>
-  </tr>
-  <tr>
-    <td>eIdentifier</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Eindeutiger Identifier der Person f&uuml;r die die Anmeldung erfolgt.</td>
-  </tr>
-  <tr>
-    <td><p>givenName</p></td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Vorname der Person f&uuml;r die die Anmeldung erfolgt.</td>
-  </tr>
-  <tr>
-    <td><p>surname</p></td>
-    <td align="center"><br>
-      X</td>
-    <td align="center">X</td>
-    <td><p>Familienname der Person f&uuml;r die die Anmeldung erfolgt.</p></td>
-  </tr>
-  <tr>
-    <td>dateOfBirth</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Geburtsdatum der Person f&uuml;r die die Anmeldung erfolgt.</td>
-  </tr>
-  <tr>
-    <td>gender</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Geschlecht der Person f&uuml;r die die Anmeldung erfolgt.</td>
-  </tr>
-  <tr>
-    <td>signedDoc</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Ein Dokument welches durch die Person, f&uuml;r die die Anmeldung erfolgt, signiert wurde.</td>
-  </tr>
-  <tr>
-    <td>fiscalNumber</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Ein eindeutiger nationaler Identifier der Person.</td>
-  </tr>
-  <tr>
-    <td>canonicalResidenceAddress</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td>Adresse der Person f&uuml;r welche die Anmeldung erfolgt</td>
-  </tr>
-  <tr>
-    <td>mandateContent</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td>Elektronische Vollmacht, welche die Vertretungsverh&auml;ltnisse widerspiegelt.</td>
-  </tr>
-  <tr>
-    <td>representative</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td>Nat&uuml;rliche Person welche eine juristische oder nat&uuml;rliche Person im Rahmen einer Anmeldung mittels Vollmacht vertritt.</td>
-  </tr>
-  <tr>
-    <td>represented</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td>Juristische oder nat&uuml;rliche Person welche im Rahmen einer Anmeldung mittels Vollmacht vertreten wird.</td>
-  </tr>
-</table>
 <p></p>
 <h4><a name="konfigurationsparameter_allgemein_protocol" id="konfigurationsparameter_allgemein_bku9"></a>3.1.9 Protokolle</h4>
 <p>Hierbei handelt es ich um allgemeine Einstellungen zu den vom Modul MOA-ID-Auth unterst&uuml;tzen Authentifizierungsprotokollen.</p>
@@ -1826,8 +1576,8 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
 </table>
 <p>&nbsp;</p>
 <p><strong>Hinweis:</strong> Werden f&uuml;r die Online-Applikation eigene Templates f&uuml;r die B&uuml;rgerkartenauswahl oder die zus&auml;tzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verf&uuml;gung. Die Funktionalit&auml;t der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.</p>
-<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.5 SZR-Gateway Service</h4>
-<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Stammzahlenregistergateway der &ouml;sterreichischen Datenschutzbeh&ouml;rde.</p>
+<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.5 Zentraler nationaler eIDAS Connector</h4>
+<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Ankn&uuml;pfung an den zentralen nationalen eIDAS Connector</p>
 <table class="configtable">
   <tr>
     <th width="17%">Name</th>
@@ -1837,11 +1587,11 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <th width="64%">Beschreibung</th>
   </tr>
   <tr>
-    <td>SZR-Gateway Service URL</td>
+    <td> URL</td>
     <td>&nbsp;</td>
     <td align="center">&nbsp;</td>
     <td align="center">&nbsp;</td>
-    <td><p>Definiert das Stammzahlenregister-Gateway Service welches von dieser Online-Applikation verwendet werden soll. Hierf&uuml;r stehen all jene Auswahlm&ouml;glichkeiten zur Verf&uuml;gung welche in der Allgemeinen Konfiguration (siehe <a href="#konfigurationsparameter_allgemein_services">Kapitel 3.1.7</a>) festgelegt wurden. </p>
+    <td><p>Definiert dan zentralen nationalen eIDAS Connector welcher von dieser Online-Applikation verwendet werden soll. Hierf&uuml;r stehen all jene Auswahlm&ouml;glichkeiten zur Verf&uuml;gung welche in der Allgemeinen Konfiguration (siehe <a href="#konfigurationsparameter_allgemein_services">Kapitel 3.1.7</a>) festgelegt wurden. </p>
       <p><strong>Hinweis:</strong> Wird keine spezifische Auswahl getroffen wird automatisch <strong>das Erste in der allgemeinen Konfiguration eingetragene Service</strong> verwendet.</p></td>
   </tr>
 </table>
@@ -1873,8 +1623,8 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <p><strong>Hinweis:</strong> Diese Abfrage ist standardm&auml;&szlig;ig aktiviert und kann nur durch einen Benutzer mit der Role <em>admin</em> deaktiviert werden.</p></td>
   </tr>
 </table>
-<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.7 Secure idenTity acrOss boRders linKed (STORK)</h4>
-<p>Dieser Abschnitt  behandelt Online-Applikationsspezifische Einstellungen zu STORK.</p>
+<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.7 Authentifizierung mittels eIDAS</h4>
+<p>Dieser Abschnitt  behandelt Online-Applikationsspezifische Einstellungen zur Authentifizierung mittels eIDAS.</p>
 <table class="configtable">
   <tr>
     <th>Name</th>
@@ -1883,30 +1633,16 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <th>Beschreibung</th>
   </tr>
   <tr>
-    <td>STORK verwenden</td>
+    <td>eIDAS verwenden</td>
     <td>ja</td>
     <td align="center">X</td>
-    <td>Definiert ob die Online-Applikation eine Anmeldung mittels STORK unterst&uuml;tzt. Wird STORK unterst&uuml;tzt wird in w&auml;hrend der BKU-Auswahl die Option <em>Home Country Selection </em> f&uuml;r eine Anmeldung mittels STORK dargestellt.</td>
+    <td>Definiert ob die Online-Applikation eine Anmeldung mittels eIDAS unterst&uuml;tzt. Wird eIDAS unterst&uuml;tzt wird in w&auml;hrend der BKU-Auswahl die Option <em>eIDAS LogIn </em> f&uuml;r eine Anmeldung mittels eIDAS dargestellt.</td>
   </tr>
   <tr>
     <td><p>QAA-Level</p></td>
-    <td>4</td>
+    <td>high</td>
     <td align="center">X</td>
-    <td>Von der Online-Applikation geforderter mindest QAA-Level der Authentifizierung</td>
-  </tr>
-  <tr>
-    <td>aktivierte Ziell&auml;nder</td>
-    <td>&nbsp;</td>
-    <td align="center">X</td>
-    <td><p>Hier k&ouml;nnen jene STORK L&auml;nder konfiguriert werden f&uuml;r welche diese Online-Applikation eine Anmeldung mittels STORK unterst&uuml;tzt.</p>
-      <p><strong>Hinweis:</strong> Die zur Auswahl stehenden L&auml;nder werden aus den <a href="#konfigurationsparameter_allgemein_stork">PEPS Konfigurationen</a> generiert, welche im allgemeinen Konfigurationsbereich hinterlegt wurden.</p></td>
-  </tr>
-  <tr>
-    <td><p>angeforderte Attribute</p></td>
-    <td>&nbsp;</td>
-    <td align="center">      X</td>
-    <td align="center"><p>STORK Attribute welche die Online-Applikation anfordert</p>
-      <p>Bei den Attributen kann  jedoch nur aus dem Set der in der allgemeinen Konfiguration hinterlegten STORK  Attributen (siehe <a href="#konfigurationsparameter_allgemein_stork">Kapitel 3.1.8</a>) gew&auml;hlt werden, wobei  Attribute die in der allgemeinen Konfiguration als <span class="term">zwingend</span> markiert  sind immer mitgeliefert werden.</p></td>
+    <td>Von der Online-Applikation geforderter mindest LoA-Level der Authentifizierung</td>
   </tr>
 </table>
 <p>&nbsp;</p>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 2c1e47009..05d344fb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -85,7 +85,13 @@ public interface MOAIDEventConstants extends EventConstants {
 	public static final int AUTHPROCESS_PEPS_RECEIVED = 6102;
 	public static final int AUTHPROCESS_PEPS_RECEIVED_ERROR = 6103;
 	public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 6104;
-		
+	
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200;
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201;
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202;
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203;
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204;
+	
 	//person information
 	public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
 	public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 9894ffbe9..1c1cc4168 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -95,6 +95,12 @@ public class MOAReversionLogger implements IRevisionLogger {
 			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED,
+						
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID,
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR,
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED,
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED,
 			
 			MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
 			MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index 55864f3c9..0f4f81122 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -55,7 +55,7 @@ public class EidasCentralAuthConstants {
 	public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias";
 	public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password";
 	public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias";	
-	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additinal.attributes";	
+	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes";	
 	public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId";
 	public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl";
 	public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";	
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
index ebbe08588..8376f3aad 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
@@ -48,6 +48,7 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 	private String scopeRequesterId;
 	private String providerName;
 	private List<EAAFRequestedAttribute> requestedAttributes;
+	private String reqId;
 	
 	
 	/* (non-Javadoc)
@@ -186,7 +187,7 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 	 */
 	@Override
 	public String getRequestID() {
-		return null;
+		return this.reqId;
 	}
 
 	/* (non-Javadoc)
@@ -256,6 +257,15 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 		this.requestedAttributes = requestedAttributes;
 	}
 	
+	/**
+	 * Set a RequestId for this Authn. Request
+	 * 
+	 * @param reqId
+	 */
+	public void setRequestId(String reqId) {
+		this.reqId = reqId;
+	}
+	
 	
 
 	
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index 08ae845cb..e312299f8 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -45,6 +46,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
@@ -76,6 +78,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		try{
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED);
+			
 			//check if eIDAS authentication is enabled for this SP
 			if (!Boolean.parseBoolean(pendingReq.getServiceProviderConfiguration().getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, String.valueOf(false)))) {
 				Logger.info("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
@@ -114,6 +118,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			//setup AuthnRequestBuilder configuration
 			EidasCentralAuthRequestBuilderConfiguration authnReqConfig = new EidasCentralAuthRequestBuilderConfiguration();
+			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+			authnReqConfig.setRequestId(gen.generateIdentifier());
 			authnReqConfig.setIdpEntity(entityDesc);
 			authnReqConfig.setPassive(false);
 			authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
@@ -130,6 +136,10 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			//build and transmit AuthnRequest
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
 
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED,
+					authnReqConfig.getRequestID());
+			
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 						
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index f9686029f..214a23f88 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -59,7 +59,6 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
@@ -112,7 +111,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			msg = (InboundMessage) decoder.decode(
 					request, response, metadataProvider, true,
 					comperator);
-			 
+			
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
 				throw new InvalidProtocolRequestException("sp.pvp2.04", 
 						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING},
@@ -126,9 +125,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				msg.setVerified(true);
 								
 			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
-			
+						
 			//validate assertion
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
@@ -153,7 +150,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			//write log entries
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);				
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID);				
 			Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()); 
 											
 		} catch (MessageDecodingException | SecurityException e) {
@@ -208,32 +205,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 		}
 	}
-	
-	/**
-	 * @param executionContext
-	 * @param idpConfig
-	 * @param message 
-	 * @param objects 
-	 * @throws TaskExecutionException 
-	 * @throws Throwable 
-	 */
-	private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, Throwable e) throws TaskExecutionException {
-
-		if (idpConfig != null && idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
-			Logger.info("Switch to local authentication on this IDP ... ");
-		
-			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION, true);
-			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, true);
 		
-			executionContext.remove(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH);
-			
-		} else {
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
-			
-		}
-		
-	}
-	
 	/**
 	 * PreProcess AuthResponse and Assertion 
 	 * @param msg
@@ -257,11 +229,16 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING);
 
 			msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+					samlResp.getID());
 			return msg;
 				
 		} else {
 			Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() 
 				+ " from 'ms-specific eIDAS node'.");
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);			
 			throw new AuthnResponseValidationException("sp.pvp2.05", 
 					new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue()});
 					
-- 
cgit v1.2.3