From 66859cd53d4181350525e91c4d35071932675ca7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 29 May 2019 14:04:44 +0200
Subject: refactoring from MOA-ID 3.4.x to MOA E-ID Proxy 4.0.x

---
 .../main/webapp/jsp/snippets/OA/authentication.jsp | 24 +++++++++----
 .../webapp/jsp/snippets/OA/targetConfiguration.jsp | 40 ++++++++++++----------
 .../src/main/webapp/jsp/snippets/main_menu.jsp     | 12 ++++---
 3 files changed, 46 insertions(+), 30 deletions(-)

(limited to 'id/ConfigWebTool/src/main/webapp/jsp/snippets')
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
index d2668e264..7a54df554 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
@@ -3,8 +3,8 @@
 <%@ taglib prefix="s" uri="/struts-tags" %>
 
 <html>
-
-					<s:if test="authUser.isAdmin()">
+				<s:if test="authOA.isMoaidMode()">
+					<s:if test="authUser.isAdmin()">					
 						<div class="oa_config_block">
 							<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3>
 						
@@ -167,16 +167,26 @@
 					</div>						
 				
 					<div class="oa_config_block">
-						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.szrgw.header", request) %></h3>
-						
+						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.szrgw.header", request) %></h3>						
 						<s:select list="authOA.szrgwServicesList"
 											key="webpages.oaconfig.general.szrgw.selected"
 											labelposition="left"
 											cssClass="selectfield_long"
 											value="%{authOA.szrgwServiceSelected}"
 											name="authOA.szrgwServiceSelected">
-						</s:select>
-						
-					</div>	
+						</s:select>						
+					</div>
+				</s:if>
+					
+					<div class="oa_config_block">
+						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.eid.header", request) %></h3>						
+						<s:select list="authOA.eidServicesList"
+											key="webpages.oaconfig.general.eid.selected"
+											labelposition="left"
+											cssClass="selectfield_long"
+											value="%{authOA.eidServiceSelected}"
+											name="authOA.eidServiceSelected">
+						</s:select>						
+					</div>		
 				
 </html>
\ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index 367dc445d..2436b1051 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -123,25 +123,27 @@
 								cssClass="checkbox">
 						</s:checkbox>
 						
-						<s:textarea name="targetConfig.foreignbPKTargets" 
-									value="%{targetConfig.foreignbPKTargets}" 
-									labelposition="left"
-									key="webpages.oaconfig.general.foreign.sectors"
-									cssClass="textfield_long"
-									rows="6"								
-									requiredLabel="true"
-									style="height:120px;">								
-						</s:textarea>
-						
-						<s:textarea name="targetConfig.additionalbPKTargets" 
-									value="%{targetConfig.additionalbPKTargets}" 
-									labelposition="left"
-									key="webpages.oaconfig.general.additionalbpks.sectors"
-									cssClass="textfield_long"
-									rows="6"								
-									requiredLabel="true"
-									style="height:120px;">								
-						</s:textarea>
+						<s:if test="authOA.isMoaidMode()">
+							<s:textarea name="targetConfig.foreignbPKTargets" 
+										value="%{targetConfig.foreignbPKTargets}" 
+										labelposition="left"
+										key="webpages.oaconfig.general.foreign.sectors"
+										cssClass="textfield_long"
+										rows="6"								
+										requiredLabel="true"
+										style="height:120px;">								
+							</s:textarea>
+							
+							<s:textarea name="targetConfig.additionalbPKTargets" 
+										value="%{targetConfig.additionalbPKTargets}" 
+										labelposition="left"
+										key="webpages.oaconfig.general.additionalbpks.sectors"
+										cssClass="textfield_long"
+										rows="6"								
+										requiredLabel="true"
+										style="height:120px;">								
+							</s:textarea>
+						</s:if>
 					
 					</div>
 					
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
index 95d6de912..f4c377d9c 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
@@ -18,10 +18,14 @@
 			</div>
 			
 			<s:if test="authUser.isAdmin()">
-				<div class="menu_element">
-						<s:url action="listallinterfederationidps" var="interfederationConfig" namespace="/secure"/>
-						<a href="<s:property value="#interfederationConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %></a>
-				</div>			
+				
+				<s:if test="authOA.isMoaidMode()">
+					<div class="menu_element">
+							<s:url action="listallinterfederationidps" var="interfederationConfig" namespace="/secure"/>
+							<a href="<s:property value="#interfederationConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %></a>
+					</div>
+				</s:if>			
+				
 				<div class="menu_element">
 						<s:url action="loadGeneralConfig" var="generalConfig" namespace="/secure"/>
 						<a href="<s:property value="#generalConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.config.moaid", request) %></a>
-- 
cgit v1.2.3


From 6bcda4bc120c743bab2296c72b22d1db0ba4ccfc Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 13 Dec 2019 09:04:58 +0100
Subject: update configuration examples activate MOA-ID mode in configuration
 module as default

---
 .../config/ConfigurationProvider.java              |   2 +-
 .../webapp/jsp/snippets/OA/targetConfiguration.jsp |   4 +-
 .../data/deploy/conf/moa-id/moa-id.properties      | 137 ++++++++++++++++++++-
 id/server/doc/handbook/config/config.html          |  99 +++++++++++----
 4 files changed, 216 insertions(+), 26 deletions(-)

(limited to 'id/ConfigWebTool/src/main/webapp/jsp/snippets')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index 656c9cc83..ef6c951c2 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -327,7 +327,7 @@ public class ConfigurationProvider {
 	}
 	
 	public boolean isMOAIDMode() {
-		String result = props.getProperty("general.moaidmode.active", "false");
+		String result = props.getProperty("general.moaidmode.active", "true");
 		return Boolean.parseBoolean(result);
 	}
 	
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index 2436b1051..db79cb7d7 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -123,7 +123,7 @@
 								cssClass="checkbox">
 						</s:checkbox>
 						
-						<s:if test="authOA.isMoaidMode()">
+						<!-- s:if test="authOA.isMoaidMode()">
 							<s:textarea name="targetConfig.foreignbPKTargets" 
 										value="%{targetConfig.foreignbPKTargets}" 
 										labelposition="left"
@@ -143,7 +143,7 @@
 										requiredLabel="true"
 										style="height:120px;">								
 							</s:textarea>
-						</s:if>
+						</s:if -->
 					
 					</div>
 					
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 414293350..926f6153b 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -18,7 +18,7 @@ configuration.moasession.key=SessionEncryptionKey
 configuration.moaconfig.key=ConfigurationEncryptionKey
 configuration.ssl.validation.revocation.method.order=ocsp,crl
 #configuration.ssl.validation.hostname=false
-#configuration.validate.authblock.targetfriendlyname=true
+#configuration.validate.authblock.targetfriendlyname=true<
 
 
 #MOA-ID 3.x Monitoring Servlet
@@ -31,6 +31,25 @@ configuration.advancedlogging.active=false
 
 ######################## Externe Services ############################################
 
+######## Online mandates webservice (MIS) ######## 
+service.onlinemandates.acceptedServerCertificates=
+service.onlinemandates.clientKeyStore=keys/....
+service.onlinemandates.clientKeyStorePassword=
+
+######## central eIDAS-node connector module ##########
+modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+modules.eidascentralauth.keystore.password=password
+modules.eidascentralauth.metadata.sign.alias=pvp_metadata
+modules.eidascentralauth.metadata.sign.password=password
+modules.eidascentralauth.request.sign.alias=pvp_assertion 
+modules.eidascentralauth.request.sign.password=password
+modules.eidascentralauth.response.encryption.alias=pvp_assertion 
+modules.eidascentralauth.response.encryption.password=password 
+modules.eidascentralauth.node.trustprofileID=centralnode_metadata
+
+#modules.eidascentralauth.semper.mandates.active=false
+#modules.eidascentralauth.semper.msproxy.list=
+
 ######## central E-ID System connector module ##########
 modules.eidproxyauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
 modules.eidproxyauth.keystore.password=password
@@ -45,6 +64,26 @@ modules.eidproxyauth.EID.trustprofileID=eid_metadata
 #modules.eidproxyauth.EID.entityId=https://eid.egiz.gv.at/idp/shibboleth
 #modules.eidproxyauth.EID.metadataUrl=
 
+######################## Protokolle am IDP ############################################
+
+##Protocol configuration##
+#PVP2
+protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+protocols.pvp2.idp.ks.kspassword=password
+protocols.pvp2.idp.ks.metadata.alias=pvp_metadata
+protocols.pvp2.idp.ks.metadata.keypassword=password
+protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
+protocols.pvp2.idp.ks.assertion.sign.keypassword=password
+protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
+protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+protocols.pvp2.metadata.entitycategories.active=false
+
+#OpenID connect (OAuth)
+protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+protocols.oauth20.jwt.ks.password=password
+protocols.oauth20.jwt.ks.key.name=oauth
+protocols.oauth20.jwt.ks.key.password=password
+
 
 ######################## Datenbankkonfiguration ############################################
 configuration.database.byteBasedValues=false
@@ -134,6 +173,63 @@ advancedlogging.dbcp.validationQuery=select 1
 ##  The configuration of this modules is only needed if this modules are in use.  #
 ###################################################################################
 
+######## SL2.0 authentication module ######## 
+modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2
+modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2
+modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2
+modules.sl20.security.keystore.path=keys/sl20.jks
+modules.sl20.security.keystore.password=password
+modules.sl20.security.sign.alias=signing
+modules.sl20.security.sign.password=password
+modules.sl20.security.encryption.alias=encryption
+modules.sl20.security.encryption.password=password
+modules.sl20.vda.authblock.id=default
+modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC
+modules.sl20.security.eID.validation.disable=false
+modules.sl20.security.eID.signed.result.required=true
+modules.sl20.security.eID.encryption.enabled=true
+modules.sl20.security.eID.encryption.required=true
+
+######## user-restriction ##########
+configuration.restrictions.sp.entityIds=
+configuration.restrictions.sp.users.url=
+configuration.restrictions.sp.users.sector=
+
+####### Direkte Fremd-bPK Berechnung ######## 
+configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx
+
+######## eIDAS protocol configuration ########
+######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ########
+moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml
+moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml
+moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml
+moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata
+moa.id.protocols.eIDAS.node.country=Austria
+moa.id.protocols.eIDAS.node.countrycode=AT
+moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high
+
+######## HBV Mandate-Service client module ########
+modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH
+modules.elga_mandate.service.metadata.trustprofileID=
+modules.elga_mandate.service.mandateprofiles=
+modules.elga_mandate.keystore.path=keys/moa_idp[password].p12
+modules.elga_mandate.keystore.password=password
+modules.elga_mandate.metadata.sign.alias=pvp_metadata
+modules.elga_mandate.metadata.sign.password=password
+modules.elga_mandate.request.sign.alias=pvp_assertion
+modules.elga_mandate.request.sign.password=password
+modules.elga_mandate.response.encryption.alias=pvp_assertion
+modules.elga_mandate.response.encryption.password=password
+
+######## SSO Interfederation client module ########
+modules.federatedAuth.keystore.path=keys/moa_idp[password].p12
+modules.federatedAuth.keystore.password=password
+modules.federatedAuth.metadata.sign.alias=pvp_metadata
+modules.federatedAuth.metadata.sign.password=password
+modules.federatedAuth.request.sign.alias=pvp_assertion
+modules.federatedAuth.request.sign.password=password
+modules.federatedAuth.response.encryption.alias=pvp_assertion
+modules.federatedAuth.response.encryption.password=password
 
 ######## Redis Settings, if Redis is used as a backend for session data.
 #        has to be enabled with the following parameter
@@ -141,3 +237,42 @@ advancedlogging.dbcp.validationQuery=select 1
 redis.use-pool=true
 redis.host-name=localhost
 redis.port=6379
+
+################SZR Client configuration####################################
+##  The SZR client is only required if MOA-ID-Auth should be 
+##  use as STORK <-> PVP Gateway. 
+########
+service.egovutil.szr.test=true
+service.egovutil.szr.test.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR
+service.egovutil.szr.prod.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR
+service.egovutil.szr.token.version=1.8
+service.egovutil.szr.token.participantid=
+service.egovutil.szr.token.gvoudomain=
+service.egovutil.szr.token.userid=
+service.egovutil.szr.token.cn=
+service.egovutil.szr.token.gvouid=
+service.egovutil.szr.token.ou=
+service.egovutil.szr.token.gvsecclass=
+service.egovutil.szr.token.gvfunction=
+service.egovutil.szr.token.gvgid=
+service.egovutil.szr.roles=
+service.egovutil.szr.ssl.keystore.file=
+service.egovutil.szr.ssl.keystore.password=
+service.egovutil.szr.ssl.keystore.type=
+service.egovutil.szr.ssl.truststore.file=
+service.egovutil.szr.ssl.truststore.password=
+service.egovutil.szr.ssl.truststore.type=
+service.egovutil.szr.ssl.trustall=false
+service.egovutil.szr.ssl.laxhostnameverification=false
+
+
+################ Encrypted foreign bPK generation ####################################
+##  This demo-extension enables encrypted bPK generation on MOA-ID-Auth side. 
+##  If you like to use this feature, the public key for encryption has to be added
+##  as X509 certificate in Base64 encoded from. The selection will be done on sector
+##  identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in   
+##  PVP Attribute Profie 2.1.2)    
+##  Additonal encryption keys can be added by add a ney configuration line, like
+##    configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG   (VKZ='BMI', Public Target='T1')    
+########
+#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw...
\ No newline at end of file
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 4fb57cb3a..0b9f7e614 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -60,6 +60,7 @@
     <li><a href="#basisconfig_moa_id_auth_param_services_moasp">MOA-SP</a></li>
     <li><a href="#basisconfig_moa_id_auth_param_services_mandates">Online-Vollmachen</a></li>
     <li><a href="#">Zentraler eIDAS Knoten</a></li>
+    <li><a href="#basisconfig_moa_id_auth_param_services_EID">E-ID Anbindung</a></li>
     </ol>
     </li>
   <li><a href="#basisconfig_moa_id_auth_param_protocol">Protokolle</a>
@@ -119,7 +120,7 @@
                 <li><a href="#konfigurationsparameter_oa_general_business">Privatwirtschaftlicher Bereich</a></li>
               </ol>
             </li>
-            <li><a href="#konfigurationsparameter_oa_eID_demo">Demo-Modus f&uuml;r E-ID</a></li>
+            <li><a href="#konfigurationsparameter_oa_eID_demo">Aktivierung der E-ID Anbindung</a></li>
             <li><a href="#konfigurationsparameter_oa_bku">BKU Konfiguration</a></li>
             <li><a href="#konfigurationsparameter_oa_sl20">Security Layer f�r mobile Authententifizierung</a></li>
             <li><a href="#konfigurationsparameter_oa_testcredentials">Test Credentials</a></li>
@@ -563,6 +564,77 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
   </tr>
 </table>
 <p>&nbsp;</p>
+<h5><a name="basisconfig_moa_id_auth_param_services_EID" id="uebersicht_bekanntmachung6"></a>2.2.2.2.4 Anbindung an das E-ID System</h5>
+<p>Die Anbindung und Weiterleitung an das zentrale E-ID System erfolgt via PVP2 S-Profil (SAML2). F&uuml;r das in MOA-ID 4.x integrierte E-ID Proxy Authentifizierungsmodul sind folgende Konfigurationsparameter erforderlich.</p>
+<table class="configtable">
+  <tr>
+    <th>Name</th>
+    <th>Beispielwert</th>
+    <th>Beschreibung</th>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.keystore.path</td>
+    <td>keys/szrgw.p12</td>
+    <td>Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung von PVP 2.x spezifischen Inhalten. (PVP 2.x Metadaten, PVP 2.1 Assertion)</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.keystore.password</td>
+    <td>pass1234</td>
+    <td>Passwort zum Keystore</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.metadata.sign.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels der zur Signierung der PVP 2.x Metadaten des E-ID Proxy Authentifizierungsmoduls</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.metadata.sign.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels der zur Signierung der PVP 2.x Metadaten  des E-ID Proxy Authentifizierungsmoduls</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.request.sign.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels mit dem der PVP 2.x Authn. Request durch MOA-ID unterschieben wird</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.request.sign.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels mit dem der PVP 2.x Authn. Request durch MOA-ID unterschieben wird</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.response.encryption.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels mit dem die PVP 2.x Assertion f&uuml;r MOA-ID verschl&uuml;sselt werden soll</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.response.encryption.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels mit dem PVP 2.x Assertion f&uuml;r MOA-ID verschl&uuml;sselt werden soll</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.EID.trustprofileID</td>
+    <td>eid_metadata</td>
+    <td>MOA-SP TrustProfil welches die vertrauensw&uuml;rdigen Zertifikate zur Validierung der Metadaten des zentralen E-ID Systemas beinhaltet</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.EID.entityId</td>
+    <td>&nbsp;</td>
+    <td><strong>Optional</strong>: EntityID des IDPs im zentralen E-ID System</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.EID.metadataUrl</td>
+    <td>&nbsp;</td>
+    <td><strong>Optional:</strong> URL auf die SAML2 Metadaten des zentralen E-ID System, sofern diese nicht &uuml;ber die EntityID geladen werden k&ouml;nnen</td>
+  </tr>
+  <tr>
+    <td>modules.eidproxyauth.required.additional.attributes.x</td>
+    <td>&nbsp;</td>
+    <td><p><strong>Optional:</strong> zus&auml;tzliche Attribute welche vom zentralen E-ID System angefordert werden</p>
+      <p>Attribute werden entspechend PVP2 Attribute-Profil angegeben. Beispiele f&uuml;r die Konfiguration finden Sie in der Beispielkonfiguration</p></td>
+  </tr>
+</table>
+<p>&nbsp;</p>
 <h5><a name="basisconfig_moa_id_auth_param_protocol" id="uebersicht_bekanntmachung9"></a>2.2.2.3 Protokolle</h5>
 <p>MOA-ID-Auth unterst&uuml;tzt mehrere Authentifizierungsprotokolle. Manche dieser Protokolle ben&ouml;tigen Schl&uuml;ssel zur Signierung von Authentifizierungsdaten oder Metadaten. In diesem Abschnitt erfolgt die Konfiguration des zu verwendeten Schl&uuml;sselmaterials. </p>
 <h6><a name="basisconfig_moa_id_auth_param_protocol_pvp21" id="uebersicht_bekanntmachung10"></a>2.2.2.3.1 PVP 2.1</h6>
@@ -1569,8 +1641,8 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
 </table>
 
 <p>&nbsp;</p>
-<h4><a name="konfigurationsparameter_oa_eID_demo" id="uebersicht_zentraledatei_aktualisierung32"></a>3.2.2 Demo-Modus f&uuml;r E-ID</h4>
-<p>Dieser Abschnitt behandelt den Demo-Modus f&uuml;r die kommende E-ID welcher mit der MOA-ID Version 3.4.2 eingef&uuml;hrt wurde. Ist der Demo-Modus aktiviert &auml;ndert sich das m&ouml;gliche Attribut-Set welches Online Applikation zur Verf&uuml;gung gestellt wird. Als Attributbezeichner in der nachfolgenden Liste werden die Attributebezeichnungen aus dem PVP Attribute-Profil verwendet. Ein Mapping auf OpenID-Connect Scopes oder SAML1 Attribute finden Sie in Kapitel <a href="../protocol/protocol.html#allgemeines_attribute">Protokolle</a>. Als weitere Anpassung wird mit hoher Wahrscheinlichkeit die iFrame Integration der Handy-Signatur nicht mehr zur Verf&uuml;gung stehen und es erfolgt eine vollformat Weiterleitung an den E-ID. Diese Anpassung ist in der MOA-ID Version 3.4.2 noch nicht ber&uuml;cksichtig.</p>
+<h4><a name="konfigurationsparameter_oa_eID_demo" id="uebersicht_zentraledatei_aktualisierung32"></a>3.2.2 Aktivierung der E-ID Anbindung</h4>
+<p>Dieser Abschnitt behandelt den E-ID Proxy Mode von MOA-ID welcher mit der Version 4.0 eingef&uuml;hrt wurde. Ist der E-ID Proxy Mode aktiviert &auml;ndert sich das m&ouml;gliche Attribut-Set welches Online Applikation zur Verf&uuml;gung gestellt wird, da der Benutzer an das E-ID System zur Authentifizierung weitergeleitet wird. Als Attributbezeichner in der nachfolgenden Liste werden die Attributebezeichnungen aus dem PVP Attribute-Profil verwendet. Ein Mapping auf OpenID-Connect Scopes oder SAML1 Attribute finden Sie in Kapitel <a href="../protocol/protocol.html#allgemeines_attribute">Protokolle</a>. </p>
 <p>Folgende Attribute stehen nicht mehr zur Verf&uuml;gung:</p>
 <ul>
   <li>EID-SOURCE-PIN (urn:oid:1.2.40.0.10.2.1.1.261.36)</li>
@@ -1598,28 +1670,11 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <th width="50%">Beschreibung</th>
   </tr>
   <tr>
-    <td><span id="wwlbl_loadOA_targetConfig_eidDemoActive">Demo-Modus aktivieren</span></td>
+    <td><span id="wwlbl_loadOA_targetConfig_eidDemoActive">E-ID aktivieren</span></td>
     <td><p>&nbsp;</p></td>
     <td align="center">&nbsp;</td>
     <td align="center">X</td>
-    <td>Aktiviert den Demo-Modus f&uuml;r die E-ID in dieser Online Applikation. </td>
-  </tr>
-  <tr>
-    <td><span id="wwlbl_loadOA_targetConfig_foreignbPKTargets">Sektoren f&uuml;r Fremd-bPKs</span></td>
-    <td>wbpk+FN+468924i,BMI+T1</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td><p>Eine CSV Liste von Bereichen f&uuml;r welche die Online Applikation verschl&uuml;sselte Fremd-bPKs ben&ouml;tigt. </p>
-      <p><strong>Hinweis:</strong> Da es sich hierbei nur um eine Demo handelt muss <a href="#basisconfig_moa_id_auth_others">das Schl&uuml;sselmaterial f&uuml;r die Verschl&uuml;sselung in MOA-ID hinterlegt werden</a>.</p></td>
-  </tr>
-  <tr>
-    <td><span id="wwlbl_loadOA_targetConfig_additionalbPKTargets">Sektoren f&uuml;r weitere bPKs</span></td>
-    <td><p>urn:publicid:gv.at:cdid+T1,</p>
-      <p>urn:publicid:gv.at:wbpk+FN+468924i</p></td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td><p>Eine CSV Liste von Bereichen f&uuml;r welche die Online Applikation bPKs aus anderen Bereichen ben&ouml;togt.</p>
-      <p><strong>Hinweis:</strong> Die Angabe der Bereiche erfolgt mit dem vollst&auml;ndigen Bereichsidentifier inkl. Prefix.</p></td>
+    <td>Aktiviert die Weiterleitung an den E-ID f&uuml;r diese Online Applikation. </td>
   </tr>
 </table>
 <p>&nbsp;</p>
-- 
cgit v1.2.3


From ada57605a8127ee25cbb6c2999addf721ab17db1 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 13 Dec 2019 09:33:04 +0100
Subject: fix problem with old Redis library fix configuration GUI

---
 .../src/main/resources/applicationResources_de.properties           | 4 ++--
 .../src/main/resources/applicationResources_en.properties           | 4 ++--
 .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp         | 6 ++++--
 id/server/idserverlib/pom.xml                                       | 2 +-
 4 files changed, 9 insertions(+), 7 deletions(-)

(limited to 'id/ConfigWebTool/src/main/webapp/jsp/snippets')

diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 9155d7684..a52efa28d 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -264,8 +264,8 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
 
-webpages.oaconfig.general.neweid.header=E-ID Attribute 
-webpages.oaconfig.general.neweid.activate=Neue E-ID Attribute \u00FCbertragen
+webpages.oaconfig.general.neweid.header=E-ID Proxy-Mode 
+webpages.oaconfig.general.neweid.activate=E-ID Proxy-Mode aktivieren
 webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV)
 webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV)
 
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 7d242de01..0109c3b02 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -270,8 +270,8 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
 
-webpages.oaconfig.general.neweid.header=Austrian E-ID Attributes 
-webpages.oaconfig.general.neweid.activate=Add additional E-ID Attributes
+webpages.oaconfig.general.neweid.header=E-ID Proxy Mode
+webpages.oaconfig.general.neweid.activate=Activate E-ID Proxy Mode
 webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV)
 webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV)
 
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index db79cb7d7..dc093fc36 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -123,7 +123,8 @@
 								cssClass="checkbox">
 						</s:checkbox>
 						
-						<!-- s:if test="authOA.isMoaidMode()">
+						<s:if test="authOA.isMoaidMode()">
+							<!-- 
 							<s:textarea name="targetConfig.foreignbPKTargets" 
 										value="%{targetConfig.foreignbPKTargets}" 
 										labelposition="left"
@@ -143,7 +144,8 @@
 										requiredLabel="true"
 										style="height:120px;">								
 							</s:textarea>
-						</s:if -->
+							 -->
+						</s:if>
 					
 					</div>
 					
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 39f6068e4..02069517c 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -509,7 +509,7 @@
 	    	<groupId>redis.clients</groupId>
 	    	<artifactId>jedis</artifactId>
 	    	<!-- version>3.0.1</version -->
-	    	<version>2.10.2</version>
+	    	<version>3.1.0</version>
 	    </dependency>
 	
 <!-- 	    <dependency>
-- 
cgit v1.2.3


From d34f9161257e803e13618749a7b78df333b0f937 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 9 Jan 2020 10:23:46 +0100
Subject: reactivate foreign-bPKs and additional bPKs in MOA-ID mode

---
 .../src/main/resources/applicationResources_de.properties   |  2 ++
 .../src/main/resources/applicationResources_en.properties   |  2 ++
 .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp | 13 +++++++------
 .../moa/id/auth/builder/AuthenticationDataBuilder.java      |  9 ++++-----
 4 files changed, 15 insertions(+), 11 deletions(-)

(limited to 'id/ConfigWebTool/src/main/webapp/jsp/snippets')

diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index a52efa28d..3b053d665 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -266,6 +266,8 @@ webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
 
 webpages.oaconfig.general.neweid.header=E-ID Proxy-Mode 
 webpages.oaconfig.general.neweid.activate=E-ID Proxy-Mode aktivieren
+
+webpages.oaconfig.general.foreign.header=Weitere bPKs/fremd-bPKs im MOA-ID Mode 
 webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV)
 webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV)
 
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 0109c3b02..550a9df78 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -272,6 +272,8 @@ webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
 
 webpages.oaconfig.general.neweid.header=E-ID Proxy Mode
 webpages.oaconfig.general.neweid.activate=Activate E-ID Proxy Mode
+
+webpages.oaconfig.general.foreign.header=Additional bPKs/foreign-bPKs in case of MOA-ID mode 
 webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV)
 webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV)
 
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index dc093fc36..ef62ef0e6 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -113,7 +113,7 @@
 					</s:if>
 					
 										
-					<div id="oa_config_foreignbPKArea" class="oa_config_block">
+					<div id="oa_config_EID_proxy_mode" class="oa_config_block">
 						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %></h3>
 						
 						<s:checkbox name="targetConfig.eidDemoActive" 
@@ -121,10 +121,12 @@
 								labelposition="left"
 								key="webpages.oaconfig.general.neweid.activate"
 								cssClass="checkbox">
-						</s:checkbox>
-						
-						<s:if test="authOA.isMoaidMode()">
-							<!-- 
+						</s:checkbox>						
+					</div>	
+					
+					<div id="oa_config_foreignbPKArea" class="oa_config_block">
+						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %></h3>
+						<s:if test="authOA.isMoaidMode()"> 
 							<s:textarea name="targetConfig.foreignbPKTargets" 
 										value="%{targetConfig.foreignbPKTargets}" 
 										labelposition="left"
@@ -144,7 +146,6 @@
 										requiredLabel="true"
 										style="height:120px;">								
 							</s:textarea>
-							 -->
 						</s:if>
 					
 					</div>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index d26f7b396..085874e77 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -538,7 +538,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
 			//build foreign bPKs
 			generateForeignbPK(oaParam, authData); 
-			
+
+      Logger.debug("Search for additional bPKs");
+      generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested());
 			
 			if (Boolean.parseBoolean(
 					oaParam.getConfigurationValue(
@@ -546,10 +548,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 							String.valueOf(false)))) {
 				Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... ");
 
-				//build additional bPKs
-				Logger.debug("Search for additional bPKs");
-				generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested());
-				
+				//build additional bPKs				
 				Logger.debug("Clearing identitylink ... ");
 				authData.setIdentityLink(null);
 				
-- 
cgit v1.2.3


From 117054bfda66d9537cd8dcaf4851e950cde75765 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 15 Jan 2020 14:20:30 +0100
Subject: fix wrong header in configuration tool

---
 .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/ConfigWebTool/src/main/webapp/jsp/snippets')

diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index ef62ef0e6..6bccd7d48 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -125,7 +125,7 @@
 					</div>	
 					
 					<div id="oa_config_foreignbPKArea" class="oa_config_block">
-						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %></h3>
+						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.foreign.header", request) %></h3>
 						<s:if test="authOA.isMoaidMode()"> 
 							<s:textarea name="targetConfig.foreignbPKTargets" 
 										value="%{targetConfig.foreignbPKTargets}" 
-- 
cgit v1.2.3


From 830e1912e44e666c6853c9fedefcb032637bd0d9 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 19 Feb 2020 13:46:10 +0100
Subject: separate between E-ID Proxy-Mode and Demo-Mode

---
 .../moa/id/configuration/data/oa/OATargetConfiguration.java | 13 +++++++++++--
 .../src/main/resources/applicationResources_de.properties   |  5 +++--
 .../src/main/resources/applicationResources_en.properties   |  5 +++--
 .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp | 11 +++++++++--
 .../moa/id/auth/builder/AuthenticationDataBuilder.java      | 12 ++++++++++--
 .../moa/id/config/auth/OAAuthParameterDecorator.java        |  6 +++++-
 .../moa/id/commons/config/ConfigurationMigrationUtils.java  | 10 ++++++++++
 .../moa/id/commons/config/MOAIDConfigurationConstants.java  |  1 +
 .../commons/db/dao/config/deprecated/OnlineApplication.java | 13 ++++++++++++-
 .../auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java   |  2 +-
 .../moa/id/protocols/saml1/SAML1AuthenticationServer.java   |  6 +++++-
 11 files changed, 70 insertions(+), 14 deletions(-)

(limited to 'id/ConfigWebTool/src/main/webapp/jsp/snippets')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index b2671302c..84516c73f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -61,6 +61,7 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 	private String foreignbPKTargets = null;
 	private String additionalbPKTargets = null;
 	private boolean eidDemoActive = false;
+  private boolean eidProxyActive = false;
 	
 	public OATargetConfiguration() {
 		 targetList = TargetValidator.getListOfTargets();
@@ -187,7 +188,7 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 		
 		//parse 'Austrian eID mode'  flag
 		eidDemoActive = dbOA.getIseIDDemoModeActive();
-		
+		eidProxyActive = dbOA.getIseIDProxyModeActive();
 		
 		return null;
 	}
@@ -301,6 +302,7 @@ public class OATargetConfiguration implements IOnlineApplicationData {
         dbOA.setForeignbPKTargetList(getForeignbPKTargets());        
         dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets());
         dbOA.setIseIDDemoModeActive(isEidDemoActive());
+        dbOA.setIseIDProxyModeActive(isEidProxyActive());
         
 		return null;
 	}
@@ -490,7 +492,14 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 		this.eidDemoActive = eidDemoActive;
 	}
 	
-	
+	 public boolean isEidProxyActive() {
+	    return eidProxyActive;
+	  }
+
+
+	  public void setEidProxyActive(boolean eidProxyActive) {
+	    this.eidProxyActive = eidProxyActive;
+	  }
 	
     
     
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 3b053d665..2ef63a529 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -264,8 +264,9 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
 
-webpages.oaconfig.general.neweid.header=E-ID Proxy-Mode 
-webpages.oaconfig.general.neweid.activate=E-ID Proxy-Mode aktivieren
+webpages.oaconfig.general.neweid.header=E-ID Mode 
+webpages.oaconfig.general.neweid.proxy.activate=E-ID Proxy-Mode aktivieren
+webpages.oaconfig.general.neweid.demo.activate=E-ID Demo-Mode aktivieren
 
 webpages.oaconfig.general.foreign.header=Weitere bPKs/fremd-bPKs im MOA-ID Mode 
 webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV)
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 550a9df78..6d0a89a64 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -270,8 +270,9 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
 
-webpages.oaconfig.general.neweid.header=E-ID Proxy Mode
-webpages.oaconfig.general.neweid.activate=Activate E-ID Proxy Mode
+webpages.oaconfig.general.neweid.header=E-ID Mode
+webpages.oaconfig.general.neweid.proxy.activate=Activate E-ID Proxy Mode
+webpages.oaconfig.general.neweid.demo.activate=Activate E-ID Demo Mode
 
 webpages.oaconfig.general.foreign.header=Additional bPKs/foreign-bPKs in case of MOA-ID mode 
 webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV)
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index 6bccd7d48..1f7adea01 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -116,12 +116,19 @@
 					<div id="oa_config_EID_proxy_mode" class="oa_config_block">
 						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %></h3>
 						
+						<s:checkbox name="targetConfig.eidProxyActive" 
+								value="%{targetConfig.eidProxyActive}"
+								labelposition="left"
+								key="webpages.oaconfig.general.neweid.proxy.activate"
+								cssClass="checkbox">
+						</s:checkbox>		
+						
 						<s:checkbox name="targetConfig.eidDemoActive" 
 								value="%{targetConfig.eidDemoActive}"
 								labelposition="left"
-								key="webpages.oaconfig.general.neweid.activate"
+								key="webpages.oaconfig.general.neweid.demo.activate"
 								cssClass="checkbox">
-						</s:checkbox>						
+						</s:checkbox>					
 					</div>	
 					
 					<div id="oa_config_foreignbPKArea" class="oa_config_block">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index cdb0dae98..3a826ed13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -222,7 +222,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 			authData.setIseIDNewDemoMode(Boolean.parseBoolean(
 					oaParam.getConfigurationValue(
 							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
-							String.valueOf(false))));
+							String.valueOf(false))) ||
+			    Boolean.parseBoolean(
+		          oaParam.getConfigurationValue(
+		              MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, 
+		              String.valueOf(false))));
 			
 			if (authData.isIseIDNewDemoMode()) {
 				Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true");
@@ -545,7 +549,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 			if (Boolean.parseBoolean(
 					oaParam.getConfigurationValue(
 							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
-							String.valueOf(false)))) {
+							String.valueOf(false))) ||
+			    Boolean.parseBoolean(
+		          oaParam.getConfigurationValue(
+		              MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, 
+		              String.valueOf(false)))) {
 				Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... ");
 
 				//build additional bPKs				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index ab2a07f7c..e76acfad5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -266,7 +266,11 @@ public String getKeyBoxIdentifier() {
 		if (Boolean.parseBoolean(
 					spConfiguration.getConfigurationValue(
 							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
-							String.valueOf(false)))) {
+							String.valueOf(false))) || 
+		    Boolean.parseBoolean(
+	          spConfiguration.getConfigurationValue(
+	              MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, 
+	              String.valueOf(false)))) {
 			Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... ");			
 			returnValue.setProvideBaseId(false);
 			returnValue.setProvideAuthBlock(false);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 62a19b399..8de41eee7 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -183,6 +183,11 @@ public class ConfigurationMigrationUtils {
 			else
 				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString());
 			
+	     if (oa.getIseIDProxyModeActive() != null)
+	        result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, oa.getIseIDProxyModeActive().toString());
+	      else
+	        result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, Boolean.FALSE.toString());
+			
 			if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList()))
 				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList());
 			else
@@ -884,6 +889,11 @@ public class ConfigurationMigrationUtils {
 	        else 
 	        	dbOA.setIseIDDemoModeActive(false);
 	        
+	         if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE)))
+	            dbOA.setIseIDProxyModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE)));
+	          else 
+	            dbOA.setIseIDProxyModeActive(false);
+	        
 	        if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)))
 	        		dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN));
 	        
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 91d738989..87f6c6416 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -67,6 +67,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
 	public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign";
 	public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs";
 	public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode";
+	public static final String SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE = AUTH + ".austrianeIDproxymode";
 	
 	
 	public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index 74a79912e..53be4d980 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -126,6 +126,9 @@ public class OnlineApplication
 
     @XmlTransient
     protected Boolean iseIDDemoModeActive = false;
+    
+    @XmlTransient
+    protected Boolean iseIDProxyModeActive = false;
 	
     
     public String getForeignbPKTargetList() {
@@ -155,6 +158,15 @@ public class OnlineApplication
 		this.iseIDDemoModeActive = iseIDDemoModeActive;
 	}
 
+  public Boolean getIseIDProxyModeActive() {
+    return iseIDProxyModeActive ;
+  }
+	
+  public void setIseIDProxyModeActive(Boolean valueOf) {
+    this.iseIDProxyModeActive = valueOf;
+    
+  }
+  
 	/**
 	 * @return the saml2PostBindingTemplateURL
 	 */
@@ -639,5 +651,4 @@ public class OnlineApplication
         final HashCodeStrategy strategy = JAXBHashCodeStrategy.INSTANCE;
         return this.hashCode(null, strategy);
     }
-
 }
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java
index 85d9d0f76..094da19c6 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java
@@ -72,7 +72,7 @@ public class EIDProxyAuthModuleImpl implements AuthModule {
 		
 	  if (Boolean.parseBoolean(
           pendingReq.getServiceProviderConfiguration().getConfigurationValue(
-              MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
+              MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, 
               String.valueOf(false)))) {
 	    Logger.debug("SP: " + pendingReq.getSPEntityId() + " activates E-ID mode.");
 	    return AUTH_PROCESS_NAME;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index af8211dee..73d3d369f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -354,7 +354,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 			if (Boolean.parseBoolean(
 					oaParam.getConfigurationValue(
 							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
-							String.valueOf(false)))) {
+							String.valueOf(false))) ||
+			    Boolean.parseBoolean(
+		          oaParam.getConfigurationValue(
+		              MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, 
+		              String.valueOf(false)))) {
 				Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... ");
 				
 				if (oaAttributes == null)
-- 
cgit v1.2.3


Name	Beispielwert	Beschreibung
modules.eidproxyauth.keystore.path	keys/szrgw.p12	Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung von PVP 2.x spezifischen Inhalten. (PVP 2.x Metadaten, PVP 2.1 Assertion)
modules.eidproxyauth.keystore.password	pass1234	Passwort zum Keystore
modules.eidproxyauth.metadata.sign.alias		Name des Schlüssels der zur Signierung der PVP 2.x Metadaten des E-ID Proxy Authentifizierungsmoduls
modules.eidproxyauth.metadata.sign.password		Passwort des Schlüssels der zur Signierung der PVP 2.x Metadaten des E-ID Proxy Authentifizierungsmoduls
modules.eidproxyauth.request.sign.alias		Name des Schlüssels mit dem der PVP 2.x Authn. Request durch MOA-ID unterschieben wird
modules.eidproxyauth.request.sign.password		Passwort des Schlüssels mit dem der PVP 2.x Authn. Request durch MOA-ID unterschieben wird
modules.eidproxyauth.response.encryption.alias		Name des Schlüssels mit dem die PVP 2.x Assertion für MOA-ID verschlüsselt werden soll
modules.eidproxyauth.response.encryption.password		Passwort des Schlüssels mit dem PVP 2.x Assertion für MOA-ID verschlüsselt werden soll
modules.eidproxyauth.EID.trustprofileID	eid_metadata	MOA-SP TrustProfil welches die vertrauenswürdigen Zertifikate zur Validierung der Metadaten des zentralen E-ID Systemas beinhaltet
modules.eidproxyauth.EID.entityId		Optional: EntityID des IDPs im zentralen E-ID System
modules.eidproxyauth.EID.metadataUrl		Optional: URL auf die SAML2 Metadaten des zentralen E-ID System, sofern diese nicht über die EntityID geladen werden können
modules.eidproxyauth.required.additional.attributes.x		Optional: zusätzliche Attribute welche vom zentralen E-ID System angefordert werden + Attribute werden entspechend PVP2 Attribute-Profil angegeben. Beispiele für die Konfiguration finden Sie in der Beispielkonfiguration