From b39bc0239d1e4a4d4a8b0fe708ee24c7709b9454 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 08:14:16 +0100
Subject: add MSOrganisation attribute for ISA 1.18

---
 id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml    | 1 +
 .../data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml      | 6 +++++-
 .../data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml | 6 +++++-
 .../data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml      | 4 ++++
 4 files changed, 15 insertions(+), 2 deletions(-)

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
index ee4c636ce..b45b69054 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
@@ -119,5 +119,6 @@
         
         <!-- ISA 1.18 attributes-->
         <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
+        <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
 
 </properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
index 83e69ac23..3370978b3 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
@@ -90,5 +90,9 @@
 	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
 	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
 	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-	
+  
+  <!-- ISA 1.18 attributes-->
+  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
+  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+  	
 </properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
index 83e69ac23..33437c110 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
@@ -90,5 +90,9 @@
 	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
 	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
 	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-	
+        
+  <!-- ISA 1.18 attributes-->
+  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
+  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+  	
 </properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
index b095b9e7e..2b0c05b88 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
@@ -91,4 +91,8 @@
 	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
 	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
 	
+  <!-- ISA 1.18 attributes-->
+  <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
+  <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+  
 </properties>
\ No newline at end of file
-- 
cgit v1.2.3


From ac46b082c7dc004f7c7237d8bda5d73cd646d861 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Nov 2014 16:29:30 +0100
Subject: add new A-Trust test CA certs

---
 ...Test-Sig-02.20141124-20141118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes
 ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer |  23 +++++++++++++++++++++
 ...est-Qual-02.20141124-20141118.SerNo3969edbf.cer | Bin 0 -> 996 bytes
 ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer |  23 +++++++++++++++++++++
 ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer |  23 +++++++++++++++++++++
 5 files changed, 69 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Qual-02.20141124-20141118.SerNo3969edbf.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Qual-02.20141124-20141118.SerNo3969edbf.cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Qual-02.20141124-20141118.SerNo3969edbf.cer
new file mode 100644
index 000000000..d71177a4e
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Qual-02.20141124-20141118.SerNo3969edbf.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
-- 
cgit v1.2.3


From 6d242194721574b6f7284f8b705a518d2f39b36f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 19 Dec 2014 10:33:36 +0100
Subject: add new certificates to trustProfiles and certstore

---
 ...Test-Sig-02.20141124-20241118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes
 ...remium-enc-02.20140701-20240701.SerNo144dfd.cer | Bin 0 -> 1159 bytes
 ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer |  23 +++++++++++++++++++++
 ...rate-light-02.20140905-20240905.SerNo153B49.cer | Bin 0 -> 1167 bytes
 ...remium-sig-02.20140701-20240701.SerNo144e10.cer | Bin 0 -> 1159 bytes
 ...remium-sig-03.20140701-20240701.SerNo144e13.cer | Bin 0 -> 1159 bytes
 ...Test-Sig-02.20141124-20241118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes
 ...rate-light-02.20140905-20240905.SerNo153B49.cer | Bin 0 -> 1167 bytes
 ...rate-light-02.20140905-20240905.SerNo153B49.cer | Bin 0 -> 1167 bytes
 ...Test-Sig-02.20141124-20241118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes
 ...remium-enc-02.20140701-20240701.SerNo144dfd.cer | Bin 0 -> 1159 bytes
 ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer |  23 +++++++++++++++++++++
 ...rate-light-02.20140905-20240905.SerNo153B49.cer | Bin 0 -> 1167 bytes
 ...remium-sig-02.20140701-20240701.SerNo144e10.cer | Bin 0 -> 1159 bytes
 ...remium-sig-03.20140701-20240701.SerNo144e13.cer | Bin 0 -> 1159 bytes
 .../toBeAdded/atrust_OCSP_Responder_03-1.crt       | Bin 0 -> 1185 bytes
 ...porate-light-02.20140905-20240905.SrN153B49.crt | Bin 0 -> 1167 bytes
 ...porate-light-02.20140905-20240905.SrN153B49.crt | Bin 0 -> 1167 bytes
 ...remium-enc-02.20140701-20240701.SerNo144dfd.cer | Bin 0 -> 1159 bytes
 ...porate-light-02.20140905-20240905.SrN153B49.crt | Bin 0 -> 1167 bytes
 ...remium-sig-02.20140701-20240701.SerNo144e10.cer | Bin 0 -> 1159 bytes
 ...remium-sig-03.20140701-20240701.SerNo144e13.cer | Bin 0 -> 1159 bytes
 ...Test-Sig-02.20141124-20141118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes
 23 files changed, 46 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/identityLink/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
new file mode 100644
index 000000000..6c0c042b4
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
new file mode 100644
index 000000000..74c4ce3b8
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
new file mode 100644
index 000000000..6c50ec079
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
new file mode 100644
index 000000000..6c0c042b4
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
new file mode 100644
index 000000000..74c4ce3b8
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
new file mode 100644
index 000000000..6c50ec079
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
new file mode 100644
index 000000000..ebfbce9a0
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
new file mode 100644
index 000000000..e4bd48dac
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/identityLink/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt b/spss/handbook/conf/moa-spss/trustProfiles/identityLink/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
new file mode 100644
index 000000000..e4bd48dac
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/identityLink/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
new file mode 100644
index 000000000..6c0c042b4
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
new file mode 100644
index 000000000..e4bd48dac
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
new file mode 100644
index 000000000..74c4ce3b8
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
new file mode 100644
index 000000000..6c50ec079
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer differ
-- 
cgit v1.2.3


From 92717efaa56e3d0f7c271b91483507cf981b417b Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Fri, 16 Jan 2015 10:19:44 +0100
Subject: Add minor fixes and updates.

- Fix moa-id-auth web.xml and upgrade to servlet 3.0.
- Reformat loginFormFull.html in order to enhance readability.
- Add some TODOs and FIXMEs.
- Adding some comments to DispatcherServlet in order to ease understanding the process.
---
 id/server/auth/src/main/webapp/WEB-INF/web.xml     | 71 ++++++++++++++--------
 .../conf/moa-id/htmlTemplates/loginFormFull.html   | 14 ++---
 .../id/auth/servlet/GetMISSessionIDServlet.java    |  2 +
 .../PEPSConnectorWithLocalSigningServlet.java      |  1 +
 .../moa/id/entrypoints/DispatcherServlet.java      | 27 ++++++--
 5 files changed, 76 insertions(+), 39 deletions(-)

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 42085b01e..fb3888a3e 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
-<web-app>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
 	<display-name>MOA ID Auth</display-name>
 	<description>MOA ID Authentication Service</description>
+
+	<!-- bootstrap loader for spring framework -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<!-- exposes request and response to the current thread -->
+	<filter>
+		<filter-name>requestContextFilter</filter-name>
+		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>requestContextFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
 <!-- 	<servlet>
 		<servlet-name>SelectBKU</servlet-name>
 		<display-name>SelectBKU</display-name>
@@ -10,63 +27,63 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>GenerateIframeTemplate</servlet-name>
-		<display-name>GenerateIframeTemplate</display-name>
 		<description>Generate BKU Request template</description>
+		<display-name>GenerateIframeTemplate</display-name>
+		<servlet-name>GenerateIframeTemplate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>RedirectServlet</servlet-name>
 		<display-name>RedirectServlet</display-name>
+		<servlet-name>RedirectServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>MonitoringServlet</servlet-name>
 		<display-name>MonitoringServlet</display-name>
+		<servlet-name>MonitoringServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<display-name>SSOSendAssertionServlet</display-name>
+		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
 	</servlet>	
 	<servlet>
-		<servlet-name>LogOut</servlet-name>
-		<display-name>LogOut</display-name>
 		<description>SSO LogOut</description>
+		<display-name>LogOut</display-name>
+		<servlet-name>LogOut</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
 	</servlet>
 	
 	<servlet>
-		<servlet-name>IDPSLO</servlet-name>
-		<display-name>IDP-SLO</display-name>
 		<description>IDP Single LogOut Service</description>
+		<display-name>IDP-SLO</display-name>
+		<servlet-name>IDPSLO</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class>
 	</servlet>
 	
 	<servlet>
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		<display-name>VerifyIdentityLink</display-name>
 		<description>Verify identity link coming from security layer</description>
+		<display-name>VerifyIdentityLink</display-name>
+		<servlet-name>VerifyIdentityLink</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<display-name>VerifyCertificate</display-name>
 		<description>Verify the certificate coming from security layer</description>
+		<display-name>VerifyCertificate</display-name>
+		<servlet-name>VerifyCertificate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>GetMISSessionID</servlet-name>
-		<display-name>GetMISSessionID</display-name>
 		<description>Get the MIS session ID coming from security layer</description>
+		<display-name>GetMISSessionID</display-name>
+		<servlet-name>GetMISSessionID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
 	</servlet>
 
 	<servlet>
-		<servlet-name>GetForeignID</servlet-name>
-		<display-name>GetForeignID</display-name>
 		<description>Gets the foreign eID from security layer</description>
+		<display-name>GetForeignID</display-name>
+		<servlet-name>GetForeignID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
 	</servlet>
 <!-- 	<servlet>
@@ -76,9 +93,9 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		<display-name>VerifyAuthBlock</display-name>
 		<description>Verify AUTH block coming from security layer</description>
+		<display-name>VerifyAuthBlock</display-name>
+		<servlet-name>VerifyAuthBlock</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
 	</servlet>
 <!-- 	<servlet>
@@ -89,8 +106,8 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>AxisServlet</servlet-name>
 		<display-name>Apache-Axis Servlet</display-name>
+		<servlet-name>AxisServlet</servlet-name>
 		<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
 	</servlet>
 
@@ -100,18 +117,18 @@
 		<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<display-name>PEPSConnectorServlet</display-name>
 		<description>Servlet receiving STORK SAML Response Messages from
 			different C-PEPS</description>
+		<display-name>PEPSConnectorServlet</display-name>
+		<servlet-name>PEPSConnectorServlet</servlet-name>
 		<servlet-class>
 			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
 		<description>Servlet receiving STORK SAML Response Messages from
 			different C-PEPS</description>
+		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
+		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
 		<servlet-class>
 			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
 	</servlet>
@@ -124,8 +141,8 @@
 		<load-on-startup>1</load-on-startup>
 	</servlet>-->
 	<servlet>
-		<servlet-name>DispatcherServlet</servlet-name>
 		<display-name>Dispatcher Servlet</display-name>
+		<servlet-name>DispatcherServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index 7e2ddc491..f19cc5320 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -794,13 +794,13 @@
 						<div id="localBKU">
 							<form method="get" id="moaidform" action="#AUTH_URL#"
 								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="CCC" id="ccc"> <input type="hidden"
-									name="MODUL" value="#MODUL#"> <input type="hidden"
-									name="ACTION" value="#ACTION#"> <input type="hidden"
-									name="MOASessionID" value="#SESSIONID#"> 
+								<input type="hidden" name="bkuURI" value="#LOCAL#">
+								<input type="hidden" name="useMandate" id="useMandate">
+								<input type="hidden" name="SSO" id="useSSO">
+								<input type="hidden" name="CCC" id="ccc">
+								<input type="hidden" name="MODUL" value="#MODUL#">
+								<input type="hidden" name="ACTION" value="#ACTION#">
+								<input type="hidden" name="MOASessionID" value="#SESSIONID#"> 
                   <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
 									role="button" class="hell"
                   onclick="setMandateSelection();"
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 9e2e845b5..20c32a3ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -197,6 +197,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
 			// for now: list contains only one element
 			MISMandate mandate = (MISMandate) list.get(0);
 
+			// TODO[tlenz]: UTF-8 ?
 			String sMandate = new String(mandate.getMandate());
 			if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
 				Logger.error("Mandate is empty.");
@@ -206,6 +207,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
 						
 			//check if it is a parsable XML
 			byte[] byteMandate = mandate.getMandate();
+			// TODO[tlenz]: UTF-8 ?
 			String stringMandate = new String(byteMandate);
 			DOMUtils.parseDocument(stringMandate, false,
 					null, null).getDocumentElement();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
index 3bc79f8bd..165445ea5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
@@ -473,6 +473,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
 						Logger.info("Found AttributeProviderPlugin attribute:"+ap.getAttributes());
 						if(ap.getAttributes().equalsIgnoreCase("signedDoc"))
 						{
+							// FIXME[tlenz]: A servlet's class field is not thread safe.
 							oasisDssWebFormURL = ap.getUrl();
 							found = true;
 							Logger.info("Loaded signedDoc attribute provider url from config:"+oasisDssWebFormURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 03cb6c1c4..a4c5c938f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -23,7 +23,6 @@
 package at.gv.egovernment.moa.id.entrypoints;
 
 import java.io.IOException;
-
 import java.util.Iterator;
 
 import javax.servlet.ServletConfig;
@@ -97,10 +96,13 @@ public class DispatcherServlet extends AuthServlet{
 		boolean useSSOOA = false;
 		String protocolRequestID = null;
 		
-		
 		try {
 			Logger.info("REQUEST: " + req.getRequestURI());
 			Logger.info("QUERY  : " + req.getQueryString());
+			
+
+// *** start of error handling ***
+			
 			String errorid = req.getParameter(ERROR_CODE_PARAM);
 			if (errorid != null) {
 
@@ -117,7 +119,7 @@ public class DispatcherServlet extends AuthServlet{
 					pendingRequestID = (String) idObject; 
 				}
 				
-				if (throwable != null) {					
+				if (throwable != null) {
 													
 						IRequest errorRequest = null;
 						if (pendingRequestID != null) {
@@ -173,6 +175,11 @@ public class DispatcherServlet extends AuthServlet{
 				return;
 			}
 
+// *** end of error handling ***
+
+			
+// *** start of protocol specific stuff ***
+
 			Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
 			String module = null;
 			if (moduleObject != null && (moduleObject instanceof String)) {
@@ -357,7 +364,11 @@ public class DispatcherServlet extends AuthServlet{
 						
 					}
 				}
-								
+						
+// *** end of protocol specific stuff ***
+				
+// *** start handling authentication ***
+				
 				AuthenticationManager authmanager = AuthenticationManager.getInstance();									
 				
 				String moasessionID = null;
@@ -473,7 +484,11 @@ public class DispatcherServlet extends AuthServlet{
 					//build authenticationdata from session information and OA configuration
 					authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);					
 				}
-										
+
+// *** end handling authentication ***
+
+// *** start finalizing authentication (SSO, final redirects, statistic logging etc) ***
+				
 				SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
 
 				RequestStorage.removePendingRequest(protocolRequestID);
@@ -506,6 +521,8 @@ public class DispatcherServlet extends AuthServlet{
 					
 				}
 
+// *** end finalizing authentication ***
+
 			} catch (Throwable e) {
 				Logger.warn("An authentication error occured: ", e);;
 				// Try handle module specific, if not possible rethrow
-- 
cgit v1.2.3


From ad40ae9233c5f2a32c983962d655e686af546677 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Thu, 22 Jan 2015 12:13:07 +0100
Subject: Add mandate process support (MOAID-60).

- Refactor moa-id auth web.xml
-- Group the servlets with their corresponding mappings.
-- Replace servlets for mappings "/GetMISSessionID", "/VerifyAuthBlock", "/VerifyCertificate" and "/VerifyIdentityLink".
-- Remove disabled declarations.
- Replace link http://jigsaw.w3.org/css-validator/images/vcss-blue with https://... within the internal templates (loginFormFull.html, sendAssertionFormFull.html, ...).
- Set classes deprecated: GetMISSessionIDServlet, VerifyCertificateServlet
- ProcessEngineSignalServlet: make GET delegate to PUT
- Replace some "implements MOAIDAuthConstants" with "import static MOAIDAuthConstants.*".
- Add detailed Javadoc to *Task.java.
- Update DefaultAuthentication.process.xml for mandate
- Add GetMISSessionIDTask and VerifyCertificateTask.
- Add adapter class for iaik.IAIKRuntimeException in order to satisfy some library's bogus dependendies.
---
 id/server/auth/src/main/webapp/WEB-INF/web.xml     | 272 +++++-------------
 .../htmlTemplates/loginFormFull.html               |   2 +-
 .../htmlTemplates/sendAssertionFormFull.html       |   2 +-
 .../conf/moa-id/htmlTemplates/loginFormFull.html   |   2 +-
 .../htmlTemplates/sendAssertionFormFull.html       |   2 +-
 .../conf/moa-id/htmlTemplates/slo_template.html    |   2 +-
 id/server/doc/htmlTemplates/BKU-selection.html     |   2 +-
 id/server/doc/htmlTemplates/sendAssertion.html     |   2 +-
 .../id/auth/servlet/GetMISSessionIDServlet.java    |   7 +-
 .../auth/servlet/ProcessEngineSignalServlet.java   |  39 ++-
 .../id/auth/servlet/VerifyCertificateServlet.java  |   9 +-
 .../moa/id/auth/tasks/AbstractAuthServletTask.java |  68 ++---
 .../id/auth/tasks/CreateIdentityLinkFormTask.java  |  36 +++
 .../moa/id/auth/tasks/GetMISSessionIDTask.java     | 182 ++++++++++++
 .../auth/tasks/VerifyAuthenticationBlockTask.java  |  56 ++--
 .../moa/id/auth/tasks/VerifyCertificateTask.java   | 166 +++++++++++
 .../moa/id/auth/tasks/VerifyIdentityLinkTask.java  | 319 +++++++++++----------
 .../protocols/pvp2x/exceptions/loginFormFull.html  |   2 +-
 .../src/main/java/iaik/IAIKRuntimeException.java   |  18 ++
 .../processes/DefaultAuthentication.process.xml    |  23 +-
 .../resources/templates/loginFormFull.html         |   2 +-
 .../resources/templates/sendAssertionFormFull.html |   2 +-
 .../resources/templates/slo_template.html          |   2 +-
 23 files changed, 769 insertions(+), 448 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
 create mode 100644 id/server/idserverlib/src/main/java/iaik/IAIKRuntimeException.java

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 477cce57b..1dd3b7a40 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -36,41 +36,67 @@
 		<filter-name>requestContextFilter</filter-name>
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
+	
+	<filter>
+		<filter-name>UrlRewriteFilter</filter-name>
+		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>UrlRewriteFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
 
-
-<!-- 	<servlet>
-		<servlet-name>SelectBKU</servlet-name>
-		<display-name>SelectBKU</display-name>
-		<description>Select Bürgerkartenartenumgebung</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
-	</servlet> -->
 	<servlet>
 		<description>Generate BKU Request template</description>
 		<display-name>GenerateIframeTemplate</display-name>
 		<servlet-name>GenerateIframeTemplate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>GenerateIframeTemplate</servlet-name>
+		<url-pattern>/GenerateIframeTemplate</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>RedirectServlet</display-name>
 		<servlet-name>RedirectServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>RedirectServlet</servlet-name>
+		<url-pattern>/RedirectServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>MonitoringServlet</display-name>
 		<servlet-name>MonitoringServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>MonitoringServlet</servlet-name>
+		<url-pattern>/MonitoringServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>SSOSendAssertionServlet</display-name>
 		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
-	</servlet>	
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>SSOSendAssertionServlet</servlet-name>
+		<url-pattern>/SSOSendAssertionServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<description>SSO LogOut</description>
 		<display-name>LogOut</display-name>
 		<servlet-name>LogOut</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>LogOut</servlet-name>
+		<url-pattern>/LogOut</url-pattern>
+	</servlet-mapping>
 	
 	<servlet>
 		<description>IDP Single LogOut Service</description>
@@ -78,25 +104,10 @@
 		<servlet-name>IDPSLO</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class>
 	</servlet>
-	
-	<servlet>
-		<description>Verify identity link coming from security layer</description>
-		<display-name>VerifyIdentityLink</display-name>
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
-	</servlet>
-	<servlet>
-		<description>Verify the certificate coming from security layer</description>
-		<display-name>VerifyCertificate</display-name>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
-	</servlet>
-	<servlet>
-		<description>Get the MIS session ID coming from security layer</description>
-		<display-name>GetMISSessionID</display-name>
-		<servlet-name>GetMISSessionID</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
-	</servlet>
+	<servlet-mapping>
+		<servlet-name>IDPSLO</servlet-name>
+		<url-pattern>/idpSingleLogout</url-pattern>
+	</servlet-mapping>
 
 	<servlet>
 		<description>Gets the foreign eID from security layer</description>
@@ -104,223 +115,84 @@
 		<servlet-name>GetForeignID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
 	</servlet>
-<!-- 	<servlet>
-		<servlet-name>ProcessInput</servlet-name>
-		<display-name>ProcessInput</display-name>
-		<description>Process user input needed by infobox validators</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
-	</servlet> -->
-	<servlet>
-		<description>Verify AUTH block coming from security layer</description>
-		<display-name>VerifyAuthBlock</display-name>
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
-	</servlet>
-<!-- 	<servlet>
-		<servlet-name>ConfigurationUpdate</servlet-name>
-		<display-name>ConfigurationUpdate</display-name>
-		<description>Update MOA-ID Auth configuration from the configuration
-			file</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
-	</servlet> -->
+	<servlet-mapping>
+		<servlet-name>GetForeignID</servlet-name>
+		<url-pattern>/GetForeignID</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>Apache-Axis Servlet</display-name>
 		<servlet-name>AxisServlet</servlet-name>
 		<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>AxisServlet</servlet-name>
+		<url-pattern>/services/*</url-pattern>
+	</servlet-mapping>
 
- 	<!-- JSP servlet -->
-<!--	<servlet>
-		<servlet-name>jspservlet</servlet-name>
-		<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
-	</servlet> -->
 	<servlet>
-		<description>Servlet receiving STORK SAML Response Messages from
-			different C-PEPS</description>
+		<description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
 		<display-name>PEPSConnectorServlet</display-name>
 		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<servlet-class>
-			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>PEPSConnectorServlet</servlet-name>
+		<url-pattern>/PEPSConnector</url-pattern>
+	</servlet-mapping>
+
 	<servlet>
-		<description>Servlet receiving STORK SAML Response Messages from
-			different C-PEPS</description>
+		<description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
 		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
 		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<servlet-class>
-			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
 	</servlet>
-
-	<!-- Dispatcher servlets 
-	<servlet>
-		<servlet-name>AuthDispatcherServlet</servlet-name>
-		<display-name>AuthDispatcher Servlet</display-name>
-		<servlet-class>at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet</servlet-class>
-		<load-on-startup>1</load-on-startup>
-	</servlet>-->
+	<servlet-mapping>
+		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
+		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>Dispatcher Servlet</display-name>
 		<servlet-name>DispatcherServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
-
-	<!-- Servlet Registration -->
-	<servlet>
-		<servlet-name>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class>
-	</servlet>
+	<servlet-mapping>
+		<servlet-name>DispatcherServlet</servlet-name>
+		<url-pattern>/dispatcher</url-pattern>
+	</servlet-mapping>
 
 	<servlet>
-		<description>Resumes a suspended process engine task.</description>
+		<description>Resumes a suspended process task.</description>
 		<display-name>ProcessEngineSignal</display-name>
 		<servlet-name>ProcessEngineSignal</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet</servlet-class>
 	</servlet>
-
-
-
-	<servlet-mapping>
-		<servlet-name>DispatcherServlet</servlet-name>
-		<url-pattern>/dispatcher</url-pattern>
-	</servlet-mapping>
-	<!-- servlet-mapping>
-		<servlet-name>AuthDispatcherServlet</servlet-name>
-		<url-pattern>/AuthDispatcher</url-pattern>
-	</servlet-mapping -->
-
-
-	<!-- servlet mapping for jsp pages -->
-	<!-- errorpage.jsp (customizeable) -->
-<!-- 	<servlet-mapping>
-		<servlet-name>jspservlet</servlet-name>
-		<url-pattern>/errorpage-auth.jsp</url-pattern>
-	</servlet-mapping>
-	message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate)
-	<servlet-mapping>
-		<servlet-name>jspservlet</servlet-name>
-		<url-pattern>/message-auth.jsp</url-pattern>
-	</servlet-mapping> -->
-
-<!-- 	<servlet-mapping>
-		<servlet-name>SelectBKU</servlet-name>
-		<url-pattern>/SelectBKU</url-pattern>
-	</servlet-mapping> -->
-	<servlet-mapping>
-		<servlet-name>GenerateIframeTemplate</servlet-name>
-		<url-pattern>/GenerateIframeTemplate</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>RedirectServlet</servlet-name>
-		<url-pattern>/RedirectServlet</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>MonitoringServlet</servlet-name>
-		<url-pattern>/MonitoringServlet</url-pattern>
-	</servlet-mapping>
 	<servlet-mapping>
-		<servlet-name>SSOSendAssertionServlet</servlet-name>
-		<url-pattern>/SSOSendAssertionServlet</url-pattern>
-	</servlet-mapping>	
- 	<servlet-mapping>
-		<servlet-name>LogOut</servlet-name>
-		<url-pattern>/LogOut</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>IDPSLO</servlet-name>
-		<url-pattern>/idpSingleLogout</url-pattern>
-	</servlet-mapping>	
-	<servlet-mapping>
-		<!--
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		-->
 		<servlet-name>ProcessEngineSignal</servlet-name>
-		<url-pattern>/VerifyIdentityLink</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<url-pattern>/VerifyCertificate</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>GetMISSessionID</servlet-name>
 		<url-pattern>/GetMISSessionID</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>GetForeignID</servlet-name>
-		<url-pattern>/GetForeignID</url-pattern>
-	</servlet-mapping>
-
-<!-- 	<servlet-mapping>
-		<servlet-name>ProcessInput</servlet-name>
-		<url-pattern>/ProcessInput</url-pattern>
-	</servlet-mapping> -->
-	
-	<servlet-mapping>
-		<!--
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		-->
-		<servlet-name>ProcessEngineSignal</servlet-name>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
+		<url-pattern>/VerifyCertificate</url-pattern>
+		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
-<!-- 	<servlet-mapping>
-		<servlet-name>ConfigurationUpdate</servlet-name>
-		<url-pattern>/ConfigurationUpdate</url-pattern>
-	</servlet-mapping> -->
-	<servlet-mapping>
-		<servlet-name>AxisServlet</servlet-name>
-		<url-pattern>/services/*</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<url-pattern>/PEPSConnector</url-pattern>
-	</servlet-mapping>
-<servlet-mapping>
-		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
-	</servlet-mapping>
-	<!-- Filters -->
-	<!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class> 
-		</filter> -->
-
-	<filter>
-		<filter-name>UrlRewriteFilter</filter-name>
-		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
-	</filter>
-
-	<filter-mapping>
-		<filter-name>UrlRewriteFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-	<!-- <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> 
-		<url-pattern>/AuthDispatcher</url-pattern> <dispatcher>REQUEST</dispatcher> 
-		<dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> 
-		<url-pattern>/StartAuthentication</url-pattern> <dispatcher>REQUEST</dispatcher> 
-		<dispatcher>FORWARD</dispatcher> </filter-mapping> -->
 
 	<session-config>
 		<session-timeout>5</session-timeout>
 	</session-config>
+	
 	<error-page>
 		<error-code>500</error-code>
 		<location>/errorpage.jsp</location>
 	</error-page>
-<!-- 	<security-constraint>
-		<web-resource-collection>
-			<web-resource-name>ConfigurationUpdate</web-resource-name>
-			<url-pattern>/ConfigurationUpdate</url-pattern>
-		</web-resource-collection>
-		<auth-constraint>
-			<role-name>moa-admin</role-name>
-		</auth-constraint>
-	</security-constraint> -->
+	
 	<login-config>
 		<auth-method>BASIC</auth-method>
 		<realm-name>UserDatabase</realm-name>
 	</login-config>
 	<security-role>
-		<description>
-			The role that is required to log in to the moa Application
-		</description>
+		<description>The role that is required to log in to the moa Application</description>
 		<role-name>moa-admin</role-name>
 	</security-role>
+
 </web-app>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
index ef070b8eb..d0af6401b 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
index b80d654cc..1a3e683de 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
@@ -608,7 +608,7 @@
         </a>
         <a href="http://jigsaw.w3.org/css-validator/">
           <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+                 src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
                  alt="CSS ist valide!" />
         </a>
     </div>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index f19cc5320..5b534fca3 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
index b80d654cc..1a3e683de 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
@@ -608,7 +608,7 @@
         </a>
         <a href="http://jigsaw.w3.org/css-validator/">
           <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+                 src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
                  alt="CSS ist valide!" />
         </a>
     </div>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
index 6cefe4054..9a621998c 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
@@ -450,7 +450,7 @@
 				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/doc/htmlTemplates/BKU-selection.html b/id/server/doc/htmlTemplates/BKU-selection.html
index ef070b8eb..d0af6401b 100644
--- a/id/server/doc/htmlTemplates/BKU-selection.html
+++ b/id/server/doc/htmlTemplates/BKU-selection.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/doc/htmlTemplates/sendAssertion.html b/id/server/doc/htmlTemplates/sendAssertion.html
index b80d654cc..1a3e683de 100644
--- a/id/server/doc/htmlTemplates/sendAssertion.html
+++ b/id/server/doc/htmlTemplates/sendAssertion.html
@@ -608,7 +608,7 @@
         </a>
         <a href="http://jigsaw.w3.org/css-validator/">
           <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+                 src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
                  alt="CSS ist valide!" />
         </a>
     </div>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 20c32a3ec..dd5253e77 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.GetMISSessionIDTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -83,7 +84,7 @@ import at.gv.egovernment.moa.util.DOMUtils;
 /**
  * Servlet requested for getting the foreign eID provided by the security layer
  * implementation. Utilizes the {@link AuthenticationServer}.
- * 
+ * @deprecated Use {@link GetMISSessionIDTask} instead.
  */
 public class GetMISSessionIDServlet extends AuthServlet {
 
@@ -136,6 +137,10 @@ public class GetMISSessionIDServlet extends AuthServlet {
 
 		Logger.debug("POST GetMISSessionIDServlet");
 
+		  if (System.currentTimeMillis() > 0) {
+			  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+		  }		
+		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
 				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index 1ea8631c6..849ccf5db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -17,19 +17,46 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 
 import com.datentechnik.process_engine.ProcessInstance;
 
+/**
+ * Servlet that resumes a suspended process (in case of asynchronous tasks).
+ * 
+ * @author tknall
+ * 
+ */
 public class ProcessEngineSignalServlet extends AuthServlet {
 
 	private static final long serialVersionUID = 1L;
 
+	/**
+	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
+	 * 
+	 * @param resp
+	 *            The HttpServletResponse.
+	 */
+	private void setNoCachingHeaders(HttpServletResponse resp) {
+		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+	}
+
+	/**
+	 * Processes a GET request, delegating the call to {@link #doPost(HttpServletRequest, HttpServletResponse)}.
+	 */
+	@Override
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+		this.doPost(req, resp);
+	}
+
+	/**
+	 * Resumes the current process instance that has been suspended due to an asynchronous task. The process instance is
+	 * retrieved from the MOA session referred to by the request parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}.
+	 */
 	@Override
 	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
 
-		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+		setNoCachingHeaders(resp);
 		try {
 
 			// check parameter
@@ -44,7 +71,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 			if (session.getProcessInstanceId() == null) {
 				throw new IllegalStateException("MOA session does not provide process instance id.");
 			}
-			
+
 			// wake up next task
 			ProcessInstance pi = getProcessEngine().getProcessInstance(session.getProcessInstanceId());
 			getProcessEngine().signal(pi);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index a3397f561..36e219a97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.VerifyCertificateTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -77,6 +78,7 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils;
  * Servlet requested for getting the foreign eID
  * provided by the security layer implementation.
  * Utilizes the {@link AuthenticationServer}.
+ * @deprecated Use {@link VerifyCertificateTask} instead.
  *
  */
 public class VerifyCertificateServlet extends AuthServlet {
@@ -124,6 +126,9 @@ public class VerifyCertificateServlet extends AuthServlet {
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
+	  if (System.currentTimeMillis() > 0) {
+		  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+	  }
 		Logger.debug("POST VerifyCertificateServlet");
 		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
@@ -180,7 +185,8 @@ public class VerifyCertificateServlet extends AuthServlet {
 					throw new MOAIDException("session store error", null);
 				}
 	    		
-	    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+		    	ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+	    		
 	    	}
 	    	else {
 	    			
@@ -210,7 +216,6 @@ public class VerifyCertificateServlet extends AuthServlet {
 		    	
 		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 		    	
-		    	
 		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
 	    	}	    		    	 
 	    }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
index d43e8cf68..d5b869777 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -9,7 +11,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.Set;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletContext;
@@ -25,10 +26,10 @@ import org.apache.commons.fileupload.servlet.ServletFileUpload;
 import org.apache.commons.lang3.ArrayUtils;
 
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
 import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
@@ -36,11 +37,17 @@ import at.gv.egovernment.moa.id.storage.IExceptionStore;
 import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.URLDecoder;
 
 import com.datentechnik.process_engine.springweb.AbstractSpringWebSupportedTask;
 
-public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask implements MOAIDAuthConstants {
+/**
+ * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
+ * etc.).</p> The code has been taken from {@link AuthServlet}.
+ * 
+ * @author tknall
+ * 
+ */
+public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask {
 
 	protected static final String ERROR_CODE_PARAM = "errorid";
 
@@ -75,14 +82,10 @@ public abstract class AbstractAuthServletTask extends AbstractSpringWebSupported
 				.getRequestDispatcher("/errorpage-auth.jsp");
 		try {
 
-			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+			resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+			resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+			resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+			resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
 
 			dispatcher.forward(req, resp);
 		} catch (ServletException e) {
@@ -179,15 +182,7 @@ public abstract class AbstractAuthServletTask extends AbstractSpringWebSupported
 		RequestDispatcher dispatcher = context
 				.getRequestDispatcher("/errorpage-auth.jsp");
 		try {
-			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+			setNoCachingHeaders(resp);
 			dispatcher.forward(req, resp);
 		} catch (ServletException e) {
 			Logger.error(e);
@@ -324,32 +319,17 @@ public abstract class AbstractAuthServletTask extends AbstractSpringWebSupported
 		return bout.toString();
 	}
 
-
-	
-//	public void contextDestroyed(ServletContextEvent arg0) {
-//		Security.removeProvider((new IAIK()).getName());
-//		Security.removeProvider((new ECCProvider()).getName());
-//	}
-	
 	/**
-	 * Set response headers to avoid caching
+	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
 	 * 
-	 * @param request
-	 *            HttpServletRequest
-	 * @param response
-	 *            HttpServletResponse
+	 * @param resp
+	 *            The HttpServletResponse.
 	 */
-	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
-			HttpServletResponse response) {
-		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-				MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+	private void setNoCachingHeaders(HttpServletResponse resp) {
+		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
 	}
 
 	/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
index 4c87bb689..70afd477d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
 import java.io.PrintWriter;
 
 import javax.servlet.http.HttpServletRequest;
@@ -8,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.ObjectUtils;
 
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -22,6 +25,39 @@ import at.gv.egovernment.moa.util.StringUtils;
 
 import com.datentechnik.process_engine.api.ExecutionContext;
 
+/**
+ * Creates a http form including an embedded {@code InfoBoxReadRequest} for reading the identity link.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Removes ExecutionContext property {@link MOAIDAuthConstants#PARAM_SESSIONID}.</li>
+ * <li>Creates the http form mentioned above.</li>
+ * <li>Returns the http form via HttpServletResponse.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID} <strong>or</strong></li>
+ * <li>ExecutionContext property {@link MOAIDAuthConstants#PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>The identity link form via HttpServletResponse.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case of STORK authentication
+ * <ul>
+ * <li>Creates STORK auth SAML request.</li>
+ * <li>Creates and returns a form for submitting the SAML request to the CPEPS (post binding).</li>
+ * <li>Returns the form via HttpServletResponse.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
 public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
new file mode 100644
index 000000000..40e33ae43
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
@@ -0,0 +1,182 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import iaik.pki.PKIException;
+
+import java.security.GeneralSecurityException;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Retrieves a mandate from the online mandate issuing service.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Retrieves the mandate referenced within the moa session from the online (external) mandate issuing service.</li>
+ * <li>Verifies the mandate.</li>
+ * <li>Puts mandate into moa session.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Mandate put into moa session.</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class GetMISSessionIDTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+		
+		Logger.debug("POST GetMISSessionIDServlet");
+
+		String sessionID = req.getParameter(PARAM_SESSIONID);
+
+		// escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+		AuthenticationSession session = null;
+		String pendingRequestID = null;
+		try {
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID))
+				throw new WrongParametersException("VerifyCertificate",
+						PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+			
+			session = AuthenticationServer.getSession(sessionID);
+
+			//change MOASessionID
+		    sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+			
+			String misSessionID = session.getMISSessionID();
+
+			AuthConfigurationProvider authConf = AuthConfigurationProvider
+					.getInstance();
+			ConnectionParameter connectionParameters = authConf
+					.getOnlineMandatesConnectionParameter();
+			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+					AuthConfigurationProvider.getInstance(),
+					connectionParameters);
+
+			List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
+					connectionParameters.getUrl(), misSessionID, sslFactory);
+
+			if (list == null || list.size() == 0) {
+				Logger.error("Keine Vollmacht gefunden.");
+				throw new AuthenticationException("auth.15", null);
+			}
+
+			// for now: list contains only one element
+			MISMandate mandate = (MISMandate) list.get(0);
+
+			// TODO[tlenz]: UTF-8 ?
+			String sMandate = new String(mandate.getMandate());
+			if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
+				Logger.error("Mandate is empty.");
+				throw new AuthenticationException("auth.15",
+						new Object[] { GET_MIS_SESSIONID });
+			}
+						
+			//check if it is a parsable XML
+			byte[] byteMandate = mandate.getMandate();
+			// TODO[tlenz]: UTF-8 ?
+			String stringMandate = new String(byteMandate);
+			DOMUtils.parseDocument(stringMandate, false,
+					null, null).getDocumentElement();
+			
+			// extract RepresentationType
+			AuthenticationServer.getInstance().verifyMandate(session, mandate);
+			
+			session.setMISMandate(mandate);
+			session.setAuthenticatedUsed(false);
+			session.setAuthenticated(true);
+			
+	    	//set QAA Level four in case of card authentifcation
+	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+			
+			String oldsessionID = session.getSessionID();
+			
+			//Session is implicite stored in changeSessionID!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+			
+			Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+			Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+						
+			String redirectURL = new DataURLBuilder().buildDataURL(
+					session.getAuthURL(),
+					ModulUtils.buildAuthURL(session.getModul(),
+							session.getAction(), pendingRequestID), newMOASessionID);
+			redirectURL = resp.encodeRedirectURL(redirectURL);
+			
+			// TODO[branch]: Final step back to /dispatcher
+			
+			resp.setContentType("text/html");
+			resp.setStatus(302);
+			resp.addHeader("Location", redirectURL);
+			Logger.debug("REDIRECT TO: " + redirectURL);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+			
+		} catch (GeneralSecurityException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+			
+		} catch (PKIException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+		} catch (SAXException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+		} catch (ParserConfigurationException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+	    } catch (Exception e) {
+	    	Logger.error("MISMandateValidation has an interal Error.", e);
+	       
+	    }
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
+	    }
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
index ff1bc8cd1..24fea05c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
@@ -38,30 +38,44 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 
 import com.datentechnik.process_engine.api.ExecutionContext;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
 
+/**
+ * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Takes the {@code CreateXMLSignatureResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the {@code CreateXMLSignatureResponse}.</li>
+ * <li>Updates moa session.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Authentication data put into moa session.</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case of mandate mode
+ * <ul>
+ * <li>Creates a mandate session at the external mandate issuing service.</li>
+ * <li>Redirects the user's browser to the online mandate issuing service GUI.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
 public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 
-	  /**
-	   * Verifies the signed authentication block and redirects the browser
-	   * to the online application requested, adding a parameter needed for
-	   * retrieving the authentication data.
-	   * <br>
-	   * Request parameters:
-	   * <ul>
-	   * <li>MOASessionID: ID of associated authentication session</li>
-	   * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
-	   * </ul>
-	   * Response:
-	   * <ul>
-	   * <li>Status: <code>302</code></li>
-	   * <li>Header <code>"Location"</code>: URL of the online application requested, with
-	   * 						parameters <code>"Target"</code>(only if the online application is
-	   *            a public service) and <code>"SAMLArtifact"</code> added</li>
-	   * <li>Error status: <code>500</code>
-	   * </ul>
-	   * @see AuthenticationServer#verifyAuthenticationBlock
-	   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
-	   */
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws Exception {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
new file mode 100644
index 000000000..979e64888
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
@@ -0,0 +1,166 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the certificate.</li>
+ * <li>Creates the auth block to be signed using information from the certificate (Organwalter, foreign citizen.</li>
+ * <li>Puts it in a {@code CreateXMLSignatureRequest}.</li>
+ * <li>Updates moa session.</li>
+ * <li>Responds with {@code CreateXMLSignatureRequest}.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>{@code CreateXMLSignatureRequest} send as HttpServletResponse (for CCE).</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class VerifyCertificateTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet
+
+		Logger.debug("POST VerifyCertificateServlet");
+		
+		String pendingRequestID = null;
+		
+		Map<String, String> parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	     	}
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    
+	    // escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+		
+		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		
+	    AuthenticationSession session = null;
+	    try {
+	       // check parameter
+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+	       
+	    	session = AuthenticationServer.getSession(sessionID);
+	    	
+	        //change MOASessionID
+	        sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+	    	
+    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+    		if (cert == null) {
+    			Logger.error("Certificate could not be read.");
+    			throw new AuthenticationException("auth.14", null);    		
+    		}
+    		
+	    	boolean useMandate = session.getUseMandate();
+	    	
+	    	
+	    	if (useMandate) {
+
+	    		// verify certificate for OrganWalter
+	    		String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+	    		
+		    	try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("session store error", null);
+				}
+	    		
+		    	// TODO[branch]: Mandate; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
+		    	ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+	    		
+	    	}
+	    	else {
+	    			
+		    	
+	    		String countrycode = CertificateUtils.getIssuerCountry(cert);
+	    		if (countrycode != null) {
+	    			if (countrycode.compareToIgnoreCase("AT") == 0) {
+	    				Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
+	    				throw new AuthenticationException("auth.22", null);
+	    			}
+	    		}
+	    		
+	    		// Foreign Identities Modus	
+		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
+		      // build dataurl (to the GetForeignIDSerlvet)
+		    	String dataurl =
+	             new DataURLBuilder().buildDataURL(
+	               session.getAuthURL(),
+	               REQ_GET_FOREIGN_ID,
+	               session.getSessionID());
+	       
+		    	try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("session store error", null);
+				}
+		    	
+	    		// TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID"
+		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+		    	
+		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
+	    	}	    		    	 
+	    }
+	    catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp, pendingRequestID);
+	      
+	    } catch (Exception e) {
+	    	Logger.error("CertificateValidation has an interal Error.", e);
+	    }
+	       
+	    
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
+	    }
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
index ec12643ec..c24e42b3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
 import java.io.IOException;
 import java.util.Map;
 
@@ -28,176 +30,179 @@ import at.gv.egovernment.moa.logging.Logger;
 
 import com.datentechnik.process_engine.api.ExecutionContext;
 
+/**
+ * Verifies the identity link and prepares auth block signature if identity link provided, or triggers reading the subject's certificate if not provided.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Parses the identity link retrieves as {@code InfoBoxReadResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the identity link.</li>
+ * <li>Creates the auth block to be signed.</li>
+ * <li>Updates moa session.</li>
+ * <li>Creates and returns a {@code CreateXMLSignatureRequest} via HttpServletResponse.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Identity link put into moa session.</li>
+ * <li>Returns {@code CreateXMLSignatureRequest} via HttpServletResponse (for CCE).</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case of foreign citizen or in case of mandate
+ * <ul>
+ * <li>Create {@code InfoBoxReadRequest} for reading the subjects certificate.</li>
+ * <li>Set DataURL {@code /VerifyCertificate}.</li>
+ * <li>Respond with {@code InfoBoxReadRequest}.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
 public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 
-	/**
-	 * Verifies the identity link and responds with a new 
-	 * <code>CreateXMLSignatureRequest</code> or a new <code>
-	 * InfoboxReadRequest</code> (in case of a foreign eID card).
-	 * <br>
-	 * Request parameters:
-	 * <ul>
-	 * <li>MOASessionID: ID of associated authentication session</li>
-	 * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
-	 * </ul>
-	 * Response:
-	 * <ul>
-	 * <li>Content type: <code>"text/xml"</code></li>
-	 * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
-	 * <li>Error status: <code>500</code>
-	 * </ul>
-	 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
-	 */
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws Exception {
-		
+
 		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
 
-			Logger.debug("POST VerifyIdentityLink");
-			  
-	    Map<String, String> parameters;
-	    String pendingRequestID = null;
-	    
-	    try 
-	    {
-	      parameters = getParameters(req);
-	      
-	    } catch (Exception e) 
-	    {
-	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-	      throw new IOException(e.getMessage());
-	    }
-	    String sessionID = req.getParameter(PARAM_SESSIONID);
-	           
-	    // escape parameter strings
+		Logger.debug("POST VerifyIdentityLink");
+
+		Map<String, String> parameters;
+		String pendingRequestID = null;
+
+		try {
+			parameters = getParameters(req);
+		} catch (Exception e) {
+			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+			throw new IOException(e.getMessage());
+		}
+		String sessionID = req.getParameter(PARAM_SESSIONID);
+
+		// escape parameter strings
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-	    
+
 		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-		
-	    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-		
-	    try {
-	    // check parameter
-	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
-	          throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
-	       
-	       
-	       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-	       
-	       //change MOASessionID
-	       sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-	    	  
-	    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
-
-	    	Logger.debug(createXMLSignatureRequestOrRedirect);
-	    	
-	    	    	
-	    	if (createXMLSignatureRequestOrRedirect == null) {
-	    	   // no identity link found
-
-	    		boolean useMandate = session.getUseMandate();
-	    		if (useMandate) {
-	    			Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
-	    			throw new AuthenticationException("auth.13", null);
-	    		}
-	    		// TODO[branch]: Foreign citizen; respond with IRR for certificates, dataURL = "/VerifyCertificate"
-	    		
-	    		try {
-	    		
-	    		   Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
-	    		   
-	    		   // create the InfoboxReadRequest to get the certificate
-	    		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
-	    		   // build dataurl (to the VerifyCertificateSerlvet)
-	          String dataurl =
-	                new DataURLBuilder().buildDataURL(
-	                  session.getAuthURL(),
-	                  REQ_VERIFY_CERTIFICATE,
-	                  session.getSessionID());
-	          
-	          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-	          
-	    	    	
-	    	    }
-	    	    catch(Exception e) {
-	    	    	handleError(null, e, req, resp, pendingRequestID);
-	    	    }
-	    	    
-	    	}
-	    	else {
-	    		boolean useMandate = session.getUseMandate();
-	    		
-	    		if (useMandate) { // Mandate modus
-	    			
-	    			// TODO[branch]: Mandate; respond with IRR for certificates, dataURL = "/VerifyCertificate"
-	    			
-	    			// read certificate and set dataurl to 
-	    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
-	    			
-	    
-	     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
-	     		   // build dataurl (to the GetForeignIDSerlvet)
-	     		   String dataurl =
-	                 new DataURLBuilder().buildDataURL(
-	                   session.getAuthURL(),
-	                   REQ_VERIFY_CERTIFICATE,
-	                   session.getSessionID());
-	           
-	     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
-	     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-	     		   
-	     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
-	     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-	    			
-	    		}	
-	    		else {
-	    			Logger.info("Normal");
-	    			
-	    			// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
-	    			
-	    			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-	    					.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-	    			AuthConfigurationProvider authConf = AuthConfigurationProvider
-	    					.getInstance();
-	    			
-	    			createXMLSignatureRequestOrRedirect =  AuthenticationServer.getInstance()
-	    					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
-	    					authConf, oaParam);
-	    			
-	    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
-	    		}
-	    	}
-	    	
+
+		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+
+		try {
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID))
+				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			// change MOASessionID
+			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+			String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session,
+					parameters);
+
+			Logger.debug(createXMLSignatureRequestOrRedirect);
+
+			if (createXMLSignatureRequestOrRedirect == null) {
+				// no identity link found
+
+				boolean useMandate = session.getUseMandate();
+				if (useMandate) {
+					Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+					throw new AuthenticationException("auth.13", null);
+				}
+				// TODO[branch]: Foreign citizen; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+
+				try {
+
+					Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+					// create the InfoboxReadRequest to get the certificate
+					String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+					// build dataurl (to the VerifyCertificateSerlvet)
+					String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
+							session.getSessionID());
+
+					ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest,
+							AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+				} catch (Exception e) {
+					handleError(null, e, req, resp, pendingRequestID);
+				}
+
+			} else {
+				boolean useMandate = session.getUseMandate();
+
+				if (useMandate) { // Mandate modus
+
+					// TODO[branch]: Mandate; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+
+					// read certificate and set dataurl to
+					Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+					String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+					// build dataurl (to the GetForeignIDSerlvet)
+					String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
+							session.getSessionID());
+
+					// Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+					// ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest,
+					// AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+					Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+					ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest,
+							AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+				} else {
+					Logger.info("Normal");
+
+					// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL
+					// "/VerifyAuthBlock"
+
+					OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+							session.getPublicOAURLPrefix());
+					AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+					createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
+							.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+
+					ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
+							createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
+							"VerifyIdentityLink");
+				}
+			}
+
 			try {
 				AuthenticationSessionStoreage.storeSession(session);
-				
+
 			} catch (MOADatabaseException e) {
 				Logger.info("No valid MOA session found. Authentification process is abourted.");
 				throw new AuthenticationException("auth.20", null);
 			}
-	    }
-	    catch (ParseException ex) {
-	    	handleError(null, ex, req, resp, pendingRequestID);
-	    	
-	    } catch (MOAIDException ex) {
-	      handleError(null, ex, req, resp, pendingRequestID);
-	      
-	    } catch (Exception e) {
-	    	Logger.error("IdentityLinkValidation has an interal Error.", e);
-	    }
-	        
-	    finally {
-	    	ConfigurationDBUtils.closeSession();
-	    }
-	  }
-	
-	
-	
+		} catch (ParseException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("IdentityLinkValidation has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
index 3eff06daf..5ae76ed96 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
@@ -842,7 +842,7 @@ input {
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/java/iaik/IAIKRuntimeException.java b/id/server/idserverlib/src/main/java/iaik/IAIKRuntimeException.java
new file mode 100644
index 000000000..968d3491d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/iaik/IAIKRuntimeException.java
@@ -0,0 +1,18 @@
+package iaik;
+
+/**
+ * Adapter class providing {@code iaik.RuntimeException} for libraries that have not been updated in order to consider
+ * the fact that the class {@code IAIKRuntimeException} has been moved.
+ * 
+ * @author tknall
+ * 
+ */
+public class IAIKRuntimeException extends iaik.server.modules.IAIKRuntimeException {
+
+	private static final long serialVersionUID = 1L;
+
+	public IAIKRuntimeException(String reason, Throwable wrapped, String uniqueIdentifier) {
+		super(reason, wrapped, uniqueIdentifier);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
index dd27d8a01..8ac58bd4b 100644
--- a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
+++ b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
@@ -5,16 +5,27 @@
 	- National authentication with Austrian Citizen Card and mobile signature.
 	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
 -->
+	<pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.tasks.CreateIdentityLinkFormTask" />
+	<pd:Task id="verifyIdentityLink"     class="at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask"        async="true" />
+	<pd:Task id="verifyAuthBlock"        class="at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask" async="true" />
+	<pd:Task id="verifyCertificate"      class="at.gv.egovernment.moa.id.auth.tasks.VerifyCertificateTask"         async="true" />
+	<pd:Task id="getMISSessionID"        class="at.gv.egovernment.moa.id.auth.tasks.GetMISSessionIDTask"           async="true" />
 
 	<pd:StartEvent id="start" />
 	
-	<pd:Transition from="start" to="createIdentityLinkForm" />
-	<pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.tasks.CreateIdentityLinkFormTask" />
+	<pd:Transition from="start"                  to="createIdentityLinkForm" />
+	
 	<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
-	<pd:Task id="verifyIdentityLink" class="at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask" async="true" />
-	<pd:Transition from="verifyIdentityLink" to="verifyAuthBlock" />
-	<pd:Task id="verifyAuthBlock" class="at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask" async="true" />
-	<pd:Transition from="verifyAuthBlock" to="end" />
+	
+	<pd:Transition from="verifyIdentityLink"     to="verifyCertificate" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"     to="verifyAuthBlock" />
+	
+	<pd:Transition from="verifyCertificate"      to="verifyAuthBlock" />
+	
+	<pd:Transition from="verifyAuthBlock"        to="getMISSessionID" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyAuthBlock"        to="end" />
+	
+	<pd:Transition from="getMISSessionID"        to="end" />
 	
 	<pd:EndEvent id="end" />
 
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 7e2ddc491..e293d8456 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
index e75bef70c..033a574b9 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
@@ -545,7 +545,7 @@ button:hover,button:focus,button:active,.sendButton:hover,.sendButton:focus,.sen
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index b241e85cf..8976b2bd6 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -436,7 +436,7 @@
 				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
-- 
cgit v1.2.3


From 5ac35ee4134c6d01213e9ec47b6428eb22ba96cc Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 23 Jan 2015 13:09:08 +0100
Subject: update handbook und default configuration

---
 .../data/deploy/conf/moa-id/moa-id.properties      |  6 ++++
 id/server/doc/handbook/config/config.html          | 32 ++++++++++++++++++++++
 2 files changed, 38 insertions(+)

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 9d1e931e9..a160ea1ff 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -13,6 +13,7 @@
 ##For Testing
 configuration.validation.certificate.QC.ignore=false
 protocols.pvp2.assertion.encryption.active=false
+protocols.pvp2.schemavalidation=true
 
 ##General MOA-ID 2.0 operations
 #MOA-ID 2.0 session information encryption key (PassPhrase)
@@ -43,6 +44,11 @@ service.foreignidentities.acceptedServerCertificates=
 service.foreignidentities.clientKeyStore=keys/....
 service.foreignidentities.clientKeyStorePassword=
 
+##STORK 2
+stork.fakeIdL.active=false
+stork.fakeIdL.countries=
+stork.fakeIdL.keygroup=
+
 
 ##Protocol configuration##
 #PVP2
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 1a584e0b3..a4278034e 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -900,6 +900,12 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
       <td><p>Deaktiviert die QC Pr&uuml;fung von Signaturzertifikaten. Da manche Testzertifikate oder Testkarten keine QC Erweiterung aufweisen und somit eine Anmeldung mit diesen Zertifikaten nicht m&ouml;glich ist, kann die QC Pr&uuml;fung je Instanz deaktiviert werden.</p>
       <p><strong>Defaultwert:</strong> false</p></td>
     </tr>
+    <tr>
+      <td>protocols.pvp2.schemavalidation</td>
+      <td>true / false</td>
+      <td><p>Mit diesem Parameter kann die Schemavalidierung f&uuml;r PVP Metadaten deaktiviert werden.</p>
+        <strong>Defaultwert:</strong> true</td>
+    </tr>
     <tr>
       <td>protocols.pvp2.assertion.encryption.active</td>
       <td>true / false</td>
@@ -1031,6 +1037,32 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
   </table>
   <p>&nbsp;</p>
   <p><strong>Hinweis:</strong> Detaillierte Informationen zu den einzelnen PVP spezifischen Konfigurationsparametern finden Sie in der entsprechenden PVP Spezifikation.</p>
+  <h5><a name="basisconfig_moaid_stork2" id="uebersicht_bekanntmachung17"></a>2.2.2.6 STORK 2</h5>
+  <p>Dieses Abschnitt beschreibt Konfigurationswerte welche nur f&uuml;r den <strong>Testbetrieb von STORK 2</strong> erforderlich sind.</p>
+  <table class="configtable">
+    <tr>
+      <th>Name</th>
+      <th>Beispielwert</th>
+      <th>Beschreibung</th>
+    </tr>
+    <tr>
+      <td>stork.fakeIdL.active</td>
+      <td>true / false</td>
+      <td><p>Im Produktivbetrieb ist eine Anmeldung nur f&uuml;r jene L&auml;nder mittels STORK 2 m&ouml;glich welche in der <em>Gleichwertigkeitsverordnung</em> aufgelistet sind. Um einen Testbetrieb mit weiteren L&auml;ndern zu erm&ouml;glichen bietet das Modul MOA-ID-Auth die M&ouml;glichkeit zur Ausstellung eines Fake-Identititlink, welcher im Testbetrieb f&uuml;r die Anmeldung an einer &ouml;sterreichischen Test Online Applikation verwendet werden kann.</p>
+        <p><strong>Hinweis:</strong> Diese Funktion ist standardm&auml;&szlig;ig <strong>deaktiviert</strong>. Eine Aktivierung ist nur im Testbetrieb f&uuml;r STORK 2 empfohlen.</p></td>
+    </tr>
+    <tr>
+      <td>stork.fakeIdL.countries</td>
+      <td>DE,CH</td>
+      <td>K&uuml;rzel jener L&auml;nder f&uuml;r welche ein Fake-Identitilink ausgestellt werden soll.</td>
+    </tr>
+    <tr>
+      <td>stork.fakeIdL.keygroup</td>
+      <td>IDL_signing</td>
+      <td>MOA-SS Schl&uuml;sselgruppe, welche f&uuml;r die Signatur des Fake-Identitilinks verwendet werden soll.</td>
+    </tr>
+  </table>
+  <p>&nbsp;</p>
 <h3><a name="uebersicht_logging" id="uebersicht_logging"></a>2.3 Konfiguration des Loggings</h3>
   <p>Die Module MOA-ID-Auth und MOA-ID-Configuration verwendet als Framework f&uuml;r Logging-Information die Open Source Software <code>log4j</code>. Die Konfiguration der Logging-Information erfolgt  nicht direkt durch die einzelnen Module, sondern &uuml;ber eine eigene Konfigurationsdatei, die der <span class="term">Java Virtual Machine</span> durch eine <span class="term">System Property </span>  mitgeteilt wird. Der Name der <span class="term">System Property </span>  lautet <code>log4j.configuration</code>; als Wert der <span class="term">System Property </span>  ist eine URL anzugeben, die auf die <code>log4j</code>-Konfigurationsdatei verweist, z.B.  </p>
 <pre>log4j.configuration=file:/C:/Programme/apache/tomcat-4.1.30/conf/moa-id/log4j.properties</pre>
-- 
cgit v1.2.3


From c17a374c8996c2ac7496b9ab324a2645be60dfb2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 30 Jan 2015 12:33:52 +0100
Subject: update handbook and default configuration

---
 id/server/data/deploy/conf/moa-id/moa-id.properties | 1 +
 id/server/doc/handbook/config/config.html           | 7 +++++++
 2 files changed, 8 insertions(+)

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index a160ea1ff..c330758c8 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -48,6 +48,7 @@ service.foreignidentities.clientKeyStorePassword=
 stork.fakeIdL.active=false
 stork.fakeIdL.countries=
 stork.fakeIdL.keygroup=
+stork.documentservice.url=
 
 
 ##Protocol configuration##
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index a4278034e..f5292f76a 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -77,6 +77,7 @@
     </li>
   <li>  <a href="#basisconfig_moa_id_auth_param_testing">Testing</a></li>
   <li><a href="#basisconfig_moa_id_auth_szrclient">SZR Client f&uuml;r STORK &lt;-&gt; PVP Gateway Betrieb</a></li>
+  <li><a href="#basisconfig_moaid_stork2">STORK 2.0</a></li>
 </ol>
 </li>
           </ol>
@@ -1061,6 +1062,12 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
       <td>IDL_signing</td>
       <td>MOA-SS Schl&uuml;sselgruppe, welche f&uuml;r die Signatur des Fake-Identitilinks verwendet werden soll.</td>
     </tr>
+    <tr>
+      <td>stork.documentservice.url</td>
+      <td>http://testvidp.buergerkarte.at/<br>
+      DocumentService/DocumentService?wsdl</td>
+      <td>URL zum STORK 2 Dokumentenservice</td>
+    </tr>
   </table>
   <p>&nbsp;</p>
 <h3><a name="uebersicht_logging" id="uebersicht_logging"></a>2.3 Konfiguration des Loggings</h3>
-- 
cgit v1.2.3


From bb4aed327d927f4e33f88a265dfed145481af290 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 26 Feb 2015 10:17:39 +0100
Subject: Add certificate
 A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt

---
 ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++++++++++++++++
 ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
-- 
cgit v1.2.3


From 60cea62797b9ebb9d98154a1a0504ccc4b096612 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 26 Feb 2015 12:45:38 +0100
Subject: update default config

---
 .../conf/moa-id/stork/StorkSamlEngine_outgoing.xml | 30 ++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
index 2b0c05b88..bdad5686b 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
@@ -87,6 +87,36 @@
 	<entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
 	<entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
 	<entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+  
+  
+          <entry key="diplomaSupplement">http://www.stork.gov.eu/1.0/diplomaSupplement</entry>
+        <entry key="currentStudiesSupplement">http://www.stork.gov.eu/1.0/currentStudiesSupplement</entry>
+        <entry key="isStudent">http://www.stork.gov.eu/1.0/isStudent</entry>
+        <entry key="isAcademicStaff">http://www.stork.gov.eu/1.0/isAcademicStaff</entry>
+        <entry key="isTeacherOf">http://www.stork.gov.eu/1.0/isTeacherOf</entry>
+        <entry key="isCourseCoordinator">http://www.stork.gov.eu/1.0/isCourseCoordinator</entry>
+        <entry key="isAdminStaff">http://www.stork.gov.eu/1.0/isAdminStaff</entry>
+        <entry key="habilitation">http://www.stork.gov.eu/1.0/habilitation</entry>
+        <entry key="Title">http://www.stork.gov.eu/1.0/Title</entry>
+        <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+        <entry key="hasAccountInBank">http://www.stork.gov.eu/1.0/hasAccountInBank</entry>
+        <entry key="isHealthCareProfessional">http://www.stork.gov.eu/1.0/isHealthCareProfessional</entry>
+
+        <entry key="eLPIdentifier">http://www.stork.gov.eu/1.0/eLPIdentifier</entry>
+        <entry key="legalName">http://www.stork.gov.eu/1.0/legalName</entry>
+        <entry key="alternativeName">http://www.stork.gov.eu/1.0/alternativeName</entry>
+        <entry key="type">http://www.stork.gov.eu/1.0/type</entry>
+        <entry key="translatableType">http://www.stork.gov.eu/1.0/translatableType</entry>
+        <entry key="status">http://www.stork.gov.eu/1.0/status</entry>
+        <entry key="activity">http://www.stork.gov.eu/1.0/activity</entry>
+        <entry key="registeredAddress">http://www.stork.gov.eu/1.0/registeredAddress</entry>
+        <entry key="registeredCanonicalAddress">http://www.stork.gov.eu/1.0/registeredCanonicalAddress</entry>
+        <entry key="contactInformation">http://www.stork.gov.eu/1.0/contactInformation</entry>
+        <entry key="LPFiscalNumber">http://www.stork.gov.eu/1.0/LPFiscalNumber</entry>
+        <entry key="mandate">http://www.stork.gov.eu/1.0/mandate</entry>
+	<entry key="docRequest">http://www.stork.gov.eu/1.0/docRequest</entry>
+  
+  
 	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
 	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
 	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-- 
cgit v1.2.3


From e1c2c42aabf3b1207547dd40b91dc93921303c4a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 7 Apr 2015 10:19:21 +0200
Subject: add configuration property to deactivate PVP metadata schema
 validation

---
 .../moa/id/configuration/config/ConfigurationProvider.java    |  5 +++++
 .../configuration/validation/oa/OAPVP2ConfigValidation.java   | 11 ++++++++++-
 .../conf/moa-id-configuration/moa-id-configtool.properties    |  2 ++
 3 files changed, 17 insertions(+), 1 deletion(-)

(limited to 'id/server/data/deploy/conf')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index e6000319e..8ac7b40d4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -462,6 +462,11 @@ public class ConfigurationProvider {
 				
 	}
 	
+	public boolean isPVPMetadataSchemaValidationActive() {
+		return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true"));
+				
+	}
+	
 	private void initalPVP2Login() throws ConfigurationException {
 		try {
 					
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 8e1dd6e64..ba77b601b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -133,7 +133,16 @@ public class OAPVP2ConfigValidation {
 
 						List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
 						filterList.add(new MetaDataVerificationFilter(credential));
-						filterList.add(new SchemaValidationFilter());
+						
+						try {
+							filterList.add(new SchemaValidationFilter(
+									ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
+							
+						} catch (ConfigurationException e) {
+							log.warn("Configuration access FAILED!", e);
+							
+						}
+						
 						MetadataFilterChain filter = new MetadataFilterChain();
 						filter.setFilters(filterList);
 						
diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
index 7c71fadcb..b10913d69 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
@@ -15,6 +15,8 @@ general.ssl.truststore=certs/truststore
 
 general.moaconfig.key=ConfigurationEncryptionKey
 
+general.pvp.schemavalidation=true
+
 ##Mail
 general.mail.host=smtp.localhost...
 #general.mail.host.port=
-- 
cgit v1.2.3


From bd491504c9b77941cdc9a210856142472473d610 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 16 Apr 2015 13:19:59 +0200
Subject: update TrustStore and CertStore with A-Trust-Test-xxx-05 certificates

---
 ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++
 ...remium-Enc-05.20141215-20141209.SerNo165fb7.crt | 36 ++++++++++++++++++++++
 ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++
 ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++++++++++++++
 ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++
 ...remium-Enc-05.20141215-20141209.SerNo165fb7.crt | 36 ++++++++++++++++++++++
 ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++++++++++++++
 ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++++++++++++++
 ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++
 9 files changed, 318 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
 create mode 100644 spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
new file mode 100644
index 000000000..9ea6d0c1c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+3MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwOTAwWhcNMjQxMjA5MTIwOTAwWjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1FbmMtMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tRW5jLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA2YDEweWMfTpWbHjFwzPl5tri
+jaL4tmhuHQzuSAEO080+m5Dc38Rj5xHf1MNCxvAx18+3A+b0WDDhtdJh+SXVxAQq
+/VhnaOFcdlvun0/4+l4Xynf6xd0r8WfQgnTAER4iFzGoWnOFQZqF3JGsx0mxd5Ss
+6kbs+4Gd/FmdAD09qTb+e3FtQC9aszVb5j57LB14Ka+iVXMEFq6J1uvvdjIcwbeL
+7gOGOLzn9dArFT4bfMIE/gBOJnY3Ulp16jOMGb2sY+9u9rGJ84jSpYKEsL+RBoJr
+23O5rfdrVi/+fWC0QaDqwhI46lLr9Erkk7NjEeElZ+Tj2A5KK4K0FNvzAIqxki1Z
+/MQcBfknbq9jxUZs4zUl9QA7ufCqmFhi4qQxycEfUEXsTFlya2IgWqavA1OFZ7Ww
+tJQOR/EQUvtH/fIE7nompnxzWxi1iAvVkv0OEsAYVRd9ldviLl9wLzpQoOPvwc/B
+kRLvriWH/Bjyc8+SeAfK92ZRHh+a1HBsX7XKuZwKJ/pVKF4EtalbZXlSuQau/Mc0
+ImS49AL/GjfShp/IhGHfBQbTjR3vhZfakG6wvSFnGaRt2ohxMHb0fSK7xNrDpfNV
+Orloh77ry44C4jjQIairRW1l4CLilbitKpHO4VtZ443w25fud2FapvdesoUfHogV
+KTce4dGvW3jrN7/8TRUCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhH2pAliBnO
+GzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBADDqJFkkBD6tUmiu
+L45YlXWKogD5eUfM+xnNVdg60M4HXHksVGT49CiY1vWzuLwUD3CXQ1W7yBKnLB5b
+GcoaHNgZDhNskYJCZu9K0g8oqNEN3Hb2QoKqyCaOlKV0dXILq/3SbdcXvUkUPS9K
+nWkX48tVMcw3OAmRYKwBK6tkUBwVw0VJ49sT+9qgPGCb8HYafSjCTnb3kdKGYK7a
+0E6eVBjYf6WcMfvCIYma5Zi4fx7U0K6RN8xJvhRHAZK3uJphk1QciAIxViFIPnex
+htgywJNHRautIsDbRGwdDVOUB6VdCFF19HnO9C4p2+pggCi9nT/I4CklZGZ5Q0VB
+j9knsSFXYMY9QFGm3feiVIXAy2Pp7IMB21KNZKgqCLQRgANNdvkWwO97lcxpmocS
+/p9LIEYDpa9tIvBrTiK39hUixeQaMhvlrSN3H49NqoxsStv8UEvSbjLJAuOcK1oV
++IWA8RbBwippM45729X7nGdPUbxys+rn7F04WNe+oQN96hKX4VJ6OCANz1bca6LV
+sPtkFej+SLbpALVH3YvP4ct1UQms3UnuN9m1A0ceB4u4KroHBHlSGLB6K3UI3E42
+cYVaGrbflSvwwXxCHUvrCeL+eNKgI2Vyt29aHVJO0OMAS03Eb1PcygeNU4h6t+CS
+UBU+/OTtSQGrLe+kMKP6uBO/cMhv
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
new file mode 100644
index 000000000..9ea6d0c1c
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+3MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwOTAwWhcNMjQxMjA5MTIwOTAwWjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1FbmMtMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tRW5jLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA2YDEweWMfTpWbHjFwzPl5tri
+jaL4tmhuHQzuSAEO080+m5Dc38Rj5xHf1MNCxvAx18+3A+b0WDDhtdJh+SXVxAQq
+/VhnaOFcdlvun0/4+l4Xynf6xd0r8WfQgnTAER4iFzGoWnOFQZqF3JGsx0mxd5Ss
+6kbs+4Gd/FmdAD09qTb+e3FtQC9aszVb5j57LB14Ka+iVXMEFq6J1uvvdjIcwbeL
+7gOGOLzn9dArFT4bfMIE/gBOJnY3Ulp16jOMGb2sY+9u9rGJ84jSpYKEsL+RBoJr
+23O5rfdrVi/+fWC0QaDqwhI46lLr9Erkk7NjEeElZ+Tj2A5KK4K0FNvzAIqxki1Z
+/MQcBfknbq9jxUZs4zUl9QA7ufCqmFhi4qQxycEfUEXsTFlya2IgWqavA1OFZ7Ww
+tJQOR/EQUvtH/fIE7nompnxzWxi1iAvVkv0OEsAYVRd9ldviLl9wLzpQoOPvwc/B
+kRLvriWH/Bjyc8+SeAfK92ZRHh+a1HBsX7XKuZwKJ/pVKF4EtalbZXlSuQau/Mc0
+ImS49AL/GjfShp/IhGHfBQbTjR3vhZfakG6wvSFnGaRt2ohxMHb0fSK7xNrDpfNV
+Orloh77ry44C4jjQIairRW1l4CLilbitKpHO4VtZ443w25fud2FapvdesoUfHogV
+KTce4dGvW3jrN7/8TRUCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhH2pAliBnO
+GzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBADDqJFkkBD6tUmiu
+L45YlXWKogD5eUfM+xnNVdg60M4HXHksVGT49CiY1vWzuLwUD3CXQ1W7yBKnLB5b
+GcoaHNgZDhNskYJCZu9K0g8oqNEN3Hb2QoKqyCaOlKV0dXILq/3SbdcXvUkUPS9K
+nWkX48tVMcw3OAmRYKwBK6tkUBwVw0VJ49sT+9qgPGCb8HYafSjCTnb3kdKGYK7a
+0E6eVBjYf6WcMfvCIYma5Zi4fx7U0K6RN8xJvhRHAZK3uJphk1QciAIxViFIPnex
+htgywJNHRautIsDbRGwdDVOUB6VdCFF19HnO9C4p2+pggCi9nT/I4CklZGZ5Q0VB
+j9knsSFXYMY9QFGm3feiVIXAy2Pp7IMB21KNZKgqCLQRgANNdvkWwO97lcxpmocS
+/p9LIEYDpa9tIvBrTiK39hUixeQaMhvlrSN3H49NqoxsStv8UEvSbjLJAuOcK1oV
++IWA8RbBwippM45729X7nGdPUbxys+rn7F04WNe+oQN96hKX4VJ6OCANz1bca6LV
+sPtkFej+SLbpALVH3YvP4ct1UQms3UnuN9m1A0ceB4u4KroHBHlSGLB6K3UI3E42
+cYVaGrbflSvwwXxCHUvrCeL+eNKgI2Vyt29aHVJO0OMAS03Eb1PcygeNU4h6t+CS
+UBU+/OTtSQGrLe+kMKP6uBO/cMhv
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
-- 
cgit v1.2.3


From 6207deba1c063a20f2ce92f1f09e1d27b3783cec Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Tue, 12 May 2015 17:42:09 +0200
Subject: adding attributes, improving moa stork attribute provider

---
 .../conf/moa-id/stork/StorkSamlEngine_VIDP.xml     |  3 +
 .../conf/moa-id/stork/StorkSamlEngine_incoming.xml |  2 +
 .../conf/moa-id/stork/StorkSamlEngine_outgoing.xml |  4 +-
 .../id/protocols/stork2/MOAAttributeProvider.java  | 94 ++++++++++++++++------
 4 files changed, 77 insertions(+), 26 deletions(-)

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
index b45b69054..29973690e 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
@@ -121,4 +121,7 @@
         <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
         <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
 
+        <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
+
+
 </properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
index 3370978b3..a817e29c0 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
@@ -94,5 +94,7 @@
   <!-- ISA 1.18 attributes-->
   <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
   <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+
+  <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
   	
 </properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
index bdad5686b..b840b4fe5 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
@@ -124,5 +124,7 @@
   <!-- ISA 1.18 attributes-->
   <entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
   <entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+
+        <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
   
-</properties>
\ No newline at end of file
+</properties>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 9a6206947..2c7e5b539 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -26,21 +26,20 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.commons.PersonalAttributeList;
 import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
+import org.joda.time.Period;
+
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 /**
  * @author bsuzic
@@ -55,6 +54,8 @@ public class MOAAttributeProvider {
     private static final Map<String, String> storkAttributeFunctionMapping;
     private final MOASTORKRequest moastorkRequest;
 
+    // mappings for attribute population methods
+    // based on mapping of moa authndata and executing functions to extract attributes
     static {
         Map<String, String> tempSimpleMap = new HashMap<String, String>();
         tempSimpleMap.put("givenName", "getGivenName");
@@ -67,6 +68,9 @@ public class MOAAttributeProvider {
         tempFunctionMap.put("ECApplicationRole","getECApplicationRole");
         tempFunctionMap.put("dateOfBirth", "getFormatedDateOfBirth");
         tempFunctionMap.put("MSOrganization", "getMSOrganization");
+        tempFunctionMap.put("age", "getAge");
+        tempFunctionMap.put("isAgeOver", "getIsAgeOver");
+        tempFunctionMap.put("citizenQAALevel", "getQAALevel");
         storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
         
     }
@@ -79,6 +83,8 @@ public class MOAAttributeProvider {
 
     public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
         String storkAttribute = requestedAttribute.getName();
+
+        // TODO: check if authData gets populated with stork attributtes during previous steps; it seems it is not
         if (null != authData && null != authData.getStorkAttributes() && authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
             Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
             try {
@@ -86,46 +92,78 @@ public class MOAAttributeProvider {
                 attributeList.add((PersonalAttribute) tmp.clone());
             } catch(Exception e) {
                 Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);
-                if(Logger.isDebugEnabled())
-                    e.printStackTrace();
+                Logger.debug(e);
             }
         } else if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
             Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]");
             try {
                 Method method = authData.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute));
-                populateAttributeWithMethod(method, authData, attributeList, storkAttribute, requestedAttribute.isRequired());
+                populateAttributeWithMethod(method, authData, attributeList, storkAttribute, requestedAttribute);
             } catch (NoSuchMethodException e) {
                 Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
-                e.printStackTrace();
+                Logger.debug(e);
+            } catch (NullPointerException e) {
+                Logger.error("Error getting MOA extraction method while getting attribute: " + storkAttribute);
+                Logger.debug(e);
             }
 
         } else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) {
 
             Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]");
             try {
-                Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute));
-                populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute.isRequired());
+                Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute), PersonalAttribute.class);
+                populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute);
             } catch (NoSuchMethodException e) {
                 Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
-                e.printStackTrace();
             }
         } else {
             Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined.");
         }
     }
 
-    private String geteIdentifier() {
+    private String getAge(PersonalAttribute personalAttribute) {
+        if (authData.getDateOfBirth() != null) {
+            Integer age = new Period(authData.getDateOfBirth().getTime(), Calendar.getInstance().getTime().getTime()).getYears();
+            return age >= 0 ? age.toString() : null;
+        }
+        return null; // WP4 D4.2, Table 12:age, description - considerations
+    }
+
+    private String getIsAgeOver(PersonalAttribute personalAttribute)
+    {
+        try {
+            if ((authData.getDateOfBirth() != null) && (personalAttribute.getValue() != null) && (personalAttribute.getValue().size() > 0)) {
+                Integer ageOver = Integer.parseInt(personalAttribute.getValue().get(0));
+                Integer age = new Period(authData.getDateOfBirth().getTime(), Calendar.getInstance().getTime().getTime()).getYears();
+                return age >= ageOver ? ageOver.toString() : "";
+            }
+        } catch (Exception ex) {
+            Logger.error("Error encountered when determining isAgeOver");
+            Logger.debug(ex);
+        }
+        return null;
+    }
+
+    public String getQAALevel(PersonalAttribute personalAttribute) {
+        if (authData.getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX))
+            return authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length());
+        else
+            return null;
+    }
+
+
+    private String geteIdentifier(PersonalAttribute personalAttribute) {
         Logger.debug("Using base urn for identification value: " + authData.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry());
         try {
-            return new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), 
-            			moastorkRequest.getStorkAuthnRequest().getSpCountry());
+            return new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+                    moastorkRequest.getStorkAuthnRequest().getSpCountry());
         } catch (BuildException be) {
             Logger.error("Stork eid could not be constructed; " + be.getMessage());
             return null; // TODO error
         }
     }
 
-    private List<String> getECApplicationRole() {    	
+    private List<String> getECApplicationRole(PersonalAttribute personalAttribute) {
     	List<String> storkRoles = null;
     	    	
     	if (authData.getAuthenticationRoles() != null 
@@ -137,29 +175,32 @@ public class MOAAttributeProvider {
     			String storkRole = mapper.map(el);
     			if (MiscUtil.isNotEmpty(storkRole))
     				storkRoles.add(storkRole);
-    			
     		}    		
     	}    	
     	return storkRoles;
     }
     
-    private String getFormatedDateOfBirth() {
+    private String getFormatedDateOfBirth(PersonalAttribute personalAttribute) {
 		if (authData.getDateOfBirth() != null) {
 			DateFormat fmt = new SimpleDateFormat("yyyyMMdd");
     		return  fmt.format(authData.getDateOfBirth());
 		}
    		else
    			return null;
-    	
     }
     
-    private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) {
+    private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, PersonalAttribute requestedAttribute) {
         try {
-            Object attributeValue = method.invoke(object, new Class[]{});        // (Object[])
-            
+            Object attributeValue;
+            if (storkAttributeSimpleMapping.containsValue(method.getName())) {
+                attributeValue = method.invoke(object, new Class[]{});
+            }  else {
+                attributeValue = method.invoke(object, requestedAttribute);
+            }
+
             PersonalAttribute newAttribute = new PersonalAttribute();
             newAttribute.setName(storkAttribute);
-            newAttribute.setIsRequired(isRequired);
+            newAttribute.setIsRequired(requestedAttribute.isRequired());
             
             if (attributeValue != null) {
             	newAttribute.setStatus(AttributeStatusType.AVAILABLE.value());
@@ -192,10 +233,13 @@ public class MOAAttributeProvider {
             
         } catch (InvocationTargetException e) {
             Logger.error("Invocation target exception while getting attribute: " + storkAttribute);
-            e.printStackTrace();
+            Logger.debug(e);
         } catch (IllegalAccessException e) {
             Logger.error("Illegal access exception while getting attribute: " + storkAttribute);
-            e.printStackTrace();
+            Logger.debug(e);
+        } catch (NullPointerException e) {
+            Logger.error("Could not find method: " + storkAttribute);
+            Logger.debug(e);
         }
     }
 
-- 
cgit v1.2.3


From f1d193a42c033cc0b247f5915484bd4963d1f852 Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Wed, 20 May 2015 13:28:34 +0200
Subject: adjusting bku dialog to reflect actual country

---
 .../transforms/TransformsInfoAuthBlockTable_DE_2.1.xml             | 7 +++++++
 .../conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml | 7 +++++++
 id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml | 4 ++++
 .../conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml | 7 +++++++
 4 files changed, 25 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
 create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml

(limited to 'id/server/data/deploy/conf')

diff --git a/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml b/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
new file mode 100644
index 000000000..6afe1f36b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
@@ -0,0 +1,7 @@
+<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style{ font-size: large; }                                                                                      
+              </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle"><xsl:choose><xsl:when test="contains(//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType'],'STORK')"><xsl:variable name="country" select="substring(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type, string-length(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type)-1)"/><xsl:choose><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='BE'">Belgien</xsl:when><xsl:when test="$country='CH'">Schweiz</xsl:when><xsl:when test="$country='CZ'">Tschechien</xsl:when><xsl:when test="$country='EE'">Estland</xsl:when><xsl:when test="$country='ES'">Spanien</xsl:when><xsl:when test="$country='FR'">Frankreich</xsl:when><xsl:when test="$country='GR'">Griechenland</xsl:when><xsl:when test="$country='IS'">Island</xsl:when><xsl:when test="$country='IT'">Italien</xsl:when><xsl:when test="$country='LT'">Litauen</xsl:when><xsl:when test="$country='LU'">Luxemburg</xsl:when><xsl:when test="$country='NL'">Niederlande</xsl:when><xsl:when test="$country='PT'">Portugal</xsl:when><xsl:when test="$country='SE'">Schweden</xsl:when><xsl:when test="$country='SI'">Slowenien</xsl:when><xsl:when test="$country='SK'">Slowakei</xsl:when><xsl:when test="$country='TR'">Türkei</xsl:when><xsl:when test="$country='UK'">Vereinigtes Königreich</xsl:when><xsl:otherwise>Ausland</xsl:otherwise></xsl:choose></xsl:when><xsl:otherwise>Österreich</xsl:otherwise></xsl:choose></td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+											Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
new file mode 100644
index 000000000..6afe1f36b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
@@ -0,0 +1,7 @@
+<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style{ font-size: large; }                                                                                      
+              </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle"><xsl:choose><xsl:when test="contains(//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType'],'STORK')"><xsl:variable name="country" select="substring(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type, string-length(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type)-1)"/><xsl:choose><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='BE'">Belgien</xsl:when><xsl:when test="$country='CH'">Schweiz</xsl:when><xsl:when test="$country='CZ'">Tschechien</xsl:when><xsl:when test="$country='EE'">Estland</xsl:when><xsl:when test="$country='ES'">Spanien</xsl:when><xsl:when test="$country='FR'">Frankreich</xsl:when><xsl:when test="$country='GR'">Griechenland</xsl:when><xsl:when test="$country='IS'">Island</xsl:when><xsl:when test="$country='IT'">Italien</xsl:when><xsl:when test="$country='LT'">Litauen</xsl:when><xsl:when test="$country='LU'">Luxemburg</xsl:when><xsl:when test="$country='NL'">Niederlande</xsl:when><xsl:when test="$country='PT'">Portugal</xsl:when><xsl:when test="$country='SE'">Schweden</xsl:when><xsl:when test="$country='SI'">Slowenien</xsl:when><xsl:when test="$country='SK'">Slowakei</xsl:when><xsl:when test="$country='TR'">Türkei</xsl:when><xsl:when test="$country='UK'">Vereinigtes Königreich</xsl:when><xsl:otherwise>Ausland</xsl:otherwise></xsl:choose></xsl:when><xsl:otherwise>Österreich</xsl:otherwise></xsl:choose></td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+											Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 8d26a1893..19fd9d264 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -83,6 +83,10 @@
 			<cfg:Id>MOAIDTransformAuthBlockTable_DE_2.0</cfg:Id>
 			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml</cfg:Location>
 		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_DE_2.1</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
 		<cfg:VerifyTransformsInfoProfile>
 			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
 			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml
new file mode 100644
index 000000000..df3ce8ce6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style{ font-size: large; }                                                                                      
+              </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle"><xsl:choose><xsl:when test="contains(//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType'],'STORK')"><xsl:variable name="country" select="substring(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type, string-length(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type)-1)"/><xsl:choose><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='BE'">Belgien</xsl:when><xsl:when test="$country='CH'">Schweiz</xsl:when><xsl:when test="$country='CZ'">Tschechien</xsl:when><xsl:when test="$country='EE'">Estland</xsl:when><xsl:when test="$country='ES'">Spanien</xsl:when><xsl:when test="$country='FR'">Frankreich</xsl:when><xsl:when test="$country='GR'">Griechenland</xsl:when><xsl:when test="$country='IS'">Island</xsl:when><xsl:when test="$country='IT'">Italien</xsl:when><xsl:when test="$country='LT'">Litauen</xsl:when><xsl:when test="$country='LU'">Luxemburg</xsl:when><xsl:when test="$country='NL'">Niederlande</xsl:when><xsl:when test="$country='PT'">Portugal</xsl:when><xsl:when test="$country='SE'">Schweden</xsl:when><xsl:when test="$country='SI'">Slowenien</xsl:when><xsl:when test="$country='SK'">Slowakei</xsl:when><xsl:when test="$country='TR'">Türkei</xsl:when><xsl:when test="$country='UK'">Vereinigtes Königreich</xsl:when><xsl:otherwise>Ausland</xsl:otherwise></xsl:choose></xsl:when><xsl:otherwise>Österreich</xsl:otherwise></xsl:choose></td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+											Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile>
-- 
cgit v1.2.3