From 337c5b67682f893e7907d018077e3fb55c6d5dd6 Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Wed, 5 Feb 2014 17:49:06 +0100
Subject: saml changes

---
 id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'id/server/data')

diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
index 563196604..e6a29ea18 100644
--- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
@@ -17,5 +17,21 @@
 			<parameter name="fileConfiguration" value="SignModule_outgoing.xml" />
 		</configuration>
 	</instance>
+
+        <instance name="incoming">
+                <!-- Configurations parameters StorkSamlEngine  -->
+                <configuration name="SamlEngineConf">
+                        <parameter name="fileConfiguration" value="StorkSamlEngine_incoming.xml" />
+                </configuration>
+
+                <!-- Settings module signature-->
+                <configuration name="SignatureConf">
+                        <!-- Specific signature module -->
+                        <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+                        <!-- Settings specific module -->
+                        <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
+                </configuration>
+        </instance>
+
 	
-</instances>
\ No newline at end of file
+</instances>
-- 
cgit v1.2.3


From 4ad191075854f1e9f6eb685ee9839e167259972a Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Wed, 5 Feb 2014 17:49:35 +0100
Subject: adding cert stores

---
 .../data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks    | Bin 0 -> 3013 bytes
 .../conf/moa-id/stork/storkDemoKeys_minividp_old.jks     | Bin 0 -> 4592 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks
 create mode 100644 id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks

(limited to 'id/server/data')

diff --git a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks b/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks
new file mode 100644
index 000000000..f9baad202
Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks differ
diff --git a/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks b/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks
new file mode 100644
index 000000000..efaeac86c
Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/stork/storkDemoKeys_minividp_old.jks differ
-- 
cgit v1.2.3


From a01dd39072666b5b9b2ffeb97cef9a54e3dec97f Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Wed, 5 Feb 2014 17:50:32 +0100
Subject: configuring incoming saml engine

---
 .../conf/moa-id/stork/SignModule_incoming.xml      | 12 +++
 .../conf/moa-id/stork/StorkSamlEngine_incoming.xml | 93 ++++++++++++++++++++++
 2 files changed, 105 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml

(limited to 'id/server/data')

diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml
new file mode 100644
index 000000000..68b15e667
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SWModule sign with JKS.</comment>
+	<entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
+	<entry key="keyStorePassword">local-demo</entry>
+	<entry key="keyPassword">local-demo</entry>
+	<entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>	
+	<entry key="serialNumber">4BA89DB2</entry>		
+	<entry key="keystoreType">JKS</entry>
+</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
new file mode 100644
index 000000000..fb786529a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SAML constants for AuthnRequests and Responses.</comment>
+
+	<!--
+		Types of consent obtained from the user for this authentication and
+		data transfer.
+		Allow values: 'unspecified'.
+	-->
+	<entry key="consentAuthnRequest">unspecified</entry>
+	
+	<!--
+	Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+	-->
+	<entry key="consentAuthnResponse">obtained</entry>
+
+	<!--URI representing the classification of the identifier
+		Allow values: 'entity'.
+	-->
+	<entry key="formatEntity">entity</entry>
+
+	<!--Only HTTP-POST binding is only supported for inter PEPS-->
+	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+	<entry key="protocolBinding">HTTP-POST</entry>
+	
+	
+	
+	
+	<!--URI representing the classification of the identifier
+		Allow values: 'entity'.
+		<entry key="eIDSectorShare">true</entry>
+		<entry key="eIDCrossSectorShare">true</entry>
+		<entry key="eIDCrossBorderShare">true</entry>
+	-->
+	
+	
+	
+	<!-- A friendly name for the attribute that can be displayed to a user -->
+	<entry key="friendlyName">false</entry>
+	
+	<!-- A friendly name for the attribute that can be displayed to a user -->
+	<entry key="isRequired">true</entry>
+	
+	<!--PEPS in the Service Provider's country-->
+	<entry key="requester">http://S-PEPS.gov.xx</entry>
+
+	<!--PEPS in the citizen's origin country-->
+	<entry key="responder">http://C-PEPS.gov.xx</entry>
+
+	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+	<entry key="timeNotOnOrAfter">300</entry>
+	
+	<!--Validation IP of the response-->
+	<entry key="ipAddrValidation">false</entry>
+	
+	
+	<!--Subject Attribute Definitions-->
+	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+	<entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+	<entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+
+	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+	<entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+	
+	<entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+	<entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+	<entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+	
+</properties>
-- 
cgit v1.2.3


From 27b4ca05aeac39b0a180a13e44ed354e80fb47dd Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Wed, 26 Feb 2014 19:28:55 +0100
Subject: attribute collector

---
 .../data/deploy/conf/moa-id/stork/SamlEngine.xml   | 16 ++++
 .../conf/moa-id/stork/StorkSamlEngine_VIDP.xml     | 93 ++++++++++++++++++++++
 .../id/protocols/stork2/AttributeCollector.java    | 30 +++++--
 .../id/protocols/stork2/AuthenticationRequest.java |  2 +
 4 files changed, 133 insertions(+), 8 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml

(limited to 'id/server/data')

diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
index e6a29ea18..75245d8f0 100644
--- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
@@ -33,5 +33,21 @@
                 </configuration>
         </instance>
 
+        <instance name="VIDP">
+                <!-- Configurations parameters StorkSamlEngine  -->
+                <configuration name="SamlEngineConf">
+                        <parameter name="fileConfiguration" value="StorkSamlEngine_VIDP.xml" />
+                </configuration>
+
+                <!-- Settings module signature-->
+                <configuration name="SignatureConf">
+                        <!-- Specific signature module -->
+                        <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+                        <!-- Settings specific module -->
+                        <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
+                </configuration>
+        </instance>
+
+
 	
 </instances>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
new file mode 100644
index 000000000..fb786529a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SAML constants for AuthnRequests and Responses.</comment>
+
+	<!--
+		Types of consent obtained from the user for this authentication and
+		data transfer.
+		Allow values: 'unspecified'.
+	-->
+	<entry key="consentAuthnRequest">unspecified</entry>
+	
+	<!--
+	Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+	-->
+	<entry key="consentAuthnResponse">obtained</entry>
+
+	<!--URI representing the classification of the identifier
+		Allow values: 'entity'.
+	-->
+	<entry key="formatEntity">entity</entry>
+
+	<!--Only HTTP-POST binding is only supported for inter PEPS-->
+	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+	<entry key="protocolBinding">HTTP-POST</entry>
+	
+	
+	
+	
+	<!--URI representing the classification of the identifier
+		Allow values: 'entity'.
+		<entry key="eIDSectorShare">true</entry>
+		<entry key="eIDCrossSectorShare">true</entry>
+		<entry key="eIDCrossBorderShare">true</entry>
+	-->
+	
+	
+	
+	<!-- A friendly name for the attribute that can be displayed to a user -->
+	<entry key="friendlyName">false</entry>
+	
+	<!-- A friendly name for the attribute that can be displayed to a user -->
+	<entry key="isRequired">true</entry>
+	
+	<!--PEPS in the Service Provider's country-->
+	<entry key="requester">http://S-PEPS.gov.xx</entry>
+
+	<!--PEPS in the citizen's origin country-->
+	<entry key="responder">http://C-PEPS.gov.xx</entry>
+
+	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+	<entry key="timeNotOnOrAfter">300</entry>
+	
+	<!--Validation IP of the response-->
+	<entry key="ipAddrValidation">false</entry>
+	
+	
+	<!--Subject Attribute Definitions-->
+	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+	<entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+	<entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+
+	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+	<entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+	
+	<entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+	<entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+	<entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+	
+</properties>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index bc5a0c0c6..57c68e94c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -69,6 +69,7 @@ public class AttributeCollector implements IAction {
             } catch (UnsupportedAttributeException e1) {
                 // the current provider cannot find anything familiar within the
                 // provided httpreq. Try the next one.
+                // TODO check the loop
             }
 
         if (null == newAttributes) {
@@ -89,6 +90,8 @@ public class AttributeCollector implements IAction {
             throw new MOAIDException("stork.11", null);
         }
 
+
+
         // - insert the embedded attribute(s) into the container
         for (PersonalAttribute current : newAttributes)
             container.getResponse().getPersonalAttributeList().add(current);
@@ -117,6 +120,7 @@ public class AttributeCollector implements IAction {
             if (!responseAttributeList.containsKey(current))
                 missingAttributes.add(current);
 
+        // Try to get all missing attributes
         try {
             // for each attribute still missing
             for (PersonalAttribute currentAttribute : missingAttributes) {
@@ -138,6 +142,16 @@ public class AttributeCollector implements IAction {
 
                 }
             }
+
+            // build response
+            generateSTORKResponse();
+
+            // set new http response
+            generateRedirectResponse();
+            response = httpResp;
+
+            return "12345"; // AssertionId
+
         } catch (ExternalAttributeRequestRequiredException e) {
             // the attribute request is ongoing and requires an external service.
             try {
@@ -145,6 +159,13 @@ public class AttributeCollector implements IAction {
                 // - generate new key
                 String newArtifactId = new SecureRandomIdentifierGenerator()
                         .generateIdentifier();
+                // - put container in temporary store.
+                AssertionStorage.getInstance().put(newArtifactId, container);
+
+                // add container-key to redirect embedded within the return URL
+                e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
+
+
             } catch (Exception e1) {
                 // TODO should we return the response as is to the PEPS?
                 Logger.error("Error putting incomplete Stork response into temporary storage", e);
@@ -154,14 +175,7 @@ public class AttributeCollector implements IAction {
             return "12345"; // TODO what to do here?
         }
 
-        // build response
-        generateSTORKResponse();
-
-        // set new http response
-        generateRedirectResponse();
-        response = httpResp;
 
-        return "12345"; // AssertionId
     }
 
 
@@ -171,7 +185,7 @@ public class AttributeCollector implements IAction {
 
         try {
             //Get SAMLEngine instance
-            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("vidp");
+            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
             Logger.debug("Starting generation of SAML response");
             authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index b3f009ae2..d4996c26a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -105,6 +105,8 @@ public class AuthenticationRequest implements IAction {
         // - memorize the target url were we have to return the result
         container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
 
+        container.setRemoteAddress(httpReq.getRemoteAddr());
+
 
         Logger.debug("Data container prepared");
 
-- 
cgit v1.2.3


From 142bf6e5c229aa523e5c1363716d011df6d6af93 Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Mon, 3 Mar 2014 14:03:38 +0100
Subject: attr supporT

---
 .../data/deploy/conf/moa-id/stork/SamlEngine.xml   | 17 ++++
 .../conf/moa-id/stork/SignModule_incoming_attr.xml | 12 +++
 .../moa-id/stork/StorkSamlEngine_incoming_attr.xml | 93 +++++++++++++++++++++
 .../id/protocols/stork2/AuthenticationRequest.java | 95 ++++++++++------------
 .../id/protocols/stork2/MOAAttributeProvider.java  | 10 +--
 .../id/protocols/stork2/MOASTORKAuthnRequest.java  | 71 ----------------
 .../moa/id/protocols/stork2/MOASTORKRequest.java   | 95 ++++++++++++++++++++++
 .../moa/id/protocols/stork2/STORKProtocol.java     | 25 ++++--
 8 files changed, 282 insertions(+), 136 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java

(limited to 'id/server/data')

diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
index 75245d8f0..166a48ff8 100644
--- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
@@ -33,6 +33,23 @@
                 </configuration>
         </instance>
 
+
+        <instance name="incoming_attr">
+                <!-- Configurations parameters StorkSamlEngine  -->
+                <configuration name="SamlEngineConf">
+                        <parameter name="fileConfiguration" value="StorkSamlEngine_incoming_attr.xml" />
+                </configuration>
+
+                <!-- Settings module signature-->
+                <configuration name="SignatureConf">
+                        <!-- Specific signature module -->
+                        <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+                        <!-- Settings specific module -->
+                        <parameter name="fileConfiguration" value="SignModule_incoming_attr.xml" />
+                </configuration>
+        </instance>
+
+
         <instance name="VIDP">
                 <!-- Configurations parameters StorkSamlEngine  -->
                 <configuration name="SamlEngineConf">
diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
new file mode 100644
index 000000000..68b15e667
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SWModule sign with JKS.</comment>
+	<entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
+	<entry key="keyStorePassword">local-demo</entry>
+	<entry key="keyPassword">local-demo</entry>
+	<entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>	
+	<entry key="serialNumber">4BA89DB2</entry>		
+	<entry key="keystoreType">JKS</entry>
+</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
new file mode 100644
index 000000000..fb786529a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SAML constants for AuthnRequests and Responses.</comment>
+
+	<!--
+		Types of consent obtained from the user for this authentication and
+		data transfer.
+		Allow values: 'unspecified'.
+	-->
+	<entry key="consentAuthnRequest">unspecified</entry>
+	
+	<!--
+	Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+	-->
+	<entry key="consentAuthnResponse">obtained</entry>
+
+	<!--URI representing the classification of the identifier
+		Allow values: 'entity'.
+	-->
+	<entry key="formatEntity">entity</entry>
+
+	<!--Only HTTP-POST binding is only supported for inter PEPS-->
+	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+	<entry key="protocolBinding">HTTP-POST</entry>
+	
+	
+	
+	
+	<!--URI representing the classification of the identifier
+		Allow values: 'entity'.
+		<entry key="eIDSectorShare">true</entry>
+		<entry key="eIDCrossSectorShare">true</entry>
+		<entry key="eIDCrossBorderShare">true</entry>
+	-->
+	
+	
+	
+	<!-- A friendly name for the attribute that can be displayed to a user -->
+	<entry key="friendlyName">false</entry>
+	
+	<!-- A friendly name for the attribute that can be displayed to a user -->
+	<entry key="isRequired">true</entry>
+	
+	<!--PEPS in the Service Provider's country-->
+	<entry key="requester">http://S-PEPS.gov.xx</entry>
+
+	<!--PEPS in the citizen's origin country-->
+	<entry key="responder">http://C-PEPS.gov.xx</entry>
+
+	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+	<entry key="timeNotOnOrAfter">300</entry>
+	
+	<!--Validation IP of the response-->
+	<entry key="ipAddrValidation">false</entry>
+	
+	
+	<!--Subject Attribute Definitions-->
+	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+	<entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+	<entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+
+	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+	<entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+	
+	<entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+	<entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+	<entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+	<entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+	<entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+	<entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+	
+</properties>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index e10c4d9d9..91326a51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -3,91 +3,77 @@ package at.gv.egovernment.moa.id.protocols.stork2;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
-import edu.emory.mathcs.backport.java.util.Collections;
-import eu.stork.peps.auth.commons.*;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.commons.io.IOUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
 import org.apache.velocity.app.VelocityEngine;
 import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.util.XMLHelper;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.*;
-import java.util.HashMap;
-import eu.stork.peps.auth.engine.SAMLEngine;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 
 /**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
  * @author bsuzic
- *         Date: 12/3/13, Time: 2:08 PM
  */
 
 public class AuthenticationRequest implements IAction {
-    /*
-    Second request step - after authentication of the user is done and moasession obtained,
-    process request and forward the user further to PEPS and/or other entities
-     */
 
 
     private VelocityEngine velocityEngine;
     private AuthenticationSession moaSession;
-    private MOASTORKAuthnRequest moaStorkAuthnRequest;
+    private MOASTORKRequest moaStorkRequest;
 
 
     public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 
         this.moaSession = moasession;
-        this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req;
-
-        try {
-            MISMandate mandate = moasession.getMISMandate();
-            String owbpk = mandate.getOWbPK();
-            byte[] mand = mandate.getMandate();
-            String profprep = mandate.getProfRep();
-            //String textdesc = mandate.getTextualDescriptionOfOID();
-            Element mndt = moasession.getMandate();
+        this.moaStorkRequest = (MOASTORKRequest) req;
+
+        if (moasession.getUseMandate()) {
+            try {
+                MISMandate mandate = moasession.getMISMandate();
+                String owbpk = mandate.getOWbPK();
+                byte[] mand = mandate.getMandate();
+                String profprep = mandate.getProfRep();
+                //String textdesc = mandate.getTextualDescriptionOfOID();
+                Element mndt = moasession.getMandate();
+
+                iterate(mndt.getAttributes());
+                Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
+            } catch (Exception x) {
+                Logger.debug("There is no mandate used in transaction");
+            }
+        }
 
-            iterate(mndt.getAttributes());
-            Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
-        } catch (Exception x) {}
 
         Logger.debug("Starting AuthenticationRequest");
-        //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
-        Logger.debug("Http Response: " + httpResp.toString() + ", ");
-        Logger.debug("Remote user: " + httpReq.getRemoteAddr());
-        Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
         httpResp.reset();
 
         STORKAuthnResponse authnResponse = new STORKAuthnResponse();
-        authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry());
-
+        authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry());
 
 
         OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
         if (oaParam == null)
-            throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() });
+            throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
 
 
         // Prepare basic AT attributes
         try {
-            IPersonalAttributeList moaAttrList =  moasession.getStorkAttributes();
+            IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
             Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size());
 
 
@@ -114,13 +100,13 @@ public class AuthenticationRequest implements IAction {
         DataContainer container = new DataContainer();
 
         // - fill in the request we extracted above
-        container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest());
-        
+        container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest());
+
         // - fill in the partial response created above
         container.setResponse(authnResponse);
-        
+
         // - memorize the target url were we have to return the result
-        container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
+        container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
 
         container.setRemoteAddress(httpReq.getRemoteAddr());
 
@@ -141,24 +127,25 @@ public class AuthenticationRequest implements IAction {
             Logger.debug("--Attribute: "
                     + attributesList.item(j).getNodeName() + " = "
                     + attributesList.item(j).getNodeValue());
-        }                    }
+        }
+    }
 
 
     public PersonalAttributeList populateAttributes() {
 
-        IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList();
-        Logger.info("Found " + attrLst.size() + " personal attributes in the request." );
+        IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
+        Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
 
         // Define attribute list to be populated
         PersonalAttributeList attributeList = new PersonalAttributeList();
-        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest);
+        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
 
         try {
             for (PersonalAttribute personalAttribute : attrLst) {
                 Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
                 moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
             }
-        }  catch (Exception e) {
+        } catch (Exception e) {
             Logger.error("Exception, attributes: " + e.getMessage());
         }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 190a0d27c..d89fb8cb2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -22,7 +22,7 @@ public class MOAAttributeProvider {
     private final IdentityLink identityLink;
     private static final Map<String, String> storkAttributeSimpleMapping;
     private static final Map<String, String> storkAttributeFunctionMapping;
-    private final MOASTORKAuthnRequest moastorkAuthnRequest;
+    private final MOASTORKRequest moastorkRequest;
 
     static {
         Map<String, String> tempSimpleMap = new HashMap<String, String>();
@@ -35,9 +35,9 @@ public class MOAAttributeProvider {
         storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
     }
 
-    public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) {
+    public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) {
         this.identityLink = identityLink;
-        this.moastorkAuthnRequest = moastorkAuthnRequest;
+        this.moastorkRequest = moastorkRequest;
         Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue());
     }
 
@@ -70,9 +70,9 @@ public class MOAAttributeProvider {
     }
 
     private String geteIdentifier() {
-        Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry());
+        Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry());
         try {
-            return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry());
+            return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry());
         } catch (BuildException be) {
             Logger.error("Stork eid could not be constructed; " + be.getMessage());
             return null; // TODO error
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
deleted file mode 100644
index cee64e16e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.stork2;
-
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import org.opensaml.common.xml.SAMLConstants;
-
-/**
- * @author bsuzic
- *         Date: 12/4/13, Time: 6:31 PM
- */
-
-public class MOASTORKAuthnRequest implements IRequest {
-    private String requestID;
-    private String target = null;
-    String module = null;
-    String action = null;
-    private STORKAuthnRequest storkAuthnRequest;
-
-    public void setSTORKAuthnRequest(STORKAuthnRequest request) {
-        this.storkAuthnRequest = request;
-    }
-
-    public STORKAuthnRequest getStorkAuthnRequest() {
-        return this.storkAuthnRequest;
-    }
-
-    public String getOAURL() {
-
-        return "https://sp:8889/SP";  //
-    }
-
-    public boolean isPassiv() {
-        return false;  //
-    }
-
-    public boolean forceAuth() {
-        return false;  //
-    }
-
-    public boolean isSSOSupported() {
-        return false;  //
-    }
-
-    public String requestedModule() {
-        return this.module;  //
-    }
-
-    public String requestedAction() {
-        return action;  //
-    }
-
-    public void setModule(String module) {
-        this.module = module;
-    }
-
-    public void setAction(String action) {
-        this.action = action;
-    }
-
-    public String getTarget() {
-        return this.target;  //
-    }
-
-    public void setRequestID(String id) {
-        this.requestID = id;
-    }
-
-    public String getRequestID() {
-        return this.requestID;  //
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
new file mode 100644
index 000000000..8c7fd8706
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -0,0 +1,95 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
+/**
+ * Implements MOA request and stores StorkAuthnRequest related data
+ *
+ * @author bsuzic
+ */
+
+public class MOASTORKRequest implements IRequest {
+    private String requestID;
+    private String target = null;
+    String module = null;
+    String action = null;
+    private STORKAuthnRequest storkAuthnRequest;
+    private STORKAttrQueryRequest storkAttrQueryRequest;
+    private boolean isAttrRequest = false;
+    private boolean isAuthnRequest = false;
+
+    public void setSTORKAuthnRequest(STORKAuthnRequest request) {
+        this.storkAuthnRequest = request;
+        if (request != null) {
+            isAuthnRequest = true;
+        }
+    }
+
+    public void setSTORKAttrRequest(STORKAttrQueryRequest request) {
+        this.storkAttrQueryRequest = request;
+        if (request != null) {
+            isAttrRequest = true;
+        }
+
+    }
+
+    public boolean isAttrRequest() {
+        return this.isAttrRequest;
+    }
+
+    public boolean isAuthnRequest() {
+        return this.isAuthnRequest;
+    }
+
+
+    public STORKAuthnRequest getStorkAuthnRequest() {
+        return this.storkAuthnRequest;
+    }
+
+    public String getOAURL() {
+
+        return storkAuthnRequest.getAssertionConsumerServiceURL();
+    }
+
+    public boolean isPassiv() {
+        return false;
+    }
+
+    public boolean forceAuth() {
+        return false;
+    }
+
+    public boolean isSSOSupported() {
+        return false;
+    }
+
+    public String requestedModule() {
+        return this.module;
+    }
+
+    public String requestedAction() {
+        return action;
+    }
+
+    public void setModule(String module) {
+        this.module = module;
+    }
+
+    public void setAction(String action) {
+        this.action = action;
+    }
+
+    public String getTarget() {
+        return this.target;
+    }
+
+    public void setRequestID(String id) {
+        this.requestID = id;
+    }
+
+    public String getRequestID() {
+        return this.requestID;
+    }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 042d61080..28a516d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -5,13 +5,12 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
 import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -20,7 +19,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Collections;
 import java.util.HashMap;
 
 /**
@@ -81,6 +79,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
         samlMessageContext.setInboundMessageTransport(profileReq);
 
+/*
         HTTPPostDecoder postDecoder = new HTTPPostDecoder();
         postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
 
@@ -90,8 +89,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         } catch (Exception e) {
             Logger.error("Error decoding STORKAuthnRequest", e);
         }
+*/
 
-        MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();
+        MOASTORKRequest STORK2Request = new MOASTORKRequest();
 
 
         //extract STORK Response from HTTP Request
@@ -99,7 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         try {
             decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest"));
         } catch(NullPointerException e) {
-            Logger.error("Unable to retrieve STORK Response", e);
+            Logger.error("Unable to retrieve STORK Request", e);
             throw new MOAIDException("stork.04", null);
         }
 
@@ -107,13 +107,26 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
 
         STORKAuthnRequest authnRequest = null;
+        STORKAttrQueryRequest attrRequest = null;
 
+        // check if valid authn request is contained
         try {
             authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
         } catch (STORKSAMLEngineException ex) {
             Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );
         }
 
+
+        // check if a valid attr request is container
+        try {
+            attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken);
+        } catch (STORKSAMLEngineException ex) {
+            Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );
+        }
+
+
+
+
         Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL());
         Logger.error("cc " + authnRequest.getCitizenCountryCode());
         Logger.error("iss " + authnRequest.getIssuer());
@@ -121,7 +134,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         Logger.error("spi " + authnRequest.getSpInstitution());
 
         STORK2Request.setSTORKAuthnRequest(authnRequest);
-
+        STORK2Request.setSTORKAttrRequest(attrRequest);
 
         return STORK2Request;
     }
-- 
cgit v1.2.3