From 6701d8aaca715133cfa9d7764eb2f1ed163dfce9 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 14 Mar 2016 14:14:24 +0100
Subject: update statuscodes and revisionslog codes

---
 id/server/doc/handbook/additional/additional.html | 25 +++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'id/server/doc/handbook/additional')

diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html
index fb9735990..cbf4a50c9 100644
--- a/id/server/doc/handbook/additional/additional.html
+++ b/id/server/doc/handbook/additional/additional.html
@@ -520,6 +520,31 @@
       <td width="208" valign="top"><p align="left">baseID</p></td>
       <td width="946" valign="top"><p>Stammzahl der vertretenen juristischen Person </p></td>
     </tr>
+    <tr>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">&nbsp;</td>
+    </tr>
+    <tr>
+      <td valign="top">6000</td>
+      <td valign="top">ReferenceID des Vollmachtensystems</td>
+      <td valign="top">externes Vollmachten Service kontaktiert</td>
+    </tr>
+    <tr>
+      <td valign="top">6001</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">g&uuml;ltige Vollmacht vom externen Vollmachten Service verarbeitet</td>
+    </tr>
+    <tr>
+      <td valign="top">6002</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Fehler vom externen Vollmachten Service verarbeitet</td>
+    </tr>
+    <tr>
+      <td valign="top">6003</td>
+      <td valign="top">IP    Adresse</td>
+      <td valign="top">IP Adresse mit der das externe Vollmachten Service die Vollmacht ausgeliefert hat</td>
+    </tr>
   </table>
 <p>&nbsp;</p>
 <p>Einzelne  Events werden um einen Transaktionsparameter erg&auml;nzt, welcher in der Spalte  Wert beschrieben ist. <br>
-- 
cgit v1.2.3


From b29150526d95af2f1c30f4543c88d35c2965dfe6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 14:43:22 +0100
Subject: add revisionslog info's to eIDAS and SLO methods

---
 id/server/doc/handbook/additional/additional.html  | 45 +++++++++++++++++
 .../id/advancedlogging/MOAIDEventConstants.java    | 15 ++++--
 .../moa/id/advancedlogging/MOAReversionLogger.java | 14 ++++--
 .../moa/id/data/ISLOInformationContainer.java      |  7 ++-
 .../moa/id/data/SLOInformationContainer.java       | 37 +++++++++++++-
 .../moa/id/moduls/AuthenticationManager.java       | 56 +++++++++++++++-------
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 15 ++++--
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 11 +++++
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  9 ++++
 9 files changed, 178 insertions(+), 31 deletions(-)

(limited to 'id/server/doc/handbook/additional')

diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html
index cbf4a50c9..58990567c 100644
--- a/id/server/doc/handbook/additional/additional.html
+++ b/id/server/doc/handbook/additional/additional.html
@@ -485,6 +485,26 @@
       <td width="208" valign="top"><p align="left">&nbsp;</p></td>
       <td width="946" valign="top"><p>Vollmacht vom Online-Vollmachten Service erhalten</p></td>
     </tr>
+    <tr>
+      <td valign="top">4400</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">IDP initiated Single LogOut Request erhalten</td>
+    </tr>
+    <tr>
+      <td valign="top">4401</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Single LogOut Process gestartet</td>
+    </tr>
+    <tr>
+      <td valign="top">4402</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Single LogOut Process erfolgreich beendet</td>
+    </tr>
+    <tr>
+      <td valign="top">4403</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Unvollst&auml;ndiger Single LogOut Prozess</td>
+    </tr>
     <tr>
       <td width="131" valign="top"><p align="center">5000</p></td>
       <td width="208" valign="top"><p align="left">bPK</p></td>
@@ -545,6 +565,31 @@
       <td valign="top">IP    Adresse</td>
       <td valign="top">IP Adresse mit der das externe Vollmachten Service die Vollmacht ausgeliefert hat</td>
     </tr>
+    <tr>
+      <td valign="top">6100</td>
+      <td valign="top">EntityID</td>
+      <td valign="top">eIDAS Node ausgew&auml;hlt</td>
+    </tr>
+    <tr>
+      <td valign="top">6101</td>
+      <td valign="top">RequestID</td>
+      <td valign="top">eIDAS Node kontaktiert</td>
+    </tr>
+    <tr>
+      <td valign="top">6102</td>
+      <td valign="top">ResponseID</td>
+      <td valign="top">G&uuml;ltige Response von eIDAS Node erhalten</td>
+    </tr>
+    <tr>
+      <td valign="top">6103</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Ung&uuml;ltige Response oder Fehlercode von eIDAS Node erhalten</td>
+    </tr>
+    <tr>
+      <td valign="top">6104</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Personenbindung f&uuml;r Authentifizierung &uuml;ber eIDAS Node erstellt</td>
+    </tr>
   </table>
 <p>&nbsp;</p>
 <p>Einzelne  Events werden um einen Transaktionsparameter erg&auml;nzt, welcher in der Spalte  Wert beschrieben ist. <br>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 054543c3e..9d26cc05f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -47,7 +47,12 @@ public interface MOAIDEventConstants extends EventConstants {
 	public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201;
 	
 	public static final int AUTHPROTOCOL_SAML1_AUTHNREQUEST = 3300;
-			
+	
+	public static final int AUTHPROCESS_IDP_SLO_REQUESTED = 4400;
+	public static final int AUTHPROCESS_SLO_STARTED = 4401;
+	public static final int AUTHPROCESS_SLO_ALL_VALID = 4402;
+	public static final int AUTHPROCESS_SLO_NOT_ALL_VALID = 4403;
+	
 	//authentication process information
 	public static final int AUTHPROCESS_START = 4000;
 	public static final int AUTHPROCESS_FINISHED = 4001;
@@ -78,9 +83,11 @@ public interface MOAIDEventConstants extends EventConstants {
 	public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301;
 	public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302;
 	
-	public static final int AUTHPROCESS_PEPS_REQUESTED = 4400;
-	public static final int AUTHPROCESS_PEPS_RECEIVED = 4401;
-	public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 4402;
+	public static final int AUTHPROCESS_PEPS_SELECTED = 6100;
+	public static final int AUTHPROCESS_PEPS_REQUESTED = 6101;
+	public static final int AUTHPROCESS_PEPS_RECEIVED = 6102;
+	public static final int AUTHPROCESS_PEPS_RECEIVED_ERROR = 6103;
+	public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 6104;
 		
 	//person information
 	public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 6fa07a098..4a5cbd55f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -75,18 +75,26 @@ public class MOAReversionLogger {
 			MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED,
 			MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED,
 			MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED,
-									
+
+			MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED,
+			MOAIDEventConstants.AUTHPROCESS_SLO_STARTED,
+			MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID,
+			MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID,
+			
 			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED,
 			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED,
 			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED,
 			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP,
 			
-			MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
-			MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED,
 			
+			MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
+			MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
+						
 			MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED,
 			MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT,
 			MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
index 18ffc5c6d..38f6948d3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
@@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.data;
 
 import java.util.Iterator;
 import java.util.List;
-import java.util.Set;
 import java.util.Map.Entry;
+import java.util.Set;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 
@@ -63,5 +63,8 @@ public interface ISLOInformationContainer {
 	List<String> getSloFailedOAs();
 
 	void putFailedOA(String oaID);
-
+	
+	public String getTransactionID();
+	
+	public String getSessionID();
 }
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index fd1749129..20588ad0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -44,6 +44,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs;
 	private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs;
 	private List<String> sloFailedOAs = null;
+	private String transactionID = null;
+	private String sessionID = null;
 	
 	/**
 	 * 
@@ -146,6 +148,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	@Override
 	public void setSloRequest(PVPTargetConfiguration sloRequest) {
 		this.sloRequest = sloRequest;
+		
 	}
 
 	/* (non-Javadoc)
@@ -164,5 +167,37 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 		if (sloFailedOAs == null)
 			sloFailedOAs = new ArrayList<String>();
 		sloFailedOAs.add(oaID);
-	}	
+	}
+
+
+	/**
+	 * @return the transactionID
+	 */
+	public String getTransactionID() {
+		return transactionID;
+	}
+
+
+	/**
+	 * @param transactionID the transactionID to set
+	 */
+	public void setTransactionID(String transactionID) {
+		this.transactionID = transactionID;
+	}
+	
+	public String getSessionID() {
+		return this.sessionID;
+		
+	}
+
+
+	/**
+	 * @param sessionID the sessionID to set
+	 */
+	public void setSessionID(String sessionID) {
+		this.sessionID = sessionID;
+	}
+	
+	
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 1e064f24f..a1f2c6558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -443,6 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {		
 		String pvpSLOIssuer = null;
 		String inboundRelayState = null;
+		String uniqueSessionIdentifier = "notSet";
+		String uniqueTransactionIdentifier = "notSet";
 		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
@@ -451,14 +453,33 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 			pvpSLOIssuer = logOutReq.getIssuer().getValue();
 			inboundRelayState = samlReq.getRelayState();
+			uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier();
+			uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier();
 			
+		} else {			
+			AuthenticationSessionExtensions sessionExt;
+			try {
+				sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
+				if (sessionExt != null)
+					uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
+				
+			} catch (MOADatabaseException e) {
+				Logger.error("Error during database communication. Can not evaluate 'uniqueSessionIdentifier'", e);
+				
+			}
+			uniqueTransactionIdentifier = Random.nextLongRandom();
+			revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED);
+						
 		}
 		
 		//store active OAs to SLOContaine
 		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
 		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
-		SLOInformationContainer sloContainer = new SLOInformationContainer();
-		sloContainer.setSloRequest(pvpReq);		
+		SLOInformationContainer sloContainer = new SLOInformationContainer();		
+		sloContainer.setTransactionID(uniqueTransactionIdentifier);
+		sloContainer.setSessionID(uniqueSessionIdentifier);
+		sloContainer.setSloRequest(pvpReq);
+		
 		sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
 		sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
 			
@@ -468,19 +489,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				 + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
 		
 		//terminate MOASession
-		try {
-			String uniqueSessionIdentifier = "notSet";
-			AuthenticationSessionExtensions sessionExt = 
-					authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
-			if (sessionExt != null)
-				uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
-			
+		try {			
 			authenticatedSessionStore.destroySession(session.getSessionID());
 			ssoManager.deleteSSOSessionID(httpReq, httpResp);
-			if (pvpReq != null)
-				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, pvpReq.getUniqueSessionIdentifier());			
-			else 
-				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
 
 			Logger.debug("Active SSO Session on IDP is remove.");
 						
@@ -490,8 +502,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			
 		}
 		
-		Logger.trace("Starting Service-Provider logout process ... ");
-		//start service provider back channel logout process
+		Logger.trace("Starting Service-Provider logout process ... ");		
+		revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
+		//start service provider back channel logout process		
 		Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();	
 		while (nextOAInterator.hasNext()) {
 			SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
@@ -592,13 +605,17 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 							null);
 					
 			        if (sloContainer.getSloFailedOAs() == null || 
-			        		sloContainer.getSloFailedOAs().size() == 0)
+			        		sloContainer.getSloFailedOAs().size() == 0) {
+			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
 			        	config.putCustomParameter("successMsg", 
 			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
-			        else
+			        	
+			        } else {
+			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 			        	config.putCustomParameter("errorMsg", 
 			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-			        
+			        	
+			        }
 			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
 										
 				}
@@ -615,6 +632,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
 				LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
 				sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+
+				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 				
 			}else {
 				//print SLO information directly
@@ -623,6 +642,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
 						null);
 				
+				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 				config.putCustomParameter("errorMsg", 
 	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
 	        	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index dfe9ecb49..af6c79140 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -41,6 +41,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -80,6 +82,7 @@ public class SingleLogOutAction implements IAction {
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
 	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired private SingleLogOutBuilder sloBuilder;
+	@Autowired private MOAReversionLogger revisionsLogger;
 	
 	
 	/* (non-Javadoc)
@@ -240,11 +243,17 @@ public class SingleLogOutAction implements IAction {
 									
 							        String statusCode = null;
 									if (sloContainer.getSloFailedOAs() == null || 
-							        		sloContainer.getSloFailedOAs().size() == 0)							       							   							        	
+							        		sloContainer.getSloFailedOAs().size() == 0) {							       							   							        	
 							        	statusCode  = MOAIDAuthConstants.SLOSTATUS_SUCCESS;
-							        else
+							        	revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
+							        			MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+							        	
+									} else {
+										revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), 
+												MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 							        	statusCode  = MOAIDAuthConstants.SLOSTATUS_ERROR;
-
+							        	
+									}
 									transactionStorage.put(artifact, statusCode);
 							        redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
 							        
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 6de446e01..7f3c4bddc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -36,6 +36,7 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -97,6 +98,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
+			
+			//TODO: switch to entityID
+			revisionsLogger.logEvent(oaConfig, pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
+					metadataUrl);
+			
 			// assemble requested attributes
 			Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
 
@@ -169,6 +176,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            response.setContentType("text/html;charset=UTF-8");
 	            response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
 
+	            revisionsLogger.logEvent(oaConfig, pendingReq, 
+						MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
+						authnRequest.getSamlId());
+	            
 	        } catch (IOException e) {
 	            Logger.error("Velocity IO error: " + e.getMessage());
 	            throw new MOAIDException("stork.15", null); // TODO
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 082fdbbbf..5d1b7fb6f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -79,12 +80,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//store MOA-session to database
 			authenticatedSessionStorage.storeSession(moasession);
 			
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+					samlResp.getSamlId());
+			
 		}catch (EIDASSAMLEngineException e) {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
 					new EIDASEngineException("Could not validate eIDAS response", e));
 			
 		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
 			
 		}	
-- 
cgit v1.2.3


From 859d7b200e1efa6caa1c72e32f22e61660b1b2ef Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 24 Mar 2016 10:43:55 +0100
Subject: update ELGA Mandate-Service client modul

---
 id/server/doc/handbook/additional/additional.html  | 250 ++++++++++-----------
 .../ELGAMandatesRequestBuilderConfiguration.java   |  19 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      |   4 +-
 3 files changed, 136 insertions(+), 137 deletions(-)

(limited to 'id/server/doc/handbook/additional')

diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html
index 58990567c..00b36c4cd 100644
--- a/id/server/doc/handbook/additional/additional.html
+++ b/id/server/doc/handbook/additional/additional.html
@@ -311,104 +311,104 @@
   <p>&nbsp;</p>
   <table border="1" cellpadding="0" cellspacing="0" class="configtable">
     <tr>
-      <td width="131" valign="top"><p align="left"><strong>EventCode</strong></p></td>
-      <td width="208" valign="top"><p align="left"><strong>Wert</strong></p></td>
-      <td width="946" valign="top"><p align="left"><strong>Beschreibung</strong></p></td>
+      <td width="165" valign="top"><p align="left"><strong>EventCode</strong></p></td>
+      <td width="312" valign="top"><p align="left"><strong>Wert</strong></p></td>
+      <td width="1127" valign="top"><p align="left"><strong>Beschreibung</strong></p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3000</p></td>
-      <td width="208" valign="top"><p align="left">Protokolltype</p></td>
-      <td width="946" valign="top"><p>Type des verwendeten Authentifizierungsprotokolls (OpenID Connect,    PVP2, STORK, SAML1)</p></td>
+      <td width="165" valign="top"><p align="center">3000</p></td>
+      <td width="312" valign="top"><p align="left">Protokolltype</p></td>
+      <td width="1127" valign="top"><p>Type des verwendeten Authentifizierungsprotokolls (OpenID Connect,    PVP2, STORK, SAML1)</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3100</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>PVP 2.x Metadaten Request</p></td>
+      <td width="165" valign="top"><p align="center">3100</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>PVP 2.x Metadaten Request</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3101</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>PVP 2.x Authentifizierungsrequest</p></td>
+      <td width="165" valign="top"><p align="center">3101</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>PVP 2.x Authentifizierungsrequest</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3102</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>PVP 2.x Authentifizierungsresponse</p></td>
+      <td width="165" valign="top"><p align="center">3102</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>PVP 2.x Authentifizierungsresponse</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3103</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>PVP 2.x Single LogOut Request</p></td>
+      <td width="165" valign="top"><p align="center">3103</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>PVP 2.x Single LogOut Request</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3104</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>PVP    2.x Attribute Query (im Fall IDP Interfederation mit zwischen MOA-IDs)</p></td>
+      <td width="165" valign="top"><p align="center">3104</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>PVP    2.x Attribute Query (im Fall IDP Interfederation mit zwischen MOA-IDs)</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3200</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>OpenID Connect Auth Requsst</p></td>
+      <td width="165" valign="top"><p align="center">3200</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>OpenID Connect Auth Requsst</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3201</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>OpenID Connect Tokken Request</p></td>
+      <td width="165" valign="top"><p align="center">3201</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>OpenID Connect Tokken Request</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">3300</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>SAML1 StartAuthentication Request</p></td>
+      <td width="165" valign="top"><p align="center">3300</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>SAML1 StartAuthentication Request</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4000</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Identifizierungs- und Authentifizierungsprozess    wurde gestartet</p></td>
+      <td width="165" valign="top"><p align="center">4000</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Identifizierungs- und Authentifizierungsprozess    wurde gestartet</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4001</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Identifizierungs- und Authentifizierungsprozess wurde beendet</p></td>
+      <td width="165" valign="top"><p align="center">4001</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Identifizierungs- und Authentifizierungsprozess wurde beendet</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4002</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Anmeldeprozess mit Online Vollmachten</p></td>
+      <td width="165" valign="top"><p align="center">4002</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Anmeldeprozess mit Online Vollmachten</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4003</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Anmeldeprozess mit STORK</p></td>
+      <td width="165" valign="top"><p align="center">4003</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Anmeldeprozess mit STORK</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4004</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Anmeldeprozess mit Single Sign-On</p></td>
+      <td width="165" valign="top"><p align="center">4004</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Anmeldeprozess mit Single Sign-On</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4005</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Ung&uuml;ltige Single Sign-On Session</p></td>
+      <td width="165" valign="top"><p align="center">4005</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Ung&uuml;ltige Single Sign-On Session</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4006</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Benutzeranfrage f&uuml;r Single Sign-On Verwendung    gestellt</p></td>
+      <td width="165" valign="top"><p align="center">4006</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Benutzeranfrage f&uuml;r Single Sign-On Verwendung    gestellt</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4007</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Benutzerantwort f&uuml;r Single Sign-On Verwendung empfangen</p></td>
+      <td width="165" valign="top"><p align="center">4007</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Benutzerantwort f&uuml;r Single Sign-On Verwendung empfangen</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4008</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Anmeldeprozess &uuml;ber IDP F&ouml;deration</p></td>
+      <td width="165" valign="top"><p align="center">4008</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Anmeldeprozess &uuml;ber IDP F&ouml;deration</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4009</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>G&uuml;ltige Response von f&ouml;deriertem IDP erhalten</p></td>
+      <td width="165" valign="top"><p align="center">4009</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>G&uuml;ltige Response von f&ouml;deriertem IDP erhalten</p></td>
     </tr>
     <tr>
       <td height="30" valign="top">4010</td>
@@ -416,74 +416,74 @@
       <td valign="top">Verwendeter IDP f&uuml;r f&ouml;derierte Anmeldung</td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4011</p></td>
-      <td width="208" valign="top"><p align="left">Service Identifikator</p></td>
-      <td width="946" valign="top"><p>Eindeutiger Identifikator der/des Online-Applikation/Service an der/dem die Anmeldung erfolgt</p></td>
+      <td width="165" valign="top"><p align="center">4011</p></td>
+      <td width="312" valign="top"><p align="left">Service Identifikator</p></td>
+      <td width="1127" valign="top"><p>Eindeutiger Identifikator der/des Online-Applikation/Service an der/dem die Anmeldung erfolgt</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4110</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>BKU Auswahl gestartet</p></td>
+      <td width="165" valign="top"><p align="center">4110</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>BKU Auswahl gestartet</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4111</p></td>
-      <td width="208" valign="top"><p align="left">Bkutype (z.b.    online, handy, local)</p></td>
-      <td width="946" valign="top"><p>Ausgew&auml;hlter BKU Type</p></td>
+      <td width="165" valign="top"><p align="center">4111</p></td>
+      <td width="312" valign="top"><p align="left">Bkutype (z.b.    online, handy, local)</p></td>
+      <td width="1127" valign="top"><p>Ausgew&auml;hlter BKU Type</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4112</p></td>
-      <td width="208" valign="top"><p align="left">URL</p></td>
-      <td width="946" valign="top"><p>Verwendete BKU URL</p></td>
+      <td width="165" valign="top"><p align="center">4112</p></td>
+      <td width="312" valign="top"><p align="left">URL</p></td>
+      <td width="1127" valign="top"><p>Verwendete BKU URL</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4113</p></td>
-      <td width="208" valign="top"><p align="left">IP    Adresse</p></td>
-      <td width="946" valign="top"><p>IP Adresse mit der die BKU Daten an MOA-ID    liefert</p></td>
+      <td width="165" valign="top"><p align="center">4113</p></td>
+      <td width="312" valign="top"><p align="left">IP    Adresse</p></td>
+      <td width="1127" valign="top"><p>IP Adresse mit der die BKU Daten an MOA-ID    liefert</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4220</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Personenbindung ausgelesen und g&uuml;ltig validiert</p></td>
+      <td width="165" valign="top"><p align="center">4220</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Personenbindung ausgelesen und g&uuml;ltig validiert</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4221</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Signaturzertifikat ausgelesen und validiert</p></td>
+      <td width="165" valign="top"><p align="center">4221</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Signaturzertifikat ausgelesen und validiert</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4222</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>AuthBlock signiert und g&uuml;ltig validiert</p></td>
+      <td width="165" valign="top"><p align="center">4222</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>AuthBlock signiert und g&uuml;ltig validiert</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4223</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Wechsel in den Modus f&uuml;r ausl&auml;ndische    Signaturkarten</p></td>
+      <td width="165" valign="top"><p align="center">4223</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Wechsel in den Modus f&uuml;r ausl&auml;ndische    Signaturkarten</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4224</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>SZR-Gateway wird kontaktiert</p></td>
+      <td width="165" valign="top"><p align="center">4224</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>SZR-Gateway wird kontaktiert</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4225</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Personenbindung von SZR-Gateway erhalten</p></td>
+      <td width="165" valign="top"><p align="center">4225</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Personenbindung von SZR-Gateway erhalten</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4300</p></td>
-      <td width="208" valign="top"><p align="left">ReferenceID des Vollmachtensystems</p></td>
-      <td width="946" valign="top"><p>Online-Vollmachten Service wird kontaktiert</p></td>
+      <td width="165" valign="top"><p align="center">4300</p></td>
+      <td width="312" valign="top"><p align="left">ReferenceID des Vollmachtensystems</p></td>
+      <td width="1127" valign="top"><p>Online-Vollmachten Service wird kontaktiert</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4301</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Redirekt zum Online-Vollmachten Service</p></td>
+      <td width="165" valign="top"><p align="center">4301</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Redirekt zum Online-Vollmachten Service</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">4302</p></td>
-      <td width="208" valign="top"><p align="left">&nbsp;</p></td>
-      <td width="946" valign="top"><p>Vollmacht vom Online-Vollmachten Service erhalten</p></td>
+      <td width="165" valign="top"><p align="center">4302</p></td>
+      <td width="312" valign="top"><p align="left">&nbsp;</p></td>
+      <td width="1127" valign="top"><p>Vollmacht vom Online-Vollmachten Service erhalten</p></td>
     </tr>
     <tr>
       <td valign="top">4400</td>
@@ -506,39 +506,39 @@
       <td valign="top">Unvollst&auml;ndiger Single LogOut Prozess</td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">5000</p></td>
-      <td width="208" valign="top"><p align="left">bPK</p></td>
-      <td width="946" valign="top"><p>bPK bei Vollmacht mit berufsm&auml;&szlig;igem Parteienvertreter    oder Organwalter</p></td>
+      <td width="165" valign="top"><p align="center">5000</p></td>
+      <td width="312" valign="top"><p align="left">bPK</p></td>
+      <td width="1127" valign="top"><p>bPK bei Vollmacht mit berufsm&auml;&szlig;igem Parteienvertreter    oder Organwalter</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">5001</p></td>
-      <td width="208" valign="top"><p align="left">OID</p></td>
-      <td width="946" valign="top"><p>OID bei Vollmacht mit berufsm&auml;&szlig;igem Parteienvertreter oder Organwalter</p></td>
+      <td width="165" valign="top"><p align="center">5001</p></td>
+      <td width="312" valign="top"><p align="left">OID</p></td>
+      <td width="1127" valign="top"><p>OID bei Vollmacht mit berufsm&auml;&szlig;igem Parteienvertreter oder Organwalter</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">5002</p></td>
-      <td width="208" valign="top"><p align="left">JSON    String</p></td>
-      <td width="946" valign="top"><p>Pseudoanonymisierte Personendaten der sich    anmeldeten nat&uuml;rlichen Person.</p></td>
+      <td width="165" valign="top"><p align="center">5002</p></td>
+      <td width="312" valign="top"><p align="left">JSON    String</p></td>
+      <td width="1127" valign="top"><p>Pseudoanonymisierte Personendaten der sich    anmeldeten nat&uuml;rlichen Person.</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">5100</p></td>
-      <td width="208" valign="top"><p align="left">Vollmachtstype</p></td>
-      <td width="946" valign="top"><p>Type der ausgew&auml;hlten Vollmacht</p></td>
+      <td width="165" valign="top"><p align="center">5100</p></td>
+      <td width="312" valign="top"><p align="left">Vollmachtstype</p></td>
+      <td width="1127" valign="top"><p>Type der ausgew&auml;hlten Vollmacht</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">5101</p></td>
-      <td width="208" valign="top"><p align="left">jur / nat</p></td>
-      <td width="946" valign="top"><p>Vollmacht - Type der vertretenen Person (Juristische    / nat&uuml;rliche Person)</p></td>
+      <td width="165" valign="top"><p align="center">5101</p></td>
+      <td width="312" valign="top"><p align="left">jur / nat</p></td>
+      <td width="1127" valign="top"><p>Vollmacht - Type der vertretenen Person (Juristische    / nat&uuml;rliche Person)</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">5102</p></td>
-      <td width="208" valign="top"><p align="left">JSON String</p></td>
-      <td width="946" valign="top"><p>Pseudoanonymisierte Personendaten der vertretenen nat&uuml;rlichen Person.</p></td>
+      <td width="165" valign="top"><p align="center">5102</p></td>
+      <td width="312" valign="top"><p align="left">JSON String</p></td>
+      <td width="1127" valign="top"><p>Pseudoanonymisierte Personendaten der vertretenen nat&uuml;rlichen Person.</p></td>
     </tr>
     <tr>
-      <td width="131" valign="top"><p align="center">5103</p></td>
-      <td width="208" valign="top"><p align="left">baseID</p></td>
-      <td width="946" valign="top"><p>Stammzahl der vertretenen juristischen Person </p></td>
+      <td width="165" valign="top"><p align="center">5103</p></td>
+      <td width="312" valign="top"><p align="left">baseID</p></td>
+      <td width="1127" valign="top"><p>Stammzahl der vertretenen juristischen Person </p></td>
     </tr>
     <tr>
       <td valign="top">&nbsp;</td>
@@ -547,12 +547,12 @@
     </tr>
     <tr>
       <td valign="top">6000</td>
-      <td valign="top">ReferenceID des Vollmachtensystems</td>
+      <td valign="top">ReferenceID zum Auth. Prozess</td>
       <td valign="top">externes Vollmachten Service kontaktiert</td>
     </tr>
     <tr>
       <td valign="top">6001</td>
-      <td valign="top">&nbsp;</td>
+      <td valign="top">ReferenceID des Vollmachhtenservice</td>
       <td valign="top">g&uuml;ltige Vollmacht vom externen Vollmachten Service verarbeitet</td>
     </tr>
     <tr>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index 60025075f..b67d263fc 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -252,8 +252,9 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
 	 */
 	public void setSubjectConformationDate(String givenName, String familyName, String dateOfBirth) {
 		try {
-			SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
-						
+			Logger.trace("Build 'SubjectConfirmationData' for ELGA Mandate-Service request ...");
+			//build empty 'SubjectConfirmationData' element
+			SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);					
 			DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 			dbf.setNamespaceAware(true);
 			DocumentBuilder builder = dbf.newDocumentBuilder();			
@@ -263,7 +264,7 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
 					.getMarshaller(subjectConformDate);
 			out.marshall(subjectConformDate, doc);
 			
-			//build root element
+			//build root element for personal information
 			Element rootDom = doc.createElementNS(
 					ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI, 					 
 					ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_ROOT);
@@ -274,24 +275,20 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
 						
 			//build personal information
 			Element familyNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME);
-			//familyNameDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
-			familyNameDom.setTextContent(familyName);
-			
 			Element givenNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME);
-			//givenNameDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
-			givenNameDom.setTextContent(givenName);
-			
 			Element dateOfBirthDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH);
-			//dateOfBirthDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
+			familyNameDom.setTextContent(familyName);						
+			givenNameDom.setTextContent(givenName);						
 			dateOfBirthDom.setTextContent(dateOfBirth);
 						
-			//add information to root element
+			//add personal information to 'SubjectConfirmationData' element
 			doc.getFirstChild().appendChild(rootDom);
 			rootDom.appendChild(givenNameDom);
 			rootDom.appendChild(familyNameDom);
 			rootDom.appendChild(dateOfBirthDom);
 			
 			this.subjectConformationDate = doc.getDocumentElement();
+			Logger.trace("'SubjectConfirmationData' for ELGA Mandate-Service is complete");
 			
 		} catch (ParserConfigurationException | MarshallingException e) {
 			Logger.error("Can not generate 'SubjectConformationDate' for " 
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 8960041f5..5604b7640 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -150,6 +150,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			defaultTaskInitialization(request, executionContext);
 			
 			//validate receive mandate reference-value
+			//TODO: update if ReferenceValue Discussion is finished
 			String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); 
 			if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
 				Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
@@ -172,7 +173,8 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			authenticatedSessionStorage.storeSession(moasession);
 						
 			//write revisions log entry
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED, 
+						extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
 
 			//write mandate info's to revisions log
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, 
-- 
cgit v1.2.3