Open eCard Development Center: Issueshttps://dev.openecard.org/https://dev.openecard.org/favicon.ico?16330801422019-09-09T11:21:16ZOpen eCard Development Center
Redmine Open eCard - Bug #766 (Feedback): Cyberjack Standard control command aborted by PCSChttps://dev.openecard.org/issues/7662019-09-09T11:21:16ZVladyslav Savchenko
<p>Hi guys!</p>
<p>Using the Open-eCard-App after entering PIN I am getting an exception.<br />My CardReader writes on its display "Tunnel aktiv", but the GUI-program fails with a message:</p>
<p>"An unknown error occurred. The operation was canceled."</p>
<p>in the command line I see:</p>
<p>Exception in thread "AWT-EventQueue-0" java.lang.IllegalStateException: javax.swing.JPanel[,0,0,0x0,invalid,layout=javax.swing.BoxLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=9,maximumSize=,minimumSize=,preferredSize=] is not attached to a horizontal group<br /> at javax.swing.GroupLayout.checkComponents(GroupLayout.java:1086)<br /> at javax.swing.GroupLayout.prepare(GroupLayout.java:1040)<br /> at javax.swing.GroupLayout.layoutContainer(GroupLayout.java:910)<br /> at java.awt.Container.layout(Container.java:1513)<br /> at java.awt.Container.doLayout(Container.java:1502)<br /> at java.awt.Container.validateTree(Container.java:1698)<br /> at java.awt.Container.validateTree(Container.java:1707)<br /> at java.awt.Container.validateTree(Container.java:1707)<br /> at java.awt.Container.validateTree(Container.java:1707)<br /> at java.awt.Container.validate(Container.java:1633)<br /> at java.awt.Window.dispatchEventImpl(Window.java:2744)<br /> at java.awt.Component.dispatchEvent(Component.java:4711)<br /> at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)<br /> at java.awt.EventQueue.access$500(EventQueue.java:97)<br /> at java.awt.EventQueue$3.run(EventQueue.java:709)<br /> at java.awt.EventQueue$3.run(EventQueue.java:703)<br /> at java.security.AccessController.doPrivileged(Native Method)<br /> at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)<br /> at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:84)<br /> at java.awt.EventQueue$4.run(EventQueue.java:733)<br /> at java.awt.EventQueue$4.run(EventQueue.java:731)<br /> at java.security.AccessController.doPrivileged(Native Method)<br /> at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)<br /> at java.awt.EventQueue.dispatchEvent(EventQueue.java:730)<br /> at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)<br /> at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)<br /> at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)<br /> at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)<br /> at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)<br /> at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)</p>
<p>I have also tried to launch the program with root privileges. The same result.</p> Common eID - Support #639 (New): Störung beim Ausweisen rfid standart von reiner scthttps://dev.openecard.org/issues/6392018-03-02T11:34:09ZLothar Reeger
<p>Beim Versuch sich auf dem Bürgerportal des Freistates Bayern auszuweisen zegt der leser nicht im Sichfelt an und beide LEDs Leuchten abwechselnd gelb un blau zimlich schnell.</p> Common eID - Bug #368 (New): BSI TR-03124-1 spezifiziert das Verhalten bei einem Abbruch durch de...https://dev.openecard.org/issues/3682014-12-03T18:33:24ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>Da die Spezifikation in diesem Punkt keine Aussage trifft, <br />verhalten sich Open eCard App und AusweisApp2 anders, was zu Herausforderungen <br />für die weiteren Komponenten (Dienst, eID-Server) führt.</p>
<p>Die Open eCard App schickt ein entsprechendes ResultMinor=http://www.bsi.bund.de/ecard/api/1.1/resultminor/sal#cancellationByUser<br />an den eID-Server, der den Authentisierungsvorgang geordnet abbrechen kann.</p>
<p>Die AusweisApp2 liefert hier ohne Umweg einen Redirect auf <a class="external" href="https://service.de:?session=150...6595&ResultMajor=error&ResultMinor=cancellationByUser&ResultMessage=Der">https://service.de:?session=150...6595&ResultMajor=error&ResultMinor=cancellationByUser&ResultMessage=Der</a> Benutzer hat den Vorgang abgebrochen.<br />und lässt den eID-Server ohne weitere Information in einen Timeout laufen.</p>
<p>Die BSI TR-03124-1 sollte hier das zu erwartende Verhalten spezifizieren, damit<br />klar ist was die neben dem eID-Client involvierten Komponenten (d.h. Dienst, eID-Server)<br />hier erwarten können.</p> Common eID - Bug #364 (New): AusweisApp2 schickt nicht spezifikationskonformen requestid-Paramete...https://dev.openecard.org/issues/3642014-11-22T12:27:11ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>Die AuseisApp2 schickt einen nicht spezifikationskonformen requestid-Parameter im http-Header.</p>
<p>Der entsprechende Ausschnitt aus dem Log ist z.B. <br />POST /ecardpaos/paosreceiver HTTP/1.1<br />Host: prodpaos.governikus-eid.de<br />User-Agent: AusweisApp2/1.0.0<br />Connection: keep-alive<br />Accept: text/html; application/vnd.paos+xml<br />PAOS: ver="urn:liberty:paos:2006-08" <br />Content-Type: application/vnd.paos+xml; charset=UTF-8<br />Content-Length: 1953<br />requestid: 1d8628bd-a845-41c4-b57b-39e82ef50a7e</p>
<p>Der Parameter requestid dürfte gemaäß Spezifikation NICHT vorhanden sein.</p> Common eID - Bug #363 (New): prodpaos.governikus-eid.de schickt in EAC2InputType-Nachricht ungült...https://dev.openecard.org/issues/3632014-11-21T11:11:12ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p><DIDAuthenticate xmlns="urn:iso:std:iso-iec:24727:tech:schema"><br /><ConnectionHandle xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ConnectionHandle"><br /><ContextHandle>CD010003</ContextHandle><br /><IFDName>REINER SCT cyberJack RFID basis 0</IFDName><br /><SlotIndex>0</SlotIndex><br />Der o.g. eID-Server, der u.a. beim Dienst <a class="external" href="https://www.sixform.com/ID-Safe">https://www.sixform.com/ID-Safe</a> im Einsatz ist, <br />schickt in der EAC2InputType-Nachricht ein ungültiges <Certificates xmlns="unknownNamespace"/> <br />Element.</p>
<p>Dieses Fehlverhalten führt unter Umständen bei strikt validierenden eID-Clients zu einer<br />entsprechenden Fehlermeldung. Die AusweisApp2 toleriert offenbar dieses nicht spezifikationskonforme Verhalten.</p>
<p><CardApplication>E80704007F00070302</CardApplication><br /><SlotHandle>33393236323631373630</SlotHandle><br /><RecognitionInfo/><br /></ConnectionHandle><br /><DIDName>PIN</DIDName><br /><AuthenticationProtocolData Protocol="urn:oid:1.3.162.15480.3.0.14.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="EAC2InputType"><br /><Certificates xmlns="unknownNamespace"/><br /><EphemeralPublicKey>040AE9999D8E1696E994FF8AD26C7FF97F0457E97D78616450C6010722704866D94D4DD1980342303F6919E718602C96FB14DE1BEFCD1E874B576D6BB361DB308B</EphemeralPublicKey><br /><Signature>5EDD8864787936F29AAC9478DDACDDC8506F86BFEFB96F36DCE5F3D8481CB874730B6188FC74954555162398FB325A1B4A25D1DD7AA3EE11CA787D4EF6D6D100</Signature><br /></AuthenticationProtocolData><br /></DIDAuthenticate></p> Common eID - Bug #362 (New): prodpaos.governikus-eid.de does not work with TLS_RSA_PSK_WITH_AES_2...https://dev.openecard.org/issues/3622014-11-13T13:16:30ZTobias Wichtobias.wich@ecsec.de
A PAOS channel can not be established successfully with the server <a class="external" href="https://prodpaos.governikus-eid.de:443">https://prodpaos.governikus-eid.de:443</a> in case the cipher suite <code>TLS_RSA_PSK_WITH_AES_256_CBC_SHA384</code> is used. The connection attempt fails with Decryption failed (21) after the first encrypted handshake message is sent to the server.<br />Tests with the same server revealed, that the following cipher suites work just fine:
<ul>
<li><code>TLS_RSA_PSK_WITH_AES_128_CBC_SHA256</code></li>
<li><code>TLS_RSA_PSK_WITH_AES_256_CBC_SHA</code></li>
</ul>
<p>This problem does not exist with the testserver at <a class="external" href="https://test.governikus-eid.de/Autent-DemoApplication/">https://test.governikus-eid.de/Autent-DemoApplication/</a>. There, the problematic cipher suite is used without any problems.</p>
<p>A build of the Open eCard App using this cipher suite can be found at <a class="external" href="https://files.ecsec.de/public.php?service=files&t=9d87270f5c9d953568db0640c7b844cb">https://files.ecsec.de/public.php?service=files&t=9d87270f5c9d953568db0640c7b844cb</a></p> Common eID - Bug #356 (New): Wrong HTTP Status Code in PAOS communicationhttps://dev.openecard.org/issues/3562014-10-10T12:26:54ZHans-Martin Haase
<p>According to PAOS specifikation (<a class="external" href="http://www.projectliberty.org/liberty/content/download/909/6303/file/liberty-paos-v2.0.pdf">http://www.projectliberty.org/liberty/content/download/909/6303/file/liberty-paos-v2.0.pdf</a>) Abschnitt 9.4 Processing Rules the PAOS Requester has to sent HTTP Status Code 202 in the HTTP Response.</p>
<p>The eid servers</p>
<p>eID-S#1<br />eID-S#2<br />eID-S#3</p>
<p>sent the status code 200.</p> Common eID - Feature #353 (New): Feig ABID myAXXESS basic Windows 8 Driverhttps://dev.openecard.org/issues/3532014-10-10T07:01:22ZHans-Martin Haase
<p>There is currently no driver available which supports Windows 8.</p>
<p>The installation routine says that the operating system is not supported (see attached picture).</p> Common eID - Bug #324 (New): meineschufa.de delivers a wrong RefreshAddress in the TCTokenhttps://dev.openecard.org/issues/3242014-08-19T13:07:50ZHans-Martin Haase
<p>The service at <a class="external" href="https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA">https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA</a> delivers a TCToken which is not standard compliant. The RefreshAddress is placed in a CDATA block. This leads to failures in the eID Clients. According to TR-03124-1 section 2.3 contains the RefreshAddress element just an https-URL.</p> Common eID - Bug #323 (New): meineschufa.de does not support recommended TLS ciphers from TR-2102-2https://dev.openecard.org/issues/3232014-08-19T12:54:22ZHans-Martin Haase
<p>The service available at <a class="external" href="https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA">https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA</a> does not support the recommended cipher suits from TR-2102-2.<br />This leads to Handshake failures in the eID clients.</p> Common eID - Bug #317 (New): esign.eid-service.de and eid.eid-service.de hangs after InitialFrame...https://dev.openecard.org/issues/3172014-07-14T13:05:59ZTobias Wichtobias.wich@ecsec.de
<p>The services mentioned above fail to send the next request message over the PAOS channel to the eCard Client in case the version number in the InitializeFrameworkResponse is set to the currently active version of the eCard API Framework (1.1.4) as requested in BSI TR-03112-3, Sec. 3.1.1</p>
<p>The following log fragmet shows the commonication with eid.eid-service.de. After the InitializeFrameworkResponse is sent, a StartPAOSResponse is sent back after a timeout is triggered in the server. Depending on the service the SP receives an error or is stuck as well.</p>
<pre>
2014-07-14 14:55:51,879 [PAOS] DEBUG org.openecard.transport.paos.PAOS:-1 - Message received:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<ns1:Envelope xmlns:ns1="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns2="urn:liberty:paos:2003-08" xmlns:ns3="urn:liberty:paos:2006-08" xmlns:ns5="http://www.w3.org/2005/03/addressing">
<ns1:Header>
<ns5:MessageID>urn:uuid9cbd01a836dbdc4776b7f2da408fa38da6b84f7f</ns5:MessageID>
<ns5:ReplyTo>
<ns5:Address>https://eid.eid-service.de:443</ns5:Address>
</ns5:ReplyTo>
<ns5:Action>http://www.bsi.bund.de/ecard/api/1.1/PAOS/GetNextCommand</ns5:Action>
</ns1:Header>
<ns1:Body>
<ns3:InitializeFramework xmlns:ns10="http://uri.etsi.org/01903/v1.3.2#" xmlns:ns11="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns12="http://www.w3.org/2001/04/xmlenc#" xmlns:ns13="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ns14="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ns15="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ns16="http://paos.eidserver.openlimit.com/" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.bsi.bund.de/ecard/api/1.1" xmlns:ns4="urn:iso:std:iso-iec:24727:tech:schema" xmlns:ns5="http://uri.etsi.org/02231/v3.1.2#" xmlns:ns6="http://uri.etsi.org/02231/v2.1.1#" xmlns:ns7="http://uri.etsi.org/02231/v2.x#" xmlns:ns8="http://www.setcce.org/schemas/ers" xmlns:ns9="urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#"/>
</ns1:Body>
</ns1:Envelope>
2014-07-14 14:55:51,881 [PAOS] DEBUG org.openecard.transport.httpcore.HttpUtils:-1 - HTTP Request (before adding content):
POST /?sessionid=4f184b91494fc99b9e99754f4950 HTTP/1.1
Connection: keep-alive
User-Agent: Open-eCard-App/1.1.0-SNAPSHOT
Host: eid.eid-service.de:443
PAOS: ver="urn:liberty:paos:2006-08"
Accept: text/html; application/vnd.paos+xml
2014-07-14 14:55:51,882 [PAOS] DEBUG org.openecard.transport.paos.PAOS:-1 - Message sent:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Header>
<PAOS xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/" ns0:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ns1="http://schemas.xmlsoap.org/soap/envelope/" ns1:mustUnderstand="1" xmlns="urn:liberty:paos:2006-08">
<Version>urn:liberty:paos:2006-08</Version>
<EndpointReference>
<Address>http://www.projectliberty.org/2006/01/role/paos</Address>
<MetaData>
<ServiceType>http://www.bsi.bund.de/ecard/api/1.1/PAOS/GetNextCommand</ServiceType>
</MetaData>
</EndpointReference>
</PAOS>
<ReplyTo xmlns="http://www.w3.org/2005/03/addressing">
<Address>http://www.projectliberty.org/2006/02/role/paos</Address>
</ReplyTo>
<RelatesTo xmlns="http://www.w3.org/2005/03/addressing">urn:uuid9cbd01a836dbdc4776b7f2da408fa38da6b84f7f</RelatesTo>
<MessageID xmlns="http://www.w3.org/2005/03/addressing">urn:uuid:27118a4d-6e53-4851-a77c-025a062a9c98</MessageID>
</Header>
<Body>
<ns4:InitializeFrameworkResponse xmlns:iso="urn:iso:std:iso-iec:24727:tech:schema" xmlns:ns10="http://uri.etsi.org/01903/v1.3.2#" xmlns:ns11="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ns12="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns13="http://www.w3.org/2001/04/xmlenc#" xmlns:ns14="http://ws.openecard.org/schema" xmlns:ns15="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ns16="http://www.w3.org/2007/05/xmldsig-more#" xmlns:ns2="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.bsi.bund.de/ecard/api/1.1" xmlns:ns5="http://uri.etsi.org/02231/v2.1.1#" xmlns:ns6="http://uri.etsi.org/02231/v2.x#" xmlns:ns7="http://uri.etsi.org/02231/v3.1.2#" xmlns:ns8="http://www.setcce.org/schemas/ers" xmlns:ns9="urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#">
<ns2:Result>
<ns2:ResultMajor>http://www.bsi.bund.de/ecard/api/1.1/resultmajor#ok</ns2:ResultMajor>
</ns2:Result>
<ns4:Version>
<ns4:Major>1</ns4:Major>
<ns4:Minor>1</ns4:Minor>
<ns4:SubMinor>4</ns4:SubMinor>
</ns4:Version>
</ns4:InitializeFrameworkResponse>
</Body>
</Envelope>
2014-07-14 14:57:32,152 [PAOS] DEBUG org.openecard.transport.httpcore.HttpUtils:-1 - HTTP Response:
HTTP/1.1 200 OK
connection: keep-alive
Content-Type: application/vnd.paos+xml
Content-Length: 1534
Date: Mon, 14 Jul 2014 12:57:30 GMT
Server: Server
<ns1:Envelope xmlns:ns2="urn:liberty:paos:2003-08" xmlns:ns1="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns3="urn:liberty:paos:2006-08" xmlns:ns5="http://www.w3.org/2005/03/addressing"><ns1:Header><ns5:MessageID>urn:uuid2d54f801cc9f95703f9d37587924c695ad13fa17</ns5:MessageID><ns5:ReplyTo><ns5:Address>https://eid.eid-service.de:443</ns5:Address></ns5:ReplyTo><ns5:Action>http://www.bsi.bund.de/ecard/api/1.1/PAOS/GetNextCommand</ns5:Action></ns1:Header><ns1:Body><ns4:StartPAOSResponse xmlns:ns16="http://paos.eidserver.openlimit.com/" xmlns:ns14="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ns15="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ns9="urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#" xmlns:ns12="http://www.w3.org/2001/04/xmlenc#" xmlns:ns5="http://uri.etsi.org/02231/v3.1.2#" xmlns:ns13="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ns6="http://uri.etsi.org/02231/v2.1.1#" xmlns:ns10="http://uri.etsi.org/01903/v1.3.2#" xmlns:ns7="http://uri.etsi.org/02231/v2.x#" xmlns:ns8="http://www.setcce.org/schemas/ers" xmlns:ns11="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="urn:iso:std:iso-iec:24727:tech:schema" xmlns:ns3="http://www.bsi.bund.de/ecard/api/1.1"><ns13:Result><ns13:ResultMajor>http://www.bsi.bund.de/ecard/api/1.1/resultmajor#error</ns13:ResultMajor><ns13:ResultMinor>http://www.bsi.bund.de/ecard/api/1.1/resultminor/dp#timeout</ns13:ResultMinor><ns13:ResultMessage/></ns13:Result></ns4:StartPAOSResponse></ns1:Body></ns1:Envelope>
2014-07-14 14:57:32,154 [PAOS] DEBUG org.openecard.transport.paos.PAOS:-1 - Message received:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<ns1:Envelope xmlns:ns1="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns2="urn:liberty:paos:2003-08" xmlns:ns3="urn:liberty:paos:2006-08" xmlns:ns5="http://www.w3.org/2005/03/addressing">
<ns1:Header>
<ns5:MessageID>urn:uuid2d54f801cc9f95703f9d37587924c695ad13fa17</ns5:MessageID>
<ns5:ReplyTo>
<ns5:Address>https://eid.eid-service.de:443</ns5:Address>
</ns5:ReplyTo>
<ns5:Action>http://www.bsi.bund.de/ecard/api/1.1/PAOS/GetNextCommand</ns5:Action>
</ns1:Header>
<ns1:Body>
<ns4:StartPAOSResponse xmlns:ns10="http://uri.etsi.org/01903/v1.3.2#" xmlns:ns11="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns12="http://www.w3.org/2001/04/xmlenc#" xmlns:ns13="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ns14="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ns15="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ns16="http://paos.eidserver.openlimit.com/" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.bsi.bund.de/ecard/api/1.1" xmlns:ns4="urn:iso:std:iso-iec:24727:tech:schema" xmlns:ns5="http://uri.etsi.org/02231/v3.1.2#" xmlns:ns6="http://uri.etsi.org/02231/v2.1.1#" xmlns:ns7="http://uri.etsi.org/02231/v2.x#" xmlns:ns8="http://www.setcce.org/schemas/ers" xmlns:ns9="urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#">
<ns13:Result>
<ns13:ResultMajor>http://www.bsi.bund.de/ecard/api/1.1/resultmajor#error</ns13:ResultMajor>
<ns13:ResultMinor>http://www.bsi.bund.de/ecard/api/1.1/resultminor/dp#timeout</ns13:ResultMinor>
<ns13:ResultMessage/>
</ns13:Result>
</ns4:StartPAOSResponse>
</ns1:Body>
</ns1:Envelope>
</pre> Common eID - Bug #316 (New): prodpaos.governikus-eid.de fails to process specifcation conforming ...https://dev.openecard.org/issues/3162014-07-14T12:41:19ZTobias Wichtobias.wich@ecsec.de
<p>Said server responds with an Internal Server Error (500) when it receives a StartPAOS message according to the specification in BSI TR-03112-7 v1.1.4, Sec. 2.6.</p>
<p>The following log containing the messages as sent to the server has been created by starting an authentication against <a class="external" href="https://www.buergerserviceportal.de/bayern/wuerzburg/public/classic/register">https://www.buergerserviceportal.de/bayern/wuerzburg/public/classic/register</a>.<br /><pre>
2014-07-14 14:27:20,623 [PAOS] WARN o.o.crypto.tls.auth.DynamicAuthentication:-1 - No certificate verifier available, skipping certificate verification.
2014-07-14 14:27:20,792 [PAOS] DEBUG org.openecard.transport.httpcore.HttpUtils:-1 - HTTP Request (before adding content):
POST /ecardpaos/paosreceiver?sessionid=d2086c14-00a4-49a5-90ca-881495f4eaa0 HTTP/1.1
Connection: keep-alive
User-Agent: Open-eCard-App/1.1.0-SNAPSHOT
Host: prodpaos.governikus-eid.de:443
PAOS: ver="urn:liberty:paos:2006-08"
Accept: text/html; application/vnd.paos+xml
2014-07-14 14:27:20,799 [PAOS] DEBUG org.openecard.transport.paos.PAOS:-1 - Message sent:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Header>
<PAOS xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/" ns0:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ns1="http://schemas.xmlsoap.org/soap/envelope/" ns1:mustUnderstand="1" xmlns="urn:liberty:paos:2006-08">
<Version>urn:liberty:paos:2006-08</Version>
<EndpointReference>
<Address>http://www.projectliberty.org/2006/01/role/paos</Address>
<MetaData>
<ServiceType>http://www.bsi.bund.de/ecard/api/1.1/PAOS/GetNextCommand</ServiceType>
</MetaData>
</EndpointReference>
</PAOS>
<ReplyTo xmlns="http://www.w3.org/2005/03/addressing">
<Address>http://www.projectliberty.org/2006/02/role/paos</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/03/addressing">urn:uuid:015e9b9e-c6bc-4de0-9899-716930db5d31</MessageID>
</Header>
<Body>
<iso:StartPAOS xmlns:iso="urn:iso:std:iso-iec:24727:tech:schema" xmlns:ns10="http://uri.etsi.org/01903/v1.3.2#" xmlns:ns11="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ns12="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns13="http://www.w3.org/2001/04/xmlenc#" xmlns:ns14="http://ws.openecard.org/schema" xmlns:ns15="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ns16="http://www.w3.org/2007/05/xmldsig-more#" xmlns:ns2="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.bsi.bund.de/ecard/api/1.1" xmlns:ns5="http://uri.etsi.org/02231/v2.1.1#" xmlns:ns6="http://uri.etsi.org/02231/v2.x#" xmlns:ns7="http://uri.etsi.org/02231/v3.1.2#" xmlns:ns8="http://www.setcce.org/schemas/ers" xmlns:ns9="urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#" Profile="http://www.bsi.bund.de/ecard/api/1.1">
<iso:SessionIdentifier>d2086c14-00a4-49a5-90ca-881495f4eaa0</iso:SessionIdentifier>
<iso:ConnectionHandle>
<iso:ChannelHandle>
<iso:SessionIdentifier>4DYYK4LXQRBgLC6t1R_u_A</iso:SessionIdentifier>
</iso:ChannelHandle>
<iso:ContextHandle>184C653A60882185708D8B3BF9B0FE8F</iso:ContextHandle>
<iso:IFDName>REINER SCT cyberJack RFID basis 01 00</iso:IFDName>
<iso:SlotIndex>0</iso:SlotIndex>
<iso:CardApplication>3F00</iso:CardApplication>
<iso:SlotHandle>C9C73C13E993B9483397E02327D336D2</iso:SlotHandle>
<iso:RecognitionInfo>
<iso:CardType>http://bsi.bund.de/cif/npa.xml</iso:CardType>
<iso:CardIdentifier>3B8A80018031F873F741E082900075</iso:CardIdentifier>
</iso:RecognitionInfo>
</iso:ConnectionHandle>
<iso:UserAgent>
<iso:Name>Open eCard App</iso:Name>
<iso:VersionMajor>1</iso:VersionMajor>
<iso:VersionMinor>1</iso:VersionMinor>
<iso:VersionSubminor>0</iso:VersionSubminor>
</iso:UserAgent>
<iso:SupportedAPIVersions>
<iso:Major>1</iso:Major>
<iso:Minor>1</iso:Minor>
<iso:Subminor>4</iso:Subminor>
</iso:SupportedAPIVersions>
<iso:SupportedDIDProtocols>urn:oid:1.3.162.15480.3.0.14</iso:SupportedDIDProtocols>
<iso:SupportedDIDProtocols>urn:oid:1.3.162.15480.3.0.14.2</iso:SupportedDIDProtocols>
<iso:SupportedDIDProtocols>urn:oid:1.3.162.15480.3.0.25</iso:SupportedDIDProtocols>
<iso:SupportedDIDProtocols>urn:oid:1.3.162.15480.3.0.9</iso:SupportedDIDProtocols>
</iso:StartPAOS>
</Body>
</Envelope>
2014-07-14 14:27:20,890 [PAOS] DEBUG org.openecard.transport.httpcore.HttpUtils:-1 - HTTP Response:
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1799
Date: Mon, 14 Jul 2014 12:27:18 GMT
Connection: close
<html><head><title>JBoss Web/7.0.16.Final - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error () that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>java.lang.NullPointerException
de.bos_bremen.eid.authentication.paos.handler.AusweisAppPaosHandler.&lt;init&gt;(AusweisAppPaosHandler.java:49)
de.bos_bremen.eid.authentication.paos.handler.PaosHandlerFactory.tryCreateNewInstances(PaosHandlerFactory.java:161)
de.bos_bremen.eid.authentication.paos.handler.PaosHandlerFactory.newInstance(PaosHandlerFactory.java:111)
de.bos_bremen.eid.authentication.paos.PaosReceiver.doPost(PaosReceiver.java:99)
javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
de.bos_bremen.eid.server.filter.CSPFilter.doFilter(CSPFilter.java:36)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the JBoss Web/7.0.16.Final logs.</u></p><HR size="1" noshade="noshade"><h3>JBoss Web/7.0.16.Final</h3></body></html>
</pre></p> Common eID - Bug #314 (New): StartPAOS schema differs from specificationhttps://dev.openecard.org/issues/3142014-07-10T08:26:53ZTobias Wichtobias.wich@ecsec.de
<p>The XML schema defining the StartPAOS message as delivered by the BSI (<a class="external" href="https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr03112/index_htm.html">https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr03112/index_htm.html</a>) differs from the definition in BSI TR-03112-7 (v1.1.4) Sec. 2.6.</p>
<p>The current schema reads as follows:<br /><pre><code class="xml syntaxhl"><span class="nt"><element</span> <span class="na">name=</span><span class="s">"StartPAOS"</span><span class="nt">></span>
<span class="nt"><complexType></span>
<span class="nt"><complexContent></span>
<span class="nt"><extension</span> <span class="na">base=</span><span class="s">"iso:RequestType"</span><span class="nt">></span>
<span class="nt"><sequence></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"SessionIdentifier"</span> <span class="na">type=</span><span class="s">"string"</span> <span class="nt">/></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"ConnectionHandle"</span>
<span class="na">type=</span><span class="s">"iso:ConnectionHandleType"</span> <span class="na">maxOccurs=</span><span class="s">"unbounded"</span>
<span class="na">minOccurs=</span><span class="s">"0"</span><span class="nt">></span>
<span class="nt"></element></span>
<span class="nt"></sequence></span>
<span class="nt"></extension></span>
<span class="nt"></complexContent></span>
<span class="nt"></complexType></span>
<span class="nt"></element></span>
</code></pre></p>
<p>According to the specification it should be:<br /><pre><code class="xml syntaxhl"><span class="nt"><element</span> <span class="na">name=</span><span class="s">"StartPAOS"</span><span class="nt">></span>
<span class="nt"><complexType></span>
<span class="nt"><complexContent></span>
<span class="nt"><extension</span> <span class="na">base=</span><span class="s">"iso:RequestType"</span><span class="nt">></span>
<span class="nt"><sequence></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"SessionIdentifier"</span> <span class="na">type=</span><span class="s">"string"</span> <span class="nt">/></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"ConnectionHandle"</span>
<span class="na">type=</span><span class="s">"iso:ConnectionHandleType"</span> <span class="na">maxOccurs=</span><span class="s">"unbounded"</span><span class="nt">></span>
<span class="nt"></element></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"UserAgent"</span><span class="nt">></span>
<span class="nt"><complexType></span>
<span class="nt"><sequence></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"Name"</span> <span class="na">type=</span><span class="s">"string"</span> <span class="nt">/></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"VersionMajor"</span> <span class="na">type=</span><span class="s">"integer"</span> <span class="nt">/></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"VersionMinor"</span> <span class="na">type=</span><span class="s">"integer"</span> <span class="nt">/></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"VersionSubminor"</span> <span class="na">type=</span><span class="s">"integer"</span> <span class="na">minOccurs=</span><span class="s">"0"</span> <span class="nt">/></span>
<span class="nt"></sequence></span>
<span class="nt"></complexType></span>
<span class="nt"></element></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"SupportedAPIVersions"</span> <span class="na">maxOccurs=</span><span class="s">"unbounded"</span><span class="nt">></span>
<span class="nt"><complexType></span>
<span class="nt"><sequence></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"Major"</span> <span class="na">type=</span><span class="s">"integer"</span> <span class="nt">/></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"Minor"</span> <span class="na">type=</span><span class="s">"integer"</span> <span class="na">minOccurs=</span><span class="s">"0"</span> <span class="nt">/></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"Subminor"</span> <span class="na">type=</span><span class="s">"integer"</span> <span class="na">minOccurs=</span><span class="s">"0"</span> <span class="nt">/></span>
<span class="nt"></sequence></span>
<span class="nt"></complexType></span>
<span class="nt"></element></span>
<span class="nt"><element</span> <span class="na">name=</span><span class="s">"SupportedDIDProtocols"</span> <span class="na">type=</span><span class="s">"anyURI"</span> <span class="na">minOccurs=</span><span class="s">"0"</span> <span class="na">maxOccurs=</span><span class="s">"unbounded"</span> <span class="nt">/></span>
<span class="nt"></sequence></span>
<span class="nt"></extension></span>
<span class="nt"></complexContent></span>
<span class="nt"></complexType></span>
<span class="nt"></element></span>
</code></pre></p> Common eID - PartnerIssue #305 (New): e-card AT PINs verhalten sich nicht wie in EF.AOD angegebenhttps://dev.openecard.org/issues/3052014-05-15T07:12:21ZHans-Martin Haase
<p>In den EF.AODs ist für die PINs eine storedLength von 0 angegeben und kein Padding-Indikator was laut ISO Standard gültig ist, allerdings verhält sich die Karte nicht danach. Für eine Verifikation der PINs ist ein Padding mit "FF" auf eine storedLength von 8 notwending.</p> Common eID - Bug #303 (New): Inkonsistenz zwischen TR-Text und XSD bzgl. SupportedOperations (ana...https://dev.openecard.org/issues/3032014-05-14T16:14:03ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>In <a class="external" href="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03112/api1_teil7_pdf.pdf">https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03112/api1_teil7_pdf.pdf</a> <br />(Abschnitt 3.9.1) ist der SupportedOperationsType folgendermaßen definiert:</p>
<p><simpleType name = "SupportedOperationsType"><br /> <union memberTypes = "iso:BitString"><br /> <simpleType><br /> <list><br /> <simpleType><br /> <restriction base = "token"><br /> <enumeration value = "Compute-checksum" /><br /> <enumeration value = "Compute-signature" /><br /> <enumeration value = "Verify-checksum" /><br /> <enumeration value = "Verify-signature" /><br /> <enumeration value = "Encipher" /><br /> <enumeration value = "Decipher" /><br /> <enumeration value = "Hash" /><br /> <enumeration value = "Derive-key" /><br /> </ restriction><br /> </ simpleType><br /> </ list><br /> </ simpleType><br /> </ union><br /></ simpleType></p>
<p>im entsprechenden Schema (siehe ISO24727-Protocols.xsd in <a class="external" href="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03112/xsd-wsdl.zip">https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03112/xsd-wsdl.zip</a> bzw.<br /><a class="external" href="http://ws.openecard.org/schema/ISO24727-Protocols.xsd">http://ws.openecard.org/schema/ISO24727-Protocols.xsd</a> ist er hingegen folgendermaßen definiert:<br /><simpleType name="SupportedOperationsType"><br /><union memberTypes="iso:BitString"><br /><simpleType><br /><list><br /><simpleType><br /><restriction base="token"><br /><enumeration value="Compute-checksum"/><br /><enumeration value="Compute-signature"/><br /><enumeration value="Verify-checksum"/><br /><enumeration value="Verify-signature"/><br /><enumeration value="Verify-certificate"/><br /><enumeration value="Encipher"/><br /><enumeration value="Decipher"/><br /><enumeration value="Hash"/><br /><enumeration value="Generate-key"/><br /><enumeration value="Internal-authenticate"/><br /><enumeration value="External-authenticate"/><br /><enumeration value="Mutual-authenticate"/><br /><enumeration value="General-authenticate"/><br /><enumeration value="Secure-messaging"/><br /></restriction><br /></simpleType><br /></list><br /></simpleType><br /></union><br /></simpleType></p> Common eID - Bug #296 (New): Minor result code common#invalidChannelHandle missing in TR-03112-1https://dev.openecard.org/issues/2962014-04-14T16:07:21ZTobias Wichtobias.wich@ecsec.de
<p>The minor result code <code>/resultminor/al/common#invalidChannelHandle</code>, which is named in the <code>EstablishContext</code> function in sec. 3.1.1 in TR-03112-6, is not mentioned in the list of minor codes in TR-03112-1 sec. 4.2.2.</p>
<p>There is however a <code>/resultminor/al/common#unknownChannelHandle</code> with description "Invalid channel handle". I suppose those got mixed up in the different documents and one of the two should vanish.</p> Common eID - Bug #295 (New): Minor result code common#incorrectParameter missing in TR-03112-1https://dev.openecard.org/issues/2952014-04-14T14:23:47ZTobias Wichtobias.wich@ecsec.de
<p>The minor result code <code>/resultminor/al/common#incorrectParameter</code>, which is named in the <code>Initialize</code> function in sec. 3.1.1 in TR-03112-3, is not mentioned in the list of minor codes in TR-03112-1 sec. 4.2.</p> Common eID - Suggestion #288 (New): LegacySignatureGenerationInfohttps://dev.openecard.org/issues/2882014-04-01T07:03:34ZHans-Martin Haase
<p>Die definierten Befehle für die SignatureGenerationInfo aus TR-0312 Teil4 bzw. 7 sind für manche Karten nicht ausreichend oder es werden proprietäre Versionen der APDU benutzt, sodass diese ebenfalls nicht abgebildet werden können.</p>
<p>Aus diesem Grund sollte das LegacySignatureGenerationInfo Object, wie es derzeit in der Open eCard App definiert ist in den Standard einfließen, damit oben genannte ausnahmen abgebildet werden können.</p> Common eID - Suggestion #287 (New): Corrigendum zum SignatureGenerationInfo vom 23.05.2011 sollte...https://dev.openecard.org/issues/2872014-04-01T06:57:13ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>Die Informationen zum SignatureGenerationInfo (siehe Nr. 4.10) aus dem Corrigendum zu Version 1.1.1 der TR-03112-4 vom 23.05.2011 sollten in die Spezifikation<br />eingearbeitet werden. Entsprechendes sollte auch für Encipher/Decipher (siehe Nr. 4.11) und Hash (siehe Nr. 4.12) geschehen.</p> Common eID - Bug #286 (New): eCardServerAddress in UseIDResponse ist keine gültige URLhttps://dev.openecard.org/issues/2862014-03-27T14:48:19ZTobias Wichtobias.wich@ecsec.de
<p>Die von eID-S#2 zurückgelieferte eCardServerAddress trägt kein <a class="external" href="https://,">https://,</a> sondern beginnt direkt mit dem Hostname.</p> Common eID - Bug #285 (New): Falsches ResultMajor Präfixhttps://dev.openecard.org/issues/2852014-03-27T14:32:40ZTobias Wichtobias.wich@ecsec.de
<p>eID-S#2 verwendet das folgende statt dem geforderten Präfix für ResultMajor Werte.<br /><code>http://www.bsi.bund.de/eid/server/2.0/resultmajor#</code></p>
<p>Laut Spezifikation wird folgendes Präfix erwartet:<br /><code>http://www.bsi.bund.de/ecard/api/1.1/resultmajor#</code></p>
<p>TR-03130 S.33</p>
<blockquote>
<p>The element ResultMajor MUST NOT contain other values than specified in [eCard-API] Part 1, Section 4.1.2.</p>
</blockquote> Common eID - Bug #284 (New): Fehlende optionale Elemente in UseID Request erzeugen Fehlerhttps://dev.openecard.org/issues/2842014-03-27T14:11:18ZTobias Wichtobias.wich@ecsec.de
<p>Wenn bei eID-S#2 das AgeVerficicationRequest oder das PSK Element in der UseID Anfrage fehlt, dann antwortet der eID Server mit einem Fehler.<br />Beide Elemente sind optional weshalb ein OK vom Server erwartet wird.</p>
<p>AgeVerificationRequest wird laut Spezifikation nur benötigt, wenn auch die Altersverifikation in UseOperations angefragt wird.<br />Das PSK Element ist optional und sollte wenn nicht angegeben vom Server bereitgestellt werden.</p> Common eID - Suggestion #283 (New): Expliziter Verweis auf WS-I Spezifikation in Kapitel 4 von BS...https://dev.openecard.org/issues/2832014-03-27T13:35:38ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>Um Interoperabilitätsprobleme wie <a class="external" href="http://dev.openecard.org/issues/282">http://dev.openecard.org/issues/282</a> zu vermeiden, <br />sollte in Kapitel 4 von <a href="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03130/TR-03130_TR-eID-Server_Part1_pdf.pdf?__blob=publicationFile" title="Teil 1, Version 2.0.1" class="external">BSI TR-03130</a> explizit auf <a class="external" href="http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html">http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html</a> (Abschnitt 13.2.8.) verwiesen werden.</p> Common eID - Bug #282 (New): Problem mit der Codierung des X509IssuerSerial-Elements https://dev.openecard.org/issues/2822014-03-27T13:28:22ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>Bei Verwendung der SOAP-Schnittstelle von eID-S#3 existiert ein Problem mit der Codierung des X509IssuerSerial-Elements,<br />da sich eID-S#3 nicht an die Empfehlung aus <a class="external" href="http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html">http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html</a> (Abschnitt 13.2.8.)<br />hält und deshalb die Reihenfolge der RDNs umgekehrt ist.</p>
<p>Dies wiederum führt dazu, dass die Zuordnung zwischen dem erhaltenen X509IssuerSerial und dem Zertifikat im KeyStore (zumindest bei der naheliegenden Verwendung der X500-Klasse aus java.security) fehlschlägt.</p>
<p>Aus</p>
<p>SEQUENCE
{<br /> SET
{<br /> SEQUENCE
{<br /> OBJECT IDENTIFIER=CommonName (2.5.4.3)<br /> UTF8 STRING='eID-S#3...'<br /> }<br /> }<br /> SET
{<br /> SEQUENCE
{<br /> OBJECT IDENTIFIER=OrganizationName (2.5.4.10)<br /> UTF8 STRING='eID-S#3...'<br /> }<br /> }<br /> SET
{<br /> SEQUENCE
{<br /> OBJECT IDENTIFIER=CountryName (2.5.4.6)<br /> PRINTABLE STRING='DE'<br /> }<br /> }<br /> }</p>
<p>wird</p>
<p>CN=..., O=..., C=DE,</p>
<p>obwohl man gemäß dem o.g. WS-I-Profil, bzw. dem darin referenzierten RFC 4514, die umgekehrt Reihenfolge</p>
<p>C=DE, O=... , CN=...</p>
<p>erwarten würde. Denn in RFC 4514 steht in Abs. 2.1</p>
<p>-------<br />Converting the RDNSequence</p>
<pre><code>If the RDNSequence is an empty sequence, the result is the empty or<br /> zero-length string.</code></pre>
<pre><code>Otherwise, the output consists of the string encodings of each<br /> RelativeDistinguishedName in the RDNSequence (according to Section<br /> 2.2), starting with the last element of the sequence and moving<br /> backwards toward the first.<br />-------</code></pre> Common eID - Feature #268 (New): Create SignMe-HowTo https://dev.openecard.org/issues/2682013-12-23T09:23:44ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>There should be a HowTo-like description, which <br />explains how a qualified certificate can be downloaded <br />to the German eID card using the SignMe-Service provided<br />by Bundesdruckerei.</p> Common eID - Bug #203 (New): Problem with Service of Tönjeshttps://dev.openecard.org/issues/2032013-03-25T08:08:43ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>There is a general problem with the service of Tönjes at <a class="external" href="https://ssl.toenjes-portal.de/index.php/customer/account/login">https://ssl.toenjes-portal.de/index.php/customer/account/login</a>.<br />It seems that many links are outdated.</p> Common eID - PartnerIssue #201 (New): Problem with Service of Teambankhttps://dev.openecard.org/issues/2012013-03-24T20:45:40ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>There is a problem with the service of Teambank at <a class="external" href="https://mein.easycredit.de/mein-easycredit/content/public/login.jsf">https://mein.easycredit.de/mein-easycredit/content/public/login.jsf</a>.</p> Common eID - PartnerIssue #200 (New): Problem with Service of Schufahttps://dev.openecard.org/issues/2002013-03-24T20:34:38ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>There is a problem with the service of Schufa at <a class="external" href="https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA">https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA</a> .</p> Common eID - PartnerIssue #195 (New): Problem with Service of Kreissparkasse Kölnhttps://dev.openecard.org/issues/1952013-03-23T17:15:27ZDetlef Hühnleindetlef.huehnlein@ecsec.de
<p>There seems to be a general problem with the service at <a class="external" href="https://www.ksk-koeln.de/leistungen/dienstleistungen/umzugsservice/online-ausweisfunktion.aspx">https://www.ksk-koeln.de/leistungen/dienstleistungen/umzugsservice/online-ausweisfunktion.aspx</a> .</p> Common eID - Review #192 (New): Problem with Service of BIW AG / Add note in specification how to...https://dev.openecard.org/issues/1922013-03-23T13:46:17ZDetlef Hühnleindetlef.huehnlein@ecsec.de