First version of feature

3 files changed, 377 insertions, 155 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java
new file mode 100644
index 00000000..c5bac225
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java
@@ -0,0 +1,212 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.services;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
+import lombok.Getter;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.PostConstruct;
+import javax.servlet.http.HttpServletRequest;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+@Service()
+public class ErrorTicketService {
+  private static final Logger log = LoggerFactory.getLogger(ErrorTicketService.class);
+
+  private static final String CONFIG_PROP_ERRORHANDLING_ACTION_PATH = "core.errorhandling.action";
+  private static final String TECH_LOG_MSG = "errorCode={} Message={}";
+  private static final String TICKET_LOG_MSG = "Ticket={} errorCode={} Message={}";
+
+  private final HashMap<String, String> propertyMap = new HashMap<String, String>();
+
+
+  public enum ActionType {
+    TICKET_REDIRECT("ticket_redirect"), TICKET_NOREDIRECT("ticket_noredirect"), NOTICKET_REDIRECT(
+        "noticket_redirect"), NOTICKET_NOREDIRECT("noticket_noredirect");
+
+    private final String name;
+
+    ActionType(final String text) {
+      this.name = text;
+    }
+
+    @Override
+    public String toString() {
+      return name;
+    }
+  }
+
+  @Autowired(required = true)
+  IConfiguration basicConfig;
+  @Autowired(required = true)
+  ResourceLoader resourceLoader;
+
+  @PostConstruct
+  private void initialize() throws EaafException {
+    log.info("initErrorTicketService");
+
+    final String ticketConfPath = basicConfig.getBasicConfiguration(CONFIG_PROP_ERRORHANDLING_ACTION_PATH);
+    log.info("ticketConfPath" + ticketConfPath);
+
+
+    if (StringUtils.isEmpty(ticketConfPath)) {
+      log.error("Error: Path to errorhandling action configuration not known");
+      throw new EaafException("Error: Path to errorhandling action configuration not known");
+    } else {
+
+      Properties getProperties = new Properties();
+      try {
+
+        final String fullFilePath = FileUtils
+            .makeAbsoluteUrl(ticketConfPath, basicConfig.getConfigurationRootDirectory());
+        final Resource ressource = resourceLoader.getResource(fullFilePath);
+        final InputStream is = ressource.getInputStream();
+        getProperties.load(is);
+        is.close();
+        propertyMap.putAll((Map) getProperties);
+
+        //        log.error(propertyMap.toString());
+        //        log.error("working: " + propertyMap.get("auth.00"));
+
+      } catch (Exception e) {
+        log.error("Error: something went wrong");
+        throw new EaafException("Error: Parsing errorhandling actions failed");
+      }
+    }
+  }
+
+  public HandleData createHandleData(Throwable throwable, HttpServletRequest req) {
+    HandleData data = new HandleData(throwable, req);
+    extractErrorCode(data);
+    setUpErrorData(data);
+
+    return data;
+  }
+
+  private void extractErrorCode(HandleData data) {
+    Throwable originalException;
+    if (data.throwable instanceof TaskExecutionException
+        && ((TaskExecutionException) data.throwable).getOriginalException() != null) {
+      originalException = ((TaskExecutionException) data.throwable).getOriginalException();
+
+    } else {
+      originalException = data.throwable;
+
+    }
+
+    if (!(originalException instanceof EaafException)) {
+      data.errorCode = IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC;
+
+    } else {
+      data.errorCode = ((EaafException) originalException).getErrorId();
+
+    }
+  }
+
+  private void setUpErrorData(HandleData data) {
+
+    if (propertyMap.containsKey(data.errorCode)) {
+      String action = propertyMap.get(data.errorCode);
+
+      if (action.equals(ActionType.TICKET_REDIRECT.toString())) {
+        data.actionType = ActionType.TICKET_REDIRECT;
+        data.generateSupportTicket();
+        data.generateRedirect();
+
+      } else if (action.equals(ActionType.TICKET_NOREDIRECT.toString())) {
+        data.actionType = ActionType.TICKET_NOREDIRECT;
+        data.generateSupportTicket();
+
+      } else if (action.equals(ActionType.NOTICKET_REDIRECT.toString())) {
+        data.actionType = ActionType.NOTICKET_REDIRECT;
+        data.generateRedirect();
+
+      } else {// ActionType.NOTICKET_NOREDIRECT -> nothing to be done
+        data.actionType = ActionType.NOTICKET_NOREDIRECT;
+
+      }
+
+    } else {
+      data.generateSupportTicket();
+      // TODO log with ticket gernal internal error
+    }
+  }
+
+  public class HandleData {
+    private final HttpServletRequest req;
+    @Getter private String supportTicket;
+    @Getter private String redirectUrl;
+    @Getter private final Throwable throwable;
+    @Getter private String errorCode;
+    @Getter private ActionType actionType;
+
+
+    private HandleData(Throwable throwable, HttpServletRequest req) {
+      this.throwable = throwable;
+      this.req = req;
+    }
+
+    private void generateRedirect() {
+      redirectUrl = ServletUtils.getBaseUrl(req);
+      redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT
+              + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" +
+          StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));;
+
+    }
+
+    private void generateSupportTicket() {
+
+      String randomCode = RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' +
+          RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' +
+          RandomStringUtils.randomAlphanumeric(4).toUpperCase();
+      supportTicket = randomCode;
+    }
+
+    public void log_error() {
+
+      if (supportTicket != null) {
+        log.error(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(),
+            throwable);
+      } else {
+        log.error(TECH_LOG_MSG, errorCode, throwable.getMessage(), throwable);
+      }
+    }
+
+    public void log_info() {
+
+      if (supportTicket != null) {
+        log.info(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(), throwable);
+
+      } else {
+        log.info(TECH_LOG_MSG, errorCode, throwable.getMessage(), throwable);
+      }
+    }
+
+    public void log_warn() {
+
+      if (supportTicket != null) {
+        log.warn(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(), throwable);
+
+      } else {
+        log.warn(TECH_LOG_MSG, errorCode, throwable.getMessage(), throwable);
+      }
+    }
+  }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index abb3d685..687a5401 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -15,7 +15,7 @@
  * This product combines work with different licenses. See the "NOTICE" text file for details on the
  * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
  * works that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
 
 package at.gv.egiz.eaaf.core.impl.idp.auth.services;
 
@@ -52,7 +52,6 @@ import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
 import at.gv.egiz.eaaf.core.api.idp.auth.ISsoManager;
@@ -69,7 +68,6 @@ import at.gv.egiz.eaaf.core.exceptions.GuiBuildException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
 import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration;
 import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
@@ -82,9 +80,7 @@ import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
 public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
   private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class);
 
-  private static final String CONFIG_PROP_LOGGER_ON_INFO_LEVEL =
-      "core.logging.level.info.errorcodes";
-  private static final String TECH_LOG_MSG = "errorCode={} Message={}";
+  private static final String CONFIG_PROP_LOGGER_ON_INFO_LEVEL = "core.logging.level.info.errorcodes";
 
   @Autowired(required = true)
   private ApplicationContext applicationContext;
@@ -100,7 +96,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
   private IRequestStorage requestStorage;
   @Autowired(required = true)
   IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy;
-  @Autowired private IConfiguration basicConfig;
+  @Autowired
+  private IConfiguration basicConfig;
+
+  @Autowired(required = true)
+  private ErrorTicketService errorTicketService;
 
   @Autowired(required = false)
   private ISsoManager ssoManager;
@@ -136,9 +136,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
         final ISpConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 
         if (oaParam == null) {
-          throw new EaafAuthenticationException(
-              IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG,
-              new Object[] { pendingReq.getSpEntityId() });
+          throw new EaafAuthenticationException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG,
+              new Object[]{pendingReq.getSpEntityId()});
         }
 
         if (authmanager.doAuthentication(req, resp, pendingReq)) {
@@ -148,8 +147,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
           finalizeAuthentication(req, resp, pendingReq);
 
           // transaction is finished, log transaction finished event
-          revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED,
-              pendingReq.getUniqueTransactionIdentifier());
+          revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
 
         }
 
@@ -183,9 +181,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
       if (pendingReq.isAbortedByUser()) {
         // send authentication aborted error to Service Provider
         buildProtocolSpecificErrorResponse(
-            new EaafAuthenticationException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_USERSTOP,
-                new Object[] {}),
-            req, resp, pendingReq);
+            new EaafAuthenticationException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_USERSTOP, new Object[]{}), req,
+            resp, pendingReq);
 
         // check if pending-request are authenticated
       } else if (pendingReq.isAuthenticated() && !pendingReq.isNeedUserConsent()) {
@@ -193,12 +190,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
       } else {
         // suspect state: pending-request is not aborted but also are not authenticated
-        log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}",
-            pendingReq.isAuthenticated(), pendingReq.isNeedUserConsent());
+        log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(),
+            pendingReq.isNeedUserConsent());
         if (pendingReq.isNeedUserConsent()) {
-          log.error(
-              "PendingRequest NEEDS user-consent. "
-              + "Can NOT fininalize authentication --> Abort authentication process!");
+          log.error("PendingRequest NEEDS user-consent. " +
+              "Can NOT fininalize authentication --> Abort authentication process!");
 
         } else {
           log.error("PendingRequest is NOT authenticated --> Abort authentication process!");
@@ -216,44 +212,34 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
     } finally {
       // remove pending-request
       requestStorage.removePendingRequest(pendingReq.getPendingRequestId());
-      revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED,
-          pendingReq.getUniqueTransactionIdentifier());
+      revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
     }
 
   }
 
+
   @Override
-  public void buildProtocolSpecificErrorResponse(final Throwable throwable,
-      final HttpServletRequest req, final HttpServletResponse resp, final IRequest protocolRequest)
-      throws EaafException, IOException {
+  public void buildProtocolSpecificErrorResponse(final Throwable throwable, final HttpServletRequest req,
+      final HttpServletResponse resp, final IRequest protocolRequest) throws EaafException, IOException {
     try {
 
-      final Class<?> clazz = Class.forName(protocolRequest.requestedModule());
+      ErrorTicketService.HandleData errorData = errorTicketService.createHandleData(throwable, req);
 
-      if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) {
-        log.error(
-            "Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
-        throw new ClassCastException(
-            "Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
 
-      }
+      if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_REDIRECT) ||
+          errorData.getActionType().equals(ErrorTicketService.ActionType.TICKET_REDIRECT)) {
 
-      final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz);
-
-      if (handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest)) {
+        displayException(req, resp, errorData);
 
         // log Error to technical log
-        logExceptionToTechnicalLog(throwable);
+        logExceptionToTechnicalLog(errorData);
 
         // log Error Message
         statisticLogger.logErrorOperation(throwable, protocolRequest);
 
-        // write revision log entries
-        revisionsLogger.logEvent(protocolRequest, EventConstants.TRANSACTION_ERROR,
-            protocolRequest.getUniqueTransactionIdentifier());
 
       } else {
-        handleErrorNoRedirect(throwable, req, resp, true);
+        throw throwable; //through it on to handleErrorNoRedirect
 
       }
 
@@ -266,8 +252,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
   @Override
   public void handleErrorNoRedirect(final Throwable throwable, final HttpServletRequest req,
-      final HttpServletResponse resp, final boolean writeExceptionToStatisticLog)
-      throws IOException, EaafException {
+      final HttpServletResponse resp, final boolean writeExceptionToStatisticLog) throws IOException, EaafException {
+
+    ErrorTicketService.HandleData errorData = errorTicketService.createHandleData(throwable, req);
 
     // log Exception into statistic database
     if (writeExceptionToStatisticLog) {
@@ -275,30 +262,17 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
     }
 
     // write errror to console
-    logExceptionToTechnicalLog(throwable);
+    logExceptionToTechnicalLog(errorData);
 
     // return error to Web browser
-    if (throwable instanceof EaafException || throwable instanceof ProcessExecutionException) {
-      internalMoaidExceptionHandler(req, resp, (Exception) throwable, false);
-
-    } else {
-      // write generic message for general exceptions
-      final String msg =
-          statusMessager.getMessage(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null);
-      final String internalErrorCode = statusMessager.getResponseErrorCode(throwable);
-      
-      writeHtmlErrorResponse(req, resp, msg, internalErrorCode, null,
-          statusMessager.mapInternalErrorToExternalError(internalErrorCode));
-
-    }
-
+    displayException(req, resp, errorData);
   }
 
   @Override
   public void forwardToErrorHandler(Pair<IRequest, Throwable> errorToHandle, String errorKey,
       final HttpServletRequest req, final HttpServletResponse resp) throws GuiBuildException {
-    final IGuiBuilderConfiguration parentHopGuiConfig =
-        evaluateRequiredErrorHandlingMethod(errorToHandle.getFirst(), errorKey);
+    final IGuiBuilderConfiguration parentHopGuiConfig = evaluateRequiredErrorHandlingMethod(errorToHandle.getFirst(),
+        errorKey);
     if (parentHopGuiConfig != null) {
       log.trace("iFrame to parent hop requested. Building GUI step for error handling ... ");
       guiBuilder.build(req, resp, parentHopGuiConfig, "iFrame-to-parent");
@@ -321,15 +295,13 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
   /**
    * Finalize the requested protocol operation.
    *
-   * @param httpReq         HttpServletRequest
-   * @param httpResp        HttpServletResponse
-   * @param protocolRequest Authentication request which is actually in process
-   * @param moaSession      MOASession object, which is used to generate the
-   *                        protocol specific authentication information
+   * @param req        HttpServletRequest
+   * @param resp       HttpServletResponse
+   * @param pendingReq Authentication request which is actually in process
    * @throws Exception In case of an error
    */
-  protected void internalFinalizeAuthenticationProcess(final HttpServletRequest req,
-      final HttpServletResponse resp, final IRequest pendingReq) throws Exception {
+  protected void internalFinalizeAuthenticationProcess(final HttpServletRequest req, final HttpServletResponse resp,
+      final IRequest pendingReq) throws Exception {
 
     String newSsoSessionId = null;
 
@@ -351,8 +323,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
     final IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq);
 
     // execute the protocol-specific action
-    final SloInformationInterface sloInformation =
-        executeProtocolSpecificAction(req, resp, pendingReq, authData);
+    final SloInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData);
 
     // Store OA specific SSO session information if an SSO cookie is set
     if (StringUtils.isNotEmpty(newSsoSessionId)) {
@@ -372,52 +343,42 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
     }
 
     // Advanced statistic logging
-    statisticLogger.logSuccessOperation(pendingReq, authData,
-        StringUtils.isNotEmpty(newSsoSessionId));
+    statisticLogger.logSuccessOperation(pendingReq, authData, StringUtils.isNotEmpty(newSsoSessionId));
 
   }
 
   /**
    * Write a Exception to the MOA-ID-Auth internal technical log.
    *
-   * @param loggedException Exception to log
+   * @param data errordata structure
    */
-  protected void logExceptionToTechnicalLog(final Throwable loggedException) {    
+  protected void logExceptionToTechnicalLog(ErrorTicketService.HandleData data) {
     // In case of a TaskExecutionException, which is only a container for process-errors, 
-    // extract internal exception 
-    Throwable toLog;
-    if (loggedException instanceof TaskExecutionException 
-        && ((TaskExecutionException)loggedException).getOriginalException() != null) {
-      toLog = ((TaskExecutionException)loggedException).getOriginalException();
-      
-    } else {
-      toLog = loggedException;
-      
-    }
+    // extract internal exception
+
 
     // Log exception
-    if (!(toLog instanceof EaafException)) {
-      log.error(TECH_LOG_MSG, IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC,
-          toLog.getMessage(), toLog);
+    if (!(data.getThrowable() instanceof EaafException)) {
+      data.log_error();
 
-    } else {            
-      if (logOnInfoLevel.contains(((EaafException) toLog).getErrorId())) {
-        log.info(TECH_LOG_MSG, ((EaafException) toLog).getErrorId(),
-            toLog.getMessage(), toLog);
+    } else {
+
+      if (logOnInfoLevel.contains(data.getErrorCode())) {
+        data.log_info();
 
       } else {
-        log.warn(TECH_LOG_MSG, ((EaafException) toLog).getErrorId(),
-            toLog.getMessage(), toLog);
+        data.log_warn();
 
       }
     }
   }
 
+
   @PostConstruct
   private void initializer() {
     log.trace("Initializing {} ...", ProtocolAuthenticationService.class.getName());
-    logOnInfoLevel.addAll(KeyValueUtils.getListOfCsvValues(
-        basicConfig.getBasicConfiguration(CONFIG_PROP_LOGGER_ON_INFO_LEVEL)));
+    logOnInfoLevel
+        .addAll(KeyValueUtils.getListOfCsvValues(basicConfig.getBasicConfiguration(CONFIG_PROP_LOGGER_ON_INFO_LEVEL)));
     log.info("Set errorCodes={} to LogLevel:INFO", String.join(",", logOnInfoLevel));
 
   }
@@ -425,24 +386,20 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
   /**
    * Executes the requested protocol action.
    *
-   * @param httpReq         HttpServletRequest
-   * @param httpResp        HttpServletResponse
-   * @param protocolRequest Authentication request which is actually in process
-   * @param authData        Service-provider specific authentication data
-   *
+   * @param httpReq    HttpServletRequest
+   * @param httpResp   HttpServletResponse
+   * @param pendingReq Authentication request which is actually in process
+   * @param authData   Service-provider specific authentication data
    * @return Return Single LogOut information or null if protocol supports no SSO
-   *
    * @throws Exception in case of an error
    */
   private SloInformationInterface executeProtocolSpecificAction(final HttpServletRequest httpReq,
-      final HttpServletResponse httpResp, final IRequest pendingReq, final IAuthData authData)
-      throws Exception {
+      final HttpServletResponse httpResp, final IRequest pendingReq, final IAuthData authData) throws Exception {
     try {
       // request needs no authentication --> start request processing
       final Class<?> clazz = Class.forName(pendingReq.requestedAction());
       if (clazz == null || !IAction.class.isAssignableFrom(clazz)) {
-        log.error(
-            "Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
+        log.error("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
         throw new ClassCastException(
             "Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
 
@@ -452,25 +409,31 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
       return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData);
 
     } catch (final ClassNotFoundException e) {
-      log.error(
-          "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
+      log.error("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
       throw new ClassNotFoundException(
           "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.", e);
     }
 
   }
 
-  private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq,
-      @NonNull final HttpServletResponse httpResp, @NonNull final String msg,
-      @NonNull final String errorCode, @Nullable final Object[] params, String externalErrorCode) throws EaafException {
+
+//  private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq,
+//      @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode,
+//      @Nullable final Object[] params, String externalErrorCode) throws EaafException {
+//    this.writeHtmlErrorResponse(httpReq, httpResp, msg, errorCode, params, externalErrorCode, null, null);
+//  }
+
+  public void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq,
+      @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode,
+      @Nullable final Object[] params, String externalErrorCode, String url, String ticket) throws EaafException {
 
     try {
-      final IGuiBuilderConfiguration config =
-          guiConfigFactory.getDefaultErrorGui(HttpUtils.extractAuthUrlFromRequest(httpReq));
+      final IGuiBuilderConfiguration config = guiConfigFactory
+          .getDefaultErrorGui(HttpUtils.extractAuthUrlFromRequest(httpReq));
 
       String[] errorCodeParams = null;
       if (params == null) {
-        errorCodeParams = new String[] {};
+        errorCodeParams = new String[]{};
       } else {
         errorCodeParams = new String[params.length];
         for (int i = 0; i < params.length; i++) {
@@ -485,20 +448,18 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
       // add errorcode and errormessage
       if (config instanceof ModifyableGuiBuilderConfiguration) {
-        ((ModifyableGuiBuilderConfiguration) config).putCustomParameter(
-            AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERROMSG, msg);
-        ((ModifyableGuiBuilderConfiguration) config).putCustomParameter(
-            AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, errorCode);
-        ((ModifyableGuiBuilderConfiguration) config).putCustomParameter(
-            AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_EXTERNAL_ERRORCODE, 
-            externalErrorCode);                        
-        ((ModifyableGuiBuilderConfiguration) config).putCustomParameterWithOutEscaption(
-            AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODEPARAMS,
-            ArrayUtils.toString(errorCodeParams));
+        ModifyableGuiBuilderConfiguration c = ((ModifyableGuiBuilderConfiguration) config);
+        c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERROMSG, msg);
+        c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, errorCode);
+        c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_EXTERNAL_ERRORCODE,
+                externalErrorCode);
+        c.putCustomParameterWithOutEscaption(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG,
+                PARAM_GUI_ERRORCODEPARAMS, ArrayUtils.toString(errorCodeParams));
+        c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_TICKET, ticket);
+        c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_REDIRECT, url);
 
       } else {
-        log.info(
-            "Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable ");
+        log.info("Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable ");
       }
 
       guiBuilder.build(httpReq, httpResp, config, "Error-Message");
@@ -511,50 +472,40 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
   }
 
-  private void internalMoaidExceptionHandler(final HttpServletRequest req,
-      final HttpServletResponse resp, final Exception e, final boolean writeExceptionToStatisicLog)
-      throws IOException, EaafException {    
-    final String internalErrorCode = statusMessager.getResponseErrorCode(e);
-    
+  private void displayException(final HttpServletRequest req, final HttpServletResponse resp,
+      final ErrorTicketService.HandleData errorData)
+      throws IOException, EaafException {
+    final Throwable e = errorData.getThrowable();
+    final String internalErrorCode = errorData.getErrorCode();
+
+    // send error response
     if (e instanceof ProtocolNotActiveException) {
       resp.getWriter().write(Encode.forHtml(e.getMessage()));
       resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8);
       resp.sendError(HttpServletResponse.SC_FORBIDDEN,
           StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage())));
 
-    } else if (e instanceof AuthnRequestValidatorException) {
-      final AuthnRequestValidatorException ex = (AuthnRequestValidatorException) e;
-      // log Error Message
-      if (writeExceptionToStatisicLog) {
-        statisticLogger.logErrorOperation(ex, ex.getErrorRequest());
-      }
-            
+    } else if (e instanceof AuthnRequestValidatorException || e instanceof InvalidProtocolRequestException ||
+        e instanceof ProcessExecutionException || e instanceof ConfigurationException) {
       // write error message
       writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, null,
-          statusMessager.mapInternalErrorToExternalError(internalErrorCode));
-
-    } else if (e instanceof InvalidProtocolRequestException) {
-      // send error response
-      writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, null,
-          statusMessager.mapInternalErrorToExternalError(internalErrorCode));
-
-    } else if (e instanceof ConfigurationException) {
-      // send HTML formated error message
-      writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, null,
-          statusMessager.mapInternalErrorToExternalError(internalErrorCode));
+          statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(),
+          errorData.getSupportTicket());
 
     } else if (e instanceof EaafException) {
       // send HTML formated error message
-      writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode,
-          ((EaafException) e).getParams(), statusMessager.mapInternalErrorToExternalError(internalErrorCode));
+      writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, ((EaafException) e).getParams(),
+          statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(),
+          errorData.getSupportTicket());
 
-    } else if (e instanceof ProcessExecutionException) {
-      // send HTML formated error message
-      writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, null,
-          statusMessager.mapInternalErrorToExternalError(internalErrorCode));
+    } else {
+      // write generic message for general exceptions
+      final String msg = statusMessager.getMessage(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null);
+      writeHtmlErrorResponse(req, resp, msg, internalErrorCode, null,
+          statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(),
+          errorData.getSupportTicket());
 
     }
-
   }
 
   private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) {
@@ -562,9 +513,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
       return guiConfigFactory.getDefaultIFrameParentHopGui(first,
           ProtocolFinalizationController.ENDPOINT_ERRORHANDLING,
           errorId);
-
     }
-
     return null;
   }
 
@@ -573,6 +522,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
     redirectUrl = ServletUtils.getBaseUrl(req);
     redirectUrl += ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?"
         + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey;
+
     return redirectUrl;
 
   }
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
index b2130fb4..13a93e73 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
@@ -56,11 +56,70 @@ public class ProtocolFinalizationController extends AbstractController {
       EaafConstants.ENDPOINT_PREFIX_SECURED + "/finalizeAuthProtocol";
   public static final String ENDPOINT_ERRORHANDLING = 
       EaafConstants.ENDPOINT_PREFIX_SECURED + "/errorHandling";
+  public static final String ENDPOINT_ERROR_REDIRECT = 
+      EaafConstants.ENDPOINT_PREFIX_SECURED + "errorRedirect";
+
 
   @Autowired(required = true)
   IRequestStorage requestStorage;
   @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy;
 
+  @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = { RequestMethod.GET, RequestMethod.POST })
+  public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp)
+      throws EaafException, IOException {
+
+    final String errorToken =
+        StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));
+    if (errorToken != null) {
+      IRequest pendingReq = null;
+      try {
+        String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken);
+        log.debug("Searching exception with internal error-token: {}", errorId);
+
+        // load stored exception from database
+        final byte[] containerSerialized = transactionStorage.get(errorId, byte[].class);
+        if (containerSerialized != null) {
+          // remove exception if it was found
+          transactionStorage.remove(errorId);
+          log.trace("Find exception with internal error-token: {}", errorId);
+
+          //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized,
+          //    Arrays.asList(
+          //        ExceptionContainer.class.getName()
+          //        ));
+          final Object containerObj = SerializationUtils.deserialize(containerSerialized);
+
+          if (containerObj instanceof ExceptionContainer) {
+            final ExceptionContainer container = (ExceptionContainer) containerObj;
+            final Throwable throwable = container.getExceptionThrown();
+            pendingReq = container.getPendingRequest();
+
+            if (pendingReq != null) {
+
+            }
+          }
+        }
+      } catch (Exception e) {
+      }
+    }
+
+    //TODO finish
+//    final Class<?> clazz = Class.forName(req.requestedModule());
+//
+//    if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) {
+//      log.error(
+//          "Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
+//      throw new ClassCastException(
+//          "Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
+//
+//    }
+//
+//    final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz);
+//
+//    handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest);
+
+  }
+
   /**
    * End-Point to handle errors.
    *
@@ -69,6 +128,7 @@ public class ProtocolFinalizationController extends AbstractController {
    * @throws EaafException In case of an internal error
    * @throws IOException   In case of a servlet error
    */
+  // TODO reuse for the redirection to SP or own enpoint
   @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = { RequestMethod.GET, RequestMethod.POST })
   public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp)
       throws EaafException, IOException {