1 files changed, 17 insertions, 11 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
index dc8caabd..3fc31673 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
@@ -80,25 +80,31 @@ public class ProtocolFinalizationController extends AbstractController {
           // remove exception if it was found
           transactionStorage.remove(errorid);
 
-          final ExceptionContainer container =
-              (ExceptionContainer) SerializationUtils.deserialize(containerSerialized);
+          final Object containerObj = SerializationUtils.deserialize(containerSerialized);
+          if (containerObj instanceof ExceptionContainer) {
+            final ExceptionContainer container = (ExceptionContainer) containerObj;
+            final Throwable throwable = container.getExceptionThrown();
+            pendingReq = container.getPendingRequest();
 
-          final Throwable throwable = container.getExceptionThrown();
-          pendingReq = container.getPendingRequest();
+            if (pendingReq != null) {
+              // build protocol-specific error message if possible
+              protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
 
-          if (pendingReq != null) {
-            // build protocol-specific error message if possible
-            protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
+              // remove active user-session
+              transactionStorage.remove(pendingReq.getPendingRequestId());
 
-            // remove active user-session
-            transactionStorage.remove(pendingReq.getPendingRequestId());
+            } else {
+              protAuthService.handleErrorNoRedirect(throwable, req, resp, true);
 
-            return;
+            }
 
           } else {
-            protAuthService.handleErrorNoRedirect(throwable, req, resp, true);
+            protAuthService.handleErrorNoRedirect(
+                new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null),
+                req, resp, false);
 
           }
+
         } else {
           protAuthService.handleErrorNoRedirect(
               new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null),