- IAIK Libraries (repository) aktualisiert:

	iaik-moa:           Version 1.29
	iaik_jce_full:		Version 4.0_MOA
	iaik_cms:			Version 4.1_MOA
- Einbindung von Online-Vollmachten
- Update MOA-Template zur Bürgerkartenauswahl
- Update Doku
- Update Transformationen (für Online-Vollmachten)
- Änderung der Konfiguration für:
	- Online-Vollmachten		

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1199 d688527b-c9ab-4aba-bd8d-4036d912da1d

73 files changed, 2518 insertions, 1370 deletions

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 39cdf4e87..c5daacdc3 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -19,6 +19,7 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.StringWriter;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -31,20 +32,15 @@ import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
 import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
 import org.apache.xerces.parsers.DOMParser;
 import org.apache.xerces.parsers.SAXParser;
 import org.apache.xerces.parsers.XMLGrammarPreparser;
@@ -53,12 +49,18 @@ import org.apache.xerces.util.XMLGrammarPoolImpl;
 import org.apache.xerces.xni.grammars.XMLGrammarDescription;
 import org.apache.xerces.xni.grammars.XMLGrammarPool;
 import org.apache.xerces.xni.parser.XMLInputSource;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 import org.xml.sax.EntityResolver;
 import org.xml.sax.ErrorHandler;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
-
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -258,6 +260,48 @@ public class DOMUtils {
   /**
    * Parse an XML document from an <code>InputStream</code>.
    * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @param entityResolver An <code>EntityResolver</code> to resolve external
+   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
+   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
+   * with parsing errors. If <code>null</code>, it will not be set.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocumentSimple(InputStream inputStream)
+    throws  SAXException, IOException, ParserConfigurationException {
+
+    DOMParser parser;
+			
+    parser = new DOMParser();
+    // set parser features and properties
+    parser.setFeature(NAMESPACES_FEATURE, true);
+    parser.setFeature(VALIDATION_FEATURE, false);
+    parser.setFeature(SCHEMA_VALIDATION_FEATURE, false);
+    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
+    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
+    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
+		
+    parser.parse(new InputSource(inputStream));
+    
+    return parser.getDocument();
+  }
+
+  
+  /**
+   * Parse an XML document from an <code>InputStream</code>.
+   * 
    * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
    * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
    * 
@@ -1000,5 +1044,23 @@ public class DOMUtils {
     }
     return v;
   }
+  
+  /**
+   * Returns a byte array from given node.
+   * @param node
+   * @return
+   * @throws TransformerException
+   */
+  public static byte[] nodeToByteArray(Node node) throws TransformerException {
+	  Source source = new DOMSource(node);
+	  ByteArrayOutputStream out = new ByteArrayOutputStream();
+	  //StringWriter stringWriter = new StringWriter();
+	  Result result = new StreamResult(out);
+	  TransformerFactory factory = TransformerFactory.newInstance();
+	  Transformer transformer = factory.newTransformer();
+	  transformer.transform(source, result);
+	  return out.toByteArray();
+  }
 
+ 
 }
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
index 9078bab98..2e4c33c03 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Klaus Stranacher (Technische Universität Graz) -->

 <xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">

 	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->

 	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

@@ -190,7 +191,7 @@
 				<xsd:element name="TrustedBKUs" minOccurs="0">

 					<xsd:complexType>

 						<xsd:sequence>

-							<xsd:element name="BKUURL" maxOccurs="unbounded" type="xsd:anyURI"/>

+							<xsd:element name="BKUURL" type="xsd:anyURI" maxOccurs="unbounded"/>

 						</xsd:sequence>

 					</xsd:complexType>

 				</xsd:element>

@@ -277,7 +278,18 @@
 					<xsd:sequence>

 						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

 							<xsd:annotation>

-								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>

+								<xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="OnlineMandates" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zum Online-Vollmachten-Service</xsd:documentation>

 							</xsd:annotation>

 						</xsd:element>

 					</xsd:sequence>

@@ -433,6 +445,13 @@
 						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

 						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

 						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>

+						<xsd:element name="Mandates" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element name="Profiles" type="xsd:string"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

 					</xsd:sequence>

 					<xsd:attribute name="slVersion" use="optional" default="1.1">

 						<xsd:simpleType>

diff --git a/id/history.txt b/id/history.txt
index e7ccdc38f..4aa774480 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -11,10 +11,13 @@ Version MOA-ID 1.5.0: Änderungen seit Version MOA-ID 1.4.8:
 - Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)

 - Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)

 - IAIK Libraries aktualisiert:

-	iaik-moa:           TODO

+	iaik-moa:           Version 1.29

+	iaik_jce_full:		Version 4.0_MOA

+	iaik_cms:			Version 4.1_MOA

 - Update Parameterüberprüfung

 - Einbindung von Online-Vollmachten

 - Update MOA-Template zur Bürgerkartenauswahl

+- Update Transformationen (für Online-Vollmachten)

 - Änderung der Konfiguration für:

 	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)

 	- Online-Vollmachten

diff --git a/id/readme_1.5.0.txt b/id/readme_1.5.0.txt
index 4815e86e1..56a08cc0c 100644
--- a/id/readme_1.5.0.txt
+++ b/id/readme_1.5.0.txt
@@ -10,26 +10,39 @@ Mit MOA ID Version 1.5.0 wurden folgende Neuerungen eingeführt, die jetzt
 erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 

 gleichen Verzeichnis):

 

-TODO		

+- Fixed Bug #552 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105)

+- Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)

+- Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)

+- IAIK Libraries aktualisiert:

+	iaik-moa:           Version 1.29

+	iaik_jce_full:		Version 4.0_MOA

+	iaik_cms:			Version 4.1_MOA

+- Update Parameterüberprüfung

+- Einbindung von Online-Vollmachten

+- Update MOA-Template zur Bürgerkartenauswahl

+- Update Transformationen (für Online-Vollmachten)

+- Änderung der Konfiguration für:

+	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)

+	- Online-Vollmachten		

 -------------------------------------------------------------------------------

 B. Durchführung eines Updates

 -------------------------------------------------------------------------------

-TODO

+

 Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch

 eine Aktualisierung bestehender Installationen möglich.

 

 ...............................................................................

-B.1 Durchführung eines Updates von Version 1.4.7

+B.1 Durchführung eines Updates von Version 1.4.8

 ...............................................................................

 

 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.

    Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.

 

-2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.8.zip) in

+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.5.0.zip) in

    ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 

    bezeichnet.

    Für MOA ID Proxy:

-   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.8.zip) in

+   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.5.0.zip) in

    ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 

    bezeichnet.    

 

@@ -50,8 +63,42 @@ B.1 Durchführung eines Updates von Version 1.4.7
    Für MOA ID Proxy:

    Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach

    CATALINA_HOME_ID/webappsProxy.

+   

+5. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis

+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.

 

-5. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im

+6. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 

+   Verzeichnis JAVA_HOME\jre\lib\ext.

+   

+7. Kopieren Sie die zwei Dateien aus dem Verzeichnis  

+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres

+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet

+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge 

+   wird davon ausgegangen).

+   

+8. Kopieren Sie die zwei Dateien aus dem Verzeichnis 

+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres

+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet

+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 

+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 

+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 

+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen

+   wird, lautet dieses Stammverzeichnis für gewöhnlich

+   CATALINA_HOME_ID/conf/moa-spss.

+   

+9. Update der MOA-ID Konfiguration: Fügen sie als letztes Kindelement von 

+   MOA-IDConfiguration folgendes ein:

+   	<TrustedBKUs>

+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>

+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>

+	</TrustedBKUs>

+	Fügen Sie allfällige weitere URLs zu verwendeten BKUs hinzu (bspw. eine 

+	Online-BKU)

+	Ab Version 1.5.0 überprüft MOA-ID den Parameter bkuURI ob diese URI in der 

+	Konfiguration vorhanden ist. URIs für lokale BKUs müssen nicht 

+	angegeben werden.

+	

+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im

    Logging von MOA ID beim Einlesen der Konfiguration.

 

 

@@ -200,8 +247,19 @@ B.2 Durchführung eines Updates von Version 1.4.3 oder 1.4.4 oder 1.4.5 oder
         CATALINA_HOME\conf\moa-spss\trustProfiles\

         MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.

 

-

-12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im

+12. Update der MOA-ID Konfiguration: Fügen sie als letztes Kindelement von 

+   MOA-IDConfiguration folgendes ein:

+   	<TrustedBKUs>

+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>

+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>

+	</TrustedBKUs>

+	Fügen Sie allfällige weitere URLs zu verwendeten BKUs hinzu (bspw. eine 

+	Online-BKU)

+	Ab Version 1.5.0 überprüft MOA-ID den Parameter bkuURI ob diese URI in der 

+	Konfiguration vorhanden ist. URIs für lokale BKUs müssen nicht 

+	angegeben werden.

+

+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im

    Logging von MOA ID beim Einlesen der erneuerten Konfiguration.

 

 ...............................................................................

@@ -348,18 +406,19 @@ B.3 Durchführung eines Updates von Version 1.4.1 oder 1.4.2 (incl. beta 1)
         CATALINA_HOME\conf\moa-spss\trustProfiles\

         MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.

 

-13. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 

-   Beispielkonfigurationsdateien aus dem Verzeichnis

-   MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 

-   CATALINA_HOME_ID/conf/moa-id. 

-   Verwenden Sie in Ihrer Installation bereits die Vollmachtenprüfung, so 

-   verschieben Sie bitte in der MOA-ID Installationsdatei das Element 

-   <CompatibilityMode> innerhalb des Konfigurationsteiles für die berufliche 

-   Parteienvertreung (ParepSpecificParameters) unter das Element 

-   ApplicationSpecificParameters.

-

-

-14. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im

+12. Update der MOA-ID Konfiguration: Fügen sie als letztes Kindelement von 

+   MOA-IDConfiguration folgendes ein:

+   	<TrustedBKUs>

+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>

+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>

+	</TrustedBKUs>

+	Fügen Sie allfällige weitere URLs zu verwendeten BKUs hinzu (bspw. eine 

+	Online-BKU)

+	Ab Version 1.5.0 überprüft MOA-ID den Parameter bkuURI ob diese URI in der 

+	Konfiguration vorhanden ist. URIs für lokale BKUs müssen nicht 

+	angegeben werden.

+	

+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im

    Logging von MOA ID beim Einlesen der erneuerten Konfiguration.

    

 ...............................................................................

diff --git a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
index b68d247cb..bb0e11a80 100644
--- a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
+++ b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index e1261b819..ef75dff24 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -29,6 +29,13 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
 	</servlet>
 	<servlet>
+		<servlet-name>GetMISSessionID</servlet-name>
+		<display-name>GetMISSessionID</display-name>
+		<description>Get the MIS session ID coming from security layer</description>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
+	</servlet>
+	
+	<servlet>
 		<servlet-name>GetForeignID</servlet-name>
 		<display-name>GetForeignID</display-name>
 		<description>Gets the foreign eID from security layer</description>
@@ -88,11 +95,14 @@
 		<servlet-name>VerifyIdentityLink</servlet-name>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
-		<servlet-mapping>
+	<servlet-mapping>
 		<servlet-name>VerifyCertificate</servlet-name>
 		<url-pattern>/VerifyCertificate</url-pattern>
 	</servlet-mapping>
-	
+	<servlet-mapping>
+		<servlet-name>GetMISSessionID</servlet-name>
+		<url-pattern>/GetMISSessionID</url-pattern>
+	</servlet-mapping>
 	<servlet-mapping>
 		<servlet-name>GetForeignID</servlet-name>
 		<url-pattern>/GetForeignID</url-pattern>
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index 39b715a6e..28fea78e3 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -94,7 +94,7 @@ h2#tabheader, h2#contentheader {
 

 #bkulogin {

 	overflow:hidden;	

-	width:220px;

+	width:220px;	

 }

 

 #bkukarte {

@@ -212,18 +212,6 @@ p {
 	vertical-align: middle;

 }

 

-.infobutton {

-	background-color: #005a00;

-	color: white;

-	font-family: serif;

-	text-decoration: none;

-	padding-top: 2px;

-	padding-right: 4px;

-	padding-bottom: 2px;

-	padding-left: 4px;

-	font-weight: bold;

-}

-

 /* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */

 .hell {

 	background-color : #DDDDDD;	

diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index 06639c7e5..4661eea70 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -28,9 +28,6 @@
 					i = url.indexOf(follower);

 					url = url.substring(0, i-1);

 				}

-			

-				

-				// alert (name + ": " + url);

 				

 				return url;

 				

@@ -42,7 +39,7 @@
 

 		<form method="POST" name="moaidform">

 			<input type="hidden" name="Template">

-            <input type="hidden" name="bkuURI" value="https://www.a-trust.at/mobile/https-security-layer-request/default.aspx">		

+            <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">		

             <input type="hidden" name="useMandate">

     	</form>		

 		

diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 0e12035e9..51bcc7156 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -12,25 +12,30 @@
 			

 			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an

             // z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at

-			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";

+			// var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";

+			var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=sss&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";

 			

 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an

             // z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html

-			var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";

+			//var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";

+			var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";

 			

 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an

 			// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"

-			var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";

+			//var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";

+			var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";

 			

 			// [MUSS] Geben Sie hier die URL zur Online BKU an

 			// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"

-			var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";

-			

+			//var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";

+			//var URL_TO_ONLINEBKU = "http://localhost:8082/bkuonline/http-security-layer-request";

+			var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";

+

 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->

 			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->

-			var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";

-			

-			

+			//var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";

+			var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";

+		

 			window.onload=function() {

 				document.getElementById("localBKU").style.display="none";

 				

@@ -45,23 +50,23 @@
 				// set values for local BKU

 				document.getElementById("form_local_bku").action = MOA_ID_STARTAUTHENTICATION;

 				document.getElementById("input_localBKU_template").value = URL_TO_LOKALBKU_TEMPLATE;

-				if (document.getElementById("mandateCheckBox").checked) {

-					document.getElementById("useMandate").value = "true";

-				}

-				else {

-					document.getElementById("useMandate").value = "false";

+				document.getElementById("useMandate").value = "false";

+				var checkbox = document.getElementById("mandateCheckBox")

+				if (checkbox !=  null) {

+					if (document.getElementById("mandateCheckBox").checked) {

+						document.getElementById("useMandate").value = "true";

+					}

 				}

-

+				

 				// set values for online BKU

 		        var el = document.getElementById("bkulogin");

         		var parent = el.parentNode;

 				

-				var checkBox = document.getElementById("mandateCheckBox");				

 				var iFrameURL = "iframeOnlineBKU.html" + "?";

 				iFrameURL += "bkuURI=" + URL_TO_ONLINEBKU + "&";

 				iFrameURL += "Template=" + URL_TO_ONLINEBKU_TEMPLATE + "&";

 				iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";

-				iFrameURL += "useMandate=" + checkBox.checked ;

+				iFrameURL += "useMandate=" + document.getElementById("useMandate").value;

 			

 		 		var iframe = document.createElement("iframe");

 		        iframe.setAttribute("src", iFrameURL);

@@ -78,17 +83,24 @@
         	function bkuHandyClicked() {

 	        	document.getElementById("localBKU").style.display="none";

     	    	

+				document.getElementById("useMandate").value = "false";

+				var checkbox = document.getElementById("mandateCheckBox")

+				if (checkbox !=  null) {

+					if (document.getElementById("mandateCheckBox").checked) {

+						document.getElementById("useMandate").value = "true";

+					}

+				}

+				

 				// set values for Handy Signatur

 		        var el = document.getElementById("bkulogin");

 	    	    var parent = el.parentNode;

 

-				var checkBox = document.getElementById("mandateCheckBox");				

+				

 				var iFrameURL = "iframeHandyBKU.html" + "?";

 				iFrameURL += "Template=" + URL_TO_HANDYSIGNATUR_TEMPLATE + "&";

 				iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";

-				iFrameURL += "useMandate=" + checkBox.checked ;

+				iFrameURL += "useMandate=" + document.getElementById("useMandate").value;

 

-		         

 	        	var iframe = document.createElement("iframe");

 		        iframe.setAttribute("src", iFrameURL);

 	    	    iframe.setAttribute("width", "220"); 

@@ -136,9 +148,12 @@
                         <div id="bkuhandy" class="hell">

                             <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>

                         </div> 

-                        <div id="mandate">

-                    		<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>

+                        

+                        <!-- [OPTIONAL] Um die Anmeldung mit Vollmachten auszublenden, kommentieren Sie das folgende div (mandate) aus -->

+						<div id="mandate">

+	                   		<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>

                         </div>

+

                     </div>

                     

 					

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index b1418fb0b..8dd49e2d7 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -39,63 +39,10 @@
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
 				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
+				<!--<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>-->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -104,11 +51,28 @@
 			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
-				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
+		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+		<!-- <OnlineMandates> -->
+			<!-- Echtsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+			<!-- Testsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
+			<!-- </ConnectionParameter> -->
+			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- </OnlineMandates> -->
+
+		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -132,6 +96,14 @@
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
 			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+			
+			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+			<!--<Mandates>-->
+				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--			</Mandates>-->
 		</AuthComponent>
 	</OnlineApplication>
 	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
@@ -151,7 +123,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 0f09ff7d5..11b794888 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -43,60 +43,8 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
-		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+
+<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
@@ -104,11 +52,27 @@
 			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
-				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
+		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+		<!-- <OnlineMandates> -->
+			<!-- Echtsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+			<!-- Testsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
+			<!-- </ConnectionParameter> -->
+			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- </OnlineMandates> -->
+
 	</AuthComponent>
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
 	<ProxyComponent>
@@ -142,6 +106,13 @@
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
 			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+			<!--<Mandates>-->
+				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--			</Mandates>-->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
@@ -171,7 +142,10 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
+
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index fd565b538..80c7a8dfd 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -44,64 +44,6 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -115,6 +57,22 @@
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
+		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+		<!-- <OnlineMandates> -->
+			<!-- Echtsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+			<!-- Testsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
+			<!-- </ConnectionParameter> -->
+			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- </OnlineMandates> -->
+		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
@@ -138,6 +96,13 @@
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
 			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+						<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+			<!-- <Mandates> -->
+				<!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann-->
+				<!--<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+			<!--</Mandates> -->
 		</AuthComponent>
 	</OnlineApplication>
 	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
@@ -159,6 +124,7 @@
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 	<!-- Vertrauenswürdige Bürgerkartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index b3c655155..dd207f76d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -44,77 +44,36 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
 			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-			
+						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
-				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
+		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+		<!-- <OnlineMandates> -->
+			<!-- Echtsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+			<!-- Testsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
+			<!-- </ConnectionParameter> -->
+			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- </OnlineMandates> -->
+		
+		
 	</AuthComponent>
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
 	<ProxyComponent>
@@ -148,6 +107,13 @@
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
 			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+			<!--<Mandates>-->
+				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--			</Mandates>-->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
@@ -177,7 +143,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 3f1d95562..3d062900d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -43,70 +43,20 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
-		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
 			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-			
+						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
-				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -154,7 +104,10 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+		<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
+
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index e381d9bda..c8c88c22d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -43,57 +43,6 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -174,7 +123,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index f1202a542..225270f5b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -49,57 +49,6 @@
 		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
 		<!--/IdentityLinkSigners-->
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -160,7 +109,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 068ab90b1..4f2a5977c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -44,62 +44,6 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -180,7 +124,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
index fd6004811..7fae15b7c 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -1,6 +1,7 @@
 <sl10:TransformsInfo>

 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">

+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">

+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">

 				<xsl:output method="xml" xml:space="default"/>

 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">

 					<html>

@@ -12,139 +13,156 @@
 								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 

 								.h4style{ font-size: large; font-family: Verdana; }                                                                                      

               				</style>

-              			</head>

-						<body>																					

-							<h4 class="h4style">Anmeldedaten:</h4>																					

-							

-							<p class="titlestyle">Daten zur Person</p>																					

-							<table class="parameters">                		    						

+						</head>

+						<body>

+							<h4 class="h4style">Anmeldedaten:</h4>

+							<p class="titlestyle">Daten zur Person</p>

+							<table class="parameters">

 								<xsl:if test="normalize-space(//@Issuer)">

-			      						<tr>

-			      							<td class="italicstyle">Name:</td>

-			      							<td class="normalstyle">

-			      								<xsl:value-of select="//@Issuer"/>

-			      							</td>

-			      						</tr>

-		      						</xsl:if>

-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">

-			      						<tr>

-			      							<td class="italicstyle">Geburtsdatum:</td>

-			      							<td class="normalstyle">

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>

-			      								<xsl:text>.</xsl:text>

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>

-			      								<xsl:text>.</xsl:text>

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>

-			      							</td>

-			      						</tr>

-			      					</xsl:if>

-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

-			      						<tr>

-			      							<td class="italicstyle">Rolle:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>

-			      						</tr>

-			      					</xsl:if>

+									<tr>

+										<td class="italicstyle">Name:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//@Issuer"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">

+									<tr>

+										<td class="italicstyle">Geburtsdatum:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>

+											<xsl:text>.</xsl:text>

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>

+											<xsl:text>.</xsl:text>

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

+									<tr>

+										<td class="italicstyle">Rolle:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">

+									<tr>

+										<td class="italicstyle">Vollmacht:</td>

+										<td class="normalstyle">

+											<xsl:text>Ich bin weiters ermächtigt als </xsl:text>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>

+											<xsl:text> von </xsl:text>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>

+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">

+												<xsl:text>, geboren am </xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>

+												<xsl:text>.</xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>

+												<xsl:text>.</xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>

+											</xsl:if>

+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">

+												<xsl:text>, </xsl:text>

+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>

+											</xsl:if>

+											<xsl:text>, in deren Auftrag zu handeln.</xsl:text>

+										</td>

+									</tr>

+								</xsl:if>

 							</table>

-							

-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">

-								<hr/>								

-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 

-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>

-									<xsl:text> von </xsl:text>

-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>

-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">

-										<xsl:text>, geboren am </xsl:text> 

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>

-										<xsl:text>.</xsl:text>

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>

-										<xsl:text>.</xsl:text>

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>

-									</xsl:if>

-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">

-										<xsl:text>, </xsl:text>

-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>

-									</xsl:if>

-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																

-								<p/>

-							</xsl:if>

-														                

-              <p class="titlestyle">Daten zur Anwendung</p>     																												

-							<table class="parameters">							  

-                <tr>

-		      							<td class="italicstyle">Name:</td>

-		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>

-								</tr>								

-		    						<tr>

-		      							<td class="italicstyle">Staat:</td>

-		      							<td class="normalstyle">Österreich</td>

-		    						</tr>        																

-							</table>													

-														

-							<p class="titlestyle">Technische Parameter</p>     	

-							<table class="parameters">														 

+							<p class="titlestyle">Daten zur Anwendung</p>

+							<table class="parameters">

+								<tr>

+									<td class="italicstyle">Name:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>

+									</td>

+								</tr>

+								<tr>

+									<td class="italicstyle">Staat:</td>

+									<td class="normalstyle">Österreich</td>

+								</tr>

+							</table>

+							<p class="titlestyle">Technische Parameter</p>

+							<table class="parameters">

 								<tr>

-		    							<td class="italicstyle">URL:</td>

-		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>

+									<td class="italicstyle">URL:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>

+									</td>

 								</tr>

 								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">

-			      						<tr>

-			      							<td class="italicstyle">Bereich:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>

-			      						</tr>

-      								</xsl:if>

-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">

-			      						<tr>

-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>

-			      						</tr>

-      								</xsl:if>    

-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">

-			      						<tr>    						

-			      							<td class="italicstyle">Identifikator:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

-			      							</td>			      															

-			      						</tr>

-		    						</xsl:if>  

-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">

-			      						<tr>    						

-			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															

-			      						</tr>

-		    						</xsl:if>		    						

-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

-			      						<tr>

-			      							<td class="italicstyle">OID:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>

-			      						</tr>

-			      					</xsl:if> 

+									<tr>

+										<td class="italicstyle">Bereich:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">

+									<tr>

+										<td class="italicstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">

+									<tr>

+										<td class="italicstyle">Identifikator:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">

+									<tr>

+										<td class="italicstyle">Identifikator des Vollmachtgebers:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

+									<tr>

+										<td class="italicstyle">OID:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

 								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">

-			      						<tr>

-			      							<td class="italicstyle">HPI:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>

-			      						</tr>

-								</xsl:if>     

+									<tr>

+										<td class="italicstyle">HPI:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

 								<tr>

-		    							<td class="italicstyle">Datum:</td>

-		    							<td class="normalstyle">

-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>

-		    								<xsl:text>.</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>

-		    								<xsl:text>.</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>

-		    							</td>

-		    						</tr>

-		    						<tr>

-		    							<td class="italicstyle">Uhrzeit:</td>

-		    							<td class="normalstyle">

-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>

-		    								<xsl:text>:</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>

-		    								<xsl:text>:</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>

-		    							</td>

-    								</tr>

-							</table>																																			

+									<td class="italicstyle">Datum:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>

+										<xsl:text>.</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>

+										<xsl:text>.</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>

+									</td>

+								</tr>

+								<tr>

+									<td class="italicstyle">Uhrzeit:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>

+										<xsl:text>:</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>

+										<xsl:text>:</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>

+									</td>

+								</tr>

+							</table>

 						</body>

 					</html>

 				</xsl:template>

diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
index 4e2b9444c..17691ca8d 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -1,6 +1,7 @@
 <sl10:TransformsInfo>

 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">

+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">

+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">

 				<xsl:output method="xml" xml:space="default"/>

 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">

 					<html>

@@ -13,138 +14,155 @@
 								.h4style{ font-size: large; font-family: Verdana; }                                                                                      

               				</style>

 						</head>

-						<body>																					

-							<h4 class="h4style">Authentication Data:</h4>																					

-							

-							<p class="titlestyle">Personal Data</p>																					

-							<table class="parameters">                		    						

+						<body>

+							<h4 class="h4style">Authentication Data:</h4>

+							<p class="titlestyle">Personal Data</p>

+							<table class="parameters">

 								<xsl:if test="normalize-space(//@Issuer)">

-			      						<tr>

-			      							<td class="italicstyle">Name:</td>

-			      							<td class="normalstyle">

-			      								<xsl:value-of select="//@Issuer"/>

-			      							</td>

-			      						</tr>

-		      						</xsl:if>

-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">

-			      						<tr>

-			      							<td class="italicstyle">Date of Birth:</td>

-			      							<td class="normalstyle">

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>

-			      								<xsl:text>.</xsl:text>

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>

-			      								<xsl:text>.</xsl:text>

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>

-			      							</td>

-			      						</tr>

-			      					</xsl:if>

-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

-			      						<tr>

-			      							<td class="italicstyle">Role:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>

-			      						</tr>

-			      					</xsl:if>

+									<tr>

+										<td class="italicstyle">Name:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//@Issuer"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">

+									<tr>

+										<td class="italicstyle">Date of Birth:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>

+											<xsl:text>.</xsl:text>

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>

+											<xsl:text>.</xsl:text>

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

+									<tr>

+										<td class="italicstyle">Role:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">

+									<tr>

+										<td class="italicstyle">Mandate:</td>

+										<td class="normalstyle">

+											<xsl:text>I am also authorized as </xsl:text>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>

+											<xsl:text> of </xsl:text>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>

+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">

+												<xsl:text>, born on </xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>

+												<xsl:text>.</xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>

+												<xsl:text>.</xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>

+											</xsl:if>

+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">

+												<xsl:text>, </xsl:text>

+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>

+											</xsl:if>

+											<xsl:text>, to act on their behalf.</xsl:text>

+										</td>

+									</tr>

+								</xsl:if>

 							</table>

-							

-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">

-								<hr/>								

-									<xsl:text>I am also authorized as </xsl:text> 

-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>

-									<xsl:text> of </xsl:text>

-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>

-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">

-										<xsl:text>, born on </xsl:text> 

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>

-										<xsl:text>.</xsl:text>

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>

-										<xsl:text>.</xsl:text>

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>

-									</xsl:if>

-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">

-										<xsl:text>, </xsl:text>

-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>

-									</xsl:if>

-									<xsl:text>, to act on their behalf.</xsl:text>																

-								<p/>

-							</xsl:if>

-														                

-              <p class="titlestyle">Application Data</p>     																												

-							<table class="parameters">							  

-                <tr>

-		      							<td class="italicstyle">Name:</td>

-		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>

-								</tr>								

-		    						<tr>

-		      							<td class="italicstyle">Country:</td>

-		      							<td class="normalstyle">Austria</td>

-		    						</tr>        																

-							</table>													

-														

-							<p class="titlestyle">Technical Parameters</p>     	

-							<table class="parameters">														 

+							<p class="titlestyle">Application Data</p>

+							<table class="parameters">

+								<tr>

+									<td class="italicstyle">Name:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>

+									</td>

+								</tr>

+								<tr>

+									<td class="italicstyle">Country:</td>

+									<td class="normalstyle">Austria</td>

+								</tr>

+							</table>

+							<p class="titlestyle">Technical Parameters</p>

+							<table class="parameters">

 								<tr>

-		    							<td class="italicstyle">URL:</td>

-		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>

+									<td class="italicstyle">URL:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>

+									</td>

 								</tr>

 								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">

-			      						<tr>

-			      							<td class="italicstyle">Sector:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>

-			      						</tr>

-      								</xsl:if>

-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">

-			      						<tr>

-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>

-			      						</tr>

-      								</xsl:if>    

-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">

-			      						<tr>    						

-			      							<td class="italicstyle">Identifier:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

-			      							</td>			      															

-			      						</tr>

-		    						</xsl:if>  

-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">

-			      						<tr>    						

-			      							<td class="italicstyle">Identifier of the principal:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															

-			      						</tr>

-		    						</xsl:if>		    						

-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

-			      						<tr>

-			      							<td class="italicstyle">OID:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>

-			      						</tr>

-			      					</xsl:if> 

+									<tr>

+										<td class="italicstyle">Sector:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">

+									<tr>

+										<td class="italicstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">

+									<tr>

+										<td class="italicstyle">Identifier:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">

+									<tr>

+										<td class="italicstyle">Identifier of the principal:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

+									<tr>

+										<td class="italicstyle">OID:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

 								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">

-			      						<tr>

-			      							<td class="italicstyle">HPI:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>

-			      						</tr>

-								</xsl:if>     

+									<tr>

+										<td class="italicstyle">HPI:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

 								<tr>

-		    							<td class="italicstyle">Date:</td>

-		    							<td class="normalstyle">

-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>

-		    								<xsl:text>.</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>

-		    								<xsl:text>.</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>

-		    							</td>

-		    						</tr>

-		    						<tr>

-		    							<td class="italicstyle">Time:</td>

-		    							<td class="normalstyle">

-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>

-		    								<xsl:text>:</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>

-		    								<xsl:text>:</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>

-		    							</td>

-    								</tr>

-							</table>																																			

+									<td class="italicstyle">Date:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>

+										<xsl:text>.</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>

+										<xsl:text>.</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>

+									</td>

+								</tr>

+								<tr>

+									<td class="italicstyle">Time:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>

+										<xsl:text>:</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>

+										<xsl:text>:</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>

+									</td>

+								</tr>

+							</table>

 						</body>

 					</html>

 				</xsl:template>

diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
index db638d545..24b0bfc38 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>

 <VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">

 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">

+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">

+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">

 				<xsl:output method="xml" xml:space="default"/>

 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">

 					<html>

@@ -13,139 +14,156 @@
 								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 

 								.h4style{ font-size: large; font-family: Verdana; }                                                                                      

               				</style>

-              			</head>

-						<body>																					

-							<h4 class="h4style">Anmeldedaten:</h4>																					

-							

-							<p class="titlestyle">Daten zur Person</p>																					

-							<table class="parameters">                		    						

+						</head>

+						<body>

+							<h4 class="h4style">Anmeldedaten:</h4>

+							<p class="titlestyle">Daten zur Person</p>

+							<table class="parameters">

 								<xsl:if test="normalize-space(//@Issuer)">

-			      						<tr>

-			      							<td class="italicstyle">Name:</td>

-			      							<td class="normalstyle">

-			      								<xsl:value-of select="//@Issuer"/>

-			      							</td>

-			      						</tr>

-		      						</xsl:if>

-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">

-			      						<tr>

-			      							<td class="italicstyle">Geburtsdatum:</td>

-			      							<td class="normalstyle">

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>

-			      								<xsl:text>.</xsl:text>

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>

-			      								<xsl:text>.</xsl:text>

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>

-			      							</td>

-			      						</tr>

-			      					</xsl:if>

-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

-			      						<tr>

-			      							<td class="italicstyle">Rolle:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>

-			      						</tr>

-			      					</xsl:if>

+									<tr>

+										<td class="italicstyle">Name:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//@Issuer"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">

+									<tr>

+										<td class="italicstyle">Geburtsdatum:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>

+											<xsl:text>.</xsl:text>

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>

+											<xsl:text>.</xsl:text>

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

+									<tr>

+										<td class="italicstyle">Rolle:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">

+									<tr>

+										<td class="italicstyle">Vollmacht:</td>

+										<td class="normalstyle">

+											<xsl:text>Ich bin weiters ermächtigt als </xsl:text>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>

+											<xsl:text> von </xsl:text>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>

+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">

+												<xsl:text>, geboren am </xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>

+												<xsl:text>.</xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>

+												<xsl:text>.</xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>

+											</xsl:if>

+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">

+												<xsl:text>, </xsl:text>

+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>

+											</xsl:if>

+											<xsl:text>, in deren Auftrag zu handeln.</xsl:text>

+										</td>

+									</tr>

+								</xsl:if>

 							</table>

-							

-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">

-								<hr/>								

-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 

-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>

-									<xsl:text> von </xsl:text>

-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>

-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">

-										<xsl:text>, geboren am </xsl:text> 

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>

-										<xsl:text>.</xsl:text>

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>

-										<xsl:text>.</xsl:text>

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>

-									</xsl:if>

-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">

-										<xsl:text>, </xsl:text>

-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>

-									</xsl:if>

-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																

-								<p/>

-							</xsl:if>

-														                

-              <p class="titlestyle">Daten zur Anwendung</p>     																												

-							<table class="parameters">							  

-                <tr>

-		      							<td class="italicstyle">Name:</td>

-		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>

-								</tr>								

-		    						<tr>

-		      							<td class="italicstyle">Staat:</td>

-		      							<td class="normalstyle">Österreich</td>

-		    						</tr>        																

-							</table>													

-														

-							<p class="titlestyle">Technische Parameter</p>     	

-							<table class="parameters">														 

+							<p class="titlestyle">Daten zur Anwendung</p>

+							<table class="parameters">

+								<tr>

+									<td class="italicstyle">Name:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>

+									</td>

+								</tr>

+								<tr>

+									<td class="italicstyle">Staat:</td>

+									<td class="normalstyle">Österreich</td>

+								</tr>

+							</table>

+							<p class="titlestyle">Technische Parameter</p>

+							<table class="parameters">

 								<tr>

-		    							<td class="italicstyle">URL:</td>

-		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>

+									<td class="italicstyle">URL:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>

+									</td>

 								</tr>

 								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">

-			      						<tr>

-			      							<td class="italicstyle">Bereich:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>

-			      						</tr>

-      								</xsl:if>

-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">

-			      						<tr>

-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>

-			      						</tr>

-      								</xsl:if>    

-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">

-			      						<tr>    						

-			      							<td class="italicstyle">Identifikator:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

-			      							</td>			      															

-			      						</tr>

-		    						</xsl:if>  

-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">

-			      						<tr>    						

-			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															

-			      						</tr>

-		    						</xsl:if>		    						

-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

-			      						<tr>

-			      							<td class="italicstyle">OID:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>

-			      						</tr>

-			      					</xsl:if> 

+									<tr>

+										<td class="italicstyle">Bereich:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">

+									<tr>

+										<td class="italicstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">

+									<tr>

+										<td class="italicstyle">Identifikator:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">

+									<tr>

+										<td class="italicstyle">Identifikator des Vollmachtgebers:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

+									<tr>

+										<td class="italicstyle">OID:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

 								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">

-			      						<tr>

-			      							<td class="italicstyle">HPI:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>

-			      						</tr>

-								</xsl:if>     

+									<tr>

+										<td class="italicstyle">HPI:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

 								<tr>

-		    							<td class="italicstyle">Datum:</td>

-		    							<td class="normalstyle">

-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>

-		    								<xsl:text>.</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>

-		    								<xsl:text>.</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>

-		    							</td>

-		    						</tr>

-		    						<tr>

-		    							<td class="italicstyle">Uhrzeit:</td>

-		    							<td class="normalstyle">

-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>

-		    								<xsl:text>:</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>

-		    								<xsl:text>:</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>

-		    							</td>

-    								</tr>

-							</table>																																			

+									<td class="italicstyle">Datum:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>

+										<xsl:text>.</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>

+										<xsl:text>.</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>

+									</td>

+								</tr>

+								<tr>

+									<td class="italicstyle">Uhrzeit:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>

+										<xsl:text>:</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>

+										<xsl:text>:</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>

+									</td>

+								</tr>

+							</table>

 						</body>

 					</html>

 				</xsl:template>

@@ -153,4 +171,4 @@
 		</dsig:Transform>

 		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>

 	</dsig:Transforms>

-	</VerifyTransformsInfoProfile>

+</VerifyTransformsInfoProfile>

diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
index 6db367871..207296d52 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>

 <VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">

 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">

+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">

+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">

 				<xsl:output method="xml" xml:space="default"/>

 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">

 					<html>

@@ -14,138 +15,155 @@
 								.h4style{ font-size: large; font-family: Verdana; }                                                                                      

               				</style>

 						</head>

-						<body>																					

-							<h4 class="h4style">Authentication Data:</h4>																					

-							

-							<p class="titlestyle">Personal Data</p>																					

-							<table class="parameters">                		    						

+						<body>

+							<h4 class="h4style">Authentication Data:</h4>

+							<p class="titlestyle">Personal Data</p>

+							<table class="parameters">

 								<xsl:if test="normalize-space(//@Issuer)">

-			      						<tr>

-			      							<td class="italicstyle">Name:</td>

-			      							<td class="normalstyle">

-			      								<xsl:value-of select="//@Issuer"/>

-			      							</td>

-			      						</tr>

-		      						</xsl:if>

-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">

-			      						<tr>

-			      							<td class="italicstyle">Date of Birth:</td>

-			      							<td class="normalstyle">

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>

-			      								<xsl:text>.</xsl:text>

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>

-			      								<xsl:text>.</xsl:text>

-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>

-			      							</td>

-			      						</tr>

-			      					</xsl:if>

-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

-			      						<tr>

-			      							<td class="italicstyle">Role:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>

-			      						</tr>

-			      					</xsl:if>

+									<tr>

+										<td class="italicstyle">Name:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//@Issuer"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">

+									<tr>

+										<td class="italicstyle">Date of Birth:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>

+											<xsl:text>.</xsl:text>

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>

+											<xsl:text>.</xsl:text>

+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

+									<tr>

+										<td class="italicstyle">Role:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">

+									<tr>

+										<td class="italicstyle">Mandate:</td>

+										<td class="normalstyle">

+											<xsl:text>I am also authorized as </xsl:text>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>

+											<xsl:text> of </xsl:text>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>

+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">

+												<xsl:text>, born on </xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>

+												<xsl:text>.</xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>

+												<xsl:text>.</xsl:text>

+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>

+											</xsl:if>

+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">

+												<xsl:text>, </xsl:text>

+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>

+											</xsl:if>

+											<xsl:text>, to act on their behalf.</xsl:text>

+										</td>

+									</tr>

+								</xsl:if>

 							</table>

-							

-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">

-								<hr/>								

-									<xsl:text>I am also authorized as </xsl:text> 

-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>

-									<xsl:text> of </xsl:text>

-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>

-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">

-										<xsl:text>, born on </xsl:text> 

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>

-										<xsl:text>.</xsl:text>

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>

-										<xsl:text>.</xsl:text>

-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>

-									</xsl:if>

-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">

-										<xsl:text>, </xsl:text>

-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>

-									</xsl:if>

-									<xsl:text>, to act on their behalf.</xsl:text>																

-								<p/>

-							</xsl:if>

-														                

-              <p class="titlestyle">Application Data</p>     																												

-							<table class="parameters">							  

-                <tr>

-		      							<td class="italicstyle">Name:</td>

-		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>

-								</tr>								

-		    						<tr>

-		      							<td class="italicstyle">Country:</td>

-		      							<td class="normalstyle">Austria</td>

-		    						</tr>        																

-							</table>													

-														

-							<p class="titlestyle">Technical Parameters</p>     	

-							<table class="parameters">														 

+							<p class="titlestyle">Application Data</p>

+							<table class="parameters">

+								<tr>

+									<td class="italicstyle">Name:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>

+									</td>

+								</tr>

+								<tr>

+									<td class="italicstyle">Country:</td>

+									<td class="normalstyle">Austria</td>

+								</tr>

+							</table>

+							<p class="titlestyle">Technical Parameters</p>

+							<table class="parameters">

 								<tr>

-		    							<td class="italicstyle">URL:</td>

-		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>

+									<td class="italicstyle">URL:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>

+									</td>

 								</tr>

 								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">

-			      						<tr>

-			      							<td class="italicstyle">Sector:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>

-			      						</tr>

-      								</xsl:if>

-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">

-			      						<tr>

-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>

-			      						</tr>

-      								</xsl:if>    

-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">

-			      						<tr>    						

-			      							<td class="italicstyle">Identifier:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

-			      							</td>			      															

-			      						</tr>

-		    						</xsl:if>  

-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">

-			      						<tr>    						

-			      							<td class="italicstyle">Identifier of the principal:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															

-			      						</tr>

-		    						</xsl:if>		    						

-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

-			      						<tr>

-			      							<td class="italicstyle">OID:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>

-			      						</tr>

-			      					</xsl:if> 

+									<tr>

+										<td class="italicstyle">Sector:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">

+									<tr>

+										<td class="italicstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">

+									<tr>

+										<td class="italicstyle">Identifier:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">

+									<tr>

+										<td class="italicstyle">Identifier of the principal:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>

+										</td>

+									</tr>

+								</xsl:if>

+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">

+									<tr>

+										<td class="italicstyle">OID:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

 								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">

-			      						<tr>

-			      							<td class="italicstyle">HPI:</td>

-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>

-			      						</tr>

-								</xsl:if>     

+									<tr>

+										<td class="italicstyle">HPI:</td>

+										<td class="normalstyle">

+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>

+										</td>

+									</tr>

+								</xsl:if>

 								<tr>

-		    							<td class="italicstyle">Date:</td>

-		    							<td class="normalstyle">

-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>

-		    								<xsl:text>.</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>

-		    								<xsl:text>.</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>

-		    							</td>

-		    						</tr>

-		    						<tr>

-		    							<td class="italicstyle">Time:</td>

-		    							<td class="normalstyle">

-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>

-		    								<xsl:text>:</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>

-		    								<xsl:text>:</xsl:text>

-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>

-		    							</td>

-    								</tr>

-							</table>																																			

+									<td class="italicstyle">Date:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>

+										<xsl:text>.</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>

+										<xsl:text>.</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>

+									</td>

+								</tr>

+								<tr>

+									<td class="italicstyle">Time:</td>

+									<td class="normalstyle">

+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>

+										<xsl:text>:</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>

+										<xsl:text>:</xsl:text>

+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>

+									</td>

+								</tr>

+							</table>

 						</body>

 					</html>

 				</xsl:template>

@@ -153,4 +171,4 @@
 		</dsig:Transform>

 		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>

 	</dsig:Transforms>

-	</VerifyTransformsInfoProfile>

+</VerifyTransformsInfoProfile>

diff --git a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
index 9078bab98..c5d6f0b07 100644
--- a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
@@ -190,7 +190,7 @@
 				<xsd:element name="TrustedBKUs" minOccurs="0">

 					<xsd:complexType>

 						<xsd:sequence>

-							<xsd:element name="BKUURL" maxOccurs="unbounded" type="xsd:anyURI"/>

+							<xsd:element name="BKUURL" type="xsd:anyURI" maxOccurs="unbounded"/>

 						</xsd:sequence>

 					</xsd:complexType>

 				</xsd:element>

@@ -277,7 +277,18 @@
 					<xsd:sequence>

 						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

 							<xsd:annotation>

-								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>

+								<xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="OnlineMandates" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zum Online-Vollmachten-Service</xsd:documentation>

 							</xsd:annotation>

 						</xsd:element>

 					</xsd:sequence>

diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 31500f6f0..7192f02e2 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -239,14 +239,17 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
                           <td width="59%"><b>JDK (SDK)</b> </td>
                           <td width="41%"><p>min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
                           1.4.2</a><br/>
-						  <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a></p>
+						  <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a><br/>
+                          <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">1.6.0</a>
+                          </p>
                           </td>
                         </tr>
                         <tr>
                           <td width="59%" height="21"><b>Tomcat</b></td>
                           <td width="41%" height="21">
                             <p><a href="http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.31/bin/jakarta-tomcat-4.1.31.zip">4.1.31</a><br/>
-							<a href="http://gd.tuwien.ac.at/infosys/servers/http/apache/dist/tomcat/tomcat-5/v5.0.28/bin/jakarta-tomcat-5.0.28.zip">5.0.28</a></p>
+							<a href="http://tomcat.apache.org/download-55.cgi">5.5.x</a><br/>
+                            <a href="http://tomcat.apache.org/download-60.cgi">6.0.x</a></p>
                           </td>
                         </tr>
                         <tr>
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 12e445fe2..2b3ade1ed 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -120,8 +120,9 @@ Unterschiede sind in der Installationsanweisung angef&uuml;hrt.
               der Download-Seite des jeweiligen JDK in der Sektion "Other
               Downloads". D.h. JDK <a href="http://java.sun.com/j2se/1.4.0/download.html">
               hier f&uuml;r 1.4.0</a>, das JDK <a href="http://java.sun.com/j2se/1.4.2/download.html">hier
-              f&uuml;r 1.4.2</a> bzw. das JDK <a href="http://java.sun.com/j2se/1.5.0/download.html">hier
-              f&uuml;r 1.5.0</a>.</p>
+              f&uuml;r 1.4.2</a>, das JDK <a href="http://java.sun.com/j2se/1.5.0/download.html">hier
+              f&uuml;r 1.5.0</a> bzw. das JDK <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">hier
+              f&uuml;r 1.6.0</a></p>
       </div>
 
 </td></tr></table>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 4268565c0..bc4709f02 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -80,6 +80,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 <a href="#MOA-SP">&nbsp;&nbsp;MOA-SP</a><br />
 <a href="#IdentityLinkSigners">&nbsp;&nbsp;IdentityLinkSigners</a><br />
 <a href="#VerifyInfoboxesAuth">&nbsp;&nbsp;VerifyInfoboxes</a><br />
+<a href="#ForeignIdentitiesAuth">&nbsp;&nbsp;ForeignIdentities</a><br />
+<a href="#AuthComponent_OnlineMandates">&nbsp;&nbsp;OnlineMandates</a><br />
 <a href="#ProxyComponent">ProxyComponent</a><br />
 <a href="#OnlineApplication">OnlineApplication</a><br />
 <a href="#OnlineApplication/AuthComponent">&nbsp;&nbsp;AuthComponent</a><br />
@@ -125,9 +127,6 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
             <a href="../MOA-ID-Configuration-1.5.0.xsd" target="_new">MOA-ID-Configuration-1.5.0.xsd</a> entspricht, durchgef&uuml;hrt.
         <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
             der Web-Applikation in Tomcat</a> beschrieben.
-          <p /> @TODO Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
-            <a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a>
-            zeigt ein Beispiel f&uuml;r eine umfassende Konfigurationsdatei. </p>
           <p>Enth&auml;lt die Konfigurationsdatei relative Pfadangaben, werden
             diese relativ zum Verzeichnis, in dem sich die MOA-ID Konfigurationsdatei
             befindet, interpretiert.<br>
@@ -187,8 +186,9 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                 <li><tt>IdentityLinkSigners</tt></li>
                 <li><tt>VerifyInfoboxes</tt> (optional ab Version 1.4)</li>
                 <li><tt>ForeignIdentities</tt></li>
+                <li><tt>OnlineMandates</tt></li>
               </ul>
-      <p></p>
+<p></p>
               <div id="BKUSelection" />
                 <p id="block"> <b>AuthComponent/BKUSelection</b> <br />
                   Das optionale Element <tt>BKUSelection</tt> enth&auml;lt Parameter
@@ -529,9 +529,15 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                       <a href="#VerifyInfoboxesOA">OnlineApplication/AuthComponent/VerifyInfoboxes</a>.
                       <br />
                   </p>
+                                  <div id="ForeignIdentitiesAuth" />
                     <p><b>AuthComponent/ForeignIdentities</b> <br />
-Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
+Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft  oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
                     </p>
+                    <p><b><div id="AuthComponent_OnlineMandates">AuthComponent/OnlineMandates</div></b> <br />
+Ab Version 1.5.0 bietet MOA-ID die M&ouml;glichkeit der Nutzung von Online-Vollmachten f&uuml;r Anwendungen aus dem &ouml;ffentlichen Bereich. Hierf&uuml;r ist ein Online-Vollmachten-Service n&ouml;tig. Es ist hierzu ein ensprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Online-Vollmachten-Service bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Online-Vollmachten-Service bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Service angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
+Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu aktivieren, m&uuml;ssen Sie das Vollmachten Profil angeben - siehe <a href="#OnlineApplication/AuthComponent/Mandates">hier</a>.
+
+      </p>
 <p id="block"> <b>ProxyComponent</b> <br />
                           <tt>ProxyComponent</tt> enth&auml;lt Parameter, die
                           nur die MOA-ID Proxykomponente betreffen. Das Element
@@ -923,7 +929,16 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
                             <br />
                           </p>
                         </div>
-                            </p>
+                        
+                        <div id="OnlineApplication/AuthComponent/Mandates" />
+                            <p id="block"> <b>OnlineApplication/AuthComponent/Mandates</b>
+                              <br />
+                              Mit Hilfe diese Elements werden die Online-Vollmachten f&uuml;r die Online-Applikation aktiviert. 
+                              Als Kindelement muss <tt>Profiles</tt> angegeben werden. Diese Element beinhaltet eine (Komma-separierte)
+                              Liste von Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann.<br/>
+                              Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren - siehe <a href="#AuthComponent_OnlineMandates">hier</a>                              
+</p>                            
+                            
                             </div>
                             <div id="OnlineApplication/ProxyComponent" />
                               <p id="block"> <b>OnlineApplication/ProxyComponent</b>
@@ -1159,7 +1174,7 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
                                     <p id="block"> <b>TrustedBKUs</b><br />
                                       Das Element <tt>TrustedBKUs</tt>
                                       erm&ouml;glicht das Setzen von vertrauensw&uuml;rdigen B&uuml;rgerkartenumgebungen.
-                                      In den <tt>BKUURL</tt> Unterelement werden die vertrauensw&uuml;rdigen URLs eingetragen. Diese Liste an URL wird mit dem Parameter bkuURI abgeglichen. Lokale B&uuml;rgerkartenumgebungn m&uuml;ssen nicht eingetragen werden - diesen wird automatisch vertraut.
+                                      In <tt>BKUURL</tt> Unterelementen werden die vertrauensw&uuml;rdigen URLs eingetragen. Diese Liste an URL wird mit dem Parameter bkuURI abgeglichen. Lokale B&uuml;rgerkartenumgebungn m&uuml;ssen nicht eingetragen werden - diesen wird automatisch vertraut.
 </p>
 </div>
                                 </div>
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index 637d28253..041cd437a 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -73,13 +73,14 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 Der Aufruf erfolgt durch einen Verweis der Form: </div>
 <pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
 StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
-&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&quot;&gt;</pre>
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&amp;useMandate=false&quot;&gt;</pre>
 <table border="1"><tbody valign="baseline">
 <tr>
 <td id="klein">&lt;moa-id-server-und-pfad&gt;</td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td>
 </tr>
 <tr>
-<td id="klein">Target=&lt;gesch&auml;ftsbereich&gt;</td><td id="klein">Angabe, f&uuml;r welches Verfahren der Benutzer authentisiert werden soll (siehe TODO: Link auf Verzeichnis der Gesch&auml;ftsbereich)</td>
+<td id="klein">Target=&lt;gesch&auml;ftsbereich&gt;</td>
+<td id="klein">Angabe, f&uuml;r welches Verfahren der Benutzer authentisiert werden soll</td>
 </tr>
 <tr>
 <td id="klein">OA=&lt;oa-url&gt;</td><td id="klein">Webseite, auf die der Browser nach erfolgter Authentisierung weitergeleitet werden soll</td>
@@ -87,7 +88,12 @@ StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
 <tr>
 <td id="klein">Template=&lt;template-url&gt;</td><td id="klein">optional; HTML-Vorlage f&uuml;r der Anmeldeseite von MOA-ID-AUTH, &uuml;ber die der B&uuml;rger den Authentisierungsvorgang startet. &Uuml;ber diesen Parameter kann das Aussehen der Anmeldeseite an das Aussehen der Online-Applikation angepasst werden.</td>
 </tr>
-</tbody></table>
+<tr>
+  <td id="klein">useMandate=&lt;true/false&gt;</td>
+  <td id="klein">optional; Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgef&uuml;hrt werden soll (=true) oder nicht (=false);</td>
+</tr>
+</tbody>
+</table>
 <br/><br/>
 
 <div id="block">
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 3694bb0f3..e0da90e98 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -230,8 +230,14 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
 <div id="subtitel">Erg&auml;nzung f&uuml;r ausl&auml;ndische B&uuml;rger</div>
 <div id="block">
   <p>Ab der MOA Release 1.4.7 ist es m&ouml;glich, dass sich auch ausl&auml;ndische B&uuml;rger mittels MOA-ID einloggen k&ouml;nnen. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausl&auml;ndischen B&uuml;rgers eine Eintragung im Erg&auml;nzungsregister f&uuml;r nat&uuml;rliche Personen gem&auml;&szlig; E-Government Gesetz &sect;6(5) vornimmt. Somit ist es m&ouml;glich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. </p>
-  <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungseigenschaft versehen sind, akzeptiert. </p>
+  <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
   </div>
+  
+  <div id="subtitel">Online-Vollmachten</div>
+<div id="block">
+  <p>Ab der MOA Release 1.5.0 werden Online-Vollmachten (f&uuml;r Anwendungen aus dem &ouml;ffentlichen Bereich) unterst&uuml;tzt. Hierzu werden diese Vollmachten &uuml;ber eine Online-Vollmachten-Service ausgew&auml;hlt. Der Zugang zu diesem Online-Vollmachten Service ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
+</div>
+
 </td></tr></table>
 
 <br /><br />
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 6553182b4..eb21c2fd3 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -121,11 +121,11 @@
 			<groupId>commons-httpclient</groupId>

 			<artifactId>commons-httpclient</artifactId>

 		</dependency>-->

-		<dependency>

+		<!-- <dependency>

 			<groupId>at.gv.egovernment.moa.id</groupId>

 			<artifactId>mandate-validate</artifactId>

 			<version>1.1</version>

-		</dependency>

+		</dependency>-->

 		<dependency>

     	  <groupId>commons-lang</groupId>

 	      <artifactId>commons-lang</artifactId>

@@ -135,10 +135,11 @@
 

 	<build>

 		<plugins>

-			<plugin>

+					<plugin>

 				<groupId>org.apache.maven.plugins</groupId>

 				<artifactId>maven-jar-plugin</artifactId>

 				<configuration>

+				<skipTests>true</skipTests>

 					<archive>

 						<addMavenDescriptor>false</addMavenDescriptor>

 					</archive>

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 64eaf30cd..a772e0457 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -15,14 +15,11 @@
 */
 package at.gv.egovernment.moa.id.auth;
 
-import iaik.ixsil.exceptions.UtilsException;
-import iaik.ixsil.util.Utils;
 import iaik.pki.PKIException;
 import iaik.x509.X509Certificate;
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.Principal;
@@ -39,10 +36,11 @@ import java.util.Vector;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
-import HTTPClient.Util;
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.ParseException;
@@ -63,6 +61,7 @@ import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
@@ -81,6 +80,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -94,6 +94,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.LogMsg;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -288,6 +289,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * @param oaURL online application URL requested
    * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used; 
    *                may be <code>null</code>; in this case, the default location will be used
+   * @param useMandate Indicates if mandate is used or not               
    * @param templateURL URL providing an HTML template for the HTML form generated
    * @param scheme determines the protocol used 
    * @return HTML form
@@ -301,6 +303,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     String oaURL,
     String templateURL,
     String bkuURL,
+    String useMandate,
     String sessionID,
     String scheme)
     throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
@@ -343,7 +346,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
       session.setAuthURL(authURL);
       session.setTemplateURL(templateURL);
-      session.setBusinessService(oaParam.getBusinessService());
+      session.setBusinessService(oaParam.getBusinessService());      
     }
     // BKU URL has not been set yet, even if session already exists
     if (bkuURL == null) {
@@ -357,8 +360,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
     String infoboxReadRequest = 
       new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), 
-                                            oaParam.getBusinessService(), 
+                                            oaParam.getBusinessService(),     
                                             oaParam.getIdentityLinkDomainIdentifier());
+    
+    if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+    	session.setUseMandate(useMandate);
+    }
+    else {
+    	session.setUseMandate("false");
+    }
     String dataURL =
       new DataURLBuilder().buildDataURL(
         session.getAuthURL(),
@@ -529,6 +539,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
   }
   
+  
+  /**
+   * Processes an <code>Mandate</code> sent by the 
+   * MIS.<br>
+   * <ul>
+   * <li>Validates given <code>Mandate</code></li>
+   * <li>Verifies Mandate by calling the MOA SP component</li>
+   * <li>Creates an authentication block to be signed by the user</li>
+   * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code> 
+   *      containg the authentication block, meant to be returned to the 
+   *      security layer implementation</li>
+   * </ul>
+   * 
+   * @param sessionID ID of associated authentication session data
+   * @param infoboxReadResponseParameters The parameters from the response returned from
+   *        the BKU including the <code>&lt;InfoboxReadResponse&gt;</code>
+   * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+   */
+  public String verifyMandate(String sessionID, MISMandate mandate)
+    throws
+      AuthenticationException,
+      BuildException,
+      ParseException,
+      ConfigurationException,
+      ValidateException,
+      ServiceException {
+
+    if (isEmpty(sessionID))
+      throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID});
+       
+    String sMandate = new String(mandate.getMandate());
+    if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
+    	Logger.error("Mandate is empty.");
+    	throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+    }
+    
+    
+    AuthenticationSession session = getSession(sessionID);
+    AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+      
+    OAAuthParameter oaParam =
+      AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+        session.getPublicOAURLPrefix());
+    
+    try {
+    	// set extended SAML attributes
+		setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+	} catch (SAXException e) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	} catch (IOException e) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	} catch (ParserConfigurationException e) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	} catch (TransformerException e) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	}
+
+    
+    return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+  }
+  
+  /**
+   * 
+   * @param session
+   * @param authConf
+   * @param oaParam
+   * @return
+   * @throws ConfigurationException
+   * @throws BuildException
+   * @throws ValidateException
+   */
   public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
     throws 
       ConfigurationException, 
@@ -571,6 +653,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     return createXMLSignatureRequest;
   }
   
+  
+  
   /**
    * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
    * <ul>
@@ -927,6 +1011,32 @@ public class AuthenticationServer implements MOAIDAuthConstants {
   }
   
   /**
+   * Verifies the infoboxes (except of the  identity link infobox) returned by the BKU by 
+   * calling appropriate validator classes.
+   * 
+   * @param session The actual authentication session.
+   * @param mandate   The Mandate from the MIS
+   * 
+   * @throws AuthenticationException 
+   * @throws ConfigurationException  
+ * @throws TransformerException 
+ * @throws ParserConfigurationException 
+ * @throws IOException 
+ * @throws SAXException 
+   */
+  private void setExtendedSAMLAttributeForMandates(
+    AuthenticationSession session, MISMandate mandate, boolean business) 
+  throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException
+  {
+    
+	  ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business);
+	  
+	  
+	  AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService");
+    
+  }
+  
+  /**
    * Intermediate processing of the infoboxes. The first pending infobox 
    * validator may validate the provided input
    * 
@@ -985,7 +1095,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     int length = extendedSAMLAttributes.length; 
     for (int i=0; i<length; i++) {
       ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+      
       Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName);
+      
       if ((value instanceof String) || (value instanceof Element)) {
         switch (samlAttribute.getAddToAUTHBlock()) {
           case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
@@ -1017,6 +1129,115 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     session.setExtendedSAMLAttributesOA(oaAttributes);
   }
 
+//  /**
+//   * Adds given SAML Attributes to the current session. They will be appended
+//   * to the final SAML Assertion or the AUTH block. If the attributes are 
+//   * already in the list, they will be replaced.
+//   * 
+//   * @param session The current session
+//   * @param extendedSAMLAttributes The SAML attributes to add
+//   * @param identifier The infobox identifier for debug purposes
+//   * @param friendlyNam The friendly name of the infobox for debug purposes
+//   */
+//  private static void AddAdditionalSAMLAttributes(AuthenticationSession session, MISMandate mandate) throws ValidateException
+//  {
+//	  
+//    List oaAttributes = session.getExtendedSAMLAttributesOA();
+//    if (oaAttributes==null) oaAttributes = new Vector();
+//    List authAttributes = session.getExtendedSAMLAttributesAUTH();
+//    if (authAttributes==null) authAttributes = new Vector();
+//    
+//    
+//    addExtendedSamlAttributes(authAttributes, mandate);
+//    
+//    session.setExtendedSAMLAttributesAUTH(authAttributes);
+//    session.setExtendedSAMLAttributesOA(oaAttributes);
+//  }
+  
+  /**
+   * Adds the AUTH block related SAML attributes to the validation result. 
+   * This is needed always before the AUTH block is to be signed, because the 
+   * name of the mandator has to be set
+ * @throws ParserConfigurationException 
+ * @throws IOException 
+ * @throws SAXException 
+ * @throws TransformerException 
+   */
+  private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(MISMandate mandate, boolean business) throws SAXException, IOException, ParserConfigurationException, TransformerException {
+    
+	  Vector extendedSamlAttributes = new Vector(); 
+	  
+	  extendedSamlAttributes.clear();
+    
+	  //extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+	  // RepresentationType
+	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTEXT, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+        
+	  // Name
+	  Element domMandate = mandateToElement(mandate);
+	  Element nameSpaceNode = domMandate.getOwnerDocument().createElement("NameSpaceNode");
+	  nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+	  nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+
+	  Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, "//md:Mandate/md:Mandator", nameSpaceNode);
+    
+	  // first check if physical person
+	  Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+	  String mandatorname = ParepUtils.extractMandatorName(mandator);
+	  
+	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, mandatorname, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+	  // Geburtsdatum
+	  String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+	  if (dob != null && !"".equals(dob)) {
+		  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));	  
+		  
+	  }
+	  
+	  // Mandate
+	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, domMandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+	  
+	  // (w)bpk
+	  String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+	  if (!ParepUtils.isEmpty(wbpk)) {
+		  if (!ParepUtils.isPhysicalPerson(mandator)){
+			  String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+			  if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID)) {
+				  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+			  }
+		  } else 
+			  if (business) {
+				  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+			  }
+	  }
+	  
+	  String oid = mandate.getProfRep();
+	  if (oid != null) {
+		  String oidDescription = mandate.getTextualDescriptionOfOID();
+		  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, oidDescription, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+	  }
+    	
+	  ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+	  extendedSamlAttributes.copyInto(ret);
+	  Logger.debug("ExtendedSAML Attributes: " + ret.length);
+	  return ret;
+
+    
+    
+  	}
+  
+  /**
+   * 
+   * @param mandate
+   * @return
+ * @throws ParserConfigurationException 
+ * @throws IOException 
+ * @throws SAXException 
+   */
+  private static Element mandateToElement(MISMandate mandate) throws SAXException, IOException, ParserConfigurationException {
+	  ByteArrayInputStream bais = new ByteArrayInputStream(mandate.getMandate());
+	  Document doc = DOMUtils.parseDocumentSimple(bais);
+	  return doc.getDocumentElement();
+  }
   private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) {
     if (null==attributes) {
       attributes = new Vector();
@@ -1651,6 +1872,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
   private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) 
     throws ValidateException{
     String name = samlAttribute.getName();
+    
+    
     if (name == null) {
       Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + 
         identifier + "-infobox validator is null.");
@@ -1676,6 +1899,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       throw new ValidateException(
         "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
     }
-    return value;
+    
+        return value;
   }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 259b21db7..35dddb476 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -60,6 +60,8 @@ public interface MOAIDAuthConstants {
   public static final String REQ_GET_FOREIGN_ID = "GetForeignID";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */
   public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet} is mapped to */
+  public static final String GET_MIS_SESSIONID = "GetMISSessionID";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
   public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 2e1132d32..9bab8643f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -82,6 +82,50 @@ public class GetIdentityLinkFormBuilder extends Builder {
     "</form>" + nl +
     "</body>" + nl +
     "</html>";
+  
+  /** default HTML template */
+  private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES = 
+    "<html>" + nl +
+    "<head>" + nl +
+    "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +    
+    "<title>Vollmachten-Anmeldung</title>" + nl +
+    "<script type=\"text/javascript\">" + nl +
+	"window.onload=function() {" + nl +
+	"document.VollmachtenForm.submit();"  + nl +
+	"document.VollmachtenForm.Senden.disabled=true;" + nl +
+	"return;" + nl +
+	"}" + nl +
+	"</script>" + nl +
+    "</head>" + nl +
+    "<body>" + nl +
+    "<form name=\"VollmachtenForm\"" + nl +
+    "      action=\"" + BKU_TAG + "\"" + nl +
+    "      method=\"post\">" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"XMLRequest\"" + nl +
+    "         value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"DataURL\"" + nl +
+    "         value=\"" + DATAURL_TAG + "\"/>" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"PushInfobox\"" + nl +
+    "         value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
+    "  <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" + nl +
+    "</form>" + nl +
+    "<form name=\"CertificateInfoForm\"" + nl +
+    "      action=\"" + BKU_TAG + "\"" + nl +
+    "      method=\"post\">" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"XMLRequest\"" + nl +
+    "         value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"DataURL\"" + nl +
+    "         value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl +
+//	"  <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +    
+    "  <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+    "</form>" + nl +
+    "</body>" + nl +
+    "</html>";
 
   /**
    * Constructor for GetIdentityLinkFormBuilder.
@@ -119,6 +163,29 @@ public class GetIdentityLinkFormBuilder extends Builder {
     htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
   	return htmlForm;
   }
+  
+  /**
+   * Builds the HTML form, including XML Request and data URL as parameters.
+   * 
+   * @param htmlTemplate template to be used for the HTML form;
+   *         may be <code>null</code>, in this case a default layout will be produced
+   * @param xmlRequest XML Request to be sent as a parameter in the form
+   * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+   *         may be <code>null</code>, in this case the default URL will be used
+   * @param dataURL DataURL to be sent as a parameter in the form
+   */
+  public String buildCreateSignature(
+    String bkuURL, 
+    String xmlRequest, 
+    String dataURL)
+  throws BuildException 
+  {      
+  	String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES;
+    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+    htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+    htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+  	return htmlForm;
+  }
   /**
    * Encodes a string for inclusion as a parameter in the form.
    * Double quotes are substituted by <code>"&amp;quot;"</code>.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index 2c97f01ae..a6b61e747 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -152,6 +152,85 @@ public class VerifyXMLSignatureRequestBuilder {
     return requestElem_;
   }
   
+  /**
+   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+   * from an IdentityLink with a known trustProfileID which 
+   * has to exist in MOA-SP
+   * @param identityLink - The IdentityLink
+   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * 
+   * @return Element - The complete request as Dom-Element
+   * 
+   * @throws ParseException
+   */
+  public Element build(byte[]mandate, String trustProfileID)
+    throws ParseException 
+  { 
+    try {
+      // build the request
+//      Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+//      requestElem_.appendChild(dateTimeElem);
+//      Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
+//      dateTimeElem.appendChild(dateTime);
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+      // insert the base64 encoded identity link SAML assertion
+      //String serializedAssertion = identityLink.getSerializedSamlAssertion();
+      //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8"));
+      String base64EncodedAssertion = Base64Utils.encode(mandate);
+      //replace all '\r' characters by no char.
+      StringBuffer replaced = new StringBuffer();
+      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+        char c = base64EncodedAssertion.charAt(i);
+        if (c != '\r') {
+          replaced.append(c);
+        }
+      }
+      base64EncodedAssertion = replaced.toString();
+      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+      base64ContentElem.appendChild(base64Content);      
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+//      // add the transforms
+//      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+//      signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+//      Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+//      
+//      for (int i = 0; i < dsigTransforms.length; i++) {        
+//        Element verifyTransformsInfoProfileElem = 
+//          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
+//        referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
+//        verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));        
+//      }
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
+    } catch (Throwable t) {
+      throw new ParseException("builder.00", 
+        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+    }
+
+    return requestElem_;
+  }
+  
   
   /**
    * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index eca02a77b..554b5012e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -68,6 +68,16 @@ public class AuthenticationSession {
      * URL of the BKU
      */
     private String bkuURL;
+    
+    /**
+     * Use mandate
+     */
+    private boolean useMandate;
+    
+    /** 
+     * SessionID for MIS
+     */
+    private String misSessionID;
 	/**
 	 * identity link read from smartcard
 	 */
@@ -582,4 +592,39 @@ public class AuthenticationSession {
     this.pushInfobox = pushInfobox;
   }
   
+  /**
+   * 
+   * @param useMandate indicates if mandate is used or not
+   */
+  public void setUseMandate(String useMandate) {
+	  if (useMandate.compareToIgnoreCase("true") == 0)
+		  this.useMandate = true;
+	  else
+		  this.useMandate = false;
+	  
+  }
+  
+  /**
+   * Returns if mandate is used or not
+   * @return
+   */
+  public boolean getUseMandate() {
+	  return this.useMandate;
+  }
+  
+  /**
+   * 
+   * @param misSessionID indicates the MIS session ID
+   */
+  public void setMISSessionID(String misSessionID) {
+	  this.misSessionID = misSessionID;
+  }
+
+  /**
+   * Returns the MIS session ID
+   * @return
+   */
+  public String getMISSessionID() {
+	  return this.misSessionID;
+  }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index c83650587..9a6670617 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -219,11 +219,14 @@ public class GetForeignIDServlet extends AuthServlet {
 	    		try {

 	    			client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));

 	    		} catch (IOException e) {

-	    			throw new SZRGWClientException(e);

+	    			Logger.error("Could not initialize SSL Factory", e);

+	    			throw new SZRGWClientException("Could not initialize SSL Factory");

 	    		} catch (GeneralSecurityException e) {

-	    			throw new SZRGWClientException(e);

+	    			Logger.error("Could not initialize SSL Factory", e);

+	    			throw new SZRGWClientException("Could not initialize SSL Factory");

 	    		} catch (PKIException e) {

-	    			throw new SZRGWClientException(e);

+	    			Logger.error("Could not initialize SSL Factory", e);

+	    			throw new SZRGWClientException("Could not initialize SSL Factory");

 	    		} 

 	    	}

 	    	Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
new file mode 100644
index 000000000..4c0abdb0f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -0,0 +1,174 @@
+package at.gv.egovernment.moa.id.auth.servlet;

+

+import iaik.pki.PKIException;

+

+import java.io.IOException;

+import java.io.PrintWriter;

+import java.security.GeneralSecurityException;

+import java.util.List;

+import java.util.Map;

+

+import javax.net.ssl.SSLSocketFactory;

+import javax.servlet.ServletException;

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+

+import org.apache.commons.fileupload.FileUploadException;

+import org.apache.commons.lang.StringEscapeUtils;

+

+import at.gv.egovernment.moa.id.BuildException;

+import at.gv.egovernment.moa.id.MOAIDException;

+import at.gv.egovernment.moa.id.auth.AuthenticationServer;

+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

+import at.gv.egovernment.moa.id.auth.WrongParametersException;

+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

+import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;

+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

+import at.gv.egovernment.moa.id.config.ConnectionParameter;

+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;

+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;

+import at.gv.egovernment.moa.id.util.SSLUtils;

+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;

+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;

+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;

+import at.gv.egovernment.moa.logging.Logger;

+

+/**

+ * Servlet requested for getting the foreign eID

+ * provided by the security layer implementation.

+ * Utilizes the {@link AuthenticationServer}.

+ *

+ */

+public class GetMISSessionIDServlet extends AuthServlet {

+

+  /**

+   * Constructor for GetMISSessionIDServlet.

+   */

+  public GetMISSessionIDServlet() {

+    super();

+  }

+

+  /**

+   * GET requested by security layer implementation to verify

+   * that data URL resource is available.

+   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)

+   */

+  protected void doGet(HttpServletRequest req, HttpServletResponse resp)

+    throws ServletException, IOException { 

+    	

+	  doPost(req, resp);

+	  

+//		Logger.debug("GET GetMISSessionIDServlet");

+//		

+//		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);

+//		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);

+//		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);

+//		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

+  }

+

+  /**

+   * Gets the signer certificate from the InfoboxReadRequest and 

+   * responds with a new 

+   * <code>CreateXMLSignatureRequest</code>.

+   * <br>

+   * Request parameters:

+   * <ul>

+   * <li>MOASessionID: ID of associated authentication session</li>

+   * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>

+   * </ul>

+   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)

+   */

+  protected void doPost(HttpServletRequest req, HttpServletResponse resp)

+    throws ServletException, IOException {

+

+		Logger.debug("POST GetMISSessionIDServlet");

+		

+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);

+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);

+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);

+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

+		

+//		Map parameters;

+//	    try 

+//	    {

+//	      parameters = getParameters(req);

+//	    } catch (FileUploadException e) 

+//	    {

+//	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());

+//	      throw new IOException(e.getMessage());

+//	     	}

+		

+	    String sessionID = req.getParameter(PARAM_SESSIONID);

+	    

+	    // escape parameter strings

+		sessionID = StringEscapeUtils.escapeHtml(sessionID);

+		

+	    AuthenticationSession session = null;

+	    try {

+	       // check parameter

+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))

+	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");

+	       

+	       session = AuthenticationServer.getSession(sessionID);

+	    	

+	    	String misSessionID = session.getMISSessionID();

+	    	

+	    	//System.out.println("MIS Session ID (GetMISServlet): " + misSessionID);

+	    	

+	    	AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();

+	    	ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	

+	    	SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);

+

+	    	List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);

+	    	

+	    	if (list == null) {

+	    		Logger.error("Keine Vollmacht gefunden.");

+	    		throw new MISSimpleClientException("Keine Vollmacht gefunden");

+	    	}

+	    	if (list.size() == 0) {

+	    		Logger.error("Keine Vollmacht gefunden.");

+	    		throw new MISSimpleClientException("Keine Vollmacht gefunden");

+	    	}

+	    	

+	    	// for now: list contains only one element

+	    	MISMandate mandate = (MISMandate)list.get(0);	    	

+   	

+	    	// verify mandate signature

+	    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);

+	    	

+	    	String dataurl =

+	             new DataURLBuilder().buildDataURL(

+	               session.getAuthURL(),

+	               REQ_VERIFY_AUTH_BLOCK,

+	               session.getSessionID());

+	    	

+	    	Logger.debug(createXMLSignatureRequestOrRedirect);

+	    	

+	    	String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl);

+

+	    	resp.setContentType("text/html;charset=UTF-8");

+			PrintWriter out = new PrintWriter(resp.getOutputStream());

+			out.print(request);

+			out.flush();

+	    	

+			    		      

+	    }

+	    catch (MOAIDException ex) {

+	      handleError(null, ex, req, resp);

+	    } catch (GeneralSecurityException ex) {

+	    	handleError(null, ex, req, resp);

+		} catch (PKIException e) {

+			handleError(null, e, req, resp);

+		} catch (MISSimpleClientException e) {

+			handleError(null, e, req, resp);

+		} 

+  }

+  

+  private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException {

+	  return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL);

+	  

+  }

+  

+  

+ 

+ }

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 54d08c59e..b50a1edde 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -68,8 +68,8 @@ public class ProcessValidatorInputServlet extends AuthServlet {
    * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)

    */

   protected void doGet(HttpServletRequest req, HttpServletResponse resp)

-    throws ServletException, IOException { 

-

+    throws ServletException, IOException { 
+	  
     Logger.debug("GET ProcessInput");
     resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 	resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 10b4041df..2e7d59fde 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -15,11 +15,14 @@
 */
 package at.gv.egovernment.moa.id.auth.servlet;
 
+import iaik.pki.PKIException;
+
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.io.Reader;
-import java.io.StringReader;
+import java.security.GeneralSecurityException;
+import java.util.List;
 
+import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -31,8 +34,14 @@ import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -88,8 +97,7 @@ public class StartAuthenticationServlet extends AuthServlet {
     resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
     resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
     
-    //System.out.println("useMandate: " + useMandate);
-    
+ 	
     	try {
 		      // check parameter
 		    if (!ParamValidatorUtils.isValidTarget(target))
@@ -109,7 +117,7 @@ public class StartAuthenticationServlet extends AuthServlet {
 		    
 		    
 			String getIdentityLinkForm =
-				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
+				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
 		
 			resp.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(resp.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index ad01de6c8..f1fb15be0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -61,6 +61,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
   protected void doGet(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException { 
     
+	  //doPost(req, resp);
+	  
 		Logger.debug("GET VerifyAuthenticationBlock");
 		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 76c5476ae..d101df1fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -8,12 +8,14 @@ import java.security.GeneralSecurityException;
 import java.security.cert.CertificateEncodingException;

 import java.util.Map;

 

+import javax.net.ssl.SSLSocketFactory;

 import javax.servlet.ServletException;

 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import javax.xml.parsers.DocumentBuilder;

 import javax.xml.parsers.DocumentBuilderFactory;

 import javax.xml.parsers.ParserConfigurationException;

+import javax.xml.transform.TransformerException;

 

 import org.apache.axis.encoding.Base64;

 import org.apache.commons.fileupload.FileUploadException;

@@ -22,24 +24,25 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;

 import org.w3c.dom.Text;

 

+import at.gv.egovernment.moa.id.AuthenticationException;

 import at.gv.egovernment.moa.id.MOAIDException;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

 import at.gv.egovernment.moa.id.auth.WrongParametersException;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;

-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;

-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;

 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;

-import at.gv.egovernment.moa.id.config.ConfigurationException;

 import at.gv.egovernment.moa.id.config.ConnectionParameter;

 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;

-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;

+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;

 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;

 import at.gv.egovernment.moa.id.util.SSLUtils;

 import at.gv.egovernment.moa.id.util.ServletUtils;

+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;

+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;

+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;

 import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.util.DOMUtils;

 

 /**

  * Servlet requested for getting the foreign eID

@@ -116,25 +119,96 @@ public class VerifyCertificateServlet extends AuthServlet {
 	       

 	    	session = AuthenticationServer.getSession(sessionID);

 	    	

-	    	X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);

-	    		    	

-	    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);

-	      // build dataurl (to the GetForeignIDSerlvet)

-	    	String dataurl =

-             new DataURLBuilder().buildDataURL(

-               session.getAuthURL(),

-               REQ_GET_FOREIGN_ID,

-               session.getSessionID());

-       

-	    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);

 	    	

+    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);

+    		if (cert == null) {

+    			Logger.error("Certificate could not be read.");

+    			throw new AuthenticationException("auth.14", null);    		

+    		}

+    		

+	    	boolean useMandate = session.getUseMandate();

+	    	if (useMandate) {

+	    		// Mandate Modus	    	

+	    		// make request to MIS

+	    		

+	    		AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();

+    			ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	

+    			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);

+    			

+    			// get identitity link as byte[]

+    			Element elem = session.getIdentityLink().getSamlAssertion();

+    			String s = DOMUtils.serializeNode(elem);

+//    			byte[] idl = DOMUtils.nodeToByteArray(elem);

+//    			String s = new String(idl);

+    			byte[] idl = s.getBytes();

+    			

+    			// redirect url

+    			// build redirect(to the GetMISSessionIdSerlvet)

+    	          String redirectURL =

+    	                new DataURLBuilder().buildDataURL(

+    	                  session.getAuthURL(),

+    	                  GET_MIS_SESSIONID,

+    	                  session.getSessionID());

+    			

+    	          String oaURL = session.getOAURLRequested();

+    	          OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);

+    	          String profiles = oaParam.getMandateProfiles();

+

+    	          if (profiles == null) {

+    	        	  Logger.error("No Mandate/Profile for OA configured.");

+    	        	  throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});

+    	          }

+    	          

+    	          String profilesArray[] = profiles.split(",");  	 		 

+    	          for(int i = 0; i < profilesArray.length; i++) {

+    	        	  profilesArray[i] = profilesArray[i].trim();

+    	          }

+    	          

+    	          MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory);

+    	          String redirectMISGUI = misSessionID.getRedirectURL();

+    	          

+    	          if (misSessionID == null) {

+    	        	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");

+    	        	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");

+    	          }

+    	          

+    	          session.setMISSessionID(misSessionID.getSessiondId());

+    		

+    	          resp.setStatus(302);

+  		    	  resp.addHeader("Location", redirectMISGUI);

+  		    	  Logger.debug("REDIRECT TO: " + redirectURL);

+    	          

+	    	}

+	    	else {

+	    		// Foreign Identities Modus	

+		    	

+		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);

+		      // build dataurl (to the GetForeignIDSerlvet)

+		    	String dataurl =

+	             new DataURLBuilder().buildDataURL(

+	               session.getAuthURL(),

+	               REQ_GET_FOREIGN_ID,

+	               session.getSessionID());

+	       

+		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);

+		    	

+		    	

+		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");

+	    	}

 	    	

-	    	Logger.debug("Send CreateXMLSignatureRequest to BKU");

 			    		      

 	    }

 	    catch (MOAIDException ex) {

 	      handleError(null, ex, req, resp);

-	    } 

+	    } catch (GeneralSecurityException ex) {

+	    	handleError(null, ex, req, resp);

+		} catch (PKIException e) {

+			handleError(null, e, req, resp);

+		} catch (MISSimpleClientException e) {

+			handleError(null, e, req, resp);

+		} catch (TransformerException e) {

+			handleError(null, e, req, resp);

+		} 

   }

     

   /**

@@ -161,58 +235,58 @@ public class VerifyCertificateServlet extends AuthServlet {
  * @throws SZRGWClientException 

    */

   /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/

-     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {

-

-    SZRGWClient client = new SZRGWClient();

-      

-    try {

-    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();

-    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();

-     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";

-    	Logger.debug("Connection Parameters: " + connectionParameters);

-      client.setAddress(connectionParameters.getUrl());

-      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {

-         Logger.debug("Initialisiere SSL Verbindung");

-         try {

-            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));

-         } catch (IOException e) {

-            // TODO Auto-generated catch block

-            e.printStackTrace();

-         } catch (GeneralSecurityException e) {

-            // TODO Auto-generated catch block

-            e.printStackTrace();

-         } catch (PKIException e) {

-            // TODO Auto-generated catch block

-            e.printStackTrace();

-         }

-       }

-       

-       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");

-      

-   

-    }

-   catch (ConfigurationException e) {

-      Logger.warn(e);

-      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));

-

-    }

-    	// create request

-    	Document doc = buildGetIdentityLinkRequest(cert);

-    	Element request = doc.getDocumentElement();

-    	CreateIdentityLinkResponse response = null;

-   

-    //try {

-        response = client.createIdentityLinkResponse(request);

-    //} catch (SZRGWClientException e) {

-        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.

-      //  client = new SZRGWClient(url);

-      //  response = client.createIdentityLinkResponse(request);

-   // }

-   	 

-        

-	return response.getAssertion();

-	

-  }

+//     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {

+//

+//    SZRGWClient client = new SZRGWClient();

+//      

+//    try {

+//    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();

+//    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();

+//     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";

+//    	Logger.debug("Connection Parameters: " + connectionParameters);

+//      client.setAddress(connectionParameters.getUrl());

+//      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {

+//         Logger.debug("Initialisiere SSL Verbindung");

+//         try {

+//            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));

+//         } catch (IOException e) {

+//            // TODO Auto-generated catch block

+//            e.printStackTrace();

+//         } catch (GeneralSecurityException e) {

+//            // TODO Auto-generated catch block

+//            e.printStackTrace();

+//         } catch (PKIException e) {

+//            // TODO Auto-generated catch block

+//            e.printStackTrace();

+//         }

+//       }

+//       

+//       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");

+//      

+//   

+//    }

+//   catch (ConfigurationException e) {

+//      Logger.warn(e);

+//      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));

+//

+//    }

+//    	// create request

+//    	Document doc = buildGetIdentityLinkRequest(cert);

+//    	Element request = doc.getDocumentElement();

+//    	CreateIdentityLinkResponse response = null;

+//   

+//    //try {

+//        response = client.createIdentityLinkResponse(request);

+//    //} catch (SZRGWClientException e) {

+//        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.

+//      //  client = new SZRGWClient(url);

+//      //  response = client.createIdentityLinkResponse(request);

+//   // }

+//   	 

+//        

+//	return response.getAssertion();

+//	

+//  }

   

   /**

    * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index dff366829..23861d290 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -18,6 +18,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
 import java.io.IOException;
 import java.util.Map;
 
+import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -25,6 +26,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.lang.StringEscapeUtils;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -33,7 +35,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -126,11 +131,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     	if (createXMLSignatureRequestOrRedirect == null) {
     	   // no identity link found
     		
+    		boolean useMandate = session.getUseMandate();
+    		if (useMandate) {
+    			Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+    			throw new AuthenticationException("auth.13", null);
+    		}
+    		
     		try {
     		
     		   Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
     		   
-    		// create the InfoboxReadRequest to get the certificate
+    		   // create the InfoboxReadRequest to get the certificate
     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
 
     		   // build dataurl (to the GetForeignIDSerlvet)
@@ -142,6 +153,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
           
          
           ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+          
     	    	
     	    }
     	    catch(Exception e) {
@@ -150,7 +162,28 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     	    
     	}
     	else {
-    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+    		boolean useMandate = session.getUseMandate();
+    		if (useMandate) { // Mandate modus
+    			// read certificate and set dataurl to VerifyCertificateForMandatesServlet
+    			
+    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+    			
+     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+     		   // build dataurl (to the GetForeignIDSerlvet)
+     		   String dataurl =
+                 new DataURLBuilder().buildDataURL(
+                   session.getAuthURL(),
+                   REQ_VERIFY_CERTIFICATE,
+                   session.getSessionID());
+           
+          
+     		   ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+    			
+    		}
+    		else {
+    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+    		}
     	}
       
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index a8e22562a..51551834e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;

 import at.gv.egovernment.moa.util.BoolUtils;

 import at.gv.egovernment.moa.util.Constants;

+import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;

 

 /**

@@ -245,9 +246,13 @@ public class ParepUtils {
     try {

       Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");

       nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);

-

+
+      String s = DOMUtils.serializeNode(mandator);
+      

       // check if physical person

-      Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);

+      Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+      
+      

       // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,

       // "descendant-or-self::pr:CorporateBody", nameSpaceNode);

       return physicalPerson != null;

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
index 2a0126b82..9d5c0f7cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
@@ -95,7 +95,11 @@ public class ParepValidator implements InfoboxValidator {
   public final static String EXT_SAML_MANDATE_NAME = "MandatorName";

   public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";

   public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";

-  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";

+  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+  public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
+  
+  /** */
+  public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";

 

   /** register and register number for non physical persons - the domain identifier for business applications*/

   public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index dbfbda535..b5275cdd5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -125,6 +125,10 @@ public class ConfigurationBuilder {
   public static final String AUTH_FOREIGN_IDENTITIES_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities";
   
+  /** an XPATH-Expression */ 
+  public static final String AUTH_ONLINEMANDATES_XPATH =
+    ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates";
+  
   
   
   /** an XPATH-Expression */ 
@@ -146,6 +150,8 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
   /** an XPATH-Expression */ 
+  protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles";
+  /** an XPATH-Expression */ 
   protected static final String CONNECTION_PARAMETER_URL_XPATH =
     CONF + "ConnectionParameter/@URL";
   /** an XPATH-Expression */ 
@@ -242,6 +248,18 @@ public class ConfigurationBuilder {
      return buildConnectionParameter(foreignid);
 
   }
+  
+  /**
+   * Build a ConnectionParameter containing all information
+   * of the OnlineMandates element in the authentication component
+   * @return ConnectionParameter of the authentication component OnlineMandates element
+   */
+  public ConnectionParameter buildOnlineMandatesConnectionParameter() {
+     Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH);
+     if (onlinemandates==null) return null;
+     return buildConnectionParameter(onlinemandates);
+
+  }
 
   /**
    * Method buildAuthBKUSelectionType.
@@ -529,7 +547,19 @@ public class ConfigurationBuilder {
         } 
         Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
         oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
-          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); 
+          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID));
+        
+        Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH);
+        if (mandateProfilesNode != null) {
+        	if ("businessService".equalsIgnoreCase(oaType)) {        		
+        		Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed.");
+                throw new ConfigurationException("config.02", null);
+        	}
+        	else {
+        		String profiles = DOMUtils.getText(mandateProfilesNode);
+        		oap.setMandateProfiles(profiles);
+        	}        	
+        }        
       } 
       OA_set.add(oap);
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 6e296b4f4..ceb047280 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -165,6 +165,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   private ConnectionParameter foreignIDConnectionParameter;
   
   /**
+   * parameter for connection to OnlineMandates Service
+   */
+  private ConnectionParameter onlineMandatesConnectionParameter;
+  
+  /**
    * Parameter for trusted BKUs
    */
   private List trustedBKUs;
@@ -271,6 +276,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
         
         
       foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
+      onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
     	onlineApplicationAuthParameters  = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
     	identityLinkX509SubjectNames =  builder.getIdentityLink_X509SubjectNames();
     	defaultChainingMode = builder.getDefaultChainingMode();
@@ -393,6 +399,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   public ConnectionParameter getForeignIDConnectionParameter() {
      return foreignIDConnectionParameter;
   }
+  
+  /**
+   * Return a ConnectionParameter bean containing all information
+   * of the authentication component OnlineMandates element
+   * @return ConnectionParameter of the authentication component OnlineMandates element
+   */
+  public ConnectionParameter getOnlineMandatesConnectionParameter() {
+     return onlineMandatesConnectionParameter;
+  }
 
   /**
    * Return a string with a url-reference to the VerifyIdentityLink trust 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index c352fae6c..aa5aa21a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -89,6 +89,11 @@ public class OAAuthParameter extends OAParameter {
   private VerifyInfoboxParameters verifyInfoboxParameters;
   
   /**
+   * Parameter for Mandate profiles
+   */
+  private String mandateProfiles;
+  
+  /**
    * BZ
    * Type for authentication number (e.g. Firmenbuchnummer)
    */
@@ -325,5 +330,21 @@ public class OAAuthParameter extends OAParameter {
   public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
       this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
   }
+  
+  /**
+   * Sets the Mandate/Profiles
+   * @param profiles
+   */
+  public void setMandateProfiles(String profiles) {
+	  this.mandateProfiles = profiles;
+  }
+  
+  /**
+   * Returns the Mandates/Profiles
+   * @return
+   */
+  public String getMandateProfiles() {
+	  return this.mandateProfiles;
+  }
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index ce15b75bd..6802005f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -41,6 +41,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.apache.commons.lang.StringEscapeUtils;
+
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.MOAIDException;
@@ -117,12 +119,15 @@ public class ProxyServlet extends HttpServlet {
   protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 
     Logger.debug("getRequestURL:" + req.getRequestURL().toString());
-  //@TODO Parameter
+    
+    String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+    artifact = StringEscapeUtils.escapeHtml(artifact);
+    
     try {
-      if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
+      if (artifact != null) {
  		// check if SAML Artifact was already used in this session (in case of page reload)
 		HttpSession session = req.getSession();
-		if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
+		if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
 			if (session.getAttribute(ATT_BROWSERREQU)==null) {
 			    tunnelRequest(req, resp); 
 			}else{
@@ -498,7 +503,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
   
   
   Vector parameters  = new Vector();
-//@TODO Parameter
   for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
     String paramName = (String) enu.nextElement();
     if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 79db9907b..d35fc875d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -446,6 +446,9 @@ public class ParamValidatorUtils {
    

    public static boolean isValidXMLDocument(String document) {

 	   

+	   if (document == null)

+		   return false;

+	   

 	   Logger.debug("Überprüfe Parameter XMLDocument");

 	   try {   

 		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 1915ce40a..24e5ff3d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -64,7 +64,8 @@ public class ServletUtils {
       out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));

       out.flush();

       out.close();

-      Logger.debug("Finished POST " + servletName);

+      Logger.debug("Finished POST " + servletName);
+      

     } else {

       String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());

       resp.setContentType("text/html");

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
new file mode 100644
index 000000000..59ca0d5ca
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;

+

+public class MISMandate {

+

+	final static private String OID_NOTAR = "1.2.40.0.10.3.1";

+	final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";

+	

+	final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";

+	final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";

+	

+	final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";

+	final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";

+

+	final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4";

+	final static private String TEXT_ORGANWALTER = "Organwalter";

+	

+	

+	private String oid = null;

+	private byte[] mandate = null;

+	

+	public String getProfRep() {

+  	return oid;

+  }

+	public void setProfRep(String oid) {

+  	this.oid = oid;

+  }

+	public byte[] getMandate() {

+  	return mandate;

+  }

+	public void setMandate(byte[] mandate) {

+  	this.mandate = mandate;

+  }

+	

+	public String getTextualDescriptionOfOID() {

+		if (this.oid.equalsIgnoreCase(OID_NOTAR))

+			return TEXT_NOTAR;

+		if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))

+			return TEXT_RECHTSANWALT;

+		if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))

+			return TEXT_ZIVILTECHNIKER;

+		if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))

+			return TEXT_ORGANWALTER;

+		

+		return "Keine textuelle Beschreibung für OID " + oid;

+		

+	}

+

+}

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
new file mode 100644
index 000000000..d8bec4900
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;

+

+public class MISSessionId {

+

+	private String sessiondId = null;

+	private String redirectURL = null;

+	

+	public String getSessiondId() {

+  	return sessiondId;

+  }

+	public void setSessiondId(String sessiondId) {

+  	this.sessiondId = sessiondId;

+  }

+	public String getRedirectURL() {

+  	return redirectURL;

+  }

+	public void setRedirectURL(String redirectURL) {

+  	this.redirectURL = redirectURL;

+  }

+

+	

+}

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
new file mode 100644
index 000000000..25c341584
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -0,0 +1,261 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;

+

+import java.io.BufferedReader;

+import java.io.IOException;

+import java.io.InputStream;

+import java.io.InputStreamReader;

+import java.util.ArrayList;

+import java.util.List;

+

+import javax.net.ssl.SSLSocketFactory;

+import javax.xml.parsers.DocumentBuilderFactory;

+import javax.xml.parsers.ParserConfigurationException;

+import javax.xml.transform.TransformerException;

+

+import org.apache.commons.codec.binary.Base64;

+import org.apache.commons.httpclient.HttpClient;

+import org.apache.commons.httpclient.methods.PostMethod;

+import org.apache.commons.httpclient.methods.StringRequestEntity;

+import org.apache.commons.httpclient.protocol.Protocol;

+import org.apache.xerces.parsers.DOMParser;

+import org.apache.xpath.XPathAPI;

+import org.w3c.dom.DOMException;

+import org.w3c.dom.Document;

+import org.w3c.dom.Element;

+import org.w3c.dom.Node;

+import org.w3c.dom.NodeList;

+import org.xml.sax.InputSource;

+import org.xml.sax.SAXException;

+import org.xml.sax.SAXNotRecognizedException;

+import org.xml.sax.SAXNotSupportedException;

+

+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;

+import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.util.DOMUtils;

+

+

+public class MISSimpleClient {

+

+		

+	private final static String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";

+	private final static String MIS_NS = "http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd";

+	

+	private static Element NS_NODE = null;

+	

+		

+	static {

+		try {

+			NS_NODE = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument().createElement("test");

+			NS_NODE.setAttribute("xmlns:soap", SOAP_NS);

+			NS_NODE.setAttribute("xmlns:mis", MIS_NS);

+		} catch (Exception e) {

+			Logger.warn("Error initializing namespace node.", e);

+		}

+	}

+	

+	public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {

+		if (webServiceURL == null) {

+			throw new NullPointerException("Argument webServiceURL must not be null.");

+		}

+		if (sessionId == null) {

+			throw new NullPointerException("Argument sessionId must not be null.");

+		}

+		

+		// ssl settings

+		if (sSLSocketFactory != null) {

+	        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 

+	        Protocol.registerProtocol("https", new Protocol("https", fac, 443));

+		}

+

+		

+		try {

+			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();

+			Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");

+			Element sessionIdElement = doc.createElementNS(MIS_NS, "SessionID");

+			sessionIdElement.appendChild(doc.createTextNode(sessionId));

+			mirElement.appendChild(sessionIdElement);

+	    

+			// send soap request

+			Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);

+	    

+			// check for error

+			checkForError(mandateIssueResponseElement);

+	    

+			// check for session id

+			NodeList mandateElements  = XPathAPI.selectNodeList(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Mandates/mis:Mandate", NS_NODE);

+	    

+			if (mandateElements == null || mandateElements.getLength() == 0) {

+				throw new MISSimpleClientException("No mandates found in response.");

+			}

+	    

+			ArrayList foundMandates = new ArrayList();

+			for (int i=0; i<mandateElements.getLength(); i++) {

+				Element mandate = (Element) mandateElements.item(i);

+				MISMandate misMandate = new MISMandate();

+				if (mandate.hasAttribute("ProfessionalRepresentative")) {

+					misMandate.setProfRep(mandate.getAttribute("ProfessionalRepresentative"));

+				}

+				

+				//misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate)));

+				misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate).getBytes()));

+				foundMandates.add(misMandate);

+			}

+			return foundMandates;

+		} catch (ParserConfigurationException e) {

+			throw new MISSimpleClientException(e);

+		} catch (DOMException e) {

+			throw new MISSimpleClientException(e);

+		} catch (TransformerException e) {

+			throw new MISSimpleClientException(e);

+		} 

+	}

+	

+	public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String redirectURL, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {

+		if (webServiceURL == null) {

+			throw new NullPointerException("Argument webServiceURL must not be null.");

+		}

+		if (idl == null) {

+			throw new NullPointerException("Argument idl must not be null.");

+		}

+		if (redirectURL == null) {

+			throw new NullPointerException("Argument redirectURL must not be null.");

+		}

+		

+		// ssl settings

+		if (sSLSocketFactory != null) {

+	        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 

+	        Protocol.registerProtocol("https", new Protocol("https", fac, 443));

+		}

+		

+		try {

+			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();

+			Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");

+			Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");

+	    

+			idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));

+			mirElement.appendChild(idlElement);

+

+			if (cert != null && cert.length > 0) {

+				Element certElement = doc.createElementNS(MIS_NS, "X509SignatureCertificate");

+				certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));

+				//certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert)));

+				//	    	certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));

+				mirElement.appendChild(certElement);

+			}

+			Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL");

+			redirectElement.appendChild(doc.createTextNode(redirectURL));

+			mirElement.appendChild(redirectElement);

+			if (mandateIdentifier != null && mandateIdentifier.length > 0) {

+				Element filtersElement = doc.createElementNS(MIS_NS, "Filters");

+				Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers");

+				for (int i=0; i<mandateIdentifier.length; i++) {

+					Element mandateIdentifierElement = doc.createElementNS(MIS_NS, "MandateIdentifier");

+					mandateIdentifierElement.appendChild(doc.createTextNode(mandateIdentifier[i]));

+					mandateIdentifiersElement.appendChild(mandateIdentifierElement);

+				}

+				filtersElement.appendChild(mandateIdentifiersElement);

+				mirElement.appendChild(filtersElement);

+			}

+			// send soap request

+			Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);

+

+			// check for error

+			checkForError(mandateIssueResponseElement);

+	    

+			// check for session id

+			//String sessionId = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "/mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE)).getNodeValue();

+			Node sessionIdNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE));

+			if (sessionIdNode == null) {

+				throw new MISSimpleClientException("SessionId not found in response.");

+			}

+			String sessionId = sessionIdNode.getNodeValue();

+

+			Node guiRedirectURLNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:GuiRedirectURL/text()", NS_NODE));

+			if (guiRedirectURLNode == null) {

+				throw new MISSimpleClientException("GuiRedirectURL not found in response.");

+			}

+			String guiRedirectURL = guiRedirectURLNode.getNodeValue();

+	    

+			// create return object

+			MISSessionId msid = new MISSessionId();

+			msid.setSessiondId(sessionId);

+			msid.setRedirectURL(guiRedirectURL);

+	    

+			return msid;

+		} catch (ParserConfigurationException e) {

+			throw new MISSimpleClientException(e);

+		} catch (DOMException e) {

+			throw new MISSimpleClientException(e);

+		} catch (TransformerException e) {

+			throw new MISSimpleClientException(e);

+		}

+		

+	}

+	

+	private static void checkForError(Element mandateIssueResponseElement) throws MISSimpleClientException {

+		if (mandateIssueResponseElement == null) {

+			throw new NullPointerException("Argument mandateIssueResponseElement must not be null.");

+		}

+		try {

+		    Element errorElement = (Element) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error", NS_NODE);

+		    if (errorElement != null) {

+		    	String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();

+		    	String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();

+		    	throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text);	    }

+		} catch (TransformerException e) {

+			throw new MISSimpleClientException(e);

+		}

+	}

+	

+	private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {

+		if (webServiceURL == null) {

+			throw new NullPointerException("Argument webServiceURL must not be null.");

+		}

+		if (request == null) {

+			throw new NullPointerException("Argument request must not be null.");

+		}

+		try {

+			HttpClient httpclient = new HttpClient();

+			PostMethod post = new PostMethod(webServiceURL);

+			StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");

+			post.setRequestEntity(re);

+			int responseCode = httpclient.executeMethod(post);			

+			if (responseCode != 200) {

+				throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);

+			}

+			//Element elem = parse(post.getResponseBodyAsStream());

+			Document doc = DOMUtils.parseDocumentSimple(post.getResponseBodyAsStream());

+			return unpackFromSOAP(doc.getDocumentElement());

+		} catch(IOException e) {

+			throw new MISSimpleClientException(e);

+		} catch (TransformerException e) {

+			throw new MISSimpleClientException(e);

+		} catch (SAXException e) {

+			throw new MISSimpleClientException(e);

+		} catch (ParserConfigurationException e) {

+			throw new MISSimpleClientException(e);

+		}

+	}

+	

+	private static Element packIntoSOAP(Element element) throws MISSimpleClientException {

+		try {

+			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();

+			Element soapEnvelope = doc.createElement("Envelope");

+			soapEnvelope.setAttribute("xmlns", SOAP_NS);

+			Element soapBody = doc.createElement("Body");

+			soapEnvelope.appendChild(soapBody);

+			soapBody.appendChild(doc.importNode(element, true));

+			return soapEnvelope;

+		} catch(ParserConfigurationException e) {

+			throw new MISSimpleClientException(e);

+		}

+	}

+	

+	private static Element unpackFromSOAP(Element element) throws MISSimpleClientException {

+		try {

+			return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE);

+		} catch(TransformerException e) {

+			throw new MISSimpleClientException(e);

+		}

+	}	

+}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java
new file mode 100644
index 000000000..6f2627e1d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;

+

+public class MISSimpleClientException extends Exception {

+

+	private static final long serialVersionUID = 1L;

+

+	public MISSimpleClientException() {

+	}

+

+	public MISSimpleClientException(String message) {

+		super(message);

+	}

+

+	public MISSimpleClientException(Throwable cause) {

+		super(cause);

+	}

+

+	public MISSimpleClientException(String message, Throwable cause) {

+		super(message, cause);

+	}

+

+}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 14e4d5347..f206f6bbb 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -30,6 +30,10 @@ auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung
 auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt

 auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}

 auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"

+auth.13=Vollmachtenmodus für ausländische Bürger wird nicht unterstützt.

+auth.14=Zertifikat konnte nicht ausgelesen werden.

+auth.15=Fehler bei Anfrage an Vollmachten Service.

+auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"

 

 init.00=MOA ID Authentisierung wurde erfolgreich gestartet

 init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar

diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
index 6ab9c9679..4293fc477 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -37,7 +37,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "http://localhost:9080/", //oaURL
         "file:" + findXmldata("AuthTemplate.html"), 
         "http://localhost:3495/http-security-layer-request",
-         null, null);
+         null, null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -55,7 +55,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "gb", //target
         "http://localhost:9080/", //oaURL
         null, 
-        "http://localhost:3495/http-security-layer-request", null, null);
+        "http://localhost:3495/http-security-layer-request", null, null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -75,7 +75,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "file:" + findXmldata("AuthTemplate.html"), 
          null,
          null,
-         null);
+         null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -93,7 +93,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         server.startAuthentication(null, //authURL
         "gb", //target
         "http://localhost:9080/", //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         //assertEquals("",htmlForm);  
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -113,7 +113,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("http://localhost:8080/auth", //authURL
         "gb", "http://localhost:9080/", //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -131,7 +131,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", "http://host_not_in_config/", //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -150,7 +150,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", null, //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -169,7 +169,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         null, "http://localhost:9080/", //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
index 23130f4c8..4ef3ad92f 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -131,6 +131,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {
       null,
       null,
       null,
+      null,
       null);
     String sessionID = parseSessionIDFromForm(htmlForm);
     return sessionID;
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
index ab2781590..248e5cc33 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
@@ -14,19 +14,8 @@
 * limitations under the License.
 */
 package test.abnahme.P;
-import java.util.Map;
-
-import sun.misc.BASE64Decoder;
 import test.abnahme.AbnahmeTestCase;
 
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
-import at.gv.egovernment.moa.util.Base64Utils;
-
 /**
  * @author Stefan Knirsch
  * @version $Id$
@@ -35,127 +24,127 @@ import at.gv.egovernment.moa.util.Base64Utils;
 
 public class Test100LoginParameterResolver extends AbnahmeTestCase {
 
-  private static final String CLIENT_IP_ADDRESS = "56.246.75.11";
-  private OAConfiguration oaConf;
-  private LoginParameterResolver lpr;
-
+//  private static final String CLIENT_IP_ADDRESS = "56.246.75.11";
+//  private OAConfiguration oaConf;
+//  private LoginParameterResolver lpr;
+//
   public Test100LoginParameterResolver(String name) {
     super(name);
   }
-
-  private void setUp(String publicURLPrefix)
-    throws Exception {
-      
-    // get configuration data
-    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
-    OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
-    oaConf = oaParam.getOaConfiguration();
-    System.out.println("Parameterübergabe: " + oaConf.getAuthType());
-
-    // get login parameter resolver
-    LoginParameterResolverFactory.initialize();
-    lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
-  }
-  public void testP101() throws Exception {
-    try {
-      // read configuration and set up LoginParameterResolver
-      setUp("https://testP101:9443/");
-      if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH))
-        fail();
-
-      // assemble authentication data
-      AuthenticationData authData = new AuthenticationData();
-      authData.setFamilyName("Huber");
-      authData.setGivenName("Hugo");
-
-      // resolve login headers
-      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
-      // validate login headers
-      assertEquals(1, loginHeaders.keySet().size());
-      System.out.println("Header Authorization: " + loginHeaders.get("Authorization"));
-      System.out.println("Decoded UserID:Password " + 
-        new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6))));
-      String userIDPassword = "Hugo:Huber";
-      String credentials = Base64Utils.encode(userIDPassword.getBytes());
-      assertEquals("Basic " + credentials, loginHeaders.get("Authorization"));
-      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
-    }
-    catch (Exception e) {
-      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
-      throw e;
-    }
-
-  }
-  public void testP102() throws Exception {
-    try {
-      // read configuration and set up LoginParameterResolver
-      setUp("https://testP102:9443/");
-      if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
-        fail();
-
-      // assemble authentication data
-      AuthenticationData authData = new AuthenticationData();
-      String DATE_OF_BIRTH = "1963-12-29";
-      String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
-      authData.setDateOfBirth(DATE_OF_BIRTH);
-      authData.setBPK(VPK);
-
-      // resolve login parameters
-      Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
-      // validate login headers
-      assertEquals(2, loginParameters.keySet().size());
-      System.out.println("Param1: " + loginParameters.get("Param1"));
-      System.out.println("Param2: " + loginParameters.get("Param2"));
-      assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1"));
-      assertEquals(VPK, loginParameters.get("Param2"));
-      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
-    }
-    catch (Exception e) {
-      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
-      throw e;
-    }
-  }
-
-  public void testP103() throws Exception {
-    try {
-      // read configuration and set up LoginParameterResolver
-      setUp("https://localhost:9443/");
-      if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH))
-        fail();
-
-      // assemble authentication data
-      AuthenticationData authData = new AuthenticationData();
-      boolean PUBLIC_AUTH = true;
-      String BKZ = "FinanzamtWien23Leitstelle";
-      boolean QUAL_CERT = false;
-      String STAMMZAHL = "3456789012";
-      authData.setPublicAuthority(PUBLIC_AUTH);
-      authData.setPublicAuthorityCode(BKZ);
-      authData.setQualifiedCertificate(QUAL_CERT);
-      authData.setIdentificationValue(STAMMZAHL);
-
-      // resolve login headers
-      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
-      // validate login headers
-      assertEquals(5, loginHeaders.keySet().size());
-      System.out.println("Header Param1: " + loginHeaders.get("Param1"));
-      System.out.println("Header Param2: " + loginHeaders.get("Param2"));
-      System.out.println("Header Param3: " + loginHeaders.get("Param3"));
-      System.out.println("Header Param4: " + loginHeaders.get("Param4"));
-      System.out.println("Header Param5: " + loginHeaders.get("Param5"));
-      assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1"));
-      assertEquals(BKZ, loginHeaders.get("Param2"));
-      assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3"));
-      assertEquals(STAMMZAHL, loginHeaders.get("Param4"));
-      assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5"));
-      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
-    }
-    catch (Exception e) {
-      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
-      throw e;
-    }
-  }
+//
+//  private void setUp(String publicURLPrefix)
+//    throws Exception {
+//      
+//    // get configuration data
+//    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+//    OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
+//    oaConf = oaParam.getOaConfiguration();
+//    System.out.println("Parameterübergabe: " + oaConf.getAuthType());
+//
+//    // get login parameter resolver
+//    LoginParameterResolverFactory.initialize();
+//    lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+//  }
+//  public void testP101() throws Exception {
+//    try {
+//      // read configuration and set up LoginParameterResolver
+//      setUp("https://testP101:9443/");
+//      if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH))
+//        fail();
+//
+//      // assemble authentication data
+//      AuthenticationData authData = new AuthenticationData();
+//      authData.setFamilyName("Huber");
+//      authData.setGivenName("Hugo");
+//
+//      // resolve login headers
+//      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+//      // validate login headers
+//      assertEquals(1, loginHeaders.keySet().size());
+//      System.out.println("Header Authorization: " + loginHeaders.get("Authorization"));
+//      System.out.println("Decoded UserID:Password " + 
+//        new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6))));
+//      String userIDPassword = "Hugo:Huber";
+//      String credentials = Base64Utils.encode(userIDPassword.getBytes());
+//      assertEquals("Basic " + credentials, loginHeaders.get("Authorization"));
+//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+//    }
+//    catch (Exception e) {
+//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+//      throw e;
+//    }
+//
+//  }
+//  public void testP102() throws Exception {
+//    try {
+//      // read configuration and set up LoginParameterResolver
+//      setUp("https://testP102:9443/");
+//      if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+//        fail();
+//
+//      // assemble authentication data
+//      AuthenticationData authData = new AuthenticationData();
+//      String DATE_OF_BIRTH = "1963-12-29";
+//      String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
+//      authData.setDateOfBirth(DATE_OF_BIRTH);
+//      authData.setBPK(VPK);
+//
+//      // resolve login parameters
+//      Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+//      // validate login headers
+//      assertEquals(2, loginParameters.keySet().size());
+//      System.out.println("Param1: " + loginParameters.get("Param1"));
+//      System.out.println("Param2: " + loginParameters.get("Param2"));
+//      assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1"));
+//      assertEquals(VPK, loginParameters.get("Param2"));
+//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+//    }
+//    catch (Exception e) {
+//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+//      throw e;
+//    }
+//  }
+//
+//  public void testP103() throws Exception {
+//    try {
+//      // read configuration and set up LoginParameterResolver
+//      setUp("https://localhost:9443/");
+//      if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH))
+//        fail();
+//
+//      // assemble authentication data
+//      AuthenticationData authData = new AuthenticationData();
+//      boolean PUBLIC_AUTH = true;
+//      String BKZ = "FinanzamtWien23Leitstelle";
+//      boolean QUAL_CERT = false;
+//      String STAMMZAHL = "3456789012";
+//      authData.setPublicAuthority(PUBLIC_AUTH);
+//      authData.setPublicAuthorityCode(BKZ);
+//      authData.setQualifiedCertificate(QUAL_CERT);
+//      authData.setIdentificationValue(STAMMZAHL);
+//
+//      // resolve login headers
+//      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+//      // validate login headers
+//      assertEquals(5, loginHeaders.keySet().size());
+//      System.out.println("Header Param1: " + loginHeaders.get("Param1"));
+//      System.out.println("Header Param2: " + loginHeaders.get("Param2"));
+//      System.out.println("Header Param3: " + loginHeaders.get("Param3"));
+//      System.out.println("Header Param4: " + loginHeaders.get("Param4"));
+//      System.out.println("Header Param5: " + loginHeaders.get("Param5"));
+//      assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1"));
+//      assertEquals(BKZ, loginHeaders.get("Param2"));
+//      assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3"));
+//      assertEquals(STAMMZAHL, loginHeaders.get("Param4"));
+//      assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5"));
+//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+//    }
+//    catch (Exception e) {
+//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+//      throw e;
+//    }
+//  }
 }
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
index f873f2c3f..db7aa9719 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -45,7 +45,7 @@ public class AuthenticationServerTest extends UnitTestCase {
   public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
   	String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
   	AuthenticationServer server = AuthenticationServer.getInstance();
-  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null);
+  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null, null);
   	String sessionID = parseSessionIDFromForm(htmlForm);
   	String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
     HashMap parameters = new HashMap(1);
diff --git a/pom.xml b/pom.xml
index e60eeb382..c0df961d2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -242,19 +242,19 @@
             <dependency>

                 <groupId>iaik.prod</groupId>

                 <artifactId>iaik_jce_full</artifactId>

-                <version>3.18_MOA</version>

+                <version>4.0_MOA</version>

                 <scope>compile</scope>

             </dependency>

             <dependency>

                 <groupId>iaik.prod</groupId>

                 <artifactId>iaik_moa</artifactId>

-                <version>1.28</version>

+                <version>1.29</version>

                 <scope>compile</scope>

             </dependency>

             <dependency>

                 <groupId>iaik.prod</groupId>

                 <artifactId>iaik_cms</artifactId>

-                <version>4.01_MOA</version>

+                <version>4.1_MOA</version>

                 <scope>compile</scope>

             </dependency>

             <dependency>

diff --git a/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar
new file mode 100644
index 000000000..8d41ba860
--- /dev/null
+++ b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar
diff --git a/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom
new file mode 100644
index 000000000..19c21e912
--- /dev/null
+++ b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?><project>

+  <modelVersion>4.0.0</modelVersion>

+  <groupId>iaik.prod</groupId>

+  <artifactId>iaik_cms</artifactId>

+  <version>4.1_MOA</version>

+</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/maven-metadata.xml b/repository/iaik/prod/iaik_cms/maven-metadata.xml
index 8e46e3d1f..4a224aeab 100644
--- a/repository/iaik/prod/iaik_cms/maven-metadata.xml
+++ b/repository/iaik/prod/iaik_cms/maven-metadata.xml
@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_cms</artifactId>
-  <version>4.0_MOA</version>
+  <version>4.1_MOA</version>
   <versioning>
-    <latest>4.0_MOA</latest>
-    <release>4.0_MOA</release>
+    <latest>4.1_MOA</latest>
+    <release>4.1_MOA</release>
     <versions>
       <version>4.0_MOA</version>
       <version>4.01_MOA</version>
+      <version>4.1_MOA</version>
     </versions>
     <lastUpdated>20080423102941</lastUpdated>
   </versioning>
diff --git a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar
new file mode 100644
index 000000000..bacb70edc
--- /dev/null
+++ b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar
diff --git a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom
new file mode 100644
index 000000000..9610b3951
--- /dev/null
+++ b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?><project>

+  <modelVersion>4.0.0</modelVersion>

+  <groupId>iaik.prod</groupId>

+  <artifactId>iaik_jce_full</artifactId>

+  <version>4.0_MOA</version>

+</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
index c277a0cab..2726eb212 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_jce_full</artifactId>
-  <version>3.18_MOA</version>
+  <version>4.0_MOA</version>
   <versioning>
-    <latest>3.18_MOA</latest>
+    <latest>4.0_MOA</latest>
     <release>3.18_MOA</release>
     <versions>
       <version>3.16_MOA</version>
       <version>3.18_MOA</version>
+      <version>4.0_MOA</version>
     </versions>
     <lastUpdated>20090810170702</lastUpdated>
   </versioning>
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
index c277a0cab..f3091eb4f 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_jce_full</artifactId>
-  <version>3.18_MOA</version>
+  <version>4.0_MOA</version>
   <versioning>
-    <latest>3.18_MOA</latest>
-    <release>3.18_MOA</release>
+    <latest>4.0_MOA</latest>
+    <release>4.0_MOA</release>
     <versions>
       <version>3.16_MOA</version>
       <version>3.18_MOA</version>
+      <version>4.0_MOA</version>
     </versions>
     <lastUpdated>20090810170702</lastUpdated>
   </versioning>
diff --git a/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar
new file mode 100644
index 000000000..95a6773a6
--- /dev/null
+++ b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar
diff --git a/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom
new file mode 100644
index 000000000..e94fe3f49
--- /dev/null
+++ b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?><project>

+  <modelVersion>4.0.0</modelVersion>

+  <groupId>iaik.prod</groupId>

+  <artifactId>iaik_moa</artifactId>

+  <version>1.29</version>

+</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/maven-metadata-MOA.xml b/repository/iaik/prod/iaik_moa/maven-metadata-MOA.xml
index 1126afd0e..32e4aad37 100644
--- a/repository/iaik/prod/iaik_moa/maven-metadata-MOA.xml
+++ b/repository/iaik/prod/iaik_moa/maven-metadata-MOA.xml
@@ -9,6 +9,7 @@
       <version>1.26</version>
       <version>1.27</version>
       <version>1.28</version>
+      <version>1.29</version>
     </versions>
     <lastUpdated>20090810074128</lastUpdated>
   </versioning>
diff --git a/repository/iaik/prod/iaik_moa/maven-metadata-local.xml b/repository/iaik/prod/iaik_moa/maven-metadata-local.xml
index ba853331b..ced753edc 100644
--- a/repository/iaik/prod/iaik_moa/maven-metadata-local.xml
+++ b/repository/iaik/prod/iaik_moa/maven-metadata-local.xml
@@ -2,10 +2,10 @@
 <metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_moa</artifactId>
-  <version>1.28</version>
+  <version>1.29</version>
   <versioning>
     <versions>
-      <version>1.28</version>
+      <version>1.29</version>
     </versions>
     <lastUpdated>20100618102247</lastUpdated>
   </versioning>
diff --git a/spss/pom.xml b/spss/pom.xml
index ce76a939d..c5ecda04d 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -10,7 +10,7 @@
     <groupId>MOA</groupId>
     <artifactId>spss</artifactId>
     <packaging>pom</packaging>
-    <version>1.5.x</version>
+    <version>1.5.0</version>
     <name>MOA SP/SS</name>
 
     <properties>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 8230358e9..52790e1d1 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -4,7 +4,9 @@
 
 - Fixed Bug #548 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=548&group_id=6&atid=105)
 - IAIK Libraries aktualisiert:
-	iaik-moa:           @TODO
+	iaik-moa:           Version 1.29
+	iaik_jce_full:		Version 4.0_MOA
+	iaik_cms:			Version 4.1_MOA
 
 
 ##############
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index 56015c35d..703de0dc0 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -1,11 +1,11 @@
 
 ======================================================================
-  Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.8
+  Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.0
 ======================================================================
 
 Es gibt zwei Möglichkeiten (im Folgenden als "Update Variante A" und 
 "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version
-1.4.8 durchzuführen. Update Variante A geht dabei den Weg über eine 
+1.5.0 durchzuführen. Update Variante A geht dabei den Weg über eine 
 vorangestellte Neuinstallation, während Variante B direkt eine  
 bestehende Installation aktualisiert.
 
@@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation
 CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation
 
 MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei
-moa-spss-1.4.8.zip entpackt haben.
+moa-spss-1.5.0.zip entpackt haben.
 
 =================
 Update Variante A 
@@ -53,7 +53,7 @@ Update Variante B
 1.)	Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses
 	Ihrer MOA-SPSS-Installation.
 	
-2.)	Entpacken Sie die Datei "moa-spss-1.4.8.zip" in das Verzeichnis MOA_SPSS_INST.
+2.)	Entpacken Sie die Datei "moa-spss-1.5.0.zip" in das Verzeichnis MOA_SPSS_INST.
 
 3.)	Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
 	JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index 566784796..f6b8b4392 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -27,10 +27,11 @@ import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
-import java.util.Vector;
 
 import javax.xml.parsers.ParserConfigurationException;
 
+import org.apache.xerces.dom.CoreDocumentImpl;
+import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -70,19 +71,30 @@ import at.gv.egovernment.moa.util.XPathUtils;
 /**
  * A class to create <code>DataObject</code>s contained in different
  * locations of the MOA XML request format.
- * 
+ *
  * @author Patrick Peck
  * @author Gregor Karlinger
  * @version $Id$
  */
 public class DataObjectFactory {
 
+  /**
+   * XPATH for registering ID attributes of known schemas if
+   * validating parsing fails.
+   */
+  private static final String XPATH =
+    "descendant-or-self::node()[" +
+    "namespace-uri()='http://www.w3.org/2000/09/xmldsig#' " +
+    "or namespace-uri()='http://reference.e-government.gv.at/namespace/persondata/20020228#' " +
+    "or starts-with(namespace-uri(), 'http://uri.etsi.org/01903/')" +
+    "]/attribute::Id";
+
   /** The single instance of this class. */
   private static DataObjectFactory instance = null;
 
   /**
    * Return the only instance of this class.
-   * 
+   *
    * @return The only instance of this class.
    */
   public static synchronized DataObjectFactory getInstance() {
@@ -94,7 +106,7 @@ public class DataObjectFactory {
 
   /**
    * Create a new <code>DataObjectFactory</code>.
-   * 
+   *
    * Protected to disallow multiple instances.
    */
   protected DataObjectFactory() {
@@ -104,8 +116,8 @@ public class DataObjectFactory {
    * Return the signature environment, i.e., the root element of the
    * document, into which the signature will be inserted (if created) or which
    * contains the signature (if verified).
-   * 
-   * @param content The <code>Content</code> object containing the signature 
+   *
+   * @param content The <code>Content</code> object containing the signature
    * environment.
    * @param supplements Additional schema or DTD information.
    * @return The signature environment or <code>null</code>, if no
@@ -128,7 +140,7 @@ public class DataObjectFactory {
     checkAllowContentAndReference(content, false);
 
     // build the EntityResolver for validating parsing
-    if (supplements == null || supplements.isEmpty()) {
+    if ((supplements == null) || supplements.isEmpty()) {
       entityResolver = new MOAEntityResolver();
     } else {
       EntityResolverChain chain = new EntityResolverChain();
@@ -195,7 +207,7 @@ public class DataObjectFactory {
             Element element =
               checkForSingleElement(((ContentXML) content).getXMLContent());
             contentBytes = DOMUtils.serializeNode(element, "UTF-8");
-            
+
             break;
           }
         default : {
@@ -208,25 +220,27 @@ public class DataObjectFactory {
       throw new MOAApplicationException("2219", null);
     }
 
-    // For logging in Debug-Mode: Mask baseid with xxx
-    String logString = new String(contentBytes);
-    // TODO use RegExp
-    String startS = "<pr:Identification><pr:Value>";
-    String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
-    String logWithMaskedBaseid = logString;
-    int start = logString.indexOf(startS);
-    if (start > -1) {
-       int end = logString.indexOf(endS);
-       if (end > -1) {
+    if (Logger.isTraceEnabled()) {
+      // For logging in Debug-Mode: Mask baseid with xxx
+      String logString = new String(contentBytes);
+      // TODO use RegExp
+      String startS = "<pr:Identification><pr:Value>";
+      String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+      String logWithMaskedBaseid = logString;
+      int start = logString.indexOf(startS);
+      if (start > -1) {
+        int end = logString.indexOf(endS);
+        if (end > -1) {
           logWithMaskedBaseid = logString.substring(0, start);
           logWithMaskedBaseid += startS;
           logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
           logWithMaskedBaseid += logString.substring(end, logString.length());
-       }
+        }
+      }
+
+      // try to parse validating
+      Logger.trace(">>> parsing the following content: \n" + logWithMaskedBaseid);
     }
-    
-    // try to parse validating
-    Logger.trace(">>> parsing the following content: \n" + logWithMaskedBaseid);
     try {
       ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
       Document doc =
@@ -250,6 +264,21 @@ public class DataObjectFactory {
     try {
       ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
       Document doc = DOMUtils.parseDocument(is, false, null, null);
+      // Since the parse tree will not contain any post schema validation information,
+      // we need to register any attributes known to be of type xsd:Id manually.
+      NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH);
+      for (int i = 0; i < idAttributes.getLength(); i++) {
+        Node item = idAttributes.item(i);
+        if (item instanceof Attr) {
+          Attr attr = (Attr) item;
+          Element owner = attr.getOwnerElement();
+          // Only available in DOM-Level 3 (Java 1.5):
+          // owner.setIdAttributeNode(attr, true);
+          if (doc instanceof CoreDocumentImpl) {
+            ((CoreDocumentImpl) doc).putIdentifier(attr.getValue(), owner);
+          }
+        }
+      }
       return new XMLDataObjectImpl(doc.getDocumentElement());
     } catch (Exception e) {
       throw new MOAApplicationException("2218", null);
@@ -258,11 +287,11 @@ public class DataObjectFactory {
 
   /**
    * Create an <code>XMLDataObject</code> from the given signature environment.
-   * 
+   *
    * @param signatureEnvironment The signature environment contained in the
    * result.
    * @param uri The URI identifying the data. This must be either the empty
-   * URI, an URI starting with <code>"#xpointer"</code>, <code>"#xmlns"</code> 
+   * URI, an URI starting with <code>"#xpointer"</code>, <code>"#xmlns"</code>
    * or <code>"#element"</code>; or an URI starting with <code>"#"</code> and
    * followed by an element ID.
    * @param referenceID The reference ID to set for the data object.
@@ -312,16 +341,16 @@ public class DataObjectFactory {
   }
 
   /**
-   * Build a <code>StreamEntityResolver</code> from a <code>List</code> of 
+   * Build a <code>StreamEntityResolver</code> from a <code>List</code> of
    * supplements.
-   * 
-   * @param supplements The supplements, given as 
+   *
+   * @param supplements The supplements, given as
    * <code>XMLDataObjectAssociation</code>s.
    * @return A <code>StreamEntityResolver</code> mapping the supplements by
    * their reference URI to an <code>InputStream</code> of their respective
-   * content. 
+   * content.
    */
-  private static StreamEntityResolver buildSupplementEntityResolver(List supplements) 
+  private static StreamEntityResolver buildSupplementEntityResolver(List supplements)
     throws MOAApplicationException
   {
     Map entities = new HashMap();
@@ -342,10 +371,10 @@ public class DataObjectFactory {
         case Content.LOCREF_CONTENT:
           {
         	String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
-        	
+
             TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
         	if (context.FindResolvedEntity(locRefURI)==null) {
-	
+
 	            ExternalURIResolver uriResolver = new ExternalURIResolver();
 	            InputStream uriStream = null;
 	            byte[] contentBytes;
@@ -378,17 +407,18 @@ public class DataObjectFactory {
             int i = 0;
 
             // find the first element node
-            while (i < nodes.getLength()
-              && nodes.item(i).getNodeType() != Node.ELEMENT_NODE)
+            while ((i < nodes.getLength())
+              && (nodes.item(i).getNodeType() != Node.ELEMENT_NODE)) {
               i++;
+            }
 
             // serialize the node
             if (i < nodes.getLength()) {
-              try 
+              try
               {
                 byte[] serialized = DOMUtils.serializeNode(nodes.item(i), "UTF-8");
                 entities.put(reference, new ByteArrayInputStream(serialized));
-              } 
+              }
               catch (Exception e)
               {
                 throw new MOAApplicationException("2281", new Object[]{reference}, e);
@@ -404,7 +434,7 @@ public class DataObjectFactory {
 
   /**
    * Create a <code>DataObject</code> from a <code>Content</code> object.
-   * 
+   *
    * @param content The <code>Content</code> object containing the data.
    * @param finalDataMetaInfo The meta information corresponding with <code>content</code>.
    * @param referenceID The reference ID to set in the resulting
@@ -452,10 +482,10 @@ public class DataObjectFactory {
     checkAllowContentAndReference(content, allowContentAndReference);
 
     // ok, build the data object; use content first, if available
-    switch (content.getContentType()) 
+    switch (content.getContentType())
     {
       case Content.XML_CONTENT :
-      {  
+      {
         ContentXML contentXml = (ContentXML) content;
         dataObject = createFromXmlContent(contentXml, xmlAsNodeList);
         break;
@@ -499,7 +529,7 @@ public class DataObjectFactory {
   /**
    * Check, if content and reference URIs are allowed in the content an throw
    * an exception if an illegal combination of the two occurs.
-   * 
+   *
    * @param content The <code>Content</code> to check.
    * @param allowContentAndReference Whether explicit content and a reference
    * are allowed at the same time.
@@ -514,13 +544,13 @@ public class DataObjectFactory {
     String reference = content.getReference();
 
     // check for content and reference not being set
-    if (content.getContentType() == Content.REFERENCE_CONTENT
-      && reference == null) {
+    if ((content.getContentType() == Content.REFERENCE_CONTENT)
+      && (reference == null)) {
       String errorCode = allowContentAndReference ? "1111" : "1110";
       throw new MOAApplicationException(errorCode, null);
     }
 
-    // if we only allow either content or reference being set at once, check 
+    // if we only allow either content or reference being set at once, check
     if (!allowContentAndReference
       && (content.getContentType() != Content.REFERENCE_CONTENT)
       && (reference != null)) {
@@ -531,10 +561,10 @@ public class DataObjectFactory {
   /**
    * Create a <code>DataObject</code> from a
    * <code>XMLDataObjectAssociation</code> object.
-   * 
+   *
    * @param xmlDataObjAssoc The <code>XMLDataObjectAssociation</code> object.
    * @param xmlContentAllowed Whether the content contained in the
-   * <code>xmlDataObjAssoc</code> is allowed to be of type 
+   * <code>xmlDataObjAssoc</code> is allowed to be of type
    * <code>XML_CONTENT</code>.
    * @param binaryContentRepeatable If binary content must be provided as a
    * <code>DataObject</code> that can be read multiple times.
@@ -559,11 +589,11 @@ public class DataObjectFactory {
     switch (content.getContentType())
     {
       case Content.XML_CONTENT :
-      {  
+      {
         if (xmlContentAllowed)
         {
           dataObject = createFromXmlContent((ContentXML) content, true);
-        } 
+        }
         else
         {
           throw new MOAApplicationException("2280", null);
@@ -601,8 +631,8 @@ public class DataObjectFactory {
   /**
    * Create a <code>DataObject</code> from a <code>TransformParameter</code>
    * object.
-   * 
-   * @param transformParameter The <code>TransformParameter</code> object 
+   *
+   * @param transformParameter The <code>TransformParameter</code> object
    * containing the data.
    * @return A <code>DataObject</code> representing the data in
    * <code>root</code>.
@@ -662,7 +692,7 @@ public class DataObjectFactory {
 
   /**
    * Create a <code>DataObject</code> from data located at the given URI.
-   * 
+   *
    * @param uri The <code>URI</code> where the data is located. This method uses
    * an <code>ExternalURIResolver</code> to resolve URIs.
    * @param asXml If <code>true</code>, a <code>DataObject</code> is only
@@ -682,7 +712,7 @@ public class DataObjectFactory {
 
   /**
    * Create a <code>DataObject</code> from data located at the given URI.
-   * 
+   *
    * @param uri The <code>URI</code> where the data is located. This method uses
    * an <code>ExternalURIResolver</code> to resolve URIs.
    * @param asXml If <code>true</code>, a <code>DataObject</code> is only
@@ -701,7 +731,7 @@ public class DataObjectFactory {
     Logger.trace(">>> resolving uri \"" + uri + "\"");
 
     ExternalURIResolver resolver = new ExternalURIResolver();
-        
+
     TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
     InputStream is = context.ResolveURI(uri);
     String contentType = null;
@@ -718,12 +748,12 @@ public class DataObjectFactory {
     DataObjectImpl dataObject;
 
     // read the content
-    if (contentType != null && contentTypeIsXml(contentType)) {
+    if ((contentType != null) && contentTypeIsXml(contentType)) {
       Document doc;
 
       if (asXml) {
         try {
-          // try parsing non-validating: this has to succeed or we 
+          // try parsing non-validating: this has to succeed or we
           // bail out by throwing an exception
           is = resolver.resolve(uri);
           doc = DOMUtils.parseDocument(is, false, null, null);
@@ -767,14 +797,14 @@ public class DataObjectFactory {
           Logger.trace(">>> read stream for \"" + uri + "\"");
         }
       }
-    } 
-    
-    else if (asXml) 
+    }
+
+    else if (asXml)
     {
       // if we need XML data, we're in the wrong place here
       closeInputStream(is);
       throw new MOAApplicationException("2211", new Object[] { uri });
-    } 
+    }
     else
     {
       // content is binary: make it available as a binary input stream
@@ -805,20 +835,22 @@ public class DataObjectFactory {
     dataObject.setURI(uri);
 
     Logger.trace("<<< resolved uri \"" + uri + "\"");
-    
+
     return dataObject;
   }
 
   /**
    * Savely closes the specified input stream.
-   * 
+   *
    * @param is The input stream to be closed.
    */
   private static void closeInputStream(InputStream is)
   {
     try
     {
-      if (is != null) is.close();
+      if (is != null) {
+        is.close();
+      }
     }
     catch (Throwable t)
     {
@@ -828,10 +860,10 @@ public class DataObjectFactory {
 
   /**
    * Determine whether the content type is XML.
-   * 
+   *
    * Content types recognized as XML start with <code>text/xml</code> and
    * <code>application/xml</code>.
-   * 
+   *
    * @param contentType The content MIME type.
    * @return boolean If <code>true</code>, the content type is XML, otherwise
    * not.
@@ -842,8 +874,8 @@ public class DataObjectFactory {
   }
 
   /**
-   * Create a <code>DataObject</code> from a <code>ContentXML</code> object. 
-   * 
+   * Create a <code>DataObject</code> from a <code>ContentXML</code> object.
+   *
    * @param xmlContent The <code>ContentXML</code> object from
    * which the <code>DataObject</code> is to be built.
    * @param xmlAsNodeList If <code>true</code>, the children of
@@ -879,7 +911,7 @@ public class DataObjectFactory {
   /**
    * Check, that the given <code>NodeList</code> contains a single DOM element
    * node and return it, otherwise throw an exception.
-   * 
+   *
    * @param nodes The <code>NodeList</code> to check for a single element.
    * @return The single element contained in <code>nodes</code>.
    * @throws MOAApplicationException Thrown, if <code>nodes</code> does not
@@ -912,11 +944,11 @@ public class DataObjectFactory {
 
   /**
    * Create a <code>DataObject</code> from a <code>ContentBinary</code> object.
-   * 
+   *
    * @param binaryContent The <code>ContentBinary</code> object containing the
    * data.
    * @param asXml If <code>true</code>, <code>binaryContent</code> must
-   * contain XML data. Otherwise, a <code>BinaryDataObject</code> will be 
+   * contain XML data. Otherwise, a <code>BinaryDataObject</code> will be
    * returned containing a byte stream to the decoded Base64 data.
    * @param repeatable If multiple calls to <code>getInputStream()</code> must
    * repeatedly return the content of the data object.