Merge tag 'MOA-ID-3.4.2'

169 files changed, 6560 insertions, 2264 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index d249fa597..39cd0980b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -111,6 +111,9 @@ public class ConfigurationProvider {
 		
 	private void inizialize() throws ConfigurationException {
 		
+		log.info("Set SystemProperty for UTF-8 file.encoding as default");
+		System.setProperty("file.encoding", "UTF-8");
+		
 		configFileName = System.getProperty(SYSTEM_PROP_CONFIG);
 		
 	    if (configFileName == null) {
@@ -633,6 +636,7 @@ public class ConfigurationProvider {
 				try {
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
 							"MOAMetaDataProvider",
+							true,
 							ConfigurationProvider.getInstance().getCertStoreDirectory(), 
 							ConfigurationProvider.getInstance().getTrustStoreDirectory(),
 							null,
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index 381bf5cc7..b2671302c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -59,6 +59,8 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 	private static List<String> identificationTypeList = null;
 
 	private String foreignbPKTargets = null;
+	private String additionalbPKTargets = null;
+	private boolean eidDemoActive = false;
 	
 	public OATargetConfiguration() {
 		 targetList = TargetValidator.getListOfTargets();
@@ -165,7 +167,26 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 				
 			}
 		}
+		
+		//parse additional bPK sector list
+		if (dbOA.getAdditionalbPKTargetList() != null) {
+			if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList()))
+				additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList());
 			
+			else {
+				if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) {
+					//remove trailing comma if exist
+					additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, 
+							dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER));
+												
+				} else
+					additionalbPKTargets = dbOA.getAdditionalbPKTargetList();
+				
+			}
+		}
+		
+		//parse 'Austrian eID mode'  flag
+		eidDemoActive = dbOA.getIseIDDemoModeActive();
 		
 		
 		return null;
@@ -277,7 +298,9 @@ public class OATargetConfiguration implements IOnlineApplicationData {
             }
         }
         
-        dbOA.setForeignbPKTargetList(getForeignbPKTargets());
+        dbOA.setForeignbPKTargetList(getForeignbPKTargets());        
+        dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets());
+        dbOA.setIseIDDemoModeActive(isEidDemoActive());
         
 		return null;
 	}
@@ -441,6 +464,32 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 		else
 			this.foreignbPKTargets = foreignbPKTargets;
 	}
+
+
+	public String getAdditionalbPKTargets() {
+		return additionalbPKTargets;
+	}
+
+
+	public void setAdditionalbPKTargets(String additionalbPKTargets) {
+		if (MiscUtil.isNotEmpty(additionalbPKTargets))
+			this.additionalbPKTargets = 
+				KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets);
+		else
+			this.additionalbPKTargets = additionalbPKTargets;
+
+	}
+
+
+	public boolean isEidDemoActive() {
+		return eidDemoActive;
+	}
+
+
+	public void setEidDemoActive(boolean eidDemoActive) {
+		this.eidDemoActive = eidDemoActive;
+	}
+	
 	
 	
     
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 8b41823e1..cbb7c88b2 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -129,6 +129,7 @@ public class OAPVP2ConfigValidation {
 								try {
 									MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
 											"MOAMetaDataProvider",
+											true,
 											ConfigurationProvider.getInstance().getCertStoreDirectory(), 
 											ConfigurationProvider.getInstance().getTrustStoreDirectory(),
 											null,
@@ -145,7 +146,7 @@ public class OAPVP2ConfigValidation {
 									log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
 								
 								} catch (ConfigurationException e) {
-									log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
+									log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.");
 								
 								} 
 
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 2a57620bb..fbd6fedcd 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -242,8 +242,7 @@ webpages.oaconfig.general.mandate.elgaservice.selected=ELGA Vollmachten Service
 webpages.oaconfig.general.friendlyname=Name der Online-Applikation
 webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation
 webpages.oaconfig.general.isstorkservice=Stork Applikation
-webpages.oaconfig.general.public.header=&Ouml;ffentlicher Bereich
-webpages.oaconfig.general.foreignbpk.header=Fremd-bPK Konfiguration 
+webpages.oaconfig.general.public.header=&Ouml;ffentlicher Bereich 
 webpages.oaconfig.general.stork.header=STORK Bereich
 webpages.oaconfig.general.stork.countrycode=Landesvorwahl
 webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar)
@@ -263,8 +262,11 @@ webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame
 webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
-webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV)
 
+webpages.oaconfig.general.neweid.header=Demo-Modus zur Simulation der Austrian eID 
+webpages.oaconfig.general.neweid.activate=Demo-Modus aktivieren
+webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV)
+webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV)
 
 webpages.oaconfig.general.szrgw.header=Zentraler nationaler eIDAS Connector
 webpages.oaconfig.general.szrgw.selected=URL zum zentralen eIDAS Connector
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 6b6fe9193..f49bbfdc8 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -249,7 +249,6 @@ webpages.oaconfig.general.friendlyname=Name of the Online-Application
 webpages.oaconfig.general.isbusinessservice=Private sector application
 webpages.oaconfig.general.isstorkservice=Stork application
 webpages.oaconfig.general.public.header=Public sector
-webpages.oaconfig.general.foreignbpk.header=Foreign sectors configuration
 webpages.oaconfig.general.stork.header=STORK sector
 webpages.oaconfig.general.stork.countrycode=Country code
 webpages.oaconfig.general.target.friendlyname=Name of the sector (arbitrary defined)
@@ -269,7 +268,11 @@ webpages.oaconfig.general.aditional.iframe=Selection of citizen card in IFrame
 webpages.oaconfig.general.aditional.useUTC=Use UTC time
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
+
+webpages.oaconfig.general.neweid.header=Demo-mode to simulate new Austrian eID 
+webpages.oaconfig.general.neweid.activate=Activate demo-mode
 webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV)
+webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV)
 
 webpages.oaconfig.general.szrgw.header=Central national eIDAS Connector
 webpages.oaconfig.general.szrgw.selected=URL to central eIDAS Connector
diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
index 4118c94f4..b94368ac6 100644
--- a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
+++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
@@ -27,17 +27,6 @@
 			<param-value>^.*((/index.action.*)|(/error.action.*)|(/authenticate.action.*)|(/pvp2login.action.*)|(/mailAddressVerification.action.*)|(/logout.action)|(/jsp/.*)|(/css/.*)|(/servlet/.*)|(/images/.*)|(/js/.*))$</param-value>
 		</init-param>
 	</filter>
-	<filter-mapping>
-		<filter-name>AuthenicationFiler</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-	
-	
-<!--   	
- 	<filter>
-	    <filter-name>sitemash</filter-name>
-	    <filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
-	</filter> -->
 	 	
 	<filter>
 		<filter-name>struts2</filter-name>
@@ -105,21 +94,23 @@
 		<url-pattern>/servlet/sloBackChannel</url-pattern>
 	</servlet-mapping>
    
-<!--  	<filter-mapping>
-	    <filter-name>sitemash</filter-name>
-	    <url-pattern>/*</url-pattern>
-	</filter-mapping> -->
-	
+
+<!-- Set filter order -->
   <filter-mapping>
-		<filter-name>struts2</filter-name>
-		<url-pattern>*.action</url-pattern>
+		<filter-name>AuthenicationFiler</filter-name>
+		<url-pattern>/*</url-pattern>
   </filter-mapping>
-  
+
   <filter-mapping>
 		<filter-name>EncodingFilter</filter-name>
 		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-  	
+  </filter-mapping>
+	
+  <filter-mapping>
+		<filter-name>struts2</filter-name>
+		<url-pattern>*.action</url-pattern>
+  </filter-mapping>
+    	
  	<session-config>
     <session-timeout>45</session-timeout>
   </session-config>  	
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index a61ce3053..367dc445d 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -112,8 +112,17 @@
 						</div>
 					</s:if>
 					
+										
 					<div id="oa_config_foreignbPKArea" class="oa_config_block">
-						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.foreignbpk.header", request) %></h3>
+						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %></h3>
+						
+						<s:checkbox name="targetConfig.eidDemoActive" 
+								value="%{targetConfig.eidDemoActive}"
+								labelposition="left"
+								key="webpages.oaconfig.general.neweid.activate"
+								cssClass="checkbox">
+						</s:checkbox>
+						
 						<s:textarea name="targetConfig.foreignbPKTargets" 
 									value="%{targetConfig.foreignbPKTargets}" 
 									labelposition="left"
@@ -123,6 +132,16 @@
 									requiredLabel="true"
 									style="height:120px;">								
 						</s:textarea>
+						
+						<s:textarea name="targetConfig.additionalbPKTargets" 
+									value="%{targetConfig.additionalbPKTargets}" 
+									labelposition="left"
+									key="webpages.oaconfig.general.additionalbpks.sectors"
+									cssClass="textfield_long"
+									rows="6"								
+									requiredLabel="true"
+									style="height:120px;">								
+						</s:textarea>
 					
 					</div>
 					
diff --git a/id/history.txt b/id/history.txt
index 187aaf514..b38381753 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -1,5 +1,15 @@
 Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.

 

+Version MOA-ID Release 3.4.2: Änderungen seit Version MOA-ID 3.4.1

+- Änderungen 

+   - Bugfix - Update Redis Backend to solve problems with Spring dependencies

+   - Bugfix - Add missing error logging in some servlets

+   - Bugfix - UTF-8 encoding problem in configuration-tool

+   - Update third-party libraries to solve a possible problem during certificate validation

+   - Add config-flag to use JVM TrustStore for SSL validation instead of MOA-ID specific TrustStore

+   - Add SignerCertificate into AuthenticationData in case of Security-Layer 2.0

+   - Add demo-mode for new 'Austrian eID'   

+

 Version MOA-ID Release 3.4.1: Änderungen seit Version MOA-ID 3.4.0

 - Änderungen

    - Security-Fix - Struts2 (CVE-2018-11776)

diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
index 2d6f7c9a9..1e5762f04 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
@@ -192,6 +192,7 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements
 							try {
 								MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
 										"MOAMetaDataProvider",
+										true,
 										MOAIDWebGUIConfiguration.getInstance().getCertStoreDirectory(), 
 										MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(),
 										null,
@@ -208,7 +209,7 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements
 								log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
 								
 							} catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) {
-								log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
+								log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.");
 								
 							} 
 
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
index 27b45fa78..950d97908 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
@@ -215,6 +215,13 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa
 			
 		}
 		
+		//validate foreign bPK targets
+		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS);
+		if (MiscUtil.isNotEmpty(check)) {
+			log.debug("Find additional bPK targets, but no validation is required");
+			
+		}
+		
 		if (!errors.isEmpty())
 			throw new ConfigurationTaskValidationException(errors);
 				
diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml
index 1a2a5750d..1cd269367 100644
--- a/id/moa-spss-container/pom.xml
+++ b/id/moa-spss-container/pom.xml
@@ -70,7 +70,7 @@
 		<dependency>
 			<groupId>MOA.spss</groupId>
 			<artifactId>tsl_lib</artifactId>
-			<version>2.0.1</version>
+			<version>2.0.2</version>
 		</dependency>						
 		<dependency>
 			<groupId>iaik.prod</groupId>
@@ -80,7 +80,7 @@
 		<dependency>
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_cpades</artifactId>
-			<version>2.3_moa</version>
+			<version>2.5.1_moa</version>
 		</dependency>
 		<dependency>
 			<groupId>iaik.prod</groupId>
@@ -90,25 +90,25 @@
 		<dependency>
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_eccelerate</artifactId>
-			<version>4.02_eval</version>
+			<version>5.01</version>
 		</dependency>		
 
 	  <dependency>
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_eccelerate_addon</artifactId>
-			<version>4.02</version>
+			<version>5.01</version>
 		</dependency>
 								
 		<dependency>
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_eccelerate_cms</artifactId>
-			<version>4.02</version>
+			<version>5.01</version>
 		</dependency>		
 		<dependency>
-    	<groupId>iaik.prod</groupId>
-      <artifactId>iaik_jce_full</artifactId>
-      <!-- <scope>provided</scope> -->
-    </dependency>
+    		<groupId>iaik.prod</groupId>
+      		<artifactId>iaik_jce_full</artifactId>
+      		<!-- <scope>provided</scope> -->
+    	</dependency>
 		<dependency>
 			<groupId>iaik.prod</groupId>
 		  	<artifactId>iaik_jsse</artifactId>
@@ -117,12 +117,12 @@
 		<dependency>
     	<groupId>iaik.prod</groupId>
       <artifactId>iaik_moa</artifactId>
-      <version>2.05_withOutDB</version>
+      <version>2.06</version>
     </dependency>		
 		<dependency> 
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_pki_module</artifactId>
-			<version>1.04_moa</version>
+			<version>2.01_moa</version>
 		</dependency>		
 		<dependency>
 			<groupId>iaik.prod</groupId>
@@ -132,7 +132,7 @@
 		<dependency>
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_tsp</artifactId>
-			<version>2.31_eval</version>
+			<version>2.32_eval</version>
 		</dependency>		
 		<dependency>
 			<groupId>iaik.prod</groupId>
@@ -142,12 +142,12 @@
 		<dependency>
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_xades</artifactId>
-			<version>2.12_moa</version>
+			<version>2.13_moa</version>
 		</dependency>
 		<dependency>
 			<groupId>iaik.prod</groupId>
 			<artifactId>iaik_xsect</artifactId>
-			<version>2.12_moa</version>
+			<version>2.13_moa</version>
 		</dependency>		
 
 		
diff --git a/id/readme_3.4.2.txt b/id/readme_3.4.2.txt
new file mode 100644
index 000000000..4f668fe35
--- /dev/null
+++ b/id/readme_3.4.2.txt
@@ -0,0 +1,358 @@
+===============================================================================
+MOA ID Version Release 3.4.2 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 3.4.2 wurden folgende Neuerungen und Änderungen eingeführt, 
+die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch 
+history.txt im gleichen Verzeichnis).
+   
+- Änderungen
+   - Bugfix - Update Redis Backend to solve problems with Spring dependencies
+   - Bugfix - Add missing error logging in some servlets
+   - Bugfix - UTF-8 encoding problem in configuration-tool
+   - Update third-party libraries to solve a possible problem during certificate validation
+   - Add config-flag to use JVM TrustStore for SSL validation instead of MOA-ID specific TrustStore
+   - Add SignerCertificate into AuthenticationData in case of Security-Layer 2.0
+   - Add demo-mode for new 'Austrian eID'   
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend 
+angebebenen Updateschritte.
+
+Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 3.4.x
+reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
+Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
+Diese Datei dient dann als Basis für den Import in MOA-ID 3.4.x. 
+
+...............................................................................
+B.0 Durchführung eines Updates von Version 3.4.0 auf Version 3.4.2
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.4.2.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war 
+   als auch das komplette Verzeichnis moa-id-auth. 
+
+4 Umstellung auf Java JDK 9
+    Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 
+    nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+    entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in 
+    den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. 
+    Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+    Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+      
+  4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+	   JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+	
+  4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das 
+   Verzeichnis	JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr 
+   unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+   
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+   CATALINA_HOME_ID/webapps.
+   
+7. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 3.3.x auf Version 3.4.2
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.4.2.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war 
+   als auch das komplette Verzeichnis moa-id-auth. 
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+   CATALINA_HOME_ID/webapps.
+
+6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+   Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+6.1 Anbindung an zentralen nationalen eIDAS Connector   
+   > modules.eidascentralauth.keystore.path=
+   > modules.eidascentralauth.keystore.password=
+   > modules.eidascentralauth.metadata.sign.alias=
+   > modules.eidascentralauth.metadata.sign.password=
+   > modules.eidascentralauth.request.sign.alias= 
+   > modules.eidascentralauth.request.sign.password=
+   > modules.eidascentralauth.response.encryption.alias= 
+   > modules.eidascentralauth.response.encryption.password= 
+   > modules.eidascentralauth.node.trustprofileID=centralnode_metadata    
+
+7. Update der MOA-SPSS Konfiguration
+    a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+       - CATALINA_HOME\conf\moa-spss     
+    b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\centralnode_metadata
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\centralnode_metadata
+    c.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\profiles\SL20.*
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\profiles\           
+    d.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml 
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+         verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+           ...
+           <cfg:Id>centralnode_metadata</cfg:Id>
+					    <cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation>
+				   </cfg:TrustProfile>
+           ...
+           <cfg:VerifyTransformsInfoProfile>
+			       <cfg:Id>SL20Authblock_v1.0</cfg:Id>
+			       <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>      
+		       </cfg:VerifyTransformsInfoProfile>		
+		       <cfg:VerifyTransformsInfoProfile>
+			       <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id>
+			       <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location>      
+		       </cfg:VerifyTransformsInfoProfile>
+           ...
+             
+8. HTML Template updates
+8.1 Update der HTML Templates für Auswahl des zentralen nationalen eIDAS Connectors
+    Sollten Sie eigene     Modifikationen an den bestehenden Templates vorgenommen 
+    haben müssen die Anpassungen manuell in die neuen Templates übertragen werden. 
+    MOA-ID 3.4.0 kann jedoch auch mit den bestehenden Templates betrieben werden, sofern
+    keine Unterstützung für eIDAS benötigt wird.
+    a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+       - CATALINA_HOME\conf\moa-id\htmlTemplates
+       - CATALINA_HOME\conf\moa-id-configuration\htmlTemplates     
+    b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+         in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates          
+    d.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+         in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.     
+
+9. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+    Diese Schitte können erst nach der Installation und dem Start der Applikation
+    moa-id-configuration.war durchgeführt werden
+9.1 Anbindung an zentralen nationalen eIDAS Connector 
+    a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der verwendbaren 
+        zentralen nationalen eIDAS Connectoren. 
+        
+    b.) Auswahl des gewünschten zentraler nationaler eIDAS Connector je Online-Applikation
+        sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. 
+        Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+10.  Optionale Updates:
+10.1 Unterstützung der neuen VDA Schnittstelle via Security-Layer 2.0:
+      Hierbei handelt es sich um eine Authentifizierungsschnittstelle im Beta Status
+      da die Spezifikation der Schnittstelle noch nicht Final ist. Die Schnittstelle ist in 
+      MOA-ID funktional umgesetzt, es kann jedoch noch offene Punkte bezüglich Fehlerhändlung
+      und Logging geben. 
+      a.) Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+          Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+          > modules.sl20.security.keystore.path=keys/sl20.jks
+          > modules.sl20.security.keystore.password=password
+          > modules.sl20.security.sign.alias=signing
+          > modules.sl20.security.sign.password=password
+          > modules.sl20.security.encryption.alias=encryption
+          > modules.sl20.security.encryption.password=password
+         
+      b.) Aktivierung je Online-Applikation im Web-basierten Konfigurationstool
+          Die neue VDA-Schnittstelle muss je Online-Applikation aktiviert werden, wobei 
+          die Aktivierung im Abschnitt "Security Layer für mobile Authententifizierung" 
+          der Online-Applikationskonfiguration erfolgt. 
+
+10.2 Umstellung auf Java JDK 9
+      Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 
+      nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+      entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in 
+      den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+      Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+      Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+      
+  10.2.1 Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+	   JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+	
+  10.2.2 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das 
+   Verzeichnis	JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr 
+   unterstuetzt).   
+   
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+    Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+################################################################################################################
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 3.2.x auf Version 3.4.2
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.4.2.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war 
+   als auch das komplette Verzeichnis moa-id-auth. 
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+   CATALINA_HOME_ID/webapps.
+
+6. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+	 JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+	
+7. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das 
+   Verzeichnis	JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr 
+   unterstuetzt).
+
+8. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+   CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+   
+9. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das 
+   Verzeichnis	CATALINA_HOME_ID\endorsed.
+
+10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+    Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+10.1 Anbindung an zentralen nationalen eIDAS Connector   
+    > modules.eidascentralauth.keystore.path=
+    > modules.eidascentralauth.keystore.password=
+    > modules.eidascentralauth.metadata.sign.alias=
+    > modules.eidascentralauth.metadata.sign.password=
+    > modules.eidascentralauth.request.sign.alias= 
+    > modules.eidascentralauth.request.sign.password=
+    > modules.eidascentralauth.response.encryption.alias= 
+    > modules.eidascentralauth.response.encryption.password= 
+    > modules.eidascentralauth.node.trustprofileID=centralnode_metadata    
+
+11. Update der MOA-SPSS Konfiguration
+    a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+       - CATALINA_HOME\conf\moa-spss     
+    b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\centralnode_metadata
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\centralnode_metadata
+    c.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\profiles\SL20.*
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\profiles\           
+    d.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml 
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+         verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+           ...
+           <cfg:Id>centralnode_metadata</cfg:Id>
+					    <cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation>
+				   </cfg:TrustProfile>
+           ...
+           <cfg:VerifyTransformsInfoProfile>
+			       <cfg:Id>SL20Authblock_v1.0</cfg:Id>
+			       <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>      
+		       </cfg:VerifyTransformsInfoProfile>		
+		       <cfg:VerifyTransformsInfoProfile>
+			       <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id>
+			       <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location>      
+		       </cfg:VerifyTransformsInfoProfile>
+           ...
+
+12. HTML Template updates
+12.1 Update der HTML Templates für Auswahl des zentralen nationalen eIDAS Connectors
+     Sollten Sie eigene     Modifikationen an den bestehenden Templates vorgenommen 
+     haben müssen die Anpassungen manuell in die neuen Templates übertragen werden. 
+     MOA-ID 3.4.0 kann jedoch auch mit den bestehenden Templates betrieben werden, sofern
+     keine Unterstützung für eIDAS benötigt wird.
+     a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+        - CATALINA_HOME\conf\moa-id\htmlTemplates
+        - CATALINA_HOME\conf\moa-id-configuration\htmlTemplates     
+     b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+          in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates          
+     d.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+          in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.     
+
+13. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+     Diese Schitte können erst nach der Installation und dem Start der Applikation
+     moa-id-configuration.war durchgeführt werden
+13.1 Anbindung an zentralen nationalen eIDAS Connector 
+     a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der verwendbaren 
+         zentralen nationalen eIDAS Connectoren. 
+        
+     b.) Auswahl des gewünschten zentraler nationaler eIDAS Connector je Online-Applikation
+         sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. 
+         Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+14. Optionale Updates:
+14.1. Unterstützung der neuen VDA Schnittstelle via Security-Layer 2.0:
+      Hierbei handelt es sich um eine Authentifizierungsschnittstelle im Beta Status
+      da die Spezifikation der Schnittstelle noch nicht Final ist. Die Schnittstelle ist in 
+      MOA-ID funktional umgesetzt, es kann jedoch noch offene Punkte bezüglich Fehlerhändlung
+      und Logging geben. 
+      a.) Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+          Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+          > modules.sl20.security.keystore.path=keys/sl20.jks
+          > modules.sl20.security.keystore.password=password
+          > modules.sl20.security.sign.alias=signing
+          > modules.sl20.security.sign.password=password
+          > modules.sl20.security.encryption.alias=encryption
+          > modules.sl20.security.encryption.password=password
+         
+      b.) Aktivierung je Online-Applikation im Web-basierten Konfigurationstool
+          Die neue VDA-Schnittstelle muss je Online-Applikation aktiviert werden, wobei 
+          die Aktivierung im Abschnitt "Security Layer für mobile Authententifizierung" 
+          der Online-Applikationskonfiguration erfolgt. 
+
+14.2. Umstellung auf Java JDK 9
+      Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 
+      nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+      entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in 
+      den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.   
+
+14.3. Das BKU Auswahltemplate von MOA-ID wurde um eine Detection der lokalen BKU
+      erweitert und mocca Online wurde entfernt.
+      a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+          in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates
+      b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+          in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. 
+14.4. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect'
+      sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber 
+      für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer
+      Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. 
+      Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch:
+      a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+          moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+          moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+          configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+          configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+          advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+          advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+      b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+          hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+   
+15.  Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+     Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.2 Durchführung eines Updates von Version < 3.2.0
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter 
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 6dddb454a..678c381cb 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -247,4 +247,16 @@ service.egovutil.szr.ssl.truststore.file=
 service.egovutil.szr.ssl.truststore.password=
 service.egovutil.szr.ssl.truststore.type=
 service.egovutil.szr.ssl.trustall=false
-service.egovutil.szr.ssl.laxhostnameverification=false
\ No newline at end of file
+service.egovutil.szr.ssl.laxhostnameverification=false
+
+
+################ Encrypted foreign bPK generation ####################################
+##  This demo-extension enables encrypted bPK generation on MOA-ID-Auth side. 
+##  If you like to use this feature, the public key for encryption has to be added
+##  as X509 certificate in Base64 encoded from. The selection will be done on sector
+##  identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in   
+##  PVP Attribute Profie 2.1.2)    
+##  Additonal encryption keys can be added by add a ney configuration line, like
+##    configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG   (VKZ='BMI', Public Target='T1')    
+########
+#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw...
\ No newline at end of file
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 864337862..90227cf9b 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -119,6 +119,7 @@
                 <li><a href="#konfigurationsparameter_oa_general_business">Privatwirtschaftlicher Bereich</a></li>
               </ol>
             </li>
+            <li><a href="#konfigurationsparameter_oa_eID_demo">Demo-Modus f&uuml;r 'Austrian eID'</a></li>
             <li><a href="#konfigurationsparameter_oa_bku">BKU Konfiguration</a></li>
             <li><a href="#konfigurationsparameter_oa_sl20">Security Layer für mobile Authententifizierung</a></li>
             <li><a href="#konfigurationsparameter_oa_testcredentials">Test Credentials</a></li>
@@ -412,6 +413,12 @@ UNIX: moa.id.configuration=file:C:/Programme/apache/tomcat-8.x.x/conf/moa-id/moa
       <p><strong>Hinweis:</strong> Dieses Passwort muss identisch zu dem im Modul <a href="#moa_id_config_parameters_generel">MOA-ID-Configuration</a> hinterlegten Passwort sein.</p></td>
     </tr>
     <tr>
+      <td>configuration.ssl.useStandardJavaTrustStore</td>
+      <td>true / false</td>
+      <td><p>Deaktiviert die MOA-ID spezifische SSL TrustStore Implementierung. Wird dieser Parameter auf <em>true</em> gesetzt, verwendet MOA-ID den TrustStore der Java VM.</p>
+      <p><strong>Defaultwert:</strong> false</p></td>
+    </tr>
+    <tr>
       <td>configuration.ssl.validation.revocation.method.order</td>
       <td>ocsp,crl</td>
       <td><p>Definiert die Reihenfolge des Zertifikatsrevokierungschecks bei SSL Verbindungen. Die Defaultreihenfolge ist OCSP, CRL.</p>
@@ -829,7 +836,8 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
     <tr>
       <td>modules.sl20.security.keystore.path</td>
       <td>keys/sl20.jks</td>
-      <td>Dateiname des Java Keystore welcher die Schl&uuml;ssel zum Signieren und Verschl&uuml;sseln von Security-Layer 2.0 Nachrichten beinhaltet. Des weiteren dient dieser KeyStore als TrustStore zur Validierung von signierten Security-Layer 2.0 Nachrichten. Somit m&uuml;ssen Signaturzertifikate von SL2.0 Teilnehmern in diesem TrustStore hinterlegt sein.</td>
+      <td>Dateiname des Java Keystore/TrustStore welcher die Schl&uuml;ssel zum Signieren und Verschl&uuml;sseln von Security-Layer 2.0 Nachrichten beinhaltet. <br>
+      Des weiteren dient dieser KeyStore als TrustStore zur Validierung von signierten Security-Layer 2.0 Nachrichten. Somit m&uuml;ssen Signaturzertifikate von SL2.0 Teilnehmern (z.B. Hand-Signatur der A-Trust) in diesem TrustStore hinterlegt sein.</td>
     </tr>
     <tr>
       <td>modules.sl20.security.keystore.password</td>
@@ -1552,7 +1560,62 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
       </tr>
 </table>
 
-<h4><a name="konfigurationsparameter_oa_bku" id="uebersicht_zentraledatei_aktualisierung20"></a>3.2.2 BKU Konfiguration</h4>
+<p>&nbsp;</p>
+<h4><a name="konfigurationsparameter_oa_eID_demo" id="uebersicht_zentraledatei_aktualisierung32"></a>3.2.2 Demo-Modus f&uuml;r 'Austrian eID'</h4>
+<p>Dieser Abschnitt behandelt den Demo-Modus f&uuml;r die kommende 'Austrian eID' welcher mit der MOA-ID Version 3.4.2 eingef&uuml;hrt wurde. Ist der Demo-Modus aktiviert &auml;ndert sich das m&ouml;gliche Attribut-Set welches Online Applikation zur Verf&uuml;gung gestellt wird. Als Attributbezeichner in der nachfolgenden Liste werden die Attributebezeichnungen aus dem PVP Attribute-Profil verwendet. Ein Mapping auf OpenID-Connect Scopes oder SAML1 Attribute finden Sie in Kapitel <a href="../protocol/protocol.html#allgemeines_attribute">Protokolle</a>. Als weitere Anpassung wird mit hoher Wahrscheinlichkeit die iFrame Integration der Handy-Signatur nicht mehr zur Verf&uuml;gung stehen und es erfolgt eine vollformat Weiterleitung an den 'Austrian eID'. Diese Anpassung ist in der MOA-ID Version 3.4.2 noch nicht ber&uuml;cksichtig.</p>
+<p>Folgende Attribute stehen nicht mehr zur Verf&uuml;gung:</p>
+<ul>
+  <li>EID-SOURCE-PIN (urn:oid:1.2.40.0.10.2.1.1.261.36)</li>
+  <li>EID-SOURCE-PIN-TYPE (1.2.40.0.10.2.1.1.261.104)</li>
+  <li>EID-IDENTITY-LINK (urn:oid:1.2.40.0.10.2.1.1.261.38)</li>
+  <li>EID-AUTH-BLOCK (urn:oid:1.2.40.0.10.2.1.1.261.62)</li>
+  <li>MANDATOR-NATURAL-PERSON-SOURCE-PIN (urn:oid:1.2.40.0.10.2.1.1.261.70)</li>
+  <li>MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE (urn:oid:1.2.40.0.10.2.1.1.261.102)</li>
+  <li>MANDATE-FULL-MANDATE (urn:oid:1.2.40.0.10.2.1.1.261.92)</li>
+</ul>
+<p>Folgende neuen Attribute stehen zur Verf&uuml;gung:</p>
+<ul>
+  <li>ENC-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.22)</li>
+  <li>BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.28) <em>(Dieses Attribute ist im aktuellen PVP Attribut-Profil 2.1.3 noch nicht enthalten. Eine Aufnahme ist jedoch in Vorbereitung)</em></li>
+  <li>MANDATOR-NATURAL-PERSON-ENC-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.72)</li>
+  <li>MANDATOR-NATURAL-PERSON-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.73) <em>(Dieses Attribute ist im aktuellen PVP Attribut-Profil 2.1.3 noch nicht enthalten. Eine Aufnahme ist jedoch in Vorbereitung)</em></li>
+</ul>
+<p>&nbsp;</p>
+<table class="configtable">
+  <tr>
+    <th width="15%">Name</th>
+    <th width="15%">Beispielwerte</th>
+    <th width="8%">Admin</th>
+    <th width="12%">Optional</th>
+    <th width="50%">Beschreibung</th>
+  </tr>
+  <tr>
+    <td><span id="wwlbl_loadOA_targetConfig_eidDemoActive">Demo-Modus aktivieren</span></td>
+    <td><p>&nbsp;</p></td>
+    <td align="center">&nbsp;</td>
+    <td align="center">X</td>
+    <td>Aktiviert den Demo-Modus f&uuml;r die 'Austrian eID' f&uuml;r diese Online Applikation. </td>
+  </tr>
+  <tr>
+    <td><span id="wwlbl_loadOA_targetConfig_foreignbPKTargets">Sektoren f&uuml;r Fremd-bPKs</span></td>
+    <td>wbpk+FN+468924i,BMI+T1</td>
+    <td align="center">&nbsp;</td>
+    <td align="center">X</td>
+    <td><p>Eine CSV Liste von Bereichen f&uuml;r welche die Online Applikation verschl&uuml;sselte Fremd-bPKs ben&ouml;tigt. </p>
+      <p><strong>Hinweis:</strong> Da es sich hierbei nur um eine Demo handelt muss <a href="#basisconfig_moa_id_auth_others">das Schl&uuml;sselmaterial f&uuml;r die Verschl&uuml;sselung in MOA-ID hinterlegt werden</a>.</p></td>
+  </tr>
+  <tr>
+    <td><span id="wwlbl_loadOA_targetConfig_additionalbPKTargets">Sektoren f&uuml;r weitere bPKs</span></td>
+    <td><p>urn:publicid:gv.at:cdid+T1,</p>
+      <p>urn:publicid:gv.at:wbpk+FN+468924i</p></td>
+    <td align="center">&nbsp;</td>
+    <td align="center">X</td>
+    <td><p>Eine CSV Liste von Bereichen f&uuml;r welche die Online Applikation bPKs aus anderen Bereichen ben&ouml;togt.</p>
+      <p><strong>Hinweis:</strong> Die Angabe der Bereiche erfolgt mit dem vollst&auml;ndigen Bereichsidentifier inkl. Prefix.</p></td>
+  </tr>
+</table>
+<p>&nbsp;</p>
+<h4><a name="konfigurationsparameter_oa_bku" id="uebersicht_zentraledatei_aktualisierung20"></a>3.2.3 BKU Konfiguration</h4>
 <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Anmeldeprozess. Diese Einstellungen stehen jedoch nur einer Benutzerin oder einem Benutzer mit der Role <em>admin</em> zur Verf&uuml;gung.</p>
 <table class="configtable">
   <tr>
@@ -1600,7 +1663,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <td>&Uuml;ber diese Funktion k&ouml;nnen drei zus&auml;tzliche SecurtityLayer-Request Templates f&uuml;r diese Online-Applikation definiert werden. Diese hier definierten Templates dienen als zus&auml;tzliche WhiteList f&uuml;r Templates welche im &bdquo;StartAuthentication&ldquo; Request mit dem Parameter &bdquo;template&ldquo; &uuml;bergeben werden. Sollte im &bdquo;StartAuthentication&ldquo; Request der Parameter &bdquo;template&ldquo; fehlen, es wurde jedoch eine &bdquo;bkuURL&ldquo; &uuml;bergeben, dann wird f&uuml;r den Authentifizierungsvorgang das erste Template in dieser Liste verwendet. Detailinformationen zum <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a> finden Sie im Kapitel Protokolle.</td>
   </tr>
 </table>
-<h4><a name="konfigurationsparameter_oa_sl20" id="uebersicht_zentraledatei_aktualisierung31"></a> 3.2.3 Security Layer f&uuml;r mobile Authententifizierung</h4>
+<h4><a name="konfigurationsparameter_oa_sl20" id="uebersicht_zentraledatei_aktualisierung31"></a> 3.2.4 Security Layer f&uuml;r mobile Authententifizierung</h4>
 <p>Mit diesem Abschnitt kann der neue Security Layer f&uuml;r mobile Authentifzierung f&uuml;r diese Online Applikation aktiviert werden.<br>
   Wird diese Schnittstelle aktiviert ist die Security-Layer 1.x Schnittstelle zur B&uuml;rgerkartenkommunikation deaktiviert und steht nicht mehr zur Verf&uuml;gung.</p>
 <table class="configtable">
@@ -1630,7 +1693,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
   </tr>
 </table>
 <p>&nbsp;</p>
-<h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.4 Test Identit&auml;ten</h4>
+<h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.5 Test Identit&auml;ten</h4>
 <p>In diesem Abschnitt k&ouml;nnen f&uuml;r diese Online-Applikation Testidentit&auml;ten erlaubt werden. Diese Testidentit&auml;ten k&ouml;nnen auch bei produktiven Instanzen freigeschalten werden, da die Unterschiedung zwischen Produkt- und Testidentit&auml;t anhand einer speziellen OID im Signaturzertifikat der Testidentit&auml;t getroffen wird. Folgende Konfigurationsparameter stehen hierf&uuml;r zur Verf&uuml;gung.</p>
 <table class="configtable">
   <tr>
@@ -1672,7 +1735,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
 </table>
 <p>&nbsp;</p>
 <p><strong>Hinweis:</strong> Diese Funktionalit&auml;t steht jedoch nur Testidentit&auml;ten welchen bereits mit einer Test OID im Signaturzertifikat ausgestattet sind zur Verf&uuml;gung.</p>
-<h4><a name="konfigurationsparameter_oa_mandates" id="uebersicht_zentraledatei_aktualisierung21"></a>3.2.5 Vollmachten</h4>
+<h4><a name="konfigurationsparameter_oa_mandates" id="uebersicht_zentraledatei_aktualisierung21"></a>3.2.6 Vollmachten</h4>
 <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zur Anmeldung mittels Online-Vollmachen.</p>
 <table class="configtable">
   <tr>
@@ -1722,7 +1785,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
 </table>
 <p>&nbsp;</p>
 <p><strong>Hinweis:</strong> Werden f&uuml;r die Online-Applikation eigene Templates f&uuml;r die B&uuml;rgerkartenauswahl oder die zus&auml;tzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verf&uuml;gung. Die Funktionalit&auml;t der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.</p>
-<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.6 Zentraler nationaler eIDAS Connector</h4>
+<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.7 Zentraler nationaler eIDAS Connector</h4>
 <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Ankn&uuml;pfung an den zentralen nationalen eIDAS Connector</p>
 <table class="configtable">
   <tr>
@@ -1742,7 +1805,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
   </tr>
 </table>
 <p>&nbsp;</p>
-<h4><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.7 Single Sign-On (SSO)</h4>
+<h4><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.8 Single Sign-On (SSO)</h4>
 <p>Dieser Abschnitt  behandelt online-applikationsspezifische Einstellungen zu Single Sign-On</p>
 <table class="configtable">
   <tr>
@@ -1769,7 +1832,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <p><strong>Hinweis:</strong> Diese Abfrage ist standardm&auml;&szlig;ig aktiviert und kann nur durch einen Benutzer mit der Role <em>admin</em> deaktiviert werden.</p></td>
   </tr>
 </table>
-<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.8 Authentifizierung mittels eIDAS</h4>
+<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.9 Authentifizierung mittels eIDAS</h4>
 <p>Dieser Abschnitt  behandelt Online-Applikationsspezifische Einstellungen zur Authentifizierung mittels eIDAS.</p>
 <table class="configtable">
   <tr>
@@ -1793,10 +1856,10 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
 </table>
 <p>&nbsp;</p>
 <p><strong>Hinweis:</strong> Werden f&uuml;r die Online-Applikation eigene Templates f&uuml;r die B&uuml;rgerkartenauswahl oder die zus&auml;tzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verf&uuml;gung.</p>
-<h4><a name="konfigurationsparameter_oa_protocol" id="uebersicht_zentraledatei_aktualisierung24"></a>3.2.9 Authentifizierungsprotokolle</h4>
+<h4><a name="konfigurationsparameter_oa_protocol" id="uebersicht_zentraledatei_aktualisierung24"></a>3.2.10 Authentifizierungsprotokolle</h4>
 <p>Dieser Abschnitt  behandelt online-applikationsspezifische Einstellungen zu den von der Online-Applikation unterst&uuml;tzen Authentifizierungsprotokollen. Eine Verwendung aller zur Verf&uuml;gung stehender Authentifizierungsprotokolle durch die Online-Applikation ist ebenfalls m&ouml;glich. Hierf&uuml;r m&uuml;ssen nur alle ben&ouml;tigten Protokolle konfiguriert werden. N&auml;here Informationen zu den unterst&uuml;tzten Protokollen finden sie im Kapitel <a href="./../protocol/protocol.html">Protokolle</a>.</p>
 <p>Aus Gr&uuml;nden der &Uuml;bersichtlichkeit kann der Konfigurationsbereich f&uuml;r jeden Protokoll, in der Web-Oberfl&auml;che des Konfigurationstools, ein- oder ausgeblendet werden.</p>
-<h5><a name="konfigurationsparameter_oa_protocol_saml1" id="uebersicht_zentraledatei_aktualisierung25"></a>3.2.9.1 SAML1</h5>
+<h5><a name="konfigurationsparameter_oa_protocol_saml1" id="uebersicht_zentraledatei_aktualisierung25"></a>3.2.10.1 SAML1</h5>
 <p>F&uuml;r das Protokoll SAML1 stehen folgende Konfigurationsparameter zur Verf&uuml;gung.</p>
 <table class="configtable">
   <tr>
@@ -1851,7 +1914,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
 </table>
 <p>&nbsp;</p>
 <p><strong>Hinweis: </strong>Das Modul MOA-ID-Auth in der Version 2.0 unterst&uuml;tzt SAML1 nur mehr zur Abw&auml;rtskompatibilit&auml;t mit bereits bestehenden Online-Applikationen. Wir empfehlen den Umstieg auf ein anderes, von MOA-ID-Auth unterst&uuml;tztes, Authentifizierungsprotokoll. Aus diesem Grund steht die Konfiguration des SAML1 Protokolls nur mehr einer Benutzerin oder einem Benutzer mit der Role <em>admin</em> zur Verf&uuml;gung.</p>
-<h5><a name="konfigurationsparameter_oa_protocol_pvp21" id="uebersicht_zentraledatei_aktualisierung26"></a>3.2.9.2 PVP 2.1</h5>
+<h5><a name="konfigurationsparameter_oa_protocol_pvp21" id="uebersicht_zentraledatei_aktualisierung26"></a>3.2.10.2 PVP 2.1</h5>
 <p>In diesem Bereich erfolgt die applikationsspezifische Konfiguration f&uuml;r das Authentifizierungsprotokoll PVP 2.1.</p>
 <table class="configtable">
   <tr>
@@ -1892,7 +1955,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <td>Pfad zum online-applikationsspezifischen Template f&uuml;r SAML2 (PVP2 S-Profil) http POST-Binding. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschlie&szlig;lich aus dem Dateisystem geladen werden.</td>
   </tr>
 </table>
-<h5><a name="konfigurationsparameter_oa_protocol_openIDConnect" id="uebersicht_zentraledatei_aktualisierung27"></a>3.2.9.3 OpenID Connect</h5>
+<h5><a name="konfigurationsparameter_oa_protocol_openIDConnect" id="uebersicht_zentraledatei_aktualisierung27"></a>3.2.10.3 OpenID Connect</h5>
 <p>In diesem Bereich erfolgt die applikationsspezifische Konfiguration f&uuml;r OpenID Connect (OAuth 2.0). </p>
 <table class="configtable">
   <tr>
@@ -1924,7 +1987,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <td>OpenID Connect Redirect URL. Nach erfolgreicher  Authentifizierung wird die Benutzerin oder der Benutzer an diese URL zur&uuml;ckgeleitet.</td>
   </tr>
 </table>
-<h5><a name="konfigurationsparameter_oa_additional" id="uebersicht_zentraledatei_aktualisierung28"></a>3.2.10 Zus&auml;tzliche allgemeine Einstellungen</h5>
+<h5><a name="konfigurationsparameter_oa_additional" id="uebersicht_zentraledatei_aktualisierung28"></a>3.2.11 Zus&auml;tzliche allgemeine Einstellungen</h5>
 <p>In Abschnitt erm&ouml;glicht eine erweiterte online-applikationsspezifische Individualisierung des AuthBlocks und der B&uuml;rgerkartenauswahl. 
   Die Individualisierung des AuthBlocks steht jedoch dann zur Verf&uuml;gung wenn die dem Module MOA-ID-Auth beigelegte Security-Layer Transformation verwendet wird oder 
 wenn die individuelle Security-Layer Transformation den Formvorschriften  der Spezifikation entspricht.</p>
@@ -1982,7 +2045,7 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften  der Sp
 </table>
 <h5>&nbsp;</h5>
 <h5>&nbsp;</h5>
-<h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.10.1 Login-Fenster Konfiguration</h5>
+<h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.11.1 Login-Fenster Konfiguration</h5>
 <p>Diese Konfigurationsparameter  bieten zus&auml;tzliche Einstellungen f&uuml;r eine Anpassung der B&uuml;rgerkartenauswahl welche von MOA-ID-Auth generiert wird.
 Zur besseren Handhabung werden die angegebenen Parameter direkt in einer Vorschau dargestellt.  
 Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Bedarf durch Standardwerte erg&auml;nzt. 
@@ -2071,7 +2134,7 @@ Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Beda
 <p>&nbsp;</p>
 <p><strong>Hinweis:</strong> Bei Verwendung einer online-applikationsspezifischen B&uuml;rgerkartenauswahl stehen alle Parameter die die B&uuml;rgerkartenauswahl betreffen nicht zur Verf&uuml;gung.</p>
 <p><strong>Hinweis:</strong> Bei Verwendung eines online-applikationsspezifischen Security-Layer-Request Templates stehen alle Parameter die das SL-Template betreffen nicht zur Verf&uuml;gung.</p>
-<h5><a name="service_revisionslogging" id="uebersicht_zentraledatei_aktualisierung11"></a>3.2.11 Revisionslogging</h5>
+<h5><a name="service_revisionslogging" id="uebersicht_zentraledatei_aktualisierung11"></a>3.2.12 Revisionslogging</h5>
 <p>Ab MOA-ID 3.x steht ein erweitertes speziell f&uuml;r Revisionsaufgaben abgestimmtest Logging zur Verf&uuml;gung. &Uuml;ber dieses Feld k&ouml;nnen die zu loggenden Events spezifisch nach Online Applikationen als CSV codierte Eventcodes konfiguriert werden. Hierf&uuml;r muss die online-applikationsspezifische Konfiguration des Loggings mittels Checkbox aktiviert und zumindesdt ein Eventcode definiert werden. Werden keine Eventcodes konfiguriert oder wird das OA spezifische Verhalten nicht aktiviertwird eine in MOA-ID hinterlegte Defaultkonfiguration verwendet. Eine Liste aller m&ouml;glichen Eventcodes finden Sie <a href="../additional/additional.html#revisionslog">hier</a>.</p>
 <h3><a name="import_export" id="uebersicht_zentraledatei_aktualisierung4"></a>3.3 Import / Export</h3>
 <p>&Uuml;er diese Funktionalit&auml;t besteht die M&ouml;glichkeit eine bestehende MOA-ID 2.x.x
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 5e38dddf5..2b3dbff98 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -218,7 +218,7 @@ Redirect Binding</td>
       <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.32</td>
       <td>EID-ISSUING-NATION</td>
       <td align="center">eID</td>
-      <td>&nbsp;</td>
+      <td>&lt;saml:Attribute AttributeName=&quot;EID-ISSUING-NATION&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
       <td>Landescode gem. ISO-3166 ALPHA-2</td>
     </tr>
     <tr>
@@ -245,6 +245,13 @@ Redirect Binding</td>
       <td>Base64 kodiertes Zertifikat, dass f&uuml;r die Anmeldung verwendet wurde.</td>
     </tr>
     <tr>
+      <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.22</td>
+      <td>ENC-BPK-LIST</td>
+      <td align="center">eID</td>
+      <td>&lt;saml:Attribute AttributeName=&quot;ENC-BPK-LIST&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
+      <td>Liste von verschl&uuml;sselten bPKs f&uuml;r andere Bereiche als der Lebensbereich der Online Applikation</td>
+    </tr>
+    <tr>
       <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.36</td>
       <td>EID-SOURCE-PIN</td>
       <td align="center">eID_gov</td>
@@ -271,6 +278,13 @@ Redirect Binding</td>
       <p><strong>Hinweis:</strong> Im Falle einer privatwirtschaftlichen Applikation ist die Stammzahl durch die wbPK ersetzt.</p></td>
     </tr>
     <tr>
+      <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.28</td>
+      <td>BPK-LIST</td>
+      <td align="center">eID_gov</td>
+      <td>&lt;saml:Attribute AttributeName=&quot;BPK-LIST&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
+      <td>Liste von bPKs f&uuml;r andere Bereiche als der Lebensbereich der Online Applikation</td>
+    </tr>
+    <tr>
       <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.106</td>
       <td>MANDATE-TYPE-OID</td>
       <td align="center">mandate</td>
@@ -320,6 +334,20 @@ Redirect Binding</td>
       <td>Bereichsspezifisches Personenkennzeichen des Vollmachtgebers</td>
     </tr>
     <tr>
+      <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.72</td>
+      <td>MANDATOR-NATURAL-PERSON-ENC-BPK-LIST</td>
+      <td align="center">mandate</td>
+      <td>&lt;saml:Attribute AttributeName=&quot;MANDATOR-NATURAL-PERSON-ENC-BPK-LIST&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
+      <td>Liste von verschl&uuml;sselten bPKs des Mandators f&uuml;r andere Bereiche als der Lebensbereich der Online Applikation</td>
+    </tr>
+    <tr>
+      <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.73</td>
+      <td>MANDATOR-NATURAL-PERSON-BPK-LIST</td>
+      <td align="center">mandate</td>
+      <td>&lt;saml:Attribute AttributeName=&quot;MANDATOR-NATURAL-PERSON-BPK-LIST&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
+      <td>Liste von bPKs des Mandators f&uuml;r andere Bereiche als der Lebensbereich der Online Applikation</td>
+    </tr>
+    <tr>
       <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.78</td>
       <td>MANDATOR-NATURAL-PERSON-GIVEN-NAME</td>
       <td align="center">mandate</td>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index fb977c071..e284aff27 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -45,7 +45,6 @@
 			<groupId>javax.annotation</groupId>

 			<artifactId>javax.annotation-api</artifactId>

 			<version>1.2</version>

-			<scope>test</scope>

 		</dependency>

 

  		<dependency>

@@ -55,10 +54,9 @@
     	<scope>test</scope>

 		</dependency>

 		    

-    <dependency>

+    	<dependency>

 			<groupId>com.google.guava</groupId>

 			<artifactId>guava</artifactId>

-			<version>19.0</version>

 		</dependency>

     

     <dependency>

@@ -489,13 +487,13 @@
  		<dependency>

 	        <groupId>org.springframework.data</groupId>

 	        <artifactId>spring-data-redis</artifactId>

-	        <version>1.7.4.RELEASE</version>

+	        <version>${org.springframework.data.spring-data-redis}</version>

 	    </dependency>

 	

 	    <dependency>

 	    	<groupId>org.apache.commons</groupId>

 	    	<artifactId>commons-pool2</artifactId>

-	    	<version>2.4.2</version>

+	    	<version>2.6.0</version>

 	    </dependency>

 	    <dependency>

 	    	<groupId>redis.clients</groupId>

@@ -503,7 +501,7 @@
 	    	<version>2.9.0</version>

 	    </dependency>

 	

-	    <dependency>

+<!-- 	    <dependency>

 	    	<groupId>org.codehaus.jackson</groupId>

 	    	<artifactId>jackson-core-asl</artifactId>

 	    	<version>1.9.13</version>

@@ -512,7 +510,13 @@
 	    	<groupId>org.codehaus.jackson</groupId>

 	    	<artifactId>jackson-mapper-asl</artifactId>

 	    	<version>1.9.13</version>

-	    </dependency>

+	    </dependency> -->

+	    

+	    <dependency>

+    		<groupId>com.fasterxml.jackson.core</groupId>

+    		<artifactId>jackson-core</artifactId>

+    		<version>2.9.7</version>

+		</dependency>

 	</dependencies>

 

 	<build>

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 66093b851..a35b45af2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -63,10 +63,8 @@ public class MOAIDAuthInitializer {
      */
     public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException,
             PKIException, IOException, GeneralSecurityException {
-        Logger.setHierarchy("moa.id.auth");
-        Logger.info("Default java file.encoding: "
-                + System.getProperty("file.encoding"));
-
+        Logger.info("Set SystemProperty for UTF-8 file.encoding as default");
+		System.setProperty("file.encoding", "UTF-8");
                 
         //JDK bug workaround according to:
         // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
@@ -149,11 +147,7 @@ public class MOAIDAuthInitializer {
              throw new ConfigurationException("config.10", new Object[] { e
                       .toString() }, e);
 		}
-        	        	
-				
-        //IAIK.addAsProvider();                
-        //ECCProvider.addAsProvider();
-        
+        	        				        
         Security.insertProviderAt(IAIK.getInstance(), 0);
         
         ECCelerate eccProvider = ECCelerate.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 3e6308bf6..acf59cebf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,6 +36,7 @@ import java.util.Map.Entry;
 
 import javax.annotation.PostConstruct;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.DOMException;
@@ -75,11 +76,15 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -212,6 +217,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 		try {
 			//generate basic authentication data
 			generateBasicAuthData(authData, protocolRequest, session);
+						
+			//set Austrian eID demo-mode flag
+			authData.setIseIDNewDemoMode(Boolean.parseBoolean(
+					oaParam.getConfigurationValue(
+							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
+							String.valueOf(false))));
+			
+			if (authData.isIseIDNewDemoMode()) {
+				Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true");
+				authData.setBaseIDTransferRestrication(true);
+				
+			}
 			
 			
 			// #### generate MOA-ID specific authentication data ######
@@ -519,7 +536,27 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 			}
 
 			//build foreign bPKs
-			generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); 
+			generateForeignbPK(oaParam, authData); 
+			
+			
+			if (Boolean.parseBoolean(
+					oaParam.getConfigurationValue(
+							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
+							String.valueOf(false)))) {
+				Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... ");
+
+				//build additional bPKs
+				Logger.debug("Search for additional bPKs");
+				generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested());
+				
+				Logger.debug("Clearing identitylink ... ");
+				authData.setIdentityLink(null);
+				
+				Logger.debug("Clearing authBlock ... ");
+				authData.setAuthBlock(null);
+				
+				Logger.info("Post-Processing for Austrian eID finished");
+			}
 			
 			//####################################################################
 			//copy all generic authentication information, which are not processed before to authData
@@ -773,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
         
 	}
 	
-	private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) {
+	private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) {
+		List<String> foreignSectors = oaParam.foreignbPKSectorsRequested();
+		
 		if (foreignSectors != null && !foreignSectors.isEmpty()) {
-			Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");					
+			Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+			
+			
+			String mandatorBaseId = null;
+			String mandatorBaseIdType = null;
+			boolean isMandatorBaseIdAvailable = false;
+			if (authData.isUseMandate()) {
+				try {					
+					Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... ");
+					
+					//TODO: remove this workaround in a further version!!!
+					boolean flagBak = authData.isBaseIDTransferRestrication();
+					authData.setBaseIDTransferRestrication(false);
+					mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build(
+							oaParam, authData, new SimpleStringAttributeGenerator());
+					mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build(
+							oaParam, authData, new SimpleStringAttributeGenerator());
+					authData.setBaseIDTransferRestrication(flagBak);
+					
+					isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType);
+					if (!isMandatorBaseIdAvailable)
+						Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate.");
+										
+				} catch (Exception e) {
+					Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage());
+					if (Logger.isTraceEnabled())
+						Logger.warn("Detail: ", e);
+				
+				}
+			}
+			
 			for (String foreignSector : foreignSectors) {
 				Logger.trace("Process sector: " + foreignSector + " ... ");
 				if (encKeyMap.containsKey(foreignSector)) {
@@ -805,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 									authData.getIdentificationType(), 										
 									sector);								
 							String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());																		
-							authData.getEncbPKList().add("(" + foreignSector + "|" +  foreignbPK + ")");
+							
+							authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector));																					
 							Logger.debug("Foreign bPK for sector: " + foreignSector + " created.");
 							
+							
+							//calculate foreign bPKs for natural-person mandates
+							if (isMandatorBaseIdAvailable) {
+								Pair<String, String> mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+										mandatorBaseId, 
+										mandatorBaseIdType, 										
+										sector);								
+								String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());																		
+								
+								authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector));																					
+								Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created.");
+								
+							}														
 						}
 														
 					} catch (Exception e) {
@@ -827,4 +910,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 		
 	}
 	
+	private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException {
+		if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) {
+			Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");					
+			for (String sector : additionalbPKSectorsRequested) {
+				Logger.trace("Process sector: " + sector + " ... ");
+				Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+						authData.getIdentificationValue(), 
+						authData.getIdentificationType(), 										
+						sector);
+				
+				Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() );
+				authData.addAdditionalbPKPair(bpk);
+				
+			}
+		}		
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java
new file mode 100644
index 000000000..e19d40773
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("GenericFrontChannelRedirectTask")
+public class GenericFrontChannelRedirectTask extends AbstractAuthServletTask {
+
+	@Autowired IGUIFormBuilder guiBuilder;
+	 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			//perform redirect to itself to get out from BKU communication
+			Logger.trace("Perform generic 'http Redirect' to MOA-ID ... ");
+			performRedirectToItself(pendingReq, response, GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+											
+		} catch (Exception e) {
+			Logger.info("Generic redirect to MOA-ID: General Exception. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, "MOA-ID-Auth: General Exception.", e);
+			
+		}
+
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 0285dd75b..14a2b583b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -105,6 +105,7 @@ public class LogOutServlet {
 		
 		} catch (Exception e) {
 			resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+			Logger.warn("Requested URL is not in PublicPrefix Configuration");
 			return;
 			
 		} finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index e5a8bb739..478462adb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -86,7 +86,8 @@ public class RedirectServlet {
 			List<String> allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix();
 			
 			if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes)) 
-					|| !authConfig.getPublicURLPrefix().contains(authURL)) {		
+					|| !authConfig.getPublicURLPrefix().contains(authURL)) {
+				Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration");
 				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
 				return;
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 5aa3a691f..791aa51b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
 
 /**
  * @author tlenz
@@ -58,6 +59,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 		
 		String uniqueSessionIdentifier = null;
 		
+		Logger.trace("PreProcess req. in " + UniqueSessionIdentifierInterceptor.class.getName());
+		
 		//if SSOManager is available, search SessionIdentifier in SSO session
 		if (ssomanager != null) {
 			String ssoId = ssomanager.getSSOSessionID(request);			
@@ -78,8 +81,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 		}
 		
 		//if NO SSOSession and no PendingRequest create new SessionIdentifier
-		if (StringUtils.isEmpty(uniqueSessionIdentifier))
+		if (StringUtils.isEmpty(uniqueSessionIdentifier)) {
 			uniqueSessionIdentifier = Random.nextHexRandom16();
+			Logger.debug("Set new UniqueSessionIdentifier: " + uniqueSessionIdentifier);
+		}
 		
 		TransactionIDUtils.setSessionId(uniqueSessionIdentifier);		
 		request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
deleted file mode 100644
index c25751aa4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ /dev/null
@@ -1,1221 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// * 
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// * 
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// * 
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// ******************************************************************************/
-///*
-// * Copyright 2003 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// */
-//
-//
-//package at.gv.egovernment.moa.id.config.auth;
-//
-//import java.io.File;
-//import java.io.FileInputStream;
-//import java.io.FileNotFoundException;
-//import java.io.IOException;
-//import java.math.BigInteger;
-//import java.net.MalformedURLException;
-//import java.util.ArrayList;
-//import java.util.Arrays;
-//import java.util.Date;
-//import java.util.HashMap;
-//import java.util.List;
-//import java.util.Map;
-//import java.util.Properties;
-//
-//import javax.xml.bind.JAXBContext;
-//import javax.xml.bind.Unmarshaller;
-//
-//import org.hibernate.cfg.Configuration;
-//
-//import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask;
-//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
-//
-//import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-//import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
-//import at.gv.egovernment.moa.id.config.ConfigurationException;
-//import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-//import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;
-//import at.gv.egovernment.moa.id.config.ConfigurationUtils;
-//import at.gv.egovernment.moa.id.config.ConnectionParameter;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
-//import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
-//import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
-//import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-//import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-//import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
-//import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-//import at.gv.egovernment.moa.logging.Logger;
-//import at.gv.egovernment.moa.util.MiscUtil;
-//import at.gv.util.config.EgovUtilPropertiesConfiguration;
-//
-//import com.fasterxml.jackson.annotation.JsonIgnore;
-//import com.fasterxml.jackson.annotation.JsonProperty;
-//
-///**
-// * A class providing access to the Auth Part of the MOA-ID configuration data.
-// *
-// * <p>Configuration data is read from an XML file, whose location is given by
-// * the <code>moa.id.configuration</code> system property.</p>
-// * <p>This class implements the Singleton pattern. The <code>reload()</code>
-// * method can be used to update the configuration data. Therefore, it is not
-// * guaranteed that consecutive calls to <code>getInstance()</code> will return
-// * the same <code>AuthConfigurationProvider</code> all the time. During the
-// * processing of a web service request, the current
-// * <code>TransactionContext</code> should be used to obtain the
-// * <code>AuthConfigurationProvider</code> local to that request.</p>
-// * 
-// * @author Patrick Peck
-// * @author Stefan Knirsch
-// * 
-// * @version $Id$
-// * 
-// *@deprecated  Use {@link AuthConfigProviderFactory} instead
-// */
-//public class AuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration {
-//	
-////  /**  DEFAULT_ENCODING is "UTF-8" */
-////  private static final String DEFAULT_ENCODING="UTF-8";
-//  /**
-//   * The name of the generic configuration property giving the authentication session time out.
-//   */
-//  public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
-//    "AuthenticationSession.TimeOut";
-//  /**
-//   * The name of the generic configuration property giving the authentication data time out.
-//   */
-//  public static final String AUTH_DATA_TIMEOUT_PROPERTY =
-//    "AuthenticationData.TimeOut";
-//
-//  /**
-//   * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code>
-//   */
-//  public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = 
-//    "HTMLComplete";
-//    
-//  /**
-//   * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code>
-//   */
-//  public static final String BKU_SELECTION_TYPE_HTMLSELECT = 
-//    "HTMLSelect";
-//
-//	/**
-//	 * The name of the generic configuration property allowing https connection to 
-//	 * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
-//	 */
-//	public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
-//		"FrontendServlets.EnableHTTPConnection";
-//
-//	/**
-//	 * The name of the generic configuration property allowing to set a individual 
-//	 * DATA URL used to communicate with the BKU (SecurityLayer)
-//	 */
-//	public static final String INDIVIDUAL_DATA_URL_PREFIX =
-//		"FrontendServlets.DataURLPrefix";
-//    
-//  /** Singleton instance. <code>null</code>, if none has been created. */
-//  private static AuthConfigurationProvider instance;
-//
-//  //
-//  // configuration data
-//  //
-//  private static MOAIDConfiguration moaidconfig = null;
-//  
-//  private static Properties props = null;
-//  
-//  private static STORKConfig storkconfig = null;
-//  
-//  private static TimeOuts timeouts = null;
-//  
-//  private static PVP2 pvp2general = null;
-//  
-//  private static String alternativesourceid = null;
-//  
-//  private static List<String> legacyallowedprotocols = new ArrayList<String>();
-//  private static ProtocolAllowed allowedProtcols = null;
-//  
-//  private static VerifyAuthBlock verifyidl = null;
-//  
-//  private static ConnectionParameter MoaSpConnectionParameter = null;
-//  private static ConnectionParameter ForeignIDConnectionParameter = null;
-//  private static ConnectionParameter OnlineMandatesConnectionParameter = null;
-//  
-//  private static String MoaSpIdentityLinkTrustProfileID = null;
-//  
-//  private static List<String> TransformsInfos = null;
-//  private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>();
-//  
-//  private static Map<String, String> SLRequestTemplates = new HashMap<String, String>();
-//  private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>();
-//  
-//  private static SSO ssoconfig = null;
-//  
-//  private EgovUtilPropertiesConfiguration eGovUtilsConfig = null;
-//  
-//  private static Date date = null;
-//  
-//  private String publicURLPreFix = null;
-//  
-// /**
-//   * Return the single instance of configuration data.
-//   * 
-//   * @return AuthConfigurationProvider The current configuration data.
-//   * @throws ConfigurationException 
-//   */
-//  public static synchronized AuthConfigurationProvider getInstance()
-//    throws ConfigurationException {
-//
-//    if (instance == null) {
-//      reload();
-//    }
-//    return instance;
-//  }
-//
-//  public static Date getTimeStamp() {
-//		return date;
-//	}
-//  
-//  /**
-//   * Reload the configuration data and set it if successful.
-//   * 
-//   * @return AuthConfigurationProvider The loaded configuration data.
-//   * @throws ConfigurationException Failure to load the configuration data.
-//   */
-//  public static synchronized AuthConfigurationProvider reload()
-//    throws ConfigurationException {
-//    String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-//    if (fileName == null) {
-//      throw new ConfigurationException("config.01", null);
-//    }
-//    Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
-//
-//    instance = new AuthConfigurationProvider(fileName);
-//    return instance;
-//  }
-//
-//
-//  /**
-//   * Constructor for AuthConfigurationProvider.
-//   * @param fileName
-//   * @throws ConfigurationException
-//   */
-//  public AuthConfigurationProvider(String fileName)
-//    throws ConfigurationException {
-//
-//    load(fileName);
-//  }
-//
-//  /**
-//   * Protected constructor. Used by unit tests.
-//   */
-//  protected AuthConfigurationProvider() {
-//  }
-//
-//  /**
-//   * Load the configuration data from XML file with the given name and build
-//   * the internal data structures representing the MOA ID configuration.
-//   * 
-//   * @param fileName The name of the XML file to load.
-//   * @throws ConfigurationException The MOA configuration could not be
-//   * read/built.
-//   */
-//  private void load(String fileName) throws ConfigurationException {
-//	
-//	try {					
-//		//Initial Hibernate Framework
-//		Logger.trace("Initializing Hibernate framework.");
-//				
-//		//Load MOAID-2.0 properties file
-//		File propertiesFile = new File(fileName);
-//		FileInputStream fis = null;
-//		props = new Properties();
-//
-//		// determine the directory of the root config file
-//		rootConfigFileDir = new File(fileName).getParent();	
-//		
-//		try {
-//		  rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
-//		  
-//		} catch (MalformedURLException t) {
-//			throw new ConfigurationException("config.03", null, t);
-//		}
-//		
-//		try {
-//			fis = new FileInputStream(propertiesFile);
-//			props.load(fis);
-//			
-//		      // read MOAID Session Hibernate properties
-//		      Properties moaSessionProp = new Properties();
-//		      for (Object key : props.keySet()) {
-//		      	String propPrefix = "moasession.";
-//		      	if (key.toString().startsWith(propPrefix+"hibernate")) {
-//		      		String propertyName = key.toString().substring(propPrefix.length());
-//		      		moaSessionProp.put(propertyName, props.get(key.toString()));
-//		      	}
-//		      }
-//		      
-//		      // read Config Hibernate properties
-//		      Properties configProp = new Properties();
-//		      for (Object key : props.keySet()) {
-//		      	String propPrefix = "configuration.";
-//		      	if (key.toString().startsWith(propPrefix+"hibernate")) {
-//		      		String propertyName = key.toString().substring(propPrefix.length());
-//		      		configProp.put(propertyName, props.get(key.toString()));
-//		      	}
-//		      }
-//		      
-//		      // read advanced logging properties
-//		      Properties statisticProps = new Properties();
-//		      for (Object key : props.keySet()) {
-//		    	  String propPrefix = "advancedlogging.";
-//			      if (key.toString().startsWith(propPrefix+"hibernate")) {
-//			    	  String propertyName = key.toString().substring(propPrefix.length());
-//			    	  statisticProps.put(propertyName, props.get(key.toString()));
-//			     }
-//			  }
-//		     			
-//			// initialize hibernate
-//			synchronized (AuthConfigurationProvider.class) {
-//				
-//				//Initial config Database
-//			//	ConfigurationDBUtils.initHibernate(configProp);
-//		   		
-//				//initial MOAID Session Database
-//				Configuration config = new Configuration();
-//				config.addAnnotatedClass(AssertionStore.class);
-//				config.addAnnotatedClass(AuthenticatedSessionStore.class);
-//				config.addAnnotatedClass(OASessionStore.class);
-//				config.addAnnotatedClass(OldSSOSessionIDStore.class);
-//				config.addAnnotatedClass(ExceptionStore.class);
-//				config.addAnnotatedClass(InterfederationSessionStore.class);
-//				config.addAnnotatedClass(ProcessInstanceStore.class);
-//				config.addProperties(moaSessionProp);
-//				MOASessionDBUtils.initHibernate(config, moaSessionProp);
-//				
-//				//initial advanced logging
-//				if (isAdvancedLoggingActive()) {
-//					Logger.info("Advanced statistic log is activated, starting initialization process ...");
-//					Configuration statisticconfig = new Configuration();
-//					statisticconfig.addAnnotatedClass(StatisticLog.class);
-//					statisticconfig.addProperties(statisticProps);
-//					StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
-//					Logger.info("Advanced statistic log is initialized.");
-//				}
-//				
-//			  }
-//			Logger.trace("Hibernate initialization finished.");
-//			
-//		} catch (FileNotFoundException e) {
-//			throw new ConfigurationException("config.03", null, e);
-//			
-//		} catch (IOException e) {
-//			throw new ConfigurationException("config.03", null, e);
-//			
-//		} catch (ExceptionInInitializerError e) {
-//			throw new  ConfigurationException("config.17", null, e);
-//			
-//		} finally {
-//			if (fis != null)
-//				fis.close();
-//			
-//		}
-//		
-//				
-//		//Initialize OpenSAML for STORK
-//		Logger.info("Starting initialization of OpenSAML...");
-//		MOADefaultBootstrap.bootstrap();
-//		//DefaultBootstrap.bootstrap();
-//		Logger.debug("OpenSAML successfully initialized");
-//
-//
-//		String legacyconfig = props.getProperty("configuration.xml.legacy");
-//		String xmlconfig = props.getProperty("configuration.xml");
-////		String xmlconfigout = props.getProperty("configuration.xml.out");
-//		
-//		
-//		//configure eGovUtils client implementations
-//		
-//	    //read eGovUtils client configuration
-//	    Properties eGovUtilsConfigProp = new Properties();
-//	    for (Object key : props.keySet()) {
-//	    	String propPrefix = "service.";
-//		    if (key.toString().startsWith(propPrefix+"egovutil")) {
-//		    	String propertyName = key.toString().substring(propPrefix.length());
-//		    	eGovUtilsConfigProp.put(propertyName, props.get(key.toString()));
-//		    }
-//		}
-//		if (!eGovUtilsConfigProp.isEmpty()) {
-//			Logger.info("Start eGovUtils client implementation configuration ...");
-//			eGovUtilsConfig = 
-//					new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir);
-//		}
-//		
-//		
-//		//TODO: removed in MOA-ID 3.x
-////		//check if XML config should be used
-////		if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
-////			Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
-////			//moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
-////			moaidconfig = NewConfigurationDBRead.getMOAIDConfiguration();
-////			if (moaidconfig.getAuthComponentGeneral()!= null || moaidconfig.getChainingModes() != null || moaidconfig.getTrustedCACertificates() != null || moaidconfig.getDefaultBKUs() != null
-////					 || moaidconfig.getSLRequestTemplates() != null || moaidconfig.getTimestampItem() != null || moaidconfig.getPvp2RefreshItem() != null) {
-////				
-////				// ConfigurationDBUtils.delete(moaidconfig);
-////				for(String key : MOAIDConfigurationConstants.getMOAIDConfigurationKeys()){
-////					NewConfigurationDBWrite.delete(key);
-////				}
-////			}
-////				
-////			
-////			//List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
-////			List<OnlineApplication> oas =  NewConfigurationDBRead.getAllOnlineApplications();
-////			if (oas != null && oas.size() > 0) {
-////				// for (OnlineApplication oa : oas)
-////				// 		ConfigurationDBUtils.delete(oa);
-////				NewConfigurationDBWrite.delete(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY);
-////			}
-////		}
-////		
-////		//load legacy config if it is configured
-////		if (MiscUtil.isNotEmpty(legacyconfig)) {
-////			Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
-////			
-////			MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null);
-////			
-////			List<OnlineApplication> oas = moaconfig.getOnlineApplication();
-////			// for (OnlineApplication oa : oas)
-////			// 		ConfigurationDBUtils.save(oa);
-////			NewConfigurationDBWrite.saveOnlineApplications(oas);
-////
-////			moaconfig.setOnlineApplication(null);	
-////		//	ConfigurationDBUtils.save(moaconfig);
-////			NewConfigurationDBWrite.save(moaconfig);
-////			
-////			Logger.info("Legacy Configuration load is completed.");
-////			
-////	
-////		}
-////	
-////		//load MOA-ID 2.x config from XML
-////		if (MiscUtil.isNotEmpty(xmlconfig)) {
-////			Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
-////		
-////			try {
-////				JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
-////				Unmarshaller m = jc.createUnmarshaller();
-////				File file = new File(xmlconfig); 
-////				MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
-////				//ConfigurationDBUtils.save(moaconfig);
-////				
-////				List<OnlineApplication> importoas = moaconfig.getOnlineApplication();
-////				// for (OnlineApplication importoa : importoas) {
-////				// 		ConfigurationDBUtils.saveOrUpdate(importoa);
-////				// }
-////
-////				NewConfigurationDBWrite.saveOnlineApplications(importoas);
-////				
-////				moaconfig.setOnlineApplication(null);
-////				//ConfigurationDBUtils.saveOrUpdate(moaconfig);
-////				NewConfigurationDBWrite.save(moaconfig);
-////				
-////			} catch (Exception e) {
-////				Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
-////				throw new ConfigurationException("config.02", null);
-////			}
-////			Logger.info("XML Configuration load is completed.");
-////		}
-//		
-//		reloadDataBaseConfig();
-//		
-//		
-//    } catch (Throwable t) {
-//      throw new ConfigurationException("config.02", null, t);
-//  	}
-//  }
-//  
-//  protected MOAIDConfiguration loadDataBaseConfig() {
-//	  return ConfigurationDBRead.getMOAIDConfiguration();
-//  }
-//  
-//  public synchronized void reloadDataBaseConfig() throws ConfigurationException {
-//		
-//		Logger.info("Read MOA-ID 2.0 configuration from database.");
-//		moaidconfig = loadDataBaseConfig();
-//		Logger.info("MOA-ID 2.0 is loaded.");
-//		
-//		if (moaidconfig == null) {
-//			Logger.warn("NO MOA-ID configuration found.");
-//			throw new ConfigurationException("config.18", null);
-//		}
-//						
-//		//build STORK Config	
-//		AuthComponentGeneral auth = getAuthComponentGeneral();
-//		ForeignIdentities foreign = auth.getForeignIdentities();
-//		if (foreign == null ) {
-//			Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
-//		} else
-//			storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
-//
-//		//load Chaining modes
-//		ChainingModes cm = moaidconfig.getChainingModes();
-//		if (cm != null) {
-//	    	defaultChainingMode = cm.getSystemDefaultMode().value();
-//	    	
-//	    	List<TrustAnchor> tas = cm.getTrustAnchor();
-//
-//	    	chainingModes = new HashMap<IssuerAndSerial, String>();	    	
-//	    	for (TrustAnchor ta : tas) {
-//	    		IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber());
-//	    		chainingModes.put(is, ta.getMode().value());
-//	    	}	
-//		} else {
-//			Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found.");
-//			throw new ConfigurationException("config.02", null);
-//		}
-//
-//  	//set Trusted CA certs directory 
-//  	trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
-//		
-//  	//set CertStoreDirectory
-//  	setCertStoreDirectory();
-//  	
-//  	//set TrustManagerRevocationChecking
-//  	setTrustManagerRevocationChecking();
-//  	
-//  	//set default timeouts
-//  	timeouts = new TimeOuts();
-//  	timeouts.setAssertion(new BigInteger("300"));
-//  	timeouts.setMOASessionCreated(new BigInteger("2700"));
-//  	timeouts.setMOASessionUpdated(new BigInteger("1200"));
-//  	
-//  	//search timeouts in config
-//	if (auth.getGeneralConfiguration() != null)  {
-//  		if (auth.getGeneralConfiguration().getTimeOuts() != null) {
-//  			if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null)
-//  				timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-//  			
-//  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null)
-//  				timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-//  			
-//  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null)
-//  				timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
-//  			
-//  		} else {
-//	  		Logger.info("No TimeOuts defined. Use default values");
-//	  	}
-//  	}
-//
-//    // sets the authentication session and authentication data time outs
-//    AuthenticationServer.getInstance()
-//             .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue());
-//
-//    AuthenticationServer.getInstance()
-//    		.setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue());
-//    
-//    AuthenticationServer.getInstance()
-//    		.setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue());
-//
-//		
-//		
-//		//set PVP2 general config
-//		Protocols protocols = auth.getProtocols();
-//			if (protocols != null) {
-//				
-//				allowedProtcols = new ProtocolAllowed();
-//				
-//				if (protocols.getSAML1() != null) {
-//					allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive());
-//					
-//					//load alternative sourceID
-//					if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID()))
-//							alternativesourceid = protocols.getSAML1().getSourceID();
-//					
-//				}
-//				
-//				if (protocols.getOAuth() != null) {
-//					allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive());
-//				}
-//				
-//				if (protocols.getPVP2() != null) {
-//					PVP2 el = protocols.getPVP2();
-//					
-//					allowedProtcols.setPVP21Active(el.isIsActive());
-//					
-//					pvp2general =  new PVP2();
-//					pvp2general.setIssuerName(el.getIssuerName());	
-//					pvp2general.setPublicURLPrefix(el.getPublicURLPrefix());
-//					 
-//					if (el.getOrganization() != null) {
-//						Organization org = new Organization();
-//						pvp2general.setOrganization(org);
-//						org.setDisplayName(el.getOrganization().getDisplayName());
-//						org.setName(el.getOrganization().getName());
-//						org.setURL(el.getOrganization().getURL());
-//					}
-//					
-//					if (el.getContact() != null) {
-//						List<Contact> cont = new ArrayList<Contact>();
-//						pvp2general.setContact(cont);
-//						for (Contact e : el.getContact()) {
-//							Contact c = new Contact();
-//							c.setCompany(e.getCompany());
-//							c.setGivenName(e.getGivenName());
-//							c.getMail().addAll(e.getMail());
-//							c.getPhone().addAll(e.getPhone());
-//							c.setSurName(e.getSurName());
-//							c.setType(e.getType());
-//							cont.add(c);
-//						}
-//					}
-//				}
-//			} else {
-//				Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); 
-//		}
-//				
-//		//set alternativeSourceID
-//		if (auth.getGeneralConfiguration() != null) {
-//			
-//			//TODO: can be removed in a further version, because it is moved to SAML1 config
-//			if (MiscUtil.isEmpty(alternativesourceid))
-//				alternativesourceid =  auth.getGeneralConfiguration().getAlternativeSourceID();
-//		    
-//			if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix()))
-//				publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix();
-//			
-//			else {
-//				Logger.error("No Public URL Prefix configured.");
-//				throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"});
-//			}
-//				
-//		} else {
-//			  Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
-//			  throw new ConfigurationException("config.02", null);
-//	    } 			
-//		 
-//		//set LegacyAllowedProtocols  
-//		try {
-//			if (auth.getProtocols() != null) {
-//				Protocols procols = auth.getProtocols();
-//				if (procols.getLegacyAllowed() != null) {
-//					LegacyAllowed legacy = procols.getLegacyAllowed();
-//					legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName());
-//				}
-//			}
-//		} catch (Exception e) {
-//			Logger.info("No protocols found with legacy allowed flag!");
-//		}
-//		 
-//		//set VerifyAuthBlockConfig
-//		MOASP moasp = getMOASPConfig(auth);
-//		
-//		VerifyAuthBlock el = moasp.getVerifyAuthBlock(); 
-//		if (el != null) {
-//			verifyidl = new VerifyAuthBlock();
-//			verifyidl.setTrustProfileID(el.getTrustProfileID());
-//			verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID()));
-//		}	
-//		else {
-//			Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
-//			throw new ConfigurationException("config.02", null);
-//		}
-//		
-//		//set MOASP connection parameters
-//		if (moasp.getConnectionParameter() != null)
-//		    MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir);
-//		else
-//			MoaSpConnectionParameter = null;
-//		
-//		//set ForeignIDConnectionParameters
-//		if (foreign != null) {
-//			ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir);
-//		} else {
-//			Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found");
-//		}
-//		
-//		//set OnlineMandateConnectionParameters
-//		OnlineMandates ovs = auth.getOnlineMandates();
-//		if (ovs != null) {
-//			OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir);
-//			
-//		} else {
-//			Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found");
-//		}
-//		
-//		//set MOASP IdentityLink Trust-ProfileID
-//		VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink();
-//		if (verifyidl != null)
-//			MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID();
-//		else {  
-//			Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation.");
-//		  	throw new ConfigurationException("config.02", null);
-//		}
-//		
-//		//set SL transformation infos		  
-//		SecurityLayer seclayer = auth.getSecurityLayer();
-//		if (seclayer == null) {
-//			Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
-//			throw new ConfigurationException("config.02", null);
-//		} else {
-//			TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo());
-//			
-//			if (TransformsInfos == null || TransformsInfos.size() == 0) {
-//				Logger.error("No Security-Layer Transformation found.");
-//				throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"});
-//			}
-//			
-//		}
-//	    
-//		//set IdentityLinkSignerSubjectNames
-//		IdentityLinkX509SubjectNames = new ArrayList<String>();
-//		IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
-//		if (idlsigners != null) {
-//			Logger.debug("Load own IdentityLinkX509SubjectNames");
-//			IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName()));
-//		}	  
-//
-//	    // now add the default identity link signers
-//	    String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
-//	    for (int i=0; i<identityLinkSignersWithoutOID.length; i++) {
-//	      String identityLinkSigner = identityLinkSignersWithoutOID[i];
-//	      if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) {
-//	    	  IdentityLinkX509SubjectNames.add(identityLinkSigner);
-//	      }
-//	    }
-//	    		
-//		//set SLRequestTemplates
-//		SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
-//		if (templ == null) {
-//			Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
-//			throw new ConfigurationException("config.02", null);
-//		} else {
-//			SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU());
-//			SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU());
-//			SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU());
-//		}
-//		
-//		//set Default BKU URLS
-//		DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs();
-//		if (bkuuls != null) {
-//			DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU());
-//			DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU());
-//			DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU());
-//		}
-//		
-//		//set SSO Config		  
-//		if (auth.getSSO()!= null) {
-//			ssoconfig = new SSO();
-//			ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName());
-//			ssoconfig.setPublicURL(auth.getSSO().getPublicURL());
-//			ssoconfig.setSpecialText(auth.getSSO().getSpecialText());
-//			ssoconfig.setTarget(auth.getSSO().getTarget());
-//
-//			if (auth.getSSO().getIdentificationNumber() != null) {
-//				IdentificationNumber value = new IdentificationNumber();
-//				value.setType(auth.getSSO().getIdentificationNumber().getType());
-//				value.setValue(auth.getSSO().getIdentificationNumber().getValue());
-//				ssoconfig.setIdentificationNumber(value);
-//			}
-//		} else {
-//			Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
-//		}
-//	
-//    	//close Database
-//   // 	
-//    	
-//		date = new Date();
-//	}
-//  
-//  
-//  private Properties getGeneralProperiesConfig(final String propPrefix) {
-//      Properties configProp = new Properties();
-//      for (Object key : props.keySet()) {
-//      	if (key.toString().startsWith(propPrefix)) {
-//      		String propertyName = key.toString().substring(propPrefix.length());
-//      		configProp.put(propertyName, props.get(key.toString()));
-//      	}
-//      }
-//      return configProp;
-//  }
-//  
-//  public Properties getGeneralPVP2ProperiesConfig() {
-//      return this.getGeneralProperiesConfig("protocols.pvp2.");
-//  }
-//  
-//  public Properties getGeneralOAuth20ProperiesConfig() {
-//      return this.getGeneralProperiesConfig("protocols.oauth20.");
-//  }
-//  
-//  public ProtocolAllowed getAllowedProtocols() {
-//	  return allowedProtcols;
-//  }
-//  
-//  public PVP2 getGeneralPVP2DBConfig() {
-//	  return pvp2general;
-//  }
-//  
-//  public TimeOuts getTimeOuts() throws ConfigurationException {  
-//	  return timeouts; 
-//  }
-//  
-//  public String getAlternativeSourceID() throws ConfigurationException {	  
-//	  return alternativesourceid;
-//  }
-//    
-//  public List<String> getLegacyAllowedProtocols() {
-//	  return legacyallowedprotocols; 
-//  }
-//  
-//
-//  /**
-//   * Provides configuration information regarding the online application behind
-//   * the given URL, relevant to the MOA-ID Auth component.
-//   * 
-//   * @param oaURL URL requested for an online application
-//   * @return an <code>OAAuthParameter</code>, or <code>null</code>
-//   * 					if none is applicable
-//   */
-//  public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
-//  	
-//	  OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL);
-//	  
-//	  if (oa == null) {
-//		  Logger.warn("Online application with identifier " + oaURL + " is not found.");
-//		  return null;
-//	  }
-//	  
-//	  return new OAAuthParameter(oa); 
-//  }
-//    
-//
-//  /**
-//   * Return a string with a url-reference to the VerifyAuthBlock trust 
-//   * profile id within the moa-sp part of the authentication component
-//   * 
-//   * @return String with a url-reference to the VerifyAuthBlock trust profile ID
-// * @throws ConfigurationException 
-//   */
-//  public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
-//	  return verifyidl.getTrustProfileID();	  
-//  }
-//
-//  /**
-//   * Return a string array with references to all verify transform info 
-//   * IDs within the moa-sp part of the authentication component
-//   * @return A string array containing all urls to the 
-//   * verify transform info IDs
-// * @throws ConfigurationException 
-//   */
-//  public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
-//	  return verifyidl.getVerifyTransformsInfoProfileID();	  
-//  }
-//
-//  /**
-//   * Return a ConnectionParameter bean containing all information
-//   * of the authentication component moa-sp element 
-//   * @return ConnectionParameter of the authentication component moa-sp element 
-// * @throws ConfigurationException 
-//   */
-//  public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {  
-//	  return MoaSpConnectionParameter;
-//  }
-//  
-//  /**
-//   * Return a ConnectionParameter bean containing all information
-//   * of the authentication component foreigid element
-//   * @return ConnectionParameter of the authentication component foreignid element
-// * @throws ConfigurationException 
-//   */
-//  public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
-//	  return ForeignIDConnectionParameter;
-//  }
-//  
-//  /**
-//   * Return a ConnectionParameter bean containing all information
-//   * of the authentication component OnlineMandates element
-//   * @return ConnectionParameter of the authentication component OnlineMandates element
-// * @throws ConfigurationException 
-//   */
-//  public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
-//	  return OnlineMandatesConnectionParameter;
-//  }
-//
-//  /**
-//   * Return a string with a url-reference to the VerifyIdentityLink trust 
-//   * profile id within the moa-sp part of the authentication component
-//   * @return String with a url-reference to the VerifyIdentityLink trust profile ID
-// * @throws ConfigurationException 
-//   */
-//  public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
-//	  return MoaSpIdentityLinkTrustProfileID;
-//  }
-//  
-//  /**
-//   * Returns the transformsInfos.
-//   * @return String[]
-// * @throws ConfigurationException 
-//   */
-//  public List<String> getTransformsInfos() throws ConfigurationException {
-//	  return TransformsInfos;
-//  }
-//
-//  /**
-//   * Returns the identityLinkX509SubjectNames.
-//   * @return List
-// * @throws ConfigurationException 
-//   */
-//  public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
-//	  return IdentityLinkX509SubjectNames;
-//  }
-//  
-//  public List<String> getSLRequestTemplates() throws ConfigurationException {
-//	  return new ArrayList<String>(SLRequestTemplates.values());
-//  }
-//  
-//  public String getSLRequestTemplates(String type) throws ConfigurationException {
-//  	String el = SLRequestTemplates.get(type);
-//  	if (MiscUtil.isNotEmpty(el))
-//  		return el;
-//  	else {
-//  		Logger.warn("getSLRequestTemplates: BKU Type does not match: " 
-//			+ IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
-//  		return null;
-//  	}
-//  }
-//  
-//  public List<String> getDefaultBKUURLs() throws ConfigurationException {
-//	  return new ArrayList<String>(DefaultBKUURLs.values());
-//  }
-//  
-//  public String getDefaultBKUURL(String type) throws ConfigurationException {
-//  	String el = DefaultBKUURLs.get(type);
-//  	if (MiscUtil.isNotEmpty(el))
-//  		return el;
-//  	else {
-//  		Logger.warn("getSLRequestTemplates: BKU Type does not match: " 
-//			+ IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
-//  		return null;
-//  	}
-//  }
-//  
-////  public boolean isSSOBusinessService() throws ConfigurationException {
-////	  
-////	if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
-////		return true;
-////	else
-////		return false;
-////  }
-//  
-//  public String getSSOTagetIdentifier() throws ConfigurationException {
-//	  if (ssoconfig != null)
-//		  return ssoconfig.getTarget();
-//	  else 
-//		  return null;
-//  }
-//  
-////  public String getSSOTarget() throws ConfigurationException {	
-////	  if (ssoconfig!= null)		  
-////		  return ssoconfig.getTarget();
-////	  
-////	  return null;
-////  }
-//  
-//  public String getSSOFriendlyName() {	
-//	if (ssoconfig!= null) {
-//		if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName()))
-//			return ssoconfig.getFriendlyName();
-//	}
-//	
-//	return "Default MOA-ID friendly name for SSO";	  
-//  }
-//  
-//  public String getSSOSpecialText() {
-//	if (ssoconfig!= null) {
-//		String text = ssoconfig.getSpecialText();
-//			if (MiscUtil.isEmpty(text))
-//				text = new String();
-//			
-//			return text;
-//	}			  
-//	return new String();
-//  }
-//  
-//  public String getMOASessionEncryptionKey() {
-//	  
-//	  String prop = props.getProperty("configuration.moasession.key");  
-//	  if (MiscUtil.isEmpty(prop))
-//		  return null;
-//	  else
-//		  return prop;
-//  }
-//  
-//  /**
-//   * @return
-//   */
-//  public String getMOAConfigurationEncryptionKey() {
-//	  String prop = props.getProperty("configuration.moaconfig.key");  
-//	  if (MiscUtil.isEmpty(prop))
-//		  return null;
-//	  else
-//		  return prop;
-//  }
-//  
-//  public boolean isIdentityLinkResigning() {
-//	  String prop = props.getProperty("configuration.resignidentitylink.active", "false");
-//	  return Boolean.valueOf(prop);
-//  }
-//  
-//  public String getIdentityLinkResigningKey() {
-//	  String prop = props.getProperty("configuration.resignidentitylink.keygroup");	  
-//	  if (MiscUtil.isNotEmpty(prop))
-//		  return prop;
-//	  else
-//		  return null;
-//  }
-//  
-//  /**
-//   * Checks if is fakeIdL is activated.
-//   *
-//   * @return true, if fake IdLs are available for stork
-//   */
-//  public boolean isStorkFakeIdLActive() {
-//	  String prop = props.getProperty("stork.fakeIdL.active", "false");
-//	  return Boolean.valueOf(prop);
-//  }
-//
-//  /**
-//   * Gets the countries which will receive a fake IdL
-//   *
-//   * @return the countries
-//   */
-//  public List<String> getStorkFakeIdLCountries() {
-//	  String prop = props.getProperty("stork.fakeIdL.countries", "");
-//	  return Arrays.asList(prop.replaceAll(" ", "").split(","));
-//  }
-//
-//  /**
-//   * Gets the resigning key (group) for the stork fake IdL.
-//   *
-//   * @return the resigning key
-//   */
-//  public String getStorkFakeIdLResigningKey() {
-//	  String prop = props.getProperty("stork.fakeIdL.keygroup");
-//	  if (MiscUtil.isNotEmpty(prop))
-//		  return prop;
-//	  else
-//		  return null;
-//  }
-//
-//  /**
-//   * Gets the countries for which it is configured to require no signature
-//   *
-//   * @return the stork no signature countries
-//   */
-//  public List<String> getStorkNoSignatureCountries() {
-//	  String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", "");
-//	  return Arrays.asList(prop.replaceAll(" ", "").split(","));
-//  }
-//
-// @JsonProperty("isMonitoringActive")
-//  public boolean isMonitoringActive() {
-//	  String prop = props.getProperty("configuration.monitoring.active", "false");
-//	  return Boolean.valueOf(prop);
-//  }
-//  
-//  public String getMonitoringTestIdentityLinkURL() {
-//	  String prop = props.getProperty("configuration.monitoring.test.identitylink.url");  
-//	  if (MiscUtil.isNotEmpty(prop))
-//		  return prop;
-//	  else
-//		  return null;
-//  }
-//  
-//  public String getMonitoringMessageSuccess() {
-//	  String prop = props.getProperty("configuration.monitoring.message.success");  
-//	  if (MiscUtil.isNotEmpty(prop))
-//		  return prop;
-//	  else
-//		  return null;
-//  }
-//  
-//  public boolean isAdvancedLoggingActive() {
-//	  String prop = props.getProperty("configuration.advancedlogging.active", "false");
-//	  return Boolean.valueOf(prop);
-//  }
-//  
-//  public String getPublicURLPrefix() {
-//	  return publicURLPreFix;
-//  }
-//  
-//  public boolean isPVP2AssertionEncryptionActive() {
-//	  String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true");
-//	  return Boolean.valueOf(prop);
-//  }
-//  
-//  public boolean isCertifiacteQCActive() {
-//	  String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false");
-//	  return !Boolean.valueOf(prop);	  
-//  }
-//  
-//
-//  //Load document service url from moa properties
-//  public String getDocumentServiceUrl() {
-//	  String prop = props.getProperty("stork.documentservice.url", "false");
-//	  return prop;  
-//  }
-//  
-//
-//  public boolean isPVPSchemaValidationActive() {
-//	  String prop = props.getProperty("protocols.pvp2.schemavalidation", "true");
-//	  return Boolean.valueOf(prop);	  
-//  }
-//  
-//  /**
-//   * Returns the STORK Configuration
-//   * @return STORK Configuration
-// * @throws ConfigurationException 
-//   */
-//  public STORKConfig getStorkConfig() throws ConfigurationException {
-//	
-//	  return storkconfig;
-//  }
-//  
-//  /**
-// * @return the eGovUtilsConfig
-// */
-//@JsonIgnore
-//public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
-//	return eGovUtilsConfig;
-//}
-//
-//private void setCertStoreDirectory() throws ConfigurationException {
-//	  AuthComponentGeneral auth = getAuthComponentGeneral();
-//	  
-//	  if (auth.getGeneralConfiguration() != null)		  
-//		  certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory();
-//	  else {
-//		  Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
-//		  throw new ConfigurationException("config.02", null);
-//	  } 
-//  }
-//  
-//  private void setTrustManagerRevocationChecking() throws ConfigurationException {
-//	  AuthComponentGeneral auth = getAuthComponentGeneral();
-//	  
-//	  if (auth.getGeneralConfiguration() != null &&
-//			  auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null)		  
-//		  trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
-//	  else {
-//		  Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE");
-//		  throw new ConfigurationException("config.02", null);
-//	  } 
-//  }
-//  
-//  private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { 
-//	  AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();	  
-//	  if (authgeneral == null) {
-//		  Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
-//		  throw new ConfigurationException("config.02", null);		  
-//	  }
-//	  return authgeneral;
-//  }
-//
-//  private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
-//	  MOASP moasp = authgeneral.getMOASP();
-//	  
-//	  if (moasp == null) {
-//		  Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
-//		  throw new ConfigurationException("config.02", null);	
-//	  }
-//	  return moasp;
-//  }
-//
-///* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithPrefix(java.lang.String)
-// */
-//@Override
-//public Properties getConfigurationWithPrefix(String Prefix) {
-//	// TODO Auto-generated method stub
-//	return null;
-//}
-//
-///* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithKey(java.lang.String)
-// */
-//@Override
-//public String getConfigurationWithKey(String key) {
-//	// TODO Auto-generated method stub
-//	return null;
-//}
-//  
-//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index a2dfeba2f..ab2a07f7c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() {
 			returnValue.setProvideAllErrors(
 					Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)));
 		
+		if (Boolean.parseBoolean(
+					spConfiguration.getConfigurationValue(
+							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
+							String.valueOf(false)))) {
+			Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... ");			
+			returnValue.setProvideBaseId(false);
+			returnValue.setProvideAuthBlock(false);
+			returnValue.setProvideIdl(false);
+			returnValue.setProvideMandate(false);
+			
+		}
+			
+		
 		return returnValue;
 	}
 		
@@ -920,6 +933,16 @@ public List<String> foreignbPKSectorsRequested() {
 	
 }
 
+@Override
+public List<String> additionalbPKSectorsRequested() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS);
+	if (MiscUtil.isNotEmpty(value))
+		return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+		
+	else
+		return null;
+	
+}
 
 
 @Override
@@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) {
 	
 }
 
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 390b77dab..1b2d203c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -541,6 +541,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	}
 
 	@Override
+	public List<String> additionalbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+	
+	@Override
 	public boolean containsConfigurationKey(String arg0) {
 		// TODO Auto-generated method stub
 		return false;
@@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	public String getLoAMatchingMode() {
 		return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
 	}
-
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index ff4b96aab..af4cf6fa7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -5,6 +5,7 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 
 public interface IMOAAuthData extends IAuthData{
@@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{
 	  */
 	 String getQAALevel();
 	 
-	 List<String> getEncbPKList();	 	 
+	 /**
+	  * Get a List of Pair<Encrytped bPK, bPKTarget>, where the bPKTarget is formated according
+	  * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3
+	  * 
+	  * @return
+	  */
+	 List<Pair<String, String>> getEncbPKList();
+	 
+	 /**
+	  * Get a List of Pair<Encrytped bPK, bPKTarget> for natural-person mandates, where 
+	  * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3
+	  * 
+	  * @return
+	  */
+	 List<Pair<String, String>> getEncMandateNaturalPersonbPKList();
+		 
      byte[] getSignerCertificate();
 	 String getAuthBlock();	 
 	 boolean isPublicAuthority();
@@ -35,4 +51,10 @@ public interface IMOAAuthData extends IAuthData{
 	 String getPvpAttribute_OU();
 	 List<AuthenticationRole> getAuthenticationRoles();
 	
+	 /**
+	  * Indicate Austrian eID demo-mode 
+	  * 
+	  * @return true if it is in demo-mode, otherwise false
+	  */
+	 public boolean isIseIDNewDemoMode();
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ca0ae0687..897a06e62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
@@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	private byte[] signerCertificate = null;
 	private String authBlock = null;	
 	private String QAALevel = null;
-	private List<String> encbPKList;
-
+	
+	private List<Pair<String, String>> encbPKList;
+	private List<Pair<String, String>> encMandateNaturalPersonbPKList;
+	
 	//ISA 1.18 attributes
 	private List<AuthenticationRole> roles = null;
 	private String pvpAttribute_OU = null;
@@ -69,6 +72,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 
 	private LoALevelMapper loaMapper;
 	
+	private boolean iseIDNewDemoMode = false;
+	
 	public MOAAuthenticationData(ILoALevelMapper loaMapper) {
 		if (loaMapper instanceof LoALevelMapper)
 			this.loaMapper = (LoALevelMapper) loaMapper;
@@ -104,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	}
 
 	@Override
-	public List<String> getEncbPKList() {
+	public List<Pair<String, String>> getEncbPKList() {
 		if (this.encbPKList == null)
-			this.encbPKList = new ArrayList<String>();
+			this.encbPKList = new ArrayList<Pair<String, String>>();
 		
 		return this.encbPKList;
 	}
@@ -291,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	}
 	
 	/**
+	 * Set a List of encrypted bPKs where each List element is formated according 
+	 * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3 
+	 * 
 	 * @param encbPKList the encbPKList to set
 	 */
 	public void setEncbPKList(List<String> encbPKList) {
-		this.encbPKList = encbPKList;
+		if (encbPKList != null) {
+			for (String el : encbPKList) {
+				Logger.trace("Processing foreign bPK string: " + el );
+				int index = el.indexOf("|");								 
+				if (index >= 0) {
+					String encbPK = el.substring(index+1);
+					String second = el.substring(0, index);										
+					getEncbPKList().add(Pair.newInstance(encbPK, second));
+										
+				} else
+					Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it");
+				
+			}
+						
+		}				
 	}
 	
 	
@@ -321,648 +343,32 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	  public void setQualifiedCertificate(boolean qualifiedCertificate) {
 	    this.qualifiedCertificate = qualifiedCertificate;
 	  }
-	
-	
-//	private static final long serialVersionUID = -1042697056735596866L;
-//	public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-//	
-//	  /**
-//	   * URL of the MOA-ID Auth component issueing this assertion
-//	   */
-//	  private String issuer;
-//	  /**
-//	   * time instant of issue of this assertion
-//	   */
-//	  private Date issueInstant;
-//	  /**
-//	   * user identification value (Stammzahl); <code>null</code>, 
-//	   * if the authentication module is configured not to return this data
-//	   */
-//	  private String identificationValue;
-//		/**
-//		 * user identification type
-//		 */
-//	  private String identificationType;
-//		
-//		/**
-//		 * user identityLink specialized to OAParamter
-//		 */
-//	  private IIdentityLink identityLink;
-//		
-//	  /**
-//	   * application specific user identifier (bPK/wbPK)
-//	   */
-//	  private String bPK;
-//	  
-//	  /**
-//	   * application specific user identifier type
-//	   */
-//	  private String bPKType;
-//	  
-//	  /**
-//	   * given name of the user
-//	   */
-//	  private String givenName;
-//	  /**
-//	   * family name of the user
-//	   */
-//	  private String familyName;
-//	  /**
-//	   * date of birth of the user
-//	   */
-//	  private Date dateOfBirth;
-//	  /**
-//	   * says whether the certificate is a qualified certificate or not
-//	   */
-//	  
-//	  /**
-//	   * says whether the certificate is a public authority or not
-//	   */
-//	  /**
-//	   * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
-//	   */
-//	  
-//
-//	  /**
-//	   * URL of the BKU
-//	   */
-//	  
-//	  /**
-//	   * the corresponding <code>lt;saml:Assertion&gt;</code>
-//	   */
-//
-//	  private boolean isBaseIDTransferRestrication = true;
-//	  
-//	  
-//	 /**
-//	  * STORK attributes from response
-//	  */
-//	  private String ccc = null;
-//	  
-//	  private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
-//	  
-//	  
-//	  	  
-//	  private String authBlock = null; 
-//	  private List<String> encbPKList = null;
-//	  
-//	  //ISA 1.18 attributes
-//	  private List<AuthenticationRole> roles = null;
-//	  private String pvpAttribute_OU = null;
-//	  
-//	  private boolean useMandate = false;
-//	  private IMISMandate mandate = null;
-//	  private String mandateReferenceValue = null;
-//	  
-//	  private boolean foreigner =false;
-//	  private String QAALevel = null;
-//	  
-//	  private boolean ssoSession = false;
-//	  private Date ssoSessionValidTo = null;
-//
-////	  private boolean interfederatedSSOSession = false;
-////	  private String interfederatedIDP = null;
-//	  
-//	  private String sessionIndex = null;
-//	  private String nameID = null;
-//	  private String nameIDFormat = null;
-//	  
-//	  public AuthenticationData() {
-//		  issueInstant = new Date();
-//	  }
-//	  	  
-//	  /**
-//	   * Returns the publicAuthority.
-//	   * @return boolean
-//	   */
-//	  public boolean isPublicAuthority() {
-//	    return publicAuthority;
-//	  }
-//
-//	  /**
-//	   * Returns the publicAuthorityCode.
-//	   * @return String
-//	   */
-//	  public String getPublicAuthorityCode() {
-//	    return publicAuthorityCode;
-//	  }
-//
-//	  /**
-//	   * Returns the qualifiedCertificate.
-//	   * @return boolean
-//	   */
-//	  public boolean isQualifiedCertificate() {
-//	    return qualifiedCertificate;
-//	  }
-//
-//	  /**
-//	   * Returns the bPK.
-//	   * @return String
-//	   */
-//	  public String getBPK() {
-//	    return bPK;
-//	  }
-//
-//	  /**
-//	   * Sets the publicAuthority.
-//	   * @param publicAuthority The publicAuthority to set
-//	   */
-//	  public void setPublicAuthority(boolean publicAuthority) {
-//	    this.publicAuthority = publicAuthority;
-//	  }
-//
-//	  /**
-//	   * Sets the publicAuthorityCode.
-//	   * @param publicAuthorityIdentification The publicAuthorityCode to set
-//	   */
-//	  public void setPublicAuthorityCode(String publicAuthorityIdentification) {
-//	    this.publicAuthorityCode = publicAuthorityIdentification;
-//	  }
-//
-//	  /**
-//	   * Sets the qualifiedCertificate.
-//	   * @param qualifiedCertificate The qualifiedCertificate to set
-//	   */
-//	  public void setQualifiedCertificate(boolean qualifiedCertificate) {
-//	    this.qualifiedCertificate = qualifiedCertificate;
-//	  }
-//
-//	  /**
-//	   * Sets the bPK.
-//	   * @param bPK The bPK to set
-//	   */
-//	  public void setBPK(String bPK) {
-//	    this.bPK = bPK;
-//	  }
-//
-//	  /**
-//	   * Returns the dateOfBirth.
-//	   * @return String
-//	   */
-//	  public Date getDateOfBirth() {
-//	    return dateOfBirth;
-//	  }
-//
-//	  public String getFormatedDateOfBirth() {
-//			DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-//			if (getDateOfBirth() != null)
-//				return pvpDateFormat.format(getDateOfBirth());
-//			else
-//				return "2999-12-31";
-//		}
-//	  
-//	  /**
-//	   * Returns the familyName.
-//	   * @return String
-//	   */
-//	  public String getFamilyName() {
-//	    return familyName;
-//	  }
-//
-//	  /**
-//	   * Returns the givenName.
-//	   * @return String
-//	   */
-//	  public String getGivenName() {
-//	    return givenName;
-//	  }
-//
-//	  /**
-//	   * Holds the baseID of a citizen
-//	   * 
-//	   * @return baseID
-//	   */
-//	  public String getIdentificationValue() {
-//	    return identificationValue;
-//	  }
-//
-//		/**
-//		 * Holds the type of the baseID
-//		 * 
-//		 * @return baseID-Type
-//		 */
-//		public String getIdentificationType() {
-//			return identificationType;
-//		}
-//
-//	  /**
-//	   * Returns the issueInstant.
-//	   * @return String
-//	   */
-//	  public String getIssueInstantString() {
-//	    return DateTimeUtils.buildDateTimeUTC(issueInstant);
-//	    
-//	  }
-//
-//	  /**
-//	   * Returns the issueInstant.
-//	   * @return String
-//	   */
-//	  public Date getIssueInstant() {
-//	    return issueInstant;
-//	    
-//	  }
-//	  
-//	  public void setIssueInstant(Date date) {
-//		  this.issueInstant = date;
-//	  }
-//	  
-//	  /**
-//	   * Returns the issuer.
-//	   * @return String
-//	   */
-//	  public String getIssuer() {
-//	    return issuer;
-//	  }
-//	  
-//	  /**
-//	   * Returns the BKU URL.
-//	   * @return String
-//	   */
-//	  public String getBkuURL() {
-//	    return bkuURL;
-//	  }
-//
-//	  /**
-//	   * Sets the dateOfBirth.
-//	   * @param dateOfBirth The dateOfBirth to set
-//	   */
-//	  public void setDateOfBirth(Date dateOfBirth) {
-//	    this.dateOfBirth = dateOfBirth;
-//	  }
-//
-//	  public void setDateOfBirth(String dateOfBirth) {		  
-//		  try {		  
-//			  if (MiscUtil.isNotEmpty(dateOfBirth)) {
-//				  DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-//				  this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
-//			  }
-//			  
-//		  } catch (ParseException e) {
-//			  Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
-//			  
-//		  }		  
-//	  }
-//	  
-//	  /**
-//	   * Sets the familyName.
-//	   * @param familyName The familyName to set
-//	   */
-//	  public void setFamilyName(String familyName) {
-//	    this.familyName = familyName;
-//	  }
-//
-//	  /**
-//	   * Sets the givenName.
-//	   * @param givenName The givenName to set
-//	   */
-//	  public void setGivenName(String givenName) {
-//	    this.givenName = givenName;
-//	  }
-//
-//	  /**
-//	   * Sets the identificationValue.
-//	   * @param identificationValue The identificationValue to set
-//	   */
-//	  public void setIdentificationValue(String identificationValue) {
-//	    this.identificationValue = identificationValue;
-//	  }
-//
-//		/**
-//		 * Sets the identificationType.
-//		 * @param identificationType The identificationType to set
-//		 */
-//		public void setIdentificationType(String identificationType) {
-//			this.identificationType = identificationType;
-//		}
-//
-//	  /**
-//	   * Sets the issuer.
-//	   * @param issuer The issuer to set
-//	   */
-//	  public void setIssuer(String issuer) {
-//	    this.issuer = issuer;
-//	  }
-//	  
-//	  /**
-//	   * Sets the bkuURL
-//	   * @param url The BKU URL to set
-//	   */
-//	  public void setBkuURL(String url) {
-//	    this.bkuURL = url;
-//	  }
-//
-//	public String getBPKType() {
-//		return bPKType;
-//	}
-//
-//	public void setBPKType(String bPKType) {
-//		this.bPKType = bPKType;
-//	}
-//
-
-//
-//
-
-//
-//	
-//	public String getEIDASQAALevel() {
-//		if (this.QAALevel != null && 
-//				this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-//			String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
-//			if (MiscUtil.isNotEmpty(mappedQAA))
-//				return mappedQAA;
-//			
-//			else {
-//				Logger.error("STORK QAA-level:" + this.QAALevel 
-//						+ " can not be mapped to eIDAS QAA-level! Use "
-//						+ PVPConstants.EIDAS_QAA_LOW + " as default value.");
-//				return PVPConstants.EIDAS_QAA_LOW;
-//				
-//			}
-//			
-//			
-//		} else
-//			return this.QAALevel;
-//		
-//	}
-//	
-//
-//	/**
-//	 * @return
-//	 */
-//	public boolean isForeigner() {
-//		return this.foreigner;
-//	}
-//
-//
-//	/**
-//	 * @param foreigner the foreigner to set
-//	 */
-//	public void setForeigner(boolean foreigner) {
-//		this.foreigner = foreigner;
-//	}
-//
-//
-
-//
-//	/**
-//	 * @return the ssoSession
-//	 */
-//	public boolean isSsoSession() {
-//		return ssoSession;
-//	}
-//
-//
-//	/**
-//	 * @param ssoSession the ssoSession to set
-//	 */
-//	public void setSsoSession(boolean ssoSession) {
-//		this.ssoSession = ssoSession;
-//	}
-//
-//	/**
-//	 * @return the mandateReferenceValue
-//	 */
-//	public String getMandateReferenceValue() {
-//		return mandateReferenceValue;
-//	}
-//
-//	/**
-//	 * @param mandateReferenceValue the mandateReferenceValue to set
-//	 */
-//	public void setMandateReferenceValue(String mandateReferenceValue) {
-//		this.mandateReferenceValue = mandateReferenceValue;
-//	}
-//
-//	/**
-//	 * CountryCode of the citizen which is identified and authenticated
-//	 * 
-//	 * @return the CountryCode <pre>like. AT, SI, ...</pre>
-//	 */
-//	public String getCcc() {
-//		return ccc;
-//	}
-//
-//	/**
-//	 * @param ccc the ccc to set
-//	 */
-//	public void setCcc(String ccc) {
-//		this.ccc = ccc;
-//	}
-//
-//	/**
-//	 * @return the sessionIndex
-//	 */
-//	public String getSessionIndex() {
-//		return sessionIndex;
-//	}
-//
-//	/**
-//	 * @param sessionIndex the sessionIndex to set
-//	 */
-//	public void setSessionIndex(String sessionIndex) {
-//		this.sessionIndex = sessionIndex;
-//	}
-//
-//	/* (non-Javadoc)
-//	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
-//	 */
-//	@Override
-//	public String getNameID() {
-//		return this.nameID;
-//	}
-//
-//	/**
-//	 * @param nameID the nameID to set
-//	 */
-//	public void setNameID(String nameID) {
-//		this.nameID = nameID;
-//	}
-//
-//	/**
-//	 * @return the nameIDFormat
-//	 */
-//	public String getNameIDFormat() {
-//		return nameIDFormat;
-//	}
-//
-//	/**
-//	 * @param nameIDFormat the nameIDFormat to set
-//	 */
-//	public void setNameIDFormat(String nameIDFormat) {
-//		this.nameIDFormat = nameIDFormat;
-//	}
-//
-////	/**
-////	 * @return the interfederatedSSOSession
-////	 */
-////	public boolean isInterfederatedSSOSession() {
-////		return interfederatedSSOSession;
-////	}
-////
-////	/**
-////	 * @param interfederatedSSOSession the interfederatedSSOSession to set
-////	 */
-////	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
-////		this.interfederatedSSOSession = interfederatedSSOSession;
-////	}
-////
-////	/**
-////	 * @return the interfederatedIDP
-////	 */
-////	public String getInterfederatedIDP() {
-////		return interfederatedIDP;
-////	}
-////
-////	/**
-////	 * @param interfederatedIDP the interfederatedIDP to set
-////	 */
-////	public void setInterfederatedIDP(String interfederatedIDP) {
-////		this.interfederatedIDP = interfederatedIDP;
-////	}
-//
-//	/**
-//	 * @return the ssoSessionValidTo
-//	 */
-//	public Date getSsoSessionValidTo() {
-//		return ssoSessionValidTo;
-//	}
-//
-//	/**
-//	 * @param ssoSessionValidTo the ssoSessionValidTo to set
-//	 */
-//	public void setSsoSessionValidTo(Date ssoSessionValidTo) {
-//		this.ssoSessionValidTo = ssoSessionValidTo;
-//	}
-//
-//	/**
-//	 * @return the encbPKList
-//	 */
-//	public List<String> getEncbPKList() {
-//		return encbPKList;
-//	}
-//
-//	/**
-//	 * @param encbPKList the encbPKList to set
-//	 */
-//	public void setEncbPKList(List<String> encbPKList) {
-//		this.encbPKList = encbPKList;
-//	}
-//
-//	/**
-//	 * @return the roles
-//	 */
-//	public List<AuthenticationRole> getAuthenticationRoles() {
-////		if (this.roles == null) {
-////			this.roles = new ArrayList<AuthenticationRole>();
-////			this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
-////			this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
-////		}
-//		
-//		return roles;
-//	}
-//
-//	//ISA 1.18 attributes
-//	/**
-//	 * @param roles the roles to set
-//	 */
-//	public void addAuthenticationRole(AuthenticationRole role) {
-//		if (this.roles == null)
-//			this.roles = new ArrayList<AuthenticationRole>();
-//
-//		this.roles.add(role);
-//	}
-//	
-//	/**
-//	 * @return the pvpAttribute_OU
-//	 */
-//	public String getPvpAttribute_OU() {
-//		return pvpAttribute_OU;
-//	}
-//
-//	/**
-//	 * @param pvpAttribute_OU the pvpAttribute_OU to set
-//	 */
-//	public void setPvpAttribute_OU(String pvpAttribute_OU) {
-//		this.pvpAttribute_OU = pvpAttribute_OU;
-//	}
-//
-//	/* (non-Javadoc)
-//	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
-//	 */
-//	@Override
-//	public boolean isBaseIDTransferRestrication() {
-//		return isBaseIDTransferRestrication;
-//	}
-//
-//	/**
-//	 * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
-//	 */
-//	public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
-//		this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
-//	}
-//	
-//	/**
-//	 * Returns a generic data-object with is stored with a specific identifier 
-//	 * 
-//	 * @param key The specific identifier of the data object
-//	 * @param clazz The class type which is stored with this key
-//	 * @return The data object or null if no data is found with this key
-//	 */
-//	public <T> T getGenericData(String key, final Class<T> clazz) {
-//		if (MiscUtil.isNotEmpty(key)) {
-//			Object data = genericDataStorate.get(key);			
-//			
-//			if (data == null)
-//				return null;
-//			
-//			try {
-//				@SuppressWarnings("unchecked")
-//				T test = (T) data;
-//				return test;
-//				
-//			} catch (Exception e) {
-//				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
-//				return null;
-//				
-//			}
-//			
-//		} 
-//		
-//		Logger.warn("Can not load generic session-data with key='null'");
-//		return null;
-//				
-//	}
-//	
-//	/**
-//	 * Store a generic data-object to session with a specific identifier
-//	 * 
-//	 * @param key Identifier for this data-object
-//	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-//	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-//	 */
-//	public void setGenericData(String key, Object object) throws SessionDataStorageException {
-//		if (MiscUtil.isEmpty(key)) {
-//			Logger.warn("Generic session-data can not be stored with a 'null' key");
-//			throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
-//			
-//		}
-//		
-//		if (object != null) {
-//			if (!Serializable.class.isInstance(object)) {
-//				Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
-//				throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
-//				
-//			}						
-//		}
-//		
-//		if (genericDataStorate.containsKey(key))
-//			Logger.debug("Overwrite generic data with key:" + key);
-//		else
-//			Logger.trace("Add generic data with key:" + key + " to session.");
-//		
-//		genericDataStorate.put(key, object);
-//	}
+
+	  
+	  public boolean isIseIDNewDemoMode() {
+		  return iseIDNewDemoMode;
+	  }
+
+	  /**
+	   * Set eID demo-mode into AuthData
+	   * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false
+	   */
+	  public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) {
+		  this.iseIDNewDemoMode = iseIDNewDemoMode;
+	  }
+
+	public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+		if (this.encMandateNaturalPersonbPKList == null)
+			this.encMandateNaturalPersonbPKList = new ArrayList<Pair<String, String>>();
+		
+		return this.encMandateNaturalPersonbPKList;
+		
+	}
+
+	public void setEncMandateNaturalPersonbPKList(List<Pair<String, String>> encMandateNaturalPersonbPKList) {
+		this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList;
+	}
+	  
+	  
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index b5005d0c9..2b550f21e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -26,7 +26,6 @@ import java.util.Date;
 import java.util.Map;
 import java.util.Map.Entry;
 
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.CookieUtils;
 import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -329,12 +329,12 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 				
 			} else {
 				//check if IDP cookie is set
-				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
+				String cookie = CookieUtils.getValueFromCookie(httpReq, SSOINTERFEDERATION);
 				if (MiscUtil.isNotEmpty(cookie)) {
 					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
 					moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie);
 				
-					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
+					CookieUtils.deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
 				}				
 			}
 						
@@ -345,7 +345,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 	}
 	
 	public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) {
-		setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
+		CookieUtils.setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
 		
 	}
 	
@@ -443,7 +443,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 	
 			
 	public String getSSOSessionID(HttpServletRequest httpReq) {
-		return getValueFromCookie(httpReq, SSOCOOKIE);
+		return CookieUtils.getValueFromCookie(httpReq, SSOCOOKIE);
 		
 	}
 		
@@ -510,43 +510,43 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 	
 	
 	private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
-		setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
+		CookieUtils.setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
 		
 	}
 
 	private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
-		deleteCookie(httpReq, httpResp, SSOCOOKIE);
+		CookieUtils.deleteCookie(httpReq, httpResp, SSOCOOKIE);
 		
 	}
 	
-	private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
-		Cookie[] cookies = httpReq.getCookies();
-		
-		if (cookies != null) {
-			for (Cookie cookie : cookies) {						
-				if (cookie.getName().equals(cookieName)) {
-					return cookie.getValue();
-				}
-			}
-		}
-		return null;
-	}
-	
-	private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, 
-			String cookieName, String cookieValue, int maxAge) {
-		
-		Cookie cookie = new Cookie(cookieName, cookieValue);
-		cookie.setMaxAge(maxAge);
-		cookie.setSecure(true);
-		cookie.setHttpOnly(true);
-		cookie.setPath(httpReq.getContextPath());
-				
-		httpResp.addCookie(cookie);
-	}
-	
-	private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
-		setCookie(httpReq, httpResp, cookieName, "", 0);
-		
-	}
+//	private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
+//		Cookie[] cookies = httpReq.getCookies();
+//		
+//		if (cookies != null) {
+//			for (Cookie cookie : cookies) {						
+//				if (cookie.getName().equals(cookieName)) {
+//					return cookie.getValue();
+//				}
+//			}
+//		}
+//		return null;
+//	}
+//	
+//	private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, 
+//			String cookieName, String cookieValue, int maxAge) {
+//		
+//		Cookie cookie = new Cookie(cookieName, cookieValue);
+//		cookie.setMaxAge(maxAge);
+//		cookie.setSecure(true);
+//		cookie.setHttpOnly(true);
+//		cookie.setPath(httpReq.getContextPath());
+//				
+//		httpResp.addCookie(cookie);
+//	}
+//	
+//	private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+//		setCookie(httpReq, httpResp, cookieName, "", 0);
+//		
+//	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
new file mode 100644
index 000000000..c5a8d88b7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
@@ -0,0 +1,56 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+
+@PVPMETADATA
+public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder {
+	
+	private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class);
+	
+	public static final String DELIMITER_BPK_LIST = ";";
+	public static final String LIST_ELEMENT_START = "(";
+	public static final String LIST_ELEMENT_END = ")";
+	
+	public String getName() {
+		return BPK_LIST_NAME;
+	}
+	
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END;
+		
+		//add additional bPKs if someone are available
+		if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
+			log.info("Adding additional bPKs into bPK attribute");
+			for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+				result += DELIMITER_BPK_LIST 
+							+ LIST_ELEMENT_START 
+								+ removeBpkTypePrefix(el.getSecond()) 
+								+ DELIMITER_BPKTYPE_BPK 
+								+ attrMaxSize(el.getFirst())
+							+ LIST_ELEMENT_END;
+				
+			}
+			log.trace("Authenticate user with bPK-List: " + result);
+		}
+		
+		log.trace("Authenticate user with bPK/wbPK: " + result);		
+		return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result);
+	}
+	
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME);
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index 139bb15cc..a1a5825b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Deprecated
 @PVPMETADATA
 public class EIDAuthBlock implements IPVPAttributeBuilder {
 	
@@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
 		
 		try {
 			if (authData instanceof IMOAAuthData) {
+				
+				if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+					Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+					throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME);
+					
+				}
+				
 				String authblock = ((IMOAAuthData)authData).getAuthBlock();
 				if (MiscUtil.isNotEmpty(authblock)) {
 					return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 44043ec40..bf7187e51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
@@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger;
 @PVPMETADATA
 public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	
+	public static final String DELIMITER_ENCBPK_TARGET = "|";
+	
 	public String getName() {
 		return ENC_BPK_LIST_NAME;
 	}
@@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 		if (authData instanceof IMOAAuthData) {
 			if (((IMOAAuthData)authData).getEncbPKList() != null &&
 					((IMOAAuthData)authData).getEncbPKList().size() > 0) {
-				String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
-				for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
-					value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);			
+				Pair<String, String> value = ((IMOAAuthData)authData).getEncbPKList().get(0);				
+				String result = BPKListAttributeBuilder.LIST_ELEMENT_START 
+									+ value.getSecond() + DELIMITER_ENCBPK_TARGET +  value.getFirst() 
+								+ BPKListAttributeBuilder.LIST_ELEMENT_END;
+				
+				for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) {
+					Pair<String, String> el = ((IMOAAuthData)authData).getEncbPKList().get(i);					
+					result += BPKListAttributeBuilder.DELIMITER_BPK_LIST 
+								+ BPKListAttributeBuilder.LIST_ELEMENT_START 
+									+ el.getSecond() + DELIMITER_ENCBPK_TARGET +  el.getFirst() 
+								+ BPKListAttributeBuilder.LIST_ELEMENT_END;		
+					
+				}
 			
 				return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
-						value);
+						result);
 			
 			}
 			
@@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 		
 		throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
 		
-//		String encbpk = "XXX01234567890XXX";
-//		String type = "Bereich";
-//		String vkz = "Verfahrenskennzeichen";
-//		
-//		//TODO: implement encrypted bPK support
-//		
-//		Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk);
-//		
-//		return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
-//				vkz + "+" + type + "|" + encbpk);
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index a40c0fefb..fb101467a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData instanceof IMOAAuthData) {
+		if (authData instanceof IMOAAuthData) {					
 			if (((IMOAAuthData)authData).isUseMandate()) {
+				
+				if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+					Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+					return null;
+					
+				}
+				
+				
 				//only provide full mandate if it is included. 
 				//In case of federation only a short mandate could be include 
 				if (((IMOAAuthData)authData).getMandate() != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index f67f79dcf..4d41cc19b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -22,11 +22,13 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
+import org.apache.commons.lang3.StringUtils;
 import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
@@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
@@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {						
 		try {			
-			Pair<String, String> calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData);
-			if (calcResult != null) {					
-				String bpk = calcResult.getFirst();
-				String type = calcResult.getSecond();
-				
-				if (MiscUtil.isEmpty(bpk))
-					throw new UnavailableAttributeException(BPK_NAME);
-				
-				if (type != null) {	
-					if (type.startsWith(Constants.URN_PREFIX_WBPK))
-						type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-				
-					else if (type.startsWith(Constants.URN_PREFIX_CDID)) 
-						type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-				
-					else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) 
-						type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-					
-				} else {
-					Logger.debug("bPK type is 'null' --> use it as it is");
-					
-				}
-				
-				if (bpk.length() > BPK_MAX_LENGTH) {
-					bpk = bpk.substring(0, BPK_MAX_LENGTH);
-				}
-				
-				Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-				
-				if (type != null)
-					return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk);
-				else
-					return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk);
-			
-			}
-			
+			String bPKResult = getBpkAttributeStringForSP(oaParam, authData);
+			if (StringUtils.isNoneEmpty(bPKResult))
+				return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult);
+						
 		}
 		catch (BuildException | ConfigurationException | EAAFBuilderException e) {
 			Logger.error("Failed to generate IdentificationType");
@@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 		return null;
 		
 	}
-	
+		
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
 		return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
 	}
 	
-	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {		
+	protected Pair<String, String> getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
+		Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData);
+		Pair<String, String> bPKResult = null;
+		
+		if (baseId != null) {			
+			if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID))									
+				bPKResult  = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(), 
+						oaParam.getAreaSpecificTargetIdentifier());								
+			else {
+				Logger.debug("No BaseId target in mandate. Use it as it is ... ");
+				bPKResult = Pair.newInstance(baseId.getFirst(), null);
+			
+			}
+		}
+		
+		return bPKResult;
+		
+	}
+	
+	
+	/**
+	 * Generate the bPK String for this specific SP
+	 * 
+	 * @param oaParam
+	 * @param authData
+	 * @return
+	 * @throws UnavailableAttributeException
+	 * @throws EAAFBuilderException 
+	 * @throws ConfigurationException 
+	 * @throws BuildException 
+	 * @throws NoMandateDataAttributeException 
+	 */
+	protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException {				
+		Pair<String, String> bPKResult = getBpkForSp(oaParam, authData);
+		if (bPKResult != null) {					
+			String bpk = bPKResult.getFirst();
+			String type = bPKResult.getSecond();
+			
+			if (MiscUtil.isEmpty(bpk))
+				throw new UnavailableAttributeException(BPK_NAME);
+			
+			if (type != null)
+				type = removeBpkTypePrefix(type);					
+			else
+				Logger.debug("bPK type is 'null' --> use it as it is");
+								
+			bpk = attrMaxSize(bpk);
+			
+			Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
+			
+			if (type != null)
+				return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk;
+			else
+				return bpk;
+		
+		}
+		
+		return null;
+		
+	}
+	
+	
+	/**
+	 * Limit the attribute value to maximum size
+	 * 
+	 * @param attr
+	 * @return
+	 */
+	protected String attrMaxSize(String attr) {
+		if (attr != null && attr.length() > BPK_MAX_LENGTH) {
+			attr = attr.substring(0, BPK_MAX_LENGTH);
+		}
+		return attr;
+		
+	}
+	
+	/**
+	 * Remove bPKType prefix if available
+	 * 
+	 * @param type
+	 * @return
+	 */
+	protected String removeBpkTypePrefix(String type) {
+		if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK))
+			return type.substring((EAAFConstants.URN_PREFIX_WBPK).length());
+		
+		else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) 
+			return type.substring((EAAFConstants.URN_PREFIX_CDID).length());
+		
+		else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) 
+			return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length());
+		
+		else
+			return type;
+		
+	}
+	
+	protected Pair<String, String> getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {		
 		//get PVP attribute directly, if exists 
 		Pair<String, String> calcResult = null;
 		if (authData instanceof IMOAAuthData) {
@@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 						Logger.info("Failed to generate IdentificationType");
 						throw new NoMandateDataAttributeException();
 					}
-				
-									
-					if (id.getType().equals(Constants.URN_PREFIX_BASEID))									
-						calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), 
-								oaParam.getAreaSpecificTargetIdentifier());								
-					else
-						calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+													
+					calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
 	
 				
 				} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java
new file mode 100644
index 000000000..fd00e2f61
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java
@@ -0,0 +1,83 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@PVPMETADATA
+public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder {
+			
+	public String getName() {
+		return MANDATE_NAT_PER_BPK_LIST_NAME;
+	}
+	
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		
+		try {
+			String result = getBpkAttributeStringForSP(oaParam, authData);
+		
+			if (result != null) {
+				result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END;
+				
+				//add additional bPKs if someone are available
+				if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {			
+					Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... ");			
+					Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData);			
+					if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond()) 
+							&& baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) {			
+						for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+							
+							Pair<String, String> addBpk = 
+									new BPKBuilder().generateAreaSpecificPersonIdentifier(
+											baseId.getFirst(), 
+											el.getSecond());	
+							
+							Logger.trace("Calculate bPK with " + addBpk.toString());
+							
+							result += BPKListAttributeBuilder.DELIMITER_BPK_LIST 
+										+ BPKListAttributeBuilder.LIST_ELEMENT_START 
+											+ removeBpkTypePrefix(addBpk.getSecond()) 
+											+ BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK 
+											+ attrMaxSize(addBpk.getFirst())
+										+ BPKListAttributeBuilder.LIST_ELEMENT_END;
+				
+						}
+					}
+				}
+		
+				Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate");		
+				return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result);
+			
+			}
+			
+			return null;
+			
+		} catch (BuildException | ConfigurationException | EAAFBuilderException e) {
+			Logger.error("Failed to generate IdentificationType");
+			throw new NoMandateDataAttributeException();
+				
+		}
+		
+	}
+	
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME);
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java
new file mode 100644
index 000000000..220ccd94e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java
@@ -0,0 +1,62 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
+
+@PVPMETADATA
+public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder {
+			
+	public String getName() {
+		return MANDATE_NAT_PER_ENC_BPK_LIST_NAME;
+	}
+	
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		
+		if (authData instanceof IMOAAuthData) {			
+			if (((IMOAAuthData) authData).isUseMandate()) {			
+				if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null &&
+						((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) {
+					Pair<String, String> value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0);				
+					String result = BPKListAttributeBuilder.LIST_ELEMENT_START 
+										+ value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET +  value.getFirst() 
+									+ BPKListAttributeBuilder.LIST_ELEMENT_END;
+				
+					for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) {
+						Pair<String, String> el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i);					
+						result += BPKListAttributeBuilder.DELIMITER_BPK_LIST 
+									+ BPKListAttributeBuilder.LIST_ELEMENT_START 
+										+ el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET +  el.getFirst() 
+										+ BPKListAttributeBuilder.LIST_ELEMENT_END;		
+					
+					}
+			
+					return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME, 
+							result);
+			
+				}
+				
+			} else
+				Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used");
+						
+		} else
+			Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
+		throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME);
+		
+	}
+	
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME);
+	}
+		
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 32b45a595..88648b56e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
+@Deprecated
 @PVPMETADATA
 public class MandateNaturalPersonSourcePinAttributeBuilder  implements IPVPAttributeBuilder {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 90a0d61c9..223994e6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
+@Deprecated
 @PVPMETADATA
 public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder  {
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
index e3b58d259..5daa71b1f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
@@ -20,7 +20,7 @@
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
  */
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 
@@ -28,7 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
  * @author tlenz
  *
  */
-public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> {
+public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> {
 
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 1fa17c683..4fc37d88f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -145,7 +145,9 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
 			try {
 				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-						PVPConstants.SSLSOCKETFACTORYNAME, 
+						PVPConstants.SSLSOCKETFACTORYNAME,
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 						moaAuthConfig.getTrustedCACertificates(),
 						null,
 						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index d7ada1f36..bd908f894 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -75,7 +75,9 @@ public class MOASAMLSOAPClient {
 				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 				SecureProtocolSocketFactory sslprotocolsocketfactory = 
 						new MOAHttpProtocolSocketFactory(
-								PVPConstants.SSLSOCKETFACTORYNAME,  
+								PVPConstants.SSLSOCKETFACTORYNAME,
+								AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+										AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 								AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
 								null,
 								AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
index 8d36e81bb..df43316ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException;
 import org.springframework.data.redis.core.RedisOperations;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.SessionCallback;
-import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializer;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
@@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage {
 	protected AuthConfiguration authConfig;
 	
 	@Autowired
-	private JacksonJsonRedisSerializer assertionStoreSerializer;
+	private RedisSerializer<AssertionStore> assertionStoreSerializer;
 	
     public RedisTemplate<String, Object> getTemplate(){
     	return this.redisTemplate;
@@ -69,10 +69,11 @@ public class RedisTransactionStorage implements ITransactionStorage {
     }
 	
 	public boolean containsKey(String key) {
+		
 		try {
 			searchInDatabase(key);
 			return true;
-			
+										
 		} catch (MOADatabaseException e) {
 			return false;
 		}
@@ -371,7 +372,7 @@ public void putRaw(String key, Object element) throws EAAFException {
 				+ " found. Process gets stopped.");
 		
 	}
-	redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS);
+	redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(as)),expTime,TimeUnit.MILLISECONDS);
 	
 }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java
new file mode 100644
index 000000000..21cbd574f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.util;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class CookieUtils {
+	public static String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
+		Cookie[] cookies = httpReq.getCookies();
+		
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {						
+				if (cookie.getName().equals(cookieName)) {
+					return cookie.getValue();
+				}
+			}
+		}
+		return null;
+	}
+	
+	public static void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, 
+			String cookieName, String cookieValue, int maxAge) {
+		
+		Cookie cookie = new Cookie(cookieName, cookieValue);
+		cookie.setMaxAge(maxAge);
+		cookie.setSecure(true);
+		cookie.setHttpOnly(true);
+		cookie.setPath(httpReq.getContextPath());
+				
+		httpResp.addCookie(cookie);
+	}
+	
+	public static void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+		setCookie(httpReq, httpResp, cookieName, "", 0);
+		
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 611dff3b1..6bf44a527 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -61,6 +61,7 @@ import javax.net.ssl.SSLSocketFactory;
 import org.apache.regexp.RE;
 import org.apache.regexp.RESyntaxException;
 
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -93,6 +94,10 @@ public class SSLUtils {
 		    ConfigurationProvider conf, String url )
 		    throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
 		    
+	  			boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+	  					AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, 
+	  					false);
+	  
 			    // else create new SSLSocketFactory
 			    String trustStoreURL = conf.getTrustedCACertificates();
 			    
@@ -107,6 +112,7 @@ public class SSLUtils {
 			    try {	    
 			    	SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
 			    					url,
+			    					useStandardJavaTrustStore,
 			    					null,
 			    					trustStoreURL, 
 			    					acceptedServerCertURL, 
@@ -148,6 +154,10 @@ public class SSLUtils {
     ConnectionParameterInterface connParam)
     throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
     
+	  boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+			  AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, 
+			  false);
+	  
 	    // else create new SSLSocketFactory
 	    String trustStoreURL = conf.getTrustedCACertificates();
 	    
@@ -162,6 +172,7 @@ public class SSLUtils {
 	    try {	    
 	    	SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
 	    					connParam.getUrl(),
+	    					useStandardJavaTrustStore,
 	    					null,
 	    					trustStoreURL, 
 	    					acceptedServerCertURL, 
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 14d4d9fb6..a10b9b3e0 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -20,3 +20,6 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
+at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 26fd1f986..02c683305 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -106,6 +106,10 @@
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask"
 				scope="prototype"/>		
 				
+	<bean id="GenericFrontChannelRedirectTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenericFrontChannelRedirectTask"
+				scope="prototype"/>				
+				
 	<beans profile="advancedLogOn">
 		<bean id="StatisticLogger" 
 				class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/>
diff --git a/id/server/idserverlib/src/main/resources/session.redis.beans.xml b/id/server/idserverlib/src/main/resources/session.redis.beans.xml
index feda9b273..a352cf9ab 100644
--- a/id/server/idserverlib/src/main/resources/session.redis.beans.xml
+++ b/id/server/idserverlib/src/main/resources/session.redis.beans.xml
@@ -24,7 +24,8 @@
     	p:port="${redis.port}"/>
     	
     <bean id="RedisStringSerializer" class="org.springframework.data.redis.serializer.StringRedisSerializer" />
-    <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.JacksonJsonRedisSerializer">
+    
+    <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer">
 			<constructor-arg type="java.lang.Class" value="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/>	
 	</bean>
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 1ea057186..c3420d833 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -72,14 +73,14 @@ public class AuthenticationDataBuilderTest {
 			throw new Exception("bPKType wrong");
 		
 		
-		List<String> foreignbPKs = authData.getEncbPKList();
+		List<Pair<String, String>> foreignbPKs = authData.getEncbPKList();
 		if (foreignbPKs.isEmpty())
 			throw new Exception("NO foreign bPK list is null");
 		
 		if (foreignbPKs.size() != 1)
 			throw new Exception("NO or MORE THAN ONE foreign bPK");
 		
-		if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")")))
+		if (!foreignbPKs.get(0).getSecond().equals("wbpk+FN+195738a") && !(foreignbPKs.get(0).getFirst().isEmpty()))
 			throw new Exception("foreign bPK has wrong prefix");
 				
 	}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
index 61e765f55..bcbabae5b 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
@@ -346,5 +346,11 @@ public class DummyOAConfig implements IOAAuthParameters {
 	public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) {
 		this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction;
 	}
+
+	@Override
+	public List<String> additionalbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
 		
 }
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 55a7e7be9..7ec1ddf73 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -270,13 +270,13 @@
 		</dependency>
 		
 		
- 	  <dependency>
+  	    <dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
 		</dependency>
 		<dependency>
 		 	<groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-annotations</artifactId>
+      		<artifactId>jackson-annotations</artifactId>
 		</dependency>
 		
 		<dependency>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index a787cea00..4dd0a857f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -11,6 +11,7 @@ import iaik.pki.revocation.RevocationSourceTypes;
 
 public interface AuthConfiguration extends ConfigurationProvider{
 
+	public static final String PROP_KEY_SSL_USE_JVM_TRUSTSTORE = "configuration.ssl.useStandardJavaTrustStore";
 	public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname";
 	public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname";
 	public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 5df4a4163..00b39daec 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -22,7 +22,6 @@
  */
 package at.gv.egovernment.moa.id.commons.api;
 
-import java.io.Serializable;
 import java.security.PrivateKey;
 import java.util.Collection;
 import java.util.List;
@@ -235,4 +234,15 @@ public interface IOAAuthParameters extends ISPConfiguration{
 	 */
 	public List<String> foreignbPKSectorsRequested();
 	
+	
+	/**
+	 * Get a List of sectors for that this service provider requires additional unencrypted bPKs
+	 * 
+	 * @return list of sectors, or null if no sectors are defined
+	 */
+	public List<String> additionalbPKSectorsRequested();
+	
+	
+	
+	
 }
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 4555f61d2..4adff7f19 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -176,12 +176,25 @@ public class ConfigurationMigrationUtils {
 				}
 			}
 			
+			//Austrian eID demo-mode
+			if (oa.getIseIDDemoModeActive() != null)
+				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, oa.getIseIDDemoModeActive().toString());
+			else
+				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString());
+			
 			if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList()))
 				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList());
 			else
 				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY);
 			
-						
+			if (MiscUtil.isNotEmpty(oa.getAdditionalbPKTargetList()))
+				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, oa.getAdditionalbPKTargetList());
+			else
+				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, StringUtils.EMPTY);
+
+			
+			
+			
 			//convert selected SZR-GW service
 			if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
 				result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
@@ -857,9 +870,19 @@ public class ConfigurationMigrationUtils {
 	            }
 	        }
 
+	        //Austrian eID demo-mode
+	        if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE)))
+	        	dbOA.setIseIDDemoModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE)));
+	        else 
+	        	dbOA.setIseIDDemoModeActive(false);
+	        
 	        if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)))
 	        		dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN));
 	        
+	        if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS)))
+        		dbOA.setAdditionalbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS));
+	        
+	        
             //store BKU-URLs
             BKUURLS bkuruls = new BKUURLS();
             authoa.setBKUURLS(bkuruls);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index a6315fe2c..1be97c49d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -64,6 +64,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
 	public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type";
 	public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value";
 	public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign";
+	public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs";
+	public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode";
 	
 	
 	public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index e37873a72..510fd0581 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -115,10 +115,15 @@ public class OnlineApplication
     @XmlTransient
     protected String mandateServiceSelectionTemplateURL = null;
     
-    @XmlTransient
+    @XmlTransient   
     protected String foreignbPKTargetList = null;
     
+    @XmlTransient
+    protected String additionalbPKTargetList = null;
 
+    @XmlTransient
+    protected Boolean iseIDDemoModeActive = false;
+    
     
     public String getForeignbPKTargetList() {
 		return foreignbPKTargetList;
@@ -128,6 +133,25 @@ public class OnlineApplication
 		this.foreignbPKTargetList = foreignbPKTargetList;
 	}
 
+	
+	
+	
+	public String getAdditionalbPKTargetList() {
+		return additionalbPKTargetList;
+	}
+
+	public void setAdditionalbPKTargetList(String additionalbPKTargetList) {
+		this.additionalbPKTargetList = additionalbPKTargetList;
+	}
+
+	public Boolean getIseIDDemoModeActive() {
+		return iseIDDemoModeActive;
+	}
+
+	public void setIseIDDemoModeActive(Boolean iseIDDemoModeActive) {
+		this.iseIDDemoModeActive = iseIDDemoModeActive;
+	}
+
 	/**
 	 * @return the saml2PostBindingTemplateURL
 	 */
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index 4c6cd16c0..7114552b4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -37,7 +37,6 @@ import javax.persistence.Table;
 
 import org.hibernate.annotations.DynamicUpdate;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
 
 
 
@@ -57,7 +56,6 @@ public class AssertionStore implements Serializable{
 
 
 
-	@JsonCreator
 	public AssertionStore(){
 		
 	}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
index 7121c4a2a..31c66376c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
@@ -72,8 +72,9 @@ public class HttpClientWithProxySupport {
 			String user = System.getProperty("http.proxyUser"); //$NON-NLS-1$
 			String pass = System.getProperty("http.proxyPassword"); //$NON-NLS-1$
 			if (MiscUtil.isNotEmpty(user) && pass != null) {				
-				CredentialsProvider credsProvider = new BasicCredentialsProvider();
-				credsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass));
+				CredentialsProvider proxyCredsProvider = new BasicCredentialsProvider();
+				proxyCredsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass));
+				clientBuilder.setDefaultCredentialsProvider(proxyCredsProvider);
 				
 			}			
 		}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index bdadf681d..6c8c092ed 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -34,7 +34,6 @@ import java.util.Arrays;
 import java.util.List;
 
 import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
@@ -51,7 +50,6 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.pki.PKIException;
-import sun.security.ssl.ProtocolVersion;
 
 /**
  * @author tlenz
@@ -77,14 +75,15 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	 * @throws MOAHttpProtocolSocketFactoryException
 	 */
 	public MOAHttpProtocolSocketFactory (
-			String url, 
+			String url,
+			boolean useStandardJavaTrustStore,
 			String trustStoreURL,
 			String acceptedServerCertURL,
 			String chainingMode,
 			boolean checkRevocation,
 			String[] revocationMethodOrder,
 			boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException {
-		internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+		internalInitialize(url, useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
 		
 		this.verifyHostName = verifyHostName;
 		
@@ -103,26 +102,31 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	 * @param verifyHostName Enables / Disables hostName verfication
 	 * @throws MOAHttpProtocolSocketFactoryException
 	 */
-	public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL,
+	public MOAHttpProtocolSocketFactory(String url, boolean useStandardJavaTrustStore,
+			String certStoreDirectory, 
+			String trustStoreURL,
 			String acceptedServerCertURL,
 			String chainingMode,
 			boolean checkRevocation,
 			String[] revocationMethodOrder,
 			boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException {
-		internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+		internalInitialize(url, useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
 
 		this.verifyHostName = verifyHostName;
 		
 	}
 
-	private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL,
+	private void internalInitialize(String url, boolean useStandardJavaTrustStore, 
+			String certStoreDirectory, 
+			String trustStoreURL,
 			String acceptedServerCertURL,
 			String chainingMode,
 			boolean checkRevocation,
 			String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
 		try {
 			this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
-					url, 
+					url,
+					useStandardJavaTrustStore,
 					certStoreDirectory,
 					trustStoreURL, 
 					acceptedServerCertURL, 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index e6efca4ea..8aaf94fad 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -108,8 +108,29 @@ public class SSLUtils {
 	  }	  
   }
   
+  /**
+   * Get SSLSocketFactory with TrustStore and KeyStore implementations
+   * 
+   * @param url URL of the Service that should be connected
+   * @param useStandardJavaTrustStore Flag to use standard JVM truststore
+   * @param certStoreRootDirParam Path to certStore, if own truststore is used
+   * @param trustStoreURL Path to truststore, if own truststore is used
+   * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used
+   * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used
+   * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used
+   * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used
+   * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null
+   * @param clientKeyStorePassword KeyStore password
+   * @param clientKeyStoreType KeyStore type
+   * @return
+   * @throws IOException
+   * @throws GeneralSecurityException
+   * @throws SSLConfigurationException
+   * @throws PKIException
+   */
   public static SSLSocketFactory getSSLSocketFactory(
-		  String url, 
+		  String url,
+		  boolean useStandardJavaTrustStore,
 		  String certStoreRootDirParam, 
 		  String trustStoreURL, 
 		  String acceptedServerCertURL,
@@ -130,14 +151,19 @@ public class SSLUtils {
     	return ssf;
     	
     }
-        
-    TrustManager[] tms = getTrustManagers(
-    		 certStoreRootDirParam,
-    		 chainingMode,    		 
-    		 trustStoreURL, 
-    		 acceptedServerCertURL,
-    		 checkRevocation,
-    		 revocationMethodOrder);
+
+    //initialize own trust-store implementation
+    TrustManager[] tms = null;
+    if (!useStandardJavaTrustStore) {
+    	tms = getTrustManagers(
+    			certStoreRootDirParam,
+    			chainingMode,    		 
+    			trustStoreURL, 
+    			acceptedServerCertURL,
+    			checkRevocation,
+    			revocationMethodOrder);
+    	
+    }
     
     KeyManager[] kms = getKeyManagers(
       clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 47abbf29a..b3655c0c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -398,8 +398,7 @@ public interface Constants {
   /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/
   public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas";
   public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions";
-  public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";
-  
+  public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";  
   
   /* Prefix and Schema for SAML2 Entity Attributes */
   public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr";
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
index 5cee90658..cd3f1f788 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
@@ -322,7 +322,9 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider
 			try {
 				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-						PVPConstants.SSLSOCKETFACTORYNAME, 
+						PVPConstants.SSLSOCKETFACTORYNAME,
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 						moaAuthConfig.getTrustedCACertificates(),
 						null,
 						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
diff --git a/id/server/modules/moa-id-module-eIDAS/.gitignore b/id/server/modules/moa-id-module-eIDAS/.gitignore
new file mode 100644
index 000000000..b83d22266
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/.gitignore
@@ -0,0 +1 @@
+/target/
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index cf3325d24..5f4192645 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -12,11 +12,13 @@
   <properties>
 		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
 		
-		<eidas-commons.version>1.4.0</eidas-commons.version>
-		<eidas-light-commons.version>1.4.0</eidas-light-commons.version>
-		<eidas-saml-engine.version>1.4.0</eidas-saml-engine.version>
-		<eidas-encryption.version>1.4.0</eidas-encryption.version>
-		<eidas-configmodule.version>1.4.0</eidas-configmodule.version>
+		<eidas-commons.version>1.4.3</eidas-commons.version>
+		<eidas-light-commons.version>1.4.3</eidas-light-commons.version>
+		<eidas-saml-engine.version>1.4.3</eidas-saml-engine.version>
+		<eidas-encryption.version>1.4.3</eidas-encryption.version>
+		<eidas-configmodule.version>1.4.3</eidas-configmodule.version>
+		
+		<eID4U.module.version>0.2</eID4U.module.version>
 				
 	</properties>
   
@@ -48,18 +50,48 @@
   		<groupId>MOA.id.server</groupId>
   		<artifactId>moa-id-lib</artifactId>
   	</dependency>
+
+			<dependency>
+  				<groupId>MOA.id.server.modules</groupId>
+  				<artifactId>moa-id-modul-citizencard_authentication</artifactId>
+  				<exclusions>
+  					<exclusion>
+  						<groupId>*</groupId>
+  					</exclusion>
+  				</exclusions>
+  			</dependency>
+  			<dependency>
+  				<groupId>MOA.id.server.modules</groupId>
+  				<artifactId>moa-id-module-openID</artifactId>
+  				<exclusions>
+  					<exclusion>
+  						<groupId>*</groupId>
+  					</exclusion>
+  				</exclusions>
+  			</dependency>
   
   	<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-test</artifactId>
-			<scope>test</scope>
-		</dependency>
-
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
+ 		 <groupId>eu.eidas.extension.eID4U</groupId>
+  		<artifactId>eID4U_commons</artifactId>
+  		<version>${eID4U.module.version}</version>
+  	</dependency>
+  
+ 	 <dependency>
+    	<groupId>com.google.code.findbugs</groupId>
+    	<artifactId>jsr305</artifactId>
+    	<version>3.0.1</version>
+   	</dependency>
+  
+   	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-test</artifactId>
+		<scope>test</scope>
+	</dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
   
 		<!-- eidas Commons -->
 		<dependency>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
new file mode 100644
index 000000000..d3aa7b4a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl {
+
+	private int priority = 1;
+	
+	@Autowired private IRequestStorage requestStore;
+	
+	
+	@Override
+	public int getPriority() {
+		return priority; 
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		String selectedProcessID = super.selectProcess(context);
+		if (MiscUtil.isNotEmpty(selectedProcessID)) {
+			String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID);
+			
+			if (StringUtils.isEmpty(pendingReqId))
+				Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!");
+			
+			else {
+				IRequest pendingReq = requestStore.getPendingRequest(pendingReqId);
+				if (pendingReq != null && pendingReq instanceof EIDASData) {
+					return "eID4UAttributCollectionAuthentication";
+				
+				}
+			}
+		}	
+		
+		return selectedProcessID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:eid4u.Authentication.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
new file mode 100644
index 000000000..c8c65ce76
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Controller
+public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController {
+
+	public eID4UAPSignalServlet() {
+		Logger.debug("Registering servlet " + getClass().getName() + 
+				" with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'.");
+		
+	}
+	
+	@RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN }, 
+					method = {RequestMethod.POST, RequestMethod.GET})
+	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+	}
+
+	@Override
+	/**
+	 * Protocol specific implementation to get the pending-requestID 
+	 * from http request object
+	 * 
+	 * @param request The http Servlet-Request object
+	 * @return The Pending-request id 
+	 * 	
+	 */
+	public String getPendingRequestId(HttpServletRequest request) {
+		String pendigReqId = super.getPendingRequestId(request);
+		
+		if (MiscUtil.isEmpty(pendigReqId)) {
+			Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... ");			
+			pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE);			
+			if (MiscUtil.isEmpty(pendigReqId)) {						
+				Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... ");
+				pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+				if (MiscUtil.isEmpty(pendigReqId))
+					Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId.");
+				
+			}
+		}
+		
+		return pendigReqId;
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
new file mode 100644
index 000000000..45eb161d3
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
@@ -0,0 +1,25 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+public class eID4UConstants {
+	
+	//configuration parameter
+	public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID";
+	public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url";		
+	public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full";		
+	public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url";
+	public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype";
+	public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username";
+	public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password";
+	public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url";
+	
+	//session parameter
+	public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId";
+	public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume";
+	
+	//process context
+	public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr";
+	public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK";
+	
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
new file mode 100644
index 000000000..69cc131ff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
@@ -0,0 +1,239 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moaspss.logging.Logger;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+public class AttributeScopeMapper {
+		
+	private static AttributeScopeMapper instance = null;
+
+	public static final String Scope_Delimiter = " ";
+	
+	public static final String Citizenship = "ANY@tugraz.idm.attr.Citizenship";
+	public static final String CityOfBirth = "ANY@tugraz.idm.attr.CityOfBirth";
+	public static final String CountryOfBirth = "ANY@tugraz.idm.attr.CountryOfBirth";
+	public static final String CurrentDegreeName = "ANY@tugraz.idm.attr.CurrentDegreeName";
+	public static final String CurrentFieldOfStudy = "ANY@tugraz.idm.attr.CurrentFieldOfStudy";
+	public static final String CurrentLevelOfStudy = "ANY@tugraz.idm.attr.CurrentLevelOfStudy";
+	public static final String EmailStud = "ANY@tugraz.idm.attr.EmailStud";
+	public static final String Gender = "ANY@tugraz.idm.attr.Gender";
+	public static final String HomeInstitutionName = "ANY@tugraz.idm.attr.HomeInstitutionName";
+	public static final String HomeInstitutionCountry = "ANY@tugraz.idm.attr.HomeInstitutionCountry";
+
+	public static final String HomeInstitutionAddressCountryCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode";
+	public static final String HomeInstitutionAddressPostalCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode";
+	public static final String HomeInstitutionAddressStreet = "ANY@tugraz.idm.attr.HomeInstitutionAddressStreet";
+	public static final String HomeInstitutionAddressCity = "ANY@tugraz.idm.attr.HomeInstitutionAddressCity";
+
+	public static final String PermanentAddressCity = "ANY@tugraz.idm.attr.PermanentAddressCity";
+	public static final String PermanentAddressCountryCode = "ANY@tugraz.idm.attr.PermanentAddressCountryCode";
+	public static final String PermanentAddressPostalCode = "ANY@tugraz.idm.attr.PermanentAddressPostalCode";
+	public static final String PermanentAddressStreet = "ANY@tugraz.idm.attr.PermanentAddressStreet";
+
+	public static final String StudyAddressCity = "ANY@tugraz.idm.attr.StudyAddressCity";
+	public static final String StudyAddressCountryCode = "ANY@tugraz.idm.attr.StudyAddressCountryCode";
+	public static final String StudyAddressPostalCode = "ANY@tugraz.idm.attr.StudyAddressPostalCode";
+	public static final String StudyAddressStreet = "ANY@tugraz.idm.attr.StudyAddressStreet";
+
+	private static List<String> complexeScopes = new ArrayList<String>();
+	
+	private static final Map<String, String> eIDASToScopes = Collections.unmodifiableMap(new HashMap<String,String>() {
+		private static final long serialVersionUID = 1L;
+		{
+			put(Definitions.CITIZENSHIP_NAME, Citizenship);
+			put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), 
+					CityOfBirth);
+			put(Definitions.COUNTRYOFBIRTH_NAME, CountryOfBirth);
+			put(Definitions.CURRENTDEGREE_NAME, CurrentDegreeName);
+			put(Definitions.FIELDOFSTUDY_NAME, CurrentFieldOfStudy);
+			put(Definitions.CURRENTLEVELOFSTUDY_NAME, CurrentLevelOfStudy);
+			put(Definitions.EMAIL_NAME, EmailStud);
+			put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), 
+					Gender);
+			put(Definitions.HOMEINSTITUTIONNAME_NAME, HomeInstitutionName);
+			put(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, HomeInstitutionCountry);
+			
+			put(Definitions.HOMEINSTITUTIONADDRESS_NAME, 
+					      HomeInstitutionAddressCountryCode + Scope_Delimiter 
+						+ HomeInstitutionAddressPostalCode + Scope_Delimiter
+						+ HomeInstitutionAddressStreet + Scope_Delimiter
+						+ HomeInstitutionAddressCity);
+			put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), 
+					      PermanentAddressCity + Scope_Delimiter
+						+ PermanentAddressCountryCode + Scope_Delimiter
+						+ PermanentAddressPostalCode + Scope_Delimiter
+						+ PermanentAddressStreet);
+			put(Definitions.TEMPORARYADDRESS_NAME, 
+					      StudyAddressCity + Scope_Delimiter
+						+ StudyAddressCountryCode + Scope_Delimiter
+						+ StudyAddressPostalCode + Scope_Delimiter
+						+ StudyAddressStreet);
+			
+		}
+	});
+	
+	private static Map<String, String> scopesToeIDAS = Collections.unmodifiableMap(new HashMap<String,String>() {
+		private static final long serialVersionUID = 1L;
+		{
+			Iterator<Entry<String, String>> it = eIDASToScopes.entrySet().iterator();
+			while (it.hasNext()) {
+				Entry<String, String> el = it.next();				
+				String[] value = el.getValue().split(Scope_Delimiter);
+				if (value.length == 1)
+					put(el.getValue(), el.getKey());
+				
+				else {
+					for (String i : value) {
+						put(i, el.getKey());
+						complexeScopes.add(i);
+						
+					}					
+				}				
+			}			
+		}
+	});
+	
+	
+	
+	
+	public static AttributeScopeMapper getInstance() {
+		if (instance == null) {
+			instance = new AttributeScopeMapper();
+			
+		}
+		
+		return instance;
+	}
+	
+	/**
+	 * Map a eID4U attribute-name into a TUG Scope
+	 * 
+	 * @param eID4UAttributeName eID4U attribute-name
+	 * @return TUG Scope
+	 */	
+	public String getTUGScopesForAttribute(String eID4UAttributeName) {
+		if (eIDASToScopes.containsKey(eID4UAttributeName))
+			return eIDASToScopes.get(eID4UAttributeName);
+		
+		else {
+			Logger.info("eID4U attribute '" + eID4UAttributeName + "' CAN NOT provides from TUG");
+			return StringUtils.EMPTY;
+			
+		}
+		
+	}
+	
+	/**
+	 * Map a TUG Scope into an eID4u attribute-name
+	 * 
+	 * @param scope TUG scope
+	 * @return eID4u attribute name
+	 */
+	public String geteIDASAttrFromScope(String scope) {
+		return scopesToeIDAS.get(scope);
+		
+	}
+	
+	/**
+	 * Check if an TUG scope is part of a complex eID4u attribute
+	 * 
+	 * @param scope TUG scope
+	 * @return true if scope is part of a complex attribute, otherwise false
+	 */
+	public boolean isComplexeScope(String scope) {
+		return complexeScopes.contains(scope);
+		
+	}
+	
+	/**
+	 * Convert the TUG Attribute-provider response into a Map<attributeName, attributeValue> of eID4U attributes
+	 *  
+	 * 
+	 * @param jsonObject TUG AP response
+	 * @return Map of eID4U attributes, but never null
+	 */
+	public Map<String, Object> populateEid4uAttributesFromTugResponse(JsonObject jsonObject) {
+		Map<String, Object> result = new HashMap<String, Object>();								
+		Map<String, String> complexAttr = new HashMap<String, String>();
+					
+		Iterator<Entry<String, JsonElement>> it = jsonObject.entrySet().iterator();
+		while (it.hasNext()) {
+			Entry<String, JsonElement> el = it.next();				
+			String key = el.getKey();
+			
+			Logger.trace("Starting TUG scrope mapping for: " + key + " ... ");
+			String eIDASAttr = AttributeScopeMapper.getInstance().geteIDASAttrFromScope(key);				
+			if (StringUtils.isNotEmpty(eIDASAttr)) {
+				if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) {										
+					Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr);
+					result.put(eIDASAttr, el.getValue().getAsString());
+											
+				} else {		
+					Logger.trace("Find complex TUG scope: " + key);						
+					complexAttr.put(eIDASAttr, null);
+					
+				}	
+				
+			} else
+				Logger.info("Can NOT map TUG scope: " + key + " to any eID4U attribute");
+										
+		}
+
+		//TODO: can only Map address attributes
+		Iterator<String> complIt = complexAttr.keySet().iterator();
+		while(complIt.hasNext()) {
+			String attr = complIt.next();
+			
+			eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder address = PostalAddress.builder();
+			if (Definitions.HOMEINSTITUTIONADDRESS_NAME.equals(attr)) {
+				address.postCode(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressPostalCode).getAsString());
+				address.postName(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressCity).getAsString());
+				address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
+				address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());					
+				result.put(attr, address.build());
+									
+			} else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) {
+				address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString());
+				address.postName(jsonObject.get(AttributeScopeMapper.StudyAddressCity).getAsString());
+				address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
+				address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());					
+				result.put(attr, address.build());
+									
+			} else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) {
+				address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString());
+				address.postName(jsonObject.get(AttributeScopeMapper.PermanentAddressCity).getAsString());
+				address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
+				address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());					
+				result.put(attr, address.build());
+									
+			} else {
+				Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!");
+				
+			}
+			
+		}
+		
+		return result;
+		
+	}
+	
+	
+	private AttributeScopeMapper() {
+				
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
index f347022b8..d5b1a9e4e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.util.Collection;
+
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.Response;
 import org.w3c.dom.Document;
@@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
 	 * 
 	 */
 	@Override
-	public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException {
+	public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException {
 		try {
-			return super.unmarshallResponse(responseBytes);
+			return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
 			
 		} catch (EIDASSAMLEngineException e) {
 			if (responseBytes != null ) {
@@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
 				
 				if (startInternalMetadataRefesh(entityID)) {
 					Logger.debug("Metadata refresh success. Revalidate eIDAS Response ...");
-					return super.unmarshallResponse(responseBytes);
+					return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
 					
 				}
 				Logger.info("eIDAS metadata refresh not possible or not successful.");
@@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
 	 * 
 	 */
 	@Override
-	public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException {
+	public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException {
 		try {
-			return super.unmarshallRequest(requestBytes);
+			return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
 			
 			
 		} catch (EIDASSAMLEngineException e) {
@@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
 
 				if (startInternalMetadataRefesh(entityID)) {
 					Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ...");
-					return super.unmarshallRequest(requestBytes);
+					return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
 					
 				}
 				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index aca818532..feeff6f84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
 					AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
 					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
+							PVPConstants.SSLSOCKETFACTORYNAME,
+							basicConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 							moaAuthConfig.getTrustedCACertificates(),
 							null,
 							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
new file mode 100644
index 000000000..b7a9fcba9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
@@ -0,0 +1,32 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class eID4UAPException extends EIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	public eID4UAPException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+
+	public eID4UAPException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+		
+	}
+
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
new file mode 100644
index 000000000..a58bc4f8d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
@@ -0,0 +1,181 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.common.collect.UnmodifiableIterator;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry;
+
+@Component("CollectAddtionalAttributesTask")
+public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
+
+	@Autowired private OAuth20AuthAction openIDAuthAction; 
+	@Autowired private ITransactionStorage transactionStorage;
+	@Autowired private AuthenticationDataBuilder authDataBuilder;
+	
+	@Override
+	public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+			throws TaskExecutionException {
+		try{
+			context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false);
+			
+			if (pendingReq instanceof EIDASData) {
+				EIDASData eidasReq = (EIDASData) pendingReq;
+				Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ...");
+		
+				//select all eID4U attributes from requested attributes
+				Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder();
+				ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes();
+				for (String el : Definitions.EID4UATTRIBUTEELIST) {
+					if(reqAttrList.getAttributeValuesByNameUri(el) != null) {
+						Logger.debug("Find eID4U attr: " + el);
+						reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el));
+						
+					}
+				}
+				
+				//collect eID4U attributes, if some attributes are selected before
+				ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build();
+				if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) {
+					Logger.info("Starting eID4U attribute collection process ... ");
+				
+					//mark execution context with eID4U AP flag
+					context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true);
+					
+					//load connection parameters to TUG
+					String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID);
+					String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL);
+					String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES);
+					
+					if (MiscUtil.isEmpty(scopes)) {
+						//generate scope from attributes
+						scopes = mapReqAttributesIntoScopes(reqEid4uAttrList);
+						
+					}					
+					
+					Logger.debug("Load eID4U AP-Config:"
+							+ " EntityID: " + uniqueID
+							+ " RedirectURL:" + redirectURI
+							+ " Scopes: " + scopes);
+					
+					
+					/*
+					*build openID and set connect token
+					*/
+					
+					//generate fake OpenID_Connect request
+					OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest();
+					fakeOpenIDReq.initialize(httpReq, authConfig);
+					fakeOpenIDReq.setSPEntityId(uniqueID);
+					fakeOpenIDReq.setModule(OAuth20Protocol.NAME);
+					fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID));
+					fakeOpenIDReq.setScope("openId profile");
+										
+					//populate with SessionData
+					fakeOpenIDReq.setRawDataToTransaction(
+							pendingReq.getSessionData(AuthenticationSessionWrapper.class)
+								.getKeyValueRepresentationFromAuthSession());
+										
+					//generate authData
+					IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq);
+
+					//generate OpenIDConenct token
+					String accessToken = Random.nextHexRandom32();
+					OAuth20SessionObject o = new OAuth20SessionObject();					
+					o.setScope(fakeOpenIDReq.getScope());
+					o.setCode(accessToken);
+					Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken);
+					o.setAuthDataSession(idToken);
+					transactionStorage.put(accessToken, o, -1);
+										
+					//forward to TUG
+					httpResp.setStatus(HttpServletResponse.SC_FOUND);					
+					redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken);
+					redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes);
+					redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, 
+							pendingReq.getPendingRequestId());
+					redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI, 
+							pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN);
+															
+					final String finalUrl = redirectURI;
+					httpResp.addHeader("Location", finalUrl);
+					Logger.debug("REDIRECT TO: " + finalUrl.toString());
+					
+					//set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level
+					CookieUtils.setCookie(httpReq, httpResp, 
+							eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, 
+							pendingReq.getPendingRequestId(), -1);
+
+					//set user's bPK into pendingRequst because TUG AttributeProvider needs it
+					pendingReq.setRawDataToTransaction(
+							eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, 
+							new BPKAttributeBuilder().build(
+									fakeOpenIDReq.getServiceProviderConfiguration(), 
+									authData, 
+									new SimpleStringAttributeGenerator()));
+					requestStoreage.storePendingRequest(pendingReq);
+					
+				} else
+					Logger.debug("No eID4U attributes found. Skip eID4U attribute collection");
+				
+			} else
+				Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+			
+		} catch (Exception e) {
+			Logger.error("eID4U AttributeProvider communication FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e);
+			
+		}
+		
+	}
+
+	private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) {
+		String result = StringUtils.EMPTY;
+		UnmodifiableIterator<ImmutableAttributeEntry<?>> it = reqEid4uAttrList.entrySet().iterator();
+		while (it.hasNext()) {
+			ImmutableAttributeEntry<?> el = it.next();
+			String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute(
+								el.getKey().getNameUri().toString());
+			
+			if (result.isEmpty())
+				result = scope;
+			else
+				result += " " + scope;
+							
+		}
+		
+		return result;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 1788facf0..274a23674 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
 						
 			//validate SAML token
+			//TODO: maybe add whitelist
 			IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, 
 					request.getRemoteHost(), 
 					Constants.CONFIG_PROPS_SKEWTIME_BEFORE, 
 					Constants.CONFIG_PROPS_SKEWTIME_AFTER,
-					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA,
+					null,
+					false);
 												
 			if (samlResp.isEncrypted()) {
 				Logger.info("Received encrypted eIDAS SAML-Response.");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
new file mode 100644
index 000000000..e878f8ab1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
@@ -0,0 +1,238 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.Header;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Component("ReceiveConsentForAddtionalAttributesTask")
+public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask {
+
+	private static final int HashMap = 0;
+	@Autowired private AuthConfiguration moaAuthConfig;
+	
+	@Override
+	public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+			throws TaskExecutionException {
+		try{
+			if (pendingReq instanceof EIDASData) {
+				EIDASData eidasReq = (EIDASData) pendingReq;
+			
+				//delete eID4U http Cookie with pendingRequestId 
+				CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+				
+				String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE);	
+				if (MiscUtil.isEmpty(authCode)) {
+					Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... ");
+					throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null);
+					
+				}				
+				Logger.trace("Find OAuth2 'code' with: " + authCode);
+					
+				/*
+				 * access backend service with authCode
+				 * 
+				 */
+				String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL);
+				String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME);
+				String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD);
+				
+				if (MiscUtil.isEmpty(tokenServiceURL)) {
+					Logger.info("NO TokenService URL in configuration for eID4U AP. ");
+					throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null);
+					
+				}
+					
+				//open http client
+				SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+						moaAuthConfig,
+						tokenServiceURL);
+				CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
+						sslFactory,
+						authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+								
+				//build request URL
+				URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL);
+				uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE, 
+						authConfig.getBasicConfiguration(
+								eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE, 
+								OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE));
+				uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode);
+				Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build());
+				
+				HttpGet httpGetToken = new HttpGet(uriBuilderToken.build());
+				
+				HttpClientContext localContext = HttpClientContext.create();
+				if (MiscUtil.isNotEmpty(tokenServiceUsername)) {										
+					Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... ");
+
+					//Raw work-around, because API solution does not work well
+					String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim();
+					byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1));
+					String authHeader = "Basic " + new String(encodedAuth);
+					httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+					
+					//API solutuion
+//					HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString());					
+//					AuthCache authCache = new BasicAuthCache();
+//					authCache.put(targetHost, new BasicScheme());
+//					
+//					CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+//					credentialsProvider.setCredentials(AuthScope.ANY, 
+//							new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim()));					
+//					localContext.setCredentialsProvider(credentialsProvider);
+//					localContext.setAuthCache(authCache);
+					
+				}
+				
+				//request tokenService
+				HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext);
+
+				Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode() 
+						+ " from eID4U AP TokenService");								
+								
+				if (Logger.isTraceEnabled()) {
+					for (Header el : httpResultToken.getAllHeaders())
+						Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+				}
+
+				if (httpResultToken.getStatusLine().getStatusCode() != 200) {
+					Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode()
+							+ " eID4U AP process stopping ... ");
+					if (httpResultToken.getEntity().getContent() != null)
+						Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8"));
+					throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null);
+					
+				}
+				
+				//parse AccessToken from TokenService response
+				JsonElement fullToken = new JsonParser().parse(
+						new InputStreamReader(httpResultToken.getEntity().getContent()));
+				Logger.trace("FullToken: " + fullToken.toString());
+				String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString();
+				
+								
+				//call Attribute Provider to receice eID4U attributes from TUG
+				String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL);				
+				if (MiscUtil.isEmpty(attrProviderServiceURL)) {
+					Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. ");
+					throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null);
+					
+				}
+				
+				
+				URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL);
+				HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build());
+				
+				//encode and add token as header
+				String authHeader = "Bearer " + accessToken;
+				httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+				
+				//get and add bPK as header
+				httpGetData.setHeader(
+						"X-PVP-BPK", 
+						pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class));
+				
+				if (Logger.isTraceEnabled()) {
+					for (Header el : httpGetData.getAllHeaders())
+						Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue());
+				}
+				
+				//request Attribute Provider
+				HttpResponse httpResultData = httpClient.execute(httpGetData);
+
+				//parse response
+				Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode() 
+						+ " from eID4U Attr.Provider Service");								
+								
+				if (Logger.isTraceEnabled()) {
+					for (Header el : httpResultData.getAllHeaders())
+						Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+				}
+
+				if (httpResultData.getStatusLine().getStatusCode() != 200) {
+					Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode()
+							+ " eID4U AP process stopping ... ");
+					if (httpResultData.getEntity().getContent() != null)
+						Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8"));
+					
+					throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null);
+					
+				}
+				
+				
+				//parse eID4U attributes from Attr.Provider service response
+				JsonElement fullAttrSet = new JsonParser().parse(
+						new InputStreamReader(httpResultData.getEntity().getContent()));
+				Logger.trace("FullAttrSet: " + fullAttrSet.toString());
+				
+				//populate eID4U attributes
+				populateEid4uAttributes(fullAttrSet.getAsJsonObject());
+				
+				//store pendingRequest
+				requestStoreage.storePendingRequest(pendingReq);
+				
+													
+			} else
+				Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+			
+		} catch (Exception e) {
+			Logger.error("IdentityLink generation for foreign person FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+			
+		}
+		
+	}
+	
+	private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException {
+		try {
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+			Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject);
+			for (Entry<String, Object> el : eID4UAttributes.entrySet())
+				session.setGenericDataToSession(el.getKey(), el.getValue());
+			
+		} catch (EAAFStorageException e) {
+			Logger.warn("Can NOT inject authentication data into user object.", e);
+			throw e;
+		}
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
index bb52d2ffe..44a313885 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
@@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
 import org.opensaml.xml.signature.KeyInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import com.google.common.collect.ImmutableSortedSet;
 import com.google.common.collect.Ordering;
 
+import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions;
  *
  */
 public class NewMoaEidasMetadata {
-	private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName());
 	private final String metadata;
 	private final String entityId;
 	private static final Set<String> DEFAULT_BINDING = new HashSet() {
@@ -180,7 +178,7 @@ public class NewMoaEidasMetadata {
 						dm.setAlgorithm(digestMethod);
 						eidasExtensions.getUnknownXMLObjects().add(dm);
 					} else {
-						NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension");
+						Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension");
 					}
 				}
 			}
@@ -197,7 +195,7 @@ public class NewMoaEidasMetadata {
 					spTypeObj.setSPType(this.params.getSpType());
 					eidasExtensions.getUnknownXMLObjects().add(spTypeObj);
 				} else {
-					NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension");
+					Logger.info("BUSINESS EXCEPTION error adding SPType extension");
 				}
 			}
 			generateDigest(eidasExtensions);
@@ -212,7 +210,7 @@ public class NewMoaEidasMetadata {
 						sm.setAlgorithm(signMethod);
 						eidasExtensions.getUnknownXMLObjects().add(sm);
 					} else {
-						NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension");
+						Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension");
 					}
 				}
 			}
@@ -378,8 +376,12 @@ public class NewMoaEidasMetadata {
 	                new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural());
 	                
 	        for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) {
-	        	AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
-	        	builder.add(supAttr);
+	        	Logger.trace("Build metadata-attr: " + attr);
+	        	AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);	        	
+	        	if (supAttr == null)
+	        		Logger.warn("Suspect eIDAS attribute definition: " + attr);
+	        	else
+	        		builder.add(supAttr);
 	        }
 
 	        return builder.build();
@@ -444,11 +446,11 @@ public class NewMoaEidasMetadata {
 					url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en"));
 					organization.getURLs().add(url);
 				} catch (IllegalAccessException iae) {
-					NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
-					NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+					Logger.info("ERROR : error generating the OrganizationData: " +  iae.getMessage());
+					Logger.warn("ERROR : error generating the OrganizationData:", iae);
 				} catch (NoSuchFieldException nfe) {
-					NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
-					NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+					Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage());
+					Logger.warn("ERROR : error generating the OrganizationData:", nfe);
 				}
 			}
 			return organization;
@@ -463,11 +465,11 @@ public class NewMoaEidasMetadata {
 				else if (contactType == ContactPersonTypeEnumeration.TECHNICAL)
 					currentContact = this.params.getTechnicalContact();
 				else {
-					NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type");
+					Logger.error("ERROR: unsupported contact type");
 				}
 				contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class);
 				if (currentContact == null) {
-					NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration");
+					Logger.error("ERROR: cannot retrieve contact from the configuration");
 					return contact;
 				}
 
@@ -486,11 +488,11 @@ public class NewMoaEidasMetadata {
 
 				populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber);
 			} catch (IllegalAccessException iae) {
-				NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
-				NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+				Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage());
+				Logger.warn("ERROR : error generating the OrganizationData: ", iae);
 			} catch (NoSuchFieldException nfe) {
-				NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
-				NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+				Logger.info("ERROR : error generating the OrganizationData: " +  nfe.getMessage());
+				Logger.warn("ERROR : error generating the OrganizationData: ", nfe);
 			}
 			return contact;
 		}
@@ -546,8 +548,8 @@ public class NewMoaEidasMetadata {
 				}
 				return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false));
 			} catch (Exception ex) {
-				NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage());
-				NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex);
+				Logger.info("ERROR : SAMLException: " + ex.getMessage());
+				Logger.warn("ERROR : SAMLException ", ex);
 				throw new IllegalStateException(ex);
 			}
 		}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 6d20caa4b..b000c317e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException;
 import org.opensaml.xml.XMLConfigurator;
 
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -112,6 +113,16 @@ public class SAMLEngineUtils {
 				SAMLSchemaBuilder.addExtensionSchema(
 						at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
 				
+				//add eID4U schemes
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION);				
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION);
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION);				
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION);
+				
 				eIDASEngine = engine;
 				
 			} catch (EIDASSAMLEngineException | ConfigurationException e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 200215308..d2323d161 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
 import at.gv.egovernment.moa.logging.Logger;
@@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
  *
  */
 public class eIDASAttributeBuilder extends PVPAttributeBuilder {		
-	private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+	private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator();
 	 
 	private static List<String> listOfSupportedeIDASAttributes;
 	private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = 
@@ -105,7 +106,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
 	 * @param authData Authentication data that contains user information for attribute generation
 	 * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES
 	 */
-	public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
+	public static Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
 			IAuthData authData) {
 		
 		String attrName = attr.getNameUri().toString();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index d268dd2f6..7c9e66ba0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -203,7 +203,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			//*****  validate eIDAS request  *********
 			//****************************************			
 			//validate SAML token
-			IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
+			//TODO: maybe add whitelist feature
+			IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode, null, false);
 
 			//validate internal JAVA class type
 			if (!(samlReq instanceof IEidasAuthenticationRequest)) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
index 1ac4560b0..d9232a2f3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
@@ -28,7 +28,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
  * @author tlenz
  *
  */
-@Deprecated
+
+
 @eIDASMetadata
 public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 66359e240..e10f42b37 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -35,7 +35,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-@Deprecated
 @eIDASMetadata
 public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
index 638b01bb1..cea28662e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
@@ -28,7 +28,10 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
  * @author tlenz
  *
  */
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
 public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index fd245c3eb..7c527ff67 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -35,7 +35,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
 public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index f7e135bae..14ba239a1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -61,7 +61,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat
 			throws AttributeBuilderException {	
 		
 		try {
-			Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData);
+			Pair<String, String> calcResult = getBpkForSp(oaParam, authData);
 			if (calcResult != null) {
 				String personalID = calcResult.getFirst();
 				String type = calcResult.getSecond();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
index db072203d..9321182da 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
@@ -1,5 +1,8 @@
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
+import java.lang.annotation.Retention;
+
+@Retention(java.lang.annotation.RetentionPolicy.RUNTIME) 
 public @interface eIDASMetadata {
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
new file mode 100644
index 000000000..2f066bc6b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CititzenshipAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.CITIZENSHIP_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
new file mode 100644
index 000000000..8ef79b774
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CountryOfBirthAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.COUNTRYOFBIRTH_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
new file mode 100644
index 000000000..7b4c16a5a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentDegreeAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.CURRENTDEGREE_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
new file mode 100644
index 000000000..5210676c2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.CURRENTLEVELOFSTUDY_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
new file mode 100644
index 000000000..4b8e6ec29
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentPhotoAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object docObj= authData.getGenericData(getName(), Object.class);
+		
+		if (docObj instanceof Document) {
+			return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), ((Document)docObj).toString());
+			
+			
+		} else if (docObj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)docObj))
+				return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), (String)docObj);
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.CURRENTPHOTO_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
new file mode 100644
index 000000000..4f0a0d2fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.DEGREE_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.DEGREE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.DEGREE_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
new file mode 100644
index 000000000..8b480914b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAwardingInstituteAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.DEGREEAWARDINGINSTITUTION_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
new file mode 100644
index 000000000..b3b58c9da
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeCountryAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.DEGREECOUNTRY_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
new file mode 100644
index 000000000..f37b8ea65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EHICIDAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.EHICID_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.EHICID_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.EHICID_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
new file mode 100644
index 000000000..c1dba7eff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EMailAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.EMAIL_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.EMAIL_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.EMAIL_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
new file mode 100644
index 000000000..ba486079e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class FieldOfStudyAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.FIELDOFSTUDY_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
new file mode 100644
index 000000000..cf1bc4b07
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class GraduationYearAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.GRADUATIONYEAR_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
new file mode 100644
index 000000000..73ab6fdda
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class HomeInstituteAddressAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object obj= authData.getGenericData(getName(), Object.class);
+		
+		if (obj instanceof PostalAddress) {
+			try {
+				return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), 
+					new CurrentAddressAttributeValueMarshaller().marshal(
+							new PostalAddressAttributeValue((PostalAddress) obj)));
+							
+			} catch (AttributeValueMarshallingException e) {
+				Logger.warn("Can NOT build attribute: " + getName(), e);
+				
+			}
+						
+		} else if (obj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)obj)) {
+				try {
+					return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), 
+							Base64Utils.encode(((String) obj).getBytes()));
+					
+				} catch (IOException e) {
+					Logger.warn("Can NOT build attribute: " + getName(), e);
+					
+				}
+				
+			}
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.HOMEINSTITUTIONADDRESS_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
new file mode 100644
index 000000000..4b80b53ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteCountryAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.HOMEINSTITUTIONCOUNTRY_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
new file mode 100644
index 000000000..e8c7a9169
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteIdentifierAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.HOMEINSTITUTIONIDENTIFIER_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
new file mode 100644
index 000000000..1f72b9a37
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteNameAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.HOMEINSTITUTIONNAME_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
new file mode 100644
index 000000000..1983c10d1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdExpireddateAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object dateObj= authData.getGenericData(getName(), Object.class);
+		
+		if (dateObj instanceof Date) {
+			DateFormat pvpDateFormat = new SimpleDateFormat(Definitions.DATE_FORMAT_PATTERN);
+			String dateString = pvpDateFormat.format(dateObj);
+			return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), dateString);
+			
+		} else if (dateObj instanceof String) {
+			return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), (String) dateObj);
+				
+		} else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.IDEXPIREDATE_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
new file mode 100644
index 000000000..7b04069e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdIssuerAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.IDISSUER_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
new file mode 100644
index 000000000..956caab68
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdNumberAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.IDNUMBER_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
new file mode 100644
index 000000000..e2aff59e9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.IdType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdTypeAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object idTypeObj= authData.getGenericData(getName(), Object.class);
+		
+		if (idTypeObj instanceof IdType)
+			return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), ((IdType)idTypeObj).getValue());
+		
+		else if (idTypeObj instanceof String) {
+			String idType = (String)idTypeObj;
+			if (StringUtils.isNotEmpty(idType))
+				return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), idType);
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.IDTYPE_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
new file mode 100644
index 000000000..4c88a54c1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageCertificatesAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object certObj= authData.getGenericData(getName(), Object.class);
+		
+		if (certObj instanceof CertificatesType) {
+			return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), ((CertificatesType)certObj).toString());
+			
+			
+		} else if (certObj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)certObj))
+			return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), (String) certObj);
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.LANGUAGECERTIFICATES_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
new file mode 100644
index 000000000..b3c30a8a2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.LanguageLevelType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageProficiencyAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object certObj= authData.getGenericData(getName(), Object.class);
+		
+		if (certObj instanceof LanguageLevelType) {
+			return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), ((LanguageLevelType)certObj).toString());
+			
+			
+		} else if (certObj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)certObj))
+				
+			return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), (String) certObj);
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.LANGUAGEPROFICIENCY_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
new file mode 100644
index 000000000..98410a606
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.MaritalState;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class MaritalstateAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+			
+		Object valueObj = authData.getGenericData(getName(), Object.class);
+		
+		if (valueObj instanceof MaritalState) 
+			return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), ((MaritalState)valueObj).getValue());
+		
+		else if (valueObj instanceof String) {
+			String value = (String)valueObj;
+			if (StringUtils.isNotEmpty(value));
+				return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), value);
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.EHICID_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
new file mode 100644
index 000000000..724b2494e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class NationalityAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.NATIONALITY_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
new file mode 100644
index 000000000..51e78bac2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class PhoneAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.PHONE_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.PHONE_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.PHONE_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
new file mode 100644
index 000000000..9888ce3c0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class TaxIdentificationNumberAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		String idType= authData.getGenericData(getName(), String.class);
+		if (StringUtils.isNotEmpty(idType))
+			return g.buildStringAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName(), idType);
+		
+		else
+			throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.TAXIDENTIFICATIONNUMBER_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
new file mode 100644
index 000000000..9a57750cf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class TemporaryAddressAttrBuilder implements IeIDASAttribute {
+
+	@Override
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
+		
+		Object obj= authData.getGenericData(getName(), Object.class);
+		
+		if (obj instanceof PostalAddress) {			
+			try {
+				return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), 
+						new CurrentAddressAttributeValueMarshaller().marshal(
+								new PostalAddressAttributeValue((PostalAddress) obj)));
+								
+			} catch (AttributeValueMarshallingException e) {
+				Logger.warn("Can NOT build attribute: " + getName(), e);
+				
+			}
+
+		} else if (obj instanceof String) {		
+			if (StringUtils.isNotEmpty((String)obj))
+				try {
+					return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), 
+							Base64Utils.encode(((String) obj).getBytes()));
+					
+				} catch (IOException e) {
+					Logger.warn("Can NOT build attribute: " + getName(), e);
+					
+				}
+		
+		}
+		
+		throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+		
+	}
+
+	@Override
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName());
+	}
+
+	@Override
+	public String getName() {
+		return Definitions.TEMPORARYADDRESS_NAME;
+		
+	}
+
+}
+ 
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index f6a67db9d..b42d3273f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -87,7 +87,9 @@ public class eIDASAuthenticationRequest implements IAction {
 		else
 			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
 		
-				
+		
+		ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+		
 		String subjectNameID = null;
 				
 		//gather attributes
@@ -129,6 +131,21 @@ public class eIDASAuthenticationRequest implements IAction {
 			Logger.trace("eIDAS requsted attr. update process finished");
 			
 		}
+
+		
+		
+		//TODO: eID4U testcode
+		//**************************************************************************
+//		Builder reqAttrWitheID4U = ImmutableAttributeMap.builder(reqAttributeList);
+//		AttributeDefinition<?> attrDef = 
+//				engine.getProtocolProcessor().getAttributeDefinitionNullable(
+//						Definitions.IDTYPE_NAME);
+//		reqAttrWitheID4U.put(AttributeDefinition.builder(attrDef).required(false).build());
+//		
+//		reqAttributeList = reqAttrWitheID4U.build();
+		
+		//**************************************************************************
+		
 		
 		Logger.trace("Starting eIDAS response generation ....");
 		
@@ -164,9 +181,7 @@ public class eIDASAuthenticationRequest implements IAction {
 		
 		String token = null;
 		IResponseMessage eIDASRespMsg = null;
-		try {
-			ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-			
+		try {			
 			// encryption is done by the SamlEngine, i.e. by the module we provide in the config
 			// but we need to set the appropriate request issuer
 			//engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
@@ -247,16 +262,18 @@ public class eIDASAuthenticationRequest implements IAction {
 	}
 
 	private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException {
-		Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
+		Pair<?, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
 				attr, req.getServiceProviderConfiguration(), authData);
 					
 		if(eIDASAttr == null) {				
 			if (attr.isRequired()) {
 				Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available.");
-				throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
+				
+				//TODO!!!!!!!
+				//throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
 									
 			} else
-				Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");	
+				Logger.debug("eIDAS Attr:" + attr.getNameUri() + " is not available.");	
 			
 		} else {
 			//add attribute to Map
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 3c11c725d..3a05c47ac 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,7 +1,8 @@
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
@@ -9,3 +10,30 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentat
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
index ad87adb6a..2a147e18c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
@@ -2,9 +2,38 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
 at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
\ No newline at end of file
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
new file mode 100644
index 000000000..4ab49641f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+	<pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+	<pd:Task id="createIdentityLinkForm"    class="CreateIdentityLinkFormTask" />
+	<pd:Task id="verifyIdentityLink"        class="VerifyIdentityLinkTask"        async="true" />
+	<pd:Task id="verifyAuthBlock"           class="VerifyAuthenticationBlockTask" async="true" />
+	<pd:Task id="verifyCertificate"         class="VerifyCertificateTask"         async="true" />
+	<pd:Task id="getMISMandate"           	class="GetMISSessionIDTask"           async="true" />
+	<pd:Task id="certificateReadRequest"    class="CertificateReadRequestTask" />
+	<pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+	<pd:Task id="prepareGetMISMandate" 		class="PrepareGetMISMandateTask" />
+	<pd:Task id="finalizeAuthentication" 	class="FinalizeAuthenticationTask" />
+	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />	
+	<pd:Task id="userRestrictionTask" 		class="UserRestrictionTask" />
+	<pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/>
+
+	<!-- eID4U extensions -->
+	<pd:Task id="collectAddtionalAttributesTask" 		class="CollectAddtionalAttributesTask" async="true"/>
+	<pd:Task id="receiveConsentForAddtionalAttributesTask" 		class="ReceiveConsentForAddtionalAttributesTask" async="true"/>
+
+
+
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start"                     to="initializeBKUAuthentication" />
+	
+	<pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+	
+	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />
+	
+	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"        to="prepareAuthBlockSignature" />
+	
+	<pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+	<!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+	
+	<pd:Transition from="certificateReadRequest"    to="verifyCertificate" />
+	<!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+	
+	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyCertificate"         to="getForeignID" />
+	
+	<pd:Transition from="verifyAuthBlock"           to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyAuthBlock"           to="userRestrictionTask" />
+	
+	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />
+		
+	<pd:Transition from="getMISMandate"           	to="userRestrictionTask" />
+	<pd:Transition from="getForeignID"              to="userRestrictionTask" />
+	
+	
+	<pd:Transition from="userRestrictionTask"           to="genericFrontChannelRedirectTask" />
+	
+	<!-- eID4U tasks for attribute collection -->	
+	<pd:Transition from="genericFrontChannelRedirectTask"           to="collectAddtionalAttributesTask" />
+	
+	<pd:Transition from="collectAddtionalAttributesTask"           	to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" />
+	<pd:Transition from="collectAddtionalAttributesTask"           	to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" />
+	
+	<pd:Transition from="receiveConsentForAddtionalAttributesTask"  to="finalizeAuthentication" />
+	
+	
+	<pd:Transition from="finalizeAuthentication"    to="end" />
+		
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index 20395f210..da4a2a95b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -9,9 +9,17 @@
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
  
+ 	<bean id="eID4UAuthProcessImpl"
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.AustrianAuthWitheID4UAuthenticationModulImpl">
+		<property name="priority" value="1" />
+	</bean>
+ 
 	<bean id="eIDASSignalServlet"
 				class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/>
 
+	<bean id="eID4UAPSignalServlet"
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.eID4UAPSignalServlet"/>
+
 	<bean id="EIDASProtocol"
 				class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
 				
@@ -30,5 +38,14 @@
 	<bean id="CreateIdentityLinkTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask"
 				scope="prototype"/>
+				
+	<bean id="CollectAddtionalAttributesTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CollectAddtionalAttributesTask"
+				scope="prototype"/>
+	
+	<bean id="ReceiveConsentForAddtionalAttributesTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveConsentForAddtionalAttributesTask"
+				scope="prototype"/>			
+				
 																						
 </beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
new file mode 100644
index 000000000..6a8a28dd4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
@@ -0,0 +1,27 @@
+ANY@tugraz.idm.attr.Citizenship=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Citizenship
+ANY@tugraz.idm.attr.CityOfBirth=http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth
+ANY@tugraz.idm.attr.CountryOfBirth=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/CountryOfBirth
+ANY@tugraz.idm.attr.CurrentDegreeName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentDegree
+ANY@tugraz.idm.attr.CurrentFieldOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/FieldOfStudy
+ANY@tugraz.idm.attr.CurrentLevelOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentLevelOfStudy
+ANY@tugraz.idm.attr.EmailStud=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Email
+ANY@tugraz.idm.attr.Gender=http://eidas.europa.eu/attributes/naturalperson/Gender
+ANY@tugraz.idm.attr.HomeInstitutionName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Name
+ANY@tugraz.idm.attr.HomeInstitutionCountry=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Country
+
+
+ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomrInstitutionAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+
+
+ANY@tugraz.idm.attr.PermanentAddressCity=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressCountryCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressPostalCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressStreet=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+
+ANY@tugraz.idm.attr.StudyAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
new file mode 100644
index 000000000..0daa90b40
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
@@ -0,0 +1,253 @@
+package test.at.gv.egovernment.moa.id.modules.eidas.eid4u;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Base64;
+import java.util.Map;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+
+public class AttributeScopeMapperTest {
+	
+	private static final String TUG_AP_RESPONSE_B64 = "ewogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Db3VudHJ5T2ZCaXJ0aCI6IiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnREZWdyZWVOYW1lIjoiRHIudGVjaG4uIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuQ3VycmVudEZpZWxkT2ZTdHVkeSI6IjA2ODg7OTk5OSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnRMZXZlbE9mU3R1ZHkiOiI4IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuRW1haWxTdHVkIjoidC5rZXJuQHN0dWRlbnQudHVncmF6LmF0IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuSG9tZUluc3RpdHV0aW9uQWRkcmVzc0NvdW50cnlDb2RlIjoiQVQiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzUG9zdGFsQ29kZSI6IjgwMTAiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzU3RyZWV0IjoiUmVjaGJhdWVyc3RyYcOfZSAxMiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkNvdW50cnkiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbk5hbWUiOiJHcmF6IFVuaXZlcnNpdHkgT2YgVGVjaG5vbG9neSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkFkZHJlc3NDaXR5IjoiR3JheiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc0NpdHkiOiJGcm9obmxlaXRlbiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1Bvc3RhbENvZGUiOiI4MTMwIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuU3R1ZHlBZGRyZXNzQ291bnRyeUNvZGUiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1N0cmVldCI6IkvDvGhhdSAyMiIKfQ==";
+	
+	private AttributeScopeMapper mapper = null;
+	
+	@Test
+	public void dummyTest() throws Exception {
+		
+		
+	}
+
+	@Test
+	public void checkTugApResponseMapping() throws JsonParseException, UnsupportedEncodingException {
+		JsonElement fullAttrSet = new JsonParser().parse(new String(
+				Base64.getDecoder().decode(TUG_AP_RESPONSE_B64.getBytes()), "UTF-8"));
+		
+		Map<String, Object> result = getMapper().populateEid4uAttributesFromTugResponse(fullAttrSet.getAsJsonObject());
+		
+		Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty());
+		
+		Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME));
+		Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME));
+				
+		Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME));
+		Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.FIELDOFSTUDY_NAME));
+		Assert.assertEquals("0688;9999", result.get(Definitions.FIELDOFSTUDY_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.CURRENTLEVELOFSTUDY_NAME));
+		Assert.assertEquals("8", result.get(Definitions.CURRENTLEVELOFSTUDY_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.EMAIL_NAME));
+		Assert.assertEquals("t.kern@student.tugraz.at", result.get(Definitions.EMAIL_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONNAME_NAME));
+		Assert.assertEquals("Graz University Of Technology", result.get(Definitions.HOMEINSTITUTIONNAME_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONCOUNTRY_NAME));
+		Assert.assertEquals("AT", result.get(Definitions.HOMEINSTITUTIONCOUNTRY_NAME));
+		
+		Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONADDRESS_NAME));
+		checkComplexeAddress(
+				result.get(Definitions.HOMEINSTITUTIONADDRESS_NAME),
+				"AT",
+				"8010",
+				"Rechbauerstraße 12",
+				"Graz");
+				
+		Assert.assertTrue(result.containsKey(Definitions.TEMPORARYADDRESS_NAME));
+		checkComplexeAddress(
+				result.get(Definitions.TEMPORARYADDRESS_NAME),
+				"AT",
+				"8130",
+				"Kühau 22",
+				"Frohnleiten");
+				
+	}
+	
+	private void checkComplexeAddress(Object toCheck, String cc, String postalCode, String Street, String city) {
+		Assert.assertNotNull(toCheck);
+		Assert.assertTrue(toCheck instanceof PostalAddress);
+		
+		PostalAddress addr = (PostalAddress)toCheck;
+		Assert.assertEquals(postalCode, addr.getPostCode());
+		Assert.assertEquals(Street, addr.getCvAddressArea());
+		Assert.assertEquals(Street, addr.getThoroughfare());
+		Assert.assertEquals(city, addr.getPostName());
+		
+	}
+	
+	@Test
+	public void checkCitizenship() throws Exception {
+		checkBasicMappingInitialization(Definitions.CITIZENSHIP_NAME, AttributeScopeMapper.Citizenship, false);
+		
+	}
+	
+	@Test
+	public void checkCityOfBirth() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), AttributeScopeMapper.CityOfBirth, false);
+			
+	}
+	
+	@Test
+	public void checkCountryOfBirth() throws Exception {
+		checkBasicMappingInitialization(Definitions.COUNTRYOFBIRTH_NAME, AttributeScopeMapper.CountryOfBirth, false);
+			
+	}
+	
+	@Test
+	public void checkCurrentDegreeName() throws Exception {
+		checkBasicMappingInitialization(Definitions.CURRENTDEGREE_NAME, AttributeScopeMapper.CurrentDegreeName, false);
+		
+	}
+	
+	@Test
+	public void checkCurrentFieldOfStudy() throws Exception {
+		checkBasicMappingInitialization(Definitions.FIELDOFSTUDY_NAME, AttributeScopeMapper.CurrentFieldOfStudy, false);
+	}
+	
+	@Test
+	public void checkCurrentLevelOfStudy() throws Exception {
+		checkBasicMappingInitialization(Definitions.CURRENTLEVELOFSTUDY_NAME, AttributeScopeMapper.CurrentLevelOfStudy, false);
+		
+	}
+	
+	@Test
+	public void checkEmailStud() throws Exception {
+		checkBasicMappingInitialization(Definitions.EMAIL_NAME, AttributeScopeMapper.EmailStud, false);
+		
+	}
+	
+	@Test
+	public void checkGender() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), AttributeScopeMapper.Gender, false);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionName() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONNAME_NAME, AttributeScopeMapper.HomeInstitutionName, false);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionCountry() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, AttributeScopeMapper.HomeInstitutionCountry, false);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionAddressCountryCode() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCountryCode, true);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionAddressPostalCode() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressPostalCode, true);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionAddressStreet() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressStreet, true);
+		
+	}
+	
+	@Test
+	public void checkHomeInstitutionAddressCity() throws Exception {
+		checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCity, true);
+		
+	}
+	
+	@Test
+	public void checkPermanentAddressCity() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCity, true);
+		
+	}
+	
+	@Test
+	public void checkPermanentAddressCountryCode() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCountryCode, true);
+		
+	}
+	
+	@Test
+	public void checkPermanentAddressPostalCode() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressPostalCode, true);
+		
+	}
+	
+	@Test
+	public void checkPermanentAddressStreet() throws Exception {
+		checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressStreet, true);
+		
+	}
+	
+	@Test
+	public void checkStudyAddressCity() throws Exception {
+		checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCity, true);
+		
+	}
+	
+	@Test
+	public void checkStudyAddressCountryCode() throws Exception {
+		checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCountryCode, true);
+		
+	}
+	
+	@Test
+	public void checkStudyAddressPostalCode() throws Exception {
+		checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressPostalCode, true);
+		
+	}
+	
+	@Test
+	public void checkStudyAddressStreet() throws Exception {
+		checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressStreet, true);
+		
+	}
+	
+	private void checkBasicMappingInitialization(String eid4Uattr, String scope, boolean isComplexe) {
+		Assert.assertTrue((getMapper().isComplexeScope(scope) == isComplexe));
+
+		String eid4UattrRes = getMapper().geteIDASAttrFromScope(scope);
+		Assert.assertEquals(eid4Uattr, eid4UattrRes);
+
+		String scopeRes = getMapper().getTUGScopesForAttribute(eid4Uattr);
+		if (isComplexe) {
+			Assert.assertNotNull(scopeRes);
+			Assert.assertTrue(scopeRes.contains(scope));
+			
+		} else		
+			Assert.assertEquals(scope, scopeRes);
+		
+	}
+	
+	private void checkAddress() {
+		
+		
+	}
+	
+	private AttributeScopeMapper getMapper() {
+		if (mapper == null)
+			mapper = AttributeScopeMapper.getInstance();
+		
+		return mapper;
+	}
+	
+	
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml
new file mode 100644
index 000000000..7af79d60c
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+															
+</beans>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index e8cfae10a..7bb98c719 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -322,7 +322,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
 			try {
 				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-						PVPConstants.SSLSOCKETFACTORYNAME, 
+						PVPConstants.SSLSOCKETFACTORYNAME,
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 						moaAuthConfig.getTrustedCACertificates(),
 						null,
 						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
index b0736ff2e..cc987bfe7 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -56,7 +56,8 @@ public final class OAuth20Constants {
 	public static final String PARAM_SCOPE = "scope";
 	public static final String PARAM_MOA_MOD = "mod";
 	public static final String PARAM_MOA_ACTION = "action";
-
+	public static final String PARAM_OPENID_CODE = "openid_code";
+	
 	
 	// reponse parameters
 	public static final String RESPONSE_CODE = "code";
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 19fdb3fee..9779b0cf4 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -44,16 +44,20 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
@@ -95,8 +99,9 @@ public final class OAuth20AttributeBuilder {
 	private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>();
 	private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>();
 	private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>();
-	private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
-	private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+	private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();		
+	@Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+	
 	static {
 		// openId
 		buildersOpenId.add(new OpenIdIssuerAttribute());
@@ -120,11 +125,14 @@ public final class OAuth20AttributeBuilder {
 		buildersEID.add(new EIDAuthBlock());
 		buildersEID.add(new EIDSignerCertificate());
 		buildersEID.add(new BPKAttributeBuilder());
+		buildersEID.add(new BPKListAttributeBuilder());
+		buildersEID.add(new EncryptedBPKAttributeBuilder());
 		
 		// eID_gov
 		buildersEIDGov.add(new EIDSourcePIN());
 		buildersEIDGov.add(new EIDSourcePINType());
 		buildersEIDGov.add(new EIDIdentityLinkBuilder());
+		buildersEIDGov.add(new BPKListAttributeBuilder());
 		
 		// mandate
 		buildersMandate.add(new MandateTypeAttributeBuilder());
@@ -133,6 +141,8 @@ public final class OAuth20AttributeBuilder {
 		buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder());
+		buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder());
+		buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b00675e7c..3b300c824 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("OAuth20AuthAction")
-class OAuth20AuthAction implements IAction {
+public class OAuth20AuthAction implements IAction {
 	
 	@Autowired protected IRevisionLogger revisionsLogger;
 	@Autowired protected ITransactionStorage transactionStorage;
@@ -131,7 +131,7 @@ class OAuth20AuthAction implements IAction {
 		
 	}
 	
-	private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, 
+	public Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, 
 			OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
 		
 		// create response
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 0350a113c..4dc99262e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -24,19 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
 import at.gv.egovernment.moa.logging.Logger;
@@ -160,7 +161,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	}
 
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oAuthConfig) throws OAuth20Exception {
 		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
 		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
 		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
@@ -178,25 +179,23 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
 		}
 		
-		// check if client id and redirect uri are ok
-		try {
-			// OAOAUTH20 cannot be null at this point. check was done in base request
-			ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-			
-			
-			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
-					|| !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			this.setOnlineApplicationConfiguration(oAuthConfig);
-			Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+		// OAOAUTH20 cannot be null at this point. check was done in base request			
+		if (StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
+				|| StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+				|| StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+			throw new OAuth20OANotSupportedException();
 			
+		}
+					
+		if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+				|| !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+			throw new OAuth20AccessDeniedException();
 			
-		} catch (EAAFConfigurationException e) {
-			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
+		this.setOnlineApplicationConfiguration(oAuthConfig);
+		Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+		
 	}
 
 //	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 118de861c..9cceea7d5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -35,10 +35,8 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -77,21 +75,17 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 			}
 			
-			if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
-					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
-					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
-				throw new OAuth20OANotSupportedException();
-			}
+			// oAuth
+			this.populateSpecialParameters(request, authConfig, oaParam);
+			
+			// cleanup parameters
+			this.checkAllowedParameters(request);
+			
 		}
 		catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
-		
-		// oAuth
-		this.populateSpecialParameters(request, authConfig);
-		
-		// cleanup parameters
-		this.checkAllowedParameters(request);
+				
 	}
 	
 	private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException {
@@ -112,6 +106,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		
 	}
 	
-	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
+	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception;
 	
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 9f4174bf0..0952ba0a6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -21,10 +22,12 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
@@ -47,7 +50,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
 					PVPConstants.BPK_NAME
 			});
-		
+
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+	
 	public String getName() { 
 		return NAME;
 	}
@@ -68,12 +73,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//OpenID Connect auth request
 	@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
-	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-//			Logger.info("OpenID-Connect is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//			
-//		}
+	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException {
+		if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+			Logger.info("OpenID-Connect is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
+		}
 		
 		OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class);
 		try {			
@@ -102,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//openID Connect tokken request
 	@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
-	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-//			Logger.info("OpenID-Connect is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//			
-//		}
+	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException {
+		if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+			Logger.info("OpenID-Connect is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
+		}
 		
 		OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class);
 		try {			
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 89e4252b1..9a3613ea1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -24,20 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Component("OAuth20TokenRequest")
@@ -125,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 	}
 	
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception {
 		this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
 		this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
 		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
@@ -136,26 +136,21 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 			throw new OAuth20InvalidGrantException();
 		}
 		
-		// check if client id and secret are ok
-		try {
-			// OAOAUTH20 cannot be null at this point. check was done in base request
-			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-			
-			if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			this.setOnlineApplicationConfiguration(oaParam);
-			
+		// OAOAUTH20 cannot be null at this point. check was done in base request		
+		if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
+				|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)))
+			throw new OAuth20OANotSupportedException();
+									
+		if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
+			throw new OAuth20AccessDeniedException();
 		}
-		catch (EAAFConfigurationException e) {
-			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+		
+		if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
+			throw new OAuth20AccessDeniedException();
 		}
 		
+		this.setOnlineApplicationConfiguration(oaParam);
+		
 		Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID);
 		
 		//add valid parameters
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
index 87e9e933d..a8c4a941e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -55,6 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController {
 							}, 
 					method = {RequestMethod.POST, RequestMethod.GET})
 	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... ");		
 		signalProcessManagement(req, resp);
 	}
 	
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 6811d1016..0c97641c7 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -77,15 +77,20 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 				//validate eID data			
 				QualifiedeIDVerifier.verifyIdentityLink(idl, 
 						pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), 
-						(AuthConfiguration) authConfig);
+						(AuthConfiguration) authConfig);				
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
 				
+				
+				//validate AuthBlock
 				authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(
 							authBlockB64, 
 							pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), 
 							(AuthConfiguration) authConfig);
-				
+
 				QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult);
-			
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+								
+
 				//TODO: add LoA verification
 				
 			} catch (MOAIDException e) {
@@ -97,24 +102,21 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 					throw e;
 				
 			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
-			
-			
-			
+						
 			//add into session
 			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			moasession.setIdentityLink(idl);
 			moasession.setBkuURL(ccsURL);
-			//TODO: from AuthBlock
-			if (authBlockVerificationResult != null)
+			moasession.setQAALevel(LoA);
+			
+			if (authBlockVerificationResult != null) {
 				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime()));
-			else
+				moasession.setSignerCertificate(authBlockVerificationResult.getX509certificate());
+			
+			} else
 				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
 			
-			moasession.setQAALevel(LoA);
-
+			
 			//store pending request
 			requestStoreage.storePendingRequest(pendingReq);
 						
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
index 69e3e7995..0d6086118 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
@@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters {
 		return false;
 	}
 
+	@Override
+	public List<String> additionalbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 044366eb6..e7280f847 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -197,7 +198,7 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
 	 * @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList()
 	 */
 	@Override
-	public List<String> getEncbPKList() {
+	public List<Pair<String, String>> getEncbPKList() {
 		// TODO Auto-generated method stub
 		return null;
 	}
@@ -374,5 +375,23 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
 		return false;
 	}
 
+	@Override
+	public List<Pair<String, String>> getAdditionalbPKs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isIseIDNewDemoMode() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index c9bccb708..9e7a4fe8c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return null;
 	}
 
+	@Override
+	public List<String> additionalbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 }
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 8b232cf29..3a401d80e 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -38,10 +38,10 @@
   
   	<!-- Only for development to use SAML1 protocol
   			 SAML1 is removed from official OPB release -->
-  	<dependency>
+<!--   	<dependency>
   		<groupId>MOA.id.server.modules</groupId>
   		<artifactId>moa-id-module-eIDAS</artifactId>
-  	</dependency>
+  	</dependency> -->
   
 <!--     <dependency>
 			<groupId>MOA</groupId>
@@ -62,10 +62,10 @@
   		 <artifactId>moa-id-modul-citizencard_authentication</artifactId>
   	</dependency>
   	
-  	<dependency>
+<!--   	<dependency>
   		 <groupId>MOA.id.server.modules</groupId>
   		 <artifactId>moa-id-module-eIDAS</artifactId>
-  	</dependency>
+  	</dependency> -->
   	
   	    <dependency>
             <groupId>junit</groupId>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index c8f01f67d..64a4bae63 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
@@ -71,7 +72,13 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -338,7 +345,92 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
 				
 			}
-									
+			
+			//add additional bPKs and foreign bPKs in case of Austrian eID demo-mode
+			if (Boolean.parseBoolean(
+					oaParam.getConfigurationValue(
+							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
+							String.valueOf(false)))) {
+				Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... ");
+				
+				if (oaAttributes == null)
+					oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
+
+				try {
+					String additionalBpks = new BPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(additionalBpks)) {
+						Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				try {
+					String encryptedBpks = new EncryptedBPKAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(encryptedBpks)) {
+						Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				//for mandates
+				try {
+					String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(additionalMandatorBpks)) {
+						Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				try {
+					String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) {
+						Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
+					
+				}
+								
+			}
+						
 			String samlAssertion = null;
 			//add mandate info's
 			if (authData.isUseMandate()) {								
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 30d740a2a..20c66d7a2 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -41,11 +41,13 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -90,6 +92,8 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 					PVPConstants.EID_SOURCE_PIN_TYPE_NAME
 			});
 	
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+	
 	public String getName() {
 		return NAME;
 	}
@@ -102,11 +106,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 	
 	@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
 	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {		
-//		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
-//			Logger.info("SAML1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
-//			
-//		}
+		if (!moaAuthConfig.getAllowedProtocols().isSAML1Active()) {
+			Logger.info("SAML1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
+			
+		}
 		
 		SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class);
 		pendingReq.initialize(req, authConfig);
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index 06c9a341a..a86090178 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -65,4 +65,4 @@
 		</dependency>
 	</dependencies>
 	
-</project>
\ No newline at end of file
+</project>
diff --git a/pom.xml b/pom.xml
index a37fa5505..a3812b278 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,35 +12,37 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		
 			<!-- Project Version -->			
-			<moa-id-version>3.4.1</moa-id-version>
+			<moa-id-version>3.4.2</moa-id-version>
 			
-			<moa-id-version-final>3.4.1</moa-id-version-final>			
-			<moa-id-version-edu>3.4.1</moa-id-version-edu>			
+			<moa-id-version-final>3.4.2</moa-id-version-final>			
+			<moa-id-version-edu>3.4.2</moa-id-version-edu>			
 			
 			<moa-id-proxy-version>2.0.1</moa-id-proxy-version>
 			
-			<configtool-version>2.5.1</configtool-version>
+			<configtool-version>2.5.2</configtool-version>
 			<demo-oa-version>2.0.6</demo-oa-version>
 			
 			<moa-id-module-elga_mandate_client>1.3.2</moa-id-module-elga_mandate_client>
 
 			<!-- =================================================================================== -->
-			<egiz.eaaf.version>1.0.1</egiz.eaaf.version>							
-			<org.springframework.version>4.3.18.RELEASE</org.springframework.version>
-			<org.springframework.data.spring-data-jpa>1.11.13.RELEASE</org.springframework.data.spring-data-jpa>
+			<egiz.eaaf.version>1.0.5</egiz.eaaf.version>							
+			<org.springframework.version>5.1.5.RELEASE</org.springframework.version>
+			<org.springframework.data.spring-data-jpa>2.1.5.RELEASE</org.springframework.data.spring-data-jpa>
+			<org.springframework.data.spring-data-redis>2.1.5.RELEASE</org.springframework.data.spring-data-redis>
 			<surefire.version>2.22.0</surefire.version>		
 			
 			<jaxb.version>2.3.0</jaxb.version>
+			<guava.version>27.0-jre</guava.version>
 			
 			<opensaml.version>2.6.6</opensaml.version> <!-- update to v3 (v2 is end-of-life in june 2016)-->
 			<xmltooling.version>1.4.6</xmltooling.version>
-			<xmlsec.version>2.1.0</xmlsec.version>
+			<xmlsec.version>2.1.2</xmlsec.version>
 			
-			<hibernate.version>5.2.17.Final</hibernate.version>
-			<org.apache.commons.commons.dbcp2>2.4.0</org.apache.commons.commons.dbcp2> 
+			<hibernate.version>5.3.6.Final</hibernate.version>
+			<org.apache.commons.commons.dbcp2>2.5.0</org.apache.commons.commons.dbcp2> 
 						
-			<cxf.version>3.2.5</cxf.version>			
-			<struts.version>2.5.17</struts.version> <!-- 2.5.10.1 -->
+			<cxf.version>3.2.6</cxf.version>			
+			<struts.version>2.5.18</struts.version> <!-- 2.5.10.1 -->
 			
 			<egovutils.version>2.0.0</egovutils.version>
 			
@@ -50,7 +52,7 @@
 			<httpcore.version>4.4.10</httpcore.version>
 			
 			<!-- Maybe problems with Hibernate 5.0.10 -->
-			<mysql-connector.java>6.0.6</mysql-connector.java>
+			<mysql-connector.java>8.0.12</mysql-connector.java>
 			<!-- <mysql-connector.java>5.1.40</mysql-connector.java> -->			
 						
 			<junit.version>4.12</junit.version>			
@@ -60,9 +62,9 @@
 			<org.apache.commons.collections3.version>3.2.2</org.apache.commons.collections3.version>
 			<jodatime.version>2.10</jodatime.version>
 			
-			<jackson-version>2.9.1</jackson-version>
-	    <apache-cli-version>1.4</apache-cli-version>
-	    <spring-orm-version>${org.springframework.version}</spring-orm-version>
+			<jackson-version>2.9.7</jackson-version>
+	    	<apache-cli-version>1.4</apache-cli-version>
+	    	<spring-orm-version>${org.springframework.version}</spring-orm-version>
 	   
     </properties>
 
@@ -295,7 +297,11 @@
 				<version>${xmlsec.version}</version>
 			</dependency>
 
-
+		<dependency>
+			<groupId>com.google.guava</groupId>
+			<artifactId>guava</artifactId>
+			<version>${guava.version}</version>
+		</dependency>
 
     	<dependency>
         	<groupId>org.apache.cxf</groupId>
@@ -614,7 +620,7 @@
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_jce_full</artifactId>
-                <version>5.5_MOA</version>
+                <version>5.52_moa</version>
             </dependency>
             
             <dependency>
@@ -733,6 +739,11 @@
 				<version>${org.springframework.version}</version>
 			</dependency>
 			
+			<dependency>
+	        	<groupId>org.springframework.data</groupId>
+	        	<artifactId>spring-data-redis</artifactId>
+	        	<version>${org.springframework.data.spring-data-redis}</version>
+	    	</dependency>
 			
 			
             <!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
diff --git a/repository/MOA/spss/common/3.1.2/common-3.1.2.jar b/repository/MOA/spss/common/3.1.2/common-3.1.2.jar
index 2f550bd02..243273f4f 100644
--- a/repository/MOA/spss/common/3.1.2/common-3.1.2.jar
+++ b/repository/MOA/spss/common/3.1.2/common-3.1.2.jar
diff --git a/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar b/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar
index 04a33c2c4..06be8763b 100644
--- a/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar
+++ b/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar
diff --git a/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.jar b/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.jar
new file mode 100644
index 000000000..22f1f7d65
--- /dev/null
+++ b/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.jar
diff --git a/repository/eu/eidas/eidas-commons/1.4.3/eidas-commons-1.4.3-sources.jar b/repository/eu/eidas/eidas-commons/1.4.3/eidas-commons-1.4.3-sources.jar
new file mode 100644
index 000000000..4cbf2e631
--- /dev/null
+++ b/repository/eu/eidas/eidas-commons/1.4.3/eidas-commons-1.4.3-sources.jar
diff --git a/repository/eu/eidas/eidas-commons/1.4.3/eidas-commons-1.4.3.jar b/repository/eu/eidas/eidas-commons/1.4.3/eidas-commons-1.4.3.jar
new file mode 100644
index 000000000..ae2f90bbf
--- /dev/null
+++ b/repository/eu/eidas/eidas-commons/1.4.3/eidas-commons-1.4.3.jar
diff --git a/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.jar b/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.jar
new file mode 100644
index 000000000..d9bb91ef7
--- /dev/null
+++ b/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.jar
diff --git a/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.pom b/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.pom
new file mode 100644
index 000000000..3a50c50bd
--- /dev/null
+++ b/repository/eu/eidas/eidas-commons/2.1.0/eidas-commons-2.1.0.pom
@@ -0,0 +1,102 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>eidas-commons</artifactId>
+    <packaging>${mod.packaging.type}</packaging>
+    <name>eIDAS Commons</name>
+    <description>
+        The EIDASCommons library provides beans, Java Interfaces and utility classes to integrate EidasNode and SAML
+        Engine.
+    </description>
+    <parent>
+        <groupId>eu.eidas</groupId>
+        <artifactId>eidas-parent</artifactId>
+        <version>2.1.0</version>
+        <relativePath>../EIDAS-Parent/pom.xml</relativePath>
+    </parent>
+    <dependencies>
+        <dependency>
+            <groupId>eu.eidas</groupId>
+            <artifactId>eidas-light-commons</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>joda-time</groupId>
+            <artifactId>joda-time</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+        </dependency>
+        <!-- Bouncy Castle -->
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.owasp.encoder</groupId>
+            <artifactId>encoder</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.hazelcast</groupId>
+            <artifactId>hazelcast</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.hazelcast</groupId>
+            <artifactId>hazelcast-wm</artifactId>
+        </dependency>
+        <!-- TEST -->
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <resources>
+            <resource>
+                <directory>${project.basedir}/src/main/resources</directory>
+            </resource>
+        </resources>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+            </plugin>
+        </plugins>
+        <testResources>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <includes>
+                    <include>log4j.xml</include>
+                    <include>*.properties</include>
+                </includes>
+            </testResource>
+        </testResources>
+    </build>
+    <profiles>
+        <profile>
+            <id>metrics</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>cobertura-maven-plugin</artifactId>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+    <reporting>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>cobertura-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </reporting>
+</project>
diff --git a/repository/eu/eidas/eidas-configmodule/1.4.3/eidas-configmodule-1.4.3.jar b/repository/eu/eidas/eidas-configmodule/1.4.3/eidas-configmodule-1.4.3.jar
new file mode 100644
index 000000000..0e3f3c660
--- /dev/null
+++ b/repository/eu/eidas/eidas-configmodule/1.4.3/eidas-configmodule-1.4.3.jar
diff --git a/repository/eu/eidas/eidas-encryption/1.4.3/eidas-encryption-1.4.3.jar b/repository/eu/eidas/eidas-encryption/1.4.3/eidas-encryption-1.4.3.jar
new file mode 100644
index 000000000..baf9cb597
--- /dev/null
+++ b/repository/eu/eidas/eidas-encryption/1.4.3/eidas-encryption-1.4.3.jar
diff --git a/repository/eu/eidas/eidas-light-commons/1.4.3/eidas-light-commons-1.4.3-sources.jar b/repository/eu/eidas/eidas-light-commons/1.4.3/eidas-light-commons-1.4.3-sources.jar
new file mode 100644
index 000000000..0fd6725ff
--- /dev/null
+++ b/repository/eu/eidas/eidas-light-commons/1.4.3/eidas-light-commons-1.4.3-sources.jar
diff --git a/repository/eu/eidas/eidas-light-commons/1.4.3/eidas-light-commons-1.4.3.jar b/repository/eu/eidas/eidas-light-commons/1.4.3/eidas-light-commons-1.4.3.jar
new file mode 100644
index 000000000..321f59418
--- /dev/null
+++ b/repository/eu/eidas/eidas-light-commons/1.4.3/eidas-light-commons-1.4.3.jar
diff --git a/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.jar b/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.jar
new file mode 100644
index 000000000..ba5ff6ecd
--- /dev/null
+++ b/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.jar
diff --git a/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.pom b/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.pom
new file mode 100644
index 000000000..37b8c24d2
--- /dev/null
+++ b/repository/eu/eidas/eidas-light-commons/2.1.0/eidas-light-commons-2.1.0.pom
@@ -0,0 +1,55 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>eidas-light-commons</artifactId>
+    <packaging>${mod.packaging.type}</packaging>
+    <name>eIDAS Light Commons</name>
+    <description>
+        The EIDASLightCommons library provides Java Interfaces and utility classes to integrate EIDASCommons and eIDAS Specific Communication Definition.
+    </description>
+    <parent>
+        <groupId>eu.eidas</groupId>
+        <artifactId>eidas-parent</artifactId>
+        <version>2.1.0</version>
+        <relativePath>../EIDAS-Parent/pom.xml</relativePath>
+    </parent>
+    <dependencies>
+        <dependency>
+            <groupId>joda-time</groupId>
+            <artifactId>joda-time</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.ibm.icu</groupId>
+            <artifactId>icu4j</artifactId>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+    <profiles>
+        <profile>
+            <id>metrics</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>cobertura-maven-plugin</artifactId>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+    <reporting>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>cobertura-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </reporting>
+</project>
diff --git a/repository/eu/eidas/eidas-parent/2.0.0/eidas-parent-2.0.0.pom b/repository/eu/eidas/eidas-parent/2.0.0/eidas-parent-2.0.0.pom
new file mode 100644
index 000000000..dbe5cd58b
--- /dev/null
+++ b/repository/eu/eidas/eidas-parent/2.0.0/eidas-parent-2.0.0.pom
@@ -0,0 +1,910 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                             http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>eu.eidas</groupId>
+    <artifactId>eidas-parent</artifactId>
+    <packaging>pom</packaging>
+    <name>eIDAS Node Parent</name>
+    <version>2.0.0</version>
+    <description>
+        The EIDAS-Parent provides artifacts versions for Eidas Node components.
+    </description>
+    <properties>
+        <!-- 1) Project properties -->
+        <proj.name>EIDASParent</proj.name>
+        <proj.name.eidas>EidasNode</proj.name.eidas>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <app.packaging.type>war</app.packaging.type>
+        <mod.packaging.type>jar</mod.packaging.type>
+        <timestamp>${maven.build.timestamp}</timestamp>
+        <!-- java version targeted in the compile phase -->
+        <java.version>1.7</java.version>
+
+        <samlspec.version>0.5.2</samlspec.version>
+        <samlspecacept.version>0.5.1</samlspecacept.version>
+
+        <!-- 2) Library dependency versions -->
+        <spring.version>4.1.0.RELEASE</spring.version>
+        <opensaml.not-yet-commons-ssl.version>0.3.9</opensaml.not-yet-commons-ssl.version>
+        <opensaml.openws.version>1.5.5</opensaml.openws.version>
+        <opensaml.version>3.3.0</opensaml.version>
+        <opensaml.api.version>3.3.0</opensaml.api.version>
+        <!--shibboleth.xmlsupport.version>8.0-SNAPSHOT</shibboleth.xmlsupport.version-->
+        <shibboleth.xmlsupport.version>7.3.0</shibboleth.xmlsupport.version>
+        <servlet.version>3.0.1</servlet.version>
+        <jsp.api>2.0</jsp.api>
+        <jstl.version>1.1.2</jstl.version>
+        <apache.taglibs>1.2.5</apache.taglibs>
+        <jersey.version>1.18</jersey.version>
+        <jasper.version>6.0.53</jasper.version>
+        <slf4j.version>1.7.10</slf4j.version>
+        <logback.version>1.1.2</logback.version>
+        <mockito.version>1.10.19</mockito.version>
+        <junit.version>4.12</junit.version>
+        <hamcrest.version>1.3</hamcrest.version>
+        <commons.codec>1.9</commons.codec>
+        <commons.collections>3.2.2</commons.collections>
+        <commons.io>2.4</commons.io>
+        <commons.lang>2.6</commons.lang>
+        <commons.logging>1.1.3</commons.logging>
+        <commons.httpclient>4.5.5</commons.httpclient>
+        <commons.httpcore>4.4.9</commons.httpcore>
+        <commons.lang3>3.1</commons.lang3>
+        <hazelcast.version>3.2</hazelcast.version>
+        <bouncycastle.version>1.52</bouncycastle.version>
+        <owasp.version>1.1.1</owasp.version>
+        <owasp.dependency-check.version>1.4.0</owasp.dependency-check.version>
+        <owasp.esapi.version>2.1.0</owasp.esapi.version>
+        <cglib.version>2.2.2</cglib.version>
+        <xmlapis.version>1.4.01</xmlapis.version>
+        <xerces.version>2.11.0</xerces.version>
+        <xalan.version>2.7.2</xalan.version>
+        <joda.time.version>2.6</joda.time.version>
+        <log4j.version>1.2.17</log4j.version>
+        <log4j.api>2.3</log4j.api>
+        <xmlunit.version>1.5</xmlunit.version>
+        <bdr.econnector.version>1.2.2</bdr.econnector.version>
+        <struts.version>2.3.34</struts.version>
+        <icu4j.version>55.1</icu4j.version>
+        <vaadin.version>7.4.2</vaadin.version>
+        <vaadin.plugin.version>${vaadin.version}</vaadin.plugin.version>
+        <vaadin-spring.version>1.0.0.beta1</vaadin-spring.version>
+        <vaadin4spring.version>0.0.5.RELEASE</vaadin4spring.version>
+        <jetty.plugin.version>9.2.3.v20140905</jetty.plugin.version>
+        <guava.version>19.0</guava.version>
+        <jsr305.version>3.0.1</jsr305.version>
+        <icu4j.version>57.1</icu4j.version>
+
+        <!-- 3) maven plugin versions -->
+        <javadoc.plugin.version>2.8.1</javadoc.plugin.version>
+        <compile.plugin.version>2.3.2</compile.plugin.version>
+        <surefire.plugin.version>2.19.1</surefire.plugin.version>
+        <war.plugin.version>3.2.0</war.plugin.version>
+        <ear.plugin.version>2.7</ear.plugin.version>
+        <resources.plugin.version>2.4</resources.plugin.version>
+        <cobertura.plugin.version>2.7</cobertura.plugin.version>
+        <remote.resources.plugin.version>1.5</remote.resources.plugin.version>
+        <source.plugin.version>2.1.2</source.plugin.version>
+        <install.plugin.version>2.5.2</install.plugin.version>
+        <clean.plugin.version>2.6.1</clean.plugin.version>
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+            <!-- eIDAS modules -->
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>SimpleProtocol</artifactId>
+                <version>0.0.1-SNAPSHOT</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-commons</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-light-commons</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-configmodule</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-encryption</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-saml-engine</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-updater</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-saml-metadata</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-specific-connector</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-specific-proxyservice</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-specific-communication-definition</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-node</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-sp</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-idp</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <!-- Joda -->
+            <dependency>
+                <groupId>joda-time</groupId>
+                <artifactId>joda-time</artifactId>
+                <version>${joda.time.version}</version>
+            </dependency>
+            <!-- SLF4J logging -->
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-api</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>jcl-over-slf4j</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>log4j-over-slf4j</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>jul-to-slf4j</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-simple</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-log4j12</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <!-- commons-logging -->
+            <dependency>
+                <groupId>commons-logging</groupId>
+                <artifactId>commons-logging</artifactId>
+                <version>${commons.logging}</version>
+            </dependency>
+            <!-- Log4J -->
+            <dependency>
+                <groupId>log4j</groupId>
+                <artifactId>log4j</artifactId>
+                <version>${log4j.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>javax.jms</groupId>
+                        <artifactId>jms</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>com.sun.jdmk</groupId>
+                        <artifactId>jmxtools</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>com.sun.jmx</groupId>
+                        <artifactId>jmxri</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <artifactId>mail</artifactId>
+                        <groupId>javax.mail</groupId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <!-- LogBack -->
+            <dependency>
+                <groupId>ch.qos.logback</groupId>
+                <artifactId>logback-classic</artifactId>
+                <version>${logback.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-api</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <!-- Bouncy Castle -->
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcprov-jdk15on</artifactId>
+                <version>${bouncycastle.version}</version>
+                <!-- JBoss issue: please keep provided as the default scope for all the components of the project and override it if needed -->
+                <scope>provided</scope>
+            </dependency>
+            <!-- Apache Commons -->
+            <dependency>
+                <groupId>commons-codec</groupId>
+                <artifactId>commons-codec</artifactId>
+                <version>${commons.codec}</version>
+            </dependency>
+            <dependency>
+                <groupId>commons-collections</groupId>
+                <artifactId>commons-collections</artifactId>
+                <version>${commons.collections}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient</artifactId>
+                <version>${commons.httpclient}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-codec</groupId>
+                        <artifactId>commons-codec</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpcore</artifactId>
+                <version>${commons.httpcore}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>commons-io</groupId>
+                <artifactId>commons-io</artifactId>
+                <version>${commons.io}</version>
+            </dependency>
+            <dependency>
+                <groupId>commons-lang</groupId>
+                <artifactId>commons-lang</artifactId>
+                <version>${commons.lang}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.owasp.encoder</groupId>
+                <artifactId>encoder</artifactId>
+                <version>${owasp.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.owasp.encoder</groupId>
+                <artifactId>encoder-jsp</artifactId>
+                <version>${owasp.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.owasp.esapi</groupId>
+                <artifactId>esapi</artifactId>
+                <version>${owasp.esapi.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-configuration</groupId>
+                        <artifactId>commons-configuration</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-beanutils</groupId>
+                        <artifactId>commons-beanutils-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-fileupload</groupId>
+                        <artifactId>commons-fileupload</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-io</groupId>
+                        <artifactId>commons-io</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-collections</groupId>
+                        <artifactId>commons-collections</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>xom</groupId>
+                        <artifactId>xom</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.beanshell</groupId>
+                        <artifactId>bsh-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.owasp.antisamy</groupId>
+                        <artifactId>antisamy</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>com.google.guava</groupId>
+                <artifactId>guava</artifactId>
+                <version>${guava.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.google.code.findbugs</groupId>
+                <artifactId>jsr305</artifactId>
+                <version>${jsr305.version}</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-core</artifactId>
+                <version>${opensaml.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-codec</groupId>
+                        <artifactId>commons-codec</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-collections</groupId>
+                        <artifactId>commons-collections</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-lang</groupId>
+                        <artifactId>commons-lang</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>javax.servlet</groupId>
+                        <artifactId>servlet-api</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>joda-time</groupId>
+                        <artifactId>joda-time</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>junit</groupId>
+                        <artifactId>junit</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.velocity</groupId>
+                        <artifactId>velocity</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.bouncycastle</groupId>
+                        <artifactId>bcprov-jdk15on</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.owasp.esapi</groupId>
+                        <artifactId>esapi</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-api</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>jcl-over-slf4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>log4j-over-slf4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>jul-to-slf4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-test</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-saml-api</artifactId>
+                <version>${opensaml.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-saml-impl</artifactId>
+                <version>${opensaml.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>net.shibboleth.utilities</groupId>
+                <artifactId>java-support</artifactId>
+                <version>${shibboleth.xmlsupport.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-xmlsec-api</artifactId>
+                <version>${opensaml.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>javax.servlet</groupId>
+                <artifactId>javax.servlet-api</artifactId>
+                <version>${servlet.version}</version>
+                <scope>provided</scope>
+            </dependency>
+            <!-- JSP -->
+            <dependency>
+                <groupId>javax.servlet</groupId>
+                <artifactId>jsp-api</artifactId>
+                <version>${jsp.api}</version>
+                <scope>provided</scope>
+            </dependency>
+            <!-- JSTL -->
+            <dependency>
+                <groupId>javax.servlet</groupId>
+                <artifactId>jstl</artifactId>
+                <version>${jstl.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.taglibs</groupId>
+                <artifactId>taglibs-standard-impl</artifactId>
+                <version>${apache.taglibs}</version>
+            </dependency>
+            <dependency>
+                <groupId>taglibs</groupId>
+                <artifactId>standard</artifactId>
+                <version>${jstl.version}</version>
+            </dependency>
+            <!-- JavaEE API -->
+            <dependency>
+                <groupId>javax</groupId>
+                <artifactId>javaee-api</artifactId>
+                <version>7.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <!-- Spring -->
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-core</artifactId>
+                <version>${spring.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-beans</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-context</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-context-support</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-web</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-aop</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>xerces</groupId>
+                <artifactId>xercesImpl</artifactId>
+                <version>${xerces.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>xml-apis</groupId>
+                        <artifactId>xml-apis</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>xalan</groupId>
+                <artifactId>xalan</artifactId>
+                <version>${xalan.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>xml-apis</groupId>
+                        <artifactId>xml-apis</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>xalan</groupId>
+                <artifactId>serializer</artifactId>
+                <version>${xalan.version}</version>
+                <exclusions>
+                    <exclusion><!-- upsets jboss 6 -->
+                        <groupId>xml-apis</groupId>
+                        <artifactId>xml-apis</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>xml-apis</groupId>
+                <artifactId>xml-apis</artifactId>
+                <version>${xmlapis.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-xmlsec-impl</artifactId>
+                <version>${opensaml.version}</version>
+            </dependency>
+            <!-- Jersey -->
+            <dependency>
+                <groupId>com.sun.jersey</groupId>
+                <artifactId>jersey-server</artifactId>
+                <version>${jersey.version}</version>
+            </dependency>
+            <!-- https://mvnrepository.com/artifact/org.apache.tomcat/jasper-el -->
+            <dependency>
+                <groupId>org.apache.tomcat</groupId>
+                <artifactId>jasper-el</artifactId>
+                <version>${jasper.version}</version>
+            </dependency>
+            <!-- Jersey + Spring -->
+            <dependency>
+                <groupId>com.sun.jersey.contribs</groupId>
+                <artifactId>jersey-spring</artifactId>
+                <version>${jersey.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-web</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-beans</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-aop</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-context</artifactId>
+                    </exclusion>
+                    <!--                    <exclusion>
+                                            <groupId>com.sun.jersey</groupId>
+                                            <artifactId>jersey-server</artifactId>
+                                        </exclusion>-->
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-log4j12</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <!-- HazelCast -->
+            <dependency>
+                <groupId>com.hazelcast</groupId>
+                <artifactId>hazelcast</artifactId>
+                <version>${hazelcast.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-log4j12</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>com.hazelcast</groupId>
+                <artifactId>hazelcast-wm</artifactId>
+                <version>${hazelcast.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-log4j12</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <!-- Struts2 -->
+            <dependency>
+                <groupId>org.apache.struts</groupId>
+                <artifactId>struts2-core</artifactId>
+                <version>${struts.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>cglib</groupId>
+                <artifactId>cglib-nodep</artifactId>
+                <version>${cglib.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>cglib</groupId>
+                <artifactId>cglib</artifactId>
+                <version>${cglib.version}</version>
+            </dependency>
+            <!-- ICU -->
+            <dependency>
+                <groupId>com.ibm.icu</groupId>
+                <artifactId>icu4j</artifactId>
+                <version>${icu4j.version}</version>
+            </dependency>
+
+            <!-- UNIT TEST Dependencies -->
+            <dependency>
+                <groupId>junit</groupId>
+                <artifactId>junit</artifactId>
+                <version>${junit.version}</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.hamcrest</groupId>
+                <artifactId>hamcrest-all</artifactId>
+                <version>${hamcrest.version}</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.mockito</groupId>
+                <artifactId>mockito-core</artifactId>
+                <version>${mockito.version}</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>xmlunit</groupId>
+                <artifactId>xmlunit</artifactId>
+                <version>${xmlunit.version}</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-test</artifactId>
+                <version>${spring.version}</version>
+                <scope>test</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+        <!-- Dependencies in common for all modules -->
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.code.findbugs</groupId>
+            <artifactId>jsr305</artifactId>
+        </dependency>
+
+        <!-- UNIT TEST Dependencies in common for all modules -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <exclusions>
+                <exclusion>
+                    <artifactId>hamcrest-core</artifactId>
+                    <groupId>org.hamcrest</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-all</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <artifactId>hamcrest-core</artifactId>
+                    <groupId>org.hamcrest</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>xmlunit</groupId>
+            <artifactId>xmlunit</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <pluginManagement>
+            <plugins>
+
+				<plugin>
+				    <groupId>com.orctom.mojo</groupId>
+				    <artifactId>was-maven-plugin</artifactId>
+				    <version>1.0.8</version>
+				    <configuration>
+				        <wasHome>c:/pgm/wlp</wasHome>
+				        <applicationName>${proj.name}</applicationName>
+				        <host>localhost</host>
+				        <server>server01</server>
+				        <node>node01</node>
+				        <virtualHost>default_host</virtualHost>
+				        <verbose>true</verbose>
+				    </configuration>
+				</plugin>            
+
+				<plugin>
+					<groupId>org.apache.tomcat.maven</groupId>
+					<artifactId>tomcat7-maven-plugin</artifactId>
+					<version>2.2</version>
+					<configuration>
+						<url>http://localhost:8080/manager/text</url>
+						<server>tomcat</server>
+						<path>/${proj.name}</path>
+						<username>admin</username>
+                        <password>admin</password>
+					</configuration>
+		        </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-war-plugin</artifactId>
+                    <version>${war.plugin.version}</version>
+                    <configuration>
+                        <webResources>
+                            <resource>
+                                <directory>${project.basedir}/src/main/webapp/WEB-INF</directory>
+                                <filtering>true</filtering>
+                                <targetPath>WEB-INF</targetPath>
+                                <includes>
+                                    <include>**/web.xml</include>
+                                </includes>
+                            </resource>
+                        </webResources>
+                    </configuration>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-source-plugin</artifactId>
+                    <version>${source.plugin.version}</version>
+                    <executions>
+                        <execution>
+                            <id>attach-sources</id>
+                            <phase>verify</phase>
+                            <goals>
+                                <goal>jar-no-fork</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin>
+                <plugin>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>cobertura-maven-plugin</artifactId>
+                    <version>${cobertura.plugin.version}</version>
+                    <configuration>
+                        <formats>
+                            <format>html</format>
+                            <format>xml</format>
+                        </formats>
+                    </configuration>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-resources-plugin</artifactId>
+                    <version>${resources.plugin.version}</version>
+                </plugin>
+                <!--plugin>
+                    <groupId>org.owasp</groupId>
+                    <artifactId>dependency-check-maven</artifactId>
+                    <version>${owasp.dependency-check.version}</version>
+                    <configuration>
+                        <failBuildOnCVSS>8</failBuildOnCVSS>
+                    </configuration>
+                    <executions>
+                        <execution>
+                            <goals>
+                                <goal>check</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin-->
+            </plugins>
+        </pluginManagement>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>${compile.plugin.version}</version>
+                <configuration>
+                    <source>${java.version}</source>
+                    <target>${java.version}</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>${surefire.plugin.version}</version>
+                <configuration>
+                    <skip>false</skip>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>${javadoc.plugin.version}</version>
+                <configuration>
+                    <detectLinks>true</detectLinks>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <modules>
+        <module>../EIDAS-Light-Commons</module>
+        <module>../EIDAS-Commons</module>
+        <module>../EIDAS-ConfigModule</module>
+        <module>../EIDAS-Encryption</module>
+        <module>../EIDAS-SAMLEngine</module>
+        <module>../EIDAS-Metadata</module>
+        <module>../EIDAS-UPDATER</module>
+        <module>../EIDAS-SpecificConnector</module>
+        <module>../EIDAS-SpecificProxyService</module>
+        <module>../EIDAS-SpecificCommunicationDefinition</module>
+        <module>../EIDAS-Node</module>
+        <module>../EIDAS-SP</module>
+        <module>../EIDAS-IdP-1.0</module>
+        <module>../EIDAS-SimpleProtocol</module>
+    </modules>
+
+</project>
diff --git a/repository/eu/eidas/eidas-parent/2.1.0/eidas-parent-2.1.0.pom b/repository/eu/eidas/eidas-parent/2.1.0/eidas-parent-2.1.0.pom
new file mode 100644
index 000000000..f6d5e3bed
--- /dev/null
+++ b/repository/eu/eidas/eidas-parent/2.1.0/eidas-parent-2.1.0.pom
@@ -0,0 +1,947 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                             http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>eu.eidas</groupId>
+    <artifactId>eidas-parent</artifactId>
+    <packaging>pom</packaging>
+    <name>eIDAS Node Parent</name>
+    <version>2.1.0</version>
+    <description>
+        The EIDAS-Parent provides artifacts versions for Eidas Node components.
+    </description>
+    <properties>
+        <!-- 1) Project properties -->
+        <proj.name>EIDASParent</proj.name>
+        <proj.name.eidas>EidasNode</proj.name.eidas>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <app.packaging.type>war</app.packaging.type>
+        <mod.packaging.type>jar</mod.packaging.type>
+        <timestamp>${maven.build.timestamp}</timestamp>
+        <!-- java version targeted in the compile phase -->
+        <java.version>1.7</java.version>
+
+        <samlspec.version>0.5.2</samlspec.version>
+        <samlspecacept.version>0.5.1</samlspecacept.version>
+
+        <!-- 2) Library dependency versions -->
+        <spring.version>4.1.0.RELEASE</spring.version>
+        <opensaml.not-yet-commons-ssl.version>0.3.9</opensaml.not-yet-commons-ssl.version>
+        <opensaml.openws.version>1.5.5</opensaml.openws.version>
+        <opensaml.version>3.3.0</opensaml.version>
+        <opensaml.api.version>3.3.0</opensaml.api.version>
+        <!--shibboleth.xmlsupport.version>8.0-SNAPSHOT</shibboleth.xmlsupport.version-->
+        <shibboleth.xmlsupport.version>7.3.0</shibboleth.xmlsupport.version>
+        <servlet.version>3.0.1</servlet.version>
+        <jsp.api>2.0</jsp.api>
+        <jstl.version>1.1.2</jstl.version>
+        <apache.taglibs>1.2.5</apache.taglibs>
+        <jersey.version>1.18</jersey.version>
+        <jasper.version>6.0.53</jasper.version>
+        <slf4j.version>1.7.10</slf4j.version>
+        <logback.version>1.1.2</logback.version>
+        <mockito.version>1.10.19</mockito.version>
+        <junit.version>4.12</junit.version>
+        <hamcrest.version>1.3</hamcrest.version>
+        <commons.codec>1.9</commons.codec>
+        <commons.collections>3.2.2</commons.collections>
+        <commons.io>2.4</commons.io>
+        <commons.lang>2.6</commons.lang>
+        <commons.logging>1.1.3</commons.logging>
+        <commons.httpclient>4.5.5</commons.httpclient>
+        <commons.httpcore>4.4.9</commons.httpcore>
+        <commons.lang3>3.1</commons.lang3>
+        <hazelcast.version>3.2</hazelcast.version>
+        <bouncycastle.version>1.52</bouncycastle.version>
+        <owasp.version>1.1.1</owasp.version>
+        <owasp.dependency-check.version>1.4.0</owasp.dependency-check.version>
+        <owasp.esapi.version>2.1.0</owasp.esapi.version>
+        <cglib.version>2.2.2</cglib.version>
+        <xmlapis.version>1.4.01</xmlapis.version>
+        <xerces.version>2.11.0</xerces.version>
+        <xalan.version>2.7.2</xalan.version>
+        <joda.time.version>2.6</joda.time.version>
+        <log4j.version>1.2.17</log4j.version>
+        <log4j.api>2.3</log4j.api>
+        <xmlunit.version>1.5</xmlunit.version>
+        <bdr.econnector.version>1.2.2</bdr.econnector.version>
+        <struts.version>2.3.34</struts.version>
+        <icu4j.version>55.1</icu4j.version>
+        <vaadin.version>7.4.2</vaadin.version>
+        <vaadin.plugin.version>${vaadin.version}</vaadin.plugin.version>
+        <vaadin-spring.version>1.0.0.beta1</vaadin-spring.version>
+        <vaadin4spring.version>0.0.5.RELEASE</vaadin4spring.version>
+        <jetty.plugin.version>9.2.3.v20140905</jetty.plugin.version>
+        <guava.version>19.0</guava.version>
+        <jsr305.version>3.0.1</jsr305.version>
+        <icu4j.version>57.1</icu4j.version>
+
+        <!-- 3) maven plugin versions -->
+        <javadoc.plugin.version>2.8.1</javadoc.plugin.version>
+        <compile.plugin.version>2.3.2</compile.plugin.version>
+        <surefire.plugin.version>2.19.1</surefire.plugin.version>
+        <war.plugin.version>3.2.0</war.plugin.version>
+        <ear.plugin.version>2.7</ear.plugin.version>
+        <resources.plugin.version>2.4</resources.plugin.version>
+        <cobertura.plugin.version>2.7</cobertura.plugin.version>
+        <remote.resources.plugin.version>1.5</remote.resources.plugin.version>
+        <source.plugin.version>2.1.2</source.plugin.version>
+        <install.plugin.version>2.5.2</install.plugin.version>
+        <clean.plugin.version>2.6.1</clean.plugin.version>
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+            <!-- eIDAS modules -->
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>SimpleProtocol</artifactId>
+                <version>0.0.1-SNAPSHOT</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-commons</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-light-commons</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-configmodule</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-encryption</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-saml-engine</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-updater</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-saml-metadata</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-specific-connector</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-specific-proxyservice</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-specific-communication-definition</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-node</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-sp</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>eu.eidas</groupId>
+                <artifactId>eidas-idp</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <!-- Joda -->
+            <dependency>
+                <groupId>joda-time</groupId>
+                <artifactId>joda-time</artifactId>
+                <version>${joda.time.version}</version>
+            </dependency>
+            <!-- SLF4J logging -->
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-api</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>jcl-over-slf4j</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>log4j-over-slf4j</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>jul-to-slf4j</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-simple</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-log4j12</artifactId>
+                <version>${slf4j.version}</version>
+            </dependency>
+            <!-- commons-logging -->
+            <dependency>
+                <groupId>commons-logging</groupId>
+                <artifactId>commons-logging</artifactId>
+                <version>${commons.logging}</version>
+            </dependency>
+            <!-- Log4J -->
+            <dependency>
+                <groupId>log4j</groupId>
+                <artifactId>log4j</artifactId>
+                <version>${log4j.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>javax.jms</groupId>
+                        <artifactId>jms</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>com.sun.jdmk</groupId>
+                        <artifactId>jmxtools</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>com.sun.jmx</groupId>
+                        <artifactId>jmxri</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <artifactId>mail</artifactId>
+                        <groupId>javax.mail</groupId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <!-- LogBack -->
+            <dependency>
+                <groupId>ch.qos.logback</groupId>
+                <artifactId>logback-classic</artifactId>
+                <version>${logback.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-api</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <!-- Bouncy Castle -->
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcprov-jdk15on</artifactId>
+                <version>${bouncycastle.version}</version>
+                <!-- JBoss issue: please keep provided as the default scope for all the components of the project and override it if needed -->
+                <scope>provided</scope>
+            </dependency>
+            <!-- Apache Commons -->
+            <dependency>
+                <groupId>commons-codec</groupId>
+                <artifactId>commons-codec</artifactId>
+                <version>${commons.codec}</version>
+            </dependency>
+            <dependency>
+                <groupId>commons-collections</groupId>
+                <artifactId>commons-collections</artifactId>
+                <version>${commons.collections}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient</artifactId>
+                <version>${commons.httpclient}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-codec</groupId>
+                        <artifactId>commons-codec</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpcore</artifactId>
+                <version>${commons.httpcore}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>commons-io</groupId>
+                <artifactId>commons-io</artifactId>
+                <version>${commons.io}</version>
+            </dependency>
+            <dependency>
+                <groupId>commons-lang</groupId>
+                <artifactId>commons-lang</artifactId>
+                <version>${commons.lang}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.owasp.encoder</groupId>
+                <artifactId>encoder</artifactId>
+                <version>${owasp.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.owasp.encoder</groupId>
+                <artifactId>encoder-jsp</artifactId>
+                <version>${owasp.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.owasp.esapi</groupId>
+                <artifactId>esapi</artifactId>
+                <version>${owasp.esapi.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-configuration</groupId>
+                        <artifactId>commons-configuration</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-beanutils</groupId>
+                        <artifactId>commons-beanutils-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-fileupload</groupId>
+                        <artifactId>commons-fileupload</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-io</groupId>
+                        <artifactId>commons-io</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-collections</groupId>
+                        <artifactId>commons-collections</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>xom</groupId>
+                        <artifactId>xom</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.beanshell</groupId>
+                        <artifactId>bsh-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.owasp.antisamy</groupId>
+                        <artifactId>antisamy</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>com.google.guava</groupId>
+                <artifactId>guava</artifactId>
+                <version>${guava.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.google.code.findbugs</groupId>
+                <artifactId>jsr305</artifactId>
+                <version>${jsr305.version}</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-core</artifactId>
+                <version>${opensaml.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-codec</groupId>
+                        <artifactId>commons-codec</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-collections</groupId>
+                        <artifactId>commons-collections</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-lang</groupId>
+                        <artifactId>commons-lang</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>javax.servlet</groupId>
+                        <artifactId>servlet-api</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>joda-time</groupId>
+                        <artifactId>joda-time</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>junit</groupId>
+                        <artifactId>junit</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.velocity</groupId>
+                        <artifactId>velocity</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.bouncycastle</groupId>
+                        <artifactId>bcprov-jdk15on</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.owasp.esapi</groupId>
+                        <artifactId>esapi</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-api</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>jcl-over-slf4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>log4j-over-slf4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>jul-to-slf4j</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-test</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-saml-api</artifactId>
+                <version>${opensaml.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-saml-impl</artifactId>
+                <version>${opensaml.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>net.shibboleth.utilities</groupId>
+                <artifactId>java-support</artifactId>
+                <version>${shibboleth.xmlsupport.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-xmlsec-api</artifactId>
+                <version>${opensaml.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>javax.servlet</groupId>
+                <artifactId>javax.servlet-api</artifactId>
+                <version>${servlet.version}</version>
+                <scope>provided</scope>
+            </dependency>
+            <!-- JSP -->
+            <dependency>
+                <groupId>javax.servlet</groupId>
+                <artifactId>jsp-api</artifactId>
+                <version>${jsp.api}</version>
+                <scope>provided</scope>
+            </dependency>
+            <!-- JSTL -->
+            <dependency>
+                <groupId>javax.servlet</groupId>
+                <artifactId>jstl</artifactId>
+                <version>${jstl.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.taglibs</groupId>
+                <artifactId>taglibs-standard-impl</artifactId>
+                <version>${apache.taglibs}</version>
+            </dependency>
+            <dependency>
+                <groupId>taglibs</groupId>
+                <artifactId>standard</artifactId>
+                <version>${jstl.version}</version>
+            </dependency>
+            <!-- JavaEE API -->
+            <dependency>
+                <groupId>javax</groupId>
+                <artifactId>javaee-api</artifactId>
+                <version>7.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <!-- Spring -->
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-core</artifactId>
+                <version>${spring.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-beans</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-context</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-context-support</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-web</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-aop</artifactId>
+                <version>${spring.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>xerces</groupId>
+                <artifactId>xercesImpl</artifactId>
+                <version>${xerces.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>xml-apis</groupId>
+                        <artifactId>xml-apis</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>xalan</groupId>
+                <artifactId>xalan</artifactId>
+                <version>${xalan.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>xml-apis</groupId>
+                        <artifactId>xml-apis</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>xalan</groupId>
+                <artifactId>serializer</artifactId>
+                <version>${xalan.version}</version>
+                <exclusions>
+                    <exclusion><!-- upsets jboss 6 -->
+                        <groupId>xml-apis</groupId>
+                        <artifactId>xml-apis</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>xml-apis</groupId>
+                <artifactId>xml-apis</artifactId>
+                <version>${xmlapis.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.opensaml</groupId>
+                <artifactId>opensaml-xmlsec-impl</artifactId>
+                <version>${opensaml.version}</version>
+            </dependency>
+            <!-- Jersey -->
+            <dependency>
+                <groupId>com.sun.jersey</groupId>
+                <artifactId>jersey-server</artifactId>
+                <version>${jersey.version}</version>
+            </dependency>
+            <!-- https://mvnrepository.com/artifact/org.apache.tomcat/jasper-el -->
+            <dependency>
+                <groupId>org.apache.tomcat</groupId>
+                <artifactId>jasper-el</artifactId>
+                <version>${jasper.version}</version>
+            </dependency>
+            <!-- Jersey + Spring -->
+            <dependency>
+                <groupId>com.sun.jersey.contribs</groupId>
+                <artifactId>jersey-spring</artifactId>
+                <version>${jersey.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-core</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-web</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-beans</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-aop</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-context</artifactId>
+                    </exclusion>
+                    <!--                    <exclusion>
+                                            <groupId>com.sun.jersey</groupId>
+                                            <artifactId>jersey-server</artifactId>
+                                        </exclusion>-->
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-log4j12</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <!-- HazelCast -->
+            <dependency>
+                <groupId>com.hazelcast</groupId>
+                <artifactId>hazelcast</artifactId>
+                <version>${hazelcast.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-log4j12</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>com.hazelcast</groupId>
+                <artifactId>hazelcast-wm</artifactId>
+                <version>${hazelcast.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.slf4j</groupId>
+                        <artifactId>slf4j-log4j12</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>log4j</groupId>
+                        <artifactId>log4j</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <!-- Struts2 -->
+            <dependency>
+                <groupId>org.apache.struts</groupId>
+                <artifactId>struts2-core</artifactId>
+                <version>${struts.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>cglib</groupId>
+                <artifactId>cglib-nodep</artifactId>
+                <version>${cglib.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>cglib</groupId>
+                <artifactId>cglib</artifactId>
+                <version>${cglib.version}</version>
+            </dependency>
+            <!-- ICU -->
+            <dependency>
+                <groupId>com.ibm.icu</groupId>
+                <artifactId>icu4j</artifactId>
+                <version>${icu4j.version}</version>
+            </dependency>
+
+            <!-- UNIT TEST Dependencies -->
+            <dependency>
+                <groupId>junit</groupId>
+                <artifactId>junit</artifactId>
+                <version>${junit.version}</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.hamcrest</groupId>
+                <artifactId>hamcrest-all</artifactId>
+                <version>${hamcrest.version}</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.mockito</groupId>
+                <artifactId>mockito-core</artifactId>
+                <version>${mockito.version}</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>xmlunit</groupId>
+                <artifactId>xmlunit</artifactId>
+                <version>${xmlunit.version}</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-test</artifactId>
+                <version>${spring.version}</version>
+                <scope>test</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+        <!-- Dependencies in common for all modules -->
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.code.findbugs</groupId>
+            <artifactId>jsr305</artifactId>
+        </dependency>
+
+        <!-- UNIT TEST Dependencies in common for all modules -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <exclusions>
+                <exclusion>
+                    <artifactId>hamcrest-core</artifactId>
+                    <groupId>org.hamcrest</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-all</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <artifactId>hamcrest-core</artifactId>
+                    <groupId>org.hamcrest</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>xmlunit</groupId>
+            <artifactId>xmlunit</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <pluginManagement>
+            <plugins>
+
+				<plugin>
+				    <groupId>com.orctom.mojo</groupId>
+				    <artifactId>was-maven-plugin</artifactId>
+				    <version>1.0.8</version>
+				    <configuration>
+				        <wasHome>c:/pgm/wlp</wasHome>
+				        <applicationName>${proj.name}</applicationName>
+				        <host>localhost</host>
+				        <server>server01</server>
+				        <node>node01</node>
+				        <virtualHost>default_host</virtualHost>
+				        <verbose>true</verbose>
+				    </configuration>
+				</plugin>            
+
+				<plugin>
+					<groupId>org.apache.tomcat.maven</groupId>
+					<artifactId>tomcat7-maven-plugin</artifactId>
+					<version>2.2</version>
+					<configuration>
+						<url>http://localhost:8080/manager/text</url>
+						<server>tomcat</server>
+						<path>/${proj.name}</path>
+						<username>admin</username>
+                        <password>admin</password>
+					</configuration>
+		        </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-war-plugin</artifactId>
+                    <version>${war.plugin.version}</version>
+                    <configuration>
+                        <webResources>
+                            <resource>
+                                <directory>${project.basedir}/src/main/webapp/WEB-INF</directory>
+                                <filtering>true</filtering>
+                                <targetPath>WEB-INF</targetPath>
+                                <includes>
+                                    <include>**/web.xml</include>
+                                </includes>
+                            </resource>
+                        </webResources>
+                    </configuration>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-source-plugin</artifactId>
+                    <version>${source.plugin.version}</version>
+                    <executions>
+                        <execution>
+                            <id>attach-sources</id>
+                            <phase>verify</phase>
+                            <goals>
+                                <goal>jar-no-fork</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin>
+                <plugin>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>cobertura-maven-plugin</artifactId>
+                    <version>${cobertura.plugin.version}</version>
+                    <configuration>
+                        <formats>
+                            <format>html</format>
+                            <format>xml</format>
+                        </formats>
+                    </configuration>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-resources-plugin</artifactId>
+                    <version>${resources.plugin.version}</version>
+                </plugin>
+                <!--plugin>
+                    <groupId>org.owasp</groupId>
+                    <artifactId>dependency-check-maven</artifactId>
+                    <version>${owasp.dependency-check.version}</version>
+                    <configuration>
+                        <failBuildOnCVSS>8</failBuildOnCVSS>
+                    </configuration>
+                    <executions>
+                        <execution>
+                            <goals>
+                                <goal>check</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin-->
+            </plugins>
+        </pluginManagement>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>${compile.plugin.version}</version>
+                <configuration>
+                    <source>${java.version}</source>
+                    <target>${java.version}</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>${surefire.plugin.version}</version>
+                <configuration>
+                    <skip>false</skip>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>${javadoc.plugin.version}</version>
+                <configuration>
+                    <detectLinks>true</detectLinks>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <!-- modules>
+        <module>../EIDAS-Config</module>
+        <module>../EIDAS-Light-Commons</module>
+        <module>../EIDAS-Commons</module>
+        <module>../EIDAS-ConfigModule</module>
+        <module>../EIDAS-Encryption</module>
+        <module>../EIDAS-SAMLEngine</module>
+        <module>../EIDAS-Metadata</module>
+        <module>../EIDAS-UPDATER</module>
+        <module>../EIDAS-SpecificConnector</module>
+        <module>../EIDAS-SpecificProxyService</module>
+        <module>../EIDAS-SpecificCommunicationDefinition</module>
+        <module>../EIDAS-Node</module>
+        <module>../EIDAS-SP</module>
+        <module>../EIDAS-IdP-1.0</module>
+        <module>../EIDAS-SimpleProtocol</module>
+    </modules-->
+<modules>
+   <module>../EIDAS-Light-Commons</module>
+   <module>../EIDAS-Commons</module>
+   <module>../EIDAS-SpecificCommunicationDefinition</module>
+ </modules>
+ <profiles>
+   <profile>
+     <id>NodeOnly</id>
+       <activation><activeByDefault>true</activeByDefault></activation>
+       <modules>
+         <module>../EIDAS-ConfigModule</module>
+         <module>../EIDAS-Encryption</module>
+         <module>../EIDAS-SAMLEngine</module>
+         <module>../EIDAS-Metadata</module>
+         <module>../EIDAS-UPDATER</module>
+         <module>../EIDAS-Node</module>
+       </modules>
+   </profile>
+   <profile>
+     <id>DemoToolsOnly</id>
+       <activation><activeByDefault>false</activeByDefault></activation>
+       <modules>
+         <module>../EIDAS-SimpleProtocol</module>
+         <module>../EIDAS-SpecificProxyService</module>
+         <module>../EIDAS-SpecificConnector</module>
+         <module>../EIDAS-SP</module>
+         <module>../EIDAS-IdP-1.0</module>
+       </modules>
+   </profile>
+   <profile>
+     <id>Config</id>
+       <activation><activeByDefault>false</activeByDefault></activation>
+       <modules>
+         <module>../EIDAS-Config</module>
+       </modules>
+   </profile>
+ </profiles>
+</project>
diff --git a/repository/eu/eidas/eidas-saml-engine/1.4.3/eidas-saml-engine-1.4.3-sources.jar b/repository/eu/eidas/eidas-saml-engine/1.4.3/eidas-saml-engine-1.4.3-sources.jar
new file mode 100644
index 000000000..583f756d1
--- /dev/null
+++ b/repository/eu/eidas/eidas-saml-engine/1.4.3/eidas-saml-engine-1.4.3-sources.jar
diff --git a/repository/eu/eidas/eidas-saml-engine/1.4.3/eidas-saml-engine-1.4.3.jar b/repository/eu/eidas/eidas-saml-engine/1.4.3/eidas-saml-engine-1.4.3.jar
new file mode 100644
index 000000000..36fff3881
--- /dev/null
+++ b/repository/eu/eidas/eidas-saml-engine/1.4.3/eidas-saml-engine-1.4.3.jar
diff --git a/repository/eu/eidas/eidas-specific-communication-definition/1.4.3/eidas-specific-communication-definition-1.4.3.jar b/repository/eu/eidas/eidas-specific-communication-definition/1.4.3/eidas-specific-communication-definition-1.4.3.jar
new file mode 100644
index 000000000..d25a1ab6e
--- /dev/null
+++ b/repository/eu/eidas/eidas-specific-communication-definition/1.4.3/eidas-specific-communication-definition-1.4.3.jar
diff --git a/repository/eu/eidas/eidas-specific-communication-definition/1.4.3/eidas-specific-communication-definition-sources.jar b/repository/eu/eidas/eidas-specific-communication-definition/1.4.3/eidas-specific-communication-definition-sources.jar
new file mode 100644
index 000000000..334dd3ed7
--- /dev/null
+++ b/repository/eu/eidas/eidas-specific-communication-definition/1.4.3/eidas-specific-communication-definition-sources.jar
diff --git a/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.jar b/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.jar
new file mode 100644
index 000000000..e0dc0ed85
--- /dev/null
+++ b/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.jar
diff --git a/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.pom b/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.pom
new file mode 100644
index 000000000..1dc152d81
--- /dev/null
+++ b/repository/eu/eidas/eidas-specific-communication-definition/2.1.0/eidas-specific-communication-definition-2.1.0.pom
@@ -0,0 +1,131 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                             http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>eidas-specific-communication-definition</artifactId>
+    <packaging>jar</packaging>
+    <name>eIDAS Specific Communication Definition</name>
+    <description>Defines and implements the communication protocol to be used between specific and node modules.</description>
+    <parent>
+        <groupId>eu.eidas</groupId>
+        <artifactId>eidas-parent</artifactId>
+        <version>2.1.0</version>
+        <relativePath>../EIDAS-Parent/pom.xml</relativePath>
+    </parent>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-context</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>eu.eidas</groupId>
+            <artifactId>eidas-commons</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+    <build>
+        <finalName>${artifactId}</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+    <profiles>
+        <profile>
+            <id>specificProxyServiceWarPackaging</id>
+            <activation>
+                <property>
+                    <name>!specificJar</name>
+                </property>
+            </activation>
+            <properties>
+                <packaging.type>war</packaging.type>
+            </properties>
+            <build>
+                <finalName>${proj.name}</finalName>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-resources-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>copy-specific-connector-config</id>
+                                <phase>process-resources</phase>
+                                <goals>
+                                    <goal>copy-resources</goal>
+                                </goals>
+                                <configuration>
+                                    <outputDirectory>${project.build.directory}/${proj.name}/WEB-INF/classes
+                                    </outputDirectory>
+                                    <resources>
+                                        <resource>
+                                            <directory>${project.basedir}/src/main/config/warPackaging</directory>
+                                            <filtering>false</filtering>
+                                        </resource>
+                                    </resources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>specificProxyServiceJarPackaging</id>
+            <activation>
+                <property>
+                    <name>specificJar</name>
+                </property>
+            </activation>
+            <properties>
+                <packaging.type>jar</packaging.type>
+            </properties>
+            <build>
+                <finalName>${artifactId}</finalName>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-source-plugin</artifactId>
+                    </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-resources-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>copy-specific-connector-config</id>
+                                <phase>process-resources</phase>
+                                <goals>
+                                    <goal>copy-resources</goal>
+                                </goals>
+                                <configuration>
+                                    <outputDirectory>${project.build.directory}/${proj.name}/WEB-INF/classes</outputDirectory>
+                                    <resources>
+                                        <resource>
+                                            <directory>${project.basedir}/src/main/config/jarPackaging</directory>
+                                            <filtering>false</filtering>
+                                        </resource>
+                                    </resources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+</project>
diff --git a/repository/eu/eidas/eidas-specific/1.4.3/eidas-specific-1.4.3.jar b/repository/eu/eidas/eidas-specific/1.4.3/eidas-specific-1.4.3.jar
new file mode 100644
index 000000000..491f1ce7f
--- /dev/null
+++ b/repository/eu/eidas/eidas-specific/1.4.3/eidas-specific-1.4.3.jar
diff --git a/repository/eu/eidas/eidas-specific/1.4.3/eidas-specific-sources.jar b/repository/eu/eidas/eidas-specific/1.4.3/eidas-specific-sources.jar
new file mode 100644
index 000000000..b8ee90c28
--- /dev/null
+++ b/repository/eu/eidas/eidas-specific/1.4.3/eidas-specific-sources.jar
diff --git a/repository/iaik/prod/iaik_cpades/2.5.1_moa/iaik_cpades-2.5.1_moa.jar b/repository/iaik/prod/iaik_cpades/2.5.1_moa/iaik_cpades-2.5.1_moa.jar
new file mode 100644
index 000000000..f225f27a9
--- /dev/null
+++ b/repository/iaik/prod/iaik_cpades/2.5.1_moa/iaik_cpades-2.5.1_moa.jar
diff --git a/repository/iaik/prod/iaik_eccelerate/5.01/iaik_eccelerate-5.01.jar b/repository/iaik/prod/iaik_eccelerate/5.01/iaik_eccelerate-5.01.jar
new file mode 100644
index 000000000..0d83fc5ba
--- /dev/null
+++ b/repository/iaik/prod/iaik_eccelerate/5.01/iaik_eccelerate-5.01.jar
diff --git a/repository/iaik/prod/iaik_eccelerate_addon/5.01/iaik_eccelerate_addon-5.01.jar b/repository/iaik/prod/iaik_eccelerate_addon/5.01/iaik_eccelerate_addon-5.01.jar
new file mode 100644
index 000000000..957fa5a81
--- /dev/null
+++ b/repository/iaik/prod/iaik_eccelerate_addon/5.01/iaik_eccelerate_addon-5.01.jar
diff --git a/repository/iaik/prod/iaik_eccelerate_cms/5.01/iaik_eccelerate_cms-5.01.jar b/repository/iaik/prod/iaik_eccelerate_cms/5.01/iaik_eccelerate_cms-5.01.jar
new file mode 100644
index 000000000..ed4e816e3
--- /dev/null
+++ b/repository/iaik/prod/iaik_eccelerate_cms/5.01/iaik_eccelerate_cms-5.01.jar
diff --git a/repository/iaik/prod/iaik_jce_full/5.5_MOA_RC3/iaik_jce_full-5.5_MOA_RC3.jar b/repository/iaik/prod/iaik_jce_full/5.52_moa/iaik_jce_full-5.52_moa.jar
index f86ded1b4..4ce6c247d 100644
--- a/repository/iaik/prod/iaik_jce_full/5.5_MOA_RC3/iaik_jce_full-5.5_MOA_RC3.jar
+++ b/repository/iaik/prod/iaik_jce_full/5.52_moa/iaik_jce_full-5.52_moa.jar
diff --git a/repository/iaik/prod/iaik_jce_full/5.5_MOA_RC1/iaik_jce_full-5.5_MOA_RC1.jar b/repository/iaik/prod/iaik_jce_full/5.5_MOA_RC1/iaik_jce_full-5.5_MOA_RC1.jar
deleted file mode 100644
index 4f0e90372..000000000
--- a/repository/iaik/prod/iaik_jce_full/5.5_MOA_RC1/iaik_jce_full-5.5_MOA_RC1.jar
+++ /dev/null
diff --git a/repository/iaik/prod/iaik_moa/2.06/iaik_moa-2.06.jar b/repository/iaik/prod/iaik_moa/2.06/iaik_moa-2.06.jar
new file mode 100644
index 000000000..edc2d0f98
--- /dev/null
+++ b/repository/iaik/prod/iaik_moa/2.06/iaik_moa-2.06.jar
diff --git a/repository/iaik/prod/iaik_pki_module/2.01_moa/iaik_pki_module-2.01_moa.jar b/repository/iaik/prod/iaik_pki_module/2.01_moa/iaik_pki_module-2.01_moa.jar
new file mode 100644
index 000000000..9d59aef25
--- /dev/null
+++ b/repository/iaik/prod/iaik_pki_module/2.01_moa/iaik_pki_module-2.01_moa.jar
diff --git a/repository/iaik/prod/iaik_tsp/2.32_eval/iaik_tsp.jar b/repository/iaik/prod/iaik_tsp/2.32_eval/iaik_tsp.jar
new file mode 100644
index 000000000..fbd9abd20
--- /dev/null
+++ b/repository/iaik/prod/iaik_tsp/2.32_eval/iaik_tsp.jar
diff --git a/repository/iaik/prod/iaik_xades/2.13_moa/iaik_xades-2.13_moa.jar b/repository/iaik/prod/iaik_xades/2.13_moa/iaik_xades-2.13_moa.jar
new file mode 100644
index 000000000..0f111e241
--- /dev/null
+++ b/repository/iaik/prod/iaik_xades/2.13_moa/iaik_xades-2.13_moa.jar
diff --git a/repository/iaik/prod/iaik_xsect/2.13_moa/iaik_xsect-2.13_moa.jar b/repository/iaik/prod/iaik_xsect/2.13_moa/iaik_xsect-2.13_moa.jar
new file mode 100644
index 000000000..95f18efcd
--- /dev/null
+++ b/repository/iaik/prod/iaik_xsect/2.13_moa/iaik_xsect-2.13_moa.jar