WebInterface MOAID-General finished

15 files changed, 1029 insertions, 82 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index f03b1c057..d14e12df5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -38,22 +38,28 @@ import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
 
 public class GeneralMOAIDConfig {
 
-	public static final String LINE_DELIMITER = ";\n"; 
+	public static final long DEFAULTTIMEOUTASSERTION = 120; //sec
+	public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; //sec
+	public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; //sec
+	
+	public static final String LINE_DELIMITER = ";"; 
 	
 	private String szrgwURL = null;
 	private String alternativeSourceID = null;
 	private String certStoreDirectory = null; 
 	private boolean trustmanagerrevocationcheck = false;
 	
-	private long timeoutAssertion = 120;  //sec
-	private long timeoutMOASessionCreated = 1200;  //sec
-	private long timeoutMOASessionUpdated = 2700;  //sec
+	private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION);
+	private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED);
+	private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED);
 	
 	private String identityLinkSigners = "";
+	private List<String> idlSignersList = null;
 	
 	private String moaspssURL = null;
 	private String moaspssAuthTrustProfile = null;
 	private String moaspssAuthTransformations = "";
+	private List<String> authTransformList = null;
 	private String moaspssIdlTrustProfile = null;
 	
 	private String mandateURL = null;
@@ -71,6 +77,7 @@ public class GeneralMOAIDConfig {
 	private List<File> fileUpload = null;
 	private List<String> fileUploadContentType;
 	private List<String> fileUploadFileName;
+	private Map<String, byte[]> secLayerTransformation = null;
 	
 	private String ssoTarget = null;
 	private String ssoFriendlyName = null;
@@ -130,11 +137,11 @@ public class GeneralMOAIDConfig {
 					if (timeouts != null) {
 						
 						if(timeouts.getAssertion() != null)
-							timeoutAssertion = timeouts.getAssertion().longValue();
+							timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue());
 						if(timeouts.getMOASessionCreated() != null)
-							timeoutMOASessionCreated = timeouts.getMOASessionCreated().longValue();
+							timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue());
 						if(timeouts.getMOASessionUpdated() != null)
-							timeoutMOASessionUpdated = timeouts.getMOASessionUpdated().longValue();
+							timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue());
 						
 					}
 				}
@@ -144,7 +151,7 @@ public class GeneralMOAIDConfig {
 					List<IdentityLinkSignersX509SubjectNameItem> idem = idlsign.getX509SubjectNameItems();
 					
 					for (IdentityLinkSignersX509SubjectNameItem el : idem) {
-						identityLinkSigners += el.getItem() + LINE_DELIMITER;
+						identityLinkSigners += el.getItem() + LINE_DELIMITER + "\n";
 					}
 					
 				}
@@ -161,7 +168,7 @@ public class GeneralMOAIDConfig {
 						
 						List<String> list = authblock.getVerifyTransformsInfoProfileID();
 						for (String el : list)
-							moaspssAuthTransformations += el + LINE_DELIMITER;
+							moaspssAuthTransformations += el + LINE_DELIMITER + "\n";
 					}
 					
 					VerifyIdentityLink idl = moaspss.getVerifyIdentityLink();
@@ -219,8 +226,9 @@ public class GeneralMOAIDConfig {
 				
 					fileUploadFileName = new ArrayList<String>();
 					
-					for (TransformsInfoType el : list)
+					for (TransformsInfoType el : list) {
 						fileUploadFileName.add(el.getFilename());
+					}
 				}
 				
 				SSO sso = auth.getSSO();
@@ -314,42 +322,42 @@ public class GeneralMOAIDConfig {
 	/**
 	 * @return the timeoutAssertion
 	 */
-	public long getTimeoutAssertion() {
+	public String getTimeoutAssertion() {
 		return timeoutAssertion;
 	}
 
 	/**
 	 * @param timeoutAssertion the timeoutAssertion to set
 	 */
-	public void setTimeoutAssertion(long timeoutAssertion) {
+	public void setTimeoutAssertion(String timeoutAssertion) {
 		this.timeoutAssertion = timeoutAssertion;
 	}
 
 	/**
 	 * @return the timeoutMOASessionCreated
 	 */
-	public long getTimeoutMOASessionCreated() {
+	public String getTimeoutMOASessionCreated() {
 		return timeoutMOASessionCreated;
 	}
 
 	/**
 	 * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set
 	 */
-	public void setTimeoutMOASessionCreated(long timeoutMOASessionCreated) {
+	public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) {
 		this.timeoutMOASessionCreated = timeoutMOASessionCreated;
 	}
 
 	/**
 	 * @return the timeoutMOASessionUpdated
 	 */
-	public long getTimeoutMOASessionUpdated() {
+	public String getTimeoutMOASessionUpdated() {
 		return timeoutMOASessionUpdated;
 	}
 
 	/**
 	 * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set
 	 */
-	public void setTimeoutMOASessionUpdated(long timeoutMOASessionUpdated) {
+	public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) {
 		this.timeoutMOASessionUpdated = timeoutMOASessionUpdated;
 	}
 
@@ -800,6 +808,69 @@ public class GeneralMOAIDConfig {
 	public void setChainigmodelist(Map<String, String> chainigmodelist) {
 		GeneralMOAIDConfig.chainigmodelist = chainigmodelist;
 	}
+
+	/**
+	 * @return the secLayerTransformation
+	 */
+	public Map<String, byte[]> getSecLayerTransformation() {
+		return secLayerTransformation;
+	}
+
+	/**
+	 * @param secLayerTransformation the secLayerTransformation to set
+	 */
+	public void setSecLayerTransformation(Map<String, byte[]> secLayerTransformation) {
+		this.secLayerTransformation = secLayerTransformation;
+	}
+
+	/**
+	 * @return the idlSignersList
+	 */
+	public List<String> getIdlSignersList() {
+		return idlSignersList;
+	}
+
+	/**
+	 * @param idlSignersList the idlSignersList to set
+	 */
+	public void setIdlSignersList(List<String> idlSignersList) {
+		this.idlSignersList = idlSignersList;
+	}
+
+	/**
+	 * @return the authTransformList
+	 */
+	public List<String> getAuthTransformList() {
+		return authTransformList;
+	}
+
+	/**
+	 * @param authTransformList the authTransformList to set
+	 */
+	public void setAuthTransformList(List<String> authTransformList) {
+		this.authTransformList = authTransformList;
+	}
+	
+	
+	
+	
+	public void setFileUpload(File fileUpload) {
+		if (this.fileUpload == null)
+			this.fileUpload = new ArrayList<File>();
+		this.fileUpload.add(fileUpload);
+	}
+
+	public void setFileUploadContentType(String fileUploadContentType) {
+		if (this.fileUploadContentType == null)
+			this.fileUploadContentType = new ArrayList<String>();
+		this.fileUploadContentType.add(fileUploadContentType);
+	}
+
+	public void setFileUploadFileName(String fileUploadFileName) {
+		if (this.fileUploadFileName == null)
+			this.fileUploadFileName = new ArrayList<String>();
+		this.fileUploadFileName.add(fileUploadFileName);
+	}
 	
 	
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java
new file mode 100644
index 000000000..8abb0be86
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.configuration.helper;
+
+public class StringHelper {
+
+	public static String formatText(String strGivenText)
+    {
+        StringBuffer sbFormattedText = new StringBuffer(strGivenText);
+ 
+        for(int i=0; i<sbFormattedText.length(); i++)
+        {
+           if(sbFormattedText.charAt(i) == '\n') {
+               sbFormattedText.deleteCharAt(i);
+               i--;
+           }
+ 
+           if(sbFormattedText.charAt(i) == '\r') {
+               sbFormattedText.deleteCharAt(i);
+               i--;
+           }
+ 
+           if(sbFormattedText.charAt(i) == '\t') {
+               sbFormattedText.deleteCharAt(i);
+               i--;
+           }
+        }
+        return sbFormattedText.toString();
+    }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 1cd4ecc0c..6cea7d33f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -1,24 +1,66 @@
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
 import org.apache.struts2.interceptor.ServletResponseAware;
 
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSignersX509SubjectNameItem;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
+import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowedProtocolNameItem;
 import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlockVerifyTransformsInfoProfileIDItem;
+import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator;
+import at.gv.egovernment.moa.id.configuration.validation.moaconfig.PVP2ContactValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 import com.opensymphony.xwork2.ActionSupport;
 
 public class EditGeneralConfigAction extends ActionSupport 
 	implements ServletRequestAware, ServletResponseAware {
 	
+	private static final Logger log = Logger.getLogger(EditGeneralConfigAction.class);
+	
 	private static final long serialVersionUID = 1L;
 	private HttpServletRequest request;
 	private HttpServletResponse response;
@@ -63,10 +105,25 @@ public class EditGeneralConfigAction extends ActionSupport
 			
 			if (authUser.isAdmin()) {
 				
+				MOAConfigValidator validator = new MOAConfigValidator();
 				
+				List<String> errors = validator.validate(moaconfig);
+
+				if (errors.size() > 0) {
+					log.info("General MOA-ID configuration has some erros.");
+					for (String el : errors)
+						addActionError(el);	
+					
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
 				
+				String error = saveFormToDatabase();
 				
-				
+				if (error != null) {
+					log.warn("General MOA-ID config can not be stored in Database");
+					addActionError(error);
+					return Constants.STRUTS_SUCCESS;
+				}
 				
 			} else {
 				addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
@@ -76,6 +133,7 @@ public class EditGeneralConfigAction extends ActionSupport
 		} else
 			return Constants.STRUTS_REAUTHENTICATE;
 		
+		addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success"));
 		return Constants.STRUTS_SUCCESS;
 	}
 	
@@ -91,6 +149,343 @@ public class EditGeneralConfigAction extends ActionSupport
 		return Constants.STRUTS_SUCCESS;
 	}
 	
+	private String saveFormToDatabase() {
+		
+		MOAIDConfiguration oldconfig = ConfigurationDBRead.getMOAIDConfiguration();
+		AuthComponentGeneral oldauth = null;
+		if (oldconfig != null) {
+			oldauth = oldconfig.getAuthComponentGeneral();
+		}
+		
+//		MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();	
+//		if (dbconfig == null) {
+//			dbconfig = new MOAIDConfiguration();
+//			isnewconfig = true;
+//		}
+		
+		MOAIDConfiguration dbconfig = new MOAIDConfiguration();
+		
+		AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral();
+		if (dbauth == null) {
+			dbauth = new AuthComponentGeneral();
+			dbconfig.setAuthComponentGeneral(dbauth);
+		}
+		
+		GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration();
+		if (dbauthgeneral == null) {
+			dbauthgeneral = new GeneralConfiguration();
+			dbauth.setGeneralConfiguration(dbauthgeneral);
+		}
+		
+		GeneralConfiguration oldauthgeneral = null;
+		if (oldauth != null)
+			oldauthgeneral = oldauth.getGeneralConfiguration();
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID()))
+			dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID());
+		else {
+			if (oldauthgeneral != null)
+			dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID());
+		}
+			
+		if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory()))
+				dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory());
+		
+		TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts();
+		if (dbtimeouts == null) {
+			dbtimeouts = new TimeOuts();
+			dbauthgeneral.setTimeOuts(dbtimeouts);
+		}
+		if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion()))
+			dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION));
+		else
+			dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion()));
+		
+		if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated()))
+			dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED));
+		else
+			dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated()));
+		
+		if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated()))
+			dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED));
+		else
+			dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated()));
+		
+		dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck());
+		
+		
+		Protocols dbprotocols = dbauth.getProtocols();
+		if (dbprotocols == null) {
+			dbprotocols = new Protocols();
+			dbauth.setProtocols(dbprotocols);
+		}
+		LegacyAllowed legprot = dbprotocols.getLegacyAllowed();
+		if (legprot == null) {
+			legprot = new LegacyAllowed();
+			dbprotocols.setLegacyAllowed(legprot);
+		}
+				
+		List<String> el = new ArrayList<String>();
+		if (moaconfig.isLegacy_pvp2())
+			el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2);
+		if (moaconfig.isLegacy_saml1())
+			el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1);
+		legprot.setProtocolName(el);
+		
+		PVP2 pvp2 = dbprotocols.getPVP2();
+		if (pvp2 == null) {
+			pvp2 = new PVP2();
+			dbprotocols.setPVP2(pvp2);
+		}
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName()))
+			pvp2.setIssuerName(moaconfig.getPvp2IssuerName());
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix()))
+			pvp2.setPublicURLPrefix(moaconfig.getPvp2PublicUrlPrefix());
+		
+		Organization pvp2org = pvp2.getOrganization();
+		if (pvp2org == null) {
+			pvp2org = new Organization();
+			pvp2.setOrganization(pvp2org);
+		}
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName()))
+			pvp2org.setDisplayName(moaconfig.getPvp2OrgDisplayName());
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName()))
+			pvp2org.setName(moaconfig.getPvp2OrgName());
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL()))
+			pvp2org.setURL(moaconfig.getPvp2OrgURL());
+		
+		List<Contact> pvp2cont = pvp2.getContact();
+		if (pvp2cont == null) {
+			pvp2cont = new ArrayList<Contact>();
+			pvp2.setContact(pvp2cont);
+		}
+		Contact cont = new Contact();
+		pvp2cont.add(cont);
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany()))
+			cont.setCompany(moaconfig.getPvp2Contact().getCompany());
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname()))
+			cont.setGivenName(moaconfig.getPvp2Contact().getGivenname());
+		
+		//TODO: change to list if required
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getMail()))
+			cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail()));
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getPhone()))
+			cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone()));
+			
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getSurname()))
+			cont.setSurName(moaconfig.getPvp2Contact().getSurname());
+		if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType()))
+			cont.setType(moaconfig.getPvp2Contact().getType());
+		
+		SSO dbsso = dbauth.getSSO();
+		if (dbsso == null) {
+			dbsso = new SSO();
+			dbauth.setSSO(dbsso);
+		}
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName()))
+			dbsso.setFriendlyName(moaconfig.getSsoFriendlyName());
+		if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText()))
+			dbsso.setSpecialText(moaconfig.getSsoSpecialText());
+		if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl()))
+			dbsso.setPublicURL(moaconfig.getSsoPublicUrl());
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget()))
+			dbsso.setTarget(moaconfig.getSsoTarget());
+
+		if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) {
+			IdentificationNumber ssoid = dbsso.getIdentificationNumber();
+			if (ssoid == null) {
+				ssoid = new IdentificationNumber();
+				dbsso.setIdentificationNumber(ssoid);
+			}
+			ssoid.setValue(moaconfig.getSsoIdentificationNumber());
+		}
+				
+		DefaultBKUs dbbkus = dbconfig.getDefaultBKUs();
+		if (dbbkus == null) {
+			dbbkus = new DefaultBKUs();
+			dbconfig.setDefaultBKUs(dbbkus);
+		}
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy()))
+			dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy());
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline()))
+			dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline());
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal()))
+			dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal());
+		
+		ChainingModes dbchainingmodes = dbconfig.getChainingModes();
+		if (dbchainingmodes == null) {
+			dbchainingmodes = new ChainingModes();
+			dbconfig.setChainingModes(dbchainingmodes);
+		}
+		
+		dbchainingmodes.setSystemDefaultMode(
+				ChainingModeType.fromValue(moaconfig.getDefaultchainigmode()));
+		if (oldconfig != null) {
+			ChainingModes oldchainigmodes = oldconfig.getChainingModes();
+			if (oldchainigmodes != null) {
+				List<TrustAnchor> oldtrustanchor = oldchainigmodes.getTrustAnchor();
+				if (oldtrustanchor != null) {
+					List<TrustAnchor> trustanchor = new ArrayList<TrustAnchor>();
+					for (TrustAnchor oldel : oldtrustanchor) {
+						TrustAnchor TAel = new TrustAnchor();
+						TAel.setX509IssuerName(oldel.getX509IssuerName());
+						TAel.setX509SerialNumber(oldel.getX509SerialNumber());
+						TAel.setMode(oldel.getMode());
+						trustanchor.add(TAel);
+					}
+					dbchainingmodes.setTrustAnchor(trustanchor);
+				}
+			}
+		}
+		
+		IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners();
+		if (idlsigners == null) {
+			idlsigners = new IdentityLinkSigners();
+			dbauth.setIdentityLinkSigners(idlsigners);
+		}
+		if (moaconfig.getIdlSignersList().size() > 0) {
+			idlsigners.setX509SubjectName(moaconfig.getIdlSignersList());
+		}
+		
+		ForeignIdentities dbforeign = dbauth.getForeignIdentities();
+		if (dbforeign == null) {
+			dbforeign = new ForeignIdentities();
+			dbauth.setForeignIdentities(dbforeign);
+		}
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) {
+			ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter();
+			if (forcon == null) {
+				forcon = new ConnectionParameterClientAuthType();
+				dbforeign.setConnectionParameter(forcon);
+			}
+			forcon.setURL(moaconfig.getSzrgwURL());
+		}
+		
+		//TODO: Set STORK Config!!!
+		if (oldauth != null) {
+			ForeignIdentities oldforeign = oldauth.getForeignIdentities();
+			if (oldforeign != null) {
+				STORK oldstork = oldforeign.getSTORK();
+				if (oldstork != null)
+					dbforeign.setSTORK(oldstork);
+			}
+		}
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) {
+			OnlineMandates dbmandate = dbauth.getOnlineMandates();
+			if (dbmandate == null) {
+				dbmandate = new OnlineMandates();
+				dbauth.setOnlineMandates(dbmandate);
+			}
+			ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter();
+			
+			if (dbmandateconnection == null) {
+				dbmandateconnection = new ConnectionParameterClientAuthType();
+				dbmandate.setConnectionParameter(dbmandateconnection);
+			}
+			dbmandateconnection.setURL(moaconfig.getMandateURL());
+		}
+		
+		MOASP dbmoasp = dbauth.getMOASP();
+		if (dbmoasp == null) {
+			dbmoasp = new MOASP();
+			dbauth.setMOASP(dbmoasp);
+		}
+		if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) {
+			ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter();
+			if (moaspcon == null) {
+				moaspcon = new ConnectionParameterClientAuthType();
+				dbmoasp.setConnectionParameter(moaspcon);
+			}
+			moaspcon.setURL(moaconfig.getMoaspssURL());
+		}
+		VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink();
+		if (moaidl == null) {
+			moaidl = new VerifyIdentityLink();
+			dbmoasp.setVerifyIdentityLink(moaidl);
+		}
+		moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile());
+		VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock();
+		if (moaauth == null) {
+			moaauth = new VerifyAuthBlock();
+			dbmoasp.setVerifyAuthBlock(moaauth);
+		}
+		moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile());
+			
+		moaauth.setVerifyTransformsInfoProfileID(moaconfig.getAuthTransformList());
+		
+		SecurityLayer seclayertrans = dbauth.getSecurityLayer();
+		if (seclayertrans == null) {
+			seclayertrans = new SecurityLayer();
+			dbauth.setSecurityLayer(seclayertrans);
+		}
+		List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>();
+		Map<String, byte[]> moatrans = moaconfig.getSecLayerTransformation();
+		if (moatrans != null) {
+			Set<String> keys = moatrans.keySet();
+			for (String key : keys) {
+				TransformsInfoType elem = new TransformsInfoType();
+				elem.setFilename(key);
+				elem.setTransformation(moatrans.get(key));
+				trans.add(elem);
+			}
+		} else {
+			if (oldauth != null) {
+				SecurityLayer oldsectrans = oldauth.getSecurityLayer();
+				if (oldsectrans != null) {
+					List<TransformsInfoType> oldtranslist = oldsectrans.getTransformsInfo();
+					for (TransformsInfoType oldel : oldtranslist) {
+						TransformsInfoType elem = new TransformsInfoType();
+						elem.setFilename(oldel.getFilename());
+						elem.setTransformation(oldel.getTransformation());
+						trans.add(elem);
+					}	
+				}
+			}
+		}
+		if (trans.size() > 0)
+			seclayertrans.setTransformsInfo(trans);
+
+		
+		SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates();
+		if (slrequesttempl == null) {
+			slrequesttempl = new SLRequestTemplates();
+			dbconfig.setSLRequestTemplates(slrequesttempl);
+		}
+		if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy()))
+			slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy());
+		if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal()))
+			slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal());
+		if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline()))
+			slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline());
+		
+		if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts()))
+				dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts());
+		
+		//save config
+		try {			
+			ConfigurationDBUtils.save(dbconfig);
+			
+			if (oldconfig != null)
+				ConfigurationDBUtils.delete(oldconfig);			
+			
+		} catch (MOADatabaseException e) {
+			log.warn("MOAID Configuration can not be stored in Database", e);
+			return LanguageHelper.getErrorString("error.db.oa.store");
+		}
+
+		ConfigurationDBUtils.closeSession();
+		
+		return null;
+	}
+	
 	public void setServletResponse(HttpServletResponse response) {
 		this.response = response;
 		
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index a9210ad27..96918d37c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -87,11 +87,25 @@ ServletResponseAware {
 			return Constants.STRUTS_ERROR;
 		}
 		oaid = Long.valueOf(oaidobj);
-		
-		request.getSession().setAttribute(Constants.SESSION_OAID, oaid);
-		
-		OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
-		
+			
+		OnlineApplication onlineapplication = null;;
+		if (authUser.isAdmin())
+			onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
+		else {
+			UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+			List<OnlineApplication> oas = userdb.getOnlineApplication();
+			for (OnlineApplication oa : oas) {
+				if (oa.getHjid() == oaid) {
+					onlineapplication = oa;
+					break;
+				}
+			}	
+			if (onlineapplication == null) {
+				addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
+				return Constants.STRUTS_ERROR;
+			}
+		}
+			
 		generalOA.parse(onlineapplication);
 		ssoOA.parse(onlineapplication);
 		saml1OA.parse(onlineapplication);
@@ -103,6 +117,8 @@ ServletResponseAware {
 		}
 		
 		ConfigurationDBUtils.closeSession();
+	
+		request.getSession().setAttribute(Constants.SESSION_OAID, oaid);
 		
 		newOA = false;
 		
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
index 6da106b85..aeac75e44 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
@@ -163,7 +163,7 @@ public class ValidationHelper {
 			return "; % \" ' ` , < > \\ /";
 	}
 	
-	public static boolean isValidIdentityLinkSigner(String param) {
+	public static boolean isNotValidIdentityLinkSigner(String param) {
 		if (param == null) {
 			return false;
 		}
@@ -173,15 +173,13 @@ public class ValidationHelper {
 					 param.indexOf("'") != -1 ||
 					 param.indexOf("?") != -1 ||
 					 param.indexOf("`") != -1 ||
-					 param.indexOf(",") != -1 ||
 					 param.indexOf("<") != -1 ||
-					 param.indexOf(">") != -1 ||
-					 param.indexOf("\\") != -1;	
+					 param.indexOf(">") != -1;	
 		
 	}
 	
 	public static String getNotValidIdentityLinkSignerCharacters() {
 		
-		return "; % \" ' ` , < > \\";
+		return "; % \" ' ` < >";
 	}
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index cdd1d2c60..c41535d00 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -1,14 +1,21 @@
 package at.gv.egovernment.moa.id.configuration.validation.moaconfig;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
 import org.apache.log4j.Logger;
 
 import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
+import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
 import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MOAConfigValidator {
@@ -21,6 +28,7 @@ public class MOAConfigValidator {
 		
 		log.debug("Validate general MOA configuration");
 		
+	
 		String check = form.getAlternativeSourceID();
 		if (MiscUtil.isNotEmpty(check)) {
 			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
@@ -29,6 +37,31 @@ public class MOAConfigValidator {
 						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
 			}
 		}
+	
+		check = form.getTimeoutAssertion();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateNumber(check)) {
+				log.warn("Assertion Timeout is no number " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", 
+						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+			}
+		}
+		check = form.getTimeoutMOASessionCreated();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateNumber(check)) {
+				log.warn("MOASessionCreated Timeout is no number " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", 
+						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+			}
+		}
+		check = form.getTimeoutMOASessionUpdated();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateNumber(check)) {
+				log.warn("MOASessionUpdated Timeout is no number " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", 
+						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+			}
+		}
 		
 		check = form.getCertStoreDirectory();
 		if (MiscUtil.isNotEmpty(check)) {
@@ -79,14 +112,272 @@ public class MOAConfigValidator {
 		}
 		
 		check = form.getIdentityLinkSigners();
+		List<String> idllist = new ArrayList<String>();
 		if (MiscUtil.isEmpty(check)) {
 			log.info("Empty IdentityLinkSigners");
 			errors.add(LanguageHelper.getErrorString("validation.general.IdentityLinkSigners.empty"));
 		} else {
 			String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER);
+			int i = 1;
+			for(String el : list) {
+				if (ValidationHelper.isNotValidIdentityLinkSigner(el)) {
+					log.info("IdentityLinkSigners is not valid: " + el);
+					errors.add(LanguageHelper.getErrorString("validation.general.IdentityLinkSigners.valid", 
+							new Object[] {i, ValidationHelper.getNotValidIdentityLinkSignerCharacters()} ));
+					
+				} else {
+					String elformat = StringHelper.formatText(el.trim());
+					if (MiscUtil.isNotEmpty(elformat))
+						idllist.add(elformat);
+				}
+				i++;
+			}
+		}
+		form.setIdlSignersList(idllist);
+		
+		check = form.getMandateURL();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("Not valid Online-Mandate Service URL");
+				errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid"));
+			}
+		}
+		
+		check = form.getMoaspssAuthTransformations();
+		List<String> authtranslist = new ArrayList<String>();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty MoaspssAuthTransformation");
+			errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty"));
+		} else {
+			check = StringHelper.formatText(check);
+			String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER);
+			int i=1;
 			for(String el : list) {
+				if (ValidationHelper.containsPotentialCSSCharacter(el, false)) {
+					log.info("IdentityLinkSigners is not valid: " + el);
+					errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", 
+							new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} ));
+					
+				} else {
+					if (MiscUtil.isNotEmpty(el.trim()))
+						authtranslist.add(el.trim());
+				}
+				i++;
+			}
+		}
+		form.setAuthTransformList(authtranslist);
+		
+		check = form.getMoaspssAuthTrustProfile();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty MOA-SP/SS Authblock TrustProfile");
+			errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty"));
+		} else {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("Authblock TrustProfile is not valid: " +check);
+				errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = form.getMoaspssIdlTrustProfile();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
+			errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty"));
+		} else {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("IdentityLink TrustProfile is not valid: " +check);
+				errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = form.getMoaspssURL();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("Not valid MOA-SP/SS Service URL");
+				errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid"));
+			}
+		}
+		
+		check = form.getPvp2IssuerName();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("PVP2 IssuerName is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = form.getPvp2OrgDisplayName();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("PVP2 organisation display name is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = form.getPvp2OrgName();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("PVP2 organisation name is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = form.getPvp2OrgURL();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("PVP2 organisation URL is not valid");
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid"));
+			}
+		}
+		
+		check = form.getPvp2PublicUrlPrefix();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("PVP2 Service URL is not valid");
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid"));
+			}
+		}
+		
+		check = form.getSLRequestTemplateHandy();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty SLRequestTemplate Handy-BKU");
+			errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty"));
+		} else {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("SLRequestTemplate Handy-BKU is not valid");
+				errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid"));
+			}
+		}
+		
+		check = form.getSLRequestTemplateLocal();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty SLRequestTemplate local BKU");
+			errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty"));
+		} else {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("SLRequestTemplate local BKU is not valid");
+				errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid"));
+			}
+		}
+		
+		check = form.getSLRequestTemplateOnline();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty SLRequestTemplate Online-BKU");
+			errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty"));
+		} else {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("SLRequestTemplate Online-BKU is not valid");
+				errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid"));
+			}
+		}
+		
+		check = form.getSsoFriendlyName();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("SSO friendlyname is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = form.getSsoIdentificationNumber();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("SSO IdentificationNumber is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = form.getSsoPublicUrl();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("SSO Public URL is not valid");
+				errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid"));
+			}
+		}
+		
+		check = form.getSsoSpecialText();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+				log.info("SSO SpecialText is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));
+			}
+		}
+		
+		check = form.getSsoTarget();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty SSO Target");
+			errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty"));
+			
+		} else {
+			if (!ValidationHelper.isValidTarget(check)) {
+				log.info("Not valid SSO Target");
+				errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid"));
+			}
+		}
+		
+		check = form.getSzrgwURL();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.validateURL(check)) {
+				log.info("SZRGW URL is not valid");
+				errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid"));
+			}
+		}
+		
+		check = form.getTrustedCACerts();
+		if (MiscUtil.isEmpty(check)) {
+			log.info("Empty TrustCACerts Directory");
+			errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty"));
+			
+		} else {
+			if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+				log.info("Not valid TrustCACerts Directory");
+				errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", 
+						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+			}
+		}
+		
+
+		
+		if (form.getFileUploadFileName() != null) {
+			HashMap<String, byte[]> map = new HashMap<String, byte[]>();
+			for (int i=0; i<form.getFileUploadFileName().size(); i++) {
+				String filename = form.getFileUploadFileName().get(i);
 				
+				if (MiscUtil.isNotEmpty(filename)) {
+					if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+						log.info("SL Transformation Filename is not valid");
+						errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid"));
+						
+					} else {
+						try {
+							File file = form.getFileUpload().get(i);
+							FileInputStream stream = new FileInputStream(file);
+							map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
+							
+						} catch (IOException e) {
+							log.info("SecurtiyLayerTransformation with FileName "
+									+ filename +" can not be loaded." , e);
+							errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", 
+									new Object[] {filename} ));
+						}	
+					}
+				}
 			}
+			form.setSecLayerTransformation(map);
+		}
+		
+		
+		ContactForm contact = form.getPvp2Contact();
+		if (contact != null) {
+			PVP2ContactValidator pvp2validator = new PVP2ContactValidator();
+			errors.addAll(pvp2validator.validate(contact));
 		}
 		
 		return errors;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
new file mode 100644
index 000000000..6ab4f5292
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
@@ -0,0 +1,80 @@
+package at.gv.egovernment.moa.id.configuration.validation.moaconfig;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+
+public class PVP2ContactValidator {
+
+	public static final List<String> AllowedTypes= Arrays.asList(
+			"technical", 
+			"support", 
+			"administrative",
+			"billing",
+			"other");
+		
+	private static final Logger log = Logger.getLogger(PVP2ContactValidator.class);
+	
+	public List<String >validate(ContactForm contact) {
+		List<String> errors = new ArrayList<String>();
+		
+		String check = contact.getCompany();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("PVP2 Contact: Company is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = contact.getGivenname();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("PVP2 Contact: GivenName is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = contact.getSurname();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.info("PVP2 Contact: SureName is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		check = contact.getType();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!AllowedTypes.contains(check)) {
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid"));
+			}
+		}
+		
+		check = contact.getMail();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.isEmailAddressFormat(check)) {
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid"));
+			}
+		}
+		
+		check = contact.getPhone();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid"));
+			}
+		}
+		
+		return errors;
+	}
+}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index d0b6b6058..00825c15c 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -7,14 +7,15 @@ config.03=Hibernate Database connector can not be initialized
 
 error.title=Fehler:
 errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden.
-errors.edit.oa.oaid=Es wurde keine g\u00fctige Onlineapplikations ID \u00fcbergeben.
+errors.edit.oa.oaid=Es wurde keine g\u00FCtige Onlineapplikations ID \u00FCbergeben.
+errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00f6tigen Rechte um auf diese Online-Applikation zuzugreifen. 
 error.oa.pvp2.certificate=Das hinterlegte PVP2 Zertifikat konnte nicht gelesen werden.
 error.db.oa.store=Die Konfigruation konnte nicht in der Datenbank gespeichert werden.
-errors.notallowed=Sie besitzen nicht die n\u00f6tigen Rechte um diese Funktion zu benutzen. 
+errors.notallowed=Sie besitzen nicht die n\u00F6tigen Rechte um diese Funktion zu benutzen. 
 
 webpages.error.header=Es ist ein Fehler aufgetreten
 webpages.index.header=Willkommen beim MOA-ID 2.x Configuration Tool
-webpages.index.desciption.head=Um dieses Service nutzen zu k\u00f6nnen m\u00fcssen sie sich einloggen.
+webpages.index.desciption.head=Um dieses Service nutzen zu k\u00F6nnen m\u00FCssen sie sich einloggen.
 
 webpages.mainpage.menu.oa.insert=Neue Applikation anlegen
 webpages.mainpage.menu.oa.display=Meine Applikationen
@@ -24,13 +25,14 @@ webpages.mainpage.menu.general.importexport=Importieren/Exportieren
 webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration
 webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung
 
+webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert.
 webpages.moaconfig.header=Allgemeine Konfiguration
 webpages.moaconfig.defaultbkus.header=Default BKUs
 webpages.moaconfig.slrequesttemplates.header=SecurtiyLayer Request Templates
 webpages.moaconfig.slrequesttemplates.local=Locale BKU
 webpages.moaconfig.slrequesttemplates.handy=Handy BKU
 webpages.moaconfig.slrequesttemplates.online=Online BKU
-webpages.moaconfig.certificates.header=Zertifikatspr\u00fcfung
+webpages.moaconfig.certificates.header=Zertifikatspr\u00FCfung
 webpages.moaconfig.certificates.certstore=CertStoreDirecorty
 webpages.moaconfig.certificates.trustmanagerrev=TrustManagerRevocationChecking
 webpages.moaconfig.certificates.trustCACerts=TrustedCACertificates
@@ -62,7 +64,7 @@ webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix
 webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name
 webpages.moaconfig.protocols.pvp2.org.header=Organisation
 webpages.moaconfig.protocols.pvp2.org.name=Kurzbezeichnung
-webpages.moaconfig.protocols.pvp2.org.displayname=Vollständiger Name
+webpages.moaconfig.protocols.pvp2.org.displayname=Vollst\u00e4ndiger Name
 webpages.moaconfig.protocols.pvp2.org.url=URL der Organisation
 webpages.moaconfig.protocols.pvp2.contact.header=Kontaktdaten
 webpages.moaconfig.protocols.pvp2.contact.surename=Familienname
@@ -138,54 +140,95 @@ message.title=Meldung:
 webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden.
 webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen.
 
-webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00f6scht.
-webpages.oaconfig.delete.error=Die Online-Applikation {0} konnte nicht gel\u00f6scht werden. 
+webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht.
+webpages.oaconfig.delete.error=Die Online-Applikation {0} konnte nicht gel\u00F6scht werden. 
 
-webpages.edit.save=\u00c4nderungen Speichern
-webpages.edit.back=Zur\u00fcck und \u00c4nderungen verwerfen
-webpages.edit.delete=Online-Applikation l\u00f6schen
+webpages.edit.save=\u00C4nderungen Speichern
+webpages.edit.back=Zur\u00FCck und \u00C4nderungen verwerfen
+webpages.edit.delete=Online-Applikation l\u00F6schen
 
 webpages.header.info=Sie sind angemeldet als:
 webpages.header.lastlogin=Letzte Anmeldung am: 
 
-validation.general.AlternativeSourceID=Die alternatice SourceID enth\u00e4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt: {0}
+validation.general.AlternativeSourceID=Die alternatice SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
 validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer.
-validation.general.certStoreDirectory.valid=Das ertStoreDirectory Feld enth\u00e4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt: {0}
-validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gewählt.
-validation.general.Defaultchainigmode.valid=Der DefaultChainingMode enthält einen ungültigen Wert.
-
-
-validation.general.aditionalauthblocktext=Der Zusatztext f\u00fcr den AuthBlock enth\u00e4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt: {0}
-validation.general.bku.handy.empty=Die URL f\u00fcr die Handy-BKU ist leer.
-validation.general.bku.handy.valid=Die URL f\u00fcr die Handy-BKU hat kein g\u00fcltiges Format.
-validation.general.bku.local.empty=Die URL f\u00fcr die lokale BKU ist leer.
-validation.general.bku.local.valid=Die URL f\u00fcr die locale BKU hat kein g\u00fcltiges Format.
-validation.general.bku.online.empty=Die URL f\u00fcr die Online-BKU ist leer.
-validation.general.bku.online.valid=Die URL f\u00fcr die Online-BKU hat kein g\u00fcltiges Format.
+validation.general.certStoreDirectory.valid=Das ertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00e4hlt.
+validation.general.Defaultchainigmode.valid=Der DefaultChainingMode enth\u00e4lt einen ung\u00f6ltigen Wert.
+validation.general.IdentityLinkSigners.empty=Es wurde kein IdentityLinkSigner angegeben
+validation.general.IdentityLinkSigners.valid=Der IdentityLinkSigner in der Zeile {0} enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1}
+validation.general.mandateservice.valid=Die URL zum Online-Vollmachten Service hat kein g\u00f6ltiges Format.
+validation.general.moasp.auth.transformation.empty=Die Transformation f\u00f6r den Authentfizierungsblock ist leer.
+validation.general.moasp.auth.transformation.valid=Die Transformation f\u00f6r den Authentfizierungsblock  in der Zeile {0} enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1}
+validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00f6fung des Authentfizierungsblock ist leer.
+validation.general.moasp.auth.trustprofile.valid=Das TrustProfile zur Pr\u00f6fung des Authentfizierungsblock enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.moasp.idl.trustprofile.empty=Das TrustProfile zur Pr\u00f6fung der Personenbindung ist leer.
+validation.general.moasp.idl.trustprofile.valid=Das TrustProfile zur Pr\u00f6fung der Personenbindung  enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.moaspss.url.valid=Die URL zum MOA-SP/SS Service hat kein g\u00f6ltiges Format.
+validation.general.protocol.pvp2.issuername.valid=PVP2: Service Name enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.protocol.pvp2.org.displayname.valid=PVP2 Organisation: Vollst\u00e4ndiger Name enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.protocol.pvp2.org.name.valid=PVP2 Organisation: Kurzbezeichnung enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.protocol.pvp2.org.url.valid=PVP2 Organisation: URL hat kein g\u00f6ltiges Format.
+validation.general.protocol.pvp2.serviceurl.valid=PVP2: Service URL-Prefix hat kein g\u00f6ltiges Format.
+validation.general.protocol.pvp2.contact.company.valid=PVP2 Kontaktdaten: Der Firmenname enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.protocol.pvp2.contact.givenname.valid=PVP2 Kontaktdaten: Der Familienname enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.protocol.pvp2.contact.surename.valid=PVP2 Kontaktdaten: Der Vorname enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.protocol.pvp2.contact.type.valid=PVP2 Kontaktdaten: Der angegebene Kontakttyp existiert nicht. 
+validation.general.protocol.pvp2.contact.mail.valid=PVP2 Kontaktdaten: Die EMail Adresse ist nicht g\u00fcltig.
+validation.general.protocol.pvp2.contact.phone.valid=PVP2 Kontaktdaten: Die Telefonnummer ist nicht g\u00fcltig.
+validation.general.timeouts.assertion.valid=Das Feld Assertion TimeOut hat keinen g\u00f6ltigen Wert.
+validation.general.timeouts.moasessioncreated.valid=Das Feld MOASessionCreated TimeOut hat keinen g\u00fcltigen Wert.
+validation.general.timeouts.moasessionupdated.valid=Das Feld MOASessionUpdated TimeOut hat keinen g\u00fcltigen Wert.
+
+validation.general.slrequest.handy.empty=Die URL zum SecurityLayer Template f\u00f6r die Handy-BKU ist leer.
+validation.general.slrequest.handy.valid=Die URL zum SecurityLayer Template f\u00f6r die Handy-BKU hat kein g\u00f6ltiges Format.
+validation.general.slrequest.local.empty=Die URL zum SecurityLayer Template f\u00f6r die locale BKU ist leer.
+validation.general.slrequest.local.valid=Die URL zum SecurityLayer Template f\u00f6r die locale BKU hat kein g\u00f6ltiges Format.
+validation.general.slrequest.online.empty=Die URL zum SecurityLayer Template f\u00f6r die Online-BKU ist leer.
+validation.general.slrequest.online.valid=Die URL zum SecurityLayer Template f\u00f6r die Online-BKU hat kein g\u00f6ltiges Format.
+validation.general.sso.friendlyname.valid=Der SSO Service Name enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.sso.identificationnumber.valid=Die SSO IdentificationNumber enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.sso.publicurl.valid=Der SSO Service URL-Prefix hat kein g\u00f6ltiges Format.
+validation.general.sso.specialauthtext.valid=Der SSO AuthBlockText enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.sso.target.empty=Das SSO Target Feld ist leer.
+validation.general.sso.target.valid=Das SSO Target Feld enth\u00e4lt ein ung\u00fcltiges Target.
+validation.general.szrgw.url.valid=Die URL des SZR Gateways hat kein g\u00f6ltiges Format.
+validation.general.trustedcacerts.empty=Das Feld TrustedCACertificates ist leer.
+validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.slrequest.filename.valid=Der Dateiname der angegebenen SecurtityLayer Transformation enth\u00e4lt ein ung\u00fcltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.slrequest.file.valid=Die angegebenen SecurtityLayer Transformation konnte nicht geladen werden.
+
+validation.general.aditionalauthblocktext=Der Zusatztext f\u00FCr den AuthBlock enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.bku.handy.empty=Die URL f\u00FCr die Handy-BKU ist leer.
+validation.general.bku.handy.valid=Die URL f\u00FCr die Handy-BKU hat kein g\u00FCltiges Format.
+validation.general.bku.local.empty=Die URL f\u00FCr die lokale BKU ist leer.
+validation.general.bku.local.valid=Die URL f\u00FCr die locale BKU hat kein g\u00FCltiges Format.
+validation.general.bku.online.empty=Die URL f\u00FCr die Online-BKU ist leer.
+validation.general.bku.online.valid=Die URL f\u00FCr die Online-BKU hat kein g\u00FCltiges Format.
 validation.general.oafriendlyname.empty=Es wurde keine Online-Applikation angegeben.
-validation.general.oafriendlyname=Der Name der Online-Applikation enth\u00e4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt: {0}
-validation.general.keyboxidentifier.empty=Es wurde kein KeyBoxIdentifier ausgew\u00e4hlt.
-validation.general.keyboxidentifier.valid=Der KeyBoxIdentifier hat ein ung\u00fcltiges Format.
-validation.general.mandate.profiles=Die Liste von Vollmachtsprofilen enth\u00e4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt: {0}
-validation.general.target.empty=Der Target f\u00fcr die Online-Applikation ist leer.
-validation.general.target.valid=Der Target f\u00fcr die Online-Applikation hat kein g\u00fcltiges Format.
+validation.general.oafriendlyname=Der Name der Online-Applikation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.keyboxidentifier.empty=Es wurde kein KeyBoxIdentifier ausgew\u00E4hlt.
+validation.general.keyboxidentifier.valid=Der KeyBoxIdentifier hat ein ung\u00FCltiges Format.
+validation.general.mandate.profiles=Die Liste von Vollmachtsprofilen enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.target.empty=Der Target f\u00FCr die Online-Applikation ist leer.
+validation.general.target.valid=Der Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format.
 validation.general.slversion=Die SecurtiyLayer Version ist kein Zahlenformat.
-validation.general.slversion.business=Im privatwirtschaftlichen Bereich muss die SecurityLayerversion mindestes 1.2 betragen. Die SLVersion wurde auf 1.2 ge\u00e4ndert.
-validation.general.targetfriendlyname=Der Name des Bereichs (Target) enth\u00e4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt: {0}
+validation.general.slversion.business=Im privatwirtschaftlichen Bereich muss die SecurityLayerversion mindestes 1.2 betragen. Die SLVersion wurde auf 1.2 ge\u00E4ndert.
+validation.general.targetfriendlyname=Der Name des Bereichs (Target) enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
 validation.general.identificationnumber.empty=Im privatwirtschaftlichen Bereich ist eine Identifikationsnummer erforderlich.
-validation.general.identificationnumber.valid=Die Identifikationsnummer f\u00fcr den privatwirtschaftlichen Bereich enth\u00e4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt: {0}
-validation.general.identificationnumber.fa.valid=Die Firmenbuchnummer hat kein g\u00fcltiges Format.
-validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00fcr die Online-Applikation angegeben.
-validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00fcr die Online-Applikation enth\u00e4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt: {0}
-validation.general.oaidentifier.notunique=Der gew\u00e4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00f6glich.
+validation.general.identificationnumber.valid=Die Identifikationsnummer f\u00FCr den privatwirtschaftlichen Bereich enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.identificationnumber.fa.valid=Die Firmenbuchnummer hat kein g\u00FCltiges Format.
+validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00FCr die Online-Applikation angegeben.
+validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich.
 
 validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben.
-validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00dft kein g\u00fcltiges URL Format auf.
-validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00dft kein g\u00fcltiges Format auf. 
-validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00fcgt.
+validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf.
+validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. 
+validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt.
 
 validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich.
-validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00dft kein g\u00fcltiges Format auf.
+validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf.
 
 validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden.
 
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index b902e438d..e595978ec 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -328,9 +328,15 @@
 								<s:label key="webpages.moaconfig.sl.transormations.filename" value="%{fileName}"/>
 						
 								<div id="pvp2_certificate_upload">
-									<s:file name="fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file>
+									<s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file>
 								</div>
 							</s:iterator>
+							<s:if test="moaconfig.fileUploadFileName.size() == 0">
+									<div id="pvp2_certificate_upload">
+									<s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file>
+								</div>
+							</s:if>
+							
 						</div>
 						
 						<br>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 192be5bbb..3fc59a78d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -31,6 +31,7 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.math.BigInteger;
 import java.net.MalformedURLException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
@@ -50,6 +51,7 @@ import javax.xml.bind.Unmarshaller;
 import org.hibernate.cfg.Configuration;
 
 
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -425,9 +427,20 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   	  		if (auth.getGeneralConfiguration().getTimeOuts() != null) {
   	  			
   	  			timeouts = new TimeOuts();
-  	  			timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-  	  			timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-  	  			timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+  	  			if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
+  	  				timeouts.setAssertion(new BigInteger("120"));
+  	  			else
+  	  				timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+  	  			
+  	  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
+  	  				timeouts.setMOASessionCreated(new BigInteger("2700"));
+  	  			else
+  	  				timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+  	  			
+  	  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
+  	  				timeouts.setMOASessionUpdated(new BigInteger("1200"));
+  	  			else
+  	  				timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
   	  		}
   	  	}
   	  	else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 19a006982..57f6ee4f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -222,12 +222,12 @@ public List<String> getTransformsInfos() {
 			return false;
 	}
 	
-	public boolean useSSOWithoutQuestion() {
+	public boolean useSSOQuestion() {
 		OASSO sso = oa_auth.getOASSO();
 		if (sso != null)
 			return sso.isAuthDataFrame();
 		else
-			return false;
+			return true;
 		
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 7ec8c823e..0c5a50393 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -24,6 +24,7 @@ import org.w3c.dom.Element;
 import eu.stork.vidp.messages.util.SAMLUtil;
 import eu.stork.vidp.messages.util.XMLUtil;
 
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
 import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
@@ -345,8 +346,10 @@ public class BuildFromLegacyConfig {
 
 	        //set OnlineApplications
 	        OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
-	        ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
-	        moaIDConfig.setOnlineApplication(moa_oas);
+
+	        //	        ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
+//	        moaIDConfig.setOnlineApplication(moa_oas);
+	        
 	        for (OAAuthParameter oa : onlineApplicationAuthParameters) {
 	        	OnlineApplication moa_oa = new OnlineApplication();
 	        	
@@ -416,6 +419,7 @@ public class BuildFromLegacyConfig {
 	        	oa_auth.setOASSO(oa_sso);
 	        	oa_sso.setUseSSO(true);
 	        	oa_sso.setSingleLogOutURL("");
+	        	oa_sso.setAuthDataFrame(true);
 	        	
 	        	//OA_SAML1
 	        	OASAML1 oa_saml1 = new OASAML1();
@@ -446,7 +450,8 @@ public class BuildFromLegacyConfig {
 	        		oa_pvp2.setCertificate(null);
 	        	}
 	        	
-	        	moa_oas.add(moa_oa);
+	        	//moa_oas.add(moa_oa);
+	        	ConfigurationDBUtils.save(moa_oa);
 	        }
 	        
 	        //removed from MOAID 2.0 config
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 83d12be87..2a28bcd15 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -403,7 +403,7 @@ public class DispatcherServlet extends AuthServlet{
 						moasession = AuthenticationSessionStoreage.getSession(moasessionID);
 						
 						//use new OAParameter						
-						if (!oaParam.useSSOWithoutQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
+						if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
 						  authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
 						  return; 
 						}						
@@ -466,8 +466,8 @@ public class DispatcherServlet extends AuthServlet{
 		} catch (MOAIDException ex) {
 			handleError(null, ex, req, resp, protocolRequestID);
 		} catch (Throwable e) {
-			e.printStackTrace();
-			resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+			handleErrorNoRedirect(e.getMessage(), null, req,
+					resp);			
 		}
 		
 	    finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index a63276d6e..34becbd49 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -270,6 +270,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 			encoder = new RedirectBinding();
 		}
 
+		//TODO: getOAURL is maybe not a valid ErrorResponse URL
 		encoder.encodeRespone(request, response, samlResponse, protocolRequest.getOAURL());
 		return true;
 	}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
index d3ee1442e..c8bacb470 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
@@ -149,7 +149,7 @@ public final class ConfigurationDBUtils {
 	  			session.persist(dbo);
 		  		tx.commit();
 		  		
-		  		session.clear();
+		  		//session.clear();
 		  	}
 		     return true;
 		     
@@ -176,7 +176,7 @@ public final class ConfigurationDBUtils {
 		  			
 		  		tx.commit();
 		  		
-		  		session.clear();
+		  		//session.clear();
 		  	}
 		     return true;
 		     
@@ -198,7 +198,7 @@ public final class ConfigurationDBUtils {
 			    session.remove(session.contains(dbo) ? dbo : session.merge(dbo));
 			    tx.commit();
 			    
-			    session.clear();
+			    //session.clear();
 			}
 		     
 		     return true;