refactore code to use EAAF core components

30 files changed, 101 insertions, 1139 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 34d0d4be1..5f2dd6582 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -12,14 +12,14 @@ import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egiz.eaaf.core.api.data.ExceptionContainer;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.data.ExceptionContainer;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 3d45e2468..eaec781e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -32,11 +32,11 @@ import javax.activation.MailcapCommandMap;
 
 import org.springframework.web.context.support.GenericWebApplicationContext;
 
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.MOAException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index b93de5119..e72780cab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -47,6 +47,9 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
@@ -55,8 +58,6 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -68,7 +69,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 4c4af4239..a43e6a7fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -50,11 +50,12 @@ import java.text.MessageFormat;
 import java.util.Calendar;
 import java.util.List;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -185,7 +186,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 	}
 	
 	public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) throws ConfigurationException {		
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();		
+		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);		
 		String target = null;
 		String sectorName = null;
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
deleted file mode 100644
index 583bb2ab4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-
-/**
- * Builds a DataURL parameter meant for the security layer implementation
- * to respond to.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DataURLBuilder {
-	
-  /**
-   * Constructor for DataURLBuilder.
-   */
-  public DataURLBuilder() {
-    super();
-  }
-
-  /**
-   * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>, 
-   * including the <code>MOASessionID</code> as a parameter.
-   * 
-   * @param authBaseURL base URL (context path) of the MOA ID Authentication component,
-   * 				 including a trailing <code>'/'</code>
-   * @param authServletName request part of the data URL
-   * @param sessionID sessionID to be included in the dataURL
-   * @return String
-   */
-  public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
-		String dataURL;		
-		if (!authBaseURL.endsWith("/"))
-			authBaseURL += "/";
-		
-		if (authServletName.startsWith("/"))
-			authServletName = authServletName.substring(1);
-		
-		dataURL = authBaseURL + authServletName;
-
-		if (sessionID != null)
-			dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);
-		
-  	return dataURL;
-  }
-
-  /**
-   * Method addParameter.
-   * @param urlString represents the url 
-   * @param paramname is the parameter to be added
-   * @param value is the value of that parameter
-   * @return String
-   */
-  private String addParameter(String urlString, String paramname, String value) {
-    String url = urlString;
-    if (paramname != null) {
-      if (url.indexOf("?") < 0)
-        url += "?";
-      else
-        url += "&";
-      url += paramname + "=" + value;
-    }
-    return url;
-  }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index fc5489673..e9e217137 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -27,12 +27,13 @@ import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 
@@ -50,7 +51,7 @@ public class DynamicOAAuthParameterBuilder {
 				
 		for (Attribute attr : reqAttributes) {				
 			//get Target or BusinessService from request 
-			if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+			if (attr.getName().equals(PVPAttributeConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
 				String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
 				if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
 					//dynamicOA.setBusinessService(false);
@@ -88,9 +89,16 @@ public class DynamicOAAuthParameterBuilder {
 		
 		DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters();
 		dynOAParams.setApplicationID(oaParam.getPublicURLPrefix());
-	
-		dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
-		dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
+		try {
+			dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
+			dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.warn("Can not resolve baseID restrications! Set to privacy friendly configuration", e);
+			dynOAParams.setHasBaseIdProcessingRestriction(true);
+			dynOAParams.setHasBaseIdTransfergRestriction(true);
+			
+		}
 		
 		Object storkRequst = null;
 		try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
deleted file mode 100644
index c6b8a4b6e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-/**
- * @author tlenz
- *
- */
-public class InvalidProtocolRequestException extends MOAIDException {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -7866198705324084601L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public InvalidProtocolRequestException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public InvalidProtocolRequestException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java
deleted file mode 100644
index 2d09384a3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-/**
- * @author tlenz
- *
- */
-public class ProtocolNotActiveException extends MOAIDException {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1832697083163940710L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public ProtocolNotActiveException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
deleted file mode 100644
index ec6dbc951..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ /dev/null
@@ -1,229 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules;

-

-import java.io.ByteArrayOutputStream;

-import java.io.IOException;

-import java.io.InputStream;

-import java.util.HashMap;

-import java.util.Iterator;

-import java.util.List;

-import java.util.Map;

-import java.util.Map.Entry;

-

-import javax.servlet.http.HttpServletRequest;

-import javax.servlet.http.HttpServletResponse;

-

-import org.apache.commons.fileupload.FileItem;

-import org.apache.commons.fileupload.FileItemFactory;

-import org.apache.commons.fileupload.FileUploadException;

-import org.apache.commons.fileupload.disk.DiskFileItemFactory;

-import org.apache.commons.fileupload.servlet.ServletFileUpload;

-import org.apache.commons.lang3.ArrayUtils;

-import org.springframework.beans.factory.annotation.Autowired;

-

-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;

-import at.gv.egovernment.moa.id.commons.api.IRequest;

-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;

-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;

-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;

-import at.gv.egovernment.moa.id.moduls.IRequestStorage;

-import at.gv.egovernment.moa.id.process.api.ExecutionContext;

-import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;

-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;

-import at.gv.egovernment.moa.logging.Logger;

-

-/**

- * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing

- * etc.).</p> The code has been taken from {@link AuthServlet}.

- */

-public abstract class AbstractAuthServletTask extends MoaIdTask {

-

-	@Autowired protected IRequestStorage requestStoreage;

-	//@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;

-	@Autowired protected MOAReversionLogger revisionsLogger;

-	@Autowired protected AuthConfiguration authConfig;

-	

-	protected static final String ERROR_CODE_PARAM = "errorid";

-

-	protected IRequest pendingReq = null;

-	protected IAuthenticationSession moasession = null;

-	

-	public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,

-			HttpServletResponse response) throws TaskExecutionException;

-	

-	

-	protected final IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request,

-			HttpServletResponse response) throws TaskExecutionException {

-		//set pending-request object

-		this.pendingReq = pendingReq;

-		

-		//execute task specific action

-		execute(executionContext, request, response);

-		

-		//return pending-request object

-		return this.pendingReq;

-	}

-	

-	

-	/**

-	 * Default initialization loads the MOASession object from database

-	 * 

-	 * @param req

-	 * @param executionContext

-	 * @throws MOAIDException

-	 * @throws MOADatabaseException

-	 */

-	protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {								

-		Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID());

-		moasession = pendingReq.getMOASession();

-		

-	}

-

-	/**

-	 * Redirect the authentication process to protocol specific finalization endpoint.  

-	 * 

-	 * @param pendingReq Actually processed protocol specific authentication request

-	 * @param httpResp

-	 */

-	protected void performRedirectToProtocolFinialization(IRequest pendingReq, HttpServletResponse httpResp) {

-		performRedirectToItself(pendingReq, httpResp, AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT);

-				

-	}

-	

-	/**

-	 * Redirect the authentication process to MOA-ID-Auth itself  

-	 * 

-	 * @param pendingReq Actually processed protocol specific authentication request

-	 * @param httpResp

-	 * @param moaIDEndPoint Servlet EndPoint that should receive the redirect

-	 */

-	protected void performRedirectToItself(IRequest pendingReq, HttpServletResponse httpResp, String moaIDEndPoint) {

-		String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), 

-				moaIDEndPoint, pendingReq.getRequestID());

-						

-		httpResp.setContentType("text/html");

-		httpResp.setStatus(302);

-		httpResp.addHeader("Location", redirectURL);		

-		Logger.debug("REDIRECT TO: " + redirectURL);

-		

-	}

-	

-	

-	/**

-	 * Parses the request input stream for parameters, assuming parameters are

-	 * encoded UTF-8 (no standard exists how browsers should encode them).

-	 * 

-	 * @param req

-	 *            servlet request

-	 * 

-	 * @return mapping parameter name -> value

-	 * 

-	 * @throws IOException

-	 *             if parsing request parameters fails.

-	 * 

-	 * @throws FileUploadException

-	 *             if parsing request parameters fails.

-	 */

-	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,

-			FileUploadException {

-

-		Map<String, String> parameters = new HashMap<String, String>();

-

-		if (ServletFileUpload.isMultipartContent(req)) {

-			// request is encoded as mulitpart/form-data

-			FileItemFactory factory = new DiskFileItemFactory();

-			ServletFileUpload upload = null;

-			upload = new ServletFileUpload(factory);

-			List items = null;

-			items = upload.parseRequest(req);

-			for (int i = 0; i < items.size(); i++) {

-				FileItem item = (FileItem) items.get(i);

-				if (item.isFormField()) {

-					// Process only form fields - no file upload items

-					String logString = item.getString("UTF-8");

-

-					// TODO use RegExp

-					String startS = "<pr:Identification><pr:Value>";

-					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";

-					String logWithMaskedBaseid = logString;

-					int start = logString.indexOf(startS);

-					if (start > -1) {

-						int end = logString.indexOf(endS);

-						if (end > -1) {

-							logWithMaskedBaseid = logString.substring(0, start);

-							logWithMaskedBaseid += startS;

-							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";

-							logWithMaskedBaseid += logString.substring(end,

-									logString.length());

-						}

-					}

-					parameters

-							.put(item.getFieldName(), item.getString("UTF-8"));

-					Logger.debug("Processed multipart/form-data request parameter: \nName: "

-							+ item.getFieldName()

-							+ "\nValue: "

-							+ logWithMaskedBaseid);

-				}

-			}

-		}

-

-		else {	

-			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();

-			while (requestParamIt.hasNext()) {

-				Entry<String, String[]> entry = requestParamIt.next();

-				String key = entry.getKey();

-				String[] values = entry.getValue();

-				// take the last value from the value array since the legacy code above also does it this way

-				parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); 

-			}

-			

-		}

-

-		return parameters;

-	}

-

-	/**

-	 * Reads bytes up to a delimiter, consuming the delimiter.

-	 * 

-	 * @param in

-	 *            input stream

-	 * @param delimiter

-	 *            delimiter character

-	 * @return String constructed from the read bytes

-	 * @throws IOException

-	 */

-	protected String readBytesUpTo(InputStream in, char delimiter)

-			throws IOException {

-		ByteArrayOutputStream bout = new ByteArrayOutputStream();

-		boolean done = false;

-		int b;

-		while (!done && (b = in.read()) >= 0) {

-			if (b == delimiter)

-				done = true;

-			else

-				bout.write(b);

-		}

-		return bout.toString();

-	}

-

-	/**

-	 * Adds a parameter to a URL.

-	 * 

-	 * @param url

-	 *            the URL

-	 * @param paramname

-	 *            parameter name

-	 * @param paramvalue

-	 *            parameter value

-	 * @return the URL with parameter added

-	 */

-	protected static String addURLParameter(String url, String paramname,

-			String paramvalue) {

-		String param = paramname + "=" + paramvalue;

-		if (url.indexOf("?") < 0)

-			return url + "?" + param;

-		else

-			return url + "&" + param;

-	}

-}

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
deleted file mode 100644
index 8983403d8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-
-/**
- * Provides metadata of a certain module. Uses for module discovery and process selection.
- */
-public interface AuthModule {
-
-	/**
-	 * Returns the priority of the module. The priority defines the order of the respective module within the chain of
-	 * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can
-	 * handle.
-	 * <p/>
-	 * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE})
-	 * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put
-	 * your modules behind default modules.
-	 * 
-	 * @return the priority of the module.
-	 */
-	int getPriority();
-
-	/**
-	 * Selects a process (description), referenced by its unique id, which is able to perform authentication with the
-	 * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within
-	 * this module.
-	 * 
-	 * @param context
-	 *            an ExecutionContext for a process.
-	 * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}.
-	 */
-	String selectProcess(ExecutionContext context);
-
-	/**
-	 * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module.
-	 * 
-	 * @return an array of resource uris of the processes included in this module.
-	 */
-	String[] getProcessDefinitions();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index 90795a416..841613cba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
index d64126de6..86acc5fdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
deleted file mode 100644
index 1128cbab3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class TaskExecutionException extends ProcessExecutionException {
-
-	private static final long serialVersionUID = 1L;
-	Throwable originalException = null;
-	String pendingRequestID = null;
-	
-	/**
-	 * @param message
-	 * @param cause
-	 */
-	public TaskExecutionException(IRequest pendingReq, String message, Throwable cause) {
-		super(message, cause);
-		this.originalException = cause;
-		
-		if (MiscUtil.isNotEmpty(pendingReq.getRequestID()))
-			this.pendingRequestID = pendingReq.getRequestID();
-		
-	}
-
-	/**
-	 * Get the original internal exception from task
-	 * 
-	 * @return the originalException
-	 */
-	public Throwable getOriginalException() {
-		return originalException;
-		
-	}
-
-	/**
-	 * Get the pending-request ID of that request, which was processed when the exception occurs 
-	 * 
-	 * @return the pendingRequestID
-	 */
-	public String getPendingRequestID() {
-		return pendingRequestID;
-	}
-	
-	
-	
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
index 42789d01d..09d42e49f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -30,8 +30,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index 1c26ff5ec..242b565ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -29,12 +29,12 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -106,7 +106,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 								
 			} else {
 				//user deny single sign-on authentication
-				Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getOAURL());
+				Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getSPEntityId());
 				pendingReq.setAbortedByUser(true);
 			
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 4eff0fcf5..91c1f999c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -27,8 +27,8 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index 710008714..cbd8d2aa6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -28,16 +28,16 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index 475009cf2..1efd9cc13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -28,15 +28,16 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -76,7 +77,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
 			guiBuilder.build(response, config, "SendAssertion-Evaluation");
 
 			//Log consents evaluator event to revisionslog
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+			revisionsLogger.logEvent(pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class), 
 					pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
 		
 		} catch (GUIBuildException e) {	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
index c1d02a029..04d43d79b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
deleted file mode 100644
index 9c950366c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
+++ /dev/null
@@ -1,149 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.registration;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.ServiceLoader;
-
-import javax.annotation.PostConstruct;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.core.io.Resource;
-
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-
-/**
- * This class handles registering modules. The modules are detected either with
- * the ServiceLoader mechanism or via Spring. All detected modules are ranked
- * according to their priority.
- */
-public class ModuleRegistration {
-
-	private static ModuleRegistration instance = new ModuleRegistration();
-
-	private List<AuthModule> priorizedModules = new ArrayList<>();
-
-	@Autowired
-	private ApplicationContext ctx;
-
-	@Autowired
-	private ProcessEngine processEngine;
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	public static ModuleRegistration getInstance() {
-		return instance;
-	}
-
-	private ModuleRegistration() {
-	}
-
-	@PostConstruct
-	private void init() {
-		// load modules via the ServiceLoader
-		initServiceLoaderModules();
-
-		// load modules via Spring
-		initSpringModules();
-
-		// order modules according to their priority
-		sortModules();
-	}
-	
-	/**
-	 * Discovers modules which use the ServiceLoader mechanism.
-	 */
-	private void initServiceLoaderModules() {
-		log.info("Looking for auth modules.");
-		ServiceLoader<AuthModule> loader = ServiceLoader.load(AuthModule.class);
-		Iterator<AuthModule> modules = loader.iterator();
-		while (modules.hasNext()) {
-			AuthModule module = modules.next();
-			log.info("Detected module {}", module.getClass().getName());
-			registerModuleProcessDefinitions(module);
-			priorizedModules.add(module);
-		}
-	}
-
-	/**
-	 * Discovers modules which use Spring.
-	 */
-	private void initSpringModules() {
-		log.debug("Discovering Spring modules.");
-		Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class);
-		for (AuthModule module : modules.values()) {
-			registerModuleProcessDefinitions(module);
-			priorizedModules.add(module);
-		}
-	}
-
-	/**
-	 * Registers the resource uris for the module.
-	 * 
-	 * @param module
-	 *            the module.
-	 */
-	private void registerModuleProcessDefinitions(AuthModule module) {
-		for (String uri : module.getProcessDefinitions()) {
-			Resource resource = ctx.getResource(uri);
-			if (resource.isReadable()) {
-				log.info("Registering process definition '{}'.", uri);
-				try (InputStream processDefinitionInputStream = resource.getInputStream()) {
-					processEngine.registerProcessDefinition(processDefinitionInputStream);
-				} catch (IOException e) {
-					log.error("Process definition '{}' could NOT be read.", uri, e);
-				} catch (ProcessDefinitionParserException e) {
-					log.error("Error while parsing process definition '{}'", uri, e);
-				}
-			} else {
-				log.error("Process definition '{}' cannot be read.", uri);
-			}
-		}
-	}
-
-	/**
-	 * Order the modules in descending order according to their priority.
-	 */
-	private void sortModules() {
-		Collections.sort(priorizedModules, new Comparator<AuthModule>() {
-			@Override
-			public int compare(AuthModule thisAuthModule, AuthModule otherAuthModule) {
-				int thisOrder = thisAuthModule.getPriority();
-				int otherOrder = otherAuthModule.getPriority();
-				return (thisOrder < otherOrder ? 1 : (thisOrder == otherOrder ? 0 : -1));
-			}
-		});
-	}
-
-	/**
-	 * Returns the process description id of the first process, in the highest ranked
-	 * module, which is able to work with the given execution context.
-	 * 
-	 * @param context
-	 *            the {@link ExecutionContext}.
-	 * @return the process id or {@code null}
-	 */
-	public String selectProcess(ExecutionContext context) {
-		for (AuthModule module : priorizedModules) {
-			String id = module.selectProcess(context);
-			if (StringUtils.isNotEmpty(id)) {
-				log.debug("Process with id '{}' selected, for context '{}'.", id, context);
-				return id;
-			}
-		}
-		log.info("No process is able to handle context '{}'.", context);
-		return null;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index b2db8d5a2..4e5ef7533 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -30,12 +30,13 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
@@ -59,7 +60,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 			String useMandate,
 			String ccc,
 			HttpServletRequest req, 
-			IRequest protocolReq) throws WrongParametersException, MOAIDException {
+			IRequest protocolReq) throws WrongParametersException, MOAIDException, EAAFException {
 		
 		String resultTargetFriendlyName = null;
 		String resultTarget = null;
@@ -96,10 +97,10 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 		
 				
 	    //load OnlineApplication configuration
-	    IOAAuthParameters oaParam = protocolReq.getOnlineApplicationConfiguration();			
+	    IOAAuthParameters oaParam = protocolReq.getServiceProviderConfiguration(IOAAuthParameters.class);			
 		if (oaParam == null)
 				throw new AuthenticationException("auth.00",
-						new Object[] { protocolReq.getOAURL() });
+						new Object[] { protocolReq.getSPEntityId() });
 			
 			
 		// get target and target friendly name from config
@@ -227,7 +228,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	}
 	
 	public void parse(ExecutionContext ec, IAuthenticationSession moasession, HttpServletRequest req, IRequest pendingReq) 
-			throws WrongParametersException, MOAIDException {
+			throws WrongParametersException, MOAIDException, EAAFException {
 						
 		//get Parameters from request
 	    String oaURL = (String) ec.get(PARAM_OA);
@@ -236,15 +237,15 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    String useMandate = (String) ec.get(PARAM_USEMANDATE);
 	    String ccc = (String) ec.get(PARAM_CCC);
 
-	    if (pendingReq.getOnlineApplicationConfiguration() != null &&
-	    		pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
-	    	Logger.debug("Service " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() 
+	    if (pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class) != null &&
+	    		pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isOnlyMandateAllowed()) {
+	    	Logger.debug("Service " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getPublicURLPrefix() 
 	    			+ " only allows authentication with mandates. --> Set useMandate to TRUE.");
-	    	useMandate = String.valueOf(pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
+	    	useMandate = String.valueOf(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isOnlyMandateAllowed());
 	    	
 	    }
 	    		    
-	    oaURL = pendingReq.getOAURL();
+	    oaURL = pendingReq.getSPEntityId();
 	    
 	    //only needed for SAML1
 	    String target = pendingReq.getGenericData("saml1_target", String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
deleted file mode 100644
index 50cafb4f6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ /dev/null
@@ -1,356 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-
-import com.google.common.net.MediaType;
-
-import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
-import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.data.ExceptionContainer;
-import at.gv.egovernment.moa.id.moduls.IRequestStorage;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractController extends MOAIDAuthConstants {
-
-	public static final String ERROR_CODE_PARAM = "errorid";
-	
-	@Autowired protected IStatisticLogger statisticLogger;
-	@Autowired protected IRequestStorage requestStorage;
-	@Autowired protected ITransactionStorage transactionStorage;
-	@Autowired protected MOAReversionLogger revisionsLogger;
-	@Autowired protected AuthConfiguration authConfig;
-	@Autowired protected IGUIFormBuilder guiBuilder;
-	
-	@ExceptionHandler({MOAIDException.class})
-	public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException {				
-		Logger.error(e.getMessage() , e);
-		internalMOAIDExceptionHandler(req, resp, e, true);
-		
-	}
-	
-	@ExceptionHandler({Exception.class})
-	public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException {
-		Logger.error("Internel Server Error." , exception);
-		resp.setContentType(MediaType.HTML_UTF_8.toString());
-		resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
-				"(Errorcode=9199"
-				+" | Description="+ StringEscapeUtils.escapeHtml(exception.getMessage()) + ")");
-		return;
-		
-	}
-	
-	@ExceptionHandler({IOException.class})
-	public void IOExceptionHandler(HttpServletResponse resp, Throwable exception) {
-		Logger.error("Internel Server Error." , exception);
-		resp.setContentType(MediaType.HTML_UTF_8.toString());
-		resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-		return;
-		
-	}
-	
-	protected void handleError(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws IOException {
-
-		String pendingRequestID = null;
-		if (pendingReq != null)
-			pendingRequestID = pendingReq.getRequestID();
-		
-		Throwable loggedException = null;
-		Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown);
-		
-		//extract pendingRequestID and originalException if it was a TaskExecutionException
-		if (extractedException instanceof TaskExecutionException) {
-			//set original exception
-			loggedException = ((TaskExecutionException) extractedException).getOriginalException();
-			
-			//use TaskExecutionException directly, if no Original Exeception is included
-			if (loggedException == null)
-				loggedException = exceptionThrown;
-			
-			//set pending-request ID if it is set
-			String reqID = ((TaskExecutionException) extractedException).getPendingRequestID();
-			if (MiscUtil.isNotEmpty(reqID))
-				pendingRequestID = reqID; 
-						
-		} else
-			loggedException = exceptionThrown;
-					
-		try {			
-			//switch to protocol-finalize method to generate a protocol-specific error message
-
-			//log error directly in debug mode
-			if (Logger.isDebugEnabled())
-				Logger.warn(loggedException.getMessage(), loggedException);
-				
-			
-			//put exception into transaction store for redirect
-			String key = Random.nextLongRandom();
-			if (pendingReq != null) {
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
-				transactionStorage.put(key, 
-						new ExceptionContainer(pendingReq, loggedException),-1);
-			
-			} else {
-				transactionStorage.put(key, 
-						new ExceptionContainer(null, loggedException),-1);
-				
-			}
-			
-			//build up redirect URL
-			String redirectURL = null;
-			redirectURL = ServletUtils.getBaseUrl(req);	
-			redirectURL += "/"+AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT 
-					+ "?" + ERROR_CODE_PARAM + "=" + key;
-			
-			//only add pending-request Id if it exists 
-			if (MiscUtil.isNotEmpty(pendingRequestID))							
-				redirectURL += "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-
-			resp.setContentType("text/html");
-			resp.setStatus(302);
-
-			resp.addHeader("Location", redirectURL);		
-			Logger.debug("REDIRECT TO: " + redirectURL);	
-
-			return;
-					
-		} catch (Exception e) {
-			Logger.warn("Default error-handling FAILED. Exception can not be stored to Database.", e);
-			Logger.info("Switch to generic generic backup error-handling ... ");
-			handleErrorNoRedirect(loggedException, req, resp, true);
-			
-		}
-
-	}
-		
-	/**
-	 * Handles all exceptions with no pending request.
-	 * Therefore, the error is written to the users browser
-	 * 
-	 * @param throwable
-	 * @param req
-	 * @param resp
-	 * @throws IOException 
-	 */
-	protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, 
-			HttpServletResponse resp, boolean writeExceptionToStatisticLog) throws IOException {
-		
-		//log Exception into statistic database
-		if (writeExceptionToStatisticLog)
-			statisticLogger.logErrorOperation(throwable);
-		
-		//write errror to console
-		logExceptionToTechnicalLog(throwable);
-		
-		//return error to Web browser
-		if (throwable instanceof MOAIDException || throwable instanceof ProcessExecutionException)
-			internalMOAIDExceptionHandler(req, resp, (Exception)throwable, false);
-		
-		else {
-			//write generic message for general exceptions
-			String msg = MOAIDMessageProvider.getInstance().getMessage("internal.00", null);			
-			writeHTMLErrorResponse(req, resp, msg, "9199", (Exception) throwable);
-			
-		}
-			
-	}
-	
-	/**
-	 * Write a Exception to the MOA-ID-Auth internal technical log
-	 * 
-	 * @param loggedException Exception to log
-	 */	
-	protected void logExceptionToTechnicalLog(Throwable loggedException) {
-		if (!( loggedException instanceof MOAIDException 
-				 || loggedException instanceof ProcessExecutionException )) {
-			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
-	
-		} else {
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
-				Logger.warn(loggedException.getMessage(), loggedException);
-	
-			} else {
-				Logger.warn(loggedException.getMessage());
-	
-			}			
-		}		
-	}
-		
-	private void writeBadRequestErrorResponse(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException {
-		ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
-		String code = utils.mapInternalErrorToExternalError(
-				((InvalidProtocolRequestException)e).getMessageId());
-		String descr = StringEscapeUtils.escapeHtml(e.getMessage());
-		resp.setContentType(MediaType.HTML_UTF_8.toString());
-		resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
-				"(Errorcode=" + code +
-				" | Description=" + descr + ")");
-		
-	}
-	
-	private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException {
-
-		try {
-			DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-					HTTPUtils.extractAuthURLFromRequest(req), 
-					DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, 
-					null);
-				
-			//add errorcode and errormessage
-			config.putCustomParameter("errorMsg", msg);
-			config.putCustomParameter("errorCode", errorCode);
-		
-			//add stacktrace if debug is enabled
-			if (Logger.isTraceEnabled()) {
-				config.putCustomParameter("stacktrace", getStacktraceFromException(error));
-			
-			}
-			
-			guiBuilder.build(httpResp, config, "Error-Message");
-			
-		} catch (GUIBuildException e) {
-			Logger.warn("Can not build error-message GUI.", e);
-			GenericExceptionHandler(httpResp, e);
-			
-		}
-		
-	}
-	
-	private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException {				
-		writeHTMLErrorResponse(req, httpResp, 
-				error.getMessage(), 
-				ErrorResponseUtils.getInstance().getResponseErrorCode(error), 
-				error);		
-	}
-	
-	
-	private String getStacktraceFromException(Exception ex) {
-		StringWriter errors = new StringWriter();
-	    ex.printStackTrace(new PrintWriter(errors));
-	    return errors.toString();
-	    
-	}
-		
-	/**
-	 * Extracts a TaskExecutionException of a ProcessExecutionExeception Stacktrace.
-	 * 
-	 * @param exception 
-	 * @return Return the latest TaskExecutionExecption if exists, otherwise the latest ProcessExecutionException
-	 */
-	private Throwable extractOriginalExceptionFromProcessException(Throwable exception) {
-		Throwable exholder = exception;
-		TaskExecutionException taskExc = null;
-		
-		while(exholder != null 
-				&& exholder instanceof ProcessExecutionException) {
-			ProcessExecutionException procExc = (ProcessExecutionException) exholder;
-			if (procExc.getCause() != null && 
-					procExc.getCause() instanceof TaskExecutionException) {
-				taskExc = (TaskExecutionException) procExc.getCause();
-				exholder = taskExc.getOriginalException();
-			
-			} else
-				break;
-			
-		}
-				
-		if (taskExc == null)
-			return exholder;
-		
-		else
-			return taskExc;
-	}
-	
-	private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException {				
-		if (e instanceof ProtocolNotActiveException) {
-			resp.getWriter().write(e.getMessage());
-			resp.setContentType(MediaType.HTML_UTF_8.toString());
-			resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml(e.getMessage()));
-		
-		} else if (e instanceof AuthnRequestValidatorException) {
-			AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
-			//log Error Message
-			if (writeExceptionToStatisicLog)
-				statisticLogger.logErrorOperation(ex, ex.getErrorRequest());
-			
-			//write error message
-			writeBadRequestErrorResponse(req, resp, (MOAIDException) e);			
-		
-		} else if (e instanceof InvalidProtocolRequestException) {		
-			//send error response
-			writeBadRequestErrorResponse(req, resp, (MOAIDException) e);
-			
-		} else if (e instanceof ConfigurationException) {
-			//send HTML formated error message
-			writeHTMLErrorResponse(req, resp, (MOAIDException) e);
-		
-		} else if (e instanceof MOAIDException) {
-			//send HTML formated error message
-			writeHTMLErrorResponse(req, resp, e);
-					
-		} else if (e instanceof ProcessExecutionException) {
-			//send HTML formated error message
-			writeHTMLErrorResponse(req, resp, e);
-					
-		}
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index 18641c090..3b12418fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -8,10 +8,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;

 import org.springframework.beans.factory.annotation.Autowired;

 

-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;

+import at.gv.egiz.eaaf.core.api.IRequest;

+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;

+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;

 import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException;

 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;

-import at.gv.egovernment.moa.id.commons.api.IRequest;

 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;

 import at.gv.egovernment.moa.id.process.ProcessEngine;

 import at.gv.egovernment.moa.logging.Logger;

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 49145a850..cfeca88b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -33,15 +33,16 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.moduls.IRequestStorage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 0397bd501..9282db3b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -36,24 +36,24 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.data.ISLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -154,7 +154,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			if (MiscUtil.isNotEmpty(restartProcess)) {
 				Logger.info("Restart Single LogOut process after timeout ... ");
 					try {						
-						ISLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
+						SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
 						if (sloContainer.hasFrontChannelOA())
 							sloContainer.putFailedOA("differntent OAs");
 							
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 8ef047300..beacf1552 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,13 +56,13 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -71,9 +71,11 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class LogOutServlet {
 	private static final String REDIRECT_URL = "redirect";
 	
-	@Autowired private SSOManager ssomanager;
-	@Autowired private AuthenticationManager authmanager;
-	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) private SSOManager ssomanager;
+	@Autowired(required=true) private AuthenticationManager authmanager;
+	@Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) private AuthConfiguration authConfig;
+	
 	
 	@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
 	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -92,7 +94,7 @@ public class LogOutServlet {
 				
 			} else {
 				//return an error if RedirectURL is not a active Online-Applikation
-				IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			
+				IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(redirectUrl, IOAAuthParameters.class);			
 				if (oa == null) {		
 					Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
 					redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index a00de1da0..c77542b4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,14 +33,15 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -57,8 +58,9 @@ public class RedirectServlet {
 	private static final String URL = "URL";
 	private static final String TARGET = "TARGET";
 	
-	@Autowired SSOManager ssoManager;
-	@Autowired IGUIFormBuilder guiBuilder;
+	@Autowired(required=true) SSOManager ssoManager;
+	@Autowired(required=true) IGUIFormBuilder guiBuilder;
+	@Autowired(required=true) private AuthConfiguration authConfig;
 	
 	@RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET)
 	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -78,10 +80,10 @@ public class RedirectServlet {
 			
 			//url = URLDecoder.decode(url, "UTF-8");
 			
-			oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url);
+			oa = authConfig.getServiceProviderConfiguration(url, IOAAuthParameters.class);
 			String authURL = HTTPUtils.extractAuthURLFromRequest(req);
 			
-			if (oa == null || !AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) {		
+			if (oa == null || !authConfig.getPublicURLPrefix().contains(authURL)) {		
 				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
 				return;
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 466364adb..752f54139 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -29,10 +29,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
index 93d74d7ef..4dac390e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
@@ -37,9 +37,9 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
 
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index c8c6c1fb5..979b8f4e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -30,10 +30,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;