fix another problem in session database

18 files changed, 1003 insertions, 490 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
index 20f2029cb..f0d9741d4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
@@ -4,11 +4,8 @@ package at.gv.egovernment.moa.id.auth;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 
 /**
  * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -20,32 +17,7 @@ import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
  */
 public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
 
-	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
 	
-	/**
-	 * Retrieves a session from the session store.
-	 *
-	 * @param id session ID
-	 * @return <code>AuthenticationSession</code> stored with given session ID (never {@code null}).
-	 * @throws AuthenticationException in case the session id does not reflect a valic, active session.
-	 */
-	public AuthenticationSession getSession(String id)
-			throws AuthenticationException {
-		AuthenticationSession session;
-		try {
-			session = authenticationSessionStorage.getSession(id);
-
-			if (session == null)
-				throw new AuthenticationException("auth.02", new Object[]{id});
-			return session;
-
-		} catch (MOADatabaseException e) {
-			throw new AuthenticationException("auth.02", new Object[]{id});
-
-		} catch (Exception e) {
-			throw new AuthenticationException("parser.04", new Object[]{id});
-		}
-	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 16d320ea5..3264fc3bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -47,11 +47,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -61,6 +57,11 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
@@ -110,13 +111,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	
 	
 	public IAuthData buildAuthenticationData(IRequest pendingReq, 
-            AuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+            IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
 		return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration());
 		
 	}
 	
 	public IAuthData buildAuthenticationData(IRequest pendingReq, 
-            AuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
+            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
 		AuthenticationData authdata = null;		
 		
 		//only needed for SAML1 legacy support
@@ -253,7 +254,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		}
 	}
 		
-	private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, 
+	private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session, 
 			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 
 		Collection<String> includedToGenericAuthData = null;
@@ -273,8 +274,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 			//####################################################
 			//parse user info's from identityLink
-			IdentityLink idlFromPVPAttr = null;
-			IdentityLink identityLink = session.getIdentityLink();		
+			IIdentityLink idlFromPVPAttr = null;
+			IIdentityLink identityLink = session.getIdentityLink();		
 			if (identityLink != null) {
 				parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
 			
@@ -515,7 +516,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			}
 			
 			//mandate functionality
-			MISMandate misMandate = null;
+			IMISMandate misMandate = null;
 			if (session.isMandateUsed()) {
 				//####################################################
 				//set Mandate reference value
@@ -766,7 +767,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			//####################################################################			
 			//parse AuthBlock signature-verification response
 			//INFO: this parameters are only required for SAML1 auth. protocol
-			VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+			IVerifiyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
 			if (verifyXMLSigResp != null) {
 				authData.setQualifiedCertificate(verifyXMLSigResp
 						.isQualifiedCertificate());
@@ -833,7 +834,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			return false;
 	}
 
-	private void parseBasicUserInfosFromIDL(AuthenticationData authData, IdentityLink identityLink, Collection<String> includedGenericSessionData) {
+	private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) {
 		//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
 		authData.setIdentificationValue(identityLink.getIdentificationValue());
 		authData.setIdentificationType(identityLink.getIdentificationType());
@@ -919,7 +920,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @return Pair<bPK, bPKType> which was received by PVP-Attribute and could be decrypted for this Service Provider, 
 	 *         or <code>null</code> if no attribute exists or can not decrypted
 	 */
-	private Pair<String, String> getEncryptedbPKFromPVPAttribute(AuthenticationSession session,
+	private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
 			AuthenticationData authData, IOAAuthParameters spConfig) {
 		//set List of encrypted bPKs to authData DAO		
 		String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
@@ -981,7 +982,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @param session MOASession, but never null
 	 * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
 	 */
-	private String getbPKValueFromPVPAttribute(AuthenticationSession session) {
+	private String getbPKValueFromPVPAttribute(IAuthenticationSession session) {
 		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
 		if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) {
 			
@@ -1015,7 +1016,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @param session MOASession, but never null
 	 * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
 	 */
-	private String getbPKTypeFromPVPAttribute(AuthenticationSession session) {
+	private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) {
 		String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); 
 		if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) {
 			
@@ -1065,7 +1066,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 	}
 
-	private IdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IdentityLink idl, String bPK, String bPKType) throws MOAIDException {
+	private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException {
 		if (oaParam.getBusinessService()) {
             Element idlassertion = idl.getSamlAssertion();
             //set bpk/wpbk;
@@ -1076,7 +1077,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
             prIdentificationType.getFirstChild().setNodeValue(bPKType);
 
             IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
-            IdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+            IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
                                 
             //resign IDL
 			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
index ac93d7af9..9ca15c76f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -29,12 +29,12 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -74,7 +74,7 @@ public class SignatureVerificationUtils {
 		  }
 	  }
 	  
-	  public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {		  
+	  public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {		  
 		  try {
 			  //build signature-verification request
 			  Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
@@ -84,7 +84,7 @@ public class SignatureVerificationUtils {
 			  		.verifyXMLSignature(domVerifyXMLSignatureRequest);
 			
 			// parses the <VerifyXMLSignatureResponse>
-			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+			IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
 					domVerifyXMLSignatureResponse).parseData();
 			
 			return verifyXMLSignatureResponse;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index a72f6c2ea..94651915e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -46,20 +46,26 @@ import java.util.Map;
 
 import org.apache.commons.collections4.map.HashedMap;
 
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.x509.X509Certificate;
 
 /**
- * Session data to be stored between <code>AuthenticationServer</code> API calls.
  * 
- * @author Paul Ivancsics
- * @version $Id$
+ * Serializable implementation of the {@link IAuthenticationSession} interface, which could be stored into a 
+ * AuthenticationSession database
+ * 
+ * @author Thomas Lenz
+ * 
  */
-public class AuthenticationSession implements Serializable {
+public class AuthenticationSession implements Serializable, IAuthenticationSession {
 	
 	/**
 	 * 
@@ -94,7 +100,7 @@ public class AuthenticationSession implements Serializable {
 	 * 
 	 * Mandate element
 	 */
-	private MISMandate mandate;
+	private IMISMandate mandate;
 	
 	/**
 	 * Reference value for mandate bussiness service for the assertion
@@ -110,7 +116,7 @@ public class AuthenticationSession implements Serializable {
 	/**
 	 * identity link read from smartcard
 	 */
-	private IdentityLink identityLink;
+	private IIdentityLink identityLink;
 	
 	/**
 	 * authentication block to be signed by the user
@@ -151,7 +157,7 @@ public class AuthenticationSession implements Serializable {
 		
 	private String QAALevel = null;
 		
-	private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
+	private IVerifiyXMLSignatureResponse XMLVerifySignatureResponse;
 	
 	private boolean isForeigner;
 	
@@ -170,14 +176,61 @@ public class AuthenticationSession implements Serializable {
 		
 	}
 	
+	/**
+	 * @param id
+	 * @param now
+	 * @param moaSession
+	 */
+	public AuthenticationSession(String id, Date now, IAuthenticationSession moaSession) {
+		sessionID = id;
+		sessionCreated = now;
+		
+		authBlock = moaSession.getAuthBlock();
+		authBlockTokken = moaSession.getAuthBlockTokken();
+		authenticated = moaSession.isAuthenticated();		
+		bkuURL = moaSession.getBkuURL();
+		extendedSAMLAttributesAUTH = moaSession.getExtendedSAMLAttributesAUTH();
+		extendedSAMLAttributesOA = moaSession.getExtendedSAMLAttributesOA();
+		
+		genericSessionDataStorate = moaSession.getGenericSessionDataStorage();
+		
+		identityLink = moaSession.getIdentityLink();
+		isForeigner = moaSession.isForeigner();
+		isOW = moaSession.isOW();
+		issueInstant = moaSession.getIssueInstant();
+		mandate = moaSession.getMISMandate();
+		mandateReferenceValue = moaSession.getMandateReferenceValue();
+		misSessionID = moaSession.getMISSessionID();
+		QAALevel = moaSession.getQAALevel();
+		samlAttributeGebeORwbpk = moaSession.getSAMLAttributeGebeORwbpk();
+		sessionCreated = moaSession.getSessionCreated();
+		signerCertificate = moaSession.getEncodedSignerCertificate();
+		useMandates = moaSession.isMandateUsed();
+		XMLVerifySignatureResponse = moaSession.getXMLVerifySignatureResponse();
+		
+		//TODO: implement session construction from existing eID information
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
+	 */
+	@Override
 	public boolean isAuthenticated() {
 		return authenticated;
 	}
 	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
+	 */
+	@Override
 	public void setAuthenticated(boolean authenticated) {
 		this.authenticated = authenticated;
 	}
 		
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
+	 */
+	@Override
 	public X509Certificate getSignerCertificate() {
 		try {
 			return new X509Certificate(signerCertificate);
@@ -188,10 +241,18 @@ public class AuthenticationSession implements Serializable {
 		}
 	}
 	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate()
+	 */
+	@Override
 	public byte[] getEncodedSignerCertificate() {
 		return this.signerCertificate;
 	}
 	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate)
+	 */
+	@Override
 	public void setSignerCertificate(X509Certificate signerCertificate) {
 		try {
 			this.signerCertificate = signerCertificate.getEncoded();
@@ -201,174 +262,141 @@ public class AuthenticationSession implements Serializable {
 		}
 	}
 	
-	/**
-	 * Returns the identityLink.
-	 * 
-	 * @return IdentityLink
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
 	 */
-	public IdentityLink getIdentityLink() {
+	@Override
+	public IIdentityLink getIdentityLink() {
 		return identityLink;
 	}
 	
-	/**
-	 * Returns the sessionID.
-	 * 
-	 * @return String
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
 	 */
+	@Override
 	public String getSessionID() {
 		return sessionID;
 	}
 	
-	/**
-	 * Sets the identityLink.
-	 * 
-	 * @param identityLink
-	 *            The identityLink to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
 	 */
-	public void setIdentityLink(IdentityLink identityLink) {
+	@Override
+	public void setIdentityLink(IIdentityLink identityLink) {
 		this.identityLink = identityLink;
 	}
 	
-	/**
-	 * Sets the sessionID.
-	 * 
-	 * @param sessionId
-	 *            The sessionID to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
 	 */
+	@Override
 	public void setSessionID(String sessionId) {
 		this.sessionID = sessionId;
 	}
 	
-	/**
-	 * Returns the BKU URL.
-	 * 
-	 * @return String
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL()
 	 */
+	@Override
 	public String getBkuURL() {
 		return bkuURL;
 	}
 
-	/**
-	 * Sets the bkuURL
-	 * 
-	 * @param bkuURL
-	 *            The BKU URL to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String)
 	 */
+	@Override
 	public void setBkuURL(String bkuURL) {
 		this.bkuURL = bkuURL;
 	}
 				
-	/**
-	 * Returns the authBlock.
-	 * 
-	 * @return String
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock()
 	 */
+	@Override
 	public String getAuthBlock() {
 		return authBlock;
 	}
 	
-	/**
-	 * Sets the authBlock.
-	 * 
-	 * @param authBlock
-	 *            The authBlock to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String)
 	 */
+	@Override
 	public void setAuthBlock(String authBlock) {
 		this.authBlock = authBlock;
 	}
 	
 	
-	/**
-	 * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
-	 * 
-	 * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH()
 	 */
+	@Override
 	public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() {
 		if (extendedSAMLAttributesAUTH == null) extendedSAMLAttributesAUTH = new ArrayList<ExtendedSAMLAttribute>();
 		
 		return extendedSAMLAttributesAUTH;
 	}
 	
-	/**
-	 * Sets the SAML Attributes to be appended to the AUTHBlock.
-	 * 
-	 * @param extendedSAMLAttributesAUTH
-	 *            The SAML Attributes to be appended to the AUTHBlock.
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List)
 	 */
+	@Override
 	public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
 		this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
 	}
 	
-	/**
-	 * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online
-	 * application. Maybe <code>null</code>.
-	 * 
-	 * @return The SAML Attributes to be appended to the SAML assertion delivered to the online
-	 *         application
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA()
 	 */
+	@Override
 	public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
 		return extendedSAMLAttributesOA;
 	}
 	
-	/**
-	 * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online
-	 * application.
-	 * 
-	 * @param extendedSAMLAttributesOA
-	 *            The SAML Attributes to be appended to the SAML assertion delivered to the online
-	 *            application.
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List)
 	 */
+	@Override
 	public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
 		this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
 	}
 	
-	/**
-	 * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the
-	 * SAML Assertion or not.
-	 * 
-	 * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or
-	 *         false if not.
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk()
 	 */
+	@Override
 	public boolean getSAMLAttributeGebeORwbpk() {
 		return this.samlAttributeGebeORwbpk;
 	}
 	
-	/**
-	 * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the
-	 * SAML Assertion or not.
-	 * 
-	 * @param samlAttributeGebeORwbpk
-	 *            The boolean for value either a target or wbPK is provided as SAML Attribute in the
-	 *            SAML Assertion or not.
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean)
 	 */
+	@Override
 	public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
 		this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
 	}
 	
-	/**
-	 * Returns the issuing time of the AUTH-Block SAML assertion.
-	 * 
-	 * @return The issuing time of the AUTH-Block SAML assertion.
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
 	 */
+	@Override
 	public String getIssueInstant() {
 		return issueInstant;
 	}
 	
-	/**
-	 * Sets the issuing time of the AUTH-Block SAML assertion.
-	 * 
-	 * @param issueInstant
-	 *            The issueInstant to set.
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
 	 */
+	@Override
 	public void setIssueInstant(String issueInstant) {
 		this.issueInstant = issueInstant;
 	}
 	
-	/**
-	 * 
-	 * @param useMandate
-	 *            indicates if mandate is used or not
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String)
 	 */
+	@Override
 	public void setUseMandate(String useMandate) {
 		if (useMandate.compareToIgnoreCase("true") == 0)
 			this.useMandates = true;
@@ -377,141 +405,172 @@ public class AuthenticationSession implements Serializable {
 		
 	}
 	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
+	 */
+	@Override
 	public void setUseMandates(boolean useMandates) {
 		this.useMandates = useMandates;
 		
 	}
 	
-	/**
-	 * @return
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
 	 */
+	@Override
 	public boolean isMandateUsed() {
 		return this.useMandates;
 	}
 	
-	/**
-	 * 
-	 * @param misSessionID
-	 *            indicates the MIS session ID
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
 	 */
+	@Override
 	public void setMISSessionID(String misSessionID) {
 		this.misSessionID = misSessionID;
 	}
 	
-	/**
-	 * Returns the MIS session ID
-	 * 
-	 * @return
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID()
 	 */
+	@Override
 	public String getMISSessionID() {
 		return this.misSessionID;
 	}
 	
-	/**
-	 * @return the mandateReferenceValue
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue()
 	 */
+	@Override
 	public String getMandateReferenceValue() {
 		return mandateReferenceValue;
 	}
 	
-	/**
-	 * @param mandateReferenceValue
-	 *            the mandateReferenceValue to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String)
 	 */
+	@Override
 	public void setMandateReferenceValue(String mandateReferenceValue) {
 		this.mandateReferenceValue = mandateReferenceValue;
 	}
 			
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
+	 */
+	@Override
 	public boolean isForeigner() {
 		return isForeigner;
 	}
 	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
+	 */
+	@Override
 	public void setForeigner(boolean isForeigner) {
 		this.isForeigner = isForeigner;
 	}
 	
-	public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse()
+	 */
+	@Override
+	public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() {
 		return XMLVerifySignatureResponse;
 	}
 	
-	public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse)
+	 */
+	@Override
+	public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
 		XMLVerifySignatureResponse = xMLVerifySignatureResponse;
 	}
 	
-	public MISMandate getMISMandate() {
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate()
+	 */
+	@Override
+	public IMISMandate getMISMandate() {
 		return mandate;
 	}
 	
-	public void setMISMandate(MISMandate mandate) {
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate)
+	 */
+	@Override
+	public void setMISMandate(IMISMandate mandate) {
 		this.mandate = mandate;
 	}
 			
-	/**
-	 * @return the isOW
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
 	 */
+	@Override
 	public boolean isOW() {
 		return isOW;
 	}
 	
-	/**
-	 * @param isOW
-	 *            the isOW to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
 	 */
+	@Override
 	public void setOW(boolean isOW) {
 		this.isOW = isOW;
 	}
 	
-	/**
-	 * @return the authBlockTokken
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
 	 */
+	@Override
 	public String getAuthBlockTokken() {
 		return authBlockTokken;
 	}
 	
-	/**
-	 * @param authBlockTokken
-	 *            the authBlockTokken to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String)
 	 */
+	@Override
 	public void setAuthBlockTokken(String authBlockTokken) {
 		this.authBlockTokken = authBlockTokken;
 	}
 
-	/**
-	 * eIDAS QAA level
-	 * 
-	 * @return the qAALevel
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
 	 */
+	@Override
 	public String getQAALevel() {
 		return QAALevel;
 	}
 
-	/**
-	 * set QAA level in eIDAS form
-	 * 
-	 * @param qAALevel the qAALevel to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
 	 */
+	@Override
 	public void setQAALevel(String qAALevel) {
 		QAALevel = qAALevel;
 	}
 
-	/**
-	 * @return the sessionCreated
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
 	 */
+	@Override
 	public Date getSessionCreated() {
 		return sessionCreated;
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
+	 */
+	@Override
 	public Map<String, Object> getGenericSessionDataStorage() {
 		return genericSessionDataStorate;
 	}
 	
 	
-	/**
-	 * Returns a generic session-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the session-data object
-	 * @return The session-data object or null if no data is found with this key
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
 	 */
+	@Override
 	public Object getGenericDataFromSession(String key) {
 		if (MiscUtil.isNotEmpty(key)) {
 			return genericSessionDataStorate.get(key);
@@ -523,13 +582,10 @@ public class AuthenticationSession implements Serializable {
 				
 	}
 	
-	/**
-	 * Returns a generic session-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the session-data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The session-data object or null if no data is found with this key
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
 	 */
+	@Override
 	public <T> T getGenericDataFromSession(String key, final Class<T> clazz) {
 		if (MiscUtil.isNotEmpty(key)) {
 			Object data =  genericSessionDataStorate.get(key);
@@ -555,13 +611,10 @@ public class AuthenticationSession implements Serializable {
 				
 	}
 	
-	/**
-	 * Store a generic data-object to session with a specific identifier
-	 * 
-	 * @param key Identifier for this data-object
-	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
 	 */
+	@Override
 	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
 		if (MiscUtil.isEmpty(key)) {
 			Logger.warn("Generic session-data can not be stored with a 'null' key");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
new file mode 100644
index 000000000..5419e8ae0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -0,0 +1,492 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
+
+/**
+ * @author tlenz
+ * 
+ */
+public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants {
+
+		
+	private Map<String, Object> sessionData;
+	
+	/**
+	 * @param genericDataStorage
+	 */
+	public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
+		this.sessionData = genericDataStorage;
+	}
+
+	private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {		
+		if (MiscUtil.isNotEmpty(key)) {
+			Object obj = sessionData.get(key);
+			if (obj != null && clazz.isInstance(obj))
+				return (T) obj;
+		}
+		
+		if (defaultValue == null)
+			return null;
+		
+		else if (clazz.isInstance(defaultValue))
+			return (T)defaultValue;
+			
+		else {
+			Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
+			throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
+				
+		}		
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
+	 */
+	@Override
+	public boolean isAuthenticated() {
+		return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
+	 */
+	@Override
+	public void setAuthenticated(boolean authenticated) {
+		sessionData.put(FLAG_IS_AUTHENTICATED, authenticated);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
+	 */
+	@Override
+	public X509Certificate getSignerCertificate() {
+		byte[] encCert = getEncodedSignerCertificate();
+	
+		if (encCert != null) {
+			try {
+				return new X509Certificate(encCert);
+			}
+			catch (CertificateException e) {
+				Logger.warn("Signer certificate can not be loaded from session database!", e);
+				
+			}
+		}
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate()
+	 */
+	@Override
+	public byte[] getEncodedSignerCertificate() {
+		return wrapStringObject(VALUE_SIGNER_CERT, null, byte[].class);
+				
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate)
+	 */
+	@Override
+	public void setSignerCertificate(X509Certificate signerCertificate) {
+		try {
+			sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
+			
+		}catch (CertificateEncodingException e) {
+			Logger.warn("Signer certificate can not be stored to session database!", e);
+		}
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
+	 */
+	@Override
+	public IIdentityLink getIdentityLink() {
+		return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
+	 */
+	@Override
+	public String getSessionID() {
+		return wrapStringObject(VALUE_SESSIONID, null, String.class);
+				
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
+	 */
+	@Override
+	public void setIdentityLink(IIdentityLink identityLink) {
+		sessionData.put(VALUE_IDENTITYLINK, identityLink);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
+	 */
+	@Override
+	public void setSessionID(String sessionId) {
+		sessionData.put(VALUE_SESSIONID, sessionId);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL()
+	 */
+	@Override
+	public String getBkuURL() {
+		return wrapStringObject(VALUE_BKUURL, null, String.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String)
+	 */
+	@Override
+	public void setBkuURL(String bkuURL) {
+		sessionData.put(VALUE_BKUURL, bkuURL);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock()
+	 */
+	@Override
+	public String getAuthBlock() {
+		return wrapStringObject(VALUE_AUTHBLOCK, null, String.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String)
+	 */
+	@Override
+	public void setAuthBlock(String authBlock) {
+		sessionData.put(VALUE_AUTHBLOCK, authBlock);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH()
+	 */
+	@Override
+	public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() {
+		return wrapStringObject(VALUE_EXTENTEDSAMLATTRAUTH, new ArrayList<ExtendedSAMLAttribute>(), List.class);
+	} 
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List)
+	 */
+	@Override
+	public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
+		sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA()
+	 */
+	@Override
+	public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
+		return wrapStringObject(VALUE_EXTENTEDSAMLATTROA, null, List.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List)
+	 */
+	@Override
+	public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
+		sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk()
+	 */
+	@Override
+	public boolean getSAMLAttributeGebeORwbpk() {
+		return wrapStringObject(FLAG_SAMLATTRIBUTEGEBEORWBPK, false, Boolean.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean)
+	 */
+	@Override
+	public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
+		sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
+	 */
+	@Override
+	public String getIssueInstant() {
+		return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
+	 */
+	@Override
+	public void setIssueInstant(String issueInstant) {
+		sessionData.put(VALUE_ISSUEINSTANT, issueInstant);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String)
+	 */
+	@Override
+	public void setUseMandate(String useMandate) {
+		if (useMandate.compareToIgnoreCase("true") == 0)
+			setUseMandates(true);
+		else
+			setUseMandates(false);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
+	 */
+	@Override
+	public void setUseMandates(boolean useMandates) {
+		sessionData.put(FLAG_USE_MANDATE, useMandates);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
+	 */
+	@Override
+	public boolean isMandateUsed() {
+		return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
+	 */
+	@Override
+	public void setMISSessionID(String misSessionID) {
+		sessionData.put(VALUE_MISSESSIONID, misSessionID);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID()
+	 */
+	@Override
+	public String getMISSessionID() {
+		return wrapStringObject(VALUE_MISSESSIONID, null, String.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue()
+	 */
+	@Override
+	public String getMandateReferenceValue() {
+		return wrapStringObject(VALUE_MISREFVALUE, null, String.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String)
+	 */
+	@Override
+	public void setMandateReferenceValue(String mandateReferenceValue) {
+		sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
+	 */
+	@Override
+	public boolean isForeigner() {
+		return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
+	 */
+	@Override
+	public void setForeigner(boolean isForeigner) {
+		sessionData.put(FLAG_IS_FOREIGNER, isForeigner);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse()
+	 */
+	@Override
+	public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() {
+		return wrapStringObject(VALUE_VERIFYSIGRESP, null, IVerifiyXMLSignatureResponse.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse)
+	 */
+	@Override
+	public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
+		sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate()
+	 */
+	@Override
+	public IMISMandate getMISMandate() {
+		return wrapStringObject(VALUE_MISMANDATE, null, IMISMandate.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate)
+	 */
+	@Override
+	public void setMISMandate(IMISMandate mandate) {
+		sessionData.put(VALUE_MISMANDATE, mandate);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
+	 */
+	@Override
+	public boolean isOW() {
+		return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
+	 */
+	@Override
+	public void setOW(boolean isOW) {
+		sessionData.put(FLAG_IS_ORGANWALTER, isOW);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
+	 */
+	@Override
+	public String getAuthBlockTokken() {
+		return wrapStringObject(VALUE_AUTNBLOCKTOKKEN, null, String.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String)
+	 */
+	@Override
+	public void setAuthBlockTokken(String authBlockTokken) {
+		sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
+	 */
+	@Override
+	public String getQAALevel() {
+		return wrapStringObject(VALUE_QAALEVEL, null, String.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
+	 */
+	@Override
+	public void setQAALevel(String qAALevel) {
+		sessionData.put(VALUE_QAALEVEL, qAALevel);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
+	 */
+	@Override
+	public Date getSessionCreated() {
+		return wrapStringObject(VALUE_CREATED, null, Date.class);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
+	 */
+	@Override
+	public Map<String, Object> getGenericSessionDataStorage() {
+		Map<String, Object> result = new HashMap<String, Object>();		
+		for (String el : sessionData.keySet()) {
+			if (el.startsWith(GENERIC_PREFIX))
+				result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el));
+			
+		}
+		
+		return result;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
+	 */
+	@Override
+	public Object getGenericDataFromSession(String key) {
+		return sessionData.get(GENERIC_PREFIX + key); 
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
+	 */
+	@Override
+	public <T> T getGenericDataFromSession(String key, Class<T> clazz) {
+		return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
+	 */
+	@Override
+	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+		sessionData.put(GENERIC_PREFIX + key, object);
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
index c7fa58eaf..f1d48935f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.auth.data;
 
 import java.io.Serializable;
 
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+
 /**
  * This class contains SAML attributes to be appended to the SAML assertion delivered to
  * the Online application.
@@ -92,13 +94,13 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
    *                        The following values are allowed:
    *        <ul>
    *            <li>
-   *            {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+   *            {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
    *            </li>
    *            <li>
-   *            {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+   *            {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
    *            </li>
    *            <li>
-   *            {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+   *            {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
    *            </li>
    *        </ul> 
    *                        
@@ -111,28 +113,28 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
   }
 
   /**
-   * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue()
+   * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getValue()
    */
   public Object getValue() {
     return value_;
   }
 
   /**
-   * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName()
+   * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getName()
    */
   public String getName() {
     return name_;
   }
 
   /**
-   * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace()
+   * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getNameSpace()
    */
   public String getNameSpace() {
     return namespace_;
   }
 
   /**
-   * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
+   * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
    */
   public int getAddToAUTHBlock() {
     return addToAUTHBlock_;
@@ -144,16 +146,16 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
    * @param addToAUTHBlock One of the following values:
    *        <ul>
    *            <li>
-   *            {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+   *            {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
    *            </li>
    *            <li>
-   *            {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+   *            {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
    *            </li>
    *            <li>
-   *            {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+   *            {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
    *            </li>
    *        </ul>
-   *    {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} 
+   *    {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} 
    */
   public void setAddToAUTHBlock(int addToAUTHBlock) {
     addToAUTHBlock_ = addToAUTHBlock;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index 78f1e14f0..2690bc2cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -54,6 +54,7 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.DOMUtils;
 
 
@@ -64,7 +65,7 @@ import at.gv.egovernment.moa.util.DOMUtils;
  * @author Paul Ivancsics
  * @version $Id$
  */
-public class IdentityLink implements Serializable{
+public class IdentityLink implements Serializable, IIdentityLink{
 
 	private static final long serialVersionUID = 1L;
 	
@@ -128,188 +129,183 @@ public class IdentityLink implements Serializable{
 	public IdentityLink() {
 	}
 
-  /**
-   * Returns the dateOfBirth.
-   * @return Calendar
-   */
-  public String getDateOfBirth() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth()
+ */
+  @Override
+public String getDateOfBirth() {
     return dateOfBirth;
   }
 
-  /**
-   * Returns the familyName.
-   * @return String
-   */
-  public String getFamilyName() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName()
+ */
+  @Override
+public String getFamilyName() {
     return familyName;
   }
 
-  /**
-   * Returns the givenName.
-   * @return String
-   */
-  public String getGivenName() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName()
+ */
+  @Override
+public String getGivenName() {
     return givenName;
   }
   
-  /**
-   * Returns the name.
-   * @return The name.
-   */
-  public String getName() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName()
+ */
+  @Override
+public String getName() {
     if (name == null) {
       name = givenName + " " + familyName;
     }
     return name;
   }
   
-  /**
-   * Returns the identificationValue.
-	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-   * @return String
-   */
-  public String getIdentificationValue() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue()
+ */
+  @Override
+public String getIdentificationValue() {
     return identificationValue;
   }
 
-	/**
-	 * Returns the identificationType.
-	 * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
-	 * @return String
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType()
 	 */
+	@Override
 	public String getIdentificationType() {
 		return identificationType;
 	}
 
-  /**
-   * Sets the dateOfBirth.
-   * @param dateOfBirth The dateOfBirth to set
-   */
-  public void setDateOfBirth(String dateOfBirth) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String)
+ */
+  @Override
+public void setDateOfBirth(String dateOfBirth) {
     this.dateOfBirth = dateOfBirth;
   }
 
-  /**
-   * Sets the familyName.
-   * @param familyName The familyName to set
-   */
-  public void setFamilyName(String familyName) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String)
+ */
+  @Override
+public void setFamilyName(String familyName) {
     this.familyName = familyName;
   }
 
-  /**
-   * Sets the givenName.
-   * @param givenName The givenName to set
-   */
-  public void setGivenName(String givenName) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String)
+ */
+  @Override
+public void setGivenName(String givenName) {
     this.givenName = givenName;
   }
 
-  /**
-   * Sets the identificationValue.
-	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-   * @param identificationValue The identificationValue to set
-   */
-  public void setIdentificationValue(String identificationValue) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String)
+ */
+  @Override
+public void setIdentificationValue(String identificationValue) {
     this.identificationValue = identificationValue;
   }
   
-	/**
-	 * Sets the Type of the identificationValue.
-	 * @param identificationType The type of identificationValue to set
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String)
 	 */
+	@Override
 	public void setIdentificationType(String identificationType) {
 		this.identificationType = identificationType;
 	}
 
-  /**
-   * Returns the samlAssertion.
-   * @return Element
-   */
-  public Element getSamlAssertion() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion()
+ */
+  @Override
+public Element getSamlAssertion() {
     return samlAssertion;
   }
   
-  /**
-   * Returns the samlAssertion.
-   * @return Element
-   */
-  public String getSerializedSamlAssertion() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion()
+ */
+  @Override
+public String getSerializedSamlAssertion() {
     return serializedSamlAssertion;
   }
 
-  /**
-   * Sets the samlAssertion and the serializedSamlAssertion.
-   * @param samlAssertion The samlAssertion to set
-   */
-  public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element)
+ */
+  @Override
+public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
     this.samlAssertion = samlAssertion;
     this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);    
   }
 
-  /**
-   * Returns the dsigReferenceTransforms.
-   * @return Element[]
-   */
-  public Element[] getDsigReferenceTransforms() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms()
+ */
+  @Override
+public Element[] getDsigReferenceTransforms() {
     return dsigReferenceTransforms;
   }
 
-  /**
-   * Sets the dsigReferenceTransforms.
-   * @param dsigReferenceTransforms The dsigReferenceTransforms to set
-   */
-  public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[])
+ */
+  @Override
+public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
     this.dsigReferenceTransforms = dsigReferenceTransforms;
   }
 
-  /**
-   * Returns the publicKey.
-   * @return PublicKey[]
-   */
-  public PublicKey[] getPublicKey() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey()
+ */
+  @Override
+public PublicKey[] getPublicKey() {
     return publicKey;
   }
 
-  /**
-   * Sets the publicKey.
-   * @param publicKey The publicKey to set
-   */
-  public void setPublicKey(PublicKey[] publicKey) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[])
+ */
+  @Override
+public void setPublicKey(PublicKey[] publicKey) {
     this.publicKey = publicKey;
   }
 
-  /**
-   * Returns the prPerson.
-   * @return Element
-   */
-  public Element getPrPerson() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson()
+ */
+  @Override
+public Element getPrPerson() {
     return prPerson;
   }
 
-  /**
-   * Sets the prPerson.
-   * @param prPerson The prPerson to set
-   */
-  public void setPrPerson(Element prPerson) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element)
+ */
+  @Override
+public void setPrPerson(Element prPerson) {
     this.prPerson = prPerson;
   }
   
-   /**
-   * Returns the issuing time of the identity link SAML assertion.
-   *
-   * @return The issuing time of the identity link SAML assertion.
-   */
-  public String getIssueInstant() {
+   /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant()
+ */
+  @Override
+public String getIssueInstant() {
     return issueInstant;
   }
 
-  /**
-   * Sets the issuing time of the identity link SAML assertion.
-   *
-   * @param issueInstant The issueInstant to set.
-   */
-  public void setIssueInstant(String issueInstant) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String)
+ */
+  @Override
+public void setIssueInstant(String issueInstant) {
     this.issueInstant = issueInstant;
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
index e9a278d0f..82263f7a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
@@ -46,12 +46,13 @@
 
 package at.gv.egovernment.moa.id.auth.data;
 
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 
 /**
  * Includes the result of an extended infobox validation.
  * 
  * If validation succeeds, an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
  * maybe provided. Each of these SAML-Attributes will be either appended to the  
  * final SAML-Assertion passed to the online application or to the AUTH-Block,
  * or to both.
@@ -65,7 +66,7 @@ public interface InfoboxValidationResult {
   /**
    * The method returns <code>true</code> if validation succeeds. In that case
    * method {@link  #getExtendedSamlAttributes()} may provide an array of 
-   * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute 
+   * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute 
    * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the 
    * AUTH-Block or to both.
    * <br>
@@ -78,14 +79,14 @@ public interface InfoboxValidationResult {
   public boolean isValid();
   
   /**
-   * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+   * Returns an array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute
    * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
    * provided to the online application.
    * The SAML-Attributes in that array will be added to the final
    * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
    * in the array this method returns. 
    * 
-   * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+   * @return An array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute
    * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
    * provided to the online application, the AUTH-Block, or both. If no attributes should 
    * be added this array maybe <code>null</code> or empty.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
index 0ba17eb2f..c5183d29c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.data;
 
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 
 /**
  * Default implementation of the {@link InfoboxValidationResult} interface.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index 6cf1de319..c054976ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -49,6 +49,7 @@ package at.gv.egovernment.moa.id.auth.data;
 import java.io.Serializable;
 import java.util.Date;
 
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import iaik.x509.X509Certificate;
 
 /**
@@ -59,7 +60,7 @@ import iaik.x509.X509Certificate;
  * @version $Id$
  * 
  */
-public class VerifyXMLSignatureResponse implements Serializable{
+public class VerifyXMLSignatureResponse implements Serializable, IVerifiyXMLSignatureResponse{
 
 	private static final long serialVersionUID = 1L;
 	
@@ -89,173 +90,179 @@ public class VerifyXMLSignatureResponse implements Serializable{
 
   private Date signingDateTime;
   
-  /**
-   * Returns the certificateCheckCode.
-   * @return int
-   */
-  public int getCertificateCheckCode() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getCertificateCheckCode()
+ */
+  @Override
+public int getCertificateCheckCode() {
     return certificateCheckCode;
   }
 
-  /**
-   * Returns the signatureCheckCode.
-   * @return int
-   */
-  public int getSignatureCheckCode() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureCheckCode()
+ */
+  @Override
+public int getSignatureCheckCode() {
     return signatureCheckCode;
   }
 
-  /**
-   * Returns the xmlDSIGManifestCheckCode.
-   * @return int
-   */
-  public int getXmlDSIGManifestCheckCode() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDSIGManifestCheckCode()
+ */
+  @Override
+public int getXmlDSIGManifestCheckCode() {
     return xmlDSIGManifestCheckCode;
   }
 
-  /**
-   * Returns the xmlDsigSubjectName.
-   * @return String
-   */
-  public String getXmlDsigSubjectName() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDsigSubjectName()
+ */
+  @Override
+public String getXmlDsigSubjectName() {
     return xmlDsigSubjectName;
   }
 
-  /**
-   * Sets the certificateCheckCode.
-   * @param certificateCheckCode The certificateCheckCode to set
-   */
-  public void setCertificateCheckCode(int certificateCheckCode) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setCertificateCheckCode(int)
+ */
+  @Override
+public void setCertificateCheckCode(int certificateCheckCode) {
     this.certificateCheckCode = certificateCheckCode;
   }
 
-  /**
-   * Sets the signatureCheckCode.
-   * @param signatureCheckCode The signatureCheckCode to set
-   */
-  public void setSignatureCheckCode(int signatureCheckCode) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureCheckCode(int)
+ */
+  @Override
+public void setSignatureCheckCode(int signatureCheckCode) {
     this.signatureCheckCode = signatureCheckCode;
   }
 
-  /**
-   * Sets the xmlDSIGManifestCheckCode.
-   * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
-   */
-  public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManifestCheckCode(int)
+ */
+  @Override
+public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
     this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
   }
 
-  /**
-   * Sets the xmlDsigSubjectName.
-   * @param xmlDsigSubjectName The xmlDsigSubjectName to set
-   */
-  public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDsigSubjectName(java.lang.String)
+ */
+  @Override
+public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
     this.xmlDsigSubjectName = xmlDsigSubjectName;
   }
 
-  /**
-   * Returns the publicAuthorityCode.
-   * @return int
-   */
-  public String getPublicAuthorityCode() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getPublicAuthorityCode()
+ */
+  @Override
+public String getPublicAuthorityCode() {
     return publicAuthorityCode;
   }
 
-  /**
-   * Sets the publicAuthorityCode.
-   * @param publicAuthorityCode The publicAuthorityCode to set
-   */
-  public void setPublicAuthorityCode(String publicAuthorityCode) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthorityCode(java.lang.String)
+ */
+  @Override
+public void setPublicAuthorityCode(String publicAuthorityCode) {
     this.publicAuthorityCode = publicAuthorityCode;
   }
 
-  /**
-   * Returns the qualifiedCertificate.
-   * @return boolean
-   */
-  public boolean isQualifiedCertificate() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isQualifiedCertificate()
+ */
+  @Override
+public boolean isQualifiedCertificate() {
     return qualifiedCertificate;
   }
 
-  /**
-   * Returns the x509certificate.
-   * @return X509Certificate
-   */
-  public X509Certificate getX509certificate() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getX509certificate()
+ */
+  @Override
+public X509Certificate getX509certificate() {
     return x509certificate;
   }
 
-  /**
-   * Sets the qualifiedCertificate.
-   * @param qualifiedCertificate The qualifiedCertificate to set
-   */
-  public void setQualifiedCertificate(boolean qualifiedCertificate) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setQualifiedCertificate(boolean)
+ */
+  @Override
+public void setQualifiedCertificate(boolean qualifiedCertificate) {
     this.qualifiedCertificate = qualifiedCertificate;
   }
 
-  /**
-   * Sets the x509certificate.
-   * @param x509certificate The x509certificate to set
-   */
-  public void setX509certificate(X509Certificate x509certificate) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setX509certificate(iaik.x509.X509Certificate)
+ */
+  @Override
+public void setX509certificate(X509Certificate x509certificate) {
     this.x509certificate = x509certificate;
   }
 
-  /**
-   * Returns the xmlDSIGManigest.
-   * @return boolean
-   */
-  public boolean isXmlDSIGManigest() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isXmlDSIGManigest()
+ */
+  @Override
+public boolean isXmlDSIGManigest() {
     return xmlDSIGManigest;
   }
 
-  /**
-   * Sets the xmlDSIGManigest.
-   * @param xmlDSIGManigest The xmlDSIGManigest to set
-   */
-  public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManigest(boolean)
+ */
+  @Override
+public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
     this.xmlDSIGManigest = xmlDSIGManigest;
   }
 
-  /**
-   * Returns the publicAuthority.
-   * @return boolean
-   */
-  public boolean isPublicAuthority() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isPublicAuthority()
+ */
+  @Override
+public boolean isPublicAuthority() {
     return publicAuthority;
   }
 
-  /**
-   * Sets the publicAuthority.
-   * @param publicAuthority The publicAuthority to set
-   */
-  public void setPublicAuthority(boolean publicAuthority) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthority(boolean)
+ */
+  @Override
+public void setPublicAuthority(boolean publicAuthority) {
     this.publicAuthority = publicAuthority;
   }
 
-  /**
-   * Returns the the resulting code of the signature manifest check.
-   *
-   * @return The code of the sigature manifest check.
-   */
-  public int getSignatureManifestCheckCode() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureManifestCheckCode()
+ */
+  @Override
+public int getSignatureManifestCheckCode() {
     return signatureManifestCheckCode;
   }
 
-  /**
-   * Sets the signatureManifestCode.
-   *
-   * @param signatureManifestCheckCode The signatureManifestCode to set.
-   */           
-  public void setSignatureManifestCheckCode(int signatureManifestCheckCode) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureManifestCheckCode(int)
+ */           
+  @Override
+public void setSignatureManifestCheckCode(int signatureManifestCheckCode) {
     this.signatureManifestCheckCode = signatureManifestCheckCode;
   }
 
-  public Date getSigningDateTime() {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSigningDateTime()
+ */
+@Override
+public Date getSigningDateTime() {
 	 return signingDateTime;
   }
 
-  public void setSigningDateTime(Date signingDateTime) {
+  /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date)
+ */
+@Override
+public void setSigningDateTime(Date signingDateTime) {
 	this.signingDateTime = signingDateTime;
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 1b78ff677..ec6dbc951 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -22,18 +22,16 @@ import org.springframework.beans.factory.annotation.Autowired;
 

 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;

 import at.gv.egovernment.moa.id.commons.api.IRequest;

+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;

 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;

 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;

 import at.gv.egovernment.moa.id.moduls.IRequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

 import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;

 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;

-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;

 import at.gv.egovernment.moa.logging.Logger;

-import at.gv.egovernment.moa.util.MiscUtil;

 

 /**

  * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing

@@ -42,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public abstract class AbstractAuthServletTask extends MoaIdTask {

 

 	@Autowired protected IRequestStorage requestStoreage;

-	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;

+	//@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;

 	@Autowired protected MOAReversionLogger revisionsLogger;

 	@Autowired protected AuthConfiguration authConfig;

 	

 	protected static final String ERROR_CODE_PARAM = "errorid";

 

 	protected IRequest pendingReq = null;

-	protected AuthenticationSession moasession = null;

+	protected IAuthenticationSession moasession = null;

 	

 	public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,

 			HttpServletResponse response) throws TaskExecutionException;

@@ -77,28 +75,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 	 * @throws MOADatabaseException

 	 */

 	protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {								

-		String moasessionid = pendingReq.getMOASessionIdentifier();			

-		if (MiscUtil.isEmpty(moasessionid)) {

-			Logger.warn("MOASessionID is empty.");

-			throw new MOAIDException("auth.18", new Object[] {});

-		}

-		

-		try {			

-			moasession  = authenticatedSessionStorage.getSession(moasessionid);

-		

-			if (moasession == null) {

-				Logger.warn("MOASessionID is empty.");

-				throw new MOAIDException("auth.18", new Object[] {});

-			}

-			

-		} catch (MOADatabaseException e) {

-			Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");

-			throw new MOAIDException("init.04", new Object[] { moasessionid });

-

-		} catch (Throwable e) {

-			Logger.info("No HTTP Session found!");

-			throw new MOAIDException("auth.18", new Object[] {});

-		}

+		Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID());

+		moasession = pendingReq.getMOASession();

 		

 	}

 

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index dfb90da3a..1c26ff5ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -30,6 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -53,6 +55,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 	private static final String PARAM_SSO_CONSENTS = "value";
 	
 	@Autowired private SSOManager ssoManager;
+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -72,12 +75,16 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 				ssoConsents = Boolean.parseBoolean(ssoConsentsString);
 			
 			//perform default task initialization 
-			defaultTaskInitialization(request, executionContext);
+			//defaultTaskInitialization(request, executionContext);
 			
 			//check SSO session cookie and MOASession object
 			String ssoId = ssoManager.getSSOSessionID(request);
-			boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);			
-			if (!(isValidSSOSession && moasession.isAuthenticated() )) {
+			boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
+
+			//load MOA SSO-session from database
+			AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+			
+			if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
 				Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
 				throw new AuthenticationException("auth.30", null);
 				
@@ -86,8 +93,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 			//Log consents evaluator event to revisionslog
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents));
 			
+			//Populate this pending request with SSO session information
+			pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession);
+
+			
 			//user allow single sign-on authentication
 			if (ssoConsents) {
+								
 				//authenticate pending-request
 				pendingReq.setAuthenticated(true);
 				pendingReq.setAbortedByUser(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 6a1ed7203..4eff0fcf5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -31,7 +31,6 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -53,12 +52,10 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 		try {
 			defaultTaskInitialization(request, executionContext);
 								
-			//set MOASession to authenticated and store MOASession
+			//set MOASession to authenticated
 			moasession.setAuthenticated(true);
-			String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession);
 
-			//set pendingRequest to authenticated and set new MOASessionID			
-			((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID);
+			//set pending request to authenticated 
 			pendingReq.setAuthenticated(true);
 			requestStoreage.storePendingRequest(pendingReq);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index a5783bfb7..8f7364f62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -61,6 +61,7 @@ import org.w3c.dom.traversal.NodeIterator;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -256,8 +257,8 @@ public class IdentityLinkAssertionParser {
    * @throws ParseException on any parsing error
    */
 
-  public IdentityLink parseIdentityLink() throws ParseException {
-    IdentityLink identityLink;
+  public IIdentityLink parseIdentityLink() throws ParseException {
+    IIdentityLink identityLink;
     try {
       identityLink = new IdentityLink();
       identityLink.setSamlAssertion(assertionElem);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 140c7aebc..92d76751f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -30,13 +30,13 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -51,7 +51,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 
 	@Autowired AuthConfiguration authConfig;
 	
-	public void parse(AuthenticationSession moasession, 
+	public void parse(IAuthenticationSession moasession, 
 			String target,
 			String oaURL,
 			String bkuURL,
@@ -221,8 +221,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 		
 	}
 	
-	public void parse(ExecutionContext ec, HttpServletRequest req, 
-			AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
+	public void parse(ExecutionContext ec, IAuthenticationSession moasession, HttpServletRequest req, IRequest pendingReq) 
+			throws WrongParametersException, MOAIDException {
 						
 		//get Parameters from request
 	    String oaURL = (String) ec.get(PARAM_OA);
@@ -231,20 +231,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    String useMandate = (String) ec.get(PARAM_USEMANDATE);
 	    String ccc = (String) ec.get(PARAM_CCC);
 
-	    if (request.getOnlineApplicationConfiguration() != null &&
-	    		request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
-	    	Logger.debug("Service " + request.getOnlineApplicationConfiguration().getPublicURLPrefix() 
+	    if (pendingReq.getOnlineApplicationConfiguration() != null &&
+	    		pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
+	    	Logger.debug("Service " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() 
 	    			+ " only allows authentication with mandates. --> Set useMandate to TRUE.");
-	    	useMandate = String.valueOf(request.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
+	    	useMandate = String.valueOf(pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
 	    	
 	    }
 	    		    
-	    oaURL = request.getOAURL();
+	    oaURL = pendingReq.getOAURL();
 	    
 	    //only needed for SAML1
-	    String target = request.getGenericData("saml1_target", String.class);
+	    String target = pendingReq.getGenericData("saml1_target", String.class);
 	    	    
-	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request);
+	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq);
 	    
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 7bce406e0..b54a43fff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -56,6 +56,7 @@ import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
@@ -168,9 +169,9 @@ public class VerifyXMLSignatureResponseParser {
    * @throws ParseException on any parsing error
    */
 
-  public VerifyXMLSignatureResponse parseData() throws ParseException {
+  public IVerifiyXMLSignatureResponse parseData() throws ParseException {
 
-    VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+    IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
 
     try {
     	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 5e09380ae..a146f778e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -134,16 +134,14 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			try {
 				if (ssoManager.isValidSSOSession(ssoid, null)) {
 				
-					String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid);
-
-					if (MiscUtil.isNotEmpty(moaSessionID)) {					
-						AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID);
-						if(authSession != null) {
-							authManager.performSingleLogOut(req, resp, authSession, authURL);
-							return;
+					AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid);
+					
+					if(authSession != null) {
+						authManager.performSingleLogOut(req, resp, authSession, authURL);
+						return;
 							
-						}
 					}
+
 				}
 			} catch (Exception e) {
 				handleErrorNoRedirect(e, req, resp, false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 15333a933..8ef047300 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,6 +56,7 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
@@ -105,8 +106,8 @@ public class LogOutServlet {
 				//TODO: Single LogOut Implementation
 		
 				//delete SSO session and MOA session
-				String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid);
-				authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
+				AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid);
+				authmanager.performOnlyIDPLogOut(moasessionid);
 				
 				Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
 			} else {