Solve some merge problems

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-02-03 15:38:24 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-02-03 15:38:24 +0100
commit: ef35deb727190363d17d693d10f27171787cc92c (patch)
tree: 92f4a4c6133147716328f93b86239d5dd8fcc629 /id/server/idserverlib/src/main
parent: 4333fd60c637f2a739e3db17d00f61c68c465a8e (diff)
download: moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.tar.gz
moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.tar.bz2
moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.zip
47 files changed, 657 insertions, 1541 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e9c8dbc75..06d5b01bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.config.stork.STORKConfig;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
@@ -1269,7 +1270,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 
 			session.setAuthenticatedUsed(false);
 			session.setAuthenticated(true);
-
+			
+	    	//set QAA Level four in case of card authentifcation
+	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+			
+			
 			String oldsessionID = session.getSessionID();
 
 			//Session is implicte stored in changeSessionID!!!
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 767172823..896feed9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -231,6 +231,8 @@ public class AuthenticationSession implements Serializable {
 	
 	private boolean ssoRequested = false;
 	
+	private String QAALevel = null;
+	
 //	private OAuth20SessionObject oAuth20SessionObject;
 	
 	// /**
@@ -1005,20 +1007,21 @@ public class AuthenticationSession implements Serializable {
 	public IPersonalAttributeList getStorkAttributes() {
 		return this.storkAttributes;
 	}
-	
+
 	/**
-//	 * @return the oAuth20SessionObject
-//	 */
-//	public OAuth20SessionObject getoAuth20SessionObject() {
-//		return oAuth20SessionObject;
-//	}
-//	
-//	/**
-//	 * @param oAuth20SessionObject
-//	 *            the oAuth20SessionObject to set
-//	 */
-//	public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) {
-//		this.oAuth20SessionObject = oAuth20SessionObject;
-//	}
+	 * @return the qAALevel
+	 */
+	public String getQAALevel() {
+		return QAALevel;
+	}
+
+	/**
+	 * @param qAALevel the qAALevel to set
+	 */
+	public void setQAALevel(String qAALevel) {
+		QAALevel = qAALevel;
+	}
+
+	
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 7908578ef..f4212cc78 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -73,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -197,6 +198,9 @@ public class GetForeignIDServlet extends AuthServlet {
 		    	IdentityLink identitylink = ilParser.parseIdentityLink();
 		    	session.setIdentityLink(identitylink);
 		    	
+		    	//set QAA Level four in case of card authentifcation
+		    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		    	
 		    	String samlArtifactBase64 = 
 		    		AuthenticationServer.getInstance().getForeignAuthenticationData(session);
 		    	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index b2224e10c..8bf437cca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -72,6 +72,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -218,6 +219,9 @@ public class GetMISSessionIDServlet extends AuthServlet {
 			session.setAuthenticatedUsed(false);
 			session.setAuthenticated(true);
 			
+	    	//set QAA Level four in case of card authentifcation
+	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+			
 			String oldsessionID = session.getSessionID();
 			
 			//Session is implicite stored in changeSessionID!!!
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 23eb138d9..b356c6f35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -54,9 +54,11 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.stork.STORKException;
 import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
 import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -327,6 +329,18 @@ public class PEPSConnectorServlet extends AuthServlet {
 			// stork did the authentication step
 			moaSession.setAuthenticated(true);
 			
+			//TODO: found better solution, but QAA Level in response could be not supported yet
+			try {
+				moasession.setQAALevel(authnResponse.getAssertions().get(0).
+						getAuthnStatements().get(0).getAuthnContext().
+						getAuthnContextClassRef().getAuthnContextClassRef());
+				
+			} catch (Throwable e) {
+				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+				moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+				
+			}
+			
     		//session is implicit stored in changeSessionID!!!!
     		String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
     		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
deleted file mode 100644
index 80089a423..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import org.opensaml.xml.security.credential.Credential;
-
-import eu.stork.vidp.messages.exception.SAMLException;
-
-/**
- * Interface supporting different kinds of Credentials
- * 
- * @author bzwattendorfer
- *
- */
-public interface CredentialProvider {
-	
-	/**
-	 * Gets appropriate credentials
-	 * @return Credential object
-	 * @throws SAMLException
-	 */
-	public Credential getCredential() throws SAMLException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
deleted file mode 100644
index cf167ba84..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.stork;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.vidp.messages.exception.SAMLException;
-
-/**
- * Provides credentials from a KeyStore
- * @author bzwattendorfer
- *
- */
-public class KeyStoreCredentialProvider implements CredentialProvider {
-	
-	private final static Logger log = LoggerFactory.getLogger(KeyStoreCredentialProvider.class);
-	
-	/** KeyStore Path */
-	private String keyStorePath;
-	
-	/** KeyStore Password */
-	private String keyStorePassword;
-	
-	/** Specific Key Name as Credential */
-	private String keyName;
-	
-	/** Key password */
-	private String keyPassword;
-	
-	/**
-	 * Creates a KeyStoreCredentialProvider object
-	 * @param keyStorePath KeyStore Path
-	 * @param keyStorePassword KeyStore Password
-	 * @param keyName KeyName of the key to be retrieved
-	 * @param keyPassword Password for the Key
-	 */
-	public KeyStoreCredentialProvider(String keyStorePath,
-			String keyStorePassword, String keyName, String keyPassword) {
-		super();
-		this.keyStorePath = keyStorePath;
-		this.keyStorePassword = keyStorePassword;
-		this.keyName = keyName;
-		this.keyPassword = keyPassword;
-	}
-
-
-	/**
-	 * Gets the credential object from the KeyStore
-	 */
-	public Credential getCredential() throws SAMLException {
-		log.trace("Retrieving credentials for signing SAML Response.");
-		
-		if (StringUtils.isEmpty(this.keyStorePath))
-			throw new SAMLException("No keyStorePath specified");
-		
-		//KeyStorePassword optional
-		//if (StringUtils.isEmpty(this.keyStorePassword))
-		//	throw new SAMLException("No keyStorePassword specified");
-		
-		if (StringUtils.isEmpty(this.keyName))
-			throw new SAMLException("No keyName specified");
-		
-		//KeyStorePassword optional
-		//if (StringUtils.isEmpty(this.keyPassword))
-		//	throw new SAMLException("No keyPassword specified");
-		
-		KeyStore ks;
-		try {
-			ks = KeyStoreUtils.loadKeyStore(this.keyStorePath, this.keyStorePassword);					
-		} catch (Exception e) {
-			log.error("Failed to load keystore information", e);
-			throw new SAMLException(e);
-		}
-		
-		//return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray());
-		BasicX509Credential credential = null;
-		try {
-			java.security.cert.X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName);
-			PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray());
-			credential = new BasicX509Credential();
-			credential.setEntityCertificate(certificate);			
-			credential.setPrivateKey(privateKey);
-						
-		} catch (Exception e) {
-			log.error("Error retrieving signing credentials.", e);
-			throw new SAMLException(e);
-		}
-						
-		return credential;
-		
-	}
-	
-		
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
deleted file mode 100644
index dcd1a8a1a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
+++ /dev/null
@@ -1,263 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.vidp.messages.saml.STORKAttribute;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Verifies the SAML assertion according to the STORK specification
- * @author bzwattendorfer
- *
- */
-public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
-			
-	private static final int CLOCK_SKEW_MINUTES = 5;
-	
-	private static final boolean IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY = false;
-
-	/* (non-Javadoc)
-	 * @see eu.stork.mw.peps.connector.validation.AssertionVerifier#verifyAssertion(org.opensaml.saml2.core.Assertion, java.lang.String, java.lang.String, java.lang.String)
-	 */
-	public void verify(Assertion assertion, String reqIPAddress,
-			String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException {
-
-		//SAML assertion need not to be signed, skipping signature validation
-		
-		verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient);
-		
-		Logger.debug("SubjectConfirmationData successfully verified");
-		
-		verifyConditions(assertion, audience);
-		
-		Logger.debug("Conditions successfully verified");
-	}
-	
-	
-	private void verifySubjectConfirmation(Assertion assertion, String reqAddress, String requestID, String recipient) throws SecurityException {		
-		for (SubjectConfirmation sc : assertion.getSubject().getSubjectConfirmations()) {
-			verifySubjectConfirmationData(sc.getSubjectConfirmationData(), reqAddress, requestID, recipient);
-		}
-				
-	}
-	
-	private void verifySubjectConfirmationData(SubjectConfirmationData scData, String reqAddress, String requestID, String recipient) throws SecurityException {				
-		//NotBefore not allowed in SSO profile
-		verifyNotOnOrAfter(scData.getNotOnOrAfter());
-		
-		Logger.trace("NotOnOrAfter successfully verified");
-		
-		if(IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY) {
-			verifyClientAddress(scData, reqAddress);
-			Logger.trace("User's client IP address successfully verified.");
-		} else {
-			Logger.warn("User's client IP address will not be verified.");
-		}
-		
-		verifyRecipient(scData, recipient);
-		Logger.trace("Recipient successfully verified");
-		
-		verifyInResponseTo(scData, requestID);
-		Logger.trace("InResponseTo successfully verified");
-				 
-	}
-	
-	private void verifyNotBefore(DateTime notBefore) throws SecurityException {
-		if (notBefore.minusMinutes(CLOCK_SKEW_MINUTES).isAfterNow()) {
-			String msg = "Subject/Assertion not yet valid, Timestamp: ";
-			Logger.error(msg + notBefore);
-			throw new SecurityException(msg);
-		}
-		
-		Logger.trace("Subject/Assertion already valid, notBefore: " + notBefore);
-		
-	}
-	
-	private void verifyNotOnOrAfter(DateTime notOnOrAfter) throws SecurityException {
-		if (notOnOrAfter.plusMinutes(CLOCK_SKEW_MINUTES).isBeforeNow()) {
-			String msg = "Subject/Assertion no longer valid.";
-			Logger.error(msg);
-			throw new SecurityException(msg);
-		}
-		
-		Logger.trace("Subject/Assertion still valid, notOnOrAfter: " + notOnOrAfter);
-	}
-
-	private void verifyClientAddress(SubjectConfirmationData scData, String reqAddress) throws SecurityException {
-		if (!reqAddress.equals(scData.getAddress())) {
-			String msg = "Response coming from wrong Client-Address";
-			Logger.error("Response coming from wrong Client-Address " +  reqAddress + ", expected " + scData.getAddress());
-			throw new SecurityException(msg);
-		}
-		
-	}
-	
-	private void verifyInResponseTo(SubjectConfirmationData scData, String requestID) throws SecurityException {
-		if (!scData.getInResponseTo().equals(requestID)) {
-			String msg = "Assertion issued for wrong request";
-			Logger.error(msg);
-			throw new SecurityException(msg);
-		}
-	}
-	
-	private void verifyRecipient(SubjectConfirmationData scData, String reqRecipient) throws SecurityException {
-		if (!scData.getRecipient().equals(reqRecipient)) {
-			String msg = "Assertion intended for another recipient";
-			Logger.error("Assertion intended for recipient " + scData.getRecipient() + "but expected " + reqRecipient);
-			throw new SecurityException(msg);
-		}
-		
-	}
-	
-	private void verifyAudience(AudienceRestriction audienceRestriction, String reqAudience) throws SecurityException {
-		for (Audience audience : audienceRestriction.getAudiences()) {
-			if (audience.getAudienceURI().equals(reqAudience))
-				return;
-		}
-		String msg = "Assertion sent to wrong audience";
-		Logger.error("Assertion intended for wrong audience, expected " + reqAudience);
-		throw new SecurityException(msg);
-	}
-	
-	private void verifyOneTimeUse(String assertionID) {
-		//not necessarily required to check since notBefore and notOnOrAfter are verified   
-		//check response Store for already existing assertion
-		
-	}
-	
-	private void verifyConditions(Assertion assertion, String reqAudience) throws SecurityException {		
-		Conditions conditions = assertion.getConditions();
-		
-		verifyNotBefore(conditions.getNotBefore());
-		Logger.trace("NotBefore successfully verified");
-		
-		verifyNotOnOrAfter(conditions.getNotOnOrAfter());
-		Logger.trace("NotOnOrAfter successfully verified");
-		
-		verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience);
-		
-		Logger.trace("Audience successfully verified");
-		
-	}
-	
-	public static void validateRequiredAttributes(
-			List<RequestedAttribute> reqAttrList,
-			List<Attribute> attrList)
-			throws STORKException {
-		
-		Logger.debug("Starting required attribute validation");
-		
-		if (reqAttrList == null || reqAttrList.isEmpty()) {
-			Logger.error("Requested Attributes list is empty.");
-			throw new STORKException("No attributes have been requested");
-		}
-		
-		if (attrList == null || attrList.isEmpty()) {
-			Logger.error("STORK AttributeStatement is empty.");
-			throw new STORKException("No attributes have been received");
-		}
-		
-		Logger.trace("These attributes have been requested and received: ");
-		int count = 0;
-		for (RequestedAttribute reqAttr : reqAttrList) {
-			Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired());
-			for(Attribute attr : attrList) {
-				if (verifyRequestedAttribute(reqAttr, attr))
-					count++;
-			}
-		}
-		
-		int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList);
-		Logger.trace("Number of requested required attributes: " + numRequiredReqAttr);
-		Logger.trace("Number of received required attributes: " + count);
-		
-		if (count != numRequiredReqAttr) {
-			Logger.error("Not all required attributes have been received");
-			throw new STORKException("Not all required attributes have been received");
-		}
-		Logger.debug("Received all required attributes!");			
-		
-	}
-	
-	private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) {
-		
-		if ((reqAttr.getName()).equals(attr.getName())) {
-			if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
-				Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr));
-				return true;
-			}			
-		}
-		return false;
-	}
-	
-	private static int getNumberOfRequiredAttributes(List<RequestedAttribute> reqAttrList) {
-		int count = 0;
-		for (RequestedAttribute reqAttr : reqAttrList)
-			if (reqAttr.isRequired()) count++;
-		
-		return count;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
deleted file mode 100644
index f9589950f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
+++ /dev/null
@@ -1,182 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.XMLUtil;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKResponse;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Verifies the SMAL response according to the STORK specification
- * @author bzwattendorfer
- *
- */
-public class PEPSConnectorResponseVerifier implements ResponseVerifier {
-		
-		
-	/* (non-Javadoc)
-	 * @see eu.stork.mw.peps.connector.validation.ResponseVerifier#verify(org.opensaml.saml2.core.Response)
-	 */
-	public void verify(STORKResponse response) throws SecurityException {
-		
-		verifySignature(response);
-		Logger.debug("Signature of SAML response valid.");
-		
-		verifyStandardValidation(response);
-		
-		Logger.debug("SAML response format valid.");
-		
-	}
-	
-	
-	private void verifySignature(STORKResponse response) throws SecurityException {
-		//validate Signature
-		try {
-			if (response.isSigned()) {		
-				
-				String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID();
-				
-				Logger.trace("Starting validation of Signature references");
-				try {
-					SAMLUtil.validateSignatureReferences(response);
-				} catch (ValidationException e) {
-					Logger.error("Validation of XML Signature refrences failed: " + e.getMessage());
-					throw new SecurityException(e);
-				}
-				Logger.debug("XML Signature references are OK.");
-				
-				Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID);
-				
-				// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
-				Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
-						.build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID);
-
-				Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
-				
-				Logger.trace("Calling MOA-SP");
-				// invokes the call
-				Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
-						.verifyXMLSignature(domVerifyXMLSignatureRequest);								
-				
-				// parses the <VerifyXMLSignatureResponse>
-				VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
-						domVerifyXMLSignatureResponse).parseData();
-				
-				Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
-
-				if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
-					String msg = "Signature of SAMLResponse not valid";
-					Logger.error(msg);					
-					throw new SecurityException(msg);
-				}
-				
-				Logger.debug("Signature of SAML response successfully verified");
-				
-				if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
-					String msg = "Certificate of SAMLResponse not valid";
-					Logger.error(msg);					
-					throw new SecurityException(msg);
-				}
-				
-				Logger.debug("Signing certificate of SAML response succesfully verified");
-				
-			} else {
-				String msg = "SAML Response is not signed.";
-				throw new SecurityException(msg);
-			}
-			
-		} catch (ConfigurationException e) {
-			String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
-			Logger.error(msg, e);
-			throw new SecurityException(msg, e);
-		} catch (ParseException e) {
-			String msg = "Unable to parse VerifyXMLSignature Request or Response.";
-			Logger.error(msg, e);
-			throw new SecurityException(msg, e);
-		} catch (BuildException e) {
-			String msg = "Unable to parse VerifyXMLSignature Request or Response.";
-			Logger.error(msg, e);
-			throw new SecurityException(msg, e);
-		} catch (ServiceException e) {
-			String msg = "Unable to invoke MOA-SP.";
-			Logger.error(msg, e);
-			throw new SecurityException(msg, e);
-		} 			
-		
-	}
-	
-	private void verifyStandardValidation(STORKResponse response) throws SecurityException {
-		try {
-			SAMLUtil.verifySAMLObjectStandardValidation(response, "saml2-core-schema-and-stork-validator");
-		} catch (SAMLValidationException e) {
-			String msg ="SAML Response received not valid.";
-			throw new SecurityException(msg, e);
-		}
-		
-	}
-	
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
deleted file mode 100644
index ea3d4101b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.stork;
-
-import eu.stork.mw.messages.saml.STORKResponse;
-
-/**
- * Interface to be implemented for SAML response verification
- * @author bzwattendorfer
- *
- */
-public interface ResponseVerifier {
-	
-	/**
-	 * Verifies a STORK response
-	 * @param response STORK response
-	 * @throws SecurityException
-	 */
-	public void verify(STORKResponse response) throws SecurityException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
deleted file mode 100644
index 5dc615b6c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/**
- * 
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Class handling all necessary functionality for STORK AuthnRequest processing
- * 
- * @author bzwattendorfer
- *
- */
-public class STORKAuthnRequestProcessor {
-	
-	/**
-	 * Creates a STORK AuthnRequest
-	 * @param destination Destination URL
-	 * @param acsURL Assertion Consumer Service URL
-	 * @param providerName SP Provider Name
-	 * @param issuerValue Issuer Name
-	 * @param qaaLevel STORK QAALevel to be requested
-	 * @param requestedAttributes Requested Attributes to be requested
-	 * @param spSector Sp Sector
-	 * @param spInstitution SP Institution
-	 * @param spApplication SP Application
-	 * @param spCountry SP Country
-	 * @param textToBeSigned text to be included in signedDoc element
-	 * @param mimeType mimeType for the text to be signed in signedDoc
-	 * @return STORK AuthnRequest
-	 */
-	public static STORKAuthnRequest generateSTORKAuthnRequest(
-			String destination, 
-			String acsURL, 
-			String providerName, 
-			String issuerValue, 
-			QualityAuthenticationAssuranceLevel qaaLevel, 
-			RequestedAttributes requestedAttributes, 
-			String spSector, 
-			String spInstitution, 
-			String spApplication, 
-			String spCountry,
-			String textToBeSigned,
-			String mimeType) {
-		
-			
-		STORKAuthnRequest storkAuthnRequest =  
-			STORKMessagesBuilder.buildSTORKAuthnRequest(
-					destination, 
-					acsURL, 
-					providerName, 
-					issuerValue, 
-					qaaLevel, 
-					requestedAttributes, 
-					spSector, 
-					spInstitution, 
-					spApplication, 
-					spCountry);				
-		
-		STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
-		
-		Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
-		
-		return storkAuthnRequest;
-		
-	}
-	
-	/**
-	 * Signs a STORK AuthnRequest
-	 * @param storkAuthnRequest STORK AuthRequest to sign
-	 * @param keyStorePath KeyStorePath to the signing key
-	 * @param keyStorePassword KeyStore Password
-	 * @param keyName Signing key name
-	 * @param keyPassword Signing key password
-	 * @return Signed STORK AuthnRequest
-	 * @throws SAMLException
-	 */
-	public static STORKAuthnRequest signSTORKAuthnRequest(
-			STORKAuthnRequest storkAuthnRequest,
-			String keyStorePath,
-			String keyStorePassword,
-			String keyName,
-			String keyPassword) throws SAMLException {
-		
-		Logger.trace("Building Credential Provider for signing process");
-		
-		CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
-		
-		Credential credential = credentialProvider.getCredential();
-		
-		Logger.trace("Credentials found");
-		
-		SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
-		
-		return storkAuthnRequest;
-	}
-	
-	/**
-	 * Validates a STORK AuthnRequest
-	 * @param storkAuthnRequest STORK AuthnRequest to validate
-	 * @throws SAMLValidationException
-	 */
-	public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
-				
-		SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
-		
-	}
-	
-	/**
-	 * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
-	 * @param request HttpServletRequest
-	 * @param response HttpServletResponse
-	 * @param storkAuthnRequest STORK AuthnRequest to send
-	 * @throws Exception
-	 */
-	public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
-		
-		Logger.trace("Create endpoint...");
-		Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
-		endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-		endpoint.setLocation(storkAuthnRequest.getDestination());
-
-		
-		Logger.trace("Prepare SAMLMessageContext...");
-		HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());		
-		BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
-		samlMessageContext.setOutboundMessageTransport(outTransport);
-		samlMessageContext.setPeerEntityEndpoint(endpoint);
-
-		Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
-		samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
-				
-		Logger.trace("Initialize VelocityEngine...");
-
-		VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-		
-//		HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
-		HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
-
-		Logger.trace("HTTP-Post encode SAMLMessageContext...");
-		encoder.encode(samlMessageContext);
-	}
-		
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 1fa7e5eb2..1804b5fd5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -63,6 +63,7 @@ import javax.xml.bind.JAXBContext;
 import javax.xml.bind.Unmarshaller;
 
 import org.hibernate.cfg.Configuration;
+import org.opensaml.DefaultBootstrap;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -363,9 +364,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 		
 				
 		//Initialize OpenSAML for STORK
-//		Logger.info("Starting initialization of OpenSAML...");
-//		STORKBootstrap.bootstrap();
-//		Logger.debug("OpenSAML successfully initialized");
+		Logger.info("Starting initialization of OpenSAML...");
+		DefaultBootstrap.bootstrap();
+		Logger.debug("OpenSAML successfully initialized");
 
 
 		String legacyconfig = props.getProperty("configuration.xml.legacy");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 998e28f6a..7a38e2afd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -273,7 +273,12 @@ public boolean isOnlyMandateAllowed() {
 	 * @return true, if is we should show stork login
 	 */
 	public boolean isShowStorkLogin() {
-		return oa_auth.getOASTORK().isStorkLogonEnabled();
+		try {
+			return oa_auth.getOASTORK().isStorkLogonEnabled();
+		
+		} catch (NullPointerException e) {
+			return false;
+		}
 	}
 
 public Map<String, String> getFormCustomizaten() {
@@ -322,7 +327,12 @@ public Map<String, String> getFormCustomizaten() {
 }
 
 public Integer getQaaLevel() {
-	return oa_auth.getOASTORK().getQaa();
+	
+	if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null)
+		return oa_auth.getOASTORK().getQaa();
+	
+	else
+		return 4;
 }
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 5b4843752..0172cce2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
 
 public interface PVPConstants {
 	
+	public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
 	public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
 	public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";
 	public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 28299871c..7c9cc6259 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.jcp.xml.dsig.internal.dom.DOMURIDereferencer;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
 import org.opensaml.common.xml.SAMLConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 17f76d35a..bc90da8df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -74,6 +74,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedExcept
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.id.util.QAALevelVerifier;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 
@@ -89,45 +90,59 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		AuthnContextClassRef authnContextClassRef = SAML2Utils
 				.createSAMLObject(AuthnContextClassRef.class);
 		
+		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+				.getOnlineApplicationParameter(
+						peerEntity.getEntityID());
+		
 		if (reqAuthnContext == null) {
 			 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
 			
-		} else {
+		}
 
-			boolean stork_qaa_1_4_found = false;
+		boolean stork_qaa_1_4_found = false;
+	
+		 List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+				.getAuthnContextClassRefs();
 		
-			 List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
-					.getAuthnContextClassRefs();
+		 if (reqAuthnContextClassRefIt.size() == 0) {
+			 
+			 QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), 
+					 STORK_QAA_1_4);
 			
-			 if (reqAuthnContextClassRefIt.size() == 0) {
-				 stork_qaa_1_4_found = true;
-				 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
-				 
-			 } else {
-				 for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
-					 String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					 if (qaa_uri.trim().equals(STORK_QAA_1_4)
-							 || qaa_uri.trim().equals(STORK_QAA_1_3)
-							 || qaa_uri.trim().equals(STORK_QAA_1_2)
-							 || qaa_uri.trim().equals(STORK_QAA_1_1)) {
-						
-						 if (authSession.isForeigner()) {
-							 //TODO: insert QAA check
-						
-							 stork_qaa_1_4_found = false;
-						
-						 } else {
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
-						 }
-						 break;
+			 stork_qaa_1_4_found = true;
+			 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+			 
+		 } else {
+			 for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
+				 String qaa_uri = authnClassRef.getAuthnContextClassRef();
+				 if (qaa_uri.trim().equals(STORK_QAA_1_4)
+						 || qaa_uri.trim().equals(STORK_QAA_1_3)
+						 || qaa_uri.trim().equals(STORK_QAA_1_2)
+						 || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+					
+					 if (authSession.isForeigner()) {
+						 QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), 
+								 STORK_QAA_PREFIX + oaParam.getQaaLevel());
+						 
+						 stork_qaa_1_4_found = true;
+						 authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+						 
+					 } else {
+						 
+						 QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), 
+								 qaa_uri.trim());
+						 
+						 stork_qaa_1_4_found = true;
+						 authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+						 							 
 					 }
+					 break;
 				 }
 			 }
-	
-			if (!stork_qaa_1_4_found) {
-				throw new QAANotSupportedException(STORK_QAA_1_4);
-			}
+		 }
+
+		if (!stork_qaa_1_4_found) {
+			throw new QAANotSupportedException(STORK_QAA_1_4);
 		}
 
 //		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
@@ -209,12 +224,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		 * null, true); } }
 		 */
 
-		// TODO: LOAD oaParam from request and not from MOASession in case of
-		// SSO
-		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-				.getOnlineApplicationParameter(
-						peerEntity.getEntityID());
-
 		AuthenticationData authData = AuthenticationServer
 				.buildAuthenticationData(authSession, oaParam,
 						oaParam.getTarget());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
index 523063c6e..f3d815e7d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -44,11 +45,19 @@ public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
 			IAttributeGenerator<ATT> g) throws AttributeException {
 		try {
 			DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-			Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth());
-			DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
-			String dateString = pvpDateFormat.format(date);
 			
-			return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
+			if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) {			
+				Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth());
+				DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
+				String dateString = pvpDateFormat.format(date);
+			
+				return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
+				
+			} else {
+				//build empty attribute if no Birthday date is found (STORK2)
+				return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
+				
+			}
 			
 			//return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index d318792f1..f4b48ece3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -22,14 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
 
-import java.io.IOException;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
 
 import org.joda.time.DateTime;
 import org.opensaml.Configuration;
@@ -40,12 +37,10 @@ import org.opensaml.saml2.core.EncryptedAssertion;
 import org.opensaml.saml2.core.Issuer;
 import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.impl.EncryptedAssertionBuilder;
 import org.opensaml.saml2.encryption.Encrypter;
 import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.KeyDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.security.MetadataCredentialResolver;
 import org.opensaml.security.MetadataCriteria;
@@ -54,17 +49,13 @@ import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.encryption.EncryptionException;
 import org.opensaml.xml.encryption.EncryptionParameters;
 import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.security.CriteriaSet;
 import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.criteria.EntityIDCriteria;
 import org.opensaml.xml.security.criteria.UsageCriteria;
 import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.KeyInfo;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -80,7 +71,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedEx
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.PrettyPrinter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index 1963115da..e3e25b1a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -37,7 +37,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
 
 public class CredentialProvider {
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index d398ca533..f0ae6f446 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -113,10 +113,12 @@ public class MetadataSignatureFilter implements MetadataFilter {
 					throw new MOAIDException("Root element of metadata file has to be signed", null);
 				}
 				processEntitiesDescriptor(entitiesDescriptor);
-			} /*else if (metadata instanceof EntityDescriptor) {
+				
+			} else if (metadata instanceof EntityDescriptor) {
 				EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
 				processEntityDescriptorr(entityDescriptor);
-			} */else {
+				
+			} else {
 				throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
 			}
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
index e48c7bb98..67a91f6e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
@@ -34,36 +34,36 @@ import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
 import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
 import org.opensaml.xml.signature.SignatureTrustEngine;
 import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
-import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
+//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
+//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
 
 public class TrustEngineFactory {
 
-	public static SignatureTrustEngine getSignatureTrustEngine() {
-		try {
-			MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
-					MOAMetadataProvider.getInstance());
-
-			List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-			keyInfoProvider.add(new DSAKeyValueProvider());
-			keyInfoProvider.add(new RSAKeyValueProvider());
-			keyInfoProvider.add(new InlineX509DataProvider());
-
-			KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-					keyInfoProvider);
-
-			PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
-					mdResolver, keyInfoResolver);
-
-			return engine;
-
-		} catch (Exception e) {
-			e.printStackTrace();
-			return null;
-		}
-	}
+//	public static SignatureTrustEngine getSignatureTrustEngine() {
+//		try {
+//			MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
+//					MOAMetadataProvider.getInstance());
+//
+//			List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+//			keyInfoProvider.add(new DSAKeyValueProvider());
+//			keyInfoProvider.add(new RSAKeyValueProvider());
+//			keyInfoProvider.add(new InlineX509DataProvider());
+//
+//			KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+//					keyInfoProvider);
+//
+//			PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
+//					mdResolver, keyInfoResolver);
+//
+//			return engine;
+//
+//		} catch (Exception e) {
+//			e.printStackTrace();
+//			return null;
+//		}
+//	}
 
 	public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() {
 		MetadataCredentialResolver resolver;
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java
index 77969010f..9562d1c42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java
@@ -14,7 +14,7 @@ import javax.xml.ws.WebServiceFeature;
 /**
  * This class was generated by the JAX-WS RI.
  * JAX-WS RI 2.2.4-b01
- * Generated source version: 2.2
+ * Generated source version: 2.1
  * 
  */
 @WebServiceClient(name = "SZRGWService", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", wsdlLocation = "file:/D:/Projekte/svn/online-vollmachten/egovutils/src/main/resources/wsdl/szrgw/szrgw.wsdl")
@@ -42,26 +42,10 @@ public class SZRGWService
         super(__getWsdlLocation(), SZRGWSERVICE_QNAME);
     }
 
-    public SZRGWService(WebServiceFeature... features) {
-        super(__getWsdlLocation(), SZRGWSERVICE_QNAME, features);
-    }
-
-    public SZRGWService(URL wsdlLocation) {
-        super(wsdlLocation, SZRGWSERVICE_QNAME);
-    }
-
-    public SZRGWService(URL wsdlLocation, WebServiceFeature... features) {
-        super(wsdlLocation, SZRGWSERVICE_QNAME, features);
-    }
-
     public SZRGWService(URL wsdlLocation, QName serviceName) {
         super(wsdlLocation, serviceName);
     }
 
-    public SZRGWService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) {
-        super(wsdlLocation, serviceName, features);
-    }
-
     /**
      * 
      * @return
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java
index 01ca437c9..9f0a8bd6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java
@@ -14,7 +14,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
 /**
  * This class was generated by the JAX-WS RI.
  * JAX-WS RI 2.2.4-b01
- * Generated source version: 2.2
+ * Generated source version: 2.1
  * 
  */
 @WebService(name = "SZRGWType", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl")
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java
index eb9ff0739..ebcee3d1d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java
@@ -62,7 +62,7 @@ public class AbstractPersonType {
 
     @XmlElement(name = "Identification")
     protected List<IdentificationType> identification;
-    @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false)
+    @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
     protected List<JAXBElement<? extends AbstractSimpleIdentificationType>> abstractSimpleIdentification;
     @XmlAttribute(name = "Id")
     @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@@ -120,14 +120,14 @@ public class AbstractPersonType {
      * <p>
      * Objects of the following type(s) are allowed in the list
      * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
-     * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >}
      * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
-     * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >}
      * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
-     * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >}
-     * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >}
      * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
+     * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >}
      * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >}
+     * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >}
+     * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >}
+     * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >}
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java
index 0a542e073..bd7d32493 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java
@@ -188,8 +188,8 @@ public class CompactCorporateBodyType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link Object }
+     * {@link Element }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java
index 1aa6acbf4..aad9fa004 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java
@@ -63,7 +63,7 @@ public class CompactPersonDataType
 
     @XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
     protected JAXBElement<? extends AbstractPersonType> person;
-    @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false)
+    @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
     protected List<JAXBElement<? extends AbstractAddressType>> address;
     @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#")
     protected List<SignatureType> signature;
@@ -75,11 +75,11 @@ public class CompactPersonDataType
      * 
      * @return
      *     possible object is
-     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
-     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
-     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
      *     {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
      *     {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
      *     
      */
     public JAXBElement<? extends AbstractPersonType> getPerson() {
@@ -91,11 +91,11 @@ public class CompactPersonDataType
      * 
      * @param value
      *     allowed object is
-     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
-     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
-     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
      *     {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
      *     {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
      *     
      */
     public void setPerson(JAXBElement<? extends AbstractPersonType> value) {
@@ -120,12 +120,12 @@ public class CompactPersonDataType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
+     * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}
+     * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}
      * {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}
      * {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}
      * {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}
      * {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >}
-     * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}
-     * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java
index 94e97ea12..1e37799b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java
@@ -240,8 +240,8 @@ public class CompactPhysicalPersonType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link Object }
+     * {@link Element }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java
index 19d957d80..6596ae3ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java
@@ -256,8 +256,8 @@ public class CorporateBodyType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link Object }
+     * {@link Element }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java
index f22d6858a..df20e777f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java
@@ -172,8 +172,8 @@ public class IdentificationType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link Object }
+     * {@link Element }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java
index 2afa51544..90dfd4110 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java
@@ -121,8 +121,8 @@ public class InternetAddressType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link Object }
+     * {@link Element }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java
index 4a426fc93..ebc563acb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java
@@ -52,10 +52,10 @@ import org.w3c.dom.Element;
 public class NationalityType {
 
     @XmlElementRefs({
-        @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
-        @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
         @XmlElementRef(name = "CountryNameFR", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
-        @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
+        @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
+        @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),
+        @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
     })
     @XmlMixed
     @XmlAnyElement(lax = true)
@@ -79,13 +79,13 @@ public class NationalityType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link JAXBElement }{@code <}{@link String }{@code >}
      * {@link JAXBElement }{@code <}{@link String }{@code >}
-     * {@link Object }
      * {@link String }
      * {@link JAXBElement }{@code <}{@link String }{@code >}
      * {@link JAXBElement }{@code <}{@link String }{@code >}
+     * {@link Element }
+     * {@link Object }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java
index cefaa3bbd..699519798 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java
@@ -63,7 +63,7 @@ public class PersonDataType
 
     @XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
     protected JAXBElement<? extends AbstractPersonType> person;
-    @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false)
+    @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)
     protected List<JAXBElement<? extends AbstractAddressType>> address;
     @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#")
     protected List<SignatureType> signature;
@@ -75,11 +75,11 @@ public class PersonDataType
      * 
      * @return
      *     possible object is
-     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
-     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
-     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
      *     {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
      *     {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
      *     
      */
     public JAXBElement<? extends AbstractPersonType> getPerson() {
@@ -91,11 +91,11 @@ public class PersonDataType
      * 
      * @param value
      *     allowed object is
-     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
-     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
-     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
      *     {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}
      *     {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >}
+     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}
      *     
      */
     public void setPerson(JAXBElement<? extends AbstractPersonType> value) {
@@ -120,12 +120,12 @@ public class PersonDataType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
+     * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}
+     * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}
      * {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}
      * {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}
      * {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}
      * {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >}
-     * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}
-     * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java
index f2727635e..4c5a5e34f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java
@@ -484,8 +484,8 @@ public class PhysicalPersonType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link Object }
+     * {@link Element }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java
index eb7640237..2e8e7e6e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java
@@ -125,8 +125,8 @@ public class TelephoneAddressType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link Object }
+     * {@link Element }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java
index c85e2ec69..0b53e5e6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java
@@ -120,8 +120,8 @@ public class TypedPostalAddressType
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link Object }
+     * {@link Element }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java
index e8ec84ccf..fb556ea95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java
@@ -41,8 +41,8 @@ import org.w3c.dom.Element;
 public class AdviceType {
 
     @XmlElementRefs({
-        @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false)
+        @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class),
+        @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class)
     })
     @XmlAnyElement(lax = true)
     protected List<Object> assertionIDReferenceOrAssertionOrAny;
@@ -65,10 +65,10 @@ public class AdviceType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
+     * {@link JAXBElement }{@code <}{@link String }{@code >}
      * {@link Element }
      * {@link JAXBElement }{@code <}{@link AssertionType }{@code >}
      * {@link Object }
-     * {@link JAXBElement }{@code <}{@link String }{@code >}
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java
index 6845e807a..89b61c35c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java
@@ -41,8 +41,8 @@ import javax.xml.bind.annotation.XmlType;
 public class SubjectType {
 
     @XmlElementRefs({
-        @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false)
+        @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class),
+        @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class)
     })
     protected List<JAXBElement<?>> content;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java
index 1f980f6df..c6845af5e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java
@@ -53,13 +53,13 @@ import org.w3c.dom.Element;
 public class KeyInfoType {
 
     @XmlElementRefs({
-        @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+        @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
     })
     @XmlMixed
     @XmlAnyElement(lax = true)
@@ -88,16 +88,16 @@ public class KeyInfoType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
-     * {@link JAXBElement }{@code <}{@link String }{@code >}
      * {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}
      * {@link JAXBElement }{@code <}{@link X509DataType }{@code >}
+     * {@link JAXBElement }{@code <}{@link String }{@code >}
      * {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >}
-     * {@link Object }
-     * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}
      * {@link String }
      * {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >}
+     * {@link Element }
+     * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}
      * {@link JAXBElement }{@code <}{@link String }{@code >}
+     * {@link Object }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java
index 55001162c..68693eace 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java
@@ -42,8 +42,8 @@ import org.w3c.dom.Element;
 public class KeyValueType {
 
     @XmlElementRefs({
-        @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+        @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
     })
     @XmlMixed
     @XmlAnyElement(lax = true)
@@ -68,10 +68,10 @@ public class KeyValueType {
      * <p>
      * Objects of the following type(s) are allowed in the list
      * {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >}
-     * {@link Element }
+     * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}
      * {@link String }
+     * {@link Element }
      * {@link Object }
-     * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java
index a32d3badc..167a019bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java
@@ -25,6 +25,7 @@ import javax.xml.namespace.QName;
 @XmlRegistry
 public class ObjectFactory {
 
+    private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength");
     private final static QName _PGPData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPData");
     private final static QName _SPKIData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKIData");
     private final static QName _CanonicalizationMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod");
@@ -49,16 +50,15 @@ public class ObjectFactory {
     private final static QName _Transform_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transform");
     private final static QName _DigestValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestValue");
     private final static QName _KeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyValue");
-    private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath");
+    private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID");
+    private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket");
+    private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp");
     private final static QName _X509DataTypeX509IssuerSerial_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial");
     private final static QName _X509DataTypeX509Certificate_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
     private final static QName _X509DataTypeX509SKI_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SKI");
     private final static QName _X509DataTypeX509SubjectName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SubjectName");
     private final static QName _X509DataTypeX509CRL_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509CRL");
-    private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength");
-    private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp");
-    private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID");
-    private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket");
+    private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath");
 
     /**
      * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.util.xsd.xmldsig
@@ -244,6 +244,15 @@ public class ObjectFactory {
     }
 
     /**
+     * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}}
+     * 
+     */
+    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class)
+    public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) {
+        return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value);
+    }
+
+    /**
      * Create an instance of {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}}
      * 
      */
@@ -463,9 +472,27 @@ public class ObjectFactory {
      * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
      * 
      */
-    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class)
-    public JAXBElement<String> createTransformTypeXPath(String value) {
-        return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value);
+    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class)
+    public JAXBElement<String> createPGPDataTypePGPKeyID(String value) {
+        return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value);
+    }
+
+    /**
+     * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+     * 
+     */
+    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class)
+    public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) {
+        return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value);
+    }
+
+    /**
+     * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
+     * 
+     */
+    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class)
+    public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) {
+        return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value);
     }
 
     /**
@@ -514,39 +541,12 @@ public class ObjectFactory {
     }
 
     /**
-     * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}}
-     * 
-     */
-    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class)
-    public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) {
-        return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value);
-    }
-
-    /**
-     * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
-     * 
-     */
-    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class)
-    public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) {
-        return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value);
-    }
-
-    /**
      * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
      * 
      */
-    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class)
-    public JAXBElement<String> createPGPDataTypePGPKeyID(String value) {
-        return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value);
-    }
-
-    /**
-     * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
-     * 
-     */
-    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class)
-    public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) {
-        return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value);
+    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class)
+    public JAXBElement<String> createTransformTypeXPath(String value) {
+        return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value);
     }
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java
index e45501db6..add2d8886 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java
@@ -47,8 +47,8 @@ import org.w3c.dom.Element;
 public class PGPDataType {
 
     @XmlElementRefs({
-        @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+        @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
     })
     @XmlAnyElement(lax = true)
     protected List<Object> content;
@@ -81,10 +81,10 @@ public class PGPDataType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
-     * {@link Object }
      * {@link JAXBElement }{@code <}{@link String }{@code >}
+     * {@link Element }
      * {@link JAXBElement }{@code <}{@link String }{@code >}
+     * {@link Object }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java
index f829d355d..e6a187e9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java
@@ -60,8 +60,8 @@ public class SPKIDataType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
      * {@link JAXBElement }{@code <}{@link String }{@code >}
+     * {@link Element }
      * {@link Object }
      * 
      * 
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java
index 70695afdf..1a463591b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java
@@ -42,7 +42,7 @@ import javax.xml.bind.annotation.XmlType;
 })
 public class SignatureMethodType {
 
-    @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+    @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
     @XmlMixed
     @XmlAnyElement(lax = true)
     protected List<Object> content;
@@ -68,9 +68,9 @@ public class SignatureMethodType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
+     * {@link JAXBElement }{@code <}{@link BigInteger }{@code >}
      * {@link String }
      * {@link Object }
-     * {@link JAXBElement }{@code <}{@link BigInteger }{@code >}
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java
index 2b96c553e..e92465a4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java
@@ -42,7 +42,7 @@ import org.w3c.dom.Element;
 })
 public class TransformType {
 
-    @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+    @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
     @XmlMixed
     @XmlAnyElement(lax = true)
     protected List<Object> content;
@@ -68,9 +68,9 @@ public class TransformType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
+     * {@link String }
      * {@link JAXBElement }{@code <}{@link String }{@code >}
      * {@link Element }
-     * {@link String }
      * {@link Object }
      * 
      * 
diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java
index e3148b2d0..c70b72293 100644
--- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java
@@ -46,11 +46,11 @@ import org.w3c.dom.Element;
 public class X509DataType {
 
     @XmlElementRefs({
-        @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false),
-        @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false)
+        @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class),
+        @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)
     })
     @XmlAnyElement(lax = true)
     protected List<Object> x509IssuerSerialOrX509SKIOrX509SubjectName;
@@ -73,13 +73,13 @@ public class X509DataType {
      * 
      * <p>
      * Objects of the following type(s) are allowed in the list
-     * {@link Element }
-     * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}
      * {@link JAXBElement }{@code <}{@link String }{@code >}
+     * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}
      * {@link JAXBElement }{@code <}{@link String }{@code >}
-     * {@link Object }
+     * {@link Element }
      * {@link JAXBElement }{@code <}{@link String }{@code >}
      * {@link JAXBElement }{@code <}{@link String }{@code >}
+     * {@link Object }
      * 
      * 
      */
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index dc698782a..a6c0601e4 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -220,6 +220,7 @@ pvp2.13=Interner Server Fehler
 pvp2.14=SAML Anfrage verweigert
 pvp2.15=Keine Metadateninformation gefunden
 pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
+pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
 
 oauth20.01=Fehlerhafte redirect url
 oauth20.02=Fehlender Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 3eff06daf..9d6ad4085 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -3,333 +3,318 @@
 <head>
 <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
-<!-- MOA-ID 2.x BKUSelection Layout CSS -->
-<style type="text/css">
-@media screen and (min-width: 650px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		background-color: #fff;
-		text-align: center;
-		background-color: #6B7B8B;
-	}
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		/*border-radius: 5px;*/
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*border-radius: 7px;*/
-		margin-bottom: 25px;
-		min-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 0.85em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-	}
-	#page {
-		display: block;
-		border: 2px solid rgb(0, 0, 0);
-		width: 650px;
-		height: 440px;
-		margin: 0 auto;
-		margin-top: 5%;
-		position: relative;
-		border-radius: 25px;
-		background: rgb(255, 255, 255);
-	}
-	#page1 {
-		text-align: center;
-	}
-	#main {
-		/*	clear:both; */
-		position: relative;
-		margin: 0 auto;
-		width: 250px;
-		text-align: center;
-	}
-	.OA_header {
-		/*	  background-color: white;*/
-		font-size: 20pt;
-		margin-bottom: 25px;
-		margin-top: 25px;
-	}
-	#leftcontent {
-		/*float:left; */
-		width: 250px;
-		margin-bottom: 25px;
-		text-align: left;
-		border: 1px solid rgb(0, 0, 0);
-	}
-	#selectArea {
-		font-size: 15px;
-		padding-bottom: 65px;
-	}
-	#leftcontent {
-		width: 300px;
-		margin-top: 30px;
-	}
-	#bku_header {
-		height: 5%;
-		padding-bottom: 3px;
-		padding-top: 3px;
-	}
-	#bkulogin {
-		overflow: hidden;
-		min-width: 190px;
-		min-height: 180px;
-		/*height: 260px;*/
-	}
-	h2#tabheader {
-		font-size: 1.1em;
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 100px;
-		height: 30px
-	}
-	#leftbutton {
-		width: 30%;
-		float: left;
-		margin-left: 40px;
-	}
-	#rightbutton {
-		width: 30%;
-		float: right;
-		margin-right: 45px;
-		text-align: right;
-	}
-	button {
-		height: 25px;
-		width: 75px;
-		margin-bottom: 10px;
-	}
-	#validation {
-		position: absolute;
-		bottom: 0px;
-		margin-left: 270px;
-		padding-bottom: 10px;
-	}
-}
+   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+    <style type="text/css">
+			@media screen and (min-width: 650px) {
+			
+				body {
+					margin:0;
+					padding:0;
+					color : #000;
+					background-color : #fff;
+			  	text-align: center;
+			  	background-color: #6B7B8B;
+				}
+				
+        #localBKU p {
+          font-size: 0.7em;
+        } 
+        
+        #localBKU input{
+          font-size: 0.7em;
+          /*border-radius: 5px;*/
+        }
+        
+         #bkuselectionarea input[type=button] {
+          font-size: 0.85em;
+          /*border-radius: 7px;*/
+          margin-bottom: 25px;
+          min-width: 80px;
+         }
+        
+        #mandateLogin {
+          font-size: 0.85em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.8em;
+        } 
+        
+        
+			  #page {
+			    display: block;
+			    border: 2px solid rgb(0,0,0);
+			    width: 650px;
+			    height: 460px;
+			    margin: 0 auto;
+			    margin-top: 5%;
+			    position: relative;
+			    border-radius: 25px;
+			    background: rgb(255,255,255);
+			  }
+			  
+			  #page1 {
+			    text-align: center;
+			  }
+			  
+			  #main {
+			    /*	clear:both; */
+				  position:relative;
+			    margin: 0 auto;
+			    width: 250px;
+			    text-align: center;
+			  }
+			  
+			  .OA_header {
+			/*	  background-color: white;*/
+			    font-size: 20pt;
+			    margin-bottom: 25px;
+			    margin-top: 25px;
+			  }
+			
+			  #leftcontent {
+			    /*float:left; */
+				  width:250px;
+				  margin-bottom: 25px;
+			    text-align: left;
+			    border: 1px solid rgb(0,0,0);
+			  }
+			  			  
+			  #selectArea {
+				 font-size: 15px;
+				 padding-bottom: 65px;
+			  }
+			
+			  #leftcontent {
+				 width: 300px;
+				 margin-top: 30px;
+			  }
+			
+        #bku_header {
+          height: 5%;
+          padding-bottom: 3px;
+          padding-top: 3px;
+        }
+      
+        #bkulogin {
+				  overflow:hidden;	
+          min-width: 190px;
+          min-height: 180px;
+          /*height: 260px;*/	
+			  }
+      
+        h2#tabheader{
+				  font-size: 1.1em; 
+          padding-left: 2%;
+          padding-right: 2%;
+          position: relative;
+			  }
+      	
+        #stork h2 {
+          font-size: 1.0em;
+          margin-bottom: 2%;
+        }
+        		  
+			  .setAssertionButton_full {
+			  	background: #efefef;
+				  cursor: pointer;
+				  margin-top: 15px;
+			    width: 100px;
+			    height: 30px
+			  }
+			
+			  #leftbutton  {
+				 width: 30%; 
+				 float:left; 
+				 margin-left: 40px;
+			  }
+			
+			  #rightbutton {
+				 width: 30%; 
+				 float:right; 
+				 margin-right: 45px; 
+				 text-align: right;
+			  }
+        
+        button {
+          height: 25px;
+          width: 75px;
+          margin-bottom: 10px;
+        }
+        
+       #validation {
+        position: absolute;
+        bottom: 0px;
+        margin-left: 270px;
+        padding-bottom: 10px;
+      }
+			
+			}
 
-@media screen and (max-width: 205px) {
-	#localBKU p {
-		font-size: 0.6em;
-	}
-	#localBKU input {
-		font-size: 0.6em;
-		min-width: 60px;
-		/* max-width: 65px; */
-		min-height: 1.0em;
-		/* border-radius: 5px; */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.7em;
-		min-width: 55px;
-		/*min-height: 1.1em;
+      @media screen and (max-width: 205px) {
+        #localBKU p {
+          font-size: 0.6em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.6em;
+          min-width: 60px;
+         /* max-width: 65px; */
+          min-height: 1.0em;
+         /* border-radius: 5px; */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.7em;
+          min-width: 55px;
+          /*min-height: 1.1em;
           border-radius: 5px;*/
-		margin-bottom: 2%
-	}
-	#mandateLogin {
-		font-size: 0.65em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-		margin-top: -0.4em;
-		padding-top: 0.4em;
-	}
-	#bkulogin {
-		min-height: 150px;
-	}
-}
+          margin-bottom: 2%
+        }
+        
+        #mandateLogin {
+          font-size: 0.65em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.8em;
+          margin-top: -0.4em;
+          padding-top: 0.4em;
+        }
+        
+        #bkulogin {
+        min-height: 150px;
+        } 
+      }
 
-@media screen and (max-width: 249px) and (min-width: 206px) {
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		min-width: 70px;
-		/*    max-width: 75px;    */
-		min-height: 0.95em;
-		/*  border-radius: 6px;    */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.75em;
-		min-width: 60px;
-		/*    min-height: 0.95em;
+      @media screen and (max-width: 249px) and (min-width: 206px) {
+        #localBKU p {
+          font-size: 0.7em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.7em;
+          min-width: 70px;
+       /*    max-width: 75px;    */
+          min-height: 0.95em;
+        /*  border-radius: 6px;    */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.75em;
+          min-width: 60px;
+      /*    min-height: 0.95em;
           border-radius: 6px;    */
-		margin-bottom: 5%
-	}
-	#mandateLogin {
-		font-size: 0.75em;
-	}
-	#bku_header h2 {
-		font-size: 0.9em;
-		margin-top: -0.45em;
-		padding-top: 0.45em;
-	}
-	#bkulogin {
-		min-height: 180px;
-	}
-}
+          margin-bottom: 5%
+        }
+        
+        #mandateLogin {
+          font-size: 0.75em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.9em;
+          margin-top: -0.45em;
+          padding-top: 0.45em;
+        }
+        
+        #bkulogin {
+          min-height: 180px;
+        }  
+      }
 
-@media screen and (max-width: 299px) and (min-width: 250px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*    max-width: 75px;      */
-		/*    border-radius: 6px;  */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*     min-height: 1.05em;
+      @media screen and (max-width: 299px) and (min-width: 250px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+       /*    max-width: 75px;      */
+      /*    border-radius: 6px;  */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.85em;
+     /*     min-height: 1.05em;
           border-radius: 7px;        */
-		margin-bottom: 10%;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.0em;
-		margin-top: -0.50em;
-		padding-top: 0.50em;
-	}
-}
+          margin-bottom: 10%;
+        }
+        
+        #mandateLogin {
+          font-size: 1em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.0em;
+          margin-top: -0.50em;
+          padding-top: 0.50em;
+        } 
+      }
 
-@media screen and (max-width: 399px) and (min-width: 300px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 75px;     */
-		/*    border-radius: 6px;       */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.9em;
-		/*       min-height: 1.2em;
+      @media screen and (max-width: 399px) and (min-width: 300px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+      /*     max-width: 75px;     */
+      /*    border-radius: 6px;       */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.9em;
+   /*       min-height: 1.2em;
           border-radius: 8px;          */
-		margin-bottom: 10%;
-		max-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.1em;
-		margin-top: -0.55em;
-		padding-top: 0.55em;
-	}
-}
-
-@media screen and (max-width: 649px) and (min-width: 400px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 80px;       */
-		/*     border-radius: 6px;          */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 1.0em;
-		/*      min-height: 1.3em;
+          margin-bottom: 10%;
+          max-width: 80px;
+        }
+        
+        #mandateLogin {
+          font-size: 1em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.1em;
+          margin-top: -0.55em;
+          padding-top: 0.55em;
+        } 
+      }
+      
+      @media screen and (max-width: 649px) and (min-width: 400px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+      /*     max-width: 80px;       */
+     /*     border-radius: 6px;          */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 1.0em;
+     /*      min-height: 1.3em;
          border-radius: 10px;         */
-		margin-bottom: 10%;
-		max-width: 85px;
-	}
-	#mandateLogin {
-		font-size: 1.2em;
-	}
-	#bku_header h2 {
-		font-size: 1.3em;
-		margin-top: -0.65em;
-		padding-top: 0.65em;
-	}
-}
+          margin-bottom: 10%;
+          max-width: 85px;
+        }
+        
+        #mandateLogin {
+          font-size: 1.2em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.3em;
+          margin-top: -0.65em;
+          padding-top: 0.65em;
+        } 
+      }
 
-@media screen and (max-width: 649px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		text-align: center;
-		font-size: 100%;
-		background-color: #MAIN_BACKGOUNDCOLOR#;
-	}
-	#page {
-		visibility: hidden;
-		margin-top: 0%;
-	}
-	#page1 {
-		visibility: hidden;
-	}
-	#main {
-		visibility: hidden;
-	}
-	#validation {
-		visibility: hidden;
-		display: none;
-	}
-	.OA_header {
-		margin-bottom: 0px;
-		margin-top: 0px;
-		font-size: 0pt;
-		visibility: hidden;
-	}
-	#leftcontent {
-		visibility: visible;
-		margin-bottom: 0px;
-		text-align: left;
-		border: none;
-		vertical-align: middle;
-		min-height: 173px;
-		min-width: 204px;
-	}
-	#bku_header {
-		height: 10%;
-		min-height: 1.2em;
-		margin-top: 1%;
-	}
-	h2#tabheader {
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-		top: 50%;
-	}
-	#bkulogin {
-		min-width: 190px;
-		min-height: 155px;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 70px;
-		height: 25px;
-	}
-	input[type=button] {
-		/*          height: 11%;  */
-		width: 70%;
-	}
-}
 
 			
 			@media screen and (max-width: 649px) {
@@ -392,6 +377,11 @@
           top: 50%;
 			  }
         
+        #stork h2 {
+          font-size: 0.9em;
+          margin-bottom: 2%;
+        }
+        
        	#bkulogin {	
           min-width: 190px;
           min-height: 155px;	
@@ -444,6 +434,11 @@
 				text-align: right;
 			}
 			
+			#stork {
+			    /*margin-bottom: 10px;*/
+			   /* margin-top: 5px; */
+			}
+      			
       #mandateLogin {
         padding-bottom: 4%;
         padding-top: 4%;
@@ -472,7 +467,7 @@
         padding-left: 5%;
         padding-right: 2%;
         padding-bottom: 4%;
-        padding-top: 4%;
+        /*padding-top: 4%;*/
         position: relative;
         clear: both;        
 			}
@@ -523,83 +518,86 @@
 /*        box-shadow: -1px -1px 3px #222222;  */
 /*			}
       
-*/
-input {
-	/*border:1px solid #000;*/
-	cursor: pointer;
-}
-
-#localBKU input {
-	/*        color: #BUTTON_COLOR#;  */
-	border: 0px;
-	display: inline-block;
-}
-
-#localBKU input:hover,#localBKU input:focus,#localBKU input:active {
-	text-decoration: underline;
-}
-
-#installJava,#BrowserNOK {
-	clear: both;
-	font-size: 0.8em;
-	padding: 4px;
-}
-
-.selectText {
-	
-}
-
-.selectTextHeader {
-	
-}
-
-.sendButton {
-	width: 30%;
-	margin-bottom: 1%;
-}
-
-#leftcontent a {
-	text-decoration: none;
-	color: #000;
-	/*	display:block;*/
-	padding: 4px;
-}
-
-#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active {
-	text-decoration: underline;
-	color: #000;
-}
-
-.infobutton {
-	background-color: #005a00;
-	color: white;
-	font-family: serif;
-	text-decoration: none;
-	padding-top: 2px;
-	padding-right: 4px;
-	padding-bottom: 2px;
-	padding-left: 4px;
-	font-weight: bold;
-}
-
-.hell {
-	background-color: #MAIN_BACKGOUNDCOLOR#;
-	color: #MAIN_COLOR#;
-}
-
-.dunkel {
-	background-color: #HEADER_BACKGROUNDCOLOR#;
-	color: #HEADER_COLOR#;
-}
-
-.main_header {
-	color: black;
-	font-size: 32pt;
-	position: absolute;
-	right: 10%;
-	top: 40px;
-}
-</style>
+*/      
+			input {
+				/*border:1px solid #000;*/
+				cursor: pointer;
+			}
+      
+      #localBKU input {
+/*        color: #BUTTON_COLOR#;  */
+        border: 0px;
+        display: inline-block;
+        
+      }
+			
+      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
+        text-decoration: underline;
+      }
+      
+			#installJava, #BrowserNOK {
+				clear:both;
+				font-size:0.8em;
+				padding:4px;
+			}
+						
+			.selectText{
+			
+			}
+			
+			.selectTextHeader{
+			
+			}
+			
+			.sendButton {
+        width: 30%;
+        margin-bottom: 1%;	
+			}
+			
+			#leftcontent a {
+				text-decoration:none; 
+				color: #000;
+			/*	display:block;*/
+				padding:4px;	
+			}
+			
+			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+				text-decoration:underline;
+				color: #000;	
+			}
+						
+			.infobutton {
+				background-color: #005a00;
+				color: white;
+				font-family: serif;
+				text-decoration: none;
+				padding-top: 2px;
+				padding-right: 4px;
+				padding-bottom: 2px;
+				padding-left: 4px;
+				font-weight: bold;
+			}
+			
+			.hell {
+				background-color : #MAIN_BACKGOUNDCOLOR#;
+        color: #MAIN_COLOR#;	
+			}
+			
+			.dunkel {
+				background-color: #HEADER_BACKGROUNDCOLOR#;
+        color: #HEADER_COLOR#;
+			}
+			      
+			.main_header {
+			   color: black;
+			    font-size: 32pt;
+			    position: absolute;
+			    right: 10%;
+			    top: 40px;
+				
+			}
+      			                        
+    </style>       
 <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
 <script type="text/javascript">
 		function isIE() {
@@ -806,6 +804,7 @@ input {
                   </p-->								                                  
                 </form>								                                                          
               </div>
+              
               <div id="stork" align="center" style="#STORKVISIBLE#">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
                 <p>
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-02-03 15:38:24 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-02-03 15:38:24 +0100
commit	ef35deb727190363d17d693d10f27171787cc92c (patch)
tree	92f4a4c6133147716328f93b86239d5dd8fcc629 /id/server/idserverlib/src/main
parent	4333fd60c637f2a739e3db17d00f61c68c465a8e (diff)
download	moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.tar.gz moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.tar.bz2 moa-id-spss-ef35deb727190363d17d693d10f27171787cc92c.zip