merge SSO interfederation into Snapshot branch

Conflicts:
	id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java

21 files changed, 2318 insertions, 9 deletions

diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 6c2e12c65..1831d0e1c 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -4,11 +4,12 @@
     <parent>
         <groupId>MOA.id</groupId>
         <artifactId>moa-id</artifactId>
-        <version>2.0.1</version>
+        <version>2.0.x</version>
     </parent>
     <artifactId>moa-id-commons</artifactId>
     <name>moa-id-commons</name>
     <groupId>MOA.id.server</groupId>
+    <version>${moa-id-version}</version>
 
     <profiles>
         <profile>
@@ -64,11 +65,20 @@
             <version>3.3.1</version>
         </dependency>
         <dependency>
+					<groupId>commons-httpclient</groupId>
+					<artifactId>commons-httpclient</artifactId>
+				</dependency>
+        <dependency>
             <groupId>MOA</groupId>
             <artifactId>moa-common</artifactId>
             <type>jar</type>
         </dependency>
 
+				<dependency>
+					<groupId>iaik.prod</groupId>
+					<artifactId>iaik_X509TrustManager</artifactId>
+				</dependency>
+
         <!-- dependency>
             <groupId>com.sun.xml.bind</groupId>
             <artifactId>jaxb-xjc</artifactId>
@@ -127,6 +137,7 @@
         </resources>
 
         <plugins>
+                
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
@@ -227,9 +238,9 @@
                     </execution>
                 </executions>
             </plugin>
-        </plugins>
-        <pluginManagement>
-            <plugins>
+           </plugins>
+           <pluginManagement>
+           <plugins>           
                 <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
                 <plugin>
                     <groupId>org.eclipse.m2e</groupId>
@@ -261,6 +272,24 @@
                         </lifecycleMappingMetadata>
                     </configuration>
                 </plugin>
+							<plugin>
+            		<groupId>org.codehaus.mojo</groupId>
+            		<artifactId>properties-maven-plugin</artifactId>
+            		<version>1.0-alpha-2</version>
+            		<executions>
+                		<execution>
+                    		<phase>initialize</phase>
+                    		<goals>
+                        		<goal>read-project-properties</goal>
+                    		</goals>
+                    		<configuration>
+    	                   		<files>
+		                            <file>${basedir}/moa-id.properties</file>
+      		                  </files>
+          		          </configuration>
+              		  </execution>
+            		</executions>
+        		</plugin>
             </plugins>
         </pluginManagement>
     </build>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 730a328ab..2a65366b8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -53,7 +53,13 @@ import org.hibernate.annotations.DynamicUpdate;
     @NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"),
     @NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"),
     @NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"),
-    @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate")
+    @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate"),
+    @NamedQuery(name="getMOAISessionWithUserNameID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.userNameID = :usernameid and activeOAsessions.attributeQueryUsed is false"),
+    @NamedQuery(name="getActiveOAWithSessionIDandOAIDandProtocol", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.protocolType = :protocol and authenticatedsessionstore.sessionid = :sessionID"),
+    @NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"),
+    @NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"),
+    @NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"),
+    @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID")
 })
 
 public class AuthenticatedSessionStore implements Serializable{
@@ -82,6 +88,9 @@ public class AuthenticatedSessionStore implements Serializable{
 	
 	@Column(name = "isSSOSession", nullable=false)
 	private boolean isSSOSession =  false;
+
+	@Column(name = "isInterfederatedSSOSession", nullable=false)
+	private boolean isInterfederatedSSOSession =  false;
 	
 	@Column(name = "pendingRequestID", nullable=false)
 	private String pendingRequestID =  "";
@@ -100,6 +109,9 @@ public class AuthenticatedSessionStore implements Serializable{
 	@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
     private List<OldSSOSessionIDStore> oldssosessionids = null;
 	
+	@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
+    private List<InterfederationSessionStore> inderfederation = null;
+
     @PrePersist
     protected void created() {
     this.updated = this.created = new Date();
@@ -193,6 +205,20 @@ public class AuthenticatedSessionStore implements Serializable{
 	public void setOldssosessionids(List<OldSSOSessionIDStore> oldssosessionids) {
 		this.oldssosessionids = oldssosessionids;
 	}
+	
+	/**
+	 * @return the inderfederation
+	 */
+	public List<InterfederationSessionStore> getInderfederation() {
+		return inderfederation;
+	}
+
+	/**
+	 * @param inderfederation the inderfederation to set
+	 */
+	public void setInderfederation(List<InterfederationSessionStore> inderfederation) {
+		this.inderfederation = inderfederation;
+	}
 
 	/**
 	 * @return the pendingRequestID
@@ -221,8 +247,21 @@ public class AuthenticatedSessionStore implements Serializable{
 	public void setIv(byte[] iv) {
 		this.iv = iv;
 	}
+
+	/**
+	 * @return the isInterfederatedSSOSession
+	 */
+	public boolean isInterfederatedSSOSession() {
+		return isInterfederatedSSOSession;
+	}
+
+	/**
+	 * @param isInterfederatedSSOSession the isInterfederatedSSOSession to set
+	 */
+	public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) {
+		this.isInterfederatedSSOSession = isInterfederatedSSOSession;
+	}
 	
 	
 
-
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
new file mode 100644
index 000000000..1fcdd9b9b
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
@@ -0,0 +1,195 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.db.dao.session;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.Table;
+
+import org.hibernate.annotations.DynamicUpdate;
+
+@Entity
+@DynamicUpdate(value=true)
+@Table(name = "interfederation")
+
+public class InterfederationSessionStore implements Serializable{
+
+	private static final long serialVersionUID = 1L;
+	
+	@Id
+	@GeneratedValue(strategy = GenerationType.IDENTITY)
+	@Column(name = "id", unique=true, nullable=false)
+	private long id;
+		
+	@Column(name = "idpurlprefix", unique=false, nullable=false)
+	private String idpurlprefix;
+	
+	@Column(name = "sessionIndex", unique=false, nullable=false)
+	private String sessionIndex;
+	
+	@Column(name = "nameID", unique=false, nullable=false)
+	private String userNameID;
+	
+	@Column(name = "QAALevel", unique=false, nullable=false)
+	private String QAALevel;
+	
+	@Column(name = "attributesRequested", unique=false, nullable=true)
+	private boolean attributesRequested;
+	
+	@Column(name = "created", updatable=false, nullable=false)
+//    @Temporal(TemporalType.TIMESTAMP)
+    private Date created;
+	
+//    @PrePersist
+//    protected void created() {
+//    	this.created = new Date();
+//    }
+
+	@ManyToOne(fetch=FetchType.LAZY)
+	@JoinColumn(name = "moasession")
+	private AuthenticatedSessionStore moasession;
+
+	/**
+	 * @return the id
+	 */
+	public long getId() {
+		return id;
+	}
+
+	/**
+	 * @param id the id to set
+	 */
+	public void setId(long id) {
+		this.id = id;
+	}
+
+	/**
+	 * @return the idpurlprefix
+	 */
+	public String getIdpurlprefix() {
+		return idpurlprefix;
+	}
+
+	/**
+	 * @param idpurlprefix the idpurlprefix to set
+	 */
+	public void setIdpurlprefix(String idpurlprefix) {
+		this.idpurlprefix = idpurlprefix;
+	}
+
+	/**
+	 * @return the sessionIndex
+	 */
+	public String getSessionIndex() {
+		return sessionIndex;
+	}
+
+	/**
+	 * @param sessionIndex the sessionIndex to set
+	 */
+	public void setSessionIndex(String sessionIndex) {
+		this.sessionIndex = sessionIndex;
+	}
+
+	/**
+	 * @return the userNameID
+	 */
+	public String getUserNameID() {
+		return userNameID;
+	}
+
+	/**
+	 * @param userNameID the userNameID to set
+	 */
+	public void setUserNameID(String userNameID) {
+		this.userNameID = userNameID;
+	}
+
+	/**
+	 * @return the attributesRequested
+	 */
+	public boolean isAttributesRequested() {
+		return attributesRequested;
+	}
+
+	/**
+	 * @param attributesRequested the attributesRequested to set
+	 */
+	public void setAttributesRequested(boolean attributesRequested) {
+		this.attributesRequested = attributesRequested;
+	}
+
+	/**
+	 * @return the created
+	 */
+	public Date getCreated() {
+		return created;
+	}
+
+	/**
+	 * @param created the created to set
+	 */
+	public void setCreated(Date created) {
+		this.created = created;
+	}
+
+	/**
+	 * @return the moasession
+	 */
+	public AuthenticatedSessionStore getMoasession() {
+		return moasession;
+	}
+
+	/**
+	 * @param moasession the moasession to set
+	 */
+	public void setMoasession(AuthenticatedSessionStore moasession) {
+		this.moasession = moasession;
+	}
+
+	/**
+	 * @return the qAALevel
+	 */
+	public String getQAALevel() {
+		return QAALevel;
+	}
+
+	/**
+	 * @param qAALevel the qAALevel to set
+	 */
+	public void setQAALevel(String qAALevel) {
+		QAALevel = qAALevel;
+	}
+
+
+}
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
index 25b48310e..539de990f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
@@ -59,9 +59,15 @@ public class OASessionStore implements Serializable{
 	@Column(name = "userNameID", unique=false, nullable=true)
 	private String userNameID;
 	
+	@Column(name = "userNameIDFormat", unique=false, nullable=true)
+	private String userNameIDFormat;
+	
 	@Column(name = "protocolType", unique=false, nullable=true)
 	private String protocolType;
 	
+	@Column(name = "attributequeryused", unique=false, nullable=false)
+	private boolean attributeQueryUsed = false;
+	
 	@Column(name = "created", updatable=false, nullable=false)
 //    @Temporal(TemporalType.TIMESTAMP)
     private Date created;
@@ -149,6 +155,36 @@ public class OASessionStore implements Serializable{
 		this.protocolType = protocolType;
 	}
 
+	/**
+	 * @return the attributeQueryUsed
+	 */
+	public boolean isAttributeQueryUsed() {
+		return attributeQueryUsed;
+	}
+
+	/**
+	 * @param attributeQueryUsed the attributeQueryUsed to set
+	 */
+	public void setAttributeQueryUsed(boolean attributeQueryUsed) {
+		this.attributeQueryUsed = attributeQueryUsed;
+	}
+
+	/**
+	 * @return the userNameIDFormat
+	 */
+	public String getUserNameIDFormat() {
+		return userNameIDFormat;
+	}
+
+	/**
+	 * @param userNameIDFormat the userNameIDFormat to set
+	 */
+	public void setUserNameIDFormat(String userNameIDFormat) {
+		this.userNameIDFormat = userNameIDFormat;
+	}
+
+	
+	
 
 
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
index 65c9003e3..b557d2dc9 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
@@ -78,6 +78,9 @@ public class StatisticLog implements Serializable{
 	@Column(name = "isSSOLogin", unique=false)
 	private boolean ssosession;
 	
+	@Column(name = "isInterfederatedSSOLogin", unique=false)
+	private boolean interfederatedSSOSession;
+	
 	@Column(name = "isBusinessService", unique=false)
 	private boolean businessservice;
 	
@@ -390,6 +393,21 @@ public class StatisticLog implements Serializable{
 	public void setErrortype(String errortype) {
 		this.errortype = errortype;
 	}
+
+	/**
+	 * @return the interfederatedSSOSession
+	 */
+	public boolean isInterfederatedSSOSession() {
+		return interfederatedSSOSession;
+	}
+
+	/**
+	 * @param interfederatedSSOSession the interfederatedSSOSession to set
+	 */
+	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+		this.interfederatedSSOSession = interfederatedSSOSession;
+	}
+	
 	
 	
 	
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
new file mode 100644
index 000000000..c6d8b1d79
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.ex;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactoryException extends Exception {
+
+	private static final long serialVersionUID = 4934502074731319897L;
+
+	
+	public MOAHttpProtocolSocketFactoryException(String message) {
+		super(message);		
+	}
+	
+	public MOAHttpProtocolSocketFactoryException(String message, Throwable e) {
+		super(message, e );		
+	}
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
new file mode 100644
index 000000000..3b6fc34ea
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+	
+	
+	private SSLSocketFactory sslfactory = null;
+	
+	public MOAHttpProtocolSocketFactory (
+			String url, 
+			String certStoreRootDirParam,
+			String trustStoreURL,
+			String acceptedServerCertURL,
+			ChainingModeType chainingMode,
+			boolean checkRevocation
+			) throws MOAHttpProtocolSocketFactoryException {
+		super();
+		
+		try {
+			this.sslfactory = SSLUtils.getSSLSocketFactory(
+					url, 
+					certStoreRootDirParam, 
+					trustStoreURL, 
+					acceptedServerCertURL, 
+					chainingMode.value(), 
+					checkRevocation, 
+					null, 
+					null, 
+					null);
+			
+		} catch (IOException e) {
+			throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+			
+		} catch (GeneralSecurityException e) {
+			throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+			
+		} catch (SSLConfigurationException e) {
+			throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e);
+			
+		} catch (PKIException e) {
+			throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+			
+		}
+			
+	}
+	
+	/* (non-Javadoc)
+	 * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
+	 */
+	public Socket createSocket(String host, int port, InetAddress localAddress,
+			int localPort) throws IOException, UnknownHostException {
+		return this.sslfactory.createSocket(host, port,
+				localAddress, localPort);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams)
+	 */
+	public Socket createSocket(String host, int port, InetAddress localAddress,
+			int localPort, HttpConnectionParams params) throws IOException,
+			UnknownHostException, ConnectTimeoutException {
+		return this.sslfactory.createSocket(host, port,
+				localAddress, localPort);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int)
+	 */
+	public Socket createSocket(String host, int port) throws IOException,
+			UnknownHostException {
+		return this.sslfactory.createSocket(host, port);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
+	 */
+	public Socket createSocket(Socket socket, String host, int port,
+			boolean autoClose) throws IOException, UnknownHostException {
+		return this.sslfactory.createSocket(socket, host,
+				port, autoClose);
+	}
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
new file mode 100644
index 000000000..00e750f58
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -0,0 +1,156 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import at.gv.egovernment.moa.logging.Logger;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+
+import java.io.File;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CertStoreConfigurationImpl extends ObservableImpl
+        implements CertStoreConfiguration, DirectoryCertStoreParameters {
+    /**
+     * identifies the rootDirectory
+     */
+    private String rootDirectory;
+
+    /**
+     * Array for storing all CertStoreParameters
+     */
+    private CertStoreParameters[] parameters;
+
+    /**
+     * Create a new <code>CertStoreConfigurationImpl</code>.
+     *
+     * @param conf The MOA configuration from which the configuration data is
+     * @throws ConfigurationException an any config-error
+     *                                being read.
+     */
+    public CertStoreConfigurationImpl(String certStoreRootDirParam) throws SSLConfigurationException {
+
+        if (certStoreRootDirParam == null)
+            throw new SSLConfigurationException(
+                    "config.08", new Object[]{"CertStoreDirectory"});
+
+        //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
+        rootDirectory = certStoreRootDirParam;
+        Logger.error("Using file: " + rootDirectory);
+        if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5);
+        Logger.error("Using file2: " + rootDirectory);
+
+        File f = new File(rootDirectory);
+        //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir());
+
+        if (!f.exists()) {
+            Logger.error("File does not exists: " + f.getAbsolutePath());
+            throw new SSLConfigurationException(
+                    "config.05", new Object[]{"CertStoreDirectory"});
+        }
+
+        if (!f.isDirectory()) {
+            Logger.error("File is not a directory: " + f.getAbsolutePath());
+            throw new SSLConfigurationException(
+                    "config.05", new Object[]{"CertStoreDirectory"});
+        }
+
+
+        parameters = new CertStoreParameters[]{this};
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+     */
+    public CertStoreParameters[] getParameters() {
+        return parameters;
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+     */
+    public String getRootDirectory() {
+        return rootDirectory;
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+     */
+    public boolean createNew() {
+        return false;
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+     */
+    public String getId() {
+        return "MOA ID Directory CertStore";
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+     */
+    public boolean isReadOnly() {
+        return false;
+    }
+
+    /**
+     * @return <code>CertStoreTypes.DIRECTORY</code>
+     * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+     */
+    public String getType() {
+        return CertStoreTypes.DIRECTORY;
+    }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
new file mode 100644
index 000000000..eaef3f1d4
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -0,0 +1,164 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+/**
+ * <code>TrustManager</code> implementation featuring CRL checking (inherited from
+ * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDTrustManager extends IAIKX509TrustManager {
+  
+  /** an x509Certificate array containing all accepted server certificates*/
+  private X509Certificate[] acceptedServerCertificates;
+
+  /**
+   * Constructor
+   * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
+   * @throws GeneralSecurityException occurs on security errors
+   * @throws IOException occurs on IO errors
+   */
+  public MOAIDTrustManager(String acceptedServerCertificateStoreURL) 
+    throws IOException, GeneralSecurityException {
+    
+    if (acceptedServerCertificateStoreURL != null)
+      buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
+    else
+      acceptedServerCertificates = null;
+  }
+
+ 
+  /**
+   * Initializes the LoggingContextManager logging context.
+   * Fixes a bug occuring in the case MOA-SP is called by API.
+   * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
+   * This method must be called before a MOAIDTrustManager is constructed,
+   * from every thread.
+   */
+  public static void initializeLoggingContext() {  
+    if (LoggingContextManager.getInstance().getLoggingContext() == null)
+    LoggingContextManager.getInstance().setLoggingContext(
+      new LoggingContext(Thread.currentThread().getName()));
+  }
+
+  
+  /**
+   * Builds an Array of accepted server certificates from an URL,
+   * and stores it in <code>acceptedServerCertificates</code>.
+   * @param acceptedServerCertificateStoreURL file URL pointing to the directory
+   *         containing accepted server X509 certificates
+   * @throws GeneralSecurityException on security errors
+   * @throws IOException on any IO errors
+   */
+  private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) 
+    throws IOException, GeneralSecurityException {
+
+    List<X509Certificate> certList = new ArrayList<X509Certificate>();
+    URL storeURL = new URL(acceptedServerCertificateStoreURL);
+    File storeDir = new File(storeURL.getFile());
+    // list certificate files in directory
+    File[] certFiles = storeDir.listFiles(); 
+    for (int i = 0; i < certFiles.length; i++) {
+      // for each: create an X509Certificate and store it in list
+      File certFile = certFiles[i];
+      FileInputStream fis = new FileInputStream(certFile.getPath());
+      CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+      X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
+      fis.close();
+      certList.add(cert);
+    }
+    // store acceptedServerCertificates
+    acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
+  }
+
+  /**
+   * Does additional server-end-SSL-certificate checking.
+   * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
+   */
+  public boolean isServerTrusted(X509Certificate[] certChain) {
+    boolean trusted = super.isServerTrusted(certChain);
+    if (! trusted || acceptedServerCertificates == null)
+      return trusted;
+    else {
+      // check server-end-SSL-certificate with acceptedServerCertificates
+      X509Certificate serverCert = certChain[0];
+      for (int i = 0; i < acceptedServerCertificates.length; i++) {
+        X509Certificate acceptedServerCert = acceptedServerCertificates[i];
+        if (serverCert.equals(acceptedServerCert))
+          return true;
+      }
+      Logger.warn("SSL certificate validation FAILED.");
+      return false;
+    }
+  }
+  /**
+   * In rare cases, this method is being called although it should not be.
+   * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
+   */
+  public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
+  {
+    return true;
+  }
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java
new file mode 100644
index 000000000..fa9cd879d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java
@@ -0,0 +1,92 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observable;
+import iaik.pki.store.observer.Observer;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ObservableImpl implements Observable {
+  /** a List for all observers */
+  private List<Observer> observers = new ArrayList<Observer>();
+
+  /**
+   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+   */
+  public void addObserver(Observer observer) {
+    observers.add(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+   */
+  public boolean removeObserver(Observer observer) {
+    return observers.remove(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+   */
+  public void notify(NotificationData data) {
+    Iterator<Observer> iter = observers.iterator();
+    for (iter = observers.iterator(); iter.hasNext();) {
+      Observer observer = (Observer) iter.next();
+      observer.notify(data);
+    }
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
new file mode 100644
index 000000000..5d8c7a54e
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
@@ -0,0 +1,118 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.pathvalidation.ValidationConfiguration;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+
+/**
+ * Implementation of interface <code>PKIConfiguration</code> needed to
+ * initialize an IAIK JSSE <code>TrustManager</code>
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PKIConfigurationImpl implements PKIConfiguration {
+  /** The configuration for the CertStore */
+  private CertStoreConfiguration certStoreConfiguration;
+  /** The configuration for the RevocationChecks */
+  private RevocationConfiguration revocationConfiguration;
+  /** The configuration for the Validation */
+  private ValidationConfiguration validationConfiguration;
+
+  /**
+   * Constructor
+   * @param conf the Configuration for the PKIConfig
+   * @throws ConfigurationException for any config error
+   */
+  public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException {
+    
+    certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam);
+    revocationConfiguration = new RevocationConfigurationImpl();
+    validationConfiguration = new ValidationConfigurationImpl(chainingMode);
+  }
+
+  /**
+   * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
+   */
+  public CertStoreConfiguration getCertStoreConfiguration() {
+    return certStoreConfiguration;
+  }
+
+  /**
+   * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
+   */
+  public RevocationConfiguration getRevocationConfiguration() {
+    return revocationConfiguration;
+  }
+
+  /**
+   * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
+   */
+  public ArchiveConfiguration getArchiveConfiguration() {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
+   */
+  public ValidationConfiguration getValidationConfiguration() {
+    return validationConfiguration;
+  }
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIConfiguration#getTimeout()
+ */
+  public int getTimeout() {
+	// TODO Auto-generated method stub
+	return 0;
+}
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
new file mode 100644
index 000000000..59994a257
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -0,0 +1,230 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Set;
+
+import iaik.pki.PKIProfile;
+import iaik.pki.pathvalidation.ValidationProfile;
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+
+/**
+ * Implementation of the <code>PKIProfile</code> interface and subinterfaces
+ * providing information needed for certificate path validation.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PKIProfileImpl extends ObservableImpl
+  implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
+
+  /**
+   * URI to the truststore
+   */
+  private String trustStoreURI;
+
+	/**
+	 * revocation checking;
+	 */
+	private boolean revocationChecking;
+  
+  /**
+   * The trust profile identifier. 
+   */
+  private String id;
+
+
+  /**
+   * Create a new <code>PKIProfileImpl</code>.
+   * 
+   * @param trustStoreURI trust store URI
+   */
+  public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
+    this.trustStoreURI = trustStoreURI;
+    this.revocationChecking = revocationChecking;
+    String id = String.valueOf(System.currentTimeMillis());
+    setId("id-" + id);
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#autoAddCertificates()
+   */
+  public boolean autoAddCertificates() {
+    return true;
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#getRevocationProfile()
+   */
+  public RevocationProfile getRevocationProfile() {
+    return this;
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#getTrustStoreProfile()
+   */
+  public TrustStoreProfile getTrustStoreProfile() {
+    return this;
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#getValidationProfile()
+   */
+  public ValidationProfile getValidationProfile() {
+    return this;
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
+   */
+  public boolean useAuthorityInfoAccess() {
+    return true;
+  }
+  
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
+   */
+  public long getMaxRevocationAge(String arg0) {
+    return 0;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
+   */
+  public String getOCSPRequestHashAlgorithm() {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
+   */
+  public String[] getPreferredServiceOrder(X509Certificate arg0) {
+    return new String[] {RevocationSourceTypes.CRL};
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
+   */
+  public String getType() {
+    return TrustStoreTypes.DIRECTORY;
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
+   */
+  public String getURI() {
+    return trustStoreURI;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
+   */
+  public boolean getInitialAnyPolicyInhibit() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
+   */
+  public boolean getInitialExplicitPolicy() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
+   */
+  public boolean getInitialPolicyMappingInhibit() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
+   */
+  public Set getInitialPolicySet() {
+    return Collections.EMPTY_SET;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
+   */
+  public boolean getNameConstraintsProcessing() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
+   */
+  public boolean getPolicyProcessing() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
+   */
+  public boolean getRevocationChecking() {
+		return this.revocationChecking;
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
+   */
+  public String getId() {
+    return id;
+  }
+  /**
+   * Sets the trust profile identifier.
+   * @param id The id to set.
+   */
+  public void setId(String id) {
+    this.id = id;
+  }
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
new file mode 100644
index 000000000..b5e0543db
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -0,0 +1,84 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.revocation.RevocationConfiguration;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Set;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
+
+  /**
+   * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
+   */
+  public Set getAlternativeDistributionPoints(
+    X509Certificate arg0,
+    X509Certificate arg1,
+    Date arg2) {
+    return Collections.EMPTY_SET;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
+   */
+  public boolean archiveRevocationInfo(String arg0, String arg1) {
+    return false;
+  }
+
+  public Integer getCrlRetentionInterval(String arg0) {
+     return null;
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java
new file mode 100644
index 000000000..b1334ad67
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SSLConfigurationException extends Exception {
+
+	private static final long serialVersionUID = -3705679559648920151L;
+
+	private String errorID = null;
+	private Object[] parameters = null;
+	private Throwable e = null;
+	
+	public SSLConfigurationException(String errorID, Object[] parameters) {
+		this.errorID = errorID;
+		this.parameters = parameters;
+	}
+	
+	public SSLConfigurationException(String errorID, Object[] parameters, Throwable e) {
+		this.errorID = errorID;
+		this.parameters = parameters;
+		this.e = e;
+	}
+
+	/**
+	 * @return the errorID
+	 */
+	public String getErrorID() {
+		return errorID;
+	}
+
+	/**
+	 * @return the parameters
+	 */
+	public Object[] getParameters() {
+		return parameters;
+	}
+
+	/**
+	 * @return the e
+	 */
+	public Throwable getE() {
+		return e;
+	}
+	
+	
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
new file mode 100644
index 000000000..68437a04d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -0,0 +1,186 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
+ * This <code>TrustManager</code> implementation features CRL checking.<br/>
+ * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s. 
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtils {
+  
+  /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
+  private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+
+  /**
+   * Initializes the SSLSocketFactory store.
+   */
+  public static void initialize() {
+    sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+    // JSSE Abhängigkeit
+    //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    Security.addProvider(new IAIK());
+    //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+    
+    
+  }
+  
+  /**
+   * Creates an <code>SSLSocketFactory</code> which utilizes an
+   * <code>IAIKX509TrustManager</code> for the given trust store,
+   * and the given key store.
+   * 
+   * @param conf configuration provider providing a generic properties pointing 
+   *         to trusted CA store and certificate store root
+   * @param connParam connection parameter containing the client key store settings
+   *         to be used in case of client authentication; 
+   *         if <code>connParam.getClientKeyStore() == null</code>, client authentication
+   *         is assumed to be disabled
+   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+   * @throws IOException thrown while reading key store file
+   * @throws GeneralSecurityException thrown while creating the socket factory
+   * @throws ConfigurationException on invalid configuration data
+   * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+   */
+  public static SSLSocketFactory getSSLSocketFactory(
+		  String url, 
+		  String certStoreRootDirParam, 
+		  String trustStoreURL, 
+		  String acceptedServerCertURL,
+		  String chainingMode,
+		  boolean checkRevocation,
+		  String clientKeyStoreURL,
+		  String clientKeyStorePassword,
+		  String clientKeyStoreType
+		  ) 
+    throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException {
+    
+    Logger.debug("Get SSLSocketFactory for " + url);
+    // retrieve SSLSocketFactory if already created
+    SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(url);
+    if (ssf != null) 
+      return ssf;
+        
+    TrustManager[] tms = getTrustManagers(
+    		 certStoreRootDirParam,
+    		 chainingMode,    		 
+    		 trustStoreURL, 
+    		 acceptedServerCertURL,
+    		 checkRevocation);
+    
+    KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+      clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+    SSLContext ctx = SSLContext.getInstance("TLS");
+    ctx.init(kms, tms, null);    
+    ssf = ctx.getSocketFactory();
+    // store SSLSocketFactory
+    sslSocketFactories.put(url, ssf);
+    return ssf;
+  }
+  
+  public static void removeSSLSocketFactory(String url) {
+	  Logger.info("Remove SSLSocketFactory for URL " + url);
+	if (sslSocketFactories.containsKey(url))
+		sslSocketFactories.remove(url);
+	  
+  }
+  
+  /**
+   * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
+   * using configuration data.
+   * 
+   * @param conf MOA-ID configuration provider
+   * @param trustStoreURL trust store URL
+   * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
+   * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
+   * @throws ConfigurationException on invalid configuration data
+   * @throws IOException on data-reading problems
+   * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+   */
+  private static TrustManager[] getTrustManagers(String certStoreRootDirParam, 
+		  String chainingMode, String trustStoreURL, String acceptedServerCertURL,
+    boolean checkRevocation) 
+    throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+    PKIConfiguration cfg = null;
+    if (! PKIFactory.getInstance().isAlreadyConfigured())
+      cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
+    PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+    // This call fixes a bug occuring when PKIConfiguration is
+    // initialized by the MOA-SP initialization code, in case
+    // MOA-SP is called by API
+    MOAIDTrustManager.initializeLoggingContext();    
+    IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+    tm.init(cfg, profile);
+    return new TrustManager[] {tm};
+  }
+    
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java
new file mode 100644
index 000000000..275aed4c4
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java
@@ -0,0 +1,97 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.pathvalidation.ValidationConfiguration;
+
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ValidationConfigurationImpl extends ObservableImpl
+  implements ValidationConfiguration {
+  /** The ConfigurationProvider for the validation*/
+  private String chainingMode;
+    
+  /**
+   * Constructor
+   * @param conf with the configuration
+   */
+  public ValidationConfigurationImpl(String chainingMode) {
+    this.chainingMode = chainingMode;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
+   */
+  public String getChainingMode(X509Certificate trustAnchor) {
+
+	  //INFO: MOA-ID 2.x always use defaultChainingMode
+	  
+    return chainingMode;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
+   */
+  public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
+   */
+  public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
+    return null;
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java
new file mode 100644
index 000000000..2ad50568a
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java
@@ -0,0 +1,104 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.validation;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+
+public class TargetValidator {
+
+	private static Map<String, String> targetList = null;
+	
+	static {
+		targetList = new HashMap<String, String>();
+		targetList.put("AR", "Arbeit");
+		targetList.put("AS", "Amtliche Statistik");
+		targetList.put("BF", "Bildung und Forschung");
+		targetList.put("BW", "Bauen und Wohnen");
+		targetList.put("EA", "EU und Auswärtige Angelegenheiten");
+		targetList.put("EF", "Ein- und Ausfuhr");
+		targetList.put("GH", "Gesundheit");
+		targetList.put("GS", "Gesellschaft und Soziales");
+//		targetList.put("GS-RE", "Restitution");
+		targetList.put("JR", "Justiz/Zivilrechtswesen");
+		targetList.put("KL", "Kultus");
+		targetList.put("KU", "Kunst und Kultur");
+		targetList.put("LF", "Land- und Forstwirtschaft");
+		targetList.put("LV", "Landesverteidigung");
+		targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation");
+		targetList.put("SA", "Steuern und Abgaben");
+		targetList.put("SA", "Sport und Freizeit");
+		targetList.put("SO", "Sicherheit und Ordnung");
+//		targetList.put("SO-VR", "Vereinsregister");
+//		targetList.put("SR-RG", "Strafregister");
+		targetList.put("SV", "Sozialversicherung");
+		targetList.put("UW", "Umwelt");
+		targetList.put("VT", "Verkehr und Technik");
+		targetList.put("VV", "Vermögensverwaltung");
+		targetList.put("WT", "Wirtschaft");
+		targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)");
+		targetList.put("BR", "Bereichsübergreifender Rechtsschutz");
+		targetList.put("HR", "Zentrales Rechnungswesen");
+		targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes");
+		targetList.put("OI", "Öffentlichkeitsarbeit");
+		targetList.put("PV", "Personalverwaltung");
+		targetList.put("RD", "Zentraler Rechtsdienst");
+		targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren");
+//		targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister");
+		targetList.put("ZU", "Zustellungen");
+	}
+	
+	public static List<String> getListOfTargets() {
+		Map<String, String> list = new HashMap<String, String>();
+		list.put("", "");
+		list.putAll(targetList);
+		
+		List<String> sortedList = new ArrayList<String>();
+		sortedList.addAll(list.keySet());
+		Collections.sort(sortedList);
+		
+		return sortedList;
+	
+	}
+	
+	public static String getTargetFriendlyName(String target) {
+		String name = targetList.get(target);
+		
+		if (MiscUtil.isNotEmpty(name))
+			return name;
+		else
+			return null;
+	}
+	
+	public static boolean isValidTarget(String target) {
+		return targetList.containsKey(target);
+	}
+	
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
new file mode 100644
index 000000000..be6d7d01e
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
@@ -0,0 +1,387 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.validation;
+
+import iaik.asn1.ObjectID;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.log4j.Logger;
+
+
+public class ValidationHelper {
+
+	public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at";
+	
+	private static final Logger log = Logger.getLogger(ValidationHelper.class);	
+	private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy";
+	
+
+	
+	public static boolean isPublicServiceAllowed(String identifier) {
+		
+		SSLSocket socket = null;
+		
+		try {
+			URL url = new URL(identifier);
+			String host = url.getHost();
+			
+			if (host.endsWith("/"))
+				host = host.substring(0, host.length()-1);
+			
+			if (url.getHost().endsWith(PUBLICSERVICE_URL_POSTFIX)) {
+				log.debug("PublicURLPrefix with .gv.at Domain found.");
+				return true;
+				
+			} else {
+				SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();			
+				socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort());
+				socket.startHandshake();
+				
+				SSLSession session = socket.getSession();
+				Certificate[] servercerts = session.getPeerCertificates();
+				X509Certificate[] iaikChain = new X509Certificate[servercerts.length];
+				for (int i=0; i<servercerts.length; i++) {
+					iaikChain[i] = new X509Certificate(servercerts[i].getEncoded());
+				}
+				
+				
+				X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0];
+				
+				if (cert != null) {
+					ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft
+					ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft
+					
+					
+					if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) {
+						return false;
+						
+					} else {
+						log.info("Found correct X509 Extension in server certificate. PublicService is allowed");
+						return true;
+					}		
+				}
+				
+				return false;
+			}
+				
+		} catch (MalformedURLException e) {
+			log.warn("PublicURLPrefix can not parsed to URL", e);
+			return false;
+			
+		} catch (UnknownHostException e) {
+			log.warn("Can not connect to PublicURLPrefix Server", e);
+			return false;
+			
+		} catch (IOException e) {
+			log.warn("Can not connect to PublicURLPrefix Server", e);
+			return false;
+			
+		} catch (CertificateEncodingException e) {
+			log.warn("Can not parse X509 server certificate", e);
+			return false;
+			
+		} catch (CertificateException e) {
+			log.warn("Can not read X509 server certificate", e);
+			return false;
+			
+		} catch (X509ExtensionInitException e) {
+			log.warn("Can not read X509 server certificate extension", e);
+			return false;
+		}
+		
+		finally {
+			if (socket != null)
+				try {
+					socket.close();
+				} catch (IOException e) {
+					log.warn("SSL Socket can not be closed.", e);
+				}
+		}
+	}
+	
+	public static boolean validateOAID(String oaIDObj) {
+		if (oaIDObj != null) {
+			try {
+				
+				long oaID = Long.valueOf(oaIDObj);
+			
+				if (oaID > 0 && oaID < Long.MAX_VALUE)
+					return true;
+				
+			} catch (Throwable t) {
+				log.warn("No valid DataBase OAID received! " + oaIDObj);
+			}
+		}
+		return false;
+	}
+	
+	public static boolean validateNumber(String value) {
+		
+		log.debug("Validate Number " + value);
+
+		try {
+			Float.valueOf(value);
+			
+			return true;
+			
+		} catch (NumberFormatException e) {
+			return false;
+		}
+		
+		
+	}
+	
+	public static boolean validatePhoneNumber(String value) {
+		log.debug ("Validate PhoneNumber " + value);
+		
+        /* ************************************************************************************************
+         * Legende: 
+         * ========   AA = post/pre-Text
+         *            BB = (+49)
+         *            CC = Vorwahl  
+         *            DD = Durchwahl
+         *            EE = Nebenstelle                                                                
+         * Pattern p = Pattern.compile("^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]* [0-9][ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $");
+         *                                ------- AA -------      --------------------- BB ---------------------      --------- CC --------          - DD -          - EE -          ------- AA -------
+         * ************************************************************************************************ */
+        Pattern pattern = Pattern.compile("^[a-zA-Z .,;:/\\-]*[ ]*[(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1}[ ]*[0-9]*[ ]*[0-9]*[ ]*[0-9]*[ ]*[a-zA-Z .,;:\\/-]*$");
+        Matcher matcher = pattern.matcher(value);
+        boolean b = matcher.matches();
+        if (b) {
+     	   log.debug("Parameter PhoneNumber erfolgreich ueberprueft");
+     	  return true;
+        }
+        else {
+     	   log.error("Fehler Ueberpruefung Parameter PhoneNumber. PhoneNumber entspricht nicht den Kriterien ^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]*[/\\-]{0,1} [ ]*[ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $");
+     	  return false;  
+        }  
+        
+		
+	}
+	
+	public static boolean validateURL(String urlString) {
+		
+		log.debug("Validate URL " + urlString);
+		
+		if (urlString.startsWith("http") || urlString.startsWith("https")) {
+  		  try {
+			new URL(urlString);
+			return true;
+			
+  		  } catch (MalformedURLException e) {
+  		  }
+		}
+		
+		return false;
+	}
+	
+//	public static boolean validateGeneralURL(String urlString) {
+//		
+//		log.debug("Validate URL " + urlString);
+//		
+//  		  try {
+//			new URL(urlString);
+//			return true;
+//			
+//  		  } catch (MalformedURLException e) {
+//  			  
+//  		  }
+//		
+//		return false;
+//	}
+	
+	public static boolean isValidAdminTarget(String target) {
+		   
+	   log.debug("Ueberpruefe Parameter Target");
+	            
+       Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
+       Matcher matcher = pattern.matcher(target);
+       boolean b = matcher.matches();
+       if (b) {
+    	   log.debug("Parameter SSO-Target erfolgreich ueberprueft. SSO Target is PublicService.");
+    	  return true;
+       }
+       else {
+    	   log.info("Parameter SSO-Target entspricht nicht den Kriterien " +
+    	   		"(nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang) fuer den oeffentlichen Bereich. " +
+    	   		"Valiere SSO-Target fuer privatwirtschaftliche Bereiche.");
+    	  return false;  
+       }           
+	}
+	
+	public static boolean isValidTarget(String target) {
+		   
+		   log.debug("Ueberpruefe Parameter Target");
+		            
+	       if (TargetValidator.isValidTarget(target)) {
+	    	   log.debug("Parameter Target erfolgreich ueberprueft");
+	    	  return true;
+	       }
+	       else {
+	    	   log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
+	    	  return false;  
+	       }
+		            
+		}
+	
+	public static boolean isValidSourceID(String sourceID) {
+		   
+	   log.debug("Ueberpruefe Parameter sourceID");
+
+	   Pattern pattern = Pattern.compile("[\\w-_]{1,20}");
+	   Matcher matcher = pattern.matcher(sourceID);
+	   boolean b = matcher.matches();
+	   if (b) {
+	 	  log.debug("Parameter sourceID erfolgreich ueberprueft");
+	 	  return true;
+      }
+      else {
+    	  log.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
+    	  return false;  
+      }            
+	}
+	
+	public static boolean isDateFormat(String dateString) {
+		if (dateString.length() > TEMPLATE_DATEFORMAT.length())
+			return false;
+		
+		SimpleDateFormat sdf = new SimpleDateFormat(TEMPLATE_DATEFORMAT);
+		try {
+			sdf.parse(dateString);
+			return true;
+			
+		} catch (ParseException e) {
+			return false;
+		}
+	}
+
+	public static boolean isEmailAddressFormat(String address) {
+		if (address == null) {
+			return false;
+		}
+		return Pattern.compile("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,6}$").matcher(address).matches();
+	}
+	
+	public static boolean isValidOAIdentifier(String param) {
+		if (param == null) {
+			return false;
+		}
+		return param.indexOf(";") != -1 ||
+					 param.indexOf("%") != -1 ||
+					 param.indexOf("\"") != -1 ||
+					 param.indexOf("'") != -1 ||
+					 param.indexOf("?") != -1 ||
+					 param.indexOf("`") != -1 ||
+					 param.indexOf(",") != -1 ||
+					 param.indexOf("<") != -1 ||
+					 param.indexOf(">") != -1 ||
+					 param.indexOf("\\") != -1;	
+		
+	}
+	
+	public static String getNotValidOAIdentifierCharacters() {
+		
+		return "; % \" ' ` , < > \\";
+	}	
+	
+	public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) {
+		
+		if (param == null) {
+			return false;
+		}
+		return param.indexOf(";") != -1 ||
+					 param.indexOf("%") != -1 ||
+					 param.indexOf("\"") != -1 ||
+					 param.indexOf("'") != -1 ||
+					 param.indexOf("?") != -1 ||
+					 param.indexOf("`") != -1 ||
+					 ( param.indexOf(",") != -1 && !commaallowed ) ||
+					 param.indexOf("<") != -1 ||
+					 param.indexOf(">") != -1 ||
+					 param.indexOf("\\") != -1 ||
+					 param.indexOf("/") != -1;					 					
+	}
+	
+	public static String getPotentialCSSCharacter(boolean commaallowed) {
+		
+		if (commaallowed)
+			return "; % \" ' ` < > \\ /";
+		else
+			return "; % \" ' ` , < > \\ /";
+	}
+	
+	public static boolean isNotValidIdentityLinkSigner(String param) {
+		if (param == null) {
+			return false;
+		}
+		return param.indexOf(";") != -1 ||
+					 param.indexOf("%") != -1 ||
+					 param.indexOf("\"") != -1 ||
+					 param.indexOf("'") != -1 ||
+					 param.indexOf("?") != -1 ||
+					 param.indexOf("`") != -1 ||
+					 param.indexOf("<") != -1 ||
+					 param.indexOf(">") != -1;	
+		
+	}
+	
+	public static String getNotValidIdentityLinkSignerCharacters() {
+		
+		return "; % \" ' ` < >";
+	}
+	
+	public static boolean isValidHexValue(String param) {
+		
+		try {
+			if (param.startsWith("#") && param.length() <= 7) {			
+				Long.decode(param);
+				return true;
+			}
+			
+		} catch (Exception e) {
+			
+		}
+		return false;
+		
+	}
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
new file mode 100644
index 000000000..e4aa6a284
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package org.apache.commons.httpclient;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.apache.commons.httpclient.HostConfiguration;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.HttpMethodDirector;
+import org.apache.commons.httpclient.HttpState;
+import org.apache.commons.httpclient.URI;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+
+/**
+ * @author tlenz
+ *
+ *HTTP client which can be used with MOA SSL TrustStore implementation
+ * 
+ */
+public class MOAHttpClient extends HttpClient {
+
+	
+	public void setCustomSSLTrustStore(String metadataURL, SecureProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException {
+		;
+		
+		URL url = new URL(metadataURL);	
+		int port = -1;
+		if (url.getPort() < 0)
+			port = url.getDefaultPort();
+		else
+			port = url.getPort();
+				
+		Protocol authhttps = new Protocol("https", protoSocketFactory, port);
+		getHostConfiguration().setHost(url.getHost(), port, authhttps);
+		
+	}
+	
+    public int executeMethod(HostConfiguration hostconfig, 
+            final HttpMethod method, final HttpState state)
+            throws IOException, HttpException  {
+                
+            if (method == null) {
+                throw new IllegalArgumentException("HttpMethod parameter may not be null");
+            }
+            HostConfiguration defaulthostconfig = getHostConfiguration();
+            if (hostconfig == null) {
+                hostconfig = defaulthostconfig;
+            }
+            URI uri = method.getURI(); 
+            if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) {
+                // make a deep copy of the host defaults
+                hostconfig = (HostConfiguration) hostconfig.clone();
+                
+                /**
+                 * Only build default host with default protocol if protocol is empty
+                 * 
+                 * In case of https, the methode setCustomSSLTrustStore can be used to set a
+                 * the MOA TrustStore for SSL connection validation
+                 */
+                if (uri.isAbsoluteURI() && hostconfig.getProtocol() == null) {
+                    hostconfig.setHost(uri);
+                }
+           }
+            
+            HttpMethodDirector methodDirector = new HttpMethodDirector(
+                    getHttpConnectionManager(),
+                    hostconfig,
+                    getParams(),
+                    (state == null ? getState() : state));
+            methodDirector.executeMethod(method);
+            return method.getStatusCode();
+        }
+}
diff --git a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
index f2701bec4..cf04319c8 100644
--- a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
+++ b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
@@ -1,7 +1,8 @@
-<jaxb:bindings version="1.0"
+<jaxb:bindings version="2.1"
 	xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
 	xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-	xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc">
+	xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"
+	jaxb:extensionBindingPrefixes="hj">
 	
 	<jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema">
 		<jaxb:globalBindings localScoping="toplevel">
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index e8562a57b..3a2914cb4 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Mit XMLSpy v2013 sp1 (http://www.altova.com) von Thomas Lenz (Graz University of Technology IAIK) bearbeitet -->
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0">
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0" jaxb:extensionBindingPrefixes="xjc hj" jaxb:version="2.0">
 	<xsd:complexType name="OnlineApplication">
 		<xsd:complexContent>
 			<xsd:extension base="OnlineApplicationType">
@@ -481,10 +481,27 @@
 			</xsd:element>
 		</xsd:sequence>
 	</xsd:complexType>
+	<xsd:complexType name="InterfederationIDPType">
+		<xsd:sequence>
+			<xsd:element name="attributeQueryURL" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+			<xsd:element name="storeSSOSession" type="xsd:boolean" minOccurs="1" maxOccurs="1" default="true"/>
+		</xsd:sequence>
+		<xsd:attribute name="inboundSSO" type="xsd:boolean" default="true"/>
+		<xsd:attribute name="outboundSSO" type="xsd:boolean" default="true"/>
+	</xsd:complexType>
 	<xsd:complexType name="OnlineApplicationType">
 		<xsd:sequence>
+			<xsd:element name="isNew" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1">
+				<xsd:annotation>
+					<xsd:appinfo>
+						<hj:ignored/>
+					</xsd:appinfo>
+				</xsd:annotation>
+			</xsd:element>
 			<xsd:element name="isActive" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/>
 			<xsd:element name="isAdminRequired" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/>
+			<xsd:element name="isInterfederationIDP" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/>
+			<xsd:element name="InterfederationIDP" type="InterfederationIDPType" minOccurs="0" maxOccurs="1"/>
 			<xsd:element name="AuthComponent_OA" minOccurs="0">
 				<xsd:annotation>
 					<xsd:documentation>enthält Parameter über die OA, die die
@@ -938,6 +955,20 @@
 			<xsd:element name="isPVP2Generated" type="xsd:boolean" minOccurs="0" maxOccurs="1"/>
 			<xsd:element name="lastLogin" type="xsd:string" minOccurs="1" maxOccurs="1"/>
 			<xsd:element name="OnlineApplication" type="OnlineApplication" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="onlyBusinessService" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1">
+				<xsd:annotation>
+					<xsd:appinfo>
+						<hj:ignored/>
+					</xsd:appinfo>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="businessServiceType" type="xsd:string" minOccurs="0" maxOccurs="1">
+				<xsd:annotation>
+					<xsd:appinfo>
+						<hj:ignored/>
+					</xsd:appinfo>
+				</xsd:annotation>
+			</xsd:element>
 		</xsd:sequence>
 	</xsd:complexType>
 	<xsd:complexType name="BKUSelectionCustomizationType">