refactor PVP2 S-Profile implementation and perform first tests

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-20 15:11:13 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-20 15:11:13 +0200
commit: 139926faa31ae3ed34dc0083fee503d439112281 (patch)
tree: bf69a673df4a222653b47c0b8da88588065e2271 /id
parent: 1f8f686bee862ae95e32fc79664d82dcc21f708f (diff)
download: moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.gz
moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.bz2
moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.zip
197 files changed, 1040 insertions, 11795 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 28c0a9fe4..59e03aa43 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -67,6 +67,16 @@
         </dependency>
         
         <dependency>
+        	<groupId>at.gv.egiz.eaaf</groupId>
+        	<artifactId>eaaf_module_pvp2_core</artifactId>
+        </dependency>
+        
+        <dependency>
+        	<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf-core</artifactId>
+        </dependency>
+        
+        <dependency>
           	<groupId>MOA.id</groupId>
   					<artifactId>moa-id-webgui</artifactId>
   					<version>1.0</version>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
index f17ec82cb..0d416b8c0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
@@ -28,16 +28,16 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
-public class AttributeListBuilder implements PVPConstants{
+public class AttributeListBuilder implements PVPAttributeDefinitions{
 
 	protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
 		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
 		attribute.setIsRequired(required);
 		attribute.setName(name);
-		attribute.setFriendlyName(friendlyName);
+		attribute.setFriendlyName(friendlyName); 
 		attribute.setNameFormat(Attribute.URI_REFERENCE);
 		return attribute;
 	}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index e3de84b0b..730dfe764 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -30,8 +30,8 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 
 public class MetaDataVerificationFilter implements MetadataFilter {
@@ -51,9 +51,9 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 				throw new SignatureValidationException("Root element of metadata file has to be signed");
 			}
 			try {
-				processEntitiesDescriptor(entitiesDescriptor);
+				processEntitiesDescriptor(entitiesDescriptor); 
 				
-			} catch (MOAIDException e) {
+			} catch (EAAFException e) {
 				throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor");
 			}
 			
@@ -66,13 +66,13 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 				else
 					throw new SignatureValidationException("Root element of metadata file has to be signed", null);
 				
-			} catch (MOAIDException e) {
+			} catch (EAAFException e) {
 				throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null);
 			}				
 		}
 	}
 	
-	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws EAAFException {
 		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
 		
 		if(desc.getSignature() != null) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
index a25cc44ef..27673eafd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
@@ -32,8 +32,8 @@ import org.opensaml.ws.soap.soap11.Envelope;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.signature.SignatureTrustEngine;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AbstractRequestSignedSecurityPolicyRule;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule;
 
 /**
  * @author tlenz
@@ -42,8 +42,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSigned
 public class PVPSOAPRequestSecurityPolicy extends
 		AbstractRequestSignedSecurityPolicyRule {
 
-	/**
-	 * @param trustEngine
+	/** 
+	 * @param trustEngine 
 	 * @param peerEntityRole
 	 */
 	public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine,
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index cfb39b15c..d249fa597 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -55,6 +55,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.context.support.GenericApplicationContext;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
@@ -64,7 +65,6 @@ import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration;
 import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.asn1.structures.AlgorithmID;
 import iaik.x509.X509Certificate;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
index 0fb41189d..8f3b8f479 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
@@ -43,11 +43,11 @@ import javax.mail.internet.MimeMultipart;
 import org.apache.commons.io.IOUtils;
 import org.apache.log4j.Logger;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MailHelper {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 7d411b161..9e0b8b1cd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -44,11 +44,11 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 
 import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index f1d1c94af..6f9d233b1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -60,6 +60,7 @@ import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
@@ -76,7 +77,6 @@ import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
 import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class IndexAction extends BasicAction {
@@ -401,19 +401,19 @@ public class IndexAction extends BasicAction {
 								{
 									String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
 									
-									if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) {
 										user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}
 									
-									if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) {
 										user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}
 									
-									if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) {
 										user.setIsmandateuser(true);
 									}
 									
-									if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) {
 										user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}		
 								}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 79e7e9252..8b41823e1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -47,13 +47,13 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
+import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.x509.X509Certificate;
@@ -158,7 +158,7 @@ public class OAPVP2ConfigValidation {
 							
 							} catch (ConfigurationException e) {
 								log.warn("Configuration access FAILED!", e);
-							
+							 
 							}
 						
 							MetadataFilterChain filter = new MetadataFilterChain();
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
index 0a3a9eef8..e9c8fa719 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
@@ -35,9 +35,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 5d7071a19..3a0bdb8c0 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -261,11 +261,64 @@
 		<dependency>
 			<groupId>httpsclient</groupId>
 			<artifactId>httpsclient</artifactId>
-		</dependency>		
-	<dependency>
-  		<groupId>org.opensaml</groupId>
-  		<artifactId>opensaml</artifactId>
-  		<exclusions>
+		</dependency>
+		<dependency>
+  			<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf_module_pvp2_idp</artifactId>
+  			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.xerces</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xalan</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+  			</exclusions>
+  		</dependency>
+		<dependency>
+  			<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf_module_pvp2_sp</artifactId>
+  			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion> 
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.xerces</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xalan</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+  			</exclusions>
+  		</dependency>
+						
+<!-- 		<dependency>
+  			<groupId>org.opensaml</groupId>
+  			<artifactId>opensaml</artifactId>
+  			<exclusions>
 				<exclusion>
 					<groupId>org.slf4j</groupId>
 					<artifactId>log4j-over-slf4j</artifactId>
@@ -309,7 +362,7 @@
 	<dependency>
 	    <groupId>org.apache.santuario</groupId>
 	    <artifactId>xmlsec</artifactId>
-	</dependency>
+	</dependency> -->
 
 		<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
 		<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 54e459db1..2c1e47009 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -35,10 +35,7 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
 public interface MOAIDEventConstants extends EventConstants {
 
 	//auth protocol specific information
-	public static final int AUTHPROTOCOL_TYPE = 3000;
 	
-	public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
-	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index e630455b4..8298b082b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -34,6 +34,7 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -63,8 +64,8 @@ public class MOAReversionLogger implements IRevisionLogger {
 			MOAIDEventConstants.TRANSACTION_DESTROYED,
 			MOAIDEventConstants.TRANSACTION_ERROR,
 			MOAIDEventConstants.TRANSACTION_IP,
-			MOAIDEventConstants.AUTHPROTOCOL_TYPE,
-			MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
+			IRevisionLogger.AUTHPROTOCOL_TYPE,
+			PVPEventConstants.AUTHPROTOCOL_PVP_METADATA,
 			
 			MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER,
 			MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
deleted file mode 100644
index 6f98357e2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IDestroyableObject {
-	/**
-	 * Manually deep destroy a Java object with all child objects like timers and threads 
-	 * 
-	 */
-	public void fullyDestroy();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
deleted file mode 100644
index 27d142f2c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IGarbageCollectorProcessing {
-
-	/**
-	 * This method gets executed by the MOA garbage collector at regular intervals.
-	 * 
-	 */
-	public void runGarbageCollector();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
deleted file mode 100644
index d918be463..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-
-/**
- * 
- * @author tlenz
- *
- * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed
- *
- */
-public interface IPostStartupInitializable {
-
-	/**
-	 * This method is called once when MOA-ID-Auth start-up process is fully completed
-	 * 
-	 */
-	public void executeAfterStartup();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
index 52e30a2f0..f88267ad7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
@@ -33,6 +33,7 @@ import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("MOAGarbageCollector")
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 738f733a8..998817b19 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -50,6 +50,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -73,9 +74,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
@@ -100,6 +99,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
+	@Autowired private LoALevelMapper loaLevelMapper; 
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -124,7 +124,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		try {
 			//check if SAML1 authentication module is in Classpath
 			Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
-			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();			
+			//IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();
+			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").getConstructor(LoALevelMapper.class).newInstance(loaLevelMapper);
 			if (saml1RequstTemplate != null && 
 					saml1RequstTemplate.isInstance(pendingReq)) {				
 				//request is SAML1  --> invoke SAML1 protocol specific methods 
@@ -138,12 +139,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				authdata = (MOAAuthenticationData) saml1authdata;
 							
 			} else {			
-				authdata = new MOAAuthenticationData();
+				authdata = new MOAAuthenticationData(loaLevelMapper);
 							
 			}
 						
 		} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {			
-			authdata = new MOAAuthenticationData();
+			authdata = new MOAAuthenticationData(loaLevelMapper);
 			
 		}
 				
@@ -162,13 +163,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
 				
 		Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
+				MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
 		if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
 			//only set minimal response attributes			
 			authdata.setQAALevel(
-					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
 			authdata.setBPK(
-					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class));
+					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
 						
 		} else {
 			//build AuthenticationData from MOASession
@@ -297,18 +298,18 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			if (MiscUtil.isNotEmpty(currentLoA)) {					
 				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
 					authData.setQAALevel(currentLoA);
-					authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+					authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
 
 				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
-					authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+					authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
 					authData.seteIDASLoA(currentLoA);
 										
-				} else {
-					Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-					String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+				} else { 
+					Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
+					String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
 					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
-						authData.setQAALevel(currentLoA);
-						authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+						authData.setQAALevel(mappedStorkQAA);
+						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
 						
 					}										
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a7f6e873f..4bc4a7e81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -59,9 +59,9 @@ import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index a1d31f5ae..e600505a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -28,7 +28,7 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -50,7 +50,7 @@ public class DynamicOAAuthParameterBuilder {
 				
 		for (Attribute attr : reqAttributes) {				
 			//get Target or BusinessService from request 
-			if (attr.getName().equals(PVPAttributeConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+			if (attr.getName().equals(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
 				String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
 				if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
 					//dynamicOA.setBusinessService(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
new file mode 100644
index 000000000..aa462c480
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@Service("MOASAML2SubjectNameIDGenerator")
+public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
+	
+	@Override
+	public Pair<String, String> generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception {
+		//build nameID and nameID Format from moasessio
+		if (authData instanceof IMOAAuthData && 
+				((IMOAAuthData)authData).isUseMandate()) {
+			String bpktype = null;
+			String bpk = null;
+			
+			Element mandate = ((IMOAAuthData)authData).getMandate();
+			if(mandate != null) {
+				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
+				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+				if(mandateObject == null) {
+					throw new NoMandateDataAvailableException();
+				}
+				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+				
+				IdentificationType id;
+				if(corporation != null && corporation.getIdentification().size() > 0)
+					id = corporation.getIdentification().get(0);
+	
+					
+				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+					id = pysicalperson.getIdentification().get(0);
+					
+				else {
+					Logger.error("Failed to generate IdentificationType");
+					throw new NoMandateDataAvailableException();		
+				}
+			
+				bpktype = id.getType();
+				bpk = id.getValue().getValue();
+								
+			} else {
+				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
+				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
+				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
+				
+				if (StringUtils.isEmpty(bpk)) {
+					//no sourcePin is included --> search for bPK
+					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
+					
+					try {
+						if (bpk.contains(":"))
+							bpk = bpk.split(":")[1];
+						
+					} catch (Exception e) {
+						Logger.warn("Can not split bPK from mandator attribute!", e);
+						
+					}
+					
+					//set bPK-Type from configuration, because it MUST be equal to service-provider type
+					bpktype = spConfig.getAreaSpecificTargetIdentifier();
+										
+				} else {
+					//sourcePin is include --> check sourcePinType
+					if (StringUtils.isEmpty(bpktype))
+						bpktype = Constants.URN_PREFIX_BASEID;
+					
+				}				
+			}
+			
+			if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(bpktype)) {
+				throw new NoMandateDataAvailableException();
+				
+			}
+			
+			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {				
+				try {
+					return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
+										
+				} catch (BuildException e) {
+					Logger.warn("Can NOT generate SubjectNameId." , e);
+					throw new ResponderErrorException("pvp2.01", null);
+
+				}								
+				
+			} else
+				return Pair.newInstance(bpk, bpktype);
+									
+		} else
+			return Pair.newInstance(authData.getBPK(), authData.getBPKType());
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
deleted file mode 100644
index 8def0f860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("RestartAuthProzessManagement")
-public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
-
-	@Autowired ProcessEngine processEngine;
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
-		try {			
-			//create a new execution context and copy all elements to new context
-			ExecutionContext newec = new ExecutionContextImpl(); 
-			Set<String> entries = executionContext.keySet();
-			for (String key : entries) {
-				newec.put(key, executionContext.get(key));
-				
-			}
-			
-			Logger.debug("Select new auth.-process and restart restart process-engine ... ");
-			
-			// select and create new process instance
-			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
-			if (processDefinitionId == null) {
-				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId());
-				throw new MOAIDException("process.02", new Object[] { pendingReq.getPendingRequestId() });
-			}			
-			
-			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
-
-			// keep process instance id in moa session
-			((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId);
-
-			// make sure pending request has been persisted before running the process
-			try {
-				requestStoreage.storePendingRequest(pendingReq);
-				
-			} catch (MOAIDException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getPendingRequestId() });
-				
-			}
-			
-			Logger.info("Restart process-engine with auth.process:" + processDefinitionId);
-			
-			// start process
-			processEngine.start(pendingReq);
-			
-			
-		} catch (MOAIDException e) {
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		} catch (Exception e) {
-			Logger.warn("RestartAuthProzessManagement has an internal error", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		}			
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 10c271b6a..0e1e1bf12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -33,6 +33,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -43,7 +44,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index f9aa1b83c..448e2a0f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -52,10 +54,8 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -169,11 +169,11 @@ public class IDPSingleLogOutServlet extends AbstractController {
 							
 						String redirectURL = null;
 						IRequest sloReq = sloContainer.getSloRequest();
-						if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+						if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
 							//send SLO response to SLO request issuer
-							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
-							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
+							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest());
+							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPSProfilePendingRequest)sloContainer.getSloRequest()).getRequest().getRelayState());
 															
 						} else {
 							//print SLO information directly
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 9380d3b64..a9be3f51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -53,10 +53,10 @@ import java.util.Properties;
 
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
 
@@ -187,7 +187,7 @@ public abstract class ConfigurationProviderImpl extends AbstractConfigurationImp
 					
 			//Initialize OpenSAML for STORK
 			Logger.info("Starting initialization of OpenSAML...");
-			MOADefaultBootstrap.bootstrap();
+			EAAFDefaultSAML2Bootstrap.bootstrap();
 			//DefaultBootstrap.bootstrap();
 			Logger.debug("OpenSAML successfully initialized");	  
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
deleted file mode 100644
index 38f6948d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-
-/**
- * @author tlenz
- *
- */
-public interface ISLOInformationContainer {
-
-	boolean hasFrontChannelOA();
-
-	Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions();
-
-	void removeFrontChannelOA(String oaID);
-
-	Iterator<String> getNextBackChannelOA();
-
-	SLOInformationImpl getBackChannelOASessionDescripten(String oaID);
-
-	void removeBackChannelOA(String oaID);
-
-	/**
-	 * @return the sloRequest
-	 */
-	PVPTargetConfiguration getSloRequest();
-
-	/**
-	 * @param sloRequest the sloRequest to set
-	 */
-	void setSloRequest(PVPTargetConfiguration sloRequest);
-
-	/**
-	 * @return the sloFailedOAs
-	 */
-	List<String> getSloFailedOAs();
-
-	void putFailedOA(String oaID);
-	
-	public String getTransactionID();
-	
-	public String getSessionID();
-}
-\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ba3eba2e6..e0dd30db3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,10 +29,10 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -68,6 +68,12 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	private boolean interfederatedSSOSession;
 	private String interfederatedIDP;
 
+	private LoALevelMapper loaMapper;
+	
+	public MOAAuthenticationData(LoALevelMapper loaMapper) {	
+		this.loaMapper = loaMapper;
+		
+	}
 	
 	/**
 	 * @return
@@ -76,7 +82,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
 			if (MiscUtil.isNotEmpty(mappedQAA))
 				return mappedQAA;
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
deleted file mode 100644
index 0b46345d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Pair<P1, P2> {
-	private final P1 first;
-	private final P2 second;
-	
-	private Pair(final P1 newFirst, final P2 newSecond) {
-		this.first = newFirst;
-		this.second = newSecond;
-	}
-	
-	public P1 getFirst() {
-		return this.first;
-	}
-	
-	public P2 getSecond() {
-		return this.second;
-	}
-	
-	public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) {
-		return new Pair<P1, P2>(newFirst, newSecond);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
deleted file mode 100644
index 5ff923bce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.SingleLogoutService;
-
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-
-
-/**
- * @author tlenz
- *
- */
-public class SLOInformationImpl implements SLOInformationInterface, Serializable {
-	
-	private static final long serialVersionUID = 295577931870512387L;
-	private String sessionIndex = null;
-	private String nameID = null;
-	private String protocolType = null;
-	private String nameIDFormat = null;
-	private String binding = null;
-	private String serviceURL = null;
-	private String authURL = null;
-	private String spEntityID = null;
-	
-	public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) {
-		new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null);
-	}
-	
-	public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
-		this.sessionIndex = sessionID;
-		this.nameID = nameID;
-		this.nameIDFormat = nameIDFormat;
-		this.protocolType = protocolType;
-		this.spEntityID = spEntityID;
-		
-		if (authURL.endsWith("/"))
-			this.authURL = authURL.substring(0, authURL.length()-1);
-		else
-			this.authURL = authURL;
-		
-		if (sloService != null) {
-			this.binding = sloService.getBinding();
-			this.serviceURL = sloService.getLocation();
-			
-		}				
-	}
-	
-	
-	/**
-	 * 
-	 */
-	public SLOInformationImpl() {
-		
-	}
-
-
-	
-	/**
-	 * @return the spEntityID
-	 */
-	public String getSpEntityID() {
-		return spEntityID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
-	 */
-	@Override
-	public String getSessionIndex() {
-		return sessionIndex;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
-	 */
-	@Override
-	public String getUserNameIdentifier() {
-		return nameID;
-		
-	}
-
-
-	/**
-	 * @param sessionIndex the sessionIndex to set
-	 */
-	public void setSessionIndex(String sessionIndex) {
-		this.sessionIndex = sessionIndex;
-	}
-
-
-	/**
-	 * @param nameID the nameID to set
-	 */
-	public void setUserNameIdentifier(String nameID) {
-		this.nameID = nameID;
-	}
-
-	
-
-	/**
-	 * @param protocolType the protocolType to set
-	 */
-	public void setProtocolType(String protocolType) {
-		this.protocolType = protocolType;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
-	 */
-	@Override
-	public String getProtocolType() {
-		return protocolType;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
-	 */
-	@Override
-	public String getUserNameIDFormat() {
-		return this.nameIDFormat;
-	}
-
-
-	/**
-	 * @param nameIDFormat the nameIDFormat to set
-	 */
-	public void setNameIDFormat(String nameIDFormat) {
-		this.nameIDFormat = nameIDFormat;
-	}
-
-	/**
-	 * @return the binding
-	 */
-	public String getBinding() {
-		return binding;
-	}
-
-	/**
-	 * @return the serviceURL
-	 */
-	public String getServiceURL() {
-		return serviceURL;
-	}
-
-	/**
-	 * @return the authURL from requested IDP without ending /
-	 */
-	public String getAuthURL() {
-		return authURL;
-	}
-
-	/**
-	 * @param spEntityID the spEntityID to set
-	 */
-	public void setSpEntityID(String spEntityID) {
-		this.spEntityID = spEntityID;
-	}
-	
-	
-	
-	
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
deleted file mode 100644
index 78e8be452..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Trible<P1, P2, P3> {
-	private final P1 first;
-	private final P2 second;
-	private final P3 third;
-	
-	private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) {
-		this.first = newFirst;
-		this.second = newSecond;
-		this.third = newThird;
-	}
-	
-	public P1 getFirst() {
-		return this.first;
-	}
-	
-	public P2 getSecond() {
-		return this.second;
-	}
-	
-	public P3 getThird() {
-		return this.third;
-	}
-	
-	public static <P1, P2, P3> Trible<P1, P2, P3> newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) {
-		return new Trible<P1, P2, P3>(newFirst, newSecond, newThird);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 72b350991..c2dd7b4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -41,6 +41,8 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -49,9 +51,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -79,7 +79,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		String pvpSLOIssuer = null;
 		String uniqueSessionIdentifier = "notSet";
 		String uniqueTransactionIdentifier = "notSet";
-		PVPTargetConfiguration pvpReq = null;		
+		PVPSProfilePendingRequest pvpReq = null;		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
 		
@@ -87,9 +87,9 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 			uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
 			uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
 			
-			if (pendingReq instanceof PVPTargetConfiguration) {
-				pvpReq = ((PVPTargetConfiguration)pendingReq);
-				MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+			if (pendingReq instanceof PVPSProfileRequest) {
+				pvpReq = ((PVPSProfilePendingRequest)pendingReq);
+				PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
 				LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 				pvpSLOIssuer = logOutReq.getIssuer().getValue();
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
deleted file mode 100644
index dbfeb5e90..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HTTPTransportUtils;
-
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAIDHTTPPostEncoder extends HTTPPostEncoder {
-
-	private VelocityEngine velocityEngine;
-	private IGUIBuilderConfiguration guiConfig;
-	private GUIFormBuilderImpl guiBuilder;
-	
-	/**
-	 * @param engine
-	 * @param templateId
-	 */
-	public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) {
-		super(engine, null);
-		this.velocityEngine = engine;
-		this.guiConfig = guiConfig;
-		this.guiBuilder = guiBuilder;
-		
-	}
-
-    /**
-     * Base64 and POST encodes the outbound message and writes it to the outbound transport.
-     * 
-     * @param messageContext current message context
-     * @param endpointURL endpoint URL to which to encode message
-     * 
-     * @throws MessageEncodingException thrown if there is a problem encoding the message
-     */
-    protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
-        Logger.debug("Invoking Velocity template to create POST body");
-        InputStream is = null;
-        try {        	
-        	//build Velocity Context from GUI input paramters
-			VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
-        	
-			//load template
-			is = guiBuilder.getTemplateInputStream(guiConfig);
-						
-			//populate velocity context with SAML2 parameters
-            populateVelocityContext(context, messageContext, endpointURL);
-
-            //populate transport parameter
-            HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
-            HTTPTransportUtils.addNoCacheHeaders(outTransport);
-            HTTPTransportUtils.setUTF8Encoding(outTransport);
-            HTTPTransportUtils.setContentType(outTransport, "text/html");
-
-            //evaluate template and write content to response
-            Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");                        
-            velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));            
-            out.flush();
-            
-        } catch (Exception e) {
-            Logger.error("Error invoking Velocity template", e);
-            throw new MessageEncodingException("Error creating output document", e);
-            
-        } finally {
-			if (is != null) {
-				try {
-					is.close();
-					
-				} catch (IOException e) {
-					Logger.error("Can NOT close GUI-Template InputStream.", e);
-				}
-			}
-        	
-		}
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
deleted file mode 100644
index 81afcfbc1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.security.KeyStore;
-
-import org.opensaml.xml.security.x509.X509Credential;
-
-
-/**
- * @author tlenz
- *
- */
-public class MOAKeyStoreX509CredentialAdapter extends
-		org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
-
-	/**
-	 * @param store
-	 * @param alias
-	 * @param password
-	 */
-	public MOAKeyStoreX509CredentialAdapter(KeyStore store, String alias,
-			char[] password) {
-		super(store, alias, password);
-	}
-	
-	public Class<? extends X509Credential> getCredentialType() {
-		return X509Credential.class;
-	}
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
deleted file mode 100644
index acbb67b34..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
-
-	private String redirectURL = null;
-	
-	public void encode(MessageContext messageContext)
-			throws MessageEncodingException {
-		if (!(messageContext instanceof SAMLMessageContext)) {
-			Logger.error("Invalid message context type, this encoder only support SAMLMessageContext");
-			throw new MessageEncodingException(
-					"Invalid message context type, this encoder only support SAMLMessageContext");
-		}
-
-		//load default PVP security configurations
-		MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-		
-		SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
-
-		String endpointURL = getEndpointURL(samlMsgCtx).buildURL();
-
-		setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL);
-
-		removeSignature(samlMsgCtx);
-
-		String encodedMessage = deflateAndBase64Encode(samlMsgCtx
-				.getOutboundSAMLMessage());
-
-		redirectURL = buildRedirectURL(samlMsgCtx, endpointURL,
-				encodedMessage);
-	}
-
-	/**
-	 * @return the redirectURL
-	 */
-	public String getRedirectURL() {
-		return redirectURL;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ac3828750..b2a2aad88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -33,12 +33,12 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index c17f1a4dd..9e7f18842 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -51,6 +51,20 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -62,22 +76,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -98,6 +101,8 @@ public class AttributQueryAction implements IAction {
 	
 	@Autowired private AttributQueryBuilder attributQueryBuilder;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
+	@Autowired(required=true) PVP2AssertionBuilder assertionBuilder;
 	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
@@ -114,11 +119,11 @@ public class AttributQueryAction implements IAction {
 	@Override
 	public SLOInformationInterface processRequest(IRequest pendingReq,
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IAuthData authData) throws MOAIDException {
+			IAuthData authData) throws EAAFException {
 		
-		if (pendingReq instanceof PVPTargetConfiguration && 
-				((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && 
-				((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+		if (pendingReq instanceof PVPSProfilePendingRequest && 
+				((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
 			
 			//set time reference
 			DateTime date = new DateTime();
@@ -136,7 +141,7 @@ public class AttributQueryAction implements IAction {
 						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
 			
 				AttributeQuery attrQuery = 
-						(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
+						(AttributeQuery)((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest();
 													
 				//build PVP 2.1 response-attribute information for this AttributQueryRequest
 				Trible<List<Attribute>, Date, String> responseInfo = 
@@ -148,10 +153,9 @@ public class AttributQueryAction implements IAction {
 				
 				//build PVP 2.1 assertion
 								
-				String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
-						pendingReq.getAuthURL());
+				String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pendingReq.getAuthURL());
 				
-				Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, 
+				Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, 
 						attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), 
 						responseInfo.getThird(), authData.getSessionIndex());
 				
@@ -201,16 +205,16 @@ public class AttributQueryAction implements IAction {
 	 */
 	@Override
 	public String getDefaultActionName() {
-		return PVP2XProtocol.ATTRIBUTEQUERY;
+		return at.gv.egiz.eaaf.modules.pvp2.PVPConstants.ATTRIBUTEQUERY;
 	}
 	
 	private Trible<List<Attribute>, Date, String> buildResponseInformationForAttributQuery(IRequest pendingReq, 
-            AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException {		
+            AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException, AssertionAttributeExtractorExeption, AttributQueryException, AssertionValidationExeption {		
 		try {
 			//mark AttributeQuery as used if it exists
-			if ( pendingReq instanceof PVPTargetConfiguration && 
-					((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
-					((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
+			if ( pendingReq instanceof PVPSProfileRequest && 
+					((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest &&
+					((PVPSProfilePendingRequest) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
 				
 				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
 			}
@@ -218,7 +222,7 @@ public class AttributQueryAction implements IAction {
 			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
 			IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes);
 			
-			//search federated IDP information for this MOASession
+			//search federated IDP information for this MOASession 
 			if (nextIDPInformation != null) {				
 				Logger.info("Find active federated IDP information."
 					+ ". --> Request next IDP:" + nextIDPInformation.getIdpurlprefix() 
@@ -354,9 +358,11 @@ public class AttributQueryAction implements IAction {
 	 * @return 
 	 * @return PVP attribute DAO, which contains all received information
 	 * @throws MOAIDException
+	 * @throws AttributQueryException 
+	 * @throws AssertionValidationExeption 
 	 */
 	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException, AttributQueryException, AssertionValidationExeption{
 		String idpEnityID = idpConfig.getPublicURLPrefix();
 		
 		try {		
@@ -407,7 +413,7 @@ public class AttributQueryAction implements IAction {
 						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
 			
 			}
-				 										
+				 								 		
 		} catch (SOAPException e) {
 			throw new BuildException("builder.06", null, e);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
deleted file mode 100644
index 43c860488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("PVPAuthenticationRequestAction")
-public class AuthenticationAction implements IAction {
-	@Autowired IDPCredentialProvider pvpCredentials; 
-	@Autowired AuthConfiguration authConfig;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	@Autowired(required=true) ApplicationContext springContext;
-	
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		
-		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
-		
-		//get basic information
-		MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
-		AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
-		EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
-		
-		AssertionConsumerService consumerService = 
-				SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-		consumerService.setBinding(pvpRequest.getBinding());
-		consumerService.setLocation(pvpRequest.getConsumerURL());
-				
-		DateTime date = new DateTime();
-		
-		SLOInformationImpl sloInformation = new SLOInformationImpl();
-
-		//change to entity value from entity name to IDP EntityID (URL)
-//		String issuerEntityID = pvpRequest.getAuthURL();
-//		if (issuerEntityID.endsWith("/"))
-//			issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
-
-		String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				pvpRequest.getAuthURL());
-		
-		//build Assertion
-		Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
-				peerEntity, date, consumerService, sloInformation);
-		
-		Response authResponse = AuthResponseBuilder.buildResponse(
-				metadataProvider, issuerEntityID, authnRequest, 
-				date, assertion, authConfig.isPVP2AssertionEncryptionActive());
-							
-		IEncoder binding = null;
-
-		if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-						
-		} else if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		}
-
-		if (binding == null) {
-			throw new BindingNotSupportedException(consumerService.getBinding());
-		}
-		
-		try {
-			binding.encodeRespone(httpReq, httpResp, authResponse, 
-					consumerService.getLocation(), moaRequest.getRelayState(),
-					pvpCredentials.getIDPAssertionSigningCredential(), req);
-
-			//set protocol type
-			sloInformation.setProtocolType(req.requestedModule());
-			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
-			return sloInformation;
-			
-		} catch (MessageEncodingException e) {
-			Logger.error("Message Encoding exception", e);
-			throw new MOAIDException("pvp2.01", null, e);
-			
-		} catch (SecurityException e) {
-			Logger.error("Security exception", e);
-			throw new MOAIDException("pvp2.01", null, e);
-
-		}
-		
-	}
-
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp) {
-		return true;
-	}
-
-	public String getDefaultActionName() {
-		return "PVPAuthenticationRequestAction";
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
deleted file mode 100644
index 76956b5a8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import com.google.common.net.MediaType;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("pvpMetadataService")
-public class MetadataAction implements IAction {
-
-	
-
-	@Autowired private IRevisionLogger revisionsLogger; 
-	@Autowired private IDPCredentialProvider credentialProvider;
-	@Autowired private PVPMetadataBuilder metadatabuilder;
-	
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		try {
-			revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
-			
-			//build metadata
-			IPVPMetadataBuilderConfiguration metadataConfig = 
-					new IDPPVPMetadataConfiguration(req.getAuthURLWithOutSlash(), credentialProvider);
-			
-			String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);			
-			Logger.debug("METADATA: " + metadataXML);
-					
-			byte[] content = metadataXML.getBytes("UTF-8");
-			httpResp.setStatus(HttpServletResponse.SC_OK);
-			httpResp.setContentLength(content.length);
-			httpResp.setContentType(MediaType.XML_UTF_8.toString());
-			httpResp.getOutputStream().write(content);			
-			return null;
-			
-		} catch (Exception e) {
-			Logger.error("Failed to generate metadata", e);
-			throw new MOAIDException("pvp2.13", null);
-		} 
-	}
-
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp) {
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
-	 */
-	@Override
-	public String getDefaultActionName() {
-		return "IDP - PVP Metadata action";
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
deleted file mode 100644
index 176b1af43..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ /dev/null
@@ -1,835 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
-import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
- 
-@Controller
-public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
-
-	@Autowired IDPCredentialProvider pvpCredentials;
-	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	
-	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
-	
-	public static final String NAME = PVP2XProtocol.class.getName();
-	public static final String PATH = "id_pvp2x";
-
-	public static final String REDIRECT = "Redirect";
-	public static final String POST = "Post";
-	public static final String SOAP = "Soap";
-	public static final String METADATA = "Metadata";
-	public static final String ATTRIBUTEQUERY = "AttributeQuery";
-	public static final String SINGLELOGOUT = "SingleLogOut";
-	
-	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
-			new String[] {
-					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
-			});
-	
-	static {			
-		new VelocityLogAdapter();
-		
-	}
-
-	public String getName() {
-		return NAME;
-	}
-
-	public String getPath() {
-		return PATH;
-	}
-	
-	public PVP2XProtocol() {
-		super();
-	} 
-		
-	//PVP2.x metadata end-point
-	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
-	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-		
-		//create pendingRequest object
-		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-		pendingReq.initialize(req, authConfig);
-		pendingReq.setModule(NAME);
-		
-		revisionsLogger.logEvent(
-				pendingReq.getUniqueSessionIdentifier(), 
-				pendingReq.getUniqueTransactionIdentifier(), 
-				MOAIDEventConstants.TRANSACTION_IP, 
-				req.getRemoteAddr());
-				
-		MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class);
-		metadataAction.processRequest(pendingReq, 
-				req, resp, null);
-		
-	}
-	
-	//PVP2.x IDP POST-Binding end-point
-	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
-	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-		
-		PVPTargetConfiguration pendingReq = null;
-		
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new PostBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-						
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-		
-		} catch (MOAIDException e) {
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-			
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	//PVP2.x IDP Redirect-Binding end-point
-	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
-	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-			
-		}
-		PVPTargetConfiguration pendingReq = null;
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-			
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-			
-		} catch (MOAIDException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.info("Receive INVALID protocol request: " + samlRequest);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-						
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-						
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	
-	//PVP2.x IDP SOAP-Binding end-point
-	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
-	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-				
-		PVPTargetConfiguration pendingReq = null;
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new SoapBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-			
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-						
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-		
-		} catch (MOAIDException e) {			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-						
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	
-	
-	private void preProcess(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-			
-			InboundMessage msg = pendingReq.getRequest();
-		
-			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
-				
-			}
-			
-			if(!msg.isVerified()) {
-				samlVerificationEngine.verify(msg, 
-						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-				msg.setVerified(true);
-								
-			}
-							
-			if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
-				preProcessAuthRequest(request, response, pendingReq);
-			
-			else if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
-				preProcessAttributQueryRequest(request, response, pendingReq);
-
-			else if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
-				preProcessLogOut(request, response, pendingReq);
-			
-			else if (msg instanceof MOAResponse && 
-					((MOAResponse)msg).getResponse() instanceof LogoutResponse)
-				preProcessLogOut(request, response, pendingReq);
-			
-			else {
-				Logger.error("Receive unsupported PVP21 message");
-				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
-			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
-			
-			//switch to session authentication
-			performAuthentication(request, response, pendingReq);								
-	}
-
-	public boolean generateErrorMessage(Throwable e,
-			HttpServletRequest request, HttpServletResponse response,
-			IRequest protocolRequest) throws Throwable {
-		
-		if(protocolRequest == null) {
-			throw e;
-		}
-		
-		if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
-			throw e;
-		}
-		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
-		
-		Response samlResponse = 
-				SAML2Utils.createSAMLObject(Response.class);
-		Status status = SAML2Utils.createSAMLObject(Status.class);
-		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
-		
-		String moaError = null;
-		
-		if(e instanceof NoPassivAuthenticationException) {
-			statusCode.setValue(StatusCode.NO_PASSIVE_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));	
-			
-		} else if (e instanceof NameIDFormatNotSupportedException) {
-			statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-
-		} else if (e instanceof SLOException) {
-			//SLOExecpetions only occurs if session information is lost
-			return false;
-			
-		} else if(e instanceof PVP2Exception) {
-			PVP2Exception ex = (PVP2Exception) e;
-			statusCode.setValue(ex.getStatusCodeValue());
-			String statusMessageValue = ex.getStatusMessageValue();
-			if(statusMessageValue != null) {
-				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
-			}						
-			moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
-			
-		} else {
-			statusCode.setValue(StatusCode.RESPONDER_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-			moaError = statusMessager.getResponseErrorCode(e);
-		}
-		
-		
-		if (MiscUtil.isNotEmpty(moaError)) {
-			StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-			moaStatusCode.setValue(moaError);
-			statusCode.setStatusCode(moaStatusCode);
-		}
-		
-		status.setStatusCode(statusCode);
-		if(statusMessage.getMessage() != null) {
-			status.setStatusMessage(statusMessage);
-		}
-		samlResponse.setStatus(status);
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		samlResponse.setID(remoteSessionID);
-
-		samlResponse.setIssueInstant(new DateTime());
-		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		nissuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				pvpRequest.getAuthURL()));
-		nissuer.setFormat(NameID.ENTITY);
-		samlResponse.setIssuer(nissuer);
-		
-		IEncoder encoder = null;
-		
-		if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {			
-			encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-						
-		} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))  {
-			encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))  {
-			encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
-		}
-
-		if(encoder == null) {
-			// default to redirect binding
-			encoder = new RedirectBinding();
-		}
-
-		String relayState = null;
-		if (pvpRequest.getRequest() != null)
-			relayState = pvpRequest.getRequest().getRelayState();
-		
-		X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential();
-		
-		encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), 
-				relayState, signCred, protocolRequest);
-		return true;
-	}
-
-	public boolean validate(HttpServletRequest request,
-			HttpServletResponse response, IRequest pending) {
-		
-		return true;
-	}
-
-	
-	/**
-	 * PreProcess Single LogOut request
-	 * @param request
-	 * @param response
-	 * @param msg
-	 * @return
-	 * @throws EAAFException 
-	 * @throws MOAIDException 
-	 */
-	private void preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
-
-		InboundMessage inMsg = pendingReq.getRequest();		
-		MOARequest msg;
-		if (inMsg instanceof MOARequest && 
-				((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
-			//preProcess single logout request from service provider
-			
-			msg = (MOARequest) inMsg;
-			
-			EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
-			if(metadata == null) {
-				throw new NoMetadataInformationException();
-			}
-
-			String oaURL = metadata.getEntityID();
-			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-			
-			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
-						
-			pendingReq.setSPEntityId(oaURL);
-			pendingReq.setOnlineApplicationConfiguration(oa);
-			pendingReq.setBinding(msg.getRequestBinding());
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
-			
-
-						
-		} else if (inMsg instanceof MOAResponse && 
-				((MOAResponse)inMsg).getResponse() instanceof LogoutResponse) {
-			//preProcess single logour response from service provider
-						
-			LogoutResponse resp = (LogoutResponse) (((MOAResponse)inMsg).getResponse());
-			
-			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
-			
-//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
-//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-			
-			boolean isAllowedDestination = false;			
-			try {
-				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
-				
-			} catch (MalformedURLException e) {
-				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
-				
-			}
-			
-//			for (String prefix : allowedPublicURLPrefix) {
-//				if (resp.getDestination().startsWith(
-//					prefix)) {
-//					isAllowedDestination = true;
-//					break;
-//				}
-//			}
-						
-			if (!isAllowedDestination) {
-				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
-				throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
-				
-			}
-			
-			//TODO: check if relayState exists
-			inMsg.getRelayState();
-						
-						
-		} else 
-			throw new EAAFException("Unsupported request");
-		
-		
-		pendingReq.setRequest(inMsg);
-		pendingReq.setAction(SINGLELOGOUT);
-		
-		//Single LogOut Request needs no authentication 
-		pendingReq.setNeedAuthentication(false);
-		
-		//set protocol action, which should be executed
-		pendingReq.setAction(SingleLogOutAction.class.getName());
-	}
-	
-	/**
-	 * PreProcess AttributeQuery request 
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws Throwable
-	 */
-	private void preProcessAttributQueryRequest(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
-		AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
-		moaRequest.setEntityID(attrQuery.getIssuer().getValue());
-		
-		//validate destination
-		String destinaten = attrQuery.getDestination();
-		if (!PVPConfiguration.getInstance().getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
-			Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
-			throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
-			
-		}
-
-		//check if Issuer is an interfederation IDP		
-		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
-		if (!oa.isInderfederationIDP()) {
-			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
-			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
-			
-		}
-		
-		if (!oa.isOutboundSSOInterfederationAllowed()) {
-			Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
-			throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
-			
-		}
-					
-		//check active MOASession
-		String nameID = attrQuery.getSubject().getNameID().getValue();			
-		IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
-		if (session == null) {
-			Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
-			throw new AttributQueryException("auth.31", null);
-			
-		}
-		
-		//set preProcessed information into pending-request
-		pendingReq.setRequest(moaRequest);
-		pendingReq.setSPEntityId(moaRequest.getEntityID());
-		pendingReq.setOnlineApplicationConfiguration(oa);
-		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-		
-		//Attribute-Query Request needs authentication, because session MUST be already authenticated 
-		pendingReq.setNeedAuthentication(false);
-				
-		//set protocol action, which should be executed after authentication
-		pendingReq.setAction(AttributQueryAction.class.getName());
-
-		//add moasession
-		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
-				
-		//write revisionslog entry
-		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
-		
-		
-	}
-	
-	/**
-	 * PreProcess Authn request
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws Throwable
-	 */
-	private void preProcessAuthRequest(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-
-		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());		
-		SignableXMLObject samlReq =  moaRequest.getSamlRequest();
-
-		if(!(samlReq instanceof AuthnRequest)) {
-			throw new MOAIDException("Unsupported request", new Object[] {});
-		}
-				
-		EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider);
-		if(metadata == null) {
-			throw new NoMetadataInformationException();
-		}
-		SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		
-		AuthnRequest authnRequest = (AuthnRequest)samlReq;
-		
-		if (authnRequest.getIssueInstant() == null) {
-			Logger.warn("Unsupported request: No IssueInstant Attribute found.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, 
-					"Unsupported request: No IssueInstant Attribute found", pendingReq);
-			
-		}
-		
-		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
-			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
-					"Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
-			
-		}
-			
-		//parse AssertionConsumerService
-		AssertionConsumerService consumerService = null;
-		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && 
-				MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) {
-			//use AssertionConsumerServiceURL from request
-
-			//check requested AssertionConsumingService URL against metadata
-			List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices();
-			for (AssertionConsumerService service : metadataAssertionServiceList) {
-				if (authnRequest.getProtocolBinding().equals(service.getBinding())
-						&& authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) {
-					consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-					consumerService.setBinding(authnRequest.getProtocolBinding());
-					consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());					
-					Logger.debug("Requested AssertionConsumerServiceURL is valid.");
-				}				
-			}
-			
-			if (consumerService == null) {				
-				throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL());
-				
-			}
-
-
-		} else {
-			//use AssertionConsumerServiceIndex and select consumerService from metadata
-			Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
-			int assertionidx = 0;
-		
-			if(aIdx != null) {
-				assertionidx = aIdx.intValue();
-			
-			} else {				
-				assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
-				
-			}		
-			consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
-			
-			if (consumerService == null) {			
-				throw new InvalidAssertionConsumerServiceException(aIdx);
-				
-			}			
-		}
-		
-		
-		//select AttributeConsumingService from request
-		AttributeConsumingService attributeConsumer = null;		
-		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-		int attributeIdx = 0;
-	
-		if(aIdx != null) {
-			attributeIdx = aIdx.intValue();
-		}
-		
-		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
-		} 
-		
-		//validate AuthnRequest
-		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
-		AuthnRequestValidator.validate(authReq);
-		
-//		String useMandate = request.getParameter(PARAM_USEMANDATE);
-//		if(useMandate != null) {
-//			if(useMandate.equals("true") && attributeConsumer != null) {
-//				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-//					throw new MandateAttributesNotHandleAbleException();
-//				}
-//			}
-//		}
-						
-		String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
-		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-		
-		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
-
-		pendingReq.setSPEntityId(oaURL);
-		pendingReq.setOnlineApplicationConfiguration(oa);
-		pendingReq.setBinding(consumerService.getBinding());
-		pendingReq.setRequest(moaRequest);
-		pendingReq.setConsumerURL(consumerService.getLocation());
-		
-		//parse AuthRequest
-		pendingReq.setPassiv(authReq.isPassive());
-		pendingReq.setForce(authReq.isForceAuthn());
-		
-		//AuthnRequest needs authentication
-		pendingReq.setNeedAuthentication(true);
-
-		//set protocol action, which should be executed after authentication
-		pendingReq.setAction(AuthenticationAction.class.getName());
-		
-		//write revisionslog entry
-		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 67e7a47f3..cdd0b659e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,25 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egovernment.moa.id.data.Trible;
-
-public interface PVPConstants extends PVPAttributeConstants {
+public interface PVPConstants extends at.gv.egiz.eaaf.modules.pvp2.PVPConstants {
 	
 	public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
-		
-	public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
-	public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
-	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
-	public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-	
 	
 	public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
 	public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
@@ -52,84 +36,5 @@ public interface PVPConstants extends PVPAttributeConstants {
 	public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low";
 	public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial";
 	public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high";
-	
-	public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
-	
-	
-	
-	
-	public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
-	public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
-	public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
-	
-	/** 
-	 * 
-	 * Get required PVP attributes for egovtoken
-	 * First : PVP attribute name (OID) 
-	 * Second: FriendlyName
-	 * Third: Required
-	 * 
-	 */
-	public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = 
-			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
-				private static final long serialVersionUID = 1L;
-				{	
-					//currently supported attributes
-					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
-					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-					
-					//currently not supported attributes
-					add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
-					add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
-					
-					
-				}
-			});
-	
-	/** 
-	 * 
-	 * Get required PVP attributes for citizenToken
-	 * First : PVP attribute name (OID) 
-	 * Second: FriendlyName
-	 * Third: Required
-	 * 
-	 */
-	public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = 
-			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
-				private static final long serialVersionUID = 1L;
-				{	
-					//required attributes - eIDAS minimal-data set
-					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
-					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-					add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
-					add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
-					add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
-					
-					
-					//not required attributes
-					add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
-					add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
-					add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
-					
-					
-										
-				}
-			});
-	
+		
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
deleted file mode 100644
index 279d88860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.context.annotation.Scope;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-
-@Component("PVPTargetConfiguration")
-@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
-public class PVPTargetConfiguration extends RequestImpl {
-
-	
-	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
-	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
-	public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";	
-	
-	public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
-	
-	private static final long serialVersionUID = 4889919265919638188L;
-	
-	
-	
-	InboundMessage request;
-	String binding;
-	String consumerURL;
-		
-	public InboundMessage getRequest() {
-		return request;
-	}
-
-	public void setRequest(InboundMessage request) {
-		this.request = request;
-	}
-
-	public String getBinding() {
-		return binding;
-	}
-
-	public void setBinding(String binding) {
-		this.binding = binding;
-	}
-
-	public String getConsumerURL() {
-		return consumerURL;
-	}
-
-	public void setConsumerURL(String consumerURL) {
-		this.consumerURL = consumerURL;
-		
-	}
-
-//	/* (non-Javadoc)
-//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-//	 */
-//	@Override
-//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-//
-//		Map<String, String> reqAttr = new HashMap<String, String>();
-//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-//			reqAttr.put(el, "");
-//						
-//		try {			
-//			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-//			if (spSSODescriptor.getAttributeConsumingServices() != null && 
-//					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-//							
-//				Integer aIdx = null;
-//				if (getRequest() instanceof MOARequest && 
-//						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
-//					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
-//					aIdx = authnRequest.getAttributeConsumingServiceIndex();
-//					
-//				} else {
-//					Logger.error("MOARequest is NOT of type AuthnRequest");
-//				}
-//				
-//				int idx = 0;
-//
-//				AttributeConsumingService attributeConsumingService = null;
-//				
-//				if (aIdx != null) {
-//					idx = aIdx.intValue();
-//					attributeConsumingService = spSSODescriptor
-//							.getAttributeConsumingServices().get(idx);
-//					
-//				} else {
-//					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-//					for (AttributeConsumingService el : attrConsumingServiceList) {
-//						if (el.isDefault())
-//							attributeConsumingService = el;
-//					}				
-//				}
-//				
-//				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
-//					reqAttr.put(attr.getName(), "");
-//			}
-//			
-//			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-//			return reqAttr.keySet();
-//			
-//		} catch (NoMetadataInformationException e) {
-//			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
-//			return null;
-//					
-//		}
-//		
-//	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 6b945d692..ab88a765e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -44,7 +44,11 @@ import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.SLOException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -55,9 +59,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -86,12 +87,12 @@ public class SingleLogOutAction implements IAction {
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws EAAFException {
 
-		PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;  
+		PVPSProfilePendingRequest pvpReq = (PVPSProfilePendingRequest) req;  
 
-		if (pvpReq.getRequest() instanceof MOARequest &&
-				((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+		if (pvpReq.getRequest() instanceof PVPSProfileRequest &&
+				((PVPSProfileRequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
 			Logger.debug("Process Single LogOut request");
-			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+			PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 
 			String ssoSessionId = 
@@ -141,10 +142,10 @@ public class SingleLogOutAction implements IAction {
 			Logger.debug("Starting technical SLO process ... ");
 			sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
 													
-		} else if (pvpReq.getRequest() instanceof MOAResponse &&
-				((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
+		} else if (pvpReq.getRequest() instanceof PVPSProfileResponse &&
+				((PVPSProfileResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
 			Logger.debug("Process Single LogOut response");
-			LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
+			LogoutResponse logOutResp = (LogoutResponse) ((PVPSProfileResponse)pvpReq.getRequest()).getResponse();
 
 			//Transaction tx = null;
 
@@ -236,11 +237,11 @@ public class SingleLogOutAction implements IAction {
 								storageSuccess = true;
 								String redirectURL = null;
 								IRequest sloReq = sloContainer.getSloRequest();
-								if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+								if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
 									//send SLO response to SLO request issuer									
-									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
-									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
-									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
+									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloReq);
+									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloReq, sloContainer.getSloFailedOAs());
+									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPSProfilePendingRequest)sloReq).getRequest().getRelayState());
 
 								} else {
 									//print SLO information directly
@@ -324,7 +325,7 @@ public class SingleLogOutAction implements IAction {
 	 */
 	@Override
 	public String getDefaultActionName() {
-		return PVP2XProtocol.SINGLELOGOUT;
+		return PVPConstants.SINGLELOGOUT;
 	}
 
 	protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
deleted file mode 100644
index 71c5a46a4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.xml.security.SecurityException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-
-public interface IDecoder {
-	public InboundMessageInterface decode(HttpServletRequest req, 
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
-					throws MessageDecodingException, SecurityException, PVP2Exception;
-		
-	public boolean handleDecode(String action, HttpServletRequest req);
-	
-	public String getSAML2BindingName();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
deleted file mode 100644
index 409f995fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-
-public interface IEncoder {
-	
-	/**
-	 * 
-	 * @param req The http request
-	 * @param resp The http response
-	 * @param request The SAML2 request object
-	 * @param targetLocation URL, where the request should be transmit
-	 * @param relayState token for session handling
-	 * @param credentials Credential to sign the request object
-	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
-	 * @throws MessageEncodingException
-	 * @throws SecurityException
-	 * @throws PVP2Exception
-	 */
-	public void encodeRequest(HttpServletRequest req, 
-			HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
-					throws MessageEncodingException, SecurityException, PVP2Exception;
-	
-	/**
-	 * Encoder SAML Response
-	 * @param req The http request
-	 * @param resp The http response
-	 * @param response The SAML2 repsonse object
-	 * @param targetLocation URL, where the request should be transmit
-	 * @param relayState token for session handling
-	 * @param credentials Credential to sign the response object
-	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
-	 * @throws MessageEncodingException
-	 * @throws SecurityException
-	 */
-	public void encodeRespone(HttpServletRequest req, 
-			HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
-					throws MessageEncodingException, SecurityException, PVP2Exception;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
deleted file mode 100644
index 7bb64a106..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAURICompare implements URIComparator {
-
-	/**
-	 * @param idpssoPostService
-	 */
-	
-	private String serviceURL = "";
-	
-	public MOAURICompare(String serviceURL) {
-		this.serviceURL = serviceURL;
-	}
-
-	public boolean compare(String uri1, String uri2) {				
-		if (this.serviceURL.equals(uri1))		
-			return true;
-		
-		else {
-			Logger.warn("PVP request destination-endpoint: " + uri1 
-					+ " does not match to IDP endpoint:" + serviceURL);
-			return false;
-			
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
deleted file mode 100644
index 998249028..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ /dev/null
@@ -1,240 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPPOSTBinding")
-public class PostBinding implements IDecoder, IEncoder {
-	
-	@Autowired(required=true) AuthConfiguration authConfig;
-	@Autowired(required=true) GUIFormBuilderImpl guiBuilder;
-		
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)	
-			throws MessageEncodingException, SecurityException {
-	
-		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-		
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			//initialize POST binding encoder with template decoration
-			IGUIBuilderConfiguration guiConfig = 
-					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
-							pendingReq, 
-							"pvp_postbinding_template.html", 
-							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
-							null, 
-							authConfig.getRootConfigFileDir());								
-			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
-					VelocityProvider.getClassPathVelocityEngine());	
-			
-			//set OpenSAML2 process parameter into binding context dao
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
-			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-			service.setLocation(targetLocation);;
-		
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(request);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-			
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-		}
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException {
-
-		try {
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML POSTBinding response");
-			
-			//initialize POST binding encoder with template decoration
-			IGUIBuilderConfiguration guiConfig = 
-					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
-							pendingReq, 
-							"pvp_postbinding_template.html", 
-							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
-							null, 
-							authConfig.getRootConfigFileDir());								
-			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
-					VelocityProvider.getClassPathVelocityEngine());	
-			
-			//set OpenSAML2 process parameter into binding context dao			
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);			
-			context.setPeerEntityEndpoint(service);
-			// context.setOutboundMessage(authReq);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		//set metadata descriptor type
-		if (isSPEndPoint) {
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-			
-		} else {
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-		}
-							
-		messageContext.setMetadataProvider(metadataProvider);
-		
-		//set security policy context
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(
-				new MOAPVPSignedRequestPolicyRule(metadataProvider,
-						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
-						messageContext.getPeerEntityRole()));		
-		SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
-		messageContext.setSecurityPolicyResolver(secResolver);
-		
-		decode.decode(messageContext);
-		
-		InboundMessage msg = null;		
-		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {			
-			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-					.getInboundMessage();			
-			msg = new MOARequest(inboundMessage, getSAML2BindingName());
-			msg.setEntityID(inboundMessage.getIssuer().getValue());
-			
-		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
-			msg = new MOAResponse(inboundMessage);
-			msg.setEntityID(inboundMessage.getIssuer().getValue());
-			
-		} else
-			//create empty container if request type is unknown
-			msg = new InboundMessage();
-				
-		if (messageContext.getPeerEntityMetadata() != null)
-			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		
-		else {
-			if (MiscUtil.isEmpty(msg.getEntityID()))
-				Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-		}
-				
-
-		msg.setVerified(true);
-		msg.setRelayState(messageContext.getRelayState());
-		
-		return msg;
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST));
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_POST_BINDING_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
deleted file mode 100644
index caebd456b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOASAML2AuthRequestSignedRole;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPRedirectBinding")
-public class RedirectBinding implements IDecoder, IEncoder {
-	
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException {
-		
-//		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML RedirectBinding response");
-			
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(request);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, 
-			Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
-//		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML RedirectBinding response");
-			
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-			
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
-				new BasicParserPool());
-		
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		
-		//set metadata descriptor type
-		if (isSPEndPoint) {
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-			
-		} else {
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-		}
-							
-		messageContext.setMetadataProvider(metadataProvider);
-				
-		SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
-				TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-		MOASAML2AuthRequestSignedRole signedRole = new MOASAML2AuthRequestSignedRole();
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(signedRole);
-		policy.getPolicyRules().add(signatureRule);		
-		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-				policy);		
-		messageContext.setSecurityPolicyResolver(resolver);
-		
-		//set metadata descriptor type
-		if (isSPEndPoint)
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		else
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-		try {		
-			decode.decode(messageContext);		
-
-			//check signature
-			signatureRule.evaluate(messageContext);
-			
-		} catch (SecurityException e) {
-			if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) {
-				throw e;
-			
-			}
-			
-			if (metadataProvider instanceof IMOARefreshableMetadataProvider) {
-				Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
-				if (!((IMOARefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
-					throw e;
-				
-				else {
-					Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-					decode.decode(messageContext);		
-
-					//check signature
-					signatureRule.evaluate(messageContext);					
-										
-				}
-				Logger.trace("Second PVP2X message validation finished");
-				
-			} else {
-				throw e;
-				
-			}
-		}		
-					
-		InboundMessage msg = null;
-		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {			
-			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-					.getInboundMessage();			
-			msg = new MOARequest(inboundMessage, getSAML2BindingName());
-			
-			
-		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();			
-			msg = new MOAResponse(inboundMessage);
-			
-		} else 
-			//create empty container if request type is unknown
-			msg = new InboundMessage();
-
-		if (messageContext.getPeerEntityMetadata() != null)
-			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		
-		else
-			Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-		
-		msg.setVerified(true);
-		msg.setRelayState(messageContext.getRelayState());
-		
-		return msg;
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return ((action.equals(PVP2XProtocol.REDIRECT) || action.equals(PVP2XProtocol.SINGLELOGOUT)) 
-				&& req.getMethod().equals("GET"));
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
deleted file mode 100644
index 2b4374a64..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPSOAPBinding")
-public class SoapBinding implements IDecoder, IEncoder {
-
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	@Autowired private IDPCredentialProvider credentialProvider;
-	
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException, PVP2Exception {
-		HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = 
-				new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(
-						req));		
-		messageContext.setMetadataProvider(metadataProvider);
-
-		//TODO: update in a futher version: 
-		//      requires a special SignedSOAPRequestPolicyRole because 
-		//		messageContext.getInboundMessage() is not directly signed
-		
-		//set security context
-//		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-//		policy.getPolicyRules().add(
-//				new MOAPVPSignedRequestPolicyRule(
-//						TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
-//						SPSSODescriptor.DEFAULT_ELEMENT_NAME));		
-//		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-//				policy);			
-//		messageContext.setSecurityPolicyResolver(resolver);
-		
-		//decode message
-		soapDecoder.decode(messageContext);
-		
-		Envelope inboundMessage = (Envelope) messageContext
-				.getInboundMessage();
-		
-		if (inboundMessage.getBody() != null) {		
-			List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-		
-			if (!xmlElemList.isEmpty()) {
-				SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);			
-				MOARequest request = new MOARequest(attrReq, getSAML2BindingName());				
-				
-				if (messageContext.getPeerEntityMetadata() != null)
-					request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-				
-				else if (attrReq instanceof RequestAbstractType) {
-					RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
-					try {						
-						if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) && 
-								metadataProvider.getRole(
-										attributeRequest.getIssuer().getValue(), 
-										SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
-							request.setEntityID(attributeRequest.getIssuer().getValue());
-						
-					} catch (Exception e) {
-						Logger.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
-					}					
-				} 
-				
-				request.setVerified(false);			
-				return request;
-						
-			} 
-		}
-		
-		Logger.error("Receive empty PVP 2.1 attributequery request.");
-		throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (req.getMethod().equals("POST") && 
-				(action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY)));
-	}
-
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException, PVP2Exception {
-		
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException, PVP2Exception {
-//		try {
-//			Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-			
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_SOAP11_BINDING_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index f3af12a2c..b5f77ce1a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,14 +49,15 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.SamlAttributeGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -104,7 +105,7 @@ public class AttributQueryBuilder {
 			String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
 		
 		
-		try {
+		try { 
 		
 			AttributeQuery query = new AttributeQueryBuilder().buildObject();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
deleted file mode 100644
index 78ddab488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthResponseBuilder {
-
-	public static Response buildResponse(MetadataProvider metadataProvider, String issuerEntityID, RequestAbstractType req, DateTime date, Assertion assertion, boolean enableEncryption) throws InvalidAssertionEncryptionException, ConfigurationException {
-		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
-		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		
-		nissuer.setValue(issuerEntityID);
-		nissuer.setFormat(NameID.ENTITY);
-		authResponse.setIssuer(nissuer);
-		authResponse.setInResponseTo(req.getID());
-
-		//set responseID
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		authResponse.setID(remoteSessionID);
-		
-		
-		//SAML2 response required IssueInstant
-		authResponse.setIssueInstant(date);
-		
-		authResponse.setStatus(SAML2Utils.getSuccessStatus());
-				
-		//check, if metadata includes an encryption key				
-		MetadataCredentialResolver mdCredResolver = 
-				new MetadataCredentialResolver(metadataProvider);
-	
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
-	
-		X509Credential encryptionCredentials = null;
-		try {
-			encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
-				
-		} catch (SecurityException e2) {
-			Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
-			throw new InvalidAssertionEncryptionException();
-			
-		}
-			
-		if (encryptionCredentials != null && enableEncryption) {
-			//encrypt SAML2 assertion
-				
-			try {
-				
-				EncryptionParameters dataEncParams = new EncryptionParameters();
-				dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
-								
-				List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
-				KeyEncryptionParameters  keyEncParam = new KeyEncryptionParameters();
-			
-				keyEncParam.setEncryptionCredential(encryptionCredentials);
-				keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
-				KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
-						.getKeyInfoGeneratorManager().getDefaultManager()
-						.getFactory(encryptionCredentials);
-				keyEncParam.setKeyInfoGenerator(kigf.newInstance());
-				keyEncParamList.add(keyEncParam);
-											
-				Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); 
-				//samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
-				samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-				
-				EncryptedAssertion encryptAssertion = null;
-				
-				encryptAssertion = samlEncrypter.encrypt(assertion);
-				
-				authResponse.getEncryptedAssertions().add(encryptAssertion);
-				
-			} catch (EncryptionException e1) {
-				Logger.warn("Can not encrypt the PVP2 assertion", e1);
-				throw new InvalidAssertionEncryptionException();
-					
-			} 
-
-		} else {
-			authResponse.getAssertions().add(assertion);
-				
-		}
-		
-		return authResponse;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
deleted file mode 100644
index d2a63c72f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class CitizenTokenBuilder {
-
-	public static XMLObject buildAttributeStringValue(String value) {
-		XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
-		XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-		stringValue.setValue(value);
-		return stringValue;
-	}
-	
-	public static XMLObject buildAttributeIntegerValue(int value) {
-		XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
-		XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
-		integerValue.setValue(value);
-		return integerValue;
-	}
-	
-	public static Attribute buildStringAttribute(String friendlyName, 
-			String name, String value) {
-		Attribute attribute = 
-				SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.getAttributeValues().add(buildAttributeStringValue(value));
-		return attribute;
-	}
-	
-	public static Attribute buildIntegerAttribute(String friendlyName, 
-			String name, int value) {
-		Attribute attribute = 
-				SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
-		return attribute;
-	}
-	
-	public static Attribute buildPVPVersion(String value) {
-		return buildStringAttribute("PVP-VERSION",
-				"urn:oid:1.2.40.0.10.2.1.1.261.10", value);
-	}
-	
-	public static Attribute buildSecClass(int value) {
-		return buildIntegerAttribute("SECCLASS",
-				"", value);
-	}
-	
-	public static Attribute buildPrincipalName(String value) {
-		return buildStringAttribute("PRINCIPAL-NAME",
-				"urn:oid:1.2.40.0.10.2.1.1.261.20", value);
-	}
-	
-	public static Attribute buildGivenName(String value) {
-		return buildStringAttribute("GIVEN-NAME",
-				"urn:oid:2.5.4.42", value);
-	}
-	
-	public static Attribute buildBirthday(String value) {
-		return buildStringAttribute("BIRTHDATE",
-				"urn:oid:1.2.40.0.10.2.1.1.55", value);
-	}
-	
-	public static Attribute buildBPK(String value) {
-		return buildStringAttribute("BPK",
-				"urn:oid:1.2.40.0.10.2.1.1.149", value);
-	}
-	
-	public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
-		return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
-				"urn:oid:1.2.40.0.10.2.1.1.261.94", value);
-	}
-	
-	public static Attribute buildEID_ISSUING_NATION(String value) {
-		return buildStringAttribute("EID-ISSUING-NATION",
-				"urn:oid:1.2.40.0.10.2.1.1.261.32", value);
-	}
-	
-	public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
-		return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
-				"urn:oid:1.2.40.0.10.2.1.1.261.34", value);
-	}
-	
-	
-//	public static AttributeStatement buildCitizenToken(MOARequest obj,
-//			AuthenticationSession authSession) {
-//		AttributeStatement statement = 
-//				SAML2Utils.createSAMLObject(AttributeStatement.class);
-//
-//		//TL: AuthData generation is moved out from VerifyAuthBlockServlet
-//		try {
-//
-//			//TODO: LOAD oaParam from request and not from MOASession in case of SSO
-//			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-//					.getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
-//		
-//			AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
-//					oaParam,
-//					authSession.getTarget());
-//			
-//			Attribute pvpVersion = buildPVPVersion("2.1");
-//			Attribute secClass = buildSecClass(3);
-//			Attribute principalName = buildPrincipalName(authData.getFamilyName());
-//			Attribute givenName = buildGivenName(authData.getGivenName());
-//			Attribute birthdate = buildBirthday(authData.getDateOfBirth());
-//			
-//			//TL: getIdentificationValue holds the baseID  --> change to pBK
-//			Attribute bpk = buildBPK(authData.getBPK());
-//			
-//			Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
-//			Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
-//			Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
-//			
-//			statement.getAttributes().add(pvpVersion);
-//			statement.getAttributes().add(secClass);
-//			statement.getAttributes().add(principalName);
-//			statement.getAttributes().add(givenName);
-//			statement.getAttributes().add(birthdate);
-//			statement.getAttributes().add(bpk);
-//			statement.getAttributes().add(eid_citizen_qaa);
-//			statement.getAttributes().add(eid_issuing_nation);
-//			statement.getAttributes().add(eid_sector_for_id);
-//			
-//			return statement;
-//			
-//		} catch (ConfigurationException e) {
-//			
-//			// TODO: check Exception Handling
-//			return null;
-//		} catch (BuildException e) {
-//			
-//			// TODO: check Exception Handling
-//			return null;
-//		}
-//		
-//
-//	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
deleted file mode 100644
index 07da57d2a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ServiceLoader;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class PVPAttributeBuilder {
-	
-	private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator();
-	
-	private static HashMap<String, IAttributeBuilder> builders;
-	
-	private static ServiceLoader<IAttributeBuilder> attributBuilderLoader = 
-			ServiceLoader.load(IAttributeBuilder.class);
-	
-	private static void addBuilder(IAttributeBuilder builder) {
-		builders.put(builder.getName(), builder);
-	}
-	
-	static {
-		builders = new HashMap<String, IAttributeBuilder>();
-		
-		Logger.info("Loading protocol attribut-builder modules:");
-		if (attributBuilderLoader != null ) {		
-			Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator();
-			while (moduleLoaderInterator.hasNext()) {
-				try {
-					IAttributeBuilder modul = moduleLoaderInterator.next();
-					Logger.info("Loading attribut-builder Modul Information: " + modul.getName());
-					addBuilder(modul);
-					
-				} catch(Throwable e) {
-					Logger.error("Check configuration! " + "Some attribute-builder modul" + 
-							" is not a valid IAttributeBuilder", e);
-				}	
-			}
-		}
-		
-		Logger.info("Loading attribute-builder modules done");
-				
-	}
-	
-	
-	/**
-	 * Get a specific attribute builder
-	 * 
-	 * @param name Attribute-builder friendly name
-	 * 
-	 * @return Attribute-builder with this name or null if builder does not exists
-	 */
-	public static IAttributeBuilder getAttributeBuilder(String name) {
-		return builders.get(name);
-		
-	}
-	
-	public static Attribute buildAttribute(String name, ISPConfiguration  oaParam,
-			IAuthData authData) throws PVP2Exception, AttributeBuilderException {
-		if (builders.containsKey(name)) {
-			try {
-				return builders.get(name).build(oaParam, authData, generator);
-			}
-			catch (AttributeBuilderException e) {
-				if (e instanceof UnavailableAttributeException) {
-					throw e;
-				} else if (e instanceof InvalidDateFormatAttributeException) {
-					throw new InvalidDateFormatException();
-				} else if (e instanceof NoMandateDataAttributeException) {
-					throw new NoMandateDataAvailableException();
-				} else {
-					throw new UnprovideableAttributeException(name);
-				}
-			}
-		}
-		return null;
-	}
-	
-	public static Attribute buildEmptyAttribute(String name) {
-		if (builders.containsKey(name)) {
-			return builders.get(name).buildEmpty(generator);
-		}
-		return null;
-	}
-
-	public static Attribute buildAttribute(String name, String value) {
-		if (builders.containsKey(name)) {
-			return builders.get(name).buildEmpty(generator);
-		}
-		return null;
-	}
-	
-	
-	
-	public static List<Attribute> buildSupportedEmptyAttributes() {
-		List<Attribute> attributes = new ArrayList<Attribute>();
-		Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
-		while (builderIt.hasNext()) {
-			IAttributeBuilder builder = builderIt.next();
-			Attribute emptyAttribute = builder.buildEmpty(generator);
-			if (emptyAttribute != null) {
-				attributes.add(emptyAttribute);
-			}
-		}
-		return attributes;
-	}
-	
-	public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
-		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
-		attribute.setIsRequired(required);
-		attribute.setName(name);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		return attribute;
-	}
-	
-	/**
-	 * Build a set of PVP Response-Attributes
-	 * <br><br>
-	 * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is thrown.
-	 * Therefore, the return List must not include all requested attributes.    
-	 * 
-	 * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute values, but never <code>null</code>
-	 * @param reqAttributenName List of PVP attribute names which are requested, but never <code>null</code>
-	 * @return List of PVP attributes, but never <code>null</code>
-	 */
-	public static List<Attribute> buildSetOfResponseAttributes(IAuthData authData, 
-			Collection<String> reqAttributenName) {
-		List<Attribute> attrList = new ArrayList<Attribute>();
-		if (reqAttributenName != null) {		
-			Iterator<String> it = reqAttributenName.iterator();
-			while (it.hasNext()) {
-				String reqAttributName = it.next();
-				try {
-					Attribute attr = PVPAttributeBuilder.buildAttribute(
-							reqAttributName, null, authData);
-					if (attr == null) {
-						Logger.info(
-								"Attribute generation failed! for "
-										+ reqAttributName);
-					
-					} else {
-						attrList.add(attr);
-					
-					}
-									
-				} catch (PVP2Exception e) {
-					Logger.info(
-							"Attribute generation failed! for "
-									+ reqAttributName);
-				
-				} catch (Exception e) {
-					Logger.warn(
-							"General Attribute generation failed! for "
-									+ reqAttributName, e);
-				
-				}
-			}
-		}
-		
-		return attrList;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
deleted file mode 100644
index a55e873b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.security.NoSuchAlgorithmException;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@Service("PVPAuthnRequestBuilder")
-public class PVPAuthnRequestBuilder {
-	
-	@Autowired(required=true) ApplicationContext springContext;
-	
-	/**
-	 * Build a PVP2.x specific authentication request
-	 * 
-	 * @param pendingReq Currently processed pendingRequest 
-	 * @param config AuthnRequest builder configuration, never null
-	 * @param idpEntity SAML2 EntityDescriptor of the IDP, which receive this AuthnRequest, never null
-	 * @param httpResp
-	 * @throws NoSuchAlgorithmException 
-	 * @throws SecurityException 
-	 * @throws PVP2Exception 
-	 * @throws MessageEncodingException 
-	 */
-	public void buildAuthnRequest(IRequest pendingReq, IPVPAuthnRequestBuilderConfiguruation config, 
-			HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException {
-		//get IDP Entity element from config
-		EntityDescriptor idpEntity = config.getIDPEntityDescriptor();
-		
-		AuthnRequest authReq = SAML2Utils
-				.createSAMLObject(AuthnRequest.class);
-		
-		//select SingleSignOn Service endpoint from IDP metadata
-		SingleSignOnService endpoint = null;  
-		for (SingleSignOnService sss : 
-				idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-			
-			// use POST binding as default if it exists 
-			if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-				endpoint = sss; 
-				
-			} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) 
-					&& endpoint == null )
-				endpoint = sss;
-			
-		}
-		
-		if (endpoint == null) {
-			Logger.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() 
-					+ " does not support POST or Redirect Binding.");
-			throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()});
-			
-		} else
-			authReq.setDestination(endpoint.getLocation());
-		
-		
-		//set basic AuthnRequest information
-		String reqID = config.getRequestID();
-		if (MiscUtil.isNotEmpty(reqID))
-			authReq.setID(reqID);
-		
-		else {
-			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
-			authReq.setID(gen.generateIdentifier());
-			
-		}
-		
-		authReq.setIssueInstant(new DateTime());
-		
-		//set isPassive flag
-		if (config.isPassivRequest() == null)
-			authReq.setIsPassive(false);
-		else
-			authReq.setIsPassive(config.isPassivRequest());
-
-		//set EntityID of the service provider
-		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setFormat(NameIDType.ENTITY);
-		issuer.setValue(config.getSPEntityID());
-		authReq.setIssuer(issuer);
-
-		//set AssertionConsumerService ID
-		if (config.getAssertionConsumerServiceId() != null)
-			authReq.setAssertionConsumerServiceIndex(config.getAssertionConsumerServiceId());
-		
-		//set NameIDPolicy
-		if (config.getNameIDPolicyFormat() != null) {
-			NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
-			policy.setAllowCreate(config.getNameIDPolicyAllowCreation());
-			policy.setFormat(config.getNameIDPolicyFormat());
-			authReq.setNameIDPolicy(policy);
-		}
-		
-		//set requested QAA level
-		if (config.getAuthnContextClassRef() != null) {
-			RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class);		
-			AuthnContextClassRef authnClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-		
-			authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef());
-			
-			if (config.getAuthnContextComparison() == null)
-				reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-			else
-				reqAuthContext.setComparison(config.getAuthnContextComparison());
-			
-			reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);					
-			authReq.setRequestedAuthnContext(reqAuthContext);
-		}
-						
-		//set request Subject element
-		if (MiscUtil.isNotEmpty(config.getSubjectNameID())) {
-			Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class);
-			NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-			
-			subjectNameID.setValue(config.getSubjectNameID());
-			if (MiscUtil.isNotEmpty(config.getSubjectNameIDQualifier()))
-				subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier());
-			
-			if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat()))
-				subjectNameID.setFormat(config.getSubjectNameIDFormat());
-			else
-				subjectNameID.setFormat(NameID.TRANSIENT);
-			
-			reqSubject.setNameID(subjectNameID);
-						
-			if (config.getSubjectConformationDate() != null) {
-				SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
-				SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);			
-				subjectConformation.setSubjectConfirmationData(subjectConformDate);
-				reqSubject.getSubjectConfirmations().add(subjectConformation );
-							
-				if (config.getSubjectConformationMethode() != null)
-					subjectConformation.setMethod(config.getSubjectConformationMethode());
-								
-				subjectConformDate.setDOM(config.getSubjectConformationDate());
-								
-			}
-						
-			authReq.setSubject(reqSubject );
-						
-		}
-		
-		//TODO: implement requested attributes
-		//maybe: config.getRequestedAttributes();
-		
-		//select message encoder
-		IEncoder binding = null;
-		if (endpoint.getBinding().equals(
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-														
-		} else if (endpoint.getBinding().equals(
-				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		}
-		
-		//encode message
-		binding.encodeRequest(null, httpResp, authReq, 
-				endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
deleted file mode 100644
index e2ac50e5e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ /dev/null
@@ -1,442 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.KeyDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.SecurityHelper;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Document;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-
-@Service("PVPMetadataBuilder")
-public class PVPMetadataBuilder {
-
-	X509KeyInfoGeneratorFactory keyInfoFactory = null;
-	
-	/**
-	 * 
-	 */
-	public PVPMetadataBuilder() {
-		keyInfoFactory = new X509KeyInfoGeneratorFactory();
-		keyInfoFactory.setEmitEntityIDAsKeyName(true);
-		keyInfoFactory.setEmitEntityCertificate(true);
-		
-	}
-	
-	
-	/**
-	 * 
-	 * Build PVP 2.1 conform SAML2 metadata
-	 * 
-	 * @param config 
-	 * 				PVPMetadataBuilder configuration
-	 * 
-	 * @return PVP metadata as XML String
-	 * @throws SecurityException 
-	 * @throws ConfigurationException 
-	 * @throws CredentialsNotAvailableException 
-	 * @throws TransformerFactoryConfigurationError 
-	 * @throws MarshallingException 
-	 * @throws TransformerException 
-	 * @throws ParserConfigurationException 
-	 * @throws IOException 
-	 * @throws SignatureException 
-	 */
-	public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException {				
-		DateTime date = new DateTime();
-		EntityDescriptor entityDescriptor = SAML2Utils
-				.createSAMLObject(EntityDescriptor.class);
-		
-		//set entityID
-		entityDescriptor.setEntityID(config.getEntityID());		
-								
-		//set contact and organisation information
-		List<ContactPerson> contactPersons = config.getContactPersonInformation();
-		if (contactPersons != null)
-			entityDescriptor.getContactPersons().addAll(contactPersons);
-		
-		Organization organisation = config.getOrgansiationInformation();
-		if (organisation != null)
-			entityDescriptor.setOrganization(organisation);
-
-		//set IDP metadata
-		if (config.buildIDPSSODescriptor()) {
-			RoleDescriptor idpSSODesc = generateIDPMetadata(config);
-			if (idpSSODesc != null)
-				entityDescriptor.getRoleDescriptors().add(idpSSODesc);
-						
-		}
-		
-		//set SP metadata for interfederation
-		if (config.buildSPSSODescriptor()) {
-			RoleDescriptor spSSODesc = generateSPMetadata(config);
-			if (spSSODesc != null)
-				entityDescriptor.getRoleDescriptors().add(spSSODesc);
-		
-		}
-
-		//set metadata signature parameters
-		Credential metadataSignCred = config.getMetadataSigningCredentials();		
-		Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
-		SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
-				
-		//initialize XML document builder
-		DocumentBuilder builder;
-		DocumentBuilderFactory factory = DocumentBuilderFactory
-				.newInstance();
-
-		builder = factory.newDocumentBuilder();
-		Document document = builder.newDocument();
-		
-
-		//build entities descriptor
-		if (config.buildEntitiesDescriptorAsRootElement()) {
-			EntitiesDescriptor entitiesDescriptor = 
-					SAML2Utils.createSAMLObject(EntitiesDescriptor.class);					
-			entitiesDescriptor.setName(config.getEntityFriendlyName());
-			entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());							
-			entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));			
-			entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
-			
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			entitiesDescriptor.setSignature(signature);
-			
-			
-			//marshall document
-			Marshaller out = Configuration.getMarshallerFactory()
-					.getMarshaller(entitiesDescriptor);
-			out.marshall(entitiesDescriptor, document);
-						
-		} else {
-			entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
-			entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
-			
-			entityDescriptor.setSignature(signature);
-			
-			
-			
-			//marshall document
-			Marshaller out = Configuration.getMarshallerFactory()
-					.getMarshaller(entityDescriptor);
-			out.marshall(entityDescriptor, document);
-			
-		}
-		
-		//sign metadata
-		Signer.signObject(signature);
-
-		//transform metadata object to XML string
-		Transformer transformer = TransformerFactory.newInstance()
-				.newTransformer();
-
-		StringWriter sw = new StringWriter();
-		StreamResult sr = new StreamResult(sw);
-		DOMSource source = new DOMSource(document);
-		transformer.transform(source, sr);
-		sw.close();
-
-		return sw.toString();
-	}
-	
-	
-	private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {		
-		SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class);
-		spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-		spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
-		spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned());
-	
-		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-		
-		//Set AuthRequest Signing certificate
-		Credential authcredential = config.getRequestorResponseSigningCredentials();
-		if (authcredential == null) {
-			Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. ");			
-			return null;
-						
-		} else {			
-			KeyDescriptor signKeyDescriptor = SAML2Utils
-					.createSAMLObject(KeyDescriptor.class);
-			signKeyDescriptor.setUse(UsageType.SIGNING);
-			signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));	
-			spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-			
-		}
-		
-		//Set assertion encryption credentials		
-		Credential authEncCredential = config.getEncryptionCredentials();			
-
-		if (authEncCredential != null) {
-			KeyDescriptor encryKeyDescriptor = SAML2Utils
-					.createSAMLObject(KeyDescriptor.class);
-			encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
-			encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));	
-			spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
-			
-		} else {
-			Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
-			
-		}
-
-		//check nameID formates
-		if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) {
-			Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
-			return null;
-			
-		} else {
-			for (String format : config.getSPAllowedNameITTypes()) {
-				NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
-				nameIDFormat.setFormat(format);		
-				spSSODescriptor.getNameIDFormats().add(nameIDFormat);
-						 	
-			}			
-		}
-		
-
-		//add POST-Binding assertion consumer services
-		if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) {
-			AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);		
-			postassertionConsumerService.setIndex(0);
-			postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL());	
-			postassertionConsumerService.setIsDefault(true);
-			spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
-			
-		}
-		
-		//add POST-Binding assertion consumer services
-		if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) {
-			AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);		
-			redirectassertionConsumerService.setIndex(1);
-			redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL());
-			spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
-			
-		}
-		
-		//validate WebSSO endpoints
-		if (spSSODescriptor.getAssertionConsumerServices().size() == 0) {
-			Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. ");
-			return null;
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLOPostBindingURL())) {
-			SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			postSLOService.setLocation(config.getSPSLOPostBindingURL());
-			postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(postSLOService);
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLORedirectBindingURL())) {
-			SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			redirectSLOService.setLocation(config.getSPSLORedirectBindingURL());
-			redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLOSOAPBindingURL())) {
-			SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			soapSLOService.setLocation(config.getSPSLOSOAPBindingURL());
-			soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(soapSLOService);
-			
-		}
-		
-		
-		//add required attributes
-		List<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes();
-		AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);		
-			
-		attributeService.setIndex(0);
-		attributeService.setIsDefault(true);
-		ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
-		serviceName.setName(new LocalizedString("Default Service", "en"));
-		attributeService.getNames().add(serviceName);
-
-		if (reqSPAttr != null && reqSPAttr.size() > 0) {
-			Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata");
-			attributeService.getRequestAttributes().addAll(reqSPAttr);
-			
-		} else {
-			Logger.debug("SP metadata contains NO requested attributes.");
-			
-		}
-			
-		spSSODescriptor.getAttributeConsumingServices().add(attributeService);
-						
-		return spSSODescriptor;
-	}
-	
-	private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {					
-		//check response signing credential
-		Credential responseSignCred = config.getRequestorResponseSigningCredentials();
-		if (responseSignCred == null) {
-			Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. ");			
-			return null;
-			
-		}
-
-		//check nameID formates
-		if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) {
-			Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
-			return null;
-			
-		}
-				
-		// build SAML2 IDP-SSO descriptor element
-		IDPSSODescriptor idpSSODescriptor = SAML2Utils
-				.createSAMLObject(IDPSSODescriptor.class);
-
-		idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
-		//set ass default value, because PVP 2.x specification defines this feature as MUST
-		idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());			
-		
-		// add WebSSO descriptor for POST-Binding
-		if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) {
-			SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
-			postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL());
-			postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-						
-		}
-		
-		// add WebSSO descriptor for Redirect-Binding
-		if (MiscUtil.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) {
-			SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
-			postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL());
-			postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-						
-		}
-		
-		//add Single LogOut POST-Binding endpoing
-		if (MiscUtil.isNotEmpty(config.getIDPSLOPostBindingURL())) {
-			SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			postSLOService.setLocation(config.getIDPSLOPostBindingURL());
-			postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
-			
-		}
-		
-		//add Single LogOut Redirect-Binding endpoing
-		if (MiscUtil.isNotEmpty(config.getIDPSLORedirectBindingURL())) {
-			SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL());
-			redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-			
-		}
-		
-		//validate WebSSO endpoints
-		if (idpSSODescriptor.getSingleSignOnServices().size() == 0) {
-			Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. ");
-			return null;
-			
-		}
-				
-		//set assertion signing key
-		KeyDescriptor signKeyDescriptor = SAML2Utils
-				.createSAMLObject(KeyDescriptor.class);
-		signKeyDescriptor.setUse(UsageType.SIGNING);
-		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-		signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials()));
-		idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
-		//set IDP attribute set
-		idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes());
-			
-		//set providable nameID formats
-		for (String format : config.getIDPPossibleNameITTypes()) {
-			NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
-			nameIDFormat.setFormat(format);		
-			idpSSODescriptor.getNameIDFormats().add(nameIDFormat);
-						
-		}
-			
-		return idpSSODescriptor;
-		
-	}
-		
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index a1d7f5d3a..53606b341 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -75,37 +75,39 @@ import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -120,14 +122,15 @@ public class SingleLogOutBuilder {
 	@Autowired(required=true) ApplicationContext springContext;
 	@Autowired private IDPCredentialProvider credentialProvider;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired private IGUIFormBuilder guiBuilder;
+	@Autowired private IGUIFormBuilder guiBuilder; 
 	@Autowired(required=true) protected IRevisionLogger revisionsLogger;
 	@Autowired private ITransactionStorage transactionStorage;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
 	public void toTechnicalLogout(ISLOInformationContainer sloContainer, 
-			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {		
+			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws EAAFException {		
 		Logger.trace("Starting Service-Provider logout process ... ");		
 		revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
 		
@@ -174,7 +177,7 @@ public class SingleLogOutBuilder {
 		}
 						
 		IRequest pendingReq = null;		
-		PVPTargetConfiguration pvpReq = null;
+		PVPSProfilePendingRequest pvpReq = null;
 		//start service provider front channel logout process
 		try {
 			if (sloContainer.hasFrontChannelOA()) {
@@ -221,9 +224,9 @@ public class SingleLogOutBuilder {
 								
 			} else {
 				pendingReq = sloContainer.getSloRequest();
-				if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+				if (pendingReq != null && pendingReq instanceof PVPSProfilePendingRequest) {
 					//send SLO response to SLO request issuer
-					pvpReq = (PVPTargetConfiguration)pendingReq;
+					pvpReq = (PVPSProfilePendingRequest)pendingReq;
 					SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
 					LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
 					sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
@@ -321,10 +324,11 @@ public class SingleLogOutBuilder {
 	 * @param httpResp
 	 * @param relayState
 	 * @return 
+	 * @throws CredentialsNotAvailableException 
 	 */
 	public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType,
 			RequestAbstractType sloReq, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, String relayState) throws MOAIDException {
+			HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
 		
 		try {
 			X509Credential credentials = credentialProvider
@@ -332,7 +336,7 @@ public class SingleLogOutBuilder {
 
 			Logger.debug("create SAML RedirectBinding response");
 			
-			MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();			
+			StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();			
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			SingleLogoutService service = new SingleLogoutServiceBuilder()
 					.buildObject();
@@ -356,7 +360,7 @@ public class SingleLogOutBuilder {
 
 	public String getFrontChannelSLOMessageURL(SingleLogoutService service,
 			StatusResponseType sloResp, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, String relayState) throws MOAIDException {
+			HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
 		
 		try {
 			X509Credential credentials = credentialProvider
@@ -364,7 +368,7 @@ public class SingleLogOutBuilder {
 
 			Logger.debug("create SAML RedirectBinding response");
 			
-			MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();			
+			StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();			
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			context.setOutboundSAMLMessageSigningCredential(credentials);
 			context.setPeerEntityEndpoint(service);
@@ -384,7 +388,7 @@ public class SingleLogOutBuilder {
 	
 	public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, 
 			LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, 
-			String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
+			String relayState, PVPSProfilePendingRequest pvpReq) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException {
 		IEncoder binding = null;
 		if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
@@ -417,7 +421,7 @@ public class SingleLogOutBuilder {
 	}
 	
 	
-	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
+	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws EAAFException {
 		LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
 		
 		SecureRandomIdentifierGenerator gen;
@@ -433,7 +437,7 @@ public class SingleLogOutBuilder {
 
 		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
+		issuer.setValue(pvpBasicConfiguration.getIDPEntityId(sloDescr.getAuthURL()));
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
 		sloReq.setIssueInstant(now);
@@ -477,7 +481,7 @@ public class SingleLogOutBuilder {
 		return sloReq;		
 	}
 	
-	public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
+	public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, String firstLevelStatusCode) throws EAAFException {
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status = SAML2Utils.createSAMLObject(Status.class);
@@ -494,7 +498,7 @@ public class SingleLogOutBuilder {
 		return sloResp;
 	}
 	
-	public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws MOAIDException {		
+	public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, List<String> failedOAs) throws EAAFException {		
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status;
@@ -519,11 +523,10 @@ public class SingleLogOutBuilder {
 		
 	}
 	
-	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest) throws EAAFException {
 		LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);		
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);		
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				spRequest.getAuthURLWithOutSlash()));
+		issuer.setValue(pvpBasicConfiguration.getIDPEntityId(spRequest.getAuthURLWithOutSlash()));
 		issuer.setFormat(NameID.ENTITY);
 		sloResp.setIssuer(issuer);		
 		sloResp.setIssueInstant(new DateTime());		
@@ -540,9 +543,9 @@ public class SingleLogOutBuilder {
 			
 		}			
 
-		if (spRequest.getRequest() instanceof MOARequest &&
-				((MOARequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
-			LogoutRequest sloReq =  (LogoutRequest) ((MOARequest)spRequest.getRequest()).getSamlRequest();
+		if (spRequest.getRequest() instanceof PVPSProfileRequest &&
+				((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+			LogoutRequest sloReq =  (LogoutRequest) ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest();
 			sloResp.setInResponseTo(sloReq.getID());
 			
 		}
@@ -592,8 +595,8 @@ public class SingleLogOutBuilder {
 
 	}
 	
-	public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
-		MOARequest moaReq = (MOARequest) spRequest.getRequest();
+	public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+		PVPSProfileRequest moaReq = (PVPSProfileRequest) spRequest.getRequest();
 		EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
 		SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
 		
@@ -655,7 +658,8 @@ public class SingleLogOutBuilder {
 											oa.getUserNameID(), 
 											oa.getUserNameIDFormat(), 
 											oa.getProtocolType(),
-											sloDesc));
+											sloDesc.getBinding(),
+											sloDesc.getLocation()));
 						
 							else
 								container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(), 
@@ -666,7 +670,8 @@ public class SingleLogOutBuilder {
 											oa.getUserNameID(), 
 											oa.getUserNameIDFormat(), 
 											oa.getProtocolType(),
-											sloDesc));
+											sloDesc.getBinding(),
+											sloDesc.getLocation()));
 							
 						} catch (NOSLOServiceDescriptorException e) {
 							container.putFailedOA(oa.getOaurlprefix());
@@ -707,7 +712,8 @@ public class SingleLogOutBuilder {
 										el.getUserNameID(), 
 										NameID.TRANSIENT, 
 										PVP2XProtocol.NAME,
-										sloDesc));
+										sloDesc.getBinding(),
+										sloDesc.getLocation()));
 						
 					} catch (NOSLOServiceDescriptorException e) {
 						container.putFailedOA(el.getIdpurlprefix());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
deleted file mode 100644
index 056e2bba0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ /dev/null
@@ -1,543 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
-
-import java.security.MessageDigest;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.w3c.dom.Element;
-
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
-import at.gv.egovernment.moa.id.util.QAALevelVerifier;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class PVP2AssertionBuilder implements PVPConstants {
-	
-	/**
-	 * Build a PVP assertion as response for a SAML2 AttributeQuery request
-	 * 
-	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
-	 * @param attrQuery AttributeQuery request from Service-Provider
-	 * @param attrList List of PVP response attributes
-	 * @param now Current time 
-	 * @param validTo ValidTo time of the assertion
-	 * @param qaaLevel QAA level of the authentication
-	 * @param sessionIndex SAML2 SessionIndex, which should be included	 * 
-	 * @return PVP 2.1 Assertion
-	 * @throws ConfigurationException
-	 */
-	public static Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery,
-			List<Attribute> attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws ConfigurationException {
-			
-		AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-		authnContextClassRef.setAuthnContextClassRef(qaaLevel);
-		
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
-		subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
-		
-		SubjectConfirmationData subjectConfirmationData = null;
-		
-		return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now, 
-				authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
-				validTo);
-	}
-	
-	
-	/**
-	 * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest
-	 * 
-	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
-	 * @param pendingReq Current processed pendingRequest DAO
-	 * @param authnRequest Current processed PVP AuthnRequest
-	 * @param authData AuthenticationData of the user, which is already authenticated
-	 * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response
-	 * @param date TimeStamp
-	 * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used
-	 * @param sloInformation Single LogOut information DAO
-	 * @return
-	 * @throws MOAIDException
-	 */
-	public static Assertion buildAssertion(String issuerEntityID, PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
-			IAuthData authData, EntityDescriptor peerEntity, DateTime date, 
-			AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
-			throws MOAIDException {
-
-		RequestedAuthnContext reqAuthnContext = authnRequest
-				.getRequestedAuthnContext();
-
-		AuthnContextClassRef authnContextClassRef = SAML2Utils
-				.createSAMLObject(AuthnContextClassRef.class);
-		
-		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
-		
-		if (reqAuthnContext == null) {
-			 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-			
-		} else {
-
-			boolean eIDAS_qaa_found = false;
-	
-			List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
-					.getAuthnContextClassRefs();
-		
-			if (reqAuthnContextClassRefIt.size() == 0) {			 
-				QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
-			
-				eIDAS_qaa_found = true;
-				authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
-			 
-			} else {
-				for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
-					String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					
-					if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
-						Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
-						qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
-						
-					}
-					
-					if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
-							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
-							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
-					
-						 if (authData.isForeigner()) {
-							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
-							 
-							 eIDAS_qaa_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-							 
-						 } else {
-							 
-							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), 
-									 qaa_uri.trim());
-							 
-							 eIDAS_qaa_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-							 							 
-						 }
-						 break;
-					 }
-				 }
-			 }
-	
-			if (!eIDAS_qaa_found)
-				throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
-				
-		}
-		
-
-
-		SPSSODescriptor spSSODescriptor = peerEntity
-				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-				
-		//add Attributes to Assertion
-		List<Attribute> attrList = new ArrayList<Attribute>();
-		if (spSSODescriptor.getAttributeConsumingServices() != null && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-		
-			Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-			int idx = 0;
-
-			AttributeConsumingService attributeConsumingService = null;						
-			if (aIdx != null) {
-				idx = aIdx.intValue();
-				attributeConsumingService = spSSODescriptor
-						.getAttributeConsumingServices().get(idx);
-				
-			} else {
-				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-				for (AttributeConsumingService el : attrConsumingServiceList) {
-					if (el.isDefault())
-						attributeConsumingService = el;
-				}				
-			}
-			
-			/* 
-			 * TODO: maybe use first AttributeConsumingService if no is selected 
-			 * in request or on service is marked as default
-			 * 
-			 */
-			if (attributeConsumingService == null ) {
-				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-				if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty())
-					attributeConsumingService = attrConsumingServiceList.get(0);
-								
-			}
-			
-			
-			if (attributeConsumingService != null) {						
-				Iterator<RequestedAttribute> it = attributeConsumingService
-						.getRequestAttributes().iterator();
-				while (it.hasNext()) {
-					RequestedAttribute reqAttribut = it.next();
-					try {
-						Attribute attr = PVPAttributeBuilder.buildAttribute(
-								reqAttribut.getName(), oaParam, authData);
-						if (attr == null) {
-							if (reqAttribut.isRequired()) {
-								throw new UnprovideableAttributeException(
-										reqAttribut.getName());
-							}
-						} else {
-							attrList.add(attr);
-						}
-					
-					} catch (UnavailableAttributeException e) {
-						Logger.info(
-								"Attribute generation for "
-										+ reqAttribut.getFriendlyName() + " not possible.");
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					
-					} catch (PVP2Exception e) {
-						Logger.info(
-								"Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName());
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					} catch (Exception e) {
-						Logger.warn(
-								"General Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName(), e);
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					}
-				}
-			}
-		}
-		
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		
-		//build nameID and nameID Format from moasession
-		//TODO: nameID generation
-		if (authData instanceof IMOAAuthData && 
-				((IMOAAuthData)authData).isUseMandate()) {
-			String bpktype = null;
-			String bpk = null;
-			
-			Element mandate = ((IMOAAuthData)authData).getMandate();
-			if(mandate != null) {
-				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if(mandateObject == null) {
-					throw new NoMandateDataAvailableException();
-				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
-				
-				IdentificationType id;
-				if(corporation != null && corporation.getIdentification().size() > 0)
-					id = corporation.getIdentification().get(0);
-	
-					
-				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
-					id = pysicalperson.getIdentification().get(0);
-					
-				else {
-					Logger.error("Failed to generate IdentificationType");
-					throw new NoMandateDataAvailableException();		
-				}
-			
-				bpktype = id.getType();
-				bpk = id.getValue().getValue();
-								
-			} else {
-				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
-				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
-				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
-				
-				if (MiscUtil.isEmpty(bpk)) {
-					//no sourcePin is included --> search for bPK
-					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
-					
-					try {
-						if (bpk.contains(":"))
-							bpk = bpk.split(":")[1];
-						
-					} catch (Exception e) {
-						Logger.warn("Can not split bPK from mandator attribute!", e);
-						
-					}
-					
-					//set bPK-Type from configuration, because it MUST be equal to service-provider type
-					bpktype = oaParam.getAreaSpecificTargetIdentifier();
-										
-				} else {
-					//sourcePin is include --> check sourcePinType
-					if (MiscUtil.isEmpty(bpktype))
-						bpktype = Constants.URN_PREFIX_BASEID;
-					
-				}				
-			}
-			
-			if (MiscUtil.isEmpty(bpk) || MiscUtil.isEmpty(bpktype)) {
-				throw new NoMandateDataAvailableException();
-				
-			}
-			
-			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {				
-				Pair<String, String> calcbPK = new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, oaParam.getAreaSpecificTargetIdentifier());								
-				subjectNameID.setValue(calcbPK.getFirst());
-				subjectNameID.setNameQualifier(calcbPK.getSecond());
-				
-				
-			} else {
-				subjectNameID.setNameQualifier(bpktype);
-				subjectNameID.setValue(bpk);
-			}
-					
-		} else {
-			subjectNameID.setNameQualifier(authData.getBPKType());
-			subjectNameID.setValue(authData.getBPK());
-		}
-		
-		String nameIDFormat = NameID.TRANSIENT;
-		
-		//get NameIDFormat from request		
-		AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
-		if (authnReq.getNameIDPolicy() != null && 
-				MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
-			nameIDFormat = authnReq.getNameIDPolicy().getFormat();
-			
-		} else {
-			//get NameIDFormat from metadata
-			List<NameIDFormat> metadataNameIDFormats = spSSODescriptor.getNameIDFormats();
-			
-			if (metadataNameIDFormats != null) {
-				
-				for (NameIDFormat el : metadataNameIDFormats) {
-					if (NameID.PERSISTENT.equals(el.getFormat())) {
-						nameIDFormat = NameID.PERSISTENT;
-						break;
-						
-					} else if (NameID.TRANSIENT.equals(el.getFormat()) ||
-							NameID.UNSPECIFIED.equals(el.getFormat()))
-						break;
-					
-				}				
-			}
-		}
-	
-		if (NameID.TRANSIENT.equals(nameIDFormat) || NameID.UNSPECIFIED.equals(nameIDFormat)) {
-			String random = Random.nextRandom();
-			String nameID = subjectNameID.getValue();
-			
-			try {
-				MessageDigest md = MessageDigest.getInstance("SHA-1");
-				byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));			
-				subjectNameID.setValue(Base64Utils.encode(hash));
-				subjectNameID.setNameQualifier(null);
-				subjectNameID.setFormat(NameID.TRANSIENT);
-				
-			} catch (Exception e) {
-				Logger.warn("PVP2 subjectNameID error", e);
-				throw new MOAIDException("pvp2.13", null, e);
-			}
-			
-		} else 
-			subjectNameID.setFormat(nameIDFormat);
-			
-
-		String sessionIndex = null;
-					
-		//if request is a reauthentication and NameIDFormat match reuse old session information
-		if (MiscUtil.isNotEmpty(authData.getNameID()) && 
-				MiscUtil.isNotEmpty(authData.getNameIDFormat()) && 
-				nameIDFormat.equals(authData.getNameIDFormat())) {
-			subjectNameID.setValue(authData.getNameID());
-			sessionIndex = authData.getSessionIndex();
-			
-		}
-		
-		//
-		if (MiscUtil.isEmpty(sessionIndex))
-			sessionIndex = SAML2Utils.getSecureIdentifier();
-									
-		SubjectConfirmationData subjectConfirmationData = SAML2Utils
-				.createSAMLObject(SubjectConfirmationData.class);
-		subjectConfirmationData.setInResponseTo(authnRequest.getID());
-		subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
-//		subjectConfirmationData.setNotBefore(date);
-		
-		//set 'recipient' attribute in subjectConformationData 
-		subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
-		
-		//set IP address of the user machine as 'Address' attribute in subjectConformationData 
-		String usersIPAddress = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class);
-		if (MiscUtil.isNotEmpty(usersIPAddress))
-			subjectConfirmationData.setAddress(usersIPAddress);
-		
-		//set SLO information
-		sloInformation.setUserNameIdentifier(subjectNameID.getValue());
-		sloInformation.setNameIDFormat(subjectNameID.getFormat());
-		sloInformation.setSessionIndex(sessionIndex);
-		
-		return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
-	}
-	
-	/**
-	 * 
-	 * @param issuer IDP EntityID
-	 * @param entityID Service Provider EntityID
-	 * @param date 
-	 * @param authnContextClassRef
-	 * @param attrList
-	 * @param subjectNameID
-	 * @param subjectConfirmationData
-	 * @param sessionIndex
-	 * @param isValidTo
-	 * @return
-	 * @throws ConfigurationException
-	 */
-	
-	public static Assertion buildGenericAssertion(String issuer, String entityID, DateTime date, 
-			AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, 
-			NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, 
-			String sessionIndex, DateTime isValidTo) throws ConfigurationException {
-		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
-		
-		AuthnContext authnContext = SAML2Utils
-				.createSAMLObject(AuthnContext.class);
-		authnContext.setAuthnContextClassRef(authnContextClassRef);
-
-		AuthnStatement authnStatement = SAML2Utils
-				.createSAMLObject(AuthnStatement.class);
-		
-		authnStatement.setAuthnInstant(date);
-		authnStatement.setSessionIndex(sessionIndex);
-		authnStatement.setAuthnContext(authnContext);
-
-		assertion.getAuthnStatements().add(authnStatement);
-		
-		AttributeStatement attributeStatement = SAML2Utils
-				.createSAMLObject(AttributeStatement.class);		
-		attributeStatement.getAttributes().addAll(attrList);		
-		if (attributeStatement.getAttributes().size() > 0) {
-			assertion.getAttributeStatements().add(attributeStatement);
-		}
-		
-		Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-		subject.setNameID(subjectNameID);
-		
-		SubjectConfirmation subjectConfirmation = SAML2Utils
-				.createSAMLObject(SubjectConfirmation.class);
-		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
-		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
-
-		subject.getSubjectConfirmations().add(subjectConfirmation);
-
-		Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
-		AudienceRestriction audienceRestriction = SAML2Utils
-				.createSAMLObject(AudienceRestriction.class);
-		Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-		
-		audience.setAudienceURI(entityID);
-		audienceRestriction.getAudiences().add(audience);
-		conditions.setNotBefore(date);		
-		conditions.setNotOnOrAfter(isValidTo);
-				
-		conditions.getAudienceRestrictions().add(audienceRestriction);
-
-		assertion.setConditions(conditions);
-
-		Issuer issuerObj = SAML2Utils.createSAMLObject(Issuer.class);
-				
-		if (issuer.endsWith("/"))
-			issuer = issuer.substring(0, issuer.length()-1);
-		issuerObj.setValue(issuer);
-		issuerObj.setFormat(NameID.ENTITY);
-		
-		assertion.setIssuer(issuerObj);
-		assertion.setSubject(subject);
-		assertion.setID(SAML2Utils.getSecureIdentifier());
-		assertion.setIssueInstant(date);
-		
-		return assertion;		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
deleted file mode 100644
index 6ccacd6c8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
-	
-	private XMLObject buildAttributeStringValue(String value) {
-		XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
-		XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-		stringValue.setValue(value);
-		return stringValue;
-	}
-	
-	private XMLObject buildAttributeIntegerValue(int value) {
-		XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
-		XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
-		integerValue.setValue(value);
-		return integerValue;
-	}
-	
-	public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeStringValue(value));
-		return attribute;
-	}
-	
-	public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
-		return attribute;
-	}
-	
-	public Attribute buildEmptyAttribute(final String friendlyName, final String name) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		return attribute;
-	}
-
-	public Attribute buildLongAttribute(String friendlyName, String name, long value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value));
-		return attribute;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
index c0fb5bf5b..d4c94e5c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -32,11 +32,12 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -48,16 +49,18 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	private static final int VALIDUNTIL_IN_HOURS = 24;
 	
 	private String authURL;
-	private IDPCredentialProvider credentialProvider;
+	private AbstractCredentialProvider credentialProvider;
+	private PVPConfiguration pvpBasicConfiguration;
 	
-	public IDPPVPMetadataConfiguration(String authURL, IDPCredentialProvider credentialProvider) {
+	public IDPPVPMetadataConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials, PVPConfiguration pvpBasicConfiguration) {
 		this.authURL = authURL;
-		this.credentialProvider = credentialProvider;
+		this.credentialProvider = pvpIDPCredentials;
+		this.pvpBasicConfiguration = pvpBasicConfiguration;
 				
 	}
 	
 	public String getDefaultActionName() {
-		return (PVP2XProtocol.METADATA);
+		return (PVPConstants.METADATA);
 	}
 
 	/* (non-Javadoc)
@@ -98,7 +101,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public String getEntityID() {
 		try {
-			return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+			return pvpBasicConfiguration.getIDPSSOMetadataService(authURL);
 		
 		} catch (ConfigurationException e) {
 			Logger.error("Can not load Metadata entry: EntityID", e);
@@ -113,7 +116,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public String getEntityFriendlyName() {
 		try {
-			return PVPConfiguration.getInstance().getIDPIssuerName();
+			return pvpBasicConfiguration.getIDPIssuerName();
 			
 		} catch (ConfigurationException e) {
 			Logger.error("Can not load Metadata entry: EntityID friendlyName.", e);
@@ -129,7 +132,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpBasicConfiguration.getIDPContacts();
 			
 		} catch (ConfigurationException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
@@ -145,7 +148,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpBasicConfiguration.getIDPOrganisation();
 			
 		} catch (ConfigurationException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
deleted file mode 100644
index 814a2387d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.xml.security.credential.Credential;
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPAuthnRequestBuilderConfiguruation {
-
-	/**
-	 * Defines a unique name for this PVP Service-provider, which is used for logging
-	 * 
-	 * @return
-	 */
-	public String getSPNameForLogging();
-	
-	/**
-	 * If true, the SAML2 isPassive flag is set in the AuthnRequest
-	 * 
-	 * @return
-	 */
-	public Boolean isPassivRequest();
-
-	/**
-	 * Define the ID of the AssertionConsumerService, 
-	 * which defines the required attributes in service-provider metadata.
-	 * 
-	 * @return
-	 */
-	public Integer getAssertionConsumerServiceId();
-
-	/**
-	 * Define the SAML2 EntityID of the service provider.
-	 * 
-	 * @return
-	 */
-	public String getSPEntityID();
-
-	/**
-	 * Define the SAML2 NameIDPolicy
-	 * 
-	 * @return Service-Provider EntityID, but never null
-	 */
-	public String getNameIDPolicyFormat();
-
-	/**
-	 * Define the AuthnContextClassRefernece of this request
-	 * 
-	 * Example: 
-	 * 			http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 
-	 * 			http://www.stork.gov.eu/1.0/citizenQAALevel/4
-	 *          
-	 * 
-	 * @return
-	 */
-	public String getAuthnContextClassRef();
-
-	/**
-	 * Define the AuthnContextComparison model, which should be used
-	 * 
-	 * @return
-	 */
-	public AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
-	
-	
-	/**
-	 * Define the credential, which should be used to sign the AuthnRequest
-	 * 
-	 * @return
-	 */
-	public Credential getAuthnRequestSigningCredential();
-	
-	
-	/**
-	 * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest
-	 * 
-	 * @return Credential, but never null.
-	 */
-	public EntityDescriptor getIDPEntityDescriptor();
-
-	/**
-	 * Set the SAML2 NameIDPolicy allow-creation flag
-	 * 
-	 * @return EntityDescriptor, but never null.
-	 */
-	public boolean getNameIDPolicyAllowCreation();
-
-	
-	/**
-	 * Set the requested SubjectNameID
-	 * 
-	 * @return SubjectNameID, or null if no SubjectNameID should be used
-	 */
-	public String getSubjectNameID();
-
-	/**
-	 * Define the qualifier of the <code>SubjectNameID</code>
-	 * <br><br>
-	 * Like: 'urn:publicid:gv.at:cdid+BF'
-	 * 
-	 * @return qualifier, or null if no qualifier should be set
-	 */
-	public String getSubjectNameIDQualifier();
-	
-	/**
-	 * Define the format of the subjectNameID, which is included in authn-request
-	 * 
-	 * 
-	 * @return nameIDFormat, of SAML2 'transient' if nothing is defined
-	 */
-	public String getSubjectNameIDFormat();
-
-	/**
-	 * Define a SP specific SAML2 requestID
-	 * 
-	 * @return requestID, or null if the requestID should be generated automatically
-	 */
-	public String getRequestID();
-
-	/**
-	 * Defines the 'method' attribute in 'SubjectConformation' element 
-	 * 
-	 * @return method, or null if no method should set
-	 */
-	public String getSubjectConformationMethode();
-
-	/**
-	 * Define the information, which should be added as 'subjectConformationDate' 
-	 * in 'SubjectConformation' element 
-	 * 
-	 * @return subjectConformation information or null if no subjectConformation should be set
-	 */
-	public Element getSubjectConformationDate();
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
deleted file mode 100644
index 3a8404cae..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPMetadataBuilderConfiguration {
-
-	
-	/**
-	 * Defines a unique name for this PVP Service-provider, which is used for logging
-	 * 
-	 * @return
-	 */
-	public String getSPNameForLogging();
-	
-	/**
-	 * Set metadata valid area
-	 * 
-	 * @return valid until in hours [h]
-	 */
-	public int getMetadataValidUntil();
-	
-	/**
-	 * Build a SAML2 Entities element as metadata root element
-	 * 
-	 * @return true, if the metadata should start with entities element 
-	 */
-	public boolean buildEntitiesDescriptorAsRootElement();
-	
-	/**
-	 * 
-	 * 
-	 * @return true, if an IDP SSO-descriptor element should be generated 
-	 */
-	public boolean buildIDPSSODescriptor();
-	
-	/**
-	 * 
-	 * 
-	 * @return true, if an SP SSO-descriptor element should be generated 
-	 */
-	public boolean buildSPSSODescriptor();
-	
-	/**
-	 * Set the PVP entityID for this SAML2 metadata.
-	 * The entityID must be an URL and must be start with the public-URL prefix of the server
-	 * 
-	 * @return PVP entityID postfix as String
-	 */
-	public String getEntityID();
-	
-	/**
-	 * Set a friendlyName for this PVP entity
-	 * 
-	 * @return 
-	 */
-	public String getEntityFriendlyName();
-	
-	/**
-	 * Set the contact information for this metadata entity
-	 * 
-	 * @return
-	 */
-	public List<ContactPerson> getContactPersonInformation();
-	
-	/**
-	 * Set organisation information for this metadata entity
-	 * 
-	 * @return
-	 */
-	public Organization getOrgansiationInformation();
-	
-
-	/**
-	 * Set the credential for metadata signing
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the credential for request/response signing
-	 * IDP metadata: this credential is used for SAML2 response signing
-	 * SP metadata: this credential is used for SAML2 response signing
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the credential for response encryption
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the IDP Post-Binding URL for WebSSO 
-	 * 
-	 * @return
-	 */
-	public String getIDPWebSSOPostBindingURL();
-	
-	/**
-	 * Set the IDP Redirect-Binding URL for WebSSO 
-	 * 
-	 * @return
-	 */
-	public String getIDPWebSSORedirectBindingURL();
-	
-	/**
-	 * Set the IDP Post-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getIDPSLOPostBindingURL();
-	
-	/**
-	 * Set the IDP Redirect-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getIDPSLORedirectBindingURL();
-	
-	/**
-	 * Set the SP Post-Binding URL for for the Assertion-Consumer Service
-	 * 
-	 * @return
-	 */
-	public String getSPAssertionConsumerServicePostBindingURL();
-	
-	/**
-	 * Set the SP Redirect-Binding URL for the Assertion-Consumer Service 
-	 * 
-	 * @return
-	 */
-	public String getSPAssertionConsumerServiceRedirectBindingURL();
-	
-	/**
-	 * Set the SP Post-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLOPostBindingURL();
-	
-	/**
-	 * Set the SP Redirect-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLORedirectBindingURL();
-	
-	/**
-	 * Set the SP SOAP-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLOSOAPBindingURL();
-	
-	
-	/**
-	 * Set all SAML2 attributes which could be provided by this IDP
-	 * 
-	 * @return
-	 */
-	public List<Attribute> getIDPPossibleAttributes();
-	
-	/**
-	 * Set all nameID types which could be provided by this IDP
-	 * 
-	 * @return a List of SAML2 nameID types
-	 */
-	public List<String> getIDPPossibleNameITTypes();
-	
-	/**
-	 * Set all SAML2 attributes which are required by the SP
-	 * 
-	 * @return
-	 */
-	public List<RequestedAttribute> getSPRequiredAttributes();
-	
-	/**
-	 * Set all nameID types which allowed from the SP
-	 * 
-	 * @return a List of SAML2 nameID types
-	 */
-	public List<String> getSPAllowedNameITTypes();
-	
-	/**
-	 * Set the 'wantAssertionSigned' attribute in SP metadata
-	 * 
-	 * @return
-	 */
-	public boolean wantAssertionSigned();
-	
-	/**
-	 * Set the 'wantAuthnRequestSigned' attribute
-	 * 
-	 * @return
-	 */
-	public boolean wantAuthnRequestSigned();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
deleted file mode 100644
index b731e2a95..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder;
-import org.opensaml.xml.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultBootstrap extends DefaultBootstrap {
-
-    public static synchronized void bootstrap() throws ConfigurationException {
-
-        initializeXMLSecurity();
-
-        initializeXMLTooling();
-
-        initializeArtifactBuilderFactories();
-
-        initializeGlobalSecurityConfiguration();
-        
-        initializeParserPool();
-        
-        initializeESAPI();
-        
-    }
-  
-    public static void initializeDefaultPVPConfiguration() {
-    	initializeGlobalSecurityConfiguration();
-    	
-    }
-    
-    /**
-     * Initializes the default global security configuration.
-     */
-    protected static void initializeGlobalSecurityConfiguration() {
-        Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig());
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
deleted file mode 100644
index f878b95d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.security.BasicSecurityConfiguration;
-import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
-import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.SignatureConstants;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultSecurityConfigurationBootstrap extends
-		DefaultSecurityConfigurationBootstrap {
-	
-	public static BasicSecurityConfiguration buildDefaultConfig() {
-		BasicSecurityConfiguration config = new BasicSecurityConfiguration();
-
-		populateSignatureParams(config);
-		populateEncryptionParams(config);
-		populateKeyInfoCredentialResolverParams(config);
-		populateKeyInfoGeneratorManager(config);
-		populateKeyParams(config);
-
-		return config;
-	}
-
-	protected static void populateKeyInfoGeneratorManager(
-			BasicSecurityConfiguration config) {
-		NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
-		config.setKeyInfoGeneratorManager(namedManager);
-
-		namedManager.setUseDefaultManager(true);
-		KeyInfoGeneratorManager defaultManager = namedManager
-				.getDefaultManager();
-
-		BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
-		basicFactory.setEmitPublicKeyValue(true);
-
-		X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
-		x509Factory.setEmitEntityCertificate(true);
-
-		defaultManager.registerFactory(basicFactory);
-		defaultManager.registerFactory(x509Factory);
-	}
-	
-	protected static void populateSignatureParams(
-			BasicSecurityConfiguration config) {
-		
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("RSA",
-				SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-	
-		config.registerSignatureAlgorithmURI("DSA",
-				"http://www.w3.org/2000/09/xmldsig#dsa-sha1");
-		
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("EC",
-				SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("AES",
-				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-		
-		
-		config.registerSignatureAlgorithmURI("DESede",
-				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
-		config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
-		config.setSignatureHMACOutputLength(null);
-		
-		//use SHA256 instead of SHA1
-		config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
-	}
-
-	protected static void populateEncryptionParams(
-			BasicSecurityConfiguration config) {
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
-				"http://www.w3.org/2001/04/xmlenc#aes128-cbc");
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
-				"http://www.w3.org/2001/04/xmlenc#aes192-cbc");
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
-				"http://www.w3.org/2001/04/xmlenc#aes256-cbc");
-		
-		//support GCM mode
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
-		
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
-		
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
-		
-		
-		config.registerDataEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(168),
-				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-		config.registerDataEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(192),
-				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-
-		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
-				"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-		
-		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
-				"DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(128), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes128");
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(192), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes192");
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(256), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes256");
-		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(168), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(192), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-
-		config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
new file mode 100644
index 000000000..54940a9d3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataConfigurationFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+@Service("MOAPVPMetadataConfigurationFactory")
+public class MOAPVPMetadataConfigurationFactory implements IPVPMetadataConfigurationFactory {
+
+	@Autowired(required=true) PVPConfiguration pvpBasicConfiguration;
+	
+	@Override
+	public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL,
+			AbstractCredentialProvider pvpIDPCredentials) {
+			return new IDPPVPMetadataConfiguration(authURL, pvpIDPCredentials, pvpBasicConfiguration);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 81eca3765..5f39af7a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -22,9 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.config;
 
-import java.io.IOException;
 import java.net.URL;
-import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -43,29 +41,19 @@ import org.opensaml.saml2.metadata.OrganizationName;
 import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
-import iaik.x509.X509Certificate;
 
-public class PVPConfiguration {
+@Service("MOAPVP2Configuration")
+public class PVPConfiguration implements IPVP2BasicConfiguration {
 	
-	private static PVPConfiguration instance;
-
-	public static PVPConfiguration getInstance() {
-		if (instance == null) {
-			instance = new PVPConfiguration();
-		}
-		return instance;
-	}
-
 	public static final String PVP2_METADATA = 	"/pvp2/metadata";
 	public static final String PVP2_IDP_REDIRECT = 	"/pvp2/redirect";
 	public static final String PVP2_IDP_POST = 		"/pvp2/post";
@@ -90,22 +78,7 @@ public class PVPConfiguration {
 	public static final String IDP_CONTACT_PHONE = "phone";	
 	
 	private static String moaIDVersion = null;
-	
-	//PVP2 generalpvpconfigdb;
-	//Properties props;
-	//String rootDir = null;
-	
-	private PVPConfiguration() {
-//		 try {
-//			//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
-//			//props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig();
-//			//rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();				
-//						
-//		} catch (ConfigurationException e) {
-//			e.printStackTrace();
-//		}
-	}
-	
+		
 	public List<String> getIDPPublicPath() throws ConfigurationException {
 		List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
 		List<String> returnvalue = new ArrayList<String>();
@@ -144,6 +117,12 @@ public class PVPConfiguration {
 		return publicURLPrefix + PVP2_METADATA;
 	}
 	
+	@Override
+	public String getIDPEntityId(String authURL) throws ConfigurationException {
+		return getIDPSSOMetadataService(authURL);
+		
+	}
+	
 	public String getIDPIssuerName() throws ConfigurationException {
 		
 		if (moaIDVersion == null) {
@@ -153,47 +132,6 @@ public class PVPConfiguration {
 		return AuthConfigurationProviderFactory.getInstance().getConfigurationWithKey(
 				MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME) + moaIDVersion;
 	}
-	
-	public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
-				
-		try {
-			Logger.trace("Load metadata signing certificate for online application " + entityID);
-			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
-			if (oaParam == null) {
-				Logger.info("Online Application with ID " + entityID + " not found!");
-				return null;
-			}
-		
-			String pvp2MetadataCertificateString = 
-					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
-			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
-				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
-				return null;
-				
-			}	
-			
-			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
-			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
-			return cert;
-			
-		} catch (CertificateException e) {
-			Logger.warn("Metadata signer certificate is not parsed.", e);
-			return null;
-			
-		} catch (ConfigurationException e) {
-			Logger.error("Configuration is not accessable.", e);
-			return null;
-			
-		} catch (IOException e) {
-			Logger.warn("Metadata signer certificate is not decodeable.", e);
-			return null;
-			
-		} catch (EAAFConfigurationException e) {
-			Logger.error("Configuration is not accessable.", e);
-			return null;
-			
-		}
-	}
 
 	public List<ContactPerson> getIDPContacts() throws ConfigurationException {
 		List<ContactPerson> list = new ArrayList<ContactPerson>();
@@ -356,4 +294,5 @@ public class PVPConfiguration {
 		
 		
 	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
deleted file mode 100644
index 69ca4e8f5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionAttributeExtractorExeption extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6459000942830951492L;
-
-	public AssertionAttributeExtractorExeption(String attributeName) {
-		super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName 
-				+ " can not extract.", null);
-	}
-	
-	public AssertionAttributeExtractorExeption(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public AssertionAttributeExtractorExeption() {
-		super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null); 
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
deleted file mode 100644
index 1e029f567..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionValidationExeption extends PVP2Exception {
-
-	private static final long serialVersionUID = -3987805399122286259L;
-
-	public AssertionValidationExeption(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	/**
-	 * @param string
-	 * @param object
-	 * @param e
-	 */
-	public AssertionValidationExeption(String string, Object[] parameters,
-			Throwable e) {
-		super(string, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
deleted file mode 100644
index 9008a7183..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AttributQueryException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4302422507173728748L;
-
-	public AttributQueryException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
deleted file mode 100644
index eebaf6c9e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestBuildException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -1375451065455859354L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnRequestBuildException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public AuthnRequestBuildException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
deleted file mode 100644
index 957f9af1d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnResponseValidationException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 8023812861029406575L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnResponseValidationException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	public AuthnResponseValidationException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
deleted file mode 100644
index 9f4c7fed3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class BindingNotSupportedException extends PVP2Exception {
-
-	public BindingNotSupportedException(String binding) {
-		super("pvp2.11", new Object[] {binding});
-		this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -7227603941387879360L;
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
deleted file mode 100644
index 392569366..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionConsumerServiceException extends PVP2Exception {
-
-	public InvalidAssertionConsumerServiceException(int idx) {
-		super("pvp2.00", new Object[]{idx});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	public InvalidAssertionConsumerServiceException(String wrongURL) {
-		super("pvp2.23", new Object[]{wrongURL});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-		
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7861790149343943091L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
deleted file mode 100644
index b49070bd6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionEncryptionException extends PVP2Exception {
-
-	private static final long serialVersionUID = 6513388841485355549L;
-
-	public InvalidAssertionEncryptionException() {
-		super("pvp2.16", new Object[]{});
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
deleted file mode 100644
index 252539bf5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidDateFormatException extends PVP2Exception {
-
-	public InvalidDateFormatException() {
-		super("pvp2.02", null);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6867976890237846085L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
index 15a0ccf72..0e48dfbd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class MandateAttributesNotHandleAbleException extends PVP2Exception {
 
 	public MandateAttributesNotHandleAbleException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
index 204e1c2a5..94e1874a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
deleted file mode 100644
index c82e6bdf1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-
-public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
-
-	public NameIDFormatNotSupportedException(String nameIDFormat) {
-		super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
-		statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
-
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -2270762519437873336L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
index 333ef9765..58c2a032d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class NoCredentialsException extends PVP2Exception {
 
 	public static final String MOA_IDP_TARGET = "MOA-ID";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
index ce80ac5cb..821813b69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -22,6 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class NoMandateDataAvailableException  extends PVP2Exception {
 
 	public NoMandateDataAvailableException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
deleted file mode 100644
index 50a1af6ad..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class NoMetadataInformationException extends PVP2Exception {
-
-	public NoMetadataInformationException() {
-		super("pvp2.15", null);
-		this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4608068445208032193L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
deleted file mode 100644
index 00fb97151..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public abstract class PVP2Exception extends MOAIDException {
-
-	protected String statusCodeValue = StatusCode.RESPONDER_URI;
-	protected String statusMessageValue = null;
-	
-	public PVP2Exception(String messageId, Object[] parameters,
-			Throwable wrapped) {
-		super(messageId, parameters, wrapped);
-		this.statusMessageValue = this.getMessage();
-	}
-
-	public PVP2Exception(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		this.statusMessageValue = this.getMessage();
-	}
-	
-	
-	public String getStatusCodeValue() {
-		return (this.statusCodeValue);
-	}
-	
-	public String getStatusMessageValue() {
-		return (this.statusMessageValue);
-	}
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7669537952484421069L;
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
deleted file mode 100644
index 63f42cbe5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotAllowedException extends PVP2Exception {
-
-	public QAANotAllowedException(String qaa_auth, String qaa_request) {
-		super("pvp2.17", new Object[] {qaa_auth, qaa_request});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
deleted file mode 100644
index fdf1063c0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotSupportedException extends PVP2Exception {
-
-	public QAANotSupportedException(String qaa) {
-		super("pvp2.05", new Object[] {qaa});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
deleted file mode 100644
index 8f12f3cce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class RequestDeniedException extends PVP2Exception {
-
-	public RequestDeniedException() {
-		super("pvp2.14", null);
-		this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 4415896615794730553L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
deleted file mode 100644
index fe921f8b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class ResponderErrorException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -425416760138285446L;
-
-	public ResponderErrorException(String messageId, Object[] parameters,
-			Throwable wrapped) {
-		super(messageId, parameters, wrapped);
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-	
-	public ResponderErrorException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
deleted file mode 100644
index 65def4602..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class SAMLRequestNotSignedException extends PVP2Exception {
-
-	public SAMLRequestNotSignedException() {
-		super("pvp2.07", null);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-	
-	public SAMLRequestNotSignedException(Throwable e) {
-		super("pvp2.07", null, e);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
deleted file mode 100644
index 8a386c951..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class SAMLRequestNotSupported extends PVP2Exception {
-
-	public SAMLRequestNotSupported() {
-		super("pvp2.09", null);
-		this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1244883178458802767L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
deleted file mode 100644
index 9f1b6168e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SLOException extends PVP2Exception {
-	private static final long serialVersionUID = -5284624715788385022L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SLOException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		// TODO Auto-generated constructor stub
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
deleted file mode 100644
index fc4ed1f28..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SchemaValidationException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SchemaValidationException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
deleted file mode 100644
index a8bfe1070..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class UnprovideableAttributeException extends PVP2Exception {
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 3972197758163647157L;
-
-	public UnprovideableAttributeException(String attributeName) {
-		super("pvp2.10", new Object[] {attributeName});
-		this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
deleted file mode 100644
index 8da5edeed..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends FilterException {
-
-	/**
-	 * @param string
-	 */
-	public SchemaValidationException(String string) {
-		super(string);
-		
-	}
-
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
deleted file mode 100644
index 86a6a777b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SignatureValidationException extends FilterException {
-
-	/**
-	 * @param string
-	 */
-	public SignatureValidationException(String string) {
-		super(string);
-		
-	}
-
-	/**
-	 * @param e
-	 */
-	public SignatureValidationException(Exception e) {
-		super(e);
-	}
-
-	/**
-	 * @param string
-	 * @param object
-	 */
-	public SignatureValidationException(String string, Exception e) {
-		super(string, e);
-	}
-
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
deleted file mode 100644
index 5ae76ed96..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
+++ /dev/null
@@ -1,851 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
-<!-- MOA-ID 2.x BKUSelection Layout CSS -->
-<style type="text/css">
-@media screen and (min-width: 650px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		background-color: #fff;
-		text-align: center;
-		background-color: #6B7B8B;
-	}
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		/*border-radius: 5px;*/
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*border-radius: 7px;*/
-		margin-bottom: 25px;
-		min-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 0.85em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-	}
-	#page {
-		display: block;
-		border: 2px solid rgb(0, 0, 0);
-		width: 650px;
-		height: 440px;
-		margin: 0 auto;
-		margin-top: 5%;
-		position: relative;
-		border-radius: 25px;
-		background: rgb(255, 255, 255);
-	}
-	#page1 {
-		text-align: center;
-	}
-	#main {
-		/*	clear:both; */
-		position: relative;
-		margin: 0 auto;
-		width: 250px;
-		text-align: center;
-	}
-	.OA_header {
-		/*	  background-color: white;*/
-		font-size: 20pt;
-		margin-bottom: 25px;
-		margin-top: 25px;
-	}
-	#leftcontent {
-		/*float:left; */
-		width: 250px;
-		margin-bottom: 25px;
-		text-align: left;
-		border: 1px solid rgb(0, 0, 0);
-	}
-	#selectArea {
-		font-size: 15px;
-		padding-bottom: 65px;
-	}
-	#leftcontent {
-		width: 300px;
-		margin-top: 30px;
-	}
-	#bku_header {
-		height: 5%;
-		padding-bottom: 3px;
-		padding-top: 3px;
-	}
-	#bkulogin {
-		overflow: hidden;
-		min-width: 190px;
-		min-height: 180px;
-		/*height: 260px;*/
-	}
-	h2#tabheader {
-		font-size: 1.1em;
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 100px;
-		height: 30px
-	}
-	#leftbutton {
-		width: 30%;
-		float: left;
-		margin-left: 40px;
-	}
-	#rightbutton {
-		width: 30%;
-		float: right;
-		margin-right: 45px;
-		text-align: right;
-	}
-	button {
-		height: 25px;
-		width: 75px;
-		margin-bottom: 10px;
-	}
-	#validation {
-		position: absolute;
-		bottom: 0px;
-		margin-left: 270px;
-		padding-bottom: 10px;
-	}
-}
-
-@media screen and (max-width: 205px) {
-	#localBKU p {
-		font-size: 0.6em;
-	}
-	#localBKU input {
-		font-size: 0.6em;
-		min-width: 60px;
-		/* max-width: 65px; */
-		min-height: 1.0em;
-		/* border-radius: 5px; */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.7em;
-		min-width: 55px;
-		/*min-height: 1.1em;
-          border-radius: 5px;*/
-		margin-bottom: 2%
-	}
-	#mandateLogin {
-		font-size: 0.65em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-		margin-top: -0.4em;
-		padding-top: 0.4em;
-	}
-	#bkulogin {
-		min-height: 150px;
-	}
-}
-
-@media screen and (max-width: 249px) and (min-width: 206px) {
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		min-width: 70px;
-		/*    max-width: 75px;    */
-		min-height: 0.95em;
-		/*  border-radius: 6px;    */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.75em;
-		min-width: 60px;
-		/*    min-height: 0.95em;
-          border-radius: 6px;    */
-		margin-bottom: 5%
-	}
-	#mandateLogin {
-		font-size: 0.75em;
-	}
-	#bku_header h2 {
-		font-size: 0.9em;
-		margin-top: -0.45em;
-		padding-top: 0.45em;
-	}
-	#bkulogin {
-		min-height: 180px;
-	}
-}
-
-@media screen and (max-width: 299px) and (min-width: 250px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*    max-width: 75px;      */
-		/*    border-radius: 6px;  */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*     min-height: 1.05em;
-          border-radius: 7px;        */
-		margin-bottom: 10%;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.0em;
-		margin-top: -0.50em;
-		padding-top: 0.50em;
-	}
-}
-
-@media screen and (max-width: 399px) and (min-width: 300px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 75px;     */
-		/*    border-radius: 6px;       */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.9em;
-		/*       min-height: 1.2em;
-          border-radius: 8px;          */
-		margin-bottom: 10%;
-		max-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.1em;
-		margin-top: -0.55em;
-		padding-top: 0.55em;
-	}
-}
-
-@media screen and (max-width: 649px) and (min-width: 400px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 80px;       */
-		/*     border-radius: 6px;          */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 1.0em;
-		/*      min-height: 1.3em;
-         border-radius: 10px;         */
-		margin-bottom: 10%;
-		max-width: 85px;
-	}
-	#mandateLogin {
-		font-size: 1.2em;
-	}
-	#bku_header h2 {
-		font-size: 1.3em;
-		margin-top: -0.65em;
-		padding-top: 0.65em;
-	}
-}
-
-@media screen and (max-width: 649px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		text-align: center;
-		font-size: 100%;
-		background-color: #MAIN_BACKGOUNDCOLOR#;
-	}
-	#page {
-		visibility: hidden;
-		margin-top: 0%;
-	}
-	#page1 {
-		visibility: hidden;
-	}
-	#main {
-		visibility: hidden;
-	}
-	#validation {
-		visibility: hidden;
-		display: none;
-	}
-	.OA_header {
-		margin-bottom: 0px;
-		margin-top: 0px;
-		font-size: 0pt;
-		visibility: hidden;
-	}
-	#leftcontent {
-		visibility: visible;
-		margin-bottom: 0px;
-		text-align: left;
-		border: none;
-		vertical-align: middle;
-		min-height: 173px;
-		min-width: 204px;
-	}
-	#bku_header {
-		height: 10%;
-		min-height: 1.2em;
-		margin-top: 1%;
-	}
-	h2#tabheader {
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-		top: 50%;
-	}
-	#bkulogin {
-		min-width: 190px;
-		min-height: 155px;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 70px;
-		height: 25px;
-	}
-	input[type=button] {
-		/*          height: 11%;  */
-		width: 70%;
-	}
-}
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        				
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-          top: 50%;
-			  }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 155px;	
-			 }
-        
-			 .setAssertionButton_full {
-			     	background: #efefef;
-				    cursor: pointer;
-				    margin-top: 15px;
-			      width: 70px;
-			      height: 25px;
-			 }
-       
-        input[type=button] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-      #mandateLogin {
-        padding-bottom: 4%;
-        padding-top: 4%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-left: 5%;
-        padding-right: 2%;
-        padding-bottom: 4%;
-        padding-top: 4%;
-        position: relative;
-        clear: both;        
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-      
-/*		input[type=button], .sendButton {
-				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/
-input {
-	/*border:1px solid #000;*/
-	cursor: pointer;
-}
-
-#localBKU input {
-	/*        color: #BUTTON_COLOR#;  */
-	border: 0px;
-	display: inline-block;
-}
-
-#localBKU input:hover,#localBKU input:focus,#localBKU input:active {
-	text-decoration: underline;
-}
-
-#installJava,#BrowserNOK {
-	clear: both;
-	font-size: 0.8em;
-	padding: 4px;
-}
-
-.selectText {
-	
-}
-
-.selectTextHeader {
-	
-}
-
-.sendButton {
-	width: 30%;
-	margin-bottom: 1%;
-}
-
-#leftcontent a {
-	text-decoration: none;
-	color: #000;
-	/*	display:block;*/
-	padding: 4px;
-}
-
-#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active {
-	text-decoration: underline;
-	color: #000;
-}
-
-.infobutton {
-	background-color: #005a00;
-	color: white;
-	font-family: serif;
-	text-decoration: none;
-	padding-top: 2px;
-	padding-right: 4px;
-	padding-bottom: 2px;
-	padding-left: 4px;
-	font-weight: bold;
-}
-
-.hell {
-	background-color: #MAIN_BACKGOUNDCOLOR#;
-	color: #MAIN_COLOR#;
-}
-
-.dunkel {
-	background-color: #HEADER_BACKGROUNDCOLOR#;
-	color: #HEADER_COLOR#;
-}
-
-.main_header {
-	color: black;
-	font-size: 32pt;
-	position: absolute;
-	right: 10%;
-	top: 40px;
-}
-</style>
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
-		function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="block";
-			return;
-		}
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-			document.getElementById("localBKU").style.display="block";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-      var width = el.clientWidth;
-      var heigth = el.clientHeight - 20;
-			var parent = el.parentNode;
-            
-      iFrameURL += "&heigth=" + heigth;
-      iFrameURL += "&width=" + width;
-      
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", el.clientWidth - 1);
-			iframe.setAttribute("height", el.clientHeight - 1);
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-			parent.replaceChild(iframe, el);
-		}
-		function setMandateSelection() {
-			document.getElementById("moaidform").action = "#AUTH_URL#";
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		function onChangeChecks() {
-      if (top.innerWidth < 650) {
-         document.getElementById("moaidform").setAttribute("target","_parent");
-      } else {
-         document.getElementById("moaidform").removeAttribute("target");
-      }
-      
-    }
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		} */
-		
-/* 		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
-	</script>
-<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
-</head>
-<body onload="onChangeChecks();" onresize="onChangeChecks();">
-	<div id="page">
-		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
-			<div id="main">
-				<div id="leftcontent" class="hell" role="application">
-					<div id="bku_header" class="dunkel">
-						<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
-					</div>
-					<div id="bkulogin" class="hell" role="form">
-						<div id="mandateLogin" style="">
-							<div>
-								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox"
-									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
-								<label for="mandateCheckBox" class="verticalcenter">in
-									Vertretung anmelden</label>
-								<!--a      href="info_mandates.html" 
-                        target="_blank"
-                        class="infobutton verticalcenter" 
-                        tabindex="5">i</a-->
-							</div>
-						</div>
-						<div id="bkuselectionarea">
-							<div id="bkukarte">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
-									alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
-									onClick="bkuOnlineClicked();" tabindex="2" role="button"
-									value="Karte" />
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
-									alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
-									onClick="bkuHandyClicked();" tabindex="3" role="button"
-									value="HANDY" />
-							</div>
-						</div>
-						<div id="localBKU">
-							<form method="get" id="moaidform" action="#AUTH_URL#"
-								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="CCC" id="ccc"> <input type="hidden"
-									name="MODUL" value="#MODUL#"> <input type="hidden"
-									name="ACTION" value="#ACTION#"> <input type="hidden"
-									name="MOASessionID" value="#SESSIONID#"> <input
-									type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
-									role="button" class="hell">
-								<!--p>
-                    <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>								                                  
-                  </p-->								                                  
-                </form>								                                                          
-              </div>
-              <div id="stork" align="center" style="#STORKVISIBLE#">
-                <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
-                <p>
-                  <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-                    <option value="BE">Belgi&euml;/Belgique</option>
-                    <option value="EE">Eesti</option>
-                    <option value="ES">Espa&ntilde;a</option>
-                    <option value="IS">&Iacute;sland</option>
-                    <option value="IT">Italia</option>
-                    <option value="LI">Liechtenstein</option>
-                    <option value="LT">Lithuania</option>
-                    <option value="PT">Portugal</option>
-                    <option value="SI">Slovenija</option>
-                    <option value="FI">Suomi</option>
-                    <option value="SE">Sverige</option>
-                  </select>
-                  <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
-                  <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
-                </p>
-              </div>
-
-						<div id="metroDetected" style="display: none">
-							<p>Anscheinend verwenden Sie Internet Explorer im
-								Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
-								Optionen um die Karten-Anmeldung starten zu können.</p>
-						</div>
-					</div>
-				</div>
-			</div>
-		</div>
-		<div id="validation">
-			<a href="http://validator.w3.org/check?uri="> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
-			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
-				alt="CSS ist valide!" />
-			</a>
-		</div>
-	</div>
-</body>
-</html>
-\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
deleted file mode 100644
index 8c8345bbf..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class InboundMessage implements InboundMessageInterface, Serializable{
-
-	private static final long serialVersionUID = 2395131650841669663L;
-	
-	private Element samlMessage = null;
-	private boolean verified = false;
-	private String entityID = null;
-	private String relayState = null;
-	
-	
-	public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException {
-		try {
-			if (metadataProvider == null)
-				throw new NullPointerException("No PVP MetadataProvider found.");
-			
-			return metadataProvider.getEntityDescriptor(this.entityID);
-			
-		} catch (MetadataProviderException e) {
-			Logger.warn("No Metadata for EntitiyID " + entityID);
-			throw new NoMetadataInformationException();
-		}			
-	}
-	
-	/**
-	 * @param entitiyID the entitiyID to set
-	 */
-	public void setEntityID(String entitiyID) {
-		this.entityID = entitiyID;
-	}
-	
-	public void setVerified(boolean verified) {
-		this.verified = verified;
-	}
-		
-	/**
-	 * @param relayState the relayState to set
-	 */
-	public void setRelayState(String relayState) {
-		this.relayState = relayState;
-	}
-	
-	public void setSAMLMessage(Element msg) {
-		this.samlMessage = msg;
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
-	 */
-	@Override
-	public String getRelayState() {
-		return relayState;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
-	 */
-	@Override
-	public String getEntityID() {
-		return entityID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
-	 */
-	@Override
-	public boolean isVerified() {
-		return verified;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
-	 */
-	@Override
-	public Element getInboundMessage() {
-		return samlMessage;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
deleted file mode 100644
index 60a6f069a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface InboundMessageInterface {
-	
-	public String getRelayState();
-	public String getEntityID();
-	public boolean isVerified();
-	public Element getInboundMessage();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
deleted file mode 100644
index 7679e74a6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.signature.SignableXMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOARequest extends InboundMessage{
-	
-	private static final long serialVersionUID = 8613921176727607896L;
-
-	private String binding = null;
-	
-	public MOARequest(SignableXMLObject inboundMessage, String binding) {
-		setSAMLMessage(inboundMessage.getDOM());
-		this.binding = binding;
-		
-	}
-	
-	public String getRequestBinding() {
-		return binding;
-	}
-	
-	public SignableXMLObject getSamlRequest() {
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-		
-		try {
-			return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnRequest Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
deleted file mode 100644
index f2512b122..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAResponse extends InboundMessage {
-		
-	private static final long serialVersionUID = -1133012928130138501L;
-
-	public MOAResponse(StatusResponseType response) {
-		setSAMLMessage(response.getDOM());
-	}
-
-	public StatusResponseType getResponse() {		
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-		
-		try {
-			return (StatusResponseType) unmashaller.unmarshall(getInboundMessage());
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnResponse Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
deleted file mode 100644
index 3da4dc18a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-/**
- * @author tlenz
- *
- */
-public interface IMOARefreshableMetadataProvider {
-
-	/**
-	 * Refresh a entity or load a entity in a metadata provider 
-	 * 
-	 * @param entityID
-	 * @return true, if refresh is success, otherwise false
-	 */
-	public boolean refreshMetadataProvider(String entityID);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 7d43732a6..1fa17c683 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -23,401 +23,91 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
 import java.io.IOException;
+import java.net.MalformedURLException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.Timer;
 
-import javax.xml.namespace.QName;
-
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.provider.BaseMetadataProvider;
-import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
-import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataSignatureFilter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service("PVPMetadataProvider")
-public class MOAMetadataProvider extends SimpleMOAMetadataProvider
-	implements ObservableMetadataProvider, IGarbageCollectorProcessing, 
-	IMOARefreshableMetadataProvider, IDestroyableObject {
+public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
 
-	//private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800;  //7 days   
-	
-//	private static MOAMetadataProvider instance = null;
-	MetadataProvider internalProvider = null;
-	private Timer timer = null; 
-	private static Object mutex = new Object();
-	//private Map<String, Date> lastAccess = null;
-	
-	
-	public MOAMetadataProvider() {
-		internalProvider = new ChainingMetadataProvider();	
-		//lastAccess = new HashMap<String, Date>();
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
 		
-	}
-	
-//	public static MOAMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAMetadataProvider();
-//					
-//					//add this to MOA garbage collector
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//										
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
-	 */
 	@Override
-	public void runGarbageCollector() {
-		synchronized (mutex) {
-			
-			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-			try {
-				Logger.trace("Check consistence of PVP2X metadata");	
-				addAndRemoveMetadataProvider();
-					
-			} catch (ConfigurationException | EAAFConfigurationException e) {
-				Logger.error("Access to MOA-ID configuration FAILED.", e);
-					
-			}
-		}
+	protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
+		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		if (oaParam != null)
+			return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 		
-	}
-	
-	
-//	private static void reInitialize() {
-//		synchronized (mutex) {
-//			
-//			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-//			if (instance != null)
-//				try {
-//					Logger.trace("Check consistence of PVP2X metadata");	
-//					instance.addAndRemoveMetadataProvider();
-//					
-//				} catch (ConfigurationException e) {
-//					Logger.error("Access to MOA-ID configuration FAILED.", e);
-//					
-//				}
-//			else
-//				Logger.info("MOAMetadataProvider is not loaded.");
-//		}
-//	}
-	
-	public void fullyDestroy() {
-		internalDestroy();
+		else {		
+			Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+			return null;
 			
+		}
+							
 	}
 	
-
-
 	@Override
-	public synchronized boolean refreshMetadataProvider(String entityID) {
-		try {			
-			//check if metadata provider is already loaded
-			try {
-				if (internalProvider.getEntityDescriptor(entityID) != null)
-					return true;
-				
-			} catch (MetadataProviderException e) {}
-			
+	protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException {
+		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		if (oaParam != null) {
+			String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);		
+			String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+			if (MiscUtil.isNotEmpty(certBase64)) {
+				byte[] cert = Base64Utils.decode(certBase64, false);
+				String oaFriendlyName = oaParam.getUniqueIdentifier();
+														
+				return createNewSimpleMetadataProvider(metadataURL, 								 
+						buildMetadataFilterChain(oaParam, metadataURL, cert), 
+						oaFriendlyName,
+						getTimer(),
+						new BasicParserPool(),
+						createHttpClient(metadataURL));
 			
-			//reload metadata provider 
-			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
-			if (oaParam != null) {
-				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-				if (MiscUtil.isNotEmpty(metadataURL)) {
-					Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
-
-					// check if MetadataProvider is actually loaded
-					if (actuallyLoadedProviders.containsKey(metadataURL)) {
-						actuallyLoadedProviders.get(metadataURL).refresh();						
-						Logger.info("PVP2X metadata for onlineApplication: " 
-								+ entityID + " is refreshed.");
-						return true;
-						
-					} else {
-						//load new Metadata Provider
-						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-						if (MiscUtil.isNotEmpty(certBase64)) {
-						byte[] cert = Base64Utils.decode(certBase64, false);
-						String oaFriendlyName = oaParam.getUniqueIdentifier();
-					
-						if (timer == null)
-							timer = new Timer(true);
-						
-						ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
-						MetadataProvider newMetadataProvider = createNewMoaMetadataProvider(metadataURL, 								 
-								buildMetadataFilterChain(oaParam, metadataURL, cert), 
-								oaFriendlyName,
-								timer,
-								new BasicParserPool());
-						
-						chainProvider.addMetadataProvider(newMetadataProvider);
-						
-						emitChangeEvent();
-						
-						Logger.info("PVP2X metadata for onlineApplication: " 
-								+ entityID + " is added.");
-						return true;
-						
-						} else
-							Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID);
-						
-					}
-															
-				} else
-					Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID);
-								
 			} else
-				Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID);
-				
-						
-		} catch (MetadataProviderException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (CertificateException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
+				Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityId);
 			
-		} catch (ConfigurationException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (EAAFConfigurationException e) {			
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-		}
-		
-		return false;
-		
-	}
-	
-	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
-		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
-		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-		
-		//make a Map of all actually loaded HTTPMetadataProvider
-		List<MetadataProvider> providers = chainProvider.getProviders();
-		for (MetadataProvider provider : providers) {
-			if (provider instanceof HTTPMetadataProvider) {
-				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
-
-			}
 		}
 		
-		return loadedproviders;		
-	}
-	
-	
-	private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
-		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Reload MOAMetaDataProvider.");
-			
-			/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
-			 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ 
-			Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-			
-			//get all actually loaded metadata providers
-			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+		Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+		return null;			
 						
-			/* TODO: maybe add metadata provider destroy after timeout.
-			 *       But could be a problem if one Metadataprovider load an EntitiesDescriptor 
-			 *       with more the multiple EntityDescriptors. If one of this EntityDesciptors 
-			 *       are expired the full EntitiesDescriptor is removed. 
-			 *       
-			 *       Timeout requires a better solution in this case! 
-			 */
-//			Date now = new Date();
-//			Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
-//			Logger.debug("Starting PVP Metadata garbag collection (Expioredate:" 
-//					+ expioredate + ")");
-									
-			//load all PVP2 OAs form ConfigurationDatabase and 
-			//compare actually loaded Providers with configured PVP2 OAs
-			Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
-					MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
-					+ ".%." 
-					+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
-			
-			if (allOAs != null) {
-				Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
-				while (oaInterator.hasNext()) {
-					Entry<String, String> oaKeyPair = oaInterator.next();
-					
-					ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
-					if (oaParam != null) {
-						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-						
-						HTTPMetadataProvider httpProvider = null;				
-						try {
-							if (MiscUtil.isNotEmpty(metadataurl)) {						
-								if (loadedproviders.containsKey(metadataurl)) {									
-									//	PVP2 OA is actually loaded, to nothing
-									providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
-									loadedproviders.remove(metadataurl);
-							
-							
-									//INFO: load metadata dynamically if they are requested 
-//								} else if ( MiscUtil.isNotEmpty(metadataurl) &&
-//										!providersinuse.containsKey(metadataurl) ) {
-//									//PVP2 OA is new, add it to MOAMetadataProvider
-//									String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-//									if (MiscUtil.isNotEmpty(certBase64)) {
-//										byte[] cert = Base64Utils.decode(certBase64, false);
-//										String oaFriendlyName = oaParam.getFriendlyName();
-//									
-//									
-//										Logger.info("Loading metadata for: " + oaFriendlyName);
-//										httpProvider = createNewHTTPMetaDataProvider(
-//												metadataurl, 												
-//												buildMetadataFilterChain(oaParam, metadataurl, cert),
-//												oaFriendlyName);
-//							
-//										if (httpProvider != null)
-//											providersinuse.put(metadataurl, httpProvider);
-//									}
-						
-								}
-							}
-						} catch (Throwable e) {
-							Logger.error(
-							"Failed to add Metadata (unhandled reason: "
-									+ e.getMessage(), e);
-					
-							if (httpProvider != null) {
-								Logger.debug("Destroy failed Metadata provider");
-								httpProvider.destroy();
-							}
-					
-						}	
-					}
-				}
-			}
-			
-			//remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
-			Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
-			for (HTTPMetadataProvider provider : notusedproviders) {
-				String metadataurl = provider.getMetadataURI();
-				
-				try {
-					
-					provider.destroy();
-					
-					/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
-					 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
-					//chainProvider.removeMetadataProvider(provider);
-					
-					Logger.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
-					
-				} catch (Throwable e) {
-					Logger.error("HTTPMetadataProvider with URL " + metadataurl 
-							+ " can not be removed from the list of actually loaded Providers.", e);
-					
-				}
-				
-			}
-			
-			try {
-				chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
-				
-				emitChangeEvent();
-								
-			} catch (MetadataProviderException e) {
-				Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-				
-			}
-			
-			
-			
-		} else {
-			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
-		}
-		
 	}
 	
-	
-	public void internalDestroy() {
-		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Destrorying PVP-Authentication MetaDataProvider.");
-			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;				
-			
-			List<MetadataProvider> providers = chainProvider.getProviders();
-			for (MetadataProvider provider : providers) {
-				if (provider instanceof HTTPMetadataProvider) {
-					HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-					Logger.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
-					httpprovider.destroy();
-					
-				} else {
-					Logger.warn("MetadataProvider can not be destroyed.");
-				}
-			}
-				
-			internalProvider = new ChainingMetadataProvider();
-			
-			if (timer != null)
-				timer.cancel();
-			
-		} else {
-			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
-		}
-	}
-	
-	@Deprecated
-	/**
-	 * Load all PVP metadata from OA configuration
-	 * 
-	 * This method is deprecated because OA metadata should be loaded dynamically 
-	 * if the corresponding OA is requested.
-	 */
-	private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
-		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-		Logger.info("Loading metadata");		
-		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-		Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
+	@Override
+	protected List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException {
+		List<String> metadataURLs = new ArrayList<String>();
+		
+		Map<String, String> allOAs = moaAuthConfig.getConfigurationWithWildCard(
 				MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
 				+ ".%." 
 				+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
@@ -430,71 +120,56 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 				if (oaParam != null) {
 					String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-					String oaFriendlyName = oaParam.getUniqueIdentifier();
-					MetadataProvider httpProvider = null;
-			
-					try {
-						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-						if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
-							byte[] cert = Base64Utils.decode(certBase64, false);
-							
-							
-							if (timer == null)
-								timer = new Timer(true);
-							
-							Logger.info("Loading metadata for: " + oaFriendlyName);					
-							if (!providersinuse.containsKey(metadataurl)) {					
-								httpProvider = createNewMoaMetadataProvider(
-										metadataurl, 
-										buildMetadataFilterChain(oaParam, metadataurl, cert),
-										oaFriendlyName,
-										timer,
-										new BasicParserPool());
+					if (MiscUtil.isNotEmpty(metadataurl))
+						metadataURLs.add(metadataurl);
+					else
+						Logger.trace("OA: " + oaParam.getUniqueIdentifier() + " has NO PVP2 metadata URL");
 					
-								if (httpProvider != null)
-									providersinuse.put(metadataurl, httpProvider);
-						
-							} else {
-								Logger.info(metadataurl + " are already added.");
-							}
-					
-						} else {
-							Logger.info(oaFriendlyName
-									+ " is not a PVP2 Application skipping");
-						}
-					} catch (Throwable e) {
-						Logger.error(
-								"Failed to add Metadata (unhandled reason: "
-										+ e.getMessage(), e);
-				
-						if (httpProvider != null && httpProvider instanceof BaseMetadataProvider) {
-							Logger.debug("Destroy failed Metadata provider");
-							((BaseMetadataProvider)httpProvider).destroy();
-							
-						}
-					}			
-				}
+				} else
+					Logger.warn("Something is suspect! OA is in Set of OAs, but no specific OA configuration is found.");
 			}
 			
-		} else 
-			Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
-				
-		try {
-			chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+		} else
+			Logger.debug("No OA configuration found.");
+														
+		return metadataURLs;
+	}
 			
-		} catch (MetadataProviderException e) {
-			Logger.error(
-					"Failed to add Metadata (unhandled reason: "
-							+ e.getMessage(), e);
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
 		}
 		
-		internalProvider = chainProvider;
+		return httpClient;
 				
 	}
-		
-	private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
-		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
-		filterChain.getFilters().add(new SchemaValidationFilter());
+	
+	private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException{
+		MetadataFilterChain filterChain = new MetadataFilterChain();		
+		filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive()));
+		filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate));
 		filterChain.getFilters().add(
 				new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
 						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
@@ -511,116 +186,4 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 		return filterChain;		
 	}
 		
-	public boolean requireValidMetadata() {
-		return internalProvider.requireValidMetadata();
-	}
-
-	public void setRequireValidMetadata(boolean requireValidMetadata) {
-		internalProvider.setRequireValidMetadata(requireValidMetadata);
-	}
-
-	public MetadataFilter getMetadataFilter() {
-		return internalProvider.getMetadataFilter();
-	}
-
-	public void setMetadataFilter(MetadataFilter newFilter)
-			throws MetadataProviderException {
-		internalProvider.setMetadataFilter(newFilter);
-	}
-
-	public XMLObject getMetadata() throws MetadataProviderException {
-		return internalProvider.getMetadata();
-	}
-
-	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
-			throws MetadataProviderException {
-		EntitiesDescriptor entitiesDesc = null;
-		try {
-			entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
-		
-			if (entitiesDesc == null) {
-				Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
-						+ " Start refreshing process ...");
-				if (refreshMetadataProvider(entitiesID))
-					return internalProvider.getEntitiesDescriptor(entitiesID);
-									
-			}			
-			
-		} catch (MetadataProviderException e) {
-			Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
-					+ " Start refreshing process ...");
-			if (refreshMetadataProvider(entitiesID))
-				return internalProvider.getEntitiesDescriptor(entitiesID);
-			
-		}	
-		
-		return entitiesDesc;
-	}
-
-	public EntityDescriptor getEntityDescriptor(String entityID)
-			throws MetadataProviderException {
-		EntityDescriptor entityDesc = null;
-		try {
-			entityDesc = internalProvider.getEntityDescriptor(entityID);
-			if (entityDesc == null) {
-				Logger.debug("Can not find PVP metadata for entityID: " + entityID 
-						+ " Start refreshing process ...");
-				if (refreshMetadataProvider(entityID))
-					return internalProvider.getEntityDescriptor(entityID);
-									
-			}
-			
-		} catch (MetadataProviderException e) {
-			Logger.debug("Can not find PVP metadata for entityID: " + entityID 
-					+ " Start refreshing process ...");
-			if (refreshMetadataProvider(entityID))
-				return internalProvider.getEntityDescriptor(entityID);
-			
-		}
-		
-//		if (entityDesc != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return entityDesc;
-	}
-
-	public List<RoleDescriptor> getRole(String entityID, QName roleName)
-			throws MetadataProviderException {		
-		List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
-		
-//		if (result != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return result; 
-	}
-
-	public RoleDescriptor getRole(String entityID, QName roleName,
-			String supportedProtocol) throws MetadataProviderException {
-		RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
-		
-//		if (result != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return result; 
-	}
-
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
-	 */
-	@Override
-	public List<Observer> getObservers() {
-		return ((ChainingMetadataProvider) internalProvider).getObservers();
-	}
-
-	protected void emitChangeEvent() {
-		if ((getObservers() == null) || (getObservers().size() == 0)) {
-			return;
-		}
-
-		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
-		for (ObservableMetadataProvider.Observer observer : tempObserverList)
-			if (observer != null)
-				observer.onEvent(this);
-	}
-	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
deleted file mode 100644
index c87b7515f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-import java.io.File;
-import java.net.MalformedURLException;
-import java.util.Timer;
-
-import javax.net.ssl.SSLHandshakeException;
-
-import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.commons.httpclient.params.HttpClientParams;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.parse.ParserPool;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * @author tlenz
- *
- */
-public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
-	
-	private static final String URI_PREFIX_HTTP = "http:";
-	private static final String URI_PREFIX_HTTPS = "https:";
-	private static final String URI_PREFIX_FILE = "file:";
-	
-	
-	@Autowired 
-	//protected IConfiguration authConfig;
-	protected AuthConfiguration authConfig;
-	
-	/**
-	 * Create a single SAML2 MOA specific metadata provider
-	 * 
-	 * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
-	 *  based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * 
-	 * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
-	 */
-	protected MetadataProvider createNewMoaMetadataProvider(String metadataLocation, MetadataFilter filter, 
-			String IdForLogging, Timer timer, ParserPool pool) {
-		if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) 
-			return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
-		
-		else {
-			String absoluteMetadataLocation;
-			try {
-				absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
-						metadataLocation,
-						authConfig.getConfigurationRootDirectory().toURL().toString());
-				
-				if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
-					File metadataFile = new File(absoluteMetadataLocation);
-					if (metadataFile.exists())
-						return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
-					
-					else {
-						Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
-						return null;
-					}
-					
-				}	
-				
-				
-			} catch (MalformedURLException e) {
-				Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
-				
-			}
-							
-		}
-		
-		Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);		
-		return null;
-		
-	}
-	
-	
-	/**
-	 * Create a single SAML2 filesystem based metadata provider
-	 * 
-	 * @param metadataFile File, where the metadata should be loaded
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * @param pool 
-	 * 
-	 * @return SAML2 Metadata Provider
-	 */	
-	private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
-		FilesystemMetadataProvider fileSystemProvider = null;
-		try {
-			fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
-			fileSystemProvider.setParserPool(pool);
-			fileSystemProvider.setRequireValidMetadata(true);
-			fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			fileSystemProvider.setMetadataFilter(filter);
-			fileSystemProvider.initialize();
-			
-			fileSystemProvider.setRequireValidMetadata(true);
-			
-			return fileSystemProvider;
-						
-		} catch (Exception e) {
-			Logger.warn(
-					"Failed to load Metadata file for "
-							+ IdForLogging + "[ "
-							+ "File: " + metadataFile.getAbsolutePath()
-							+ " Msg: " + e.getMessage() + " ]", e);
-			
-			
-			Logger.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
-					+ " Reason: " + e.getMessage(), e);
-			
-			if (fileSystemProvider != null)
-				fileSystemProvider.destroy();
-			
-		}
-				
-		return null;
-				
-	}
-	
-	
-	
-	/**
-	 * Create a single SAML2 HTTP metadata provider
-	 * 
-	 * @param metadataURL URL, where the metadata should be loaded
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * @param pool 
-	 * 
-	 * @return SAML2 Metadata Provider
-	 */
-	private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
-		HTTPMetadataProvider httpProvider = null;
-		//Timer timer= null;
-		MOAHttpClient httpClient = null;
-		try {			
-			httpClient = new MOAHttpClient();
-			
-			HttpClientParams httpClientParams = new HttpClientParams();
-			httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
-			httpClient.setParams(httpClientParams);
-			
-			if (metadataURL.startsWith("https:")) {
-				try {
-					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
-					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
-							authConfig.getTrustedCACertificates(),
-							null,
-							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
-							authConfig.isTrustmanagerrevoationchecking(),
-							authConfig.getRevocationMethodOrder(),
-							authConfig.getBasicMOAIDConfigurationBoolean(
-									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
-					
-					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
-
-				} catch (MOAHttpProtocolSocketFactoryException e) {
-					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-					
-				}
-			}
-			
-//			timer = new Timer(true);
-			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
-					metadataURL);
-			httpProvider.setParserPool(pool);
-			httpProvider.setRequireValidMetadata(true);
-			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			httpProvider.setMetadataFilter(filter);
-			httpProvider.initialize();
-			
-			httpProvider.setRequireValidMetadata(true);
-			
-			return httpProvider;
-						
-		} catch (Throwable e) {			
-			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
-				Logger.warn("SSL-Server certificate for metadata " 
-						+ metadataURL + " not trusted.", e);
-				
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
-				Logger.warn("Signature verification for metadata" 
-						+ metadataURL + " FAILED.", e);
-			
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
-				Logger.warn("Schema validation for metadata " 
-						+ metadataURL + " FAILED.", e);								
-			}
-			
-			Logger.warn(
-					"Failed to load Metadata file for "
-							+ IdForLogging + "[ "
-							+ e.getMessage() + " ]", e);
-						
-			if (httpProvider != null) {
-				Logger.debug("Destroy failed Metadata provider");
-				httpProvider.destroy();
-			}
-			
-//			if (timer != null) {
-//				Logger.debug("Destroy Timer.");
-//				timer.cancel();
-//			}
-
-			
-		}
-		
-		return null;	
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
deleted file mode 100644
index dd94e0093..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public abstract class AbstractCredentialProvider {
-	
-	private KeyStore keyStore = null;
-	
-	/**
-	 * Get a friendlyName for this keyStore implementation
-	 * This friendlyName is used for logging
-	 * 
-	 * @return keyStore friendlyName
-	 */
-	public abstract String getFriendlyName();
-	
-	/**
-	 * Get KeyStore
-	 * 
-	 * @return URL to the keyStore
-	 * @throws ConfigurationException 
-	 */
-	public abstract String getKeyStoreFilePath() throws ConfigurationException;
-	
-	/**
-	 * Get keyStore password
-	 * 
-	 * @return Password of the keyStore
-	 */
-	public abstract String getKeyStorePassword();
-	
-	/**
-	 * Get alias of key for metadata signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getMetadataKeyAlias();
-	
-	/**
-	 * Get password of key for metadata signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getMetadataKeyPassword();
-	
-	/**
-	 * Get alias of key for request/response signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getSignatureKeyAlias();
-	
-	/**
-	 * Get password of key for request/response signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getSignatureKeyPassword();
-	
-	/**
-	 * Get alias of key for IDP response encryption
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getEncryptionKeyAlias();
-	
-	/**
-	 * Get password of key for IDP response encryption
-	 * 
-	 * @return key password
-	 */
-	public abstract String getEncryptionKeyPassword();
-	
-	
-	public X509Credential getIDPMetaDataSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
-
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			return credentials;
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-
-	public X509Credential getIDPAssertionSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public X509Credential getIDPAssertionEncryptionCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			//if no encryption key is configured return null
-			if (MiscUtil.isEmpty(getEncryptionKeyAlias()))
-				return null;
-			
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.ENCRYPTION);
-			
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
-						+ getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-			
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public static Signature getIDPSignature(Credential credentials) {		
-		PrivateKey privatekey = credentials.getPrivateKey();		
-		Signature signer = SAML2Utils.createSAMLObject(Signature.class);
-		
-		if (privatekey instanceof RSAPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-			
-		} else if (privatekey instanceof ECPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		} else {
-			Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-			
-			
-		}
-
-		signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);		
-		signer.setSigningCredential(credentials);
-		return signer;
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
deleted file mode 100644
index 85de666c9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class CredentialsNotAvailableException extends MOAIDException {
-
-	public CredentialsNotAvailableException(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public CredentialsNotAvailableException(String messageId,
-			Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -2564476345552842599L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index ebaef348c..389d97b18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
 import java.util.Properties;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-@Service("IDPCredentialProvider")
+//@Service("PVPIDPCredentialProvider")
 public class IDPCredentialProvider extends AbstractCredentialProvider {	
 	public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
 	public static final String IDP_KS_PASS = "idp.ks.kspassword";
@@ -54,7 +54,7 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() throws ConfigurationException {
+	public String getKeyStoreFilePath() throws EAAFException {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
deleted file mode 100644
index ef64efb56..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-public class SAMLSigner {
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
deleted file mode 100644
index 9d585bc86..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ /dev/null
@@ -1,292 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class AssertionAttributeExtractor {
-	
-	private Assertion assertion = null;
-	private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
-	//private PersonalAttributeList storkAttributes = new PersonalAttributeList();
-		
-	private final List<String> minimalMDSAttributeNamesList = Arrays.asList(
-			PVPConstants.PRINCIPAL_NAME_NAME, 
-			PVPConstants.GIVEN_NAME_NAME,
-			PVPConstants.BIRTHDATE_NAME,
-			PVPConstants.BPK_NAME);
-
-	private final List<String> minimalIDLAttributeNamesList = Arrays.asList(
-			PVPConstants.EID_IDENTITY_LINK_NAME,			
-			PVPConstants.EID_SOURCE_PIN_NAME,
-			PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-	
-	/**
-	 * Parse the SAML2 Response element and extracts included information
-	 * <br><br>
-	 * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used!
-	 * 
-	 * @param samlResponse SAML2 Response
-	 * @throws AssertionAttributeExtractorExeption
-	 */
-	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
-		if (samlResponse != null && samlResponse instanceof Response) {
-			List<Assertion> assertions = ((Response) samlResponse).getAssertions();			
-			if (assertions.size() == 0) 
-				throw new AssertionAttributeExtractorExeption("Assertion");
-				
-			else if (assertions.size() > 1)
-				Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
-			
-			assertion = assertions.get(0);
-
-			if (assertion.getAttributeStatements() != null &&
-					assertion.getAttributeStatements().size() > 0) {
-				AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
-				for (Attribute attr : attrStat.getAttributes()) {
-					if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {							
-						List<String> storkAttrValues = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							storkAttrValues.add(el.getDOM().getTextContent());
-						
-//						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
-//								false, storkAttrValues , "Available");
-//						storkAttributes.put(attr.getName(), storkAttr );
-						
-					} else {
-						List<String> attrList = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							attrList.add(el.getDOM().getTextContent());
-
-						attributs.put(attr.getName(), attrList);
-												
-					}
-			}
-				
-			}
-						
-		} else 
-			throw new AssertionAttributeExtractorExeption();		
-	}
-
-	/**
-	 * Get all SAML2 attributes from first SAML2 AttributeStatement element
-	 * 
-	 * @return List of SAML2 Attributes
-	 */
-	public List<Attribute> getAllResponseAttributesFromFirstAttributeStatement() {
-		return assertion.getAttributeStatements().get(0).getAttributes();
-		
-	}
-	
-	/**
-	 * Get all SAML2 attributes of specific SAML2 AttributeStatement element
-	 * 
-	 * @param attrStatementID List ID of the AttributeStatement element
-	 * @return List of SAML2 Attributes
-	 */
-	public List<Attribute> getAllResponseAttributes(int attrStatementID) {
-		return assertion.getAttributeStatements().get(attrStatementID).getAttributes();
-		
-	}
-	
-	/**
-	 * check attributes from assertion with minimal required attribute list
-	 * @return
-	 */
-	public boolean containsAllRequiredAttributes() {
-		return containsAllRequiredAttributes(minimalMDSAttributeNamesList) 
-				|| containsAllRequiredAttributes(minimalIDLAttributeNamesList);
-		
-	}
-	
-	/**
-	 * check attributes from assertion with attributeNameList
-	 * bPK or enc_bPK are always needed
-	 * 
-	 * @param List of attributes which are required
-	 * 
-	 * @return
-	 */
-	public boolean containsAllRequiredAttributes(Collection<String> attributeNameList) {		
-		
-		//first check if a bPK or an encrypted bPK is available
-		boolean flag = true;
-		for (String attr : attributeNameList) {
-			if (!attributs.containsKey(attr)) {
-				flag = false;					
-				Logger.debug("Assertion contains no Attribute " + attr);
-									
-			}
-					
-		}
-		
-		if (flag)
-			return flag;
-		
-		else {			
-			Logger.debug("Assertion contains no all minimum attributes from: " + attributeNameList.toString());
-			return false;
-			
-		}		
-	}
-	
-	public boolean containsAttribute(String attributeName) {
-		return attributs.containsKey(attributeName);
-		
-	}
-	
-	public String getSingleAttributeValue(String attributeName) {
-		if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0)
-			return attributs.get(attributeName).get(0);
-		else
-			return null;
-		
-	}
-	
-	public List<String> getAttributeValues(String attributeName) {
-		return attributs.get(attributeName);
-		
-	}
-	
-	/**
-	 * Return all include PVP attribute names
-	 * 
-	 * @return
-	 */
-	public Set<String> getAllIncludeAttributeNames() {
-		return attributs.keySet();
-		
-	}
-	
-//	public PersonalAttributeList getSTORKAttributes() {
-//		return storkAttributes;
-//	}
-	
-	
-	public String getNameID() throws AssertionAttributeExtractorExeption {		
-		if (assertion.getSubject() != null) {
-			Subject subject = assertion.getSubject();
-			
-			if (subject.getNameID() != null) {
-				if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))					
-					return subject.getNameID().getValue();			
-				
-				else
-					Logger.error("SAML2 NameID Element is empty.");
-			}
-		}
-			
-		throw new AssertionAttributeExtractorExeption("nameID");
-	}
-	
-	public String getSessionIndex() throws AssertionAttributeExtractorExeption {		
-		AuthnStatement authn = getAuthnStatement();
-		
-		if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
-			return authn.getSessionIndex();
-		
-		else
-			throw new AssertionAttributeExtractorExeption("SessionIndex");		
-	}
-
-	/**
-	 * @return
-	 * @throws AssertionAttributeExtractorExeption 
-	 */
-	public String getQAALevel() throws AssertionAttributeExtractorExeption {
-		AuthnStatement authn = getAuthnStatement();
-		if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
-			AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
-			
-			if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
-				return qaaClass.getAuthnContextClassRef();
-			
-			else
-				throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");			
-		}
-		
-		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		
-	}
-	
-	public Assertion getFullAssertion() {
-		return assertion;
-	}
-	
-	
-	/**
-	 * Get the Assertion validTo period
-	 * 
-	 * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used.
-	 * If this is empty, this method returns value of  SAML 'Conditions' element. 
-	 * 
-	 * @return Date, until this SAML2 assertion is valid
-	 */
-	public Date getAssertionNotOnOrAfter() {
-		if (getFullAssertion().getAuthnStatements() != null 
-				&& getFullAssertion().getAuthnStatements().size() > 0) {
-			for (AuthnStatement el : getFullAssertion().getAuthnStatements()) {
-				if (el.getSessionNotOnOrAfter() != null)
-					return (el.getSessionNotOnOrAfter().toDate());
-			}
-			
-		} 
-		
-		return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
-					
-	}
-	
-	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
-		List<AuthnStatement> authnList = assertion.getAuthnStatements();
-		if (authnList.size() == 0)
-			throw new AssertionAttributeExtractorExeption("AuthnStatement");
-		
-		else if (authnList.size() > 1)
-			Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
-		
-		return authnList.get(0);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index e02ecb662..d7ada1f36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -35,6 +35,7 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
deleted file mode 100644
index 29dd70545..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-
-import org.opensaml.Configuration;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.soap.soap11.Body;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.XMLObjectBuilderFactory;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.w3c.dom.Document;
-
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-
-public class SAML2Utils {
-
-	public static <T> T createSAMLObject(final Class<T> clazz) {
-		try {
-			XMLObjectBuilderFactory builderFactory = Configuration
-					.getBuilderFactory();
-
-			QName defaultElementName = (QName) clazz.getDeclaredField(
-					"DEFAULT_ELEMENT_NAME").get(null);
-			@SuppressWarnings("unchecked")
-			T object = (T) builderFactory.getBuilder(defaultElementName)
-					.buildObject(defaultElementName);
-			return object;
-		} catch (Throwable e) {
-			e.printStackTrace();
-			return null;
-		}
-	}
-
-	public static String getSecureIdentifier() {
-		return "_".concat(Random.nextHexRandom16());
-		
-		/*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121 
-		*          Generation of a 16bit Random identifier FAILES with an  Caused by: java.lang.ArrayIndexOutOfBoundsException
-		*          Caused by: java.lang.ArrayIndexOutOfBoundsException
-							  at iaik.security.random.o.engineNextBytes(Unknown Source)
-							  at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source)
-						      at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
-						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62)
-						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56)
-						      at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69)        
-		*/		
-		//return idGenerator.generateIdentifier();
-	}
-	
-	private static SecureRandomIdentifierGenerator idGenerator;
-	
-	private static DocumentBuilder builder;
-	static {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-		factory.setNamespaceAware(true);
-		try {
-			builder = factory.newDocumentBuilder();
-		} catch (ParserConfigurationException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-		try {
-			idGenerator = new SecureRandomIdentifierGenerator();
-		} catch(NoSuchAlgorithmException e) {
-			e.printStackTrace();
-		}
-	}
-
-	public static Document asDOMDocument(XMLObject object) throws IOException,
-			MarshallingException, TransformerException {
-		Document document = builder.newDocument();
-		Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
-				object);
-		out.marshall(object, document);
-		return document;
-	}
-
-	public static Status getSuccessStatus() {
-		Status status = SAML2Utils.createSAMLObject(Status.class);
-		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-		statusCode.setValue(StatusCode.SUCCESS_URI);
-		status.setStatusCode(statusCode);
-		return status;
-	}
-	
-	public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) {
-		
-		List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices();
-		
-		for (AssertionConsumerService el : assertionConsumerList) {
-			if (el.isDefault())
-				return el.getIndex();
-			
-		}
-		
-		return 0;
-	}
-	
-    public static Envelope buildSOAP11Envelope(XMLObject payload) {
-        XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
-        Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
-        Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
-         
-        body.getUnknownXMLObjects().add(payload);
-        envelope.setBody(body);
-         
-        return envelope;
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
deleted file mode 100644
index 86ca591ee..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.ws.security.SecurityPolicyRule;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule {
-
-	private SignatureTrustEngine trustEngine = null;
-	private QName peerEntityRole = null;
-	/**
-	 * @param peerEntityRole 
-	 * 
-	 */
-	public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) {
-		this.trustEngine = trustEngine;
-		this.peerEntityRole = peerEntityRole;
-		
-	}
-	
-	
-	/**
-	 * Reload the PVP metadata for a given entity
-	 * 
-	 * @param entityID for which the metadata should be refreshed.
-	 * @return true if the refresh was successful, otherwise false
-	 */
-	protected abstract boolean refreshMetadataProvider(String entityID);
-	
-	
-	protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData);
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
-	 */
-	@Override
-	public void evaluate(MessageContext context) throws SecurityPolicyException {
-		try {
-			verifySignature(context);
-			
-		} catch (SecurityPolicyException e) {
-			if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) {
-				throw e;
-			
-			}			
-			Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer());
-			if (!refreshMetadataProvider(context.getInboundMessageIssuer()))
-				throw e;
-			
-			else {
-				Logger.trace("PVP2X metadata reload finished. Check validate message again.");					
-				verifySignature(context);
-										
-			}
-			Logger.trace("Second PVP2X message validation finished");
-			
-		}
-
-		
-	}
-
-	private void verifySignature(MessageContext context) throws SecurityPolicyException {
-		SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage());			
-		if (samlObj != null && samlObj.getSignature() != null) {
-						
-			SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-			try {
-				profileValidator.validate(samlObj.getSignature());		    
-				performSchemaValidation(samlObj.getDOM());
-		    
-			} catch (ValidationException e) {
-				Logger.warn("Signature is not conform to SAML signature profile", e);
-				throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-		    
-			} catch (SchemaValidationException e) {
-				Logger.warn("Signature is not conform to SAML signature profile", e);
-				throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-			
-			}
-			
-			
-			
-			CriteriaSet criteriaSet = new CriteriaSet();
-			criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) );
-			criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) );
-			criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-						
-			try {
-				if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-					throw new SecurityPolicyException("Signature validation FAILED.");
-					
-				}
-				Logger.debug("PVP message signature valid.");
-				
-			} catch (org.opensaml.xml.security.SecurityException e) {
-				Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
-				throw new SecurityPolicyException("Signature validation FAILED.");
-				
-			}
-			
-		} else {
-			throw new SecurityPolicyException("PVP Message is not signed.");
-			
-		}
-				
-	}
-	
-	private void performSchemaValidation(Element source) throws SchemaValidationException {
-			
-		String err = null;
-		try {
-			Schema test = SAMLSchemaBuilder.getSAML11Schema();
-			Validator val = test.newValidator();		
-			val.validate(new DOMSource(source));
-			Logger.debug("Schema validation check done OK");
-			return;
-			
-		} catch (SAXException e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-							
-		} catch (Exception e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		}
-			
-		throw new SchemaValidationException("pvp2.22", new Object[]{err});
-			
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
deleted file mode 100644
index 7b7ba6883..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestValidator {
-
-	public static void validate(AuthnRequest req) throws AuthnRequestValidatorException{
-
-		//validate NameIDPolicy
-		NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
-		if (nameIDPolicy != null) {
-			String nameIDFormat = nameIDPolicy.getFormat();
-			if (nameIDFormat != null) {
-				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
-						NameID.PERSISTENT.equals(nameIDFormat) ||
-						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
-				
-					throw new NameIDFormatNotSupportedException(nameIDFormat);
-					
-				}
-				
-			} else
-				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
-		} else
-			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
-			
-		
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
index a9f9b206e..91de943d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -28,7 +28,8 @@ import java.util.List;
 
 import org.opensaml.saml2.core.RequestAbstractType;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
 
 public class ChainSAMLValidator implements ISAMLValidator {
 
@@ -39,7 +40,7 @@ private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>();
 	}
 	
 	public void validateRequest(RequestAbstractType request)
-			throws MOAIDException {
+			throws EAAFException {
 		Iterator<ISAMLValidator> validatorIterator = validator.iterator();
 		while(validatorIterator.hasNext()) {
 			ISAMLValidator validator = validatorIterator.next();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
deleted file mode 100644
index 4f697d986..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public interface ISAMLValidator {
-	public void validateRequest(RequestAbstractType request) throws MOAIDException;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
deleted file mode 100644
index 7b3f890e9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAPVPSignedRequestPolicyRule extends
-		AbstractRequestSignedSecurityPolicyRule {
-
-	private IMOARefreshableMetadataProvider metadataProvider = null;
-	
-	/**
-	 * @param metadataProvider 
-	 * @param trustEngine
-	 * @param peerEntityRole
-	 */
-	public MOAPVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine,
-			QName peerEntityRole) {
-		super(trustEngine, peerEntityRole);
-		if (metadataProvider instanceof IMOARefreshableMetadataProvider)
-			this.metadataProvider = (IMOARefreshableMetadataProvider) metadataProvider;
-				
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
-	 */
-	@Override
-	protected boolean refreshMetadataProvider(String entityID) {
-		if (metadataProvider != null)
-			return metadataProvider.refreshMetadataProvider(entityID);
-		
-		return false;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
-		if (inboundData instanceof SignableSAMLObject)
-			return (SignableSAMLObject) inboundData;
-		
-		else
-			return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
deleted file mode 100644
index efcf21b50..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.xml.util.DatatypeHelper;
-
-/**
- * @author tlenz
- *
- */
-public class MOASAML2AuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
-
-	@Override
-    protected boolean isMessageSigned(SAMLMessageContext messageContext) {        
-        // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
-        HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport();
-        String sigParam = inTransport.getParameterValue("Signature");
-        boolean isSigned = !DatatypeHelper.isEmpty(sigParam);
-        
-        String sigAlgParam = inTransport.getParameterValue("SigAlg");
-        boolean isSigAlgExists = !DatatypeHelper.isEmpty(sigAlgParam);
-        
-        return isSigned && isSigAlgExists;
-               
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index 952a6024a..9abaf9330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -27,13 +27,14 @@ import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.security.SAMLSignatureProfileValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 
 public class SAMLSignatureValidator implements ISAMLValidator {
 
 	public void validateRequest(RequestAbstractType request)
-			throws MOAIDException {
+			throws EAAFException {
 		if (request.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -48,7 +49,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
 	}
 
 	public static void validateSignable(SignableSAMLObject signableObject)
-			throws MOAIDException {
+			throws EAAFException {
 		if (signableObject.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index d89d04664..e8aa93d43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -23,7 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
 
 import java.io.IOException;
-import java.util.List;
+import java.security.cert.CertificateException;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -36,79 +36,34 @@ import org.opensaml.xml.validation.ValidationException;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
 
 public class EntityVerifier {
 
-	public static byte[] fetchSavedCredential(String entityID) {
-//		List<OnlineApplication> oaList = ConfigurationDBRead
-//				.getAllActiveOnlineApplications();
-		try { 
-			ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
-		
-			if (oa == null) {
-				Logger.debug("No OnlineApplication with EntityID: " + entityID);
-				return null;
-				
-			}
-			
-			String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-			if (MiscUtil.isNotEmpty(certBase64)) {
-				return Base64Utils.decode(certBase64, false);
-			
-			}
-			
-		} catch (ConfigurationException | EAAFConfigurationException e) {
-			Logger.error("Access MOA-ID configuration FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Decoding PVP2X metadata certificate FAILED.", e);
-			
-		}
-		
-		return null;
-	}
-
 	public static void verify(EntityDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
+			throws EAAFException {
+		
 		Credential credential = getSPTrustedCredential(entityDescriptor.getEntityID());
 		if (credential == null) {
 			throw new NoCredentialsException(entityDescriptor.getEntityID());
 		}
-
-		SignatureValidator sigValidator = new SignatureValidator(credential);
-		try {
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to verfiy Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
+		
+		verify(entityDescriptor, credential);
+	
 	}
 
 	public static void verify(EntityDescriptor entityDescriptor, Credential cred)
-			throws MOAIDException {
+			throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -131,7 +86,7 @@ public class EntityVerifier {
 	}
 
 	public static void verify(EntitiesDescriptor entityDescriptor,
-			Credential cred) throws MOAIDException {
+			Credential cred) throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -153,55 +108,11 @@ public class EntityVerifier {
 			throw new SAMLRequestNotSignedException(e);
 		}
 	}
-
-	public static void verify(EntitiesDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
-		List<EntityDescriptor> entities = entityDescriptor
-				.getEntityDescriptors();
-
-		if (entities.size() > 0) {
-
-			if (entities.size() > 1) {
-				Logger.warn("More then one EntityID in Metadatafile with Name "
-						+ entityDescriptor.getName()
-						+ " defined. Actually only the first"
-						+ " entryID is used to select the certificate to perform Metadata verification.");
-			}
-
-			Credential credential = getSPTrustedCredential(entities.get(0).getEntityID());
-
-			if (credential == null) {
-				throw new NoCredentialsException("moaID IDP");
-			}
-
-			SignatureValidator sigValidator = new SignatureValidator(credential);
-			try {
-				sigValidator.validate(entityDescriptor.getSignature());
-
-			} catch (ValidationException e) {
-				Logger.error("Failed to verfiy Signature", e);
-				throw new SAMLRequestNotSignedException(e);
-			}
-		}
-	}
-	
+		
 	public static Credential getSPTrustedCredential(String entityID)
 			throws CredentialsNotAvailableException {
 
-		iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
-				.getTrustEntityCertificate(entityID);
+		iaik.x509.X509Certificate cert = getTrustEntityCertificate(entityID);
 		
 		if (cert == null) {
 			throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
@@ -214,5 +125,46 @@ public class EntityVerifier {
 
 		return credential;
 	}
+	
+	private static iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+		
+		try {
+			Logger.trace("Load metadata signing certificate for online application " + entityID);
+			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
+			if (oaParam == null) {
+				Logger.info("Online Application with ID " + entityID + " not found!");
+				return null;
+			}
+		
+			String pvp2MetadataCertificateString = 
+					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
+			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
+				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
+				return null;
+				
+			}	
+			
+			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
+			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
+			return cert;
+			
+		} catch (CertificateException e) {
+			Logger.warn("Metadata signer certificate is not parsed.", e);
+			return null;
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		} catch (IOException e) {
+			Logger.warn("Metadata signer certificate is not decodeable.", e);
+			return null;
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		}
+	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
deleted file mode 100644
index 50bc7fb68..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("SAMLVerificationEngine")
-public class SAMLVerificationEngine {
-		
-	@Autowired(required=true) MOAMetadataProvider metadataProvider;
-	
-	public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
-		try {		
-			if (msg instanceof MOARequest &&  
-					((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
-				verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-		
-			else
-				verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-			
-		} catch (InvalidProtocolRequestException e) {
-			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw e;
-			
-			}			
-			Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
-						
-			if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID()))
-				throw e;
-			
-			else {
-				Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-					
-				if (msg instanceof MOARequest && 
-						((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
-					verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-				
-				else
-					verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-										
-			}
-			Logger.trace("Second PVP2X message validation finished");
-		}		
-	}
-	
-	public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{
-		verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-	}
-	
-	public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
-		verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-	}
-	
-	private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName)  throws InvalidProtocolRequestException{
-		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-		try {
-		    profileValidator.validate(samlObj.getSignature());
-		    performSchemaValidation(samlObj.getDOM());
-		    
-		} catch (ValidationException e) {
-			 Logger.warn("Signature is not conform to SAML signature profile", e);
-			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
-		
-		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
-		
-		}
-
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
-		try {
-		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
-		    }
-		} catch (org.opensaml.xml.security.SecurityException e) {
-		    Logger.warn("PVP2x message signature validation FAILED.", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
-		}
-	}
-	
-	public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
-		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-		try {
-		    profileValidator.validate(samlObj.getSignature());		    
-		    performSchemaValidation(samlObj.getDOM());
-		    
-		} catch (ValidationException e) {
-		    Logger.warn("Signature is not conform to SAML signature profile", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
-		    
-		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
-			
-		}
-
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
-		try {
-		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
-		    }
-		} catch (org.opensaml.xml.security.SecurityException e) {
-			Logger.warn("PVP2x message signature validation FAILED.", e);
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
-		}
-	}
-		
-	protected void performSchemaValidation(Element source) throws SchemaValidationException {
-		
-		String err = null;
-		try {
-			Schema test = SAMLSchemaBuilder.getSAML11Schema();
-			Validator val = test.newValidator();		
-			val.validate(new DOMSource(source));
-			Logger.debug("Schema validation check done OK");
-			return;
-		
-		} catch (SAXException e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		} catch (Exception e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		}
-		
-		throw new SchemaValidationException("pvp2.22", new Object[]{err});
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index 385fe90fb..d1d8c9368 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -47,11 +47,12 @@ import org.opensaml.xml.validation.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
deleted file mode 100644
index 3ea124db6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
-import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
-import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
-import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
-//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
-//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
-
-public class TrustEngineFactory {
-
-//	public static SignatureTrustEngine getSignatureTrustEngine() {
-//		try {
-//			MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
-//					MOAMetadataProvider.getInstance());
-//
-//			List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-//			keyInfoProvider.add(new DSAKeyValueProvider());
-//			keyInfoProvider.add(new RSAKeyValueProvider());
-//			keyInfoProvider.add(new InlineX509DataProvider());
-//
-//			KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-//					keyInfoProvider);
-//
-//			PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
-//					mdResolver, keyInfoResolver);
-//
-//			return engine;
-//
-//		} catch (Exception e) {
-//			e.printStackTrace();
-//			return null;
-//		}
-//	}
-
-	public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) {
-		MetadataCredentialResolver resolver;
-
-		resolver = new MetadataCredentialResolver(provider);
-
-		List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-		keyInfoProvider.add(new DSAKeyValueProvider());
-		keyInfoProvider.add(new RSAKeyValueProvider());
-		keyInfoProvider.add(new InlineX509DataProvider());
-
-		KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-				keyInfoProvider);
-
-		ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
-				resolver, keyInfoResolver);
-
-		return engine;
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 589713c4b..57f1c2f9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -23,23 +23,20 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
 import java.security.cert.CertificateException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.AbstractMetadataSignatureFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 import at.gv.egovernment.moa.logging.Logger;
 import iaik.x509.X509Certificate;
 
-public class MetadataSignatureFilter implements MetadataFilter {
+public class MetadataSignatureFilter extends AbstractMetadataSignatureFilter {
 	
 	private String metadataURL;
 	private BasicX509Credential savedCredential;
@@ -52,111 +49,52 @@ public class MetadataSignatureFilter implements MetadataFilter {
 		savedCredential.setEntityCertificate(cert);
 	}
 	
-	public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
-		
-//		String entityID = desc.getEntityID();
-		
-		EntityVerifier.verify(desc);
-	}
-	
-	public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
-		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
-		
-		if(desc.getSignature() != null) {
-			EntityVerifier.verify(desc, this.savedCredential);
+	@Override
+	protected void verify(EntityDescriptor desc) throws PVP2MetadataException {
+		try {
+			EntityVerifier.verify(desc);
+			
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for entity: " + desc.getEntityID()
+					+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for entity: " + desc.getEntityID(), null, e);
 		}
 		
-		while(entID.hasNext()) {
-			processEntitiesDescriptor(entID.next());
-		}
-				
-		Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+	}
 
-		List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
-		
-		//check every Entity
-		
-		while(entIT.hasNext()) {
-			
-			EntityDescriptor entity = entIT.next();
-			
-			String entityID = entity.getEntityID();
-			
-			//CHECK if Entity also match MetaData signature.
-			/*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
-			Logger.debug("Validate metadata for entityID: " + entityID + " ..... ");
-			byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
-						
-			if (entityCert != null) {
+	@Override
+	protected void verify(EntitiesDescriptor desc) throws PVP2MetadataException {
+		try {
+			EntityVerifier.verify(desc, this.savedCredential);
 			
-				X509Certificate cert;
-				try {
-					cert = new X509Certificate(entityCert);
-					BasicX509Credential entityCrendential = new BasicX509Credential();
-					entityCrendential.setEntityCertificate(cert);
-	
-					EntityVerifier.verify(desc, entityCrendential);
-					
-					//add entity to verified entity-list					
-					verifiedEntIT.add(entity);
-					Logger.debug("Metadata for entityID: " + entityID + " valid");
-					
-					
-				} catch (Exception e) {
-
-					//remove entity of signature can not be verified.
-					Logger.info("Entity " + entityID + " is removed from metadata " 
-							+ desc.getName() + ". Entity verification error: " + e.getMessage());
-//					throw new MOAIDException("The App", null, e);
-				}
-				
-			} else {
-				//remove entity if it is not registrated as OA
-				Logger.info("Entity " + entityID + " is removed from metadata " 
-						+ desc.getName() + ". Entity is not registrated or no certificate is found!");				
-//				throw new NoCredentialsException("NO Certificate found for OA " + entityID);
-			}
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+				+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
 			
-			//TODO: insert to support signed Entity-Elements
-			//processEntityDescriptorr(entIT.next());
-		}		
+		}
 		
-		//set only verified entity elements
-		desc.getEntityDescriptors().clear();
-		desc.getEntityDescriptors().addAll(verifiedEntIT);
 	}
-	
-	public void doFilter(XMLObject metadata) throws SignatureValidationException {
+
+	@Override
+	protected void verify(EntityDescriptor entity, EntitiesDescriptor entities) throws PVP2MetadataException {		
 		try {
-			if (metadata instanceof EntitiesDescriptor) {
-				EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
-				if(entitiesDescriptor.getSignature() == null) {
-					throw new MOAIDException("Root element of metadata file has to be signed", null);
-				}
-				processEntitiesDescriptor(entitiesDescriptor);
-				
-				
-				if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
-					throw new MOAIDException("No valid entity in metadata "
-							+ entitiesDescriptor.getName() + ". Metadata is not loaded.", null);
-				}
-				
-				
-			} else if (metadata instanceof EntityDescriptor) {
-				EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
-				processEntityDescriptorr(entityDescriptor);
+			if (entity.isSigned()) {
+				Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is signed. Starting signature verification ... ");
+				EntityVerifier.verify(entity);
 				
 			} else {
-				throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+				Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is not signed. Verify EntitiesDescriptor by using 'Entity' certificate ...  ");
+				Credential entityCredential = EntityVerifier.getSPTrustedCredential(entity.getEntityID());
+				EntityVerifier.verify(entities, entityCredential);
+				
 			}
 			
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+				+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
 			
-			
-			Logger.info("Metadata signature policy check done OK");
-		} catch (MOAIDException e) {
-			Logger.warn("Metadata signature policy check FAILED.", e);
-			throw new SignatureValidationException(e);
 		}
 	}
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
deleted file mode 100644
index caabfea30..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.samlext.saml2mdattr.EntityAttributes;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class PVPEntityCategoryFilter implements MetadataFilter {
-
-
-	private boolean isUsed = false;
-	
-	/**
-	 * Filter to map PVP EntityCategories into a set of single PVP attributes 
-	 * 
-	 * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
-	 * 
-	 */
-	public PVPEntityCategoryFilter(boolean isUsed) {
-		this.isUsed = isUsed;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject metadata) throws FilterException {
-		
-		if (isUsed) {
-			Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
-			String entityId = null;
-			try {
-				if (metadata instanceof EntitiesDescriptor) {
-					Logger.trace("Find EnitiesDescriptor ... ");
-					EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
-					if (entitiesDesc.getEntityDescriptors() != null) {
-						for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
-							resolveEntityCategoriesToAttributes(el);
-						
-					}
-									
-				} else if (metadata instanceof EntityDescriptor) {
-					Logger.trace("Find EntityDescriptor");
-					resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
-					
-					
-				} else
-					throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-				
-				
-				
-			} catch (Exception e) {
-				Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
-				
-			}
-			
-		} else
-			Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
-		
-	}
-
-	private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
-		Logger.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
-		Extensions extensions = metadata.getExtensions();
-		if (extensions != null) {
-			List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
-			if (listOfExt != null && !listOfExt.isEmpty()) {
-				Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
-				for (XMLObject el : listOfExt) {
-					Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
-					if (el instanceof EntityAttributes) {
-						EntityAttributes entityAttrElem = (EntityAttributes)el;
-						if (entityAttrElem.getAttributes() != null) {
-							Logger.trace("Find EntityAttributes. Start attribute processing ...");
-							for (Attribute entityAttr : entityAttrElem.getAttributes()) {
-								if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) {
-									if (!entityAttr.getAttributeValues().isEmpty()) {
-										String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
-										if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) {
-											Logger.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
-											addAttributesToEntityDescriptor(metadata, 
-													buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES), 
-													entityAttrValue);
-											
-																													
-										} else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) {
-											Logger.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
-											addAttributesToEntityDescriptor(metadata, 
-													buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES), 
-													entityAttrValue);
-											
-										} else
-											Logger.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
-																			
-									} else
-										Logger.info("EntityAttribute: No attribute value");
-																		
-								} else 
-									Logger.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
-								
-							}
-										
-						} else
-							Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
-						
-					}					
-				}
-				
-			} else
-				Logger.trace("'Extension' element is 'null' or empty");
-			
-		} else
-			Logger.trace("No 'Extension' element found");
-				
-	}
-	
-	/**
-	 * @param metadata
-	 * @param attrList
-	 */
-	private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) {
-		SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		if (spSSODesc != null) {
-			if (spSSODesc.getAttributeConsumingServices() == null || 
-					spSSODesc.getAttributeConsumingServices().isEmpty()) {
-				Logger.trace("No 'AttributeConsumingServices' found. Added it ...");
-				
-				AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);						
-				attributeService.setIndex(0);
-				attributeService.setIsDefault(true);
-				ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
-				serviceName.setName(new LocalizedString("Default Service", "en"));
-				attributeService.getNames().add(serviceName);
-				
-				if (attrList != null && !attrList.isEmpty()) {
-					attributeService.getRequestAttributes().addAll(attrList);
-					Logger.info("Add  " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
-					
-				}
-				
-				spSSODesc.getAttributeConsumingServices().add(attributeService);
-				
-			} else {
-				Logger.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
-				for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) {
-					Logger.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
-					
-					//load currently requested attributes
-					List<String> currentlyReqAttr = new ArrayList<String>();
-					for (RequestedAttribute reqAttr : el.getRequestAttributes())
-						currentlyReqAttr.add(reqAttr.getName());
-						
-
-					//check against EntityAttribute List
-					for (RequestedAttribute entityAttrListEl : attrList) {
-						if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
-							el.getRequestAttributes().add(entityAttrListEl);
-							
-						} else
-							Logger.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName());
-						
-					}
-					
-				}
-				
-			}
-			
-		} else
-			Logger.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
-		
-	}
-
-	private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) {
-		List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
-		for (Trible<String, String, Boolean> el : attrSet)
-			requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));	
-					
-		return requestedAttributes;
-		
-		
-	}
-	 	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
deleted file mode 100644
index 4c1da747b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.security.cert.CertificateException;
-
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
-
-/**
- * @author tlenz
- *
- */
-public class PVPMetadataFilterChain extends MetadataFilterChain {
-
-		
-	/**
-	 * @throws CertificateException 
-	 * 
-	 */
-	public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
-		addDefaultFilters(url, certificate);
-	}
-	
-	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
-		addFilter(new MetadataSignatureFilter(url, certificate));
-		
-	}
-
-
-
-
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
deleted file mode 100644
index 83a2b61d2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationFilter implements MetadataFilter {
-
-	private boolean isActive = true;
-	
-	public SchemaValidationFilter() {
-		try {
-			isActive = AuthConfigurationProviderFactory.getInstance().isPVPSchemaValidationActive();
-			
-		} catch (ConfigurationException e) {
-			e.printStackTrace();
-		}
-	}
-	
-	/**
-	 * 
-	 */
-	public SchemaValidationFilter(boolean useSchemaValidation) {
-		this.isActive = useSchemaValidation;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws SchemaValidationException {
-		
-		String errString = null;
-		
-		if (isActive) {
-			try {
-				Schema test = SAMLSchemaBuilder.getSAML11Schema();
-				Validator val = test.newValidator();
-				DOMSource source = new DOMSource(arg0.getDOM());		
-				val.validate(source);
-				Logger.info("Metadata Schema validation check done OK");
-				return;
-			
-			} catch (SAXException e) {
-				if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-					Logger.warn("Metadata Schema validation FAILED with exception:", e);
-				else
-					Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-
-				errString = e.getMessage();
-				
-			} catch (Exception e) {
-				if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-					Logger.warn("Metadata Schema validation FAILED with exception:", e);
-				else
-					Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-				
-				errString = e.getMessage();
-				
-			}
-			
-			throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString);
-			
-		} else		
-			Logger.info("Metadata Schema validation check is DEACTIVATED!");
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
deleted file mode 100644
index e7412a0fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.saml2;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MetadataFilterChain implements MetadataFilter {
-
-	private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-		
-	/**
-	 * Return all actually used Metadata filters
-	 * 
-	 * @return List of Metadata filters
-	 */
-	public List<MetadataFilter> getFilters() {
-		return filters;
-	}
-	
-	/**
-	 * Add a new Metadata filter to filterchain
-	 * 
-	 * @param filter 
-	 */
-	public void addFilter(MetadataFilter filter) {
-		filters.add(filter);
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws FilterException {
-		for (MetadataFilter filter : filters) {
-			Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName());
-			filter.doFilter(arg0);
-		}
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index c5f02e7de..f303adfe5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -60,8 +62,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.EncryptedData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index ff9c4e358..5f2ec046a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -28,6 +28,8 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -38,8 +40,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
index 3e3d9dafc..10e22c806 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.util;
 import java.io.IOException;
 import java.util.Properties;
 
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -33,7 +36,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-public class LoALevelMapper {
+@Service("MOAIDLoALevelMapper")
+public class LoALevelMapper implements ILoALevelMapper{
 
 	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
 	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
@@ -46,18 +50,8 @@ public class LoALevelMapper {
 	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
 	
 	private Properties mapping = null;
-	
-	private static LoALevelMapper instance = null;
-	
-	public static LoALevelMapper getInstance() {
-		if (instance == null) {
-			instance = new LoALevelMapper();			
-		}
-		
-		return instance;
-	}
-	
-	private LoALevelMapper() {
+			
+	public LoALevelMapper() {
 		try {
 			mapping = new Properties();
 			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
@@ -72,6 +66,43 @@ public class LoALevelMapper {
 		
 	}
 
+	public String mapToeIDASLoA(String qaa) {
+		if (qaa.startsWith(STORK_QAA_PREFIX))
+			return mapSTORKQAAToeIDASQAA(qaa);
+		
+		else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+			return mapSTORKQAAToeIDASQAA(mapSecClassToQAALevel(qaa));
+					
+		else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+			return qaa;
+		
+		else {
+			Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+			return null;
+			
+		}
+		
+	}
+	
+	public String mapToSecClass(String qaa) {
+		if (qaa.startsWith(STORK_QAA_PREFIX))
+			return mapStorkQAAToSecClass(qaa);
+		
+		else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+			return mapStorkQAAToSecClass(mapeIDASQAAToSTORKQAA(qaa));
+					
+		else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+			return qaa;
+		
+		else {
+			Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+			return null;
+			
+		}
+		
+	}
+	
+	
 	/**
 	 * Map STORK QAA level to eIDAS QAA level
 	 * 
@@ -118,7 +149,7 @@ public class LoALevelMapper {
 	 * @param STORK-QAA level
 	 * @return PVP SecClass pvpQAALevel
 	 */	
-	public String mapToSecClass(String storkQAALevel) {
+	public String mapStorkQAAToSecClass(String storkQAALevel) {
 		if (mapping != null) {
 			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
@@ -137,7 +168,7 @@ public class LoALevelMapper {
 	 * @param PVP SecClass pvpQAALevel
 	 * @return STORK-QAA level
 	 */	
-	public String mapToQAALevel(String pvpQAALevel) {
+	public String mapSecClassToQAALevel(String pvpQAALevel) {
 		if (mapping != null) {
 			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(input);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
deleted file mode 100644
index ca71ad946..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class QAALevelVerifier {
-
-	public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
-		
-		if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && 
-					(EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || 
-							EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
-									EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
-				) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && 
-					(EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
-								EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
-				) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else 
-			throw new QAANotAllowedException(qaaAuth, qaaRequest);
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index d8565112b..5ccacf350 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -22,6 +22,30 @@
 	<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
 	<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
  
+ 	<bean id="PVPIDPCredentialProvider"
+ 				class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" />
+ 
+ 	<bean id="PVP2XProtocol"
+ 				class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
+  	<bean id="pvpMetadataService"
+ 				class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
+   	<bean id="PVPAuthenticationRequestAction"
+ 				class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
 	<bean id="MOAID_AuthenticationManager" 
 				class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
 
@@ -50,6 +74,12 @@
 	<bean id="MOAGarbageCollector" 
 				class="at.gv.egovernment.moa.id.auth.MOAGarbageCollector"/>
 
+	<bean id="MOAIDLoALevelMapper" 
+				class="at.gv.egovernment.moa.id.util.LoALevelMapper"/>
+
+	<bean id="MOASAML2SubjectNameIDGenerator"
+				class="at.gv.egovernment.moa.id.auth.builder.MOAIDSubjectNameIdGenerator" />
+				
 <!-- 	<bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
     <property name="corePoolSize" value="5" />
     <property name="maxPoolSize" value="10" />
@@ -64,11 +94,7 @@
 	<bean id="EvaluateBKUSelectionTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask"
 				scope="prototype"/>
-				
-	<bean id="RestartAuthProzessManagement" 
-				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"
-				scope="prototype"/>				
-			
+										
 	<bean id="GenerateSSOConsentEvaluatorFrameTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateSSOConsentEvaluatorFrameTask"
 				scope="prototype"/>
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
index b3a9d367f..b0494534a 100644
--- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -54,9 +54,9 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.ixsil.algorithms.Transform;
 import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
index 1cd54d61b..299bbee23 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
@@ -50,8 +50,8 @@ import java.security.KeyStore;
 import java.util.Enumeration;
 
 import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 /**
  * @author Paul Ivancsics
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 3f6227402..663f712ef 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -194,5 +194,9 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   @Deprecated
   public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
   
+  public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
+  public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
+  public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";		
+  public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
 
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
index cb81fe79e..5fec08053 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
@@ -34,8 +34,8 @@ import java.security.UnrecoverableKeyException;
 
 import org.apache.commons.lang3.SerializationUtils;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 
 /**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index abf2d211c..e6efca4ea 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -58,8 +58,8 @@ import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import iaik.pki.DefaultPKIConfiguration;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
deleted file mode 100644
index 8d6aea164..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.URL;
-
-/**
- * Utility for accessing files on the file system, and for reading from input streams.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class FileUtils {
-  
-  /**
-   * Reads a file, given by URL, into a byte array.
-   * @param urlString file URL
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readURL(String urlString) throws IOException {	  
-    URL url = new URL(urlString);
-    InputStream in = new BufferedInputStream(url.openStream());
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-
-  /**
-   * Reads a file from a resource.
-   * @param name resource name
-   * @return file content as a byte array
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readResource(String name) throws IOException {
-    ClassLoader cl = FileUtils.class.getClassLoader();
-    BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name));
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-  /**
-   * Reads a file from a resource.
-   * @param name filename
-   * @param encoding character encoding
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static String readResource(String name, String encoding) throws IOException {
-    byte[] content = readResource(name);
-    return new String(content, encoding);
-  }
-  
-	/**
-	 * Returns the absolute URL of a given url which is relative to the parameter root
-	 * @param url
-	 * @param root
-	 * @return String
-	 */
-	public static String makeAbsoluteURL(String url, String root) {
-		//if url is relative to rootConfigFileDirName make it absolute 					
-		
-    File keyFile;
-    String newURL = url;
-
-		if(null == url) return  null;
-    
-    if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) {
-    	return url;
-    } else {
-      // check if absolute - if not make it absolute
-      keyFile = new File(url);
-      if (!keyFile.isAbsolute()) {
-        keyFile = new File(root, url);
-
-        if (keyFile.toString().startsWith("file:"))
-        	newURL = keyFile.toString();
-        
-        else
-        	newURL = keyFile.toURI().toString();
-        
-      }
-      return newURL;
-    }
-	}  
-	
-	
-	 private static void copy( InputStream fis, OutputStream fos )
-	  {
-	    try
-	    {
-	      byte[] buffer = new byte[ 0xFFFF ];
-	      for ( int len; (len = fis.read(buffer)) != -1; )
-	        fos.write( buffer, 0, len );
-	    }
-	    catch( IOException e ) {
-	      System.err.println( e );
-	    }
-	    finally {
-	      if ( fis != null )
-	        try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); }
-	      if ( fos != null )
-	        try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); }
-	    }
-	  }
-	 
-	 public static void copyFile(File src, File dest)
-	  {
-	    try
-	    {
-	      copy( new FileInputStream( src ), new FileOutputStream( dest ) );
-	    }
-	    catch( IOException e ) {
-	      e.printStackTrace();
-	    }
-	  }
-  
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
deleted file mode 100644
index 38dcafcc0..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import iaik.x509.X509Certificate;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.Certificate;
-
-/**
- * Utility for creating and loading key stores.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class KeyStoreUtils {
-	
-	/**
-	 * JAVA KeyStore
-	 */
-	private static final String KEYSTORE_TYPE_JKS = "JKS";
-	
-	/**
-	 * PKCS12 KeyStore
-	 */
-	private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
-	
-	
-
-  /**
-   * Loads a key store from file.
-   * 
-   * @param keystoreType key store type
-   * @param urlString URL of key store
-   * @param password password protecting the key store
-   * @return key store loaded
-   * @throws IOException thrown while reading the key store from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore loadKeyStore(
-    String keystoreType,
-    String urlString,
-    String password)
-    throws IOException, GeneralSecurityException {
-
-    URL keystoreURL = new URL(urlString);
-    InputStream in = keystoreURL.openStream();
-    return loadKeyStore(keystoreType, in, password);
-  }
-  /**
-   * Loads a key store from an <code>InputStream</code>, and
-   * closes the <code>InputStream</code>.
-   * 
-   * @param keystoreType key store type
-   * @param in input stream
-   * @param password password protecting the key store
-   * @return key store loaded
-   * @throws IOException thrown while reading the key store from the stream
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore loadKeyStore(
-    String keystoreType,
-    InputStream in,
-    String password)
-    throws IOException, GeneralSecurityException {
-
-    char[] chPassword = null;
-    if (password != null)
-      chPassword = password.toCharArray();
-    KeyStore ks = KeyStore.getInstance(keystoreType);
-    ks.load(in, chPassword);
-    in.close();
-    return ks;
-  }
-  /**
-   * Creates a key store from X509 certificate files, aliasing them with
-   * the index in the <code>String[]</code>, starting with <code>"0"</code>.
-   * 
-   * @param keyStoreType key store type
-   * @param certFilenames certificate filenames
-   * @return key store created
-   * @throws IOException thrown while reading the certificates from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore createKeyStore(
-    String keyStoreType,
-    String[] certFilenames)
-    throws IOException, GeneralSecurityException {
-
-    KeyStore ks = KeyStore.getInstance(keyStoreType);
-    ks.load(null, null);
-    for (int i = 0; i < certFilenames.length; i++) {
-      Certificate cert = loadCertificate(certFilenames[i]);
-      ks.setCertificateEntry("" + i, cert);
-    }
-    return ks;
-  }
-//  /**
-//   * Creates a key store from a directory containg X509 certificate files, 
-//   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
-//   * All the files in the directory are considered to be certificates.
-//   * 
-//   * @param keyStoreType key store type
-//   * @param certDirURLString file URL of directory containing certificate filenames
-//   * @return key store created
-//   * @throws IOException thrown while reading the certificates from file
-//   * @throws GeneralSecurityException thrown while creating the key store
-//   */
-//  public static KeyStore createKeyStoreFromCertificateDirectory(
-//    String keyStoreType,
-//    String certDirURLString)
-//    throws IOException, GeneralSecurityException {
-//
-//    URL certDirURL = new URL(certDirURLString);
-//    String certDirname = certDirURL.getFile();
-//    File certDir = new File(certDirname);
-//    String[] certFilenames = certDir.list();
-//    String separator =
-//      (certDirname.endsWith(File.separator) ? "" : File.separator);
-//    for (int i = 0; i < certFilenames.length; i++) {
-//      certFilenames[i] = certDirname + separator + certFilenames[i];
-//    }
-//    return createKeyStore(keyStoreType, certFilenames);
-//  }
-
-  /**
-   * Loads an X509 certificate from file.
-   * @param certFilename filename
-   * @return the certificate loaded
-   * @throws IOException thrown while reading the certificate from file
-   * @throws GeneralSecurityException thrown while creating the certificate
-   */
-  private static Certificate loadCertificate(String certFilename)
-    throws IOException, GeneralSecurityException {
-
-    FileInputStream in = new FileInputStream(certFilename);
-    Certificate cert = new X509Certificate(in);
-    in.close();
-    return cert;
-  }
-  
- 
-	/**
-	 * Loads a keyStore without knowing the keyStore type
-	 * @param keyStorePath URL to the keyStore
-	 * @param password Password protecting the keyStore
-	 * @return keyStore loaded
-	 * @throws KeyStoreException thrown if keyStore cannot be loaded
-	 * @throws FileNotFoundException 
-	 * @throws IOException 
-	 */
-  public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{
-		
-		//InputStream is = new FileInputStream(keyStorePath);
-	  	URL keystoreURL = new URL(keyStorePath);
-	    InputStream in = keystoreURL.openStream();
-		InputStream isBuffered = new BufferedInputStream(in);				
-		return loadKeyStore(isBuffered, password);
-		
-	}
-	
-	/**
-	 * Loads a keyStore without knowing the keyStore type
-	 * @param in input stream
-	 * @param password Password protecting the keyStore
-	 * @return keyStore loaded
-	 * @throws KeyStoreException thrown if keyStore cannot be loaded
-	 * @throws FileNotFoundException 
-	 * @throws IOException 
-	 */
-public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{		
-		is.mark(1024*1024);
-		KeyStore ks = null;
-		try {
-			try {				
-				ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password);
-			} catch (IOException e2) {
-				is.reset();				
-				ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password);
-			}
-		} catch(Exception e) {			
-			e.printStackTrace();
-			//throw new KeyStoreException(e);
-		}
-		return ks;	
-						
-	}
-  
-	
-
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
deleted file mode 100644
index e4ccd127f..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintStream;
-
-/**
- * Utility methods for streams.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class StreamUtils {
-  
-  /**
-   * Compare the contents of two <code>InputStream</code>s.
-   * 
-   * @param is1 The 1st <code>InputStream</code> to compare.
-   * @param is2 The 2nd <code>InputStream</code> to compare.
-   * @return boolean <code>true</code>, if both streams contain the exactly the
-   * same content, <code>false</code> otherwise.
-   * @throws IOException An error occurred reading one of the streams.
-   */
-  public static boolean compareStreams(InputStream is1, InputStream is2) 
-    throws IOException {
-      
-    byte[] buf1 = new byte[256];
-    byte[] buf2 = new byte[256];
-    int length1;
-    int length2;
-  
-    try {
-      while (true) {
-        length1 = is1.read(buf1);
-        length2 = is2.read(buf2);
-        
-        if (length1 != length2) {
-          return false;
-        }
-        if (length1 <= 0) {
-          return true;
-        }
-        if (!compareBytes(buf1, buf2, length1)) {
-          return false;
-        }
-      }
-    } catch (IOException e) {
-      throw e;
-    } finally {
-      // close both streams
-      try {
-        is1.close();
-        is2.close();
-      } catch (IOException e) {
-        // ignore this
-      }
-    }
-  }
-  
-  /**
-   * Compare two byte arrays, up to a given maximum length.
-   * 
-   * @param b1 1st byte array to compare.
-   * @param b2 2nd byte array to compare.
-   * @param length The maximum number of bytes to compare.
-   * @return <code>true</code>, if the byte arrays are equal, <code>false</code>
-   * otherwise.
-   */
-  private static boolean compareBytes(byte[] b1, byte[] b2, int length) {
-    if (b1.length != b2.length) {
-      return false;
-    }
-  
-    for (int i = 0; i < b1.length && i < length; i++) {
-      if (b1[i] != b2[i]) {
-        return false;
-      }
-    }
-  
-    return true;
-  }
-
-  /**
-   * Reads a byte array from a stream.
-   * @param in The <code>InputStream</code> to read.
-   * @return The bytes contained in the given <code>InputStream</code>.
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readStream(InputStream in) throws IOException {
-
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    copyStream(in, out, null);
-		  
-		/*  
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    int b;
-    while ((b = in.read()) >= 0)
-      out.write(b);
-    
-    */
-    in.close();
-    return out.toByteArray();
-  }
-
-  /**
-   * Reads a <code>String</code> from a stream, using given encoding.
-   * @param in The <code>InputStream</code> to read.
-   * @param encoding The character encoding to use for converting the bytes
-   * of the <code>InputStream</code> into a <code>String</code>.
-   * @return The content of the given <code>InputStream</code> converted into
-   * a <code>String</code>.
-   * @throws IOException on any exception thrown
-   */
-  public static String readStream(InputStream in, String encoding) throws IOException {
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    copyStream(in, out, null);
-
-    /*
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    int b;
-    while ((b = in.read()) >= 0)
-      out.write(b);
-      */
-    in.close();
-    return out.toString(encoding);
-  }
-  
-  /**
-   * Reads all data (until EOF is reached) from the given source to the 
-   * destination stream. If the destination stream is null, all data is dropped.
-   * It uses the given buffer to read data and forward it. If the buffer is 
-   * null, this method allocates a buffer.
-   *
-   * @param source The stream providing the data.
-   * @param destination The stream that takes the data. If this is null, all
-   *                    data from source will be read and discarded.
-   * @param buffer The buffer to use for forwarding. If it is null, the method
-   *               allocates a buffer.
-   * @exception IOException If reading from the source or writing to the 
-   *                        destination fails.
-   */
-  private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException {
-    if (source == null) {
-      throw new NullPointerException("Argument \"source\" must not be null.");
-    }
-    if (buffer == null) {
-      buffer = new byte[8192];
-    }
-    
-    if (destination != null) {
-      int bytesRead;
-      while ((bytesRead = source.read(buffer)) >= 0) {
-        destination.write(buffer, 0, bytesRead);
-      }
-    } else {
-      while (source.read(buffer) >= 0);
-    }    
-  }
-  
-  /**
-   * Gets the stack trace of the <code>Throwable</code> passed in as a string.
-   * @param t The <code>Throwable</code>.
-   * @return a String representing the stack trace of the <code>Throwable</code>.
-   */
-  public static String getStackTraceAsString(Throwable t)
-  {
-    ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream();
-    t.printStackTrace(new PrintStream(stackTraceBIS));
-    return new String(stackTraceBIS.toByteArray());
-  }
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
index 8941ab4cf..c52f52fa8 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
@@ -26,13 +26,13 @@ import java.io.BufferedInputStream;
 import java.io.FileInputStream;
 import java.io.IOException;
 
-import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 
 /**
  * @author tlenz
  *
  */
-public class FileUtils extends at.gv.egovernment.moa.util.FileUtils {
+public class FileUtils extends at.gv.egiz.eaaf.core.impl.utils.FileUtils {
 
   /**
   * Reads a file, given by URL, into a String.
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
index be5581139..6d341b88b 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -34,8 +34,7 @@ import java.security.Security;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import junit.framework.TestCase;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
index 98f7fccf5..f32b90eb0 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
@@ -1,8 +1,14 @@
 package at.gv.egovernment.moa.id.auth.frontend;
 
+import java.net.MalformedURLException;
+import java.net.URI;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 
 public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurationFactory {
 
@@ -13,5 +19,15 @@ public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurat
 
 	}
 
-	
+	@Override
+	public IGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootDir) 
+			throws MalformedURLException {
+		return new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+				pendingReq, 
+				viewName, 
+				MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
+				null, 
+				configRootDir.toURL().toString());
+		
+	}	
 }
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 2ce4488a8..1bacc93c7 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -44,7 +44,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index 6092c8d5d..3e2bdda10 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -32,8 +32,8 @@ import java.net.URISyntaxException;
 import java.net.URL;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
deleted file mode 100644
index 3d5c5ed2f..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.runtime.RuntimeServices;
-import org.apache.velocity.runtime.log.LogChute;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class VelocityLogAdapter implements LogChute {
-
-	public VelocityLogAdapter() {
-		try
-	    {
-	      /*
-	       *  register this class as a logger with the Velocity singleton
-	       *  (NOTE: this would not work for the non-singleton method.)
-	       */
-	      Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
-	      Velocity.init();
-	    }
-	    catch (Exception e)
-	    {
-	      Logger.error("Failed to register Velocity logger");
-	    }
-	}
-	
-	public void init(RuntimeServices arg0) throws Exception {
-	}
-
-	public boolean isLevelEnabled(int arg0) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			return Logger.isDebugEnabled();
-		case LogChute.TRACE_ID:
-			return Logger.isTraceEnabled();
-		default:
-			return true;
-		}
-	}
-
-	public void log(int arg0, String arg1) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			Logger.debug(arg1);
-			break;
-		case LogChute.TRACE_ID:
-			Logger.trace(arg1);
-			break;
-		case LogChute.INFO_ID:
-			Logger.info(arg1);
-			break;
-		case LogChute.WARN_ID:
-			Logger.warn(arg1);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1);
-			break;
-		}
-	}
-
-	public void log(int arg0, String arg1, Throwable arg2) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-		case LogChute.TRACE_ID:
-		case LogChute.INFO_ID:
-		case LogChute.WARN_ID:
-			Logger.warn(arg1, arg2);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1, arg2);
-			break;
-		}
-	}
-	
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
deleted file mode 100644
index 015d8e321..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-
-/**
- * Gets a Velocity Engine
- * 
- * @author bzwattendorfer
- *
- */
-public class VelocityProvider {
-
-	private static VelocityEngine velocityEngine = null;
-	
-	/**
-	 * Gets velocityEngine from Classpath
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getClassPathVelocityEngine() throws Exception {
-		if (velocityEngine == null) {
-			velocityEngine = getBaseVelocityEngine();
-			velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-			velocityEngine.setProperty("classpath.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");                
-			velocityEngine.init();
-			
-		}
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets VelocityEngine from File
-	 * @param rootPath File Path to template file
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
-		if (velocityEngine == null) {
-			velocityEngine = getBaseVelocityEngine();
-			velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
-			velocityEngine.setProperty("file.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.FileResourceLoader");
-			velocityEngine.setProperty("file.resource.loader.path", rootPath);
-        
-			velocityEngine.init();
-			
-		}
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets a basic VelocityEngine
-	 * @return VelocityEngine
-	 */
-	private static VelocityEngine getBaseVelocityEngine() {
-		VelocityEngine velocityEngine = new VelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8");
-        velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-//        velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-//				"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-        velocityEngine.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, new VelocityLogAdapter() );
-        
-        return velocityEngine;
-	}
-	
-}
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
index f99013082..59779060f 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
@@ -37,6 +37,7 @@ import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index d32ce972a..1eb354778 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -23,6 +23,7 @@ import org.springframework.web.context.support.ServletContextResource;
 import org.springframework.web.servlet.DispatcherServlet;
 
 import at.gv.egiz.components.spring.api.SpringLoader;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 2b2a8cab6..ef3e71874 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -26,7 +26,9 @@ import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -65,14 +67,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moaspss.logging.LogMsg;
@@ -1033,7 +1033,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		session.setForeigner(false);
 
 		//set QAA Level four in case of card authentifcation
-		session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		session.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
+		
 		
 		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
 		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
index a904242e1..8e80fbbbb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.auth.builder;
 import java.io.IOException;
 import java.text.MessageFormat;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * Builder for the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index ec1de6155..37f24ea72 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -138,7 +138,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				moasession.setIdentityLink(identitylink);
 
 				// set QAA Level four in case of card authentifcation
-				moasession.setQAALevel(PVPConstants.STORK_QAA_1_4);
+				moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
 
 				authServer.getForeignAuthenticationData(moasession);
 				
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index b170d9e89..ab53671f2 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -44,7 +45,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 44c3992d0..96be0279a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -57,6 +57,7 @@ import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -71,7 +72,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 7bb07df74..b3327a3d5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -63,13 +63,13 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 9ce987956..90810a7f4 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
@@ -94,7 +94,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		moaSession.setForeigner(false);
 		
 		moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
-		moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
 			
 		try {
 			String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir());				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 74cf665ca..bad1f4e41 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -31,7 +31,7 @@ import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.signature.SignatureConstants;
 
-import at.gv.egovernment.moa.id.data.Trible;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index d743b57e3..5e4745f7c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -35,12 +35,12 @@ import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.samlengineconfig.BinaryParameter;
 import eu.eidas.samlengineconfig.EngineInstance;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
index 384d6be0b..f7a6ff495 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -34,10 +34,10 @@ import java.util.List;
 import java.util.Map.Entry;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import eu.eidas.samlengineconfig.ConfigurationParameter;
 import eu.eidas.samlengineconfig.InstanceConfiguration;
 import eu.eidas.samlengineconfig.StringParameter;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 94cd04ca7..aca818532 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.net.MalformedURLException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -11,6 +12,9 @@ import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -22,45 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.engine.AbstractProtocolEngine;
 
 @Service("eIDASMetadataProvider")
-public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, 
-	IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{
+public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, 
+	IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{
 
-	private Timer timer = null;
+	@Autowired(required=true) IConfiguration basicConfig;
+	
+	private Timer timer = null; 
 	
 	private MetadataProvider internalProvider;
 	private Map<String, Date> lastAccess = null;
 	
-	
-//	public static MOAeIDASChainingMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAeIDASChainingMetadataProvider();
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	
 	public MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
 		lastAccess = new HashMap<String, Date>();
@@ -83,18 +81,25 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 	}
 	
 	protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
-		Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
-		if (!metadataToLoad.isEmpty()) {
-			Logger.info("Load static configurated eIDAS metadata ... ");			
-			for (String metaatalocation : metadataToLoad.values()) {
-				String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir());				
-				Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
-				refreshMetadataProvider(absMetadataLocation);
+		try {
+			Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+			if (!metadataToLoad.isEmpty()) {
+				Logger.info("Load static configurated eIDAS metadata ... ");			
+				for (String metaatalocation : metadataToLoad.values()) {
+					String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory());				
+					Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
+					refreshMetadataProvider(absMetadataLocation);
 				
+				}
+			
+				Logger.info("Load static configurated eIDAS metadata finished ");
 			}
 			
-			Logger.info("Load static configurated eIDAS metadata finished ");
-		}		
+		} catch (MalformedURLException e) {
+			Logger.warn("MOA-ID configuration error." , e);
+			throw new ConfigurationException("MOA-ID configuration error.", null, e);
+			
+		}
 	}
 	
 	
@@ -238,9 +243,10 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 		filter.addFilter(new MOASPMetadataSignatureFilter(
 				authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
 		
-		return createNewMoaMetadataProvider(metadataURL, filter, 
+		return createNewSimpleMetadataProvider(metadataURL, filter, 
 					"eIDAS metadata-provider", 
-					timer, AbstractProtocolEngine.getSecuredParserPool());
+					timer, AbstractProtocolEngine.getSecuredParserPool(),
+					createHttpClient(metadataURL));
 			
 	}
 
@@ -421,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 			if (observer != null)
 				observer.onEvent(this);
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				if (basicConfig instanceof AuthConfiguration) {
+					AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
+					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							moaAuthConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							moaAuthConfig.isTrustmanagerrevoationchecking(),
+							moaAuthConfig.getRevocationMethodOrder(),
+							moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+					
+				}
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index 9adc221e5..3851ead2d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.MetadataFetcherI;
 import eu.eidas.auth.engine.metadata.MetadataSignerI;
@@ -65,8 +65,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI {
 	 * @return true if refresh was successful, otherwise false
 	 */
 	public boolean refreshMetadata(String entityId) {
-		if (this.metadataprovider instanceof IMOARefreshableMetadataProvider )
-			return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
+		if (this.metadataprovider instanceof IRefreshableMetadataProvider )
+			return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
 		else
 			return false;
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index a87d971d8..0e8bf2a5a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -47,10 +47,11 @@ import com.google.common.net.MediaType;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -61,7 +62,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8e840e2c1..6d20caa4b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -32,6 +32,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder;
 import org.opensaml.xml.ConfigurationException;
 import org.opensaml.xml.XMLConfigurator;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProvid
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.AttributeRegistries;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 8add8e206..1b1b15567 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -35,10 +35,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
index 30e1e4505..3075ab9cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
@@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index ce5f4dc6b..42ca6e507 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -47,10 +47,10 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
@@ -87,7 +87,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE";
 	
     public static final String NAME = EIDASProtocol.class.getName();
-    public static final String PATH = "eidas";	
+    public static final String PATH = "id_eidas";	
 
     @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
     
@@ -105,9 +105,10 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
         return NAME;
     }
 
-    public String getPath() {
-        return PATH;
-    }
+	@Override
+	public String getAuthProtocolIdentifier() {
+		return PATH;
+	}
 
 	//eIDAS metadata end-point
 	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index bbd132a3b..bfdb46a11 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -32,6 +32,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -39,9 +41,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.ContactData;
@@ -59,6 +59,7 @@ public class EidasMetaDataRequest implements IAction {
      
 	@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
 	@Autowired(required=true) AuthConfiguration authConfig;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpConfiguration;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
@@ -150,10 +151,10 @@ public class EidasMetaDataRequest implements IAction {
         //add organisation information from PVP metadata information        
         Organization pvpOrganisation = null;
 		try {
-			pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation();			
+			pvpOrganisation = pvpConfiguration.getIDPOrganisation();			
 			eu.eidas.auth.engine.metadata.ContactData.Builder technicalContact = ContactData.builder();
 			
-			List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
+			List<ContactPerson> contacts = pvpConfiguration.getIDPContacts();
 			if (contacts != null && contacts.size() >= 1) {
 				ContactPerson contact = contacts.get(0);
 				technicalContact.givenName(contact.getGivenName().getName());
@@ -187,7 +188,7 @@ public class EidasMetaDataRequest implements IAction {
 			metadataConfigBuilder.supportContact(ContactData.builder(technicalContact.build()).build());
 			
 									
-		} catch (ConfigurationException | NullPointerException e) {
+		} catch (NullPointerException | EAAFException e) {
 			Logger.warn("Can not load Organisation or Contact from Configuration", e);
 			
 		}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
index 14b1d06b6..5a8fcb846 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
@@ -28,9 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index 6c3bfc569..1176ba251 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -28,10 +28,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 82d0facd4..f6a67db9d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -41,15 +41,15 @@ import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
index 24d24db2c..5dcd9499e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
@@ -23,12 +23,12 @@
 package at.gv.egovernment.moa.id.protocols.eidas.validator;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index 7ca4590bb..72c95d9c7 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -26,7 +26,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
index 5743590f9..482d8ef85 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -33,14 +33,14 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -51,11 +51,12 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	
 	private String authURL;
 	private ELGAMandatesCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
 	
-	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) {
+	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider, IPVP2BasicConfiguration pvpConfiguration) {
 		this.authURL = authURL;
 		this.credentialProvider = credentialProvider;
-				
+		this.pvpConfiguration = pvpConfiguration;
 	}
 	
 	
@@ -118,9 +119,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpConfiguration.getIDPContacts();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
 			return null;
 			
@@ -134,9 +135,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpConfiguration.getIDPOrganisation();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
 			return null;
 			
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index b67d263fc..6954b9feb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -38,9 +38,9 @@ import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index aaed6655b..d52cd750a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,6 +55,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 	@Autowired PVPMetadataBuilder metadatabuilder;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired ELGAMandatesCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
 	
 	public ELGAMandateMetadataController() {
 		super();
@@ -76,7 +78,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 			} else {
 				//initialize metadata builder configuration
 				IPVPMetadataBuilderConfiguration metadataConfig = 
-						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider);
+						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
 				
 				//build metadata
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 12f2bde60..ce5f654da 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -41,26 +41,26 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -70,7 +70,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 @Component("ReceiveElgaMandateResponseTask")
 public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
-
+  
 	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired ELGAMandatesCredentialProvider credentialProvider;
 	@Autowired ELGAMandateServiceMetadataProvider metadataProvider;
@@ -85,17 +85,17 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 		
 		try {						
 			IDecoder decoder = null;
-			MOAURICompare comperator = null;
+			EAAFURICompare comperator = null;
 			//select Response Binding
 			if (request.getMethod().equalsIgnoreCase("POST")) {
 				decoder = new PostBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() 
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() 
 						+ ELGAMandatesAuthConstants.ENDPOINT_POST);
 				Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding.");
 				
 			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
 				decoder = new RedirectBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL()
+				comperator = new EAAFURICompare(pendingReq.getAuthURL()
 						+ ELGAMandatesAuthConstants.ENDPOINT_REDIRECT);
 				Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding.");
 				
@@ -131,7 +131,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			
 			
 			//validate assertion
-			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);			
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);			
 			
 			//write ELGA mandate information into MOASession
 			AssertionAttributeExtractor extractor = 
@@ -217,7 +217,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getErrorId());
 			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
 		
 		} catch (Exception e) {
@@ -239,13 +239,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 	 * @throws AssertionValidationExeption 
 	 * @throws AuthnResponseValidationException 
 	 */
-	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
 		Logger.debug("Start PVP-2.1 assertion processing... ");
 		Response samlResp = (Response) msg.getResponse();
 
 		//validate 'inResponseTo' attribute
 		String authnReqID = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class);
+				MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class);
 		String inResponseTo = samlResp.getInResponseTo();
 		
 		if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || 
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 70dc87df9..0b0c74777 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -37,8 +37,10 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -47,12 +49,10 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -193,7 +193,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
 			pendingReq.setGenericDataToSession(
-					PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID,
+					MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
 			//set SubjectConformationDate
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 07f618c10..e8cfae10a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -22,11 +22,15 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 
+import java.net.MalformedURLException;
 import java.util.List;
 import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -37,14 +41,19 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -54,9 +63,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 
 @Service("ELGAMandate_MetadataProvider")
-public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
+public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
 	implements IDestroyableObject {
-	
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+		
 	private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
 	private Timer timer = null;
 	
@@ -253,11 +263,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			filter.addFilter(new SchemaValidationFilter(true));
 			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
 		
-			MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL, 
+			MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, 
 					filter, 
 					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,					
 					timer,
-					new BasicParserPool());
+					new BasicParserPool(),
+					createHttpClient(metdataURL));
 			
 			if (idpMetadataProvider == null) {
 				Logger.error("Create ELGA Mandate-Service Client FAILED.");
@@ -300,4 +311,35 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			timer.cancel();
 		
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 }
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
index c8fe55e51..dd4e5d340 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index 9060f35c5..76e7f0901 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20;
 
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.util.FileUtils;
 
 public class OAuth20Configuration {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index d97c8f7cf..190ef9e9d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -35,17 +35,18 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
@@ -62,7 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
 public final class OAuth20AttributeBuilder {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
index cd7b8312d..17ed6b40d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
@@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey;
 import org.apache.commons.lang.StringUtils;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 public final class OAuth20SignatureUtil {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 5d461afc8..b00675e7c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -40,11 +40,11 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index e04d719d9..98f6f2d5c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -51,8 +51,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	public String getName() { 
 		return NAME;
 	}
-	
-	public String getPath() {
+
+	@Override
+	public String getAuthProtocolIdentifier() {
 		return PATH;
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
index 35bbac6e7..824d64171 100644
--- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
@@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
 import net.oauth.jsontoken.crypto.Signer;
 import net.oauth.jsontoken.crypto.Verifier;
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 2766eab05..92a08e411 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -22,6 +22,8 @@ import com.google.gson.JsonElement;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -32,8 +34,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.X509Utils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 @Service
 public class JsonSecurityUtils implements IJOSETools{
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 9f910d598..04ac1fd57 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -75,8 +75,10 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -94,12 +96,10 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import net.glxn.qrgen.QRCode;
 import net.glxn.qrgen.image.ImageType;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index f1075f060..c7e42c8ab 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -49,6 +49,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
@@ -59,7 +60,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 189fcd2f6..4a5511df4 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -99,7 +99,18 @@ import com.google.gson.JsonObject;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
@@ -116,17 +127,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -141,6 +143,9 @@ import iaik.x509.X509Certificate;
 @Service("SSOContainerUtils")
 public class SSOContainerUtils {
 	
+	@Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration;
+	@Autowired(required=true) private PVP2AssertionBuilder assertionBuilder;
+	
 	private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + 
 			"1.2.40.0.10.2.1.1.261.xx.xx";
 	
@@ -272,7 +277,7 @@ public class SSOContainerUtils {
 		
 	}
 	
-	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException  {	
+	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption  {	
 		final BasicParserPool ppMgr = new BasicParserPool();
 		final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
 		features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
@@ -296,7 +301,7 @@ public class SSOContainerUtils {
 			} catch (ValidationException e) {
 				Logger.error("Failed to validate Signature", e);
 				throw new SAMLRequestNotSignedException(e);
-			}
+			} 
 			
 			Credential credential = credentials.getIDPAssertionSigningCredential();
 			if (credential == null) {
@@ -340,7 +345,7 @@ public class SSOContainerUtils {
 	public String generateSignedAndEncryptedSSOContainer(String authURL,
 			IAuthenticationSession authSession, Date date, byte[] hashedSecret) {		
 		try {
-			String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+			String entityID = pvpConfiguration.getIDPEntityId(authURL);
 			AuthnContextClassRef authnContextClassRef = SAML2Utils
 					.createSAMLObject(AuthnContextClassRef.class);
 			authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());			
@@ -369,7 +374,7 @@ public class SSOContainerUtils {
 
 			IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
 			
-			Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion(
+			Assertion assertion = assertionBuilder.buildGenericAssertion(
 					entityID,
 					entityID, 
 					new DateTime(date.getTime()), 
@@ -405,7 +410,7 @@ public class SSOContainerUtils {
 						
 			return container.toString();
 												
-		} catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) {
+		} catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) {
 			Logger.warn("SSO container generation FAILED.", e);
 		}
 		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
index 8ca087e1d..a2441bc1f 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
@@ -39,7 +39,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.math.ec.ECPoint;
 import org.bouncycastle.util.BigIntegers;
 
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.util.Base64Utils;
 import iaik.security.random.SeedGenerator;
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 1fff56f8d..a1b8631dc 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
@@ -35,16 +34,15 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -58,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	
 	private String authURL;
 	private FederatedAuthCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
 	
-	public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) {
+	public FederatedAuthMetadataConfiguration(String authURL, 
+			FederatedAuthCredentialProvider credentialProvider,
+			IPVP2BasicConfiguration pvpConfiguration) {
 		this.authURL = authURL;
 		this.credentialProvider = credentialProvider;
-				
+		this.pvpConfiguration = pvpConfiguration;
 	}
 	
 	
@@ -125,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpConfiguration.getIDPContacts();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
 			return null;
 			
@@ -141,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpConfiguration.getIDPOrganisation();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
 			return null;
 			
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 000590923..6cbe558e7 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -28,8 +28,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index 399845643..6a733adb8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 	@Autowired PVPMetadataBuilder metadatabuilder;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired FederatedAuthCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
 	
 	public FederatedAuthMetadataController() {
 		super();
@@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 			} else {
 				//initialize metadata builder configuration
 				IPVPMetadataBuilderConfiguration metadataConfig = 
-						new FederatedAuthMetadataConfiguration(authURL, credentialProvider);
+						new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
 				
 				//build metadata
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 717099a8d..20fd5ebc4 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,9 +35,12 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
@@ -46,10 +49,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -63,6 +63,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
 	@Autowired FederatedAuthCredentialProvider credential;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
+	@Autowired(required=true) ILoALevelMapper loaMapper; 
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			//build and transmit AuthnRequest
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
 			
-		} catch (MOAIDException | MetadataProviderException e) {
+		} catch (MetadataProviderException e) {
 			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e);
 
 		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
@@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 					pendingReq.getClass().isInstance(storkRequst)) {
 				
 				try {									
-					secClass = LoALevelMapper.getInstance().mapToSecClass(
+					secClass = loaMapper.mapToSecClass(
 							PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
 				
 				} catch (Exception e) {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index c20342a11..bb7f735aa 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -48,6 +48,18 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -60,22 +72,9 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -106,17 +105,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		
 		try {
 			
-			IDecoder decoder = null;
-			MOAURICompare comperator = null;
+			IDecoder decoder = null; 
+			EAAFURICompare comperator = null;
 			//select Response Binding
 			if (request.getMethod().equalsIgnoreCase("POST")) {
 				decoder = new PostBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
 				Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding.");
 				
 			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
 				decoder = new RedirectBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
 				Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding.");
 				
 			} else {
@@ -148,7 +147,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
 			
 			//validate assertion
-			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//load IDP and SP configuration
 			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
@@ -171,11 +170,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			if (spConfig.isInderfederationIDP()) {
 				//SP is a federated IDP  --> answer only with nameID and wait for attribute-Query
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
 
 				authenticatedSessionStorage.
 					addFederatedSessionInformation(pendingReq, 
@@ -369,7 +368,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	 * @throws AssertionValidationExeption 
 	 * @throws AuthnResponseValidationException 
 	 */
-	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
 		Logger.debug("Start PVP21 assertion processing... ");
 		Response samlResp = (Response) msg.getResponse();
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index 9ef02935b..38568cdd8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 3452da003..92bcce24b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,11 +32,11 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction {
 					new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule());
 			
 			return sloInformation;
-			
+			 
 		} catch (Exception ex) {
 			Logger.error("SAML1 Assertion build error", ex);
 			throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 85e2107c6..73d99d93b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -72,12 +72,12 @@ import org.xml.sax.SAXException;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
@@ -338,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 			is = Thread.currentThread()
 					.getContextClassLoader()
 					.getResourceAsStream(templateURL);	
-		
+		 
 			VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();		
 			BufferedReader reader = new BufferedReader(new InputStreamReader(is ));				
 			StringWriter writer = new StringWriter();						
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
index c53d1c98d..51d722dc4 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -52,6 +52,7 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 
@@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends MOAAuthenticationData {
   private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
   
 
-  public SAML1AuthenticationData() {	  	
+  public SAML1AuthenticationData(LoALevelMapper loaMapper) {
+	  	super(loaMapper);
 		this.setMajorVersion(1);
 		this.setMinorVersion(0);
 		this.setAssertionID(Random.nextRandom());	  
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1be3e3daa..73afec4e0 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
@@ -66,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -490,7 +490,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						&& Constants.URN_PREFIX_BASEID
 								.equals(identificationType)) {
 					// now we calculate the wbPK and do so if we got it from the
-					// BKU
+					// BKU 
 					
 					//load IdentityLinkDomainType from OAParam 					
 					Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 54b137ce1..aa3fce249 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -94,10 +94,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 		return NAME;
 	}
 
-	public String getPath() {
+	@Override
+	public String getAuthProtocolIdentifier() {
 		return PATH;
+		
 	}
-
 	
 	@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
 	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {		
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index 60d64a3ac..9ba1c4dd3 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -31,10 +31,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 
 public class TestManager{
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-20 15:11:13 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-20 15:11:13 +0200
commit	139926faa31ae3ed34dc0083fee503d439112281 (patch)
tree	bf69a673df4a222653b47c0b8da88588065e2271 /id
parent	1f8f686bee862ae95e32fc79664d82dcc21f708f (diff)
download	moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.gz moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.bz2 moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.zip