MOA-ID Proxy updated to Version 2.0

insert "errorRedirectURL" parameter to proxy configuration
if an error occurs, the user is redirected to this error page

15 files changed, 196 insertions, 74 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index b358a31c9..edde15ea0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -4,7 +4,7 @@ import java.util.Properties;
 
 import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
 
-public abstract class ConnectionParameter {
+public abstract class ConnectionParameter implements ConnectionParameterInterface{
 	
 	protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore"; 
 	protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword"; 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
index 56105e64d..4f4ddeb6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
@@ -29,7 +29,7 @@ public class AuthConfigLoader implements Runnable {
 					instance.reloadDataBaseConfig();
 					date = dbdate;
 				}
-			} catch (Exception e) {
+			} catch (Throwable e) {
 				Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e);
 			}
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
index 455fde9bf..c7299975e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
@@ -24,6 +24,8 @@
 
 package at.gv.egovernment.moa.id.config.legacy;
 
+import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
+
 /**
  * This bean class is used to store data for various connectionParameter 
  * within the MOA-ID configuration 
@@ -31,7 +33,7 @@ package at.gv.egovernment.moa.id.config.legacy;
  * @author Stefan Knirsch
  * @version $Id$
  */
-public class ConnectionParameter {
+public class ConnectionParameter implements ConnectionParameterInterface{
 
   /**
    * Server URL
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
index d14d570ab..6f7434cbc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -76,6 +76,8 @@ public class OAProxyParameter extends OAParameter {
    */
   private OAConfiguration oaConfiguration;
   
+  private String errorRedirctURL;
+  
 
   /**
    * Returns the configFileURL.
@@ -205,4 +207,20 @@ public class OAProxyParameter extends OAParameter {
     this.oaConfiguration = oaConfiguration;
   }
 
+/**
+ * @return the errorRedirctURL
+ */
+public String getErrorRedirctURL() {
+	return errorRedirctURL;
+}
+
+/**
+ * @param errorRedirctURL the errorRedirctURL to set
+ */
+public void setErrorRedirctURL(String errorRedirctURL) {
+	this.errorRedirctURL = errorRedirctURL;
+}
+
+  
+  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
index 094e7162e..d495846b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
@@ -69,8 +69,10 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
   private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
   /** an XPATH-Expression */
   private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
-    /** an XPATH-Expression */ 
+     
   private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
+  /** an XPATH-Expression */
+  private static final String OA_PROXY_ERROR_REDIRECT_URL_XPATH = CONF + "ProxyComponent/@errorRedirectURL";
   /** an XPATH-Expression */ 
   protected static final String OACONF_LOGIN_TYPE_XPATH =
     ROOTOA + CONF + "LoginType";
@@ -201,7 +203,8 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
         oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
         oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_));
         oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
-            
+        oap.setErrorRedirctURL(XPathUtils.getAttributeValue(oAElem,OA_PROXY_ERROR_REDIRECT_URL_XPATH, null));    
+        
         ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
         oap.setConnectionParameter(conPara);
   
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 1c9c1caa8..ac9a3ed3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -173,6 +173,32 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
     }
   }
 
+  public String getTrustedCACertificates() {
+	    
+	    return trustedCACertificates;
+  }
+
+  /**
+   * @return the certstoreDirectory
+	 */
+	public String getCertstoreDirectory() {
+    	if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
+    			return (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY);
+    	else
+    		return null;
+	}
+
+	/**
+	 * @return the trustmanagerrevoationchecking
+	 */
+	public boolean isTrustmanagerrevoationchecking() {
+		if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
+			return Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING));
+		else
+			return true;
+	}
+  
+  
  /**
    * Return a bean containing all information about the ProxyComponent
    * @return The ConnectionParameter for the Proxy Component
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 4bbd221a5..e18981032 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -130,6 +130,15 @@ public class AuthenticationData implements Serializable {
    */
   Date timestamp;
 
+  
+  
+  	//this method is only required for MOA-ID Proxy 2.0 Release.
+  	//TODO: remove it, if MOA-ID Proxy is not supported anymore.
+  	public String getWBPK() {
+  		return bPK;
+	}
+  
+  
   /**
    * Constructor for AuthenticationData.
    */
@@ -176,15 +185,7 @@ public class AuthenticationData implements Serializable {
   public String getBPK() {
     return bPK;
   }
-  
-//  /**
-//   * Returns the wbPK.
-//   * @return String the wbPK.
-//   */
-//  public String getWBPK() {
-//    return wbPK;
-//  }
-  
+    
   /**
    * Returns useUTC
    * @return useUTC
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
index bb6b0a476..be8768845 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
@@ -69,7 +69,7 @@ public class LoginParameterResolverFactory {
       if (className != null) {
         try {
 					Class lprClass = Class.forName(className);
-          LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
+					LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
 		  
 					Class[] argumentTypes = { String.class, Boolean.class };
 					Method confMethod = lprClass.getMethod( "configure", argumentTypes ); 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
index e075c99ef..df19956e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
@@ -91,10 +91,8 @@ public class MOAIDProxyInitializer {
     ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
     if (connParamAuth!=null) {
 	    if (connParamAuth.isHTTPSURL()) {
-	    	
-	    	//TODO: einkommentieren!!!!
-	      //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
-	      //AxisSecureSocketFactory.initialize(ssf);
+	      SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
+	      AxisSecureSocketFactory.initialize(ssf);
 	    }
     } else {
     	throw new ConfigurationException("config.16", null);
@@ -107,9 +105,7 @@ public class MOAIDProxyInitializer {
       OAProxyParameter oaParam = oaParams[i];
       ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
       if (oaConnParam.isHTTPSURL());
-    	  
-    	//TODO: einkommentieren!!!!
-        //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+        SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
     }
     
     // Initializes the ConnectionBuilderFactory from configuration data
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index 6cb7ffdfc..e87d9d1c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -38,6 +38,7 @@ import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.ServiceException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -49,6 +50,7 @@ import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
 import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
 import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
 import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * Invoker of 
@@ -81,49 +83,63 @@ public class GetAuthenticationDataInvoker {
    * either via API call or via web service call. 
    * @param samlArtifact SAML artifact to be used as a parameter
    * @return AuthenticationData
+ * @throws MOAIDException 
    */
   public AuthenticationData getAuthenticationData(String samlArtifact) 
-    throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
+    throws MOAIDException {
     
     ConnectionParameter authConnParam = 
       ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
-    if (authConnParam == null) {
-      try {
-        if (apiServer == null) {
-          Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
-          Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
-          apiServer = getInstanceMethod.invoke(null, (Object[]) null);
-          apiMethod = serverClass.getMethod(
-            "getAuthenticationData", new Class[] {String.class});
-        }
-        AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
-        return authData;
-      }
-      catch (InvocationTargetException ex) {
-        Throwable targetEx = ex.getTargetException();
-        if (targetEx instanceof AuthenticationException)
-          throw (AuthenticationException) targetEx;
-        else
-          throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
-      } 
-      catch (Throwable ex) {
-        throw new ProxyException("proxy.09", new Object[] {ex.toString()});
-      } 
-    }
-    else {
+    
+    //Removed for MOA-ID 2.x
+//    if (authConnParam == null) {
+//      try {
+//        if (apiServer == null) {
+//          Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
+//          Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
+//          apiServer = getInstanceMethod.invoke(null, (Object[]) null);
+//          apiMethod = serverClass.getMethod(
+//            "getAuthenticationData", new Class[] {String.class});
+//        }
+//        AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
+//        return authData;
+//      }
+//      catch (InvocationTargetException ex) {
+//        Throwable targetEx = ex.getTargetException();
+//        if (targetEx instanceof AuthenticationException)
+//          throw (AuthenticationException) targetEx;
+//        else
+//          throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
+//      } 
+//      catch (Throwable ex) {
+//        throw new ProxyException("proxy.09", new Object[] {ex.toString()});
+//      } 
+//    }
+//    else {
       Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact);
       Element samlpResponse = getAuthenticationData(samlpRequest);
       SAMLResponseParser srp = new SAMLResponseParser(samlpResponse);
       SAMLStatus status = srp.parseStatusCode();
       if (! "samlp:Success".equals(status.getStatusCode())) {
-        // on error status throw exception
-        String code = status.getStatusCode();
-        if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
-          code += "(" + status.getSubStatusCode() + ")";
-        throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
+    	  if ("samlp:Responder".equals(status.getStatusCode())) {
+    		  Logger.info("MOA-ID authentication process failed.");
+    		  String code = status.getStatusCode();
+    		  if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
+    			  code += "(" + status.getSubStatusCode() + ")";
+        
+    		  throw new MOAIDException("proxy.17", new Object[] {status.getStatusMessage()});
+    		  
+    	  } else {
+    		  // on error status throw exception
+    		  String code = status.getStatusCode();
+    		  if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
+    			  code += "(" + status.getSubStatusCode() + ")";
+        
+    		  throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
+    	  }
       }
       return srp.parseAuthenticationData();
-    }
+//    }
   }
 
   /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index 1589f1440..0f3f4b692 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -144,11 +144,10 @@ public class AuthenticationDataAssertionParser implements Constants {
         XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
       String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
       
-      
-      //TODO: set pBK and Type
       if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
     	//bPK  
-        authData.setBPK(Constants.URN_PREFIX_BPK);
+    	authData.setBPK(pkValue);
+        authData.setBPKType(Constants.URN_PREFIX_BPK);
         
       } else {
     	//wbPK
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index ddaab7a28..f3f6c55c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -30,6 +30,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -54,6 +55,7 @@ import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
@@ -72,6 +74,8 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
 
 /**
  * Servlet requested for logging in at an online application,
@@ -88,6 +92,8 @@ public class ProxyServlet extends HttpServlet {
   private static final String PARAM_TARGET = "Target";
   /** Name of the Parameter for the SAMLArtifact */  
   private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+  /** Name of the Parameter for the ErrorMessage */  
+  private static final String PARAM_ERRORMASSAGE = "error";
 
   /** Name of the Attribute for marking the session as authenticated*/  
   private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
@@ -191,6 +197,13 @@ public class ProxyServlet extends HttpServlet {
     
     if (session.getAttribute(ATT_BROWSERREQU)==null) {
 	 
+	    // read configuration data
+	    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+	    OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
+	    if (oaParam == null) {
+	      throw new ProxyException("proxy.02", new Object[] { urlRequested });
+	    }	
+    
 	    samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
 	    Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
 	    // String target = req.getParameter(PARAM_TARGET); parameter given but not processed
@@ -200,19 +213,26 @@ public class ProxyServlet extends HttpServlet {
 		AuthenticationData authData;
 	    try {
 	    	authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
+	    	
 	    } catch (ServiceException ex) {
-	      throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+	        throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+	        
 	    } catch (ProxyException ex) {
 				throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
-	    }
+				
+	    } catch (MOAIDException ex) {
+	    	String errorURL = oaParam.getErrorRedirctURL(); 
+	    	if (MiscUtil.isNotEmpty(errorURL)) {
+	    		generateErrorAndRedirct(resp, errorURL, ex.getMessage());
+				return;
+	    		
+	    	} else {
+	    		Logger.info("No ErrorRedirectURL defined. The error is shown on MOA-ID Proxy errorpage.");
+	    		throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+	    	}
+		}
 	    session.setAttribute(ATT_AUTHDATAFETCHED, "true");
-	    
-	    // read configuration data
-	    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
-	    OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
-	    if (oaParam == null) {
-	      throw new ProxyException("proxy.02", new Object[] { urlRequested });
-	    }
+	   
 	    publicURLPrefix = oaParam.getPublicURLPrefix();
 	    Logger.debug("OA: " + publicURLPrefix);
 	    oaConf = oaParam.getOaConfiguration();
@@ -257,17 +277,32 @@ public class ProxyServlet extends HttpServlet {
 	    	loginHeaders.remove("param3");
 	      } 
 	    } catch (LoginParameterResolverException ex) {
-	      throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+	    	String errorURL = oaParam.getErrorRedirctURL(); 
+	    	if (MiscUtil.isNotEmpty(errorURL)) {
+	    		generateErrorAndRedirct(resp, errorURL, 
+	    				MOAIDMessageProvider.getInstance().getMessage("proxy.13", 
+	    						new Object[] { publicURLPrefix }));
+				return;
+	    		
+	    	} else
+	    		throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+	      
 	    } catch (NotAllowedException e) {
-	      throw new ProxyException("proxy.15", new Object[] { });
+	    	String errorURL = oaParam.getErrorRedirctURL(); 
+	    	if (MiscUtil.isNotEmpty(errorURL)) {
+	    		generateErrorAndRedirct(resp, errorURL, 
+	    				MOAIDMessageProvider.getInstance().getMessage("proxy.15", 
+	    						 new Object[] { }));
+				return;
+	    		
+	    	} else
+	    		throw new ProxyException("proxy.15", new Object[] { });
 	    }
 	
 	    // setup SSLSocketFactory for communication with the online application
 	    if (oaConnParam.isHTTPSURL()) {
-	      try {
-	    	  
-	    	//TODO: einkommentieren!!!!  
-	        //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+	      try {  
+	        ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
 	      } catch (Throwable ex) {
 	        throw new ProxyException(
 	          "proxy.05",
@@ -923,5 +958,28 @@ private static void copyStream(InputStream source, OutputStream destination, byt
   }    
 }
 
+private static void generateErrorAndRedirct(HttpServletResponse resp, String errorURL, String message) {
+	try {
+		errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE,
+				URLEncoder.encode(message, "UTF-8"));
+		
+	} catch (UnsupportedEncodingException e) {
+		errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE, "Fehlermeldung%20konnte%20nicht%20%C3%BCbertragen%20werden.");
+	}
+	
+	errorURL = resp.encodeRedirectURL(errorURL);
+	resp.setContentType("text/html");
+	resp.setStatus(302);
+	resp.addHeader("Location", errorURL);
+}
+
+protected static String addURLParameter(String url, String paramname,
+		String paramvalue) {
+	String param = paramname + "=" + paramvalue;
+	if (url.indexOf("?") < 0)
+		return url + "?" + param;
+	else
+		return url + "&" + param;
+}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index a6619fc11..0130046de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -55,6 +55,7 @@ import org.apache.regexp.RESyntaxException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
 import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
 import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
 import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
@@ -106,7 +107,7 @@ public class SSLUtils {
    */
   public static SSLSocketFactory getSSLSocketFactory(
     ConfigurationProvider conf,
-    ConnectionParameter connParam)
+    ConnectionParameterInterface connParam)
     throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
     
     Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 41c3cf6fe..9b945952d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -108,8 +108,9 @@ proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetret
 proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.

 proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr\uFFFDfix\: {0} 

 proxy.14=<p> Folgende Ursachen k\u00F6nnen zu dem Fehler gef\u00FChrt haben\:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr\u00FCnden bei l\u00E4ngerer Inaktivit\u00E4t beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>

-proxy.15=Auf die gew\u00FCnschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben?tigte Berechtigung. 

+proxy.15=Auf die gew\u00FCnschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben&ouml;tigte Berechtigung. 

 proxy.16=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. Die maximale Anzahl von {1} ung&uuml;ltigen Loginversuchen wurde &uuml;berschritten.<br>Pr&uuml;fen Sie bitte ihre Berechtigung.

+proxy.17=Bei der Anmeldung an MOA-ID ist ein Fehler aufgetreten: {0}

  

 validator.00=Kein SAML:Assertion Objekt gefunden {0}

 validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}

diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index ca91c6139..3cf7a3316 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -13,7 +13,7 @@
 	<groupId>MOA.id.server</groupId>

 	<artifactId>moa-id-proxy</artifactId>

 	<packaging>war</packaging>

-	<version>1.5.2</version>

+	<version>1.9.90-SNAPSHOT</version>

 	<name>MOA ID-Proxy WebService</name>

 	

 	<build>

@@ -63,6 +63,7 @@
 		<dependency>

 			<groupId>MOA.id.server</groupId>

 			<artifactId>moa-id-lib</artifactId>

+			<version>1.9.90-SNAPSHOT</version>

 			<!--version>${project.version}</version-->

 		</dependency>

 		<!-- transitive dependencies we don't want to include into the war -->