2 files changed, 7 insertions, 6 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index caeff905b..3457051c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1044,7 +1044,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       } else {
         authData.setBPK(identityLink.getIdentificationValue());
         if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-          // only compute bPK if online applcation is a public service and we have the Stammzahl
+          // only compute bPK if online application is a public service and we have the Stammzahl
           String bpkBase64 = new BPKBuilder().buildBPK(
               identityLink.getIdentificationValue(),
               session.getTarget());
@@ -1202,15 +1202,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     synchronized (authenticationDataStore) {
       Set keys = new HashSet(authenticationDataStore.keySet());
       for (Iterator iter = keys.iterator(); iter.hasNext();) {
-        String samlArtifact = (String) iter.next();
-        AuthenticationData authData =
-          (AuthenticationData) authenticationDataStore.get(samlArtifact);
+        String samlAssertionHandle = (String) iter.next();
+        AuthenticationData authData = (AuthenticationData) authenticationDataStore.get(samlAssertionHandle);
         if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
           Logger.info(
             MOAIDMessageProvider.getInstance().getMessage(
               "cleaner.03",
-              new Object[] { samlArtifact }));
-          authenticationDataStore.remove(samlArtifact);
+              new Object[] { authData.getAssertionID() }));
+          authenticationDataStore.remove(samlAssertionHandle);
         }
       }
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 7964e2fb6..dadfc16d6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -158,6 +158,8 @@ public class MOAIDAuthInitializer {
                             .setSecondsAuthDataTimeOut(authDataTimeOut);
         }
 
+        // Starts the session cleaner thread to remove unpicked authentication data
+        AuthenticationSessionCleaner.start();
     }
 
 }
\ No newline at end of file