36 files changed, 1063 insertions, 45 deletions

diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 0bda107be..e7faf2df6 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -46,6 +46,18 @@
 	</dependency>

     

     <dependency>

+    	<groupId>at.gv.egiz.components</groupId>

+    	<artifactId>eventlog-api</artifactId>

+    	<version>0.4</version>

+    </dependency>

+    

+    <dependency>

+    	<groupId>at.gv.egiz.components</groupId>

+    	<artifactId>eventlog-slf4j</artifactId>

+    	<version>0.4</version>

+    </dependency>

+    

+    <dependency>

     		<groupId>MOA.id.server</groupId>

     		<artifactId>moa-id-commons</artifactId>

     </dependency>

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
new file mode 100644
index 000000000..aae4dd8c4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.advancedlogging;
+
+import at.gv.egiz.components.eventlog.api.EventConstants;
+
+/**
+ * @author tlenz
+ *
+ *Defines Constants for Event Logging
+ *
+ *Event codes from 3000 to 9999 can be defined here
+ *
+ */
+public interface MOAIDEventConstants extends EventConstants {
+
+	//move to EventConstants
+	public static final int TRANSACTION_ERROR = 1103;
+	public static final int SESSION_ERROR = 1003;
+	
+	
+	//auth protocol specific information
+	public static final int AUTHPROTOCOL_TYPE = 3000;
+	
+	public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
+	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
+	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102;
+	public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103;
+	public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104;
+	
+	public static final int AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST = 3200;
+	public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201;
+	
+			
+	//authentication process information
+	public static final int AUTHPROCESS_START = 4000;
+	public static final int AUTHPROCESS_FINISHED = 4001;
+	public static final int AUTHPROCESS_MANDATES_REQUESTED = 4002;
+	public static final int AUTHPROCESS_STORK_REQUESTED = 4003;
+	public static final int AUTHPROCESS_SSO = 4004;
+	public static final int AUTHPROCESS_SSO_INVALID = 4005;	
+	public static final int AUTHPROCESS_SSO_ASK_USER_START = 4006;
+	public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4007;	
+	public static final int AUTHPROCESS_INTERFEDERATION = 4008;
+	public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4009;
+	
+	public static final int AUTHPROCESS_BKUSELECTION_INIT = 4110;
+	public static final int AUTHPROCESS_BKUTYPE_SELECTED = 4111;
+	public static final int AUTHPROCESS_BKU_URL = 4112;
+	public static final int AUTHPROCESS_BKU_DATAURL_IP = 4113;
+	
+	public static final int AUTHPROCESS_IDL_VALIDATED = 4220;
+	public static final int AUTHPROCESS_CERTIFICATE_VALIDATED = 4221;
+	public static final int AUTHPROCESS_AUTHBLOCK_VALIDATED = 4222;
+	public static final int AUTHPROCESS_FOREIGN_FOUND = 4223;
+	public static final int AUTHPROCESS_FOREIGN_SZRGW_CONNECTED = 4224;
+	public static final int AUTHPROCESS_FOREIGN_SZRGW_RECEIVED = 4225;
+	
+	public static final int AUTHPROCESS_MANDATE_SERVICE_REQUESTED = 4330;
+	public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301;
+	public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302;
+	
+	public static final int AUTHPROCESS_PEPS_REQUESTED = 4400;
+	public static final int AUTHPROCESS_PEPS_RECEIVED = 4401;
+	
+	//person information
+	public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
+	public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001;
+	public static final int PERSONAL_INFORMATION_USERNAME_HASH = 5002;
+		
+	public static final int PERSONAL_INFORMATION_MANDATE_TYPE = 5100;
+	public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE = 5101;
+	public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH = 5102;
+	public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID = 5103;
+	
+	
+		
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java
new file mode 100644
index 000000000..6e09ea439
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.advancedlogging;
+
+import at.gv.egiz.components.eventlog.api.Event;
+import at.gv.egiz.components.eventlog.api.EventLogFactory;
+import at.gv.egiz.components.eventlog.api.EventLoggingException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDEventLog extends EventLogFactory {
+
+	public static void logEvent(Event event) {
+		try {
+			getEventLog().logEvent(event);
+			
+		} catch (EventLoggingException e) {
+			Logger.warn("Event logging FAILED!", e);
+			
+		}
+		
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
new file mode 100644
index 000000000..1228a95a4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -0,0 +1,252 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.advancedlogging;
+
+import java.security.MessageDigest;
+import java.util.Date;
+import java.util.List;
+
+import com.google.common.primitives.Ints;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egiz.components.eventlog.api.EventLoggingException;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAReversionLogger {
+
+	private static MOAReversionLogger instance = null; 
+	
+	private static final List<Integer> defaultEventCodes = Ints.asList(
+			MOAIDEventConstants.SESSION_CREATED, 
+			MOAIDEventConstants.SESSION_DESTROYED,
+			MOAIDEventConstants.SESSION_ERROR,
+			MOAIDEventConstants.SESSION_IP,
+			MOAIDEventConstants.TRANSACTION_CREATED,
+			MOAIDEventConstants.TRANSACTION_DESTROYED,
+			MOAIDEventConstants.TRANSACTION_ERROR,
+			MOAIDEventConstants.TRANSACTION_IP,
+			MOAIDEventConstants.AUTHPROTOCOL_TYPE,
+			MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
+			
+			MOAIDEventConstants.AUTHPROCESS_START,
+			MOAIDEventConstants.AUTHPROCESS_FINISHED,
+			MOAIDEventConstants.AUTHPROCESS_BKU_URL,
+			MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP,
+			MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED,
+			MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED,
+			MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED,
+			MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH
+						
+			);
+
+	public static synchronized MOAReversionLogger getInstance() {
+		if (instance == null) {
+			instance = new MOAReversionLogger();
+			MOAIDEventLog.reload();
+			
+		}			
+		
+		return instance;
+	}
+		
+
+	public void logEvent(IOAAuthParameters oaConfig, 
+			int eventCode, String message) {
+		List<Integer> OASpecificEventCodes = null;
+		if (oaConfig == null)
+			OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+		else
+			OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+		
+		if (OASpecificEventCodes.contains(eventCode))
+			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message));		
+	}
+	
+	public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, 
+			int eventCode) {		
+		List<Integer> OASpecificEventCodes = null;
+		if (oaConfig == null)
+			OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+		else
+			OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+		
+		if (OASpecificEventCodes.contains(eventCode))
+			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, 
+					pendingRequest.getSessionIdentifier(), 
+					pendingRequest.getRequestID()));
+									
+	}
+	
+	public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, 
+			int eventCode, String message) {		
+		List<Integer> OASpecificEventCodes = null;
+		if (oaConfig == null)
+			OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+		else
+			OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+		
+		if (OASpecificEventCodes.contains(eventCode))
+			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
+					message,
+					pendingRequest.getSessionIdentifier(), 
+					pendingRequest.getRequestID()
+					));
+									
+	}
+
+	/**
+	 * @param sessionCreated
+	 * @param uniqueSessionIdentifier
+	 */
+	public void logEvent(int eventCode, String message) {
+		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message));
+		
+	}
+	
+	/**
+	 * @param sessionCreated
+	 * @param uniqueSessionIdentifier
+	 */
+	public void logEvent(String sessionID, String transactionID, int eventCode, String message) {
+		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID));
+		
+	}
+
+	/**
+	 * @param errorRequest
+	 * @param transactionError
+	 */
+	public void logEvent(IRequest pendingRequest, int eventCode) {
+		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, 
+				pendingRequest.getSessionIdentifier(), 
+				pendingRequest.getRequestID()));
+		
+	}
+	
+	public void logEvent(IRequest pendingRequest, int eventCode, String message) {
+		logEvent(pendingRequest.getOnlineApplicationConfiguration(), 
+				pendingRequest, eventCode, message);
+		
+	}
+	
+	public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) {
+		if (MiscUtil.isNotEmpty(mandate.getOWbPK()))
+			logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK, 
+					mandate.getOWbPK());
+		
+		if (MiscUtil.isNotEmpty(mandate.getProfRep()))
+			logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE, 
+					mandate.getProfRep());
+		
+		Mandate jaxBMandate = mandate.getMandateJaxB();
+		if (jaxBMandate != null) {
+			logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, 
+					jaxBMandate.getAnnotation());
+			
+			if (jaxBMandate.getMandator().getCorporateBody() != null) {
+				logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, 
+						"jur");
+				try {
+					String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType() 
+							+ "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId();				
+					logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID, 
+								jurBaseID);
+					
+				} catch (Throwable e) {
+					Logger.warn("ReversionsLogger: mandator baseID logging FAILED.", e);
+					
+				}
+				
+			} else {
+				logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, 
+						"nat");
+				logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, 
+						buildPersonInformationHash(
+								jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0), 
+								jaxBMandate.getMandator().getPhysicalPerson().getName().getFamilyName().get(0).getValue(), 
+								jaxBMandate.getMandator().getPhysicalPerson().getDateOfBirth()));						
+			}
+		}
+	}
+
+	/**
+	 * @param pendingReq
+	 * @param identityLink
+	 */
+	public void logPersonalInformationEvent(IRequest pendingReq,
+			IdentityLink identityLink) {
+		logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH, 
+				buildPersonInformationHash(
+						identityLink.getGivenName(),
+						identityLink.getFamilyName(),
+						identityLink.getDateOfBirth()
+						));
+		
+	}
+	
+	private String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) {
+		
+		// {"hash":"hashvalue","salt":"testSalt"}
+		// {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"}
+		
+		String salt = "default";
+		String inputData = "{\"person\":{\"givenname\":\""
+				+ givenName 
+				+ "\",\"familyname\":\""
+				+ familyName
+				+ "\",\"dateofbirth\":\""
+				+ dateofBirth
+				+"\"},\"salt\":\""
+				+ salt
+				+"\"}";
+		
+        MessageDigest md;
+		try {
+			md = MessageDigest.getInstance("SHA-256");
+			byte[] hash = md.digest(inputData.getBytes("UTF-8"));
+			String hashBase64 = Base64Utils.encode(hash);
+			return "{\"hash\":\"" + hashBase64 + "\",\"salt\":\"" + salt + "\"}";
+			
+		} catch (Throwable e) {
+			Logger.warn("ReversionsLogger: mandator personalInformationHash logging FAILED.", e);
+			return null;
+			
+		}		
+						
+	}
+
+	public List<Integer> getDefaulttReversionsLoggingEventCodes() {
+		return defaultEventCodes;
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
new file mode 100644
index 000000000..7f6f2c6b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.advancedlogging;
+
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class TransactionIDUtils {
+
+	public static void setTransactionId(String pendingRequestID) {	  
+		org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, 
+				"TID-" + pendingRequestID);		
+		org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, 
+				"TID-" + pendingRequestID);
+				    
+	}
+		
+	public static void removeTransactionId() {
+		org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+		org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+		
+	}
+		
+	public static void setSessionId(String uniqueSessionId) {	  
+		org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, 
+				"TID-" + uniqueSessionId);		
+		org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, 
+				"TID-" + uniqueSessionId);
+				    
+	}
+		
+	public static void removeSessionId() {
+		org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
+		org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
+		
+	}
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 54484a854..d7694ac2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -30,6 +30,8 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
@@ -68,6 +70,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -260,8 +263,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 		String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH);
 		appletheigth = StringEscapeUtils.escapeHtml(appletheigth);
 		appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
-
-
+		
 		//TODO: cleanup before MOA-ID 2.1 release
 		try {
 			String htmlForm = new GetIdentityLinkFormBuilder().build(template,
@@ -301,7 +303,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 	 *         link results in an Exception being thrown.
 	 * @throws BKUException
 	 */
-	public String verifyIdentityLink(AuthenticationSession session,
+	public String verifyIdentityLink(IRequest pendingReq, AuthenticationSession session,
 			Map<String, String> infoboxReadResponseParameters) throws AuthenticationException,
 			BuildException, ParseException, ConfigurationException,
 			ValidateException, ServiceException, BKUException {
@@ -371,10 +373,13 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 
 		session.setIdentityLink(identityLink);
 		// now validate the extended infoboxes
-
+		
 		//Removed in MOA-ID 2.0
 		//verifyInfoboxes(session, infoboxReadResponseParameters, false);
 
+		MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+				pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
+		
 		return "found!";
 	}
 
@@ -447,6 +452,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 	 * containg the authentication block, meant to be returned to the security
 	 * layer implementation</li>
 	 * </ul>
+	 * @param pendingReq 
 	 *
 	 * @param sessionID                     ID of associated authentication session data
 	 * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
@@ -647,13 +653,14 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 	 * <li>Verifies signature by calling the MOA SP component</li>
 	 * <li>Returns the signer certificate</li>
 	 * </ul>
+	 * @param pendingReq 
 	 *
 	 * @param sessionID                     ID of associated authentication session data
 	 * @param readInfoboxResponseParameters The parameters from the response returned from the BKU
 	 *                                      including the <code>&lt;ReadInfoboxResponse&gt;</code>
 	 * @throws BKUException
 	 */
-	public X509Certificate getCertificate(String sessionID,
+	public X509Certificate getCertificate(IRequest pendingReq, String sessionID,
 			Map<String, String> readInfoboxResponseParameters) throws AuthenticationException,
 			BuildException, ParseException, ConfigurationException,
 			ValidateException, ServiceException, BKUException {
@@ -674,6 +681,9 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 				xmlReadInfoboxResponse);
 		X509Certificate cert = p.parseCertificate();
 
+		MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+				pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED);
+		
 		return cert;
 
 	}
@@ -1065,6 +1075,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 	 * <li>Deletes authentication session</li>
 	 * <li><strike>Returns the SAML artifact, encoded BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)</li>
 	 * </ul>
+	 * @param pendingReq 
 	 *
 	 * @param sessionID                         session ID of the running authentication session
 	 * @param xmlCreateXMLSignatureReadResponse String representation of the
@@ -1073,7 +1084,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 	 * BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)
 	 * @throws BKUException
 	 */
-	public String verifyAuthenticationBlock(AuthenticationSession session,
+	public String verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session,
 			String xmlCreateXMLSignatureReadResponse)
 					throws AuthenticationException, BuildException, ParseException,
 					ConfigurationException, ServiceException, ValidateException, BKUException {
@@ -1236,6 +1247,12 @@ public class AuthenticationServer extends MOAIDAuthConstants {
 		vsresp.setX509certificate(null);
 		session.setForeigner(false);
 
+		MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+				pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+		
+		MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink() 
+				);
+		
 		if (session.getUseMandate()) {
 			// mandate mode
 			return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 3d12bae61..b29e0d9f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -167,4 +167,6 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   
   public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
   
+  public static final String MDC_TRANSACTION_ID = "transactionId";
+  public static final String MDC_SESSION_ID = "sessionId";
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java
new file mode 100644
index 000000000..61b8f7bd3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.io.Serializable;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionExtensions implements Serializable{
+
+	private static final long serialVersionUID = 1L;
+	
+	private String uniqueSessionId = null;
+
+	/**
+	 * @return the uniqueSessionId
+	 */
+	public String getUniqueSessionId() {
+		return uniqueSessionId;
+	}
+
+	/**
+	 * @param uniqueSessionId the uniqueSessionId to set
+	 */
+	public void setUniqueSessionId(String uniqueSessionId) {
+		this.uniqueSessionId = uniqueSessionId;
+	}
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
index 8909564c3..1a311993e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
 import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
@@ -110,7 +111,7 @@ public class SignatureVerificationInvoker {
       AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
       authConnParam = authConfigProvider.getMoaSpConnectionParameter();
       //If the ConnectionParameter do NOT exist, we try to get the api to work....
-      if (authConnParam != null) {
+      if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
         Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
         endPoint = authConnParam.getUrl();
         call.setTargetEndpointAddress(endPoint);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index ee6f0d5a4..183467d87 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -8,8 +8,12 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 

 import org.apache.commons.lang.StringEscapeUtils;

+import org.apache.commons.lang3.BooleanUtils;

 import org.apache.commons.lang3.ObjectUtils;

 

+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;

+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;

 import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

@@ -19,6 +23,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;

 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;

 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;

+import at.gv.egovernment.moa.id.moduls.IRequest;

+import at.gv.egovernment.moa.id.moduls.RequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

 import at.gv.egovernment.moa.logging.Logger;

@@ -74,6 +80,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 			

 			try {			

 				moasession = AuthenticationSessionStoreage.getSession(moasessionid);

+

 				AuthenticationSessionStoreage.changeSessionID(moasession);

 				executionContext.remove(PARAM_SESSIONID);

 			

@@ -89,6 +96,15 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 			StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();

 			String getIdentityLinkForm = startauth.build(moasession, req, resp);

 

+			IRequest pendingReq = RequestStorage.getPendingRequest(

+					(String) executionContext.get("pendingRequestID"));

+			

+			if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate")))

+				MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+						pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);			

+			MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());

+			

 			if (!StringUtils.isEmpty(getIdentityLinkForm)) {

 				resp.setContentType("text/html;charset=UTF-8");

 				PrintWriter out = new PrintWriter(resp.getOutputStream());

@@ -114,6 +130,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 

 		finally {

 			ConfigurationDBUtils.closeSession();

+			TransactionIDUtils.removeTransactionId();

+			TransactionIDUtils.removeSessionId();

 		}

 	}

 

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 6bf68e2eb..8f1cd8cfe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -15,6 +15,8 @@ import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.lang.StringEscapeUtils;

 import org.w3c.dom.Element;

 

+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;

+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

@@ -29,7 +31,9 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;

 import at.gv.egovernment.moa.id.client.SZRGWClientException;

 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;

+import at.gv.egovernment.moa.id.moduls.IRequest;

 import at.gv.egovernment.moa.id.moduls.ModulUtils;

+import at.gv.egovernment.moa.id.moduls.RequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

@@ -99,6 +103,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);

 			session = AuthenticationServer.getSession(sessionID);

 

+			IRequest pendingReq = RequestStorage.getPendingRequest(

+					(String) executionContext.get("pendingRequestID"));			

+			MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());

+			

 			// change MOASessionID

 			sessionID = AuthenticationSessionStoreage.changeSessionID(session);

 

@@ -118,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });

 

 			}

-

+			

 			Element signature = csresp.getDsigSignature();

 

 			try {

@@ -128,6 +137,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				throw new MOAIDException("auth.14", null);

 			}

 

+			MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+					pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);

+			

 			// make SZR request to the identity link

 			CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);

 

@@ -159,6 +171,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 

 				// TODO[branch]: Final step back to /dispatcher

 

+				MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+						pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);

+				

 				try {

 					AuthenticationSessionStoreage.storeSession(session);

 				} catch (MOADatabaseException e) {

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index d30dfd562..67d42e442 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -14,6 +14,8 @@ import javax.xml.parsers.ParserConfigurationException;
 import org.apache.commons.lang.StringEscapeUtils;

 import org.xml.sax.SAXException;

 

+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;

+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

@@ -26,7 +28,9 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;

 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;

 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;

+import at.gv.egovernment.moa.id.moduls.IRequest;

 import at.gv.egovernment.moa.id.moduls.ModulUtils;

+import at.gv.egovernment.moa.id.moduls.RequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

@@ -85,6 +89,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			

 			session = AuthenticationServer.getSession(sessionID);

 

+			IRequest pendingReq = RequestStorage.getPendingRequest(

+					(String) executionContext.get("pendingRequestID"));			

+			

 			//change MOASessionID

 		    sessionID = AuthenticationSessionStoreage.changeSessionID(session);

 			

@@ -106,6 +113,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 				throw new AuthenticationException("auth.15", null);

 			}

 

+			MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+					pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED);

+

+			

 			// for now: list contains only one element

 			MISMandate mandate = (MISMandate) list.get(0);

 

@@ -131,6 +142,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			session.setAuthenticatedUsed(false);

 			session.setAuthenticated(true);

 			

+			//log mandate specific set of events

+			MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate);

+			

 	    	//set QAA Level four in case of card authentifcation

 	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);

 			

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index d9c4c3c4e..fd1400ed1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -17,6 +17,8 @@ import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.lang.StringEscapeUtils;

 import org.w3c.dom.Element;

 

+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;

+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

@@ -32,7 +34,9 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;

 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;

 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;

+import at.gv.egovernment.moa.id.moduls.IRequest;

 import at.gv.egovernment.moa.id.moduls.ModulUtils;

+import at.gv.egovernment.moa.id.moduls.RequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;

@@ -115,10 +119,15 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 

 				AuthenticationSession session = AuthenticationServer.getSession(sessionID);

 

+				IRequest pendingReq = RequestStorage.getPendingRequest(

+						(String) executionContext.get("pendingRequestID"));			

+				MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+						pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());

+								

 				//change MOASessionID

 			    sessionID = AuthenticationSessionStoreage.changeSessionID(session);

 				

-				String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);

+				String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse);

 				

 				if (authenticatedMOASessionId == null) { 

 					//mandate Mode

@@ -174,6 +183,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 				        	targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();

 				        }

 				        

+				        MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+								pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue);

+				        

 				        MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(

 				        		connectionParameters.getUrl(), 

 				        		idl, 

@@ -202,6 +214,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 				        

 						// TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"

 						

+						MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+								pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);

+						

 				        resp.setStatus(302);

 				    	  resp.addHeader("Location", redirectMISGUI);

 				    	  Logger.debug("REDIRECT TO: " + redirectURL);

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 607641532..26c10399d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -12,6 +12,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.fileupload.FileUploadException;

 import org.apache.commons.lang.StringEscapeUtils;

 

+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;

+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

@@ -22,6 +24,8 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;

 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;

 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;

+import at.gv.egovernment.moa.id.moduls.IRequest;

+import at.gv.egovernment.moa.id.moduls.RequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;

@@ -86,10 +90,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	       

 	    	session = AuthenticationServer.getSession(sessionID);

 	    	

+			IRequest pendingReq = RequestStorage.getPendingRequest(

+					(String) executionContext.get("pendingRequestID"));			

+			MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());

+	    		    	

 	        //change MOASessionID

 	        sessionID = AuthenticationSessionStoreage.changeSessionID(session);

 	    	

-    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);

+    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters);

     		if (cert == null) {

     			Logger.error("Certificate could not be read.");

     			throw new AuthenticationException("auth.14", null);    		

@@ -113,8 +122,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    		

 	    	}

 	    	else {

-	    			

-		    	

+	    					    	

 	    		String countrycode = CertificateUtils.getIssuerCountry(cert);

 	    		if (countrycode != null) {

 	    			if (countrycode.compareToIgnoreCase("AT") == 0) {

@@ -124,6 +132,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    		}

 	    		

 	    		// Foreign Identities Modus	

+	    		MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+						pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);

+	    		

 		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);

 		      // build dataurl (to the GetForeignIDSerlvet)

 		    	String dataurl =

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 44557453a..821bb572a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -10,6 +10,8 @@ import javax.servlet.http.HttpServletResponse;
 

 import org.apache.commons.lang.StringEscapeUtils;

 

+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;

+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

@@ -18,6 +20,8 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;

 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;

 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;

+import at.gv.egovernment.moa.id.moduls.IRequest;

+import at.gv.egovernment.moa.id.moduls.RequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;

@@ -77,7 +81,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 			}

 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);

 

-			boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;

+			IRequest pendingReq = RequestStorage.getPendingRequest(

+					(String) executionContext.get("pendingRequestID"));			

+			MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 

+					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());

+			

+			boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null;

 			AuthenticationSessionStoreage.storeSession(session);

 

 			executionContext.put("identityLinkAvailable", identityLinkAvailable);

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 7b55564c4..1d4b442da 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -39,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -48,6 +51,7 @@ import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
 
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.process.ProcessInstance;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
@@ -104,16 +108,20 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 				throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
 			
 			else {
-	    	
+	    					
 				//get Target from config or from request in case of SAML 1				
 				String target = null;
 				IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+				
+				MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+						pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid);
+				
 				if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && 
 						pendingReq.requestedModule().equals(SAML1Protocol.PATH))
 					target = pendingReq.getTarget();
 				else
 					target = oaParam.getTarget();
-				
+								
 		    	String bkuURL = oaParam.getBKUURL(bkuid);
 		    	if (MiscUtil.isEmpty(bkuURL)) {
 		    		Logger.info("No OA specific BKU defined. Use BKU from default configuration");
@@ -160,6 +168,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 			ec.put("ccc", moasession.getCcc());
 			ec.put("useMandate", moasession.getUseMandate());
 			ec.put("bkuURL", moasession.getBkuURL());
+			ec.put("pendingRequestID", pendingRequestID);
 
 			// select and create process instance
 			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index 0b6180d0f..83caaf75a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -7,10 +7,13 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 

 import org.apache.commons.lang.StringEscapeUtils;

+import org.slf4j.MDC;

 

+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;

 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;

 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

@@ -65,8 +68,14 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 

 			// retrieve moa session

 			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);

+			AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);

 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);

 

+			//add transactionID and unique sessionID to Logger

+			if (extendedSessionInformation != null)

+				TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());

+			TransactionIDUtils.setTransactionId(pendingRequestID);

+			

 			// process instance is mandatory

 			if (session.getProcessInstanceId() == null) {

 				throw new IllegalStateException("MOA session does not provide process instance id.");

@@ -77,8 +86,12 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 

 		} catch (Exception ex) {

 			handleError(null, ex, req, resp, pendingRequestID);

+			

 		} finally {

 			MOASessionDBUtils.closeSession();

+			TransactionIDUtils.removeTransactionId();

+			TransactionIDUtils.removeSessionId();

+			

 		}

 

 	}

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
new file mode 100644
index 000000000..e9019ded4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -0,0 +1,176 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between
+ * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence. This product combines work with different licenses. See the "NOTICE" text file for
+ * details on the various modules and licenses. The "NOTICE" text file is part of the distribution.
+ * Any derivative works that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.config;
+
+import java.io.Serializable;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+
+/**
+ * Configuration parameters belonging to an online application, to be used within both, the MOA ID
+ * Auth and the MOA ID PROXY component.
+ * 
+ * @author Harald Bratko
+ */
+public class OAParameter implements Serializable {
+	
+	private static final long serialVersionUID = 1L;
+
+	public OAParameter() { }
+	
+	public OAParameter(OnlineApplication oa) {
+		
+		this.oaType = oa.getType();
+		
+		if (this.oaType.equals("businessService"))
+			this.businessService = true;
+		else
+			this.businessService = false;
+
+        this.publicURLPrefix = oa.getPublicURLPrefix();
+		
+		this.friendlyName = oa.getFriendlyName();
+		
+		this.target = oa.getTarget();
+		
+		this.targetFriendlyName = oa.getTargetFriendlyName();
+		
+		this.removePBKFromAuthblock = oa.isRemoveBPKFromAuthBlock();
+		
+		this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20();
+		
+		this.isInderfederationIDP = oa.isIsInterfederationIDP();
+		
+		this.isSTORKPVPGateway =  oa.isIsInterfederationGateway();
+				
+	}
+	
+	/**
+	 * type of the online application (maybe "PublicService" or "BusinessService")
+	 */
+	private String oaType;
+	
+	/**
+	 * specifies whether the online application is a business application or not (<code>true</code>
+	 * if value of {@link #oaType} is "businessService"
+	 */
+	protected boolean businessService;
+
+
+    /**
+	 * public URL prefix of the online application
+	 */
+	protected String publicURLPrefix;
+	
+	/**
+	 * specifies a human readable name of the Online Application
+	 */
+	protected String friendlyName;
+	
+	/**
+	 * specified a specific target for the Online Application (overwrites the target in der request)
+	 */
+	protected String target;
+	/**
+	 * specifies a friendly name for the target
+	 */
+	protected String targetFriendlyName;
+	
+	protected boolean removePBKFromAuthblock;
+	
+	protected Boolean isInderfederationIDP;
+	
+	protected Boolean isSTORKPVPGateway;
+	
+	/**
+	 * Contains the oAuth 2.0 configuration (client id, secret and redirect uri)
+	 */
+	private OAOAUTH20 oAuth20Config;
+	
+	public String getOaType() {
+		return oaType;
+	}
+	
+	public boolean getBusinessService() {
+		return businessService;
+	}
+	
+	public String getPublicURLPrefix() {
+		return publicURLPrefix;
+	}
+	
+	public String getFriendlyName() {
+		return friendlyName;
+	}
+	
+	public String getTarget() {
+		return target;
+	}
+	
+	public String getTargetFriendlyName() {
+		return targetFriendlyName;
+	}
+	
+	public boolean isRemovePBKFromAuthBlock() {
+		return removePBKFromAuthblock;
+	}
+	
+	public OAOAUTH20 getoAuth20Config() {
+		return oAuth20Config;
+	}
+
+	/**
+	 * @return the isInderfederationIDP
+	 */
+	public boolean isInderfederationIDP() {
+		if (isInderfederationIDP == null)
+			return false;
+		
+		return isInderfederationIDP;
+	}
+	
+	public boolean isSTORKPVPGateway() {
+		if (isSTORKPVPGateway == null)
+			return false;
+		
+		return isSTORKPVPGateway;		
+	}
+	
+	
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index 6bf9388dc..92d0856ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -207,4 +207,6 @@ public interface IOAAuthParameters {
 	 */
 	public Collection<StorkAttributeProviderPlugin> getStorkAPs();
 	
+	public List<Integer> getReversionsLoggingEventCodes();
+	
 }
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 4587f0bc3..d3292b021 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -853,4 +853,14 @@ public boolean isRemovePBKFromAuthBlock() {
 		return false;	
 }
 
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
+ */
+@Override
+public List<Integer> getReversionsLoggingEventCodes() {
+	// TODO Auto-generated method stub
+	return null;
+}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index ac1470dc6..44f4da027 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -453,4 +453,13 @@ public class DynamicOAAuthParameters implements IOAAuthParameters {
 		// TODO Auto-generated method stub
 		return null;
 	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
+	 */
+	@Override
+	public List<Integer> getReversionsLoggingEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 15dbf818d..0b45bb461 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 25aaf4310..06b55fb66 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -61,10 +61,13 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -148,7 +151,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 						authSession.setAuthenticatedUsed(true);
 					
 						AuthenticationSessionStoreage.storeSession(authSession);
-						
+												
 						return true; // got authenticated
 					}
 				}
@@ -335,6 +338,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			
 			authSession.setAuthenticated(false);
 			//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+			//log Session_Destroy to reversionslog
+			AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
+			MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
 			
 			AuthenticationSessionStoreage.destroySession(moaSessionID);
 			
@@ -351,13 +358,17 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			HttpServletResponse response, IRequest target)
 			throws ServletException, IOException, MOAIDException {
 		
-		Logger.info("Starting authentication ...");
+		Logger.info("Starting authentication ...");		
+		MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
+				target, MOAIDEventConstants.AUTHPROCESS_START);
 		
 		if (MiscUtil.isEmpty(target.getRequestedIDP())) {
 			perfomLocalAuthentication(request, response, target);
 			
 		} else {
 			Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
+			MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
+					target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION);
 			buildPVP21AuthenticationRequest(request, response, target);
 						
 		}		
@@ -370,7 +381,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), 
 					target.requestedAction(), target.getRequestID(), oaParam, 
 					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
-						
+
+			MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
+					target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
+			
 			response.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(response.getOutputStream()); 
 			out.print(form);
@@ -569,7 +583,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		try {
 			//check if an MOASession exists and if not create an new MOASession
 			//moasession = getORCreateMOASession(request);
-			moasession = AuthenticationSessionStoreage.createSession(target.getRequestID());
+			moasession = AuthenticationSessionStoreage.createSession(target);
 			
 		} catch (MOADatabaseException e1) {
 			Logger.error("Database Error! MOASession can not be created!");
@@ -592,6 +606,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				executionContext.put("useMandate", moasession.getUseMandate());
 				executionContext.put("bkuURL", moasession.getBkuURL());
 				executionContext.put(PARAM_SESSIONID, moasession.getSessionID());
+				executionContext.put("pendingRequestID", target.getRequestID());
 
 				// create process instance
 				String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
@@ -620,6 +635,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				processEngine.start(processInstanceId);
 			    
 			} else {
+				MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
+						target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+								
 				//load Parameters from OnlineApplicationConfiguration
 				OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
 						.getOnlineApplicationParameter(target.getOAURL());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index aaeb84f92..8f3ed9fdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,10 +22,12 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
+import java.util.Date;
 import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
 
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 
 public interface IRequest {
@@ -40,9 +42,11 @@ public interface IRequest {
 	public String getTarget();
 	public void setRequestID(String id);
 	public String getRequestID();	
+	public String getSessionIdentifier();
 	public String getRequestedIDP();
 	public MOAResponse getInterfederationResponse();
 	public List<Attribute> getRequestedAttributes();
+	public IOAAuthParameters getOnlineApplicationConfiguration();
 	
 	//public void setTarget();
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 4a54a516b..26fb7bd29 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -27,6 +27,7 @@ import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
 
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 
 public abstract class RequestImpl implements IRequest, Serializable{
@@ -41,6 +42,8 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	private String action = null;
 	private String target = null;
 	private String requestID;
+	private String sessionIdentifier;
+	private IOAAuthParameters OAConfiguration = null;
 	
 	//MOA-ID interfederation
 	private String requestedIDP = null;
@@ -147,6 +150,23 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		this.response = response;
 	}
 	
+	public String getSessionIdentifier() {
+		return this.sessionIdentifier;
+		
+	}
+	
+	public void setSessionIdentifier(String sessionIdentifier) {
+		this.sessionIdentifier = sessionIdentifier;
+		
+	}
 	
+	public IOAAuthParameters getOnlineApplicationConfiguration() {
+		return this.OAConfiguration;
 	
+	}
+	
+	public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) {
+		this.OAConfiguration = oaConfig;
+		
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 21b4e2b65..f0b12431a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -22,6 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -34,6 +35,11 @@ public class RequestStorage {
 		try {
 			AssertionStorage storage = AssertionStorage.getInstance();
 			IRequest pendingRequest = storage.get(pendingReqID, IRequest.class);
+			
+			//set transactionID and sessionID to Logger
+			TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID());
+			TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier());
+			
 			return pendingRequest;
 		
 		} catch (MOADatabaseException e) {
@@ -49,7 +55,7 @@ public class RequestStorage {
 			
 			if (pendingRequest instanceof IRequest) {
 				storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
-				
+												
 			} else {
 				throw new MOAIDException("auth.20", null);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index df12c7fa9..d90df51e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -30,6 +30,8 @@ import java.util.UUID;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -62,8 +64,10 @@ class OAuth20AuthAction implements IAction {
 		OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;		
 		String responseType = oAuthRequest.getResponseType();
 		
-		String code = Random.nextRandom();
+		MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
 		
+		String code = Random.nextRandom();		
+				
 		try {
 			
 			String accessToken = UUID.randomUUID().toString();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 944da38d0..2238a25e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -51,6 +53,8 @@ class OAuth20TokenAction implements IAction {
 		try {
 			OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
 		
+			MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST);
+			
 			try {
 				Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 0a8a6a581..1b187d82e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -64,6 +64,8 @@ import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.Signer;
 import org.w3c.dom.Document;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -85,6 +87,8 @@ public class MetadataAction implements IAction {
 			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
 		try {
 
+			MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
+			
 			EntitiesDescriptor idpEntitiesDescriptor = 
 					SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
 						
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index e9b18348c..5440e7138 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -57,6 +57,9 @@ import org.opensaml.xml.signature.SignableXMLObject;
 
 import java.util.Arrays;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -253,10 +256,19 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 				if (obj instanceof RequestImpl) {
 					RequestImpl iReqSP = (RequestImpl) obj;
 
+					MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
+					
 					MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
 					
 					if ( processedMsg != null ) {
-						iReqSP.setInterfederationResponse(processedMsg);						
+						iReqSP.setInterfederationResponse(processedMsg);
+
+						MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
+						
+						Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() 
+								+ ". Switch to original transaction with ID " + iReqSP.getRequestID());
+						TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
+						TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
 												
 					} else {
 						Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." 
@@ -461,11 +473,15 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 
 			String oaURL = metadata.getEntityID();
 			oaURL = StringEscapeUtils.escapeHtml(oaURL);
+			OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
 			
 			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
 						
-			config.setOAURL(oaURL);			
-			config.setBinding(msg.getRequestBinding());									
+			config.setOAURL(oaURL);
+			config.setOnlineApplicationConfiguration(oa);
+			config.setBinding(msg.getRequestBinding());
+			
+			MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
 
 						
 		} else if (inMsg instanceof MOAResponse && 
@@ -540,8 +556,11 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		PVPTargetConfiguration config = new PVPTargetConfiguration();
 		config.setRequest(moaRequest);
 		config.setOAURL(moaRequest.getEntityID());
+		config.setOnlineApplicationConfiguration(oa);
 		config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
 		
+		MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
+		
 		return config;
 	}
 	
@@ -628,11 +647,13 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 						
 		String oaURL = moaRequest.getEntityMetadata().getEntityID();
 		oaURL = StringEscapeUtils.escapeHtml(oaURL);
+		OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
 		
 		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
 
 		PVPTargetConfiguration config = new PVPTargetConfiguration();		
 		config.setOAURL(oaURL);
+		config.setOnlineApplicationConfiguration(oa);
 		config.setBinding(consumerService.getBinding());
 		config.setRequest(moaRequest);
 		config.setConsumerURL(consumerService.getLocation());
@@ -640,7 +661,9 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		//parse AuthRequest
 		config.setPassiv(authReq.isPassive());
 		config.setForce(authReq.isForceAuthn());
-				
+
+		MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
+		
 		return config;
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index a1b4932d4..61bc51565 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -265,7 +265,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 						
 					
 					} catch (PVP2Exception e) {
-						Logger.warn(
+						Logger.info(
 								"Attribute generation failed! for "
 										+ reqAttribut.getFriendlyName());
 						if (reqAttribut.isRequired()) {
@@ -274,7 +274,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 						}
 						
 					} catch (Exception e) {
-						Logger.error(
+						Logger.warn(
 								"General Attribute generation failed! for "
 										+ reqAttribut.getFriendlyName(), e);
 						if (reqAttribut.isRequired()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index cdc50d8a3..f75293ef0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -154,8 +154,9 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
 			throw new InvalidProtocolRequestException("auth.00",
 					new Object[] { null });
 		}
-		
+		config.setOnlineApplicationConfiguration(oaParam);
 		config.setSourceID(sourceID);
+		
 		if (MiscUtil.isNotEmpty(target))
 			config.setTarget(target);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 42cf04877..843b519a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -192,6 +192,7 @@ public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo {
                 throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()});
             
             else {
+            	STORK2Request.setOnlineApplicationConfiguration(oaParam);            	
             	if (oaParam.isSTORKPVPGateway()) {
             		if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) {
             			Logger.info("Received request for STORK->PVP gateway. " +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index d843a171e..30b6caef8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -33,7 +33,10 @@ import org.hibernate.Query;
 import org.hibernate.Session;
 import org.hibernate.Transaction;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -42,6 +45,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -60,6 +64,8 @@ public class AuthenticationSessionStoreage {
 
 	//private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
 
+	private static JsonMapper mapper = new JsonMapper();
+	
 	public static boolean isAuthenticated(String moaSessionID) {
 		
 		AuthenticatedSessionStore session;
@@ -73,34 +79,44 @@ public class AuthenticationSessionStoreage {
 		}
 	}
 
-	public static AuthenticationSession createSession(String pendingRequestID) throws MOADatabaseException, BuildException {
+	public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
 		String id = Random.nextRandom();
-
-		AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
-		dbsession.setSessionid(id);
-		dbsession.setAuthenticated(false);
+		try {
+			AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+			dbsession.setSessionid(id);
+			dbsession.setAuthenticated(false);
 		
-		//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
-		Date now = new Date();
-		dbsession.setCreated(now);
-		dbsession.setUpdated(now);
+			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+			Date now = new Date();
+			dbsession.setCreated(now);
+			dbsession.setUpdated(now);
 		
-		dbsession.setPendingRequestID(pendingRequestID);
+			dbsession.setPendingRequestID(target.getRequestID());
 		
-		AuthenticationSession session = new AuthenticationSession(id, now);
-		encryptSession(session, dbsession);
+			//set additional session informations
+			AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions();
+			sessionExt.setUniqueSessionId(target.getSessionIdentifier());
+			dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
 		
-		//store AssertionStore element to Database
-		try {
+			AuthenticationSession session = new AuthenticationSession(id, now);
+			encryptSession(session, dbsession);
+		
+			//store AssertionStore element to Database		
 			MOASessionDBUtils.saveOrUpdate(dbsession);
 			Logger.info("MOASession with sessionID=" + id + " is stored in Database");
 			
+			return session;
+			
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be created.");
 			throw new MOADatabaseException(e);
+			
+		} catch (JsonProcessingException e) {
+			Logger.warn("Extended session information can not be stored.", e);
+			throw new MOADatabaseException(e);
+			
 		}
-		
-		return session;
+				
 	}
 
 	public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
@@ -118,6 +134,45 @@ public class AuthenticationSessionStoreage {
 			throw new MOADatabaseException("MOASession deserialization-exception");
 		}
 	}
+
+	public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
+		AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+		
+		if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) {
+			try {
+				return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(), 
+						AuthenticationSessionExtensions.class);
+				
+			} catch (Exception e) {
+				Logger.warn("Extended session information extraction FAILED!", e);
+			}			
+		}
+		return null;
+		
+	}
+	
+	public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
+		try {
+			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+			
+			dbsession.setAdditionalInformation(
+					mapper.serialize(sessionExtensions));
+			
+			MOASessionDBUtils.saveOrUpdate(dbsession);
+			Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database");
+			
+			
+		} catch (MOADatabaseException e) {
+			Logger.warn("MOASession could not be stored.");
+			throw new MOADatabaseException(e);
+			
+		} catch (JsonProcessingException e) {
+			Logger.warn("Extended session information can not be stored.", e);
+			throw new MOADatabaseException("Extended session information can not be stored.", e);
+			
+		} 
+		
+	}
 	
 	public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
 		storeSession(session, null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 2d9fb9196..22a021d99 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -83,7 +83,7 @@ public class Random {
 		 
     ByteBuffer bb = ByteBuffer.wrap(b);
 	long l = bb.getLong();
-	return "" + l;
+	return "" + Math.abs(l);
 		
 
   }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 1edb8d1f3..8e42f0df7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -48,6 +48,12 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
 

 import java.io.Serializable;

 

+import org.w3c.dom.Element;

+

+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;

+import at.gv.egovernment.moa.id.util.MandateBuilder;

+import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.util.DOMUtils;

 import at.gv.egovernment.moa.util.MiscUtil;

 

 public class MISMandate implements Serializable{

@@ -91,6 +97,28 @@ public class MISMandate implements Serializable{
 	public byte[] getMandate() {

   	return mandate;

   }

+	

+	public Element getMandateDOM() {

+		try {

+			byte[] byteMandate = mandate;

+			String stringMandate = new String(byteMandate);

+			return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();

+			

+		}

+		catch (Throwable e) {

+			Logger.warn("Mandate content could not be generated from MISMandate.");

+			return null;

+		}

+	}

+	

+	public Mandate getMandateJaxB() {

+		Element domMandate = getMandateDOM();

+		if (domMandate != null)

+			return MandateBuilder.buildMandate(domMandate);

+		

+		return null;

+	}

+	

 	public void setMandate(byte[] mandate) {

   	this.mandate = mandate;

   }