73 files changed, 4672 insertions, 3579 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 7ac026888..17e39f766 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -27,10 +27,12 @@ import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -42,9 +44,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@Service("MOAReversionLogger")
 public class MOAReversionLogger {
-
-	private static MOAReversionLogger instance = null; 
+	
+	@Autowired protected AuthConfiguration authConfig;
 	
 	private static final List<Integer> defaultEventCodes = Arrays.asList(
 			MOAIDEventConstants.SESSION_CREATED, 
@@ -69,17 +72,6 @@ public class MOAReversionLogger {
 			MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED,
 			MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER
 	);
-	
-	
-	public static synchronized MOAReversionLogger getInstance() {
-		if (instance == null) {
-			instance = new MOAReversionLogger();
-			MOAIDEventLog.reload();
-			
-		}			
-		
-		return instance;
-	}
 			
 	public void logEvent(IOAAuthParameters oaConfig, 
 			int eventCode, String message) {
@@ -91,8 +83,8 @@ public class MOAReversionLogger {
 			int eventCode) {		
 			if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
 			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, 
-					pendingRequest.getSessionIdentifier(), 
-					pendingRequest.getRequestID()));
+					pendingRequest.getUniqueSessionIdentifier(), 
+					pendingRequest.getUniqueTransactionIdentifier()));
 									
 	}
 	
@@ -101,8 +93,8 @@ public class MOAReversionLogger {
 		if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
 			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
 					message,
-					pendingRequest.getSessionIdentifier(), 
-					pendingRequest.getRequestID()
+					pendingRequest.getUniqueSessionIdentifier(), 
+					pendingRequest.getUniqueTransactionIdentifier()
 					));
 									
 	}
@@ -140,8 +132,8 @@ public class MOAReversionLogger {
 	 */
 	public void logEvent(IRequest pendingRequest, int eventCode) {
 		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, 
-				pendingRequest.getSessionIdentifier(), 
-				pendingRequest.getRequestID()));
+				pendingRequest.getUniqueSessionIdentifier(), 
+				pendingRequest.getUniqueTransactionIdentifier()));
 		
 	}
 	
@@ -249,15 +241,9 @@ public class MOAReversionLogger {
 	}
 
 	public List<Integer> getDefaulttReversionsLoggingEventCodes() {
-		try {
-			List<Integer> configuredDefaultEventCodes = AuthConfigurationProviderFactory.getInstance().getDefaultRevisionsLogEventCodes();
-			if (configuredDefaultEventCodes != null)
-				return configuredDefaultEventCodes;
-			
-		} catch (ConfigurationException e) {
-			Logger.error("Access to configuration FAILED.", e);
-			
-		}
+		List<Integer> configuredDefaultEventCodes = authConfig.getDefaultRevisionsLogEventCodes();
+		if (configuredDefaultEventCodes != null)
+			return configuredDefaultEventCodes;
 		
 		return defaultEventCodes;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 5487152cf..87b3bc9ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -32,6 +32,8 @@ import javax.xml.bind.JAXBException;
 import javax.xml.bind.Unmarshaller;
 
 import org.apache.commons.lang3.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
@@ -47,16 +49,16 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("StatisticLogger")
 public class StatisticLogger {
 	
 	private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request";
@@ -73,45 +75,19 @@ public class StatisticLogger {
 	private static final String ERRORTYPE_MANDATE = "mandate";
 	private static final String ERRORTYPE_MOAID = "moa-id";
 	private static final String ERRORTYPE_SZRGW = "szrgw";
-	
-	private static StatisticLogger instance;
-	
-	private boolean isAktive = false;
-	
-	public static StatisticLogger getInstance() {
-		if (instance == null)
-			instance = new StatisticLogger();
 		
-		return instance;
-	}
-	
-	private StatisticLogger() {
-		try {
-			AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
-			
-			if (config != null) 
-				isAktive = config.isAdvancedLoggingActive();			
-			
-		} catch (ConfigurationException e) {
-			Logger.error("StatisticLogger can not be inizialized", e);
-		}
-	}
-	
+	@Autowired AuthConfiguration authConfig;
+	@Autowired IAuthenticationSessionStoreage authenticatedSessionStorage;
+		
 	public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) {
 		
-		if ( isAktive && protocolRequest != null && authData != null) {
+		if ( authConfig.isAdvancedLoggingActive() && protocolRequest != null && authData != null) {
 			
-			OAAuthParameter dbOA = null;
-			try {
-				dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
+			IOAAuthParameters dbOA = null;
+			dbOA = protocolRequest.getOnlineApplicationConfiguration();
 
-				if (dbOA == null) {
-					Logger.warn("Advanced logging failed: OA can not be found in database.");
-					return;
-				}
-				
-			} catch (ConfigurationException e1) {
-				Logger.error("Access MOA-ID configuration FAILED.", e1);
+			if (dbOA == null) {
+				Logger.warn("Advanced logging failed: OA can not be found in database.");
 				return;
 			}
 			
@@ -221,7 +197,7 @@ public class StatisticLogger {
 	}
 	
 	public void logErrorOperation(Throwable throwable) {
-		if ( isAktive )  {
+		if ( authConfig.isAdvancedLoggingActive() )  {
 			StatisticLog dblog = new StatisticLog();
 			
 			//set actual date and time
@@ -249,7 +225,7 @@ public class StatisticLogger {
 	
 	public void logErrorOperation(Throwable throwable, IRequest errorRequest) {
 		
-		if (isAktive && throwable != null && errorRequest != null) {
+		if (authConfig.isAdvancedLoggingActive() && throwable != null && errorRequest != null) {
 			StatisticLog dblog = new StatisticLog();
 			
 			//set actual date and time
@@ -260,44 +236,45 @@ public class StatisticLogger {
 			dblog.setProtocoltype(errorRequest.requestedModule());
 			dblog.setProtocolsubtype(errorRequest.requestedAction());
 			
-			try { 
-				OAAuthParameter dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(errorRequest.getOAURL());
-				if (dbOA != null) {
-					dblog.setOafriendlyName(dbOA.getFriendlyName());
-					dblog.setOatarget(dbOA.getTarget());
-					//dblog.setOaID(dbOA.getHjid());
-					dblog.setBusinessservice(isBusinessService(dbOA));
-					
-			
-					AuthenticationSession moasession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(errorRequest.getRequestID());
+			IOAAuthParameters dbOA = errorRequest.getOnlineApplicationConfiguration();
+			if (dbOA != null) {
+				dblog.setOafriendlyName(dbOA.getFriendlyName());
+				dblog.setOatarget(dbOA.getTarget());
+				//dblog.setOaID(dbOA.getHjid());
+				dblog.setBusinessservice(isBusinessService(dbOA));
+				
+				try {
+					AuthenticationSession moasession = authenticatedSessionStorage.
+							getSession(errorRequest.getMOASessionIdentifier());
 					if (moasession != null) {
 						if (MiscUtil.isNotEmpty(moasession.getBkuURL())) {
 							dblog.setBkuurl(moasession.getBkuURL());
 							dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
 						}
-				
+			
 						dblog.setMandatelogin(moasession.getUseMandate());
 					}
-			
-					generateErrorLogFormThrowable(throwable, dblog);
 					
+				} catch (MOADatabaseException e) {
+					Logger.debug(e.getMessage() + " --> StatistikLog will not include MOASession information.");
 					
-			
-					try {
-						StatisticLogDBUtils.saveOrUpdate(dblog);
+				}
+
+				generateErrorLogFormThrowable(throwable, dblog);
 				
-					} catch (MOADatabaseException e) {
-						Logger.warn("Statistic Log can not be stored into Database", e);
-					}
+				
+
+				try {
+					StatisticLogDBUtils.saveOrUpdate(dblog);
+			
+				} catch (MOADatabaseException e) {
+					Logger.warn("Statistic Log can not be stored into Database", e);
 				}
-			} catch (ConfigurationException e) {
-				Logger.error("Access MOA-ID configuration FAILED.", e);
-				return;
 			}
 		}
 	}
 	
-	private boolean isBusinessService(OAAuthParameter dbOA) {
+	private boolean isBusinessService(IOAAuthParameters dbOA) {
 		
 		if (dbOA.getOaType().equals("businessService"))
 			return true;
@@ -360,7 +337,7 @@ public class StatisticLogger {
 		
 	}
 	
-	private String findBKUType(String bkuURL, OAAuthParameter dbOA) {
+	private String findBKUType(String bkuURL, IOAAuthParameters dbOA) {
 		
 		if (dbOA != null) {
 			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.HANDYBKU)))
@@ -376,14 +353,13 @@ public class StatisticLogger {
 		Logger.trace("Staticic Log search BKUType from DefaultBKUs");
 		
 		try {
-			AuthConfiguration authconfig = AuthConfigurationProviderFactory.getInstance();
-			if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU)))
+			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU)))
 				return IOAAuthParameters.ONLINEBKU;
 			
-			if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
 				return IOAAuthParameters.LOCALBKU;
 			
-			if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
 				return IOAAuthParameters.HANDYBKU;
 			
 		} catch (ConfigurationException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 1f12675ca..a1ba00e02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -3,6 +3,14 @@
 
 package at.gv.egovernment.moa.id.auth;
 
+import java.util.Date;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -13,22 +21,47 @@ import at.gv.egovernment.moa.logging.Logger;
  * @author Paul Ivancsics
  * @version $Id$
  */
+@Service("AuthenticationSessionCleaner")
 public class AuthenticationSessionCleaner implements Runnable {
 
+	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
+	@Autowired private ITransactionStorage transactionStorage;
+	@Autowired protected AuthConfiguration authConfig;
+	
   /** interval the <code>AuthenticationSessionCleaner</code> is run in */
   private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min
 
 	/**
 	 * Runs the thread. Cleans the <code>AuthenticationServer</code> session store
  	 * and authentication data store from garbage, then sleeps for given interval, and restarts.
+ 	 * 
+   	 * Cleans up expired session and authentication data stores.
+ 	 * 
    */
   public void run() {
     while (true) {
       try {
       	Logger.debug("AuthenticationSessionCleaner run");
-      	BaseAuthenticationServer.cleanup();
-      } 
-      catch (Exception e) {
+    		Date now = new Date();
+
+    		try {
+    			int sessionTimeOutCreated = authConfig.getSSOCreatedTimeOut() * 1000;
+    			int sessionTimeOutUpdated = authConfig.getSSOUpdatedTimeOut() * 1000;
+    			int authDataTimeOut = authConfig.getTransactionTimeOut() * 1000;
+
+    			//clean AuthenticationSessionStore
+    			authenticationSessionStorage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
+    						
+    			//clean TransactionStorage
+    			transactionStorage.clean(now, authDataTimeOut);
+
+    			
+    		} catch (Exception e) {
+    			Logger.error("Session cleanUp FAILED!" , e);
+    			
+    		}
+    		
+      } catch (Exception e) {
         Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);
       }
       try {
@@ -42,10 +75,10 @@ public class AuthenticationSessionCleaner implements Runnable {
   /**
    * start the sessionCleaner
    */
-  public static void start() {
+  public static void start(Runnable clazz) {
     // start the session cleanup thread
     Thread sessionCleaner =
-      new Thread(new AuthenticationSessionCleaner(), "AuthenticationSessionCleaner");
+      new Thread(clazz, "AuthenticationSessionCleaner");
     sessionCleaner.setName("SessionCleaner");
     sessionCleaner.setDaemon(true);
     sessionCleaner.setPriority(Thread.MIN_PRIORITY);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
index 5e3b6653b..1ce6fa1e9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
@@ -1,37 +1,13 @@
 
 package at.gv.egovernment.moa.id.auth;
 
-import java.io.UnsupportedEncodingException;
-import java.util.Date;
-import java.util.List;
-import java.util.UUID;
-
-import org.opensaml.xml.util.XMLHelper;
-
-import org.w3c.dom.Element;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.client.SZRGWClient;
-import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.util.xsd.mis.MandateIdentifiers;
-import at.gv.util.xsd.mis.Target;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
-import at.gv.util.xsd.srzgw.MISType;
-import at.gv.util.xsd.srzgw.MISType.Filters;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 
 /**
  * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -43,6 +19,9 @@ import at.gv.util.xsd.srzgw.MISType.Filters;
  */
 public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
 
+	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
+	@Autowired protected AuthConfiguration authConfig;
+	
 	/**
 	 * Retrieves a session from the session store.
 	 *
@@ -50,11 +29,11 @@ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
 	 * @return <code>AuthenticationSession</code> stored with given session ID (never {@code null}).
 	 * @throws AuthenticationException in case the session id does not reflect a valic, active session.
 	 */
-	public static AuthenticationSession getSession(String id)
+	public AuthenticationSession getSession(String id)
 			throws AuthenticationException {
 		AuthenticationSession session;
 		try {
-			session = AuthenticationSessionStoreage.getSession(id);
+			session = authenticationSessionStorage.getSession(id);
 
 			if (session == null)
 				throw new AuthenticationException("auth.02", new Object[]{id});
@@ -68,33 +47,4 @@ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
 		}
 	}
 
-	/**
-	 * Cleans up expired session and authentication data stores.
-	 */
-	public static void cleanup() {
-		long now = new Date().getTime();
-
-		try {
-			int sessionTimeOutCreated = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;
-			int sessionTimeOutUpdated = AuthConfigurationProviderFactory.getInstance().getSSOUpdatedTimeOut() * 1000;
-			int authDataTimeOut = AuthConfigurationProviderFactory.getInstance().getTransactionTimeOut() * 1000;
-
-			//clean AuthenticationSessionStore
-			AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
-						
-			//clean AssertionStore
-			AssertionStorage assertionstore = AssertionStorage.getInstance();
-			assertionstore.clean(now, authDataTimeOut);
-
-			//clean ExeptionStore
-			DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore();
-			exstore.clean(now, authDataTimeOut);
-			
-		} catch (Exception e) {
-			Logger.error("Session cleanUp FAILED!" , e);
-			
-		}
-		
-	}
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index fa30f9ffd..082ebcdcd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -10,8 +10,6 @@ import java.util.List;
 import java.util.Map;
 
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
-
 import iaik.asn1.ObjectID;
 
 
@@ -35,6 +33,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   public static final String PARAM_ACTION = "ACTION";
   public static final String PARAM_SSO = "SSO";
   public static final String INTERFEDERATION_IDP = "interIDP";
+  public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
   
   public static final String PARAM_SLOSTATUS = "status";
   public static final String PARAM_SLORESTART = "restart";
@@ -130,6 +129,8 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   public static final String REQ_BKU_TYPE_HANDY = "handy"; 
   public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
 
+  public static final List<String> LEGACYPARAMETERWHITELIST 
+  	= Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID);
 
   public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
   public final static String EXT_SAML_MANDATE_OID = "OID";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 4a004cdf0..5968736f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -223,7 +223,6 @@ public class MOAIDAuthInitializer implements WebApplicationInitializer {
         // Initialize configuration provider
        	AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext);
 
-
        	//test, if MOA-ID is already configured
     	authConf.getPublicURLPrefix();
 
@@ -245,7 +244,9 @@ public class MOAIDAuthInitializer implements WebApplicationInitializer {
         	        	
         
         // Starts the session cleaner thread to remove unpicked authentication data
-        AuthenticationSessionCleaner.start();
+        AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class);
+        AuthenticationSessionCleaner.start(sessioncleaner);
+        
         MOAGarbageCollector.start();
     }
     
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
index 06a1f0936..a82a958db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
@@ -40,8 +40,10 @@ public class MOAIDAuthSpringResourceProvider implements SpringResourceProvider {
 	public Resource[] getResourcesToLoad() {
 		ClassPathResource moaidauthConfig = new ClassPathResource("/moaid.configuration.beans.xml", MOAIDAuthSpringResourceProvider.class);
 		ClassPathResource configurationDBConfig = new ClassPathResource("/configuration.beans.xml", MOAIDAuthSpringResourceProvider.class);
-				
-		return new Resource[] {configurationDBConfig, moaidauthConfig};		
+		ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthSpringResourceProvider.class);					
+		
+		return new Resource[] {configurationDBConfig, moaidauthConfig, moaIdAuthBeans};	
+		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index fe29dd2b7..5bde82899 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -22,8 +22,6 @@
  */
 package at.gv.egovernment.moa.id.auth.builder;
 
-import iaik.x509.X509Certificate;
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -51,6 +49,8 @@ import org.opensaml.saml2.core.Response;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
@@ -81,7 +81,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
@@ -89,6 +88,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
@@ -96,11 +96,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -114,14 +115,19 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration;
 import at.gv.util.ex.EgovUtilException;
 import at.gv.util.wsdl.szr.SZRException;
 import at.gv.util.xsd.szr.PersonInfoType;
+import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  *
  */
+@Service("AuthenticationDataBuilder")
 public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
-	public static IAuthData buildAuthenticationData(IRequest protocolRequest, 
+	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired protected AuthConfiguration authConfig;
+	
+	public IAuthData buildAuthenticationData(IRequest protocolRequest, 
             AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
 		
 		
@@ -166,7 +172,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		}
 		
 		//reuse some parameters if it is a reauthentication 
-		OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
 		if (activeOA != null) {
 			authdata.setSessionIndex(activeOA.getAssertionSessionID());
 			authdata.setNameID(activeOA.getUserNameID());
@@ -187,13 +193,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			}
 		}
 				
-		InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
+		InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
 		
 		IOAAuthParameters oaParam = null;				
 		if (reqAttributes == null) {
 			//get OnlineApplication from MOA-ID-Auth configuration
-			oaParam = AuthConfigurationProviderFactory.getInstance()
-					.getOnlineApplicationParameter(oaID);
+			oaParam = authConfig.getOnlineApplicationParameter(oaID);
 
 			//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
 			if (oaParam.isSTORKPVPGateway())
@@ -215,7 +220,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
 			} else {						
 				//get attributes from interfederated IDP
-				OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+				OAAuthParameter idp = authConfig.getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
 				getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp,  reqAttributes);
 				
 				//mark attribute request as used 				
@@ -248,7 +253,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @throws BuildException 
 	 * @throws DynamicOABuildException 
 	 */
-	public static IAuthData buildAuthenticationData(IRequest req,
+	public IAuthData buildAuthenticationData(IRequest req,
 			AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {
 		return buildAuthenticationData(req, session, null);
 	}
@@ -263,7 +268,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @param reqQueryAttr 
 	 * @throws ConfigurationException 
 	 */
-	private static void getAuthDataFromInterfederation(
+	private void getAuthDataFromInterfederation(
 			AuthenticationData authdata, AuthenticationSession session,
 			IOAAuthParameters oaParam, IRequest req,
 			InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
@@ -280,11 +285,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			//IDP is a service provider IDP and request interfederated IDP to collect attributes				
 			} else {												
 				//get PVP 2.1 attributes from protocol specific requested attributes
-				attributs = req.getRequestedAttributes();
+				attributs = (List<Attribute>) req.getGenericData(RequestImpl.DATAID_REQUESTED_ATTRIBUTES);
 				
 			}
 
-			Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+			Response intfResp = 
+					(Response) req.getGenericData(
+							RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse();
 			AssertionAttributeExtractor extractor = 
 					new AssertionAttributeExtractor(intfResp);			
 						
@@ -362,7 +369,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		}
 	}
 	
-	private static void buildAuthDataFormInterfederationResponse(
+	private  void buildAuthDataFormInterfederationResponse(
 			AuthenticationData authData, 
 			AuthenticationSession session, 
 			AssertionAttributeExtractor extractor,
@@ -500,7 +507,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			if (MiscUtil.isEmpty(authData.getIdentificationValue())) {
 				Logger.info("No baseID found. Connect SZR to reveive baseID ...");				
 				try {
-					EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProviderFactory.getInstance().geteGovUtilsConfig();
+					EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();
 					if (eGovClientsConfig != null) {
 						SZRClient szrclient = new SZRClient(eGovClientsConfig);
 						
@@ -534,11 +541,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 						
 					}
 								
-				} catch (ConfigurationException e) {
-					 Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
-					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
-							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-					
 				} catch (EgovUtilException e) {
 					Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
 					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
@@ -843,7 +845,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @param authData
 	 * @return
 	 */
-	private static boolean matchsReceivedbPKToOnlineApplication(
+	private boolean matchsReceivedbPKToOnlineApplication(
 			IOAAuthParameters oaParam, AuthenticationData authData) {
 		
 		String oaTarget = null;
@@ -870,7 +872,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			return false;
 	}
 
-	private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, 
+	private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, 
 			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 		
 		IdentityLink identityLink = session.getIdentityLink();
@@ -964,11 +966,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		}
 		
 		try {
-			authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID()));
+			authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());
 			
 			//set max. SSO session time
 			if (authData.isSsoSession()) {
-				long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;		
+				long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000;		
 				Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime);
 				authData.setSsoSessionValidTo(ssoSessionValidTo);
 				
@@ -1016,7 +1018,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 	}
 	
-	private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
+	private void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
 		if (oaParam.getBusinessService()) {
             Element idlassertion = idl.getSamlAssertion();
             //set bpk/wpbk;
@@ -1033,9 +1035,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
 			Element resignedilAssertion;
 
-			AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
-			if (config.isIdentityLinkResigning()) {
-				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey());
+			if (authConfig.isIdentityLinkResigning()) {
+				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
 			} else {
 				resignedilAssertion = businessServiceIdl.getSamlAssertion();
 			}
@@ -1050,7 +1051,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 	}		
 	
-	private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  {
+	private void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  {
 		
         if (oaParam.getBusinessService()) {
             //since we have foreigner, wbPK is not calculated in BKU
@@ -1082,7 +1083,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
         		}	
             	
             	if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst))
-            		target = protocolRequest.getTarget();
+            		target = protocolRequest.getGenericData("target", String.class);
             	else
             		target = oaParam.getTarget();
             	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index d4350f97b..9a2baf873 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -47,7 +47,6 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 
 /**
  * Builds a DataURL parameter meant for the security layer implementation
@@ -76,31 +75,13 @@ public class DataURLBuilder {
    * @return String
    */
   public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
-
-//		String individualDataURLPrefix = null;
-		String dataURL;
-		
-		//is removed from config in MOA-ID 2.0
-		//check if an individual prefix is configured
-//      individualDataURLPrefix = AuthConfigurationProvider.getInstance().
-//      	getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
-//			
-//			if (null != individualDataURLPrefix) {
-//				
-//				//check individualDataURLPrefix
-//				if(!individualDataURLPrefix.startsWith("http"))
-//					throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
-//
-//				//when ok then use it
-//				dataURL = individualDataURLPrefix + authServletName;
-//			} else
-		
+		String dataURL;		
 		if (!authBaseURL.endsWith("/"))
 			authBaseURL += "/";
 		
 		dataURL = authBaseURL + authServletName;
 
-    dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID);
+    dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);
   	return dataURL;
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 99ba49d26..c22432d0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -36,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.util.FormBuildUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -119,7 +118,7 @@ public class LoginFormBuilder {
 			return template;
 	}
 	
-	public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) {
+	public static String buildLoginForm(String modul, String action, IOAAuthParameters oaParam, String contextpath, String moaSessionID) {
 		
 		String value = null;
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index ae3ec9a9b..3849eb8a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -36,8 +36,6 @@
 
 package at.gv.egovernment.moa.id.auth.data;
 
-import iaik.x509.X509Certificate;
-
 import java.io.Serializable;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
@@ -53,6 +51,7 @@ import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
 
 /**
  * Session data to be stored between <code>AuthenticationServer</code> API calls.
@@ -218,16 +217,7 @@ public class AuthenticationSession implements Serializable {
 	 */
 	private String pushInfobox;
 		
-	// private AuthenticationData authData;
-	
-	// protocol selection
-	private String action;
-	private String modul;
-	
-	private String processInstanceId;
-	
 	private boolean authenticated;
-	private boolean authenticatedUsed = false;
 	
 	private boolean ssoRequested = false;
 		
@@ -238,31 +228,7 @@ public class AuthenticationSession implements Serializable {
 	private boolean isForeigner;
 	
 	private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>();
-	
-	public String getModul() {
-		return modul;
-	}
-	
-	public void setModul(String modul) {
-		this.modul = modul;
-	}
-	
-	public String getAction() {
-		return action;
-	}
-	
-	public void setAction(String action) {
-		this.action = action;
-	}
 		
-	public boolean isAuthenticatedUsed() {
-		return authenticatedUsed;
-	}
-	
-	public void setAuthenticatedUsed(boolean authenticatedUsed) {
-		this.authenticatedUsed = authenticatedUsed;
-	}
-	
 	public boolean isAuthenticated() {
 		return authenticated;
 	}
@@ -852,22 +818,6 @@ public class AuthenticationSession implements Serializable {
 		return sessionCreated;
 	}
 
-	/**
-	 * Returns the identifier of the process instance associated with this moaid session.
-	 * @return The process instance id (may be {@code null} if no process has been created yet).
-	 */
-	public String getProcessInstanceId() {
-		return processInstanceId;
-	}
-
-	/**
-	 * Sets the process instance identifier in order to associate a certain process instance with this moaid session. 
-	 * @param processInstanceId The process instance id.
-	 */
-	public void setProcessInstanceId(String processInstanceId) {
-		this.processInstanceId = processInstanceId;
-	}
-
 	public Map<String, Object> getGenericSessionDataStorage() {
 		return genericSessionDataStorate;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 67ddd170a..a73fd6858 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -1,6 +1,12 @@
 package at.gv.egovernment.moa.id.auth.modules;

 

-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_CACHE_CONTROL;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_EXPIRES;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_PRAGMA;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA;

 

 import java.io.ByteArrayOutputStream;

 import java.io.IOException;

@@ -24,17 +30,23 @@ import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;

 import org.apache.commons.fileupload.servlet.ServletFileUpload;

 import org.apache.commons.lang3.ArrayUtils;

+import org.springframework.beans.factory.annotation.Autowired;

 

+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;

+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;

-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;

+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;

 import at.gv.egovernment.moa.id.config.ConfigurationException;

-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;

+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;

+import at.gv.egovernment.moa.id.moduls.IRequestStorage;

 import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;

-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;

-import at.gv.egovernment.moa.id.storage.IExceptionStore;

+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;

+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;

+import at.gv.egovernment.moa.id.storage.ITransactionStorage;

+import at.gv.egovernment.moa.id.util.Random;

 import at.gv.egovernment.moa.id.util.ServletUtils;

 import at.gv.egovernment.moa.logging.Logger;

 import at.gv.egovernment.moa.util.MiscUtil;

@@ -45,6 +57,13 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */

 public abstract class AbstractAuthServletTask extends MoaIdTask {

 

+	@Autowired private StatisticLogger statisticLogger;

+	@Autowired private ITransactionStorage transactionStorage;

+	@Autowired protected IRequestStorage requestStoreage;

+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;

+	@Autowired protected MOAReversionLogger revisionsLogger;

+	@Autowired protected AuthConfiguration authConfig;

+	

 	protected static final String ERROR_CODE_PARAM = "errorid";

 

 	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,

@@ -66,11 +85,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 			req.setAttribute("LogLevel", "debug");

 		}

 		

-		

-		StatisticLogger logger = StatisticLogger.getInstance();

-		logger.logErrorOperation(exceptionThrown);

-		

-		

+		statisticLogger.logErrorOperation(exceptionThrown);

+				

 		// forward this to errorpage-auth.jsp where the HTML error page is

 		// generated

 		ServletContext context = req.getServletContext();

@@ -132,31 +148,42 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);

 			

 		}

+				

 		

-		IExceptionStore store = DBExceptionStoreImpl.getStore();

-		String id = store.storeException(exceptionThrown);

-

-		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {

-		

-			String redirectURL = null;

-

-			redirectURL = ServletUtils.getBaseUrl(req);

-			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 

-					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;

-		

-			resp.setContentType("text/html");

-			resp.setStatus(302);

-	

-			resp.addHeader("Location", redirectURL);		

-			Logger.debug("REDIRECT TO: " + redirectURL);	

-		

-			return;

+		try {

+			String key = Random.nextRandom();			

+			transactionStorage.put(key, exceptionThrown);

 			

-		} else {

+			if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {		

+				String redirectURL = null;

+				

+				redirectURL = ServletUtils.getBaseUrl(req) + "/";

+				redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT 

+								+ "?" + ERROR_CODE_PARAM + "=" + key 

+						+ "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;

 			

-			//Exception can not be stored in database

+				resp.setContentType("text/html");

+				resp.setStatus(302);

+		

+				resp.addHeader("Location", redirectURL);		

+				Logger.debug("REDIRECT TO: " + redirectURL);	

+					

+				return;

+				

+			} else {				

+				//Exception can not be stored in database

+				handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);

+			}

+						

+		} catch (MOADatabaseException e) {

+			Logger.warn("Exception can not be stored to Database.", e);

 			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);

+			

 		}

+

+

+			

+

 	}

 

 	/**

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
new file mode 100644
index 000000000..8b02a5bf6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules;
+
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * @author tlenz
+ *
+ */
+public class BKUSelectionModuleImpl implements AuthModule {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+	 */
+	@Override
+	public int getPriority() {
+		return 0;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		boolean performBKUSelection = false;
+		Object performBKUSelectionObj = context.get("performBKUSelection");
+		if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
+			performBKUSelection = (boolean) performBKUSelectionObj;
+		
+		if (performBKUSelection)
+			return "BKUSelectionProcess";
+		
+		else
+			return null;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml" };
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
index 4a6ecd56a..f1ab58ee0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
@@ -44,9 +44,9 @@ import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -55,13 +55,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -73,6 +72,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@Service("CreateInterfedeartionRequestTask")
 public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
@@ -84,8 +84,8 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		boolean requiredLocalAuthentication = true;
 		
-		IRequest pendingReq = RequestStorage.getPendingRequest(
-				(String) executionContext.get("pendingRequestID"));	
+		IRequest pendingReq = requestStoreage.getPendingRequest(
+				(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));	
 
 		String idpEntityID = 
 				(String) executionContext.get(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID);
@@ -105,8 +105,10 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
 			OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID);
 			OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
 		
+			String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+			
 			if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
-				Logger.info("Requested interfederation IDP " + pendingReq.getRequestedIDP() + " is not valid for interfederation.");
+				Logger.info("Requested interfederation IDP " + requestedIDP + " is not valid for interfederation.");
 				Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())
 					+ " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));
 				Logger.info("Switch to local authentication on this IDP ... ");
@@ -252,18 +254,18 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
 					//build and send request without an error
 					requiredLocalAuthentication = false;
 					
-					MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+					revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
 							pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID());
 					
 					
 				} else {
-					Logger.warn("Requested IDP " + pendingReq.getRequestedIDP() 
+					Logger.warn("Requested IDP " + requestedIDP 
 						+ " does not support POST or Redirect Binding.");
 					
 				}
 												
 			} else {
-				Logger.warn("Requested IDP " + pendingReq.getRequestedIDP() 
+				Logger.warn("Requested IDP " + requestedIDP 
 						+ " is not found in InterFederation configuration");
 				
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
new file mode 100644
index 000000000..fe3e8680c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("EvaluateBKUSelectionTask")
+public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {		
+		try {
+			//load pending request
+			String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);	    		    
+			pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID);						
+			IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID);
+			
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+				
+			}
+			
+			//change pending-request ID
+			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+	    	
+	    	AuthenticationSession moaSession = null;
+	    	String moaSessionID = pendingReq.getMOASessionIdentifier();
+	    	try {
+	    	    moaSession = authenticatedSessionStorage.getSession(moaSessionID);
+	    	    
+	    	    if (moaSession == null) {
+					Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database");
+					throw new MOAIDException("init.04", new Object[] {
+							moaSessionID});
+	    	    	
+	    	    }
+	    	   	    	    
+				// set parameter execution context			
+				Enumeration<String> reqParamNames = request.getParameterNames();
+				while(reqParamNames.hasMoreElements()) {
+					String paramName = reqParamNames.nextElement();
+					if (MiscUtil.isNotEmpty(paramName))
+						executionContext.put(paramName, request.getParameter(paramName));
+					
+				}
+	    	    
+				Logger.info("BKU is selected finished -> Start BKU communication ...");
+	    	    
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] {
+						moaSessionID});
+				
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+	    	
+	    	
+			
+			
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("EvaluateBKUSelectionTask has an internal error", e);
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 712ebb731..ed309d85a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -22,11 +22,12 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -34,10 +35,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -45,6 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@Service("FinalizeAuthenticationTask")
 public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
@@ -56,8 +57,8 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		
 		try {
-			IRequest pendingReq = RequestStorage.getPendingRequest(
-					(String) executionContext.get("pendingRequestID"));	
+			IRequest pendingReq = requestStoreage.getPendingRequest(
+					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));	
 		
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
@@ -66,7 +67,7 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 			}
 			
 			//get Session from context
-			String moasessionid = (String) executionContext.get(PARAM_SESSIONID);
+			String moasessionid = pendingReq.getMOASessionIdentifier();
 			AuthenticationSession session = null;				
 			if (MiscUtil.isEmpty(moasessionid)) {
 				Logger.warn("MOASessionID is empty.");
@@ -74,9 +75,14 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 			}
 			
 			try {			
-				session = AuthenticationSessionStoreage.getSession(moasessionid);
-				AuthenticationSessionStoreage.changeSessionID(session);
-							
+				session = authenticatedSessionStorage.getSession(moasessionid);
+				if (session == null) {
+					Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
+					throw new MOAIDException("init.04", new Object[] { moasessionid });
+					
+				}
+					
+				
 			} catch (MOADatabaseException e) {
 				Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
 				throw new MOAIDException("init.04", new Object[] { moasessionid });
@@ -86,25 +92,25 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 				throw new MOAIDException("auth.18", new Object[] {});
 			
 			} finally {
-				executionContext.remove(PARAM_SESSIONID);
+				executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID);
 			
 			}
 		
-		
-			session.setAuthenticatedUsed(false);
-			session.setAuthenticated(true);
-
 
-			String oldsessionID = session.getSessionID();
+			//set MOASession to authenticated and store MOASession
+			session.setAuthenticated(true);
+			String newMOASessionID = authenticatedSessionStorage.changeSessionID(session);
 
-			//Session is implicte stored in changeSessionID!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+			//set pendingRequest to authenticated and set new MOASessionID			
+			((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID);
+			pendingReq.setAuthenticated(true);
+			requestStoreage.storePendingRequest(pendingReq);
 		
 			Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher.");
 			
-			String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
-					ModulUtils.buildAuthURL(pendingReq.requestedModule(), pendingReq.requestedAction(), pendingReq.getRequestID()), newMOASessionID);
-				
+			String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), 
+					AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID());
+							
 			response.setContentType("text/html");
 			response.setStatus(302);
 			response.addHeader("Location", redirectURL);		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
new file mode 100644
index 000000000..1bdc132d9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("GenerateBKUSelectionFrameTask")
+public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			IRequest pendingReq = requestStoreage.getPendingRequest(
+					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+			
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+				
+			}
+			
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+							
+			//load Parameters from OnlineApplicationConfiguration
+			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			
+			if (oaParam == null) {
+				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
+				
+			}
+						
+			//Build authentication form						
+			String publicURLPreFix = pendingReq.getAuthURL();
+			if (publicURLPreFix.endsWith("/"))
+				publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
+			String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(), 
+					pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID);
+						
+			response.setContentType("text/html;charset=UTF-8");
+			PrintWriter out = new PrintWriter(response.getOutputStream()); 
+			out.print(loginForm);
+			out.flush(); 
+			
+		
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("FinalizeAuthenticationTask has an internal error", e);
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		}
+	
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
index f05ff07e9..77aab8ddb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.stereotype.Service;
+
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
  * @author tlenz
  *
  */
+@Service("ReceiveInterfederationResponseTask")
 public class ReceiveInterfederationResponseTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
new file mode 100644
index 000000000..d8b558846
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("RestartAuthProzessManagement")
+public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
+
+	@Autowired ProcessEngine processEngine;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			IRequest pendingReq = requestStoreage.getPendingRequest(
+					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+			
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+				
+			}
+			
+			//create a new execution context and copy all elements to new context
+			ExecutionContext newec = new ExecutionContextImpl(); 
+			Set<String> entries = executionContext.keySet();
+			for (String key : entries) {
+				newec.put(key, executionContext.get(key));
+				
+			}
+			
+			//remove BKU selection flag
+			newec.remove("performBKUSelection");
+			
+
+			Logger.debug("Swicht to specific authentication process after BKU is selected");
+			
+			// select and create new process instance
+			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
+			if (processDefinitionId == null) {
+				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID());
+				throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() });
+			}			
+			
+			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
+
+			// keep process instance id in moa session
+			((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId);
+
+			// make sure pending request has been persisted before running the process
+			try {
+				requestStoreage.storePendingRequest(pendingReq);
+				
+			} catch (MOAIDException e) {
+				Logger.error("Database Error! MOASession is not stored!");
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() });
+				
+			}
+
+			Logger.info("BKU is selected -> Start BKU communication ...");
+			
+			// start process
+			processEngine.start(processInstanceId);
+			
+			
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("RestartAuthProzessManagement has an internal error", e);
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		}			
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index e659c9447..8af8ed238 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.parser;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
@@ -54,8 +53,6 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 			String templateURL,
 			String useMandate,
 			String ccc,
-			String module,
-			String action,
 			HttpServletRequest req, 
 			IRequest protocolReq) throws WrongParametersException, MOAIDException {
 		
@@ -129,7 +126,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 			
 			if (!oaParam.getBusinessService()) {
 				if (StringUtils.isEmpty(targetConfig)
-						|| (module.equals("id_saml1") && 
+						|| (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") && 
 								!StringUtils.isEmpty(target)) 
 					) {
 						//INFO: ONLY SAML1 legacy mode
@@ -278,25 +275,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	
 	public static void parse(ExecutionContext ec, HttpServletRequest req, 
 			AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
-		
-		
-	    String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
-	    String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
-	    
-	    modul = StringEscapeUtils.escapeHtml(modul);
-	    action = StringEscapeUtils.escapeHtml(action);
-//	    if(modul == null) {
-//	    	modul = SAML1Protocol.PATH;
-//	    }
-//	    
-//	    if(action == null) {
-//	    	action = SAML1Protocol.GETARTIFACT;
-//	    }
-		moasession.setModul(modul);
-		moasession.setAction(action);
-				
+						
 		//get Parameters from request
-		String target = (String) ec.get(PARAM_TARGET);
 	    String oaURL = (String) ec.get(PARAM_OA);
 	    String bkuURL = (String) ec.get(PARAM_BKU);
 	    String templateURL = (String) ec.get(PARAM_TEMPLATE);
@@ -312,9 +292,11 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    }
 	    		    
 	    oaURL = request.getOAURL();
-	    target = request.getTarget();
+	    
+	    //only needed for SAML1
+	    String target = request.getGenericData("target", String.class);
 	    	    
-	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req, request);
+	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request);
 	    
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
new file mode 100644
index 000000000..26e24f5b4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -0,0 +1,238 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.moduls.IRequestStorage;
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class AbstractController extends MOAIDAuthConstants {
+
+	public static final String ERROR_CODE_PARAM = "errorid";
+	
+	@Autowired protected StatisticLogger statisticLogger;
+	@Autowired protected IRequestStorage requestStorage;
+	@Autowired protected ITransactionStorage transactionStorage;
+	@Autowired protected MOAReversionLogger revisionsLogger;
+	@Autowired protected AuthConfiguration authConfig;
+	
+	
+	protected void handleError(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException {
+
+		Throwable loggedException = null;
+
+		if (exceptionThrown != null 
+				&& exceptionThrown instanceof ProcessExecutionException) {
+			ProcessExecutionException procExc = 
+					(ProcessExecutionException) exceptionThrown;
+			if (procExc.getCause() != null && 
+					procExc.getCause() instanceof TaskExecutionException) {
+				TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
+				loggedException = taskExc.getOriginalException();	
+						
+			}			
+		}
+
+		if (loggedException == null)
+			loggedException = exceptionThrown;
+
+
+		if (!(loggedException instanceof MOAIDException)) {
+			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
+	
+		} else {
+			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
+				Logger.error(loggedException.getMessage(), loggedException);
+	
+			} else {
+				Logger.error(loggedException.getMessage());
+	
+			}			
+		}
+
+		//store error into transaction store
+		try {
+			String key = Random.nextRandom();			
+			transactionStorage.put(key, exceptionThrown);
+			
+			if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+				String redirectURL = null;
+
+				redirectURL = ServletUtils.getBaseUrl(req);	
+				redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT 
+						+ "?" + ERROR_CODE_PARAM + "=" + key 
+				+ "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+
+				resp.setContentType("text/html");
+				resp.setStatus(302);
+
+				resp.addHeader("Location", redirectURL);		
+				Logger.debug("REDIRECT TO: " + redirectURL);	
+
+				return;
+		
+			} else {	
+				//Exception can not be stored in database
+				handleErrorNoRedirect(loggedException, req, resp);
+				
+			}
+			
+		} catch (MOADatabaseException e) {
+			Logger.warn("Exception can not be stored to Database.", e);
+			handleErrorNoRedirect(loggedException, req, resp);
+			
+		}
+		
+		
+	}
+	
+	
+	/**
+	 * Handles all exceptions with no pending request.
+	 * Therefore, the error is written to the users browser
+	 * 
+	 * @param throwable
+	 * @param req
+	 * @param resp
+	 * @throws IOException 
+	 */
+	protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, 
+			HttpServletResponse resp) throws IOException {
+		
+		//log Exception into statistic database
+		statisticLogger.logErrorOperation(throwable);
+		
+		//write errror to console
+		Logger.error(throwable.getMessage(), throwable);
+		
+		//return error to Web browser
+		if (throwable instanceof MOAIDException)
+			MOAIDExceptionHandler(req, resp, (MOAIDException)throwable);
+		
+		else
+			GenericExceptionHandler(req, resp, (Exception)throwable);
+	}
+	
+	@ExceptionHandler({MOAIDException.class})
+	public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException {
+		if (e instanceof ProtocolNotActiveException) {
+			resp.getWriter().write(e.getMessage());
+			resp.setContentType("text/html;charset=UTF-8");
+			resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+			return;
+		
+		} else if (e instanceof AuthnRequestValidatorException) {
+			AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
+			//log Error Message
+			statisticLogger.logErrorOperation(ex, ex.getErrorRequest());				
+			return;
+		
+		} else if (e instanceof InvalidProtocolRequestException) {
+			//write log entry
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			
+			//send error response
+			ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
+			String code = utils.mapInternalErrorToExternalError(e.getMessageId());
+			String descr = e.getMessage();
+			resp.setContentType("text/html;charset=UTF-8");
+			resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
+					"(Errorcode=" + code +
+					" | Description=" + descr + ")");
+			return;
+		} else if (e instanceof ConfigurationException) {	
+			resp.setContentType("text/html;charset=UTF-8");
+			resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+					"(Errorcode=9199"
+					+" | Description="+ e.getMessage() + ")");
+			return;
+		
+			//TODO: check exception type
+		} else if (e instanceof MOAIDException) {
+			String samlRequest = req.getParameter("SAMLRequest");
+			if (MiscUtil.isNotEmpty(samlRequest))
+				Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			else			
+				Logger.error("Failed to generate a valid protocol request!");
+			
+			resp.setContentType("text/html;charset=UTF-8");
+			resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+					"(Errorcode=6000"
+					+" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
+			return;
+		
+		}
+		
+	}
+	
+	@ExceptionHandler({Exception.class})
+	public void GenericExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception exception) throws IOException {
+		Logger.error("Internel Server Error." , exception);
+		resp.setContentType("text/html;charset=UTF-8");
+		resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
+				"(Errorcode=9199"
+				+" | Description="+ exception.getMessage() + ")");
+		return;
+		
+	}
+	
+	@ExceptionHandler({IOException.class})
+	public void IOExceptionHandler(HttpServletRequest req, HttpServletResponse resp, IOException exception) {
+		Logger.error("Internel Server Error." , exception);
+		resp.setContentType("text/html;charset=UTF-8");
+		resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+		return;
+		
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
new file mode 100644
index 000000000..375afca4d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -0,0 +1,84 @@
+package at.gv.egovernment.moa.id.auth.servlet;

+

+import java.io.IOException;

+

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+

+import org.apache.commons.lang.StringEscapeUtils;

+import org.springframework.beans.factory.annotation.Autowired;

+

+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;

+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

+import at.gv.egovernment.moa.id.moduls.IRequest;

+import at.gv.egovernment.moa.id.process.ProcessEngine;

+import at.gv.egovernment.moa.logging.Logger;

+

+/**

+ * Servlet that resumes a suspended process (in case of asynchronous tasks).

+ * 

+ * @author tknall

+ * 

+ */

+public abstract class AbstractProcessEngineSignalController extends AbstractController {

+		

+	@Autowired ProcessEngine processEngine;

+	

+	protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {

+		String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));

+		

+		try {	

+			if (pendingRequestID == null) {

+				throw new IllegalStateException("Unable to determine MOA pending-request id.");

+			}

+			

+			IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);

+			if (pendingReq == null) {

+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");

+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});

+				

+			}

+			

+			//add transactionID and unique sessionID to Logger

+			TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());

+			TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier());

+			

+			// process instance is mandatory

+			if (pendingReq.getProcessInstanceId() == null) {

+				throw new IllegalStateException("MOA session does not provide process instance id.");

+			}

+

+			// wake up next task

+			processEngine.signal(pendingReq.getProcessInstanceId());

+

+		} catch (Exception ex) {

+			handleError(null, ex, req, resp, pendingRequestID);

+			

+		} finally {

+			//MOASessionDBUtils.closeSession();

+			TransactionIDUtils.removeTransactionId();

+			TransactionIDUtils.removeSessionId();

+			

+		}

+		

+		

+	}

+	

+	/**

+	 * Retrieves the current pending-request id from the HttpServletRequest parameter

+	 * {@link MOAIDAuthConstants#PARAM_TARGET_PENDINGREQUESTID}.

+	 * <p/>

+	 * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the

+	 * respective pending-request id.

+	 * 

+	 * @param request

+	 *            The unterlying HttpServletRequest.

+	 * @return The current pending-request id.

+	 */

+	public String getPendingRequestId(HttpServletRequest request) {

+		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));

+		

+	}

+

+}

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index fe24d45dd..fb6c71846 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -1,507 +1,378 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.FileItemFactory;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.NoSuchBeanDefinitionException;
-import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
-
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.storage.IExceptionStore;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.URLDecoder;
-
-/**
- * Base class for MOA-ID Auth Servlets, providing standard error handling and
- * constant names.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthServlet extends HttpServlet {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6929905344382283738L;
-
-	protected static final String ERROR_CODE_PARAM = "errorid";
-	
-	/**
-	 * The process engine.
-	 */
-	private ProcessEngine processEngine;
-	
-	@Override
-	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		Logger.debug("GET " + this.getServletName());
-
-		this.setNoCachingHeadersInHttpRespone(req, resp);
-	}
-
-	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp) {
-
-		if (null != errorMessage) {
-			Logger.error(errorMessage);
-			req.setAttribute("ErrorMessage", errorMessage);
-		}
-
-		if (null != exceptionThrown) {
-			if (null == errorMessage)
-				errorMessage = exceptionThrown.getMessage();
-			Logger.error(errorMessage, exceptionThrown);
-			req.setAttribute("ExceptionThrown", exceptionThrown);
-		}
-
-		if (Logger.isDebugEnabled()) {
-			req.setAttribute("LogLevel", "debug");
-		}
-		
-		
-		StatisticLogger logger = StatisticLogger.getInstance();
-		logger.logErrorOperation(exceptionThrown);
-		
-		
-		// forward this to errorpage-auth.jsp where the HTML error page is
-		// generated
-		ServletContext context = getServletContext();
-		RequestDispatcher dispatcher = context
-				.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
-
-			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-			dispatcher.forward(req, resp);
-		} catch (ServletException e) {
-			Logger.error(e);
-		} catch (IOException e) {
-			Logger.error(e);
-		}
-	}
-	
-	/**
-	 * Handles an error. <br>>
-	 * <ul>
-	 * <li>Logs the error</li>
-	 * <li>Places error message and exception thrown into the request as request
-	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
-	 * <li>Sets HTTP status 500 (internal server error)</li>
-	 * </ul>
-	 * 
-	 * @param errorMessage
-	 *            error message
-	 * @param exceptionThrown
-	 *            exception thrown
-	 * @param req
-	 *            servlet request
-	 * @param resp
-	 *            servlet response
-	 */
-	protected void handleError(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
-
-		Throwable loggedException = null;
-		
-		if (exceptionThrown != null 
-				&& exceptionThrown instanceof ProcessExecutionException) {
-			ProcessExecutionException procExc = 
-					(ProcessExecutionException) exceptionThrown;
-			if (procExc.getCause() != null && 
-					procExc.getCause() instanceof TaskExecutionException) {
-				TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
-				loggedException = taskExc.getOriginalException();	
-								
-			}			
-		}
-		
-		if (loggedException == null)
-			loggedException = exceptionThrown;
-		
-
-		if (!(loggedException instanceof MOAIDException)) {
-			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
-			
-		} else {
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
-				Logger.error(loggedException.getMessage(), loggedException);
-			
-			} else {
-				Logger.error(loggedException.getMessage());
-			
-			}			
-		}
-		
-		IExceptionStore store = DBExceptionStoreImpl.getStore();
-		String id = store.storeException(loggedException);
-
-		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
-		
-			String redirectURL = null;
-
-			redirectURL = ServletUtils.getBaseUrl(req);
-			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
-					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-		
-			resp.setContentType("text/html");
-			resp.setStatus(302);
-	
-			resp.addHeader("Location", redirectURL);		
-			Logger.debug("REDIRECT TO: " + redirectURL);	
-		
-			return;
-			
-		} else {
-			
-			//Exception can not be stored in database
-			handleErrorNoRedirect(errorMessage, loggedException, req, resp);
-		}
-	}
-
-	/**
-	 * Handles a <code>WrongParametersException</code>.
-	 * 
-	 * @param req
-	 *            servlet request
-	 * @param resp
-	 *            servlet response
-	 */
-	protected void handleWrongParameters(WrongParametersException ex,
-			HttpServletRequest req, HttpServletResponse resp) {
-		Logger.error(ex.toString());
-		req.setAttribute("WrongParameters", ex.getMessage());
-
-		// forward this to errorpage-auth.jsp where the HTML error page is
-		// generated
-		ServletContext context = getServletContext();
-		RequestDispatcher dispatcher = context
-				.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
-			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-			dispatcher.forward(req, resp);
-		} catch (ServletException e) {
-			Logger.error(e);
-		} catch (IOException e) {
-			Logger.error(e);
-		}
-	}
-
-	/**
-	 * Logs all servlet parameters for debugging purposes.
-	 */
-	protected void logParameters(HttpServletRequest req) {
-		for (Enumeration params = req.getParameterNames(); params
-				.hasMoreElements();) {
-			String parname = (String) params.nextElement();
-			Logger.debug("Parameter " + parname + req.getParameter(parname));
-		}
-	}
-
-	/**
-	 * Parses the request input stream for parameters, assuming parameters are
-	 * encoded UTF-8 (no standard exists how browsers should encode them).
-	 * 
-	 * @param req
-	 *            servlet request
-	 * 
-	 * @return mapping parameter name -> value
-	 * 
-	 * @throws IOException
-	 *             if parsing request parameters fails.
-	 * 
-	 * @throws FileUploadException
-	 *             if parsing request parameters fails.
-	 */
-	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
-			FileUploadException {
-
-		Map<String, String> parameters = new HashMap<String, String>();
-
-		if (ServletFileUpload.isMultipartContent(req)) {
-			// request is encoded as mulitpart/form-data
-			FileItemFactory factory = new DiskFileItemFactory();
-			ServletFileUpload upload = null;
-			upload = new ServletFileUpload(factory);
-			List items = null;
-			items = upload.parseRequest(req);
-			for (int i = 0; i < items.size(); i++) {
-				FileItem item = (FileItem) items.get(i);
-				if (item.isFormField()) {
-					// Process only form fields - no file upload items
-					String logString = item.getString("UTF-8");
-
-					// TODO use RegExp
-					String startS = "<pr:Identification><pr:Value>";
-					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
-					String logWithMaskedBaseid = logString;
-					int start = logString.indexOf(startS);
-					if (start > -1) {
-						int end = logString.indexOf(endS);
-						if (end > -1) {
-							logWithMaskedBaseid = logString.substring(0, start);
-							logWithMaskedBaseid += startS;
-							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
-							logWithMaskedBaseid += logString.substring(end,
-									logString.length());
-						}
-					}
-					parameters
-							.put(item.getFieldName(), item.getString("UTF-8"));
-					Logger.debug("Processed multipart/form-data request parameter: \nName: "
-							+ item.getFieldName()
-							+ "\nValue: "
-							+ logWithMaskedBaseid);
-				}
-			}
-		}
-
-		else {
-			// request is encoded as application/x-www-urlencoded
-			InputStream in = req.getInputStream();
-
-			String paramName;
-			String paramValueURLEncoded;
-			do {
-				paramName = new String(readBytesUpTo(in, '='));
-				if (paramName.length() > 0) {
-					paramValueURLEncoded = readBytesUpTo(in, '&');
-					String paramValue = URLDecoder.decode(paramValueURLEncoded,
-							"UTF-8");
-					parameters.put(paramName, paramValue);
-				}
-			} while (paramName.length() > 0);
-			in.close();
-		}
-
-		return parameters;
-	}
-
-	/**
-	 * Reads bytes up to a delimiter, consuming the delimiter.
-	 * 
-	 * @param in
-	 *            input stream
-	 * @param delimiter
-	 *            delimiter character
-	 * @return String constructed from the read bytes
-	 * @throws IOException
-	 */
-	protected String readBytesUpTo(InputStream in, char delimiter)
-			throws IOException {
-		ByteArrayOutputStream bout = new ByteArrayOutputStream();
-		boolean done = false;
-		int b;
-		while (!done && (b = in.read()) >= 0) {
-			if (b == delimiter)
-				done = true;
-			else
-				bout.write(b);
-		}
-		return bout.toString();
-	}
-
-	/**
-	 * Calls the web application initializer.
-	 * 
-	 * @see javax.servlet.Servlet#init(ServletConfig)
-	 */
-	public void init(ServletConfig servletConfig) throws ServletException {
-		super.init(servletConfig);
-	}
-
-	
-//	public void contextDestroyed(ServletContextEvent arg0) {
-//		Security.removeProvider((new IAIK()).getName());
-//		Security.removeProvider((new ECCProvider()).getName());
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// * 
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// * 
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// * 
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+///*
+// * Copyright 2003 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// */
+//
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import java.io.IOException;
+//
+//import javax.servlet.RequestDispatcher;
+//import javax.servlet.ServletConfig;
+//import javax.servlet.ServletContext;
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServlet;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import org.springframework.beans.BeansException;
+//import org.springframework.beans.factory.NoSuchBeanDefinitionException;
+//import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
+//import org.springframework.web.context.WebApplicationContext;
+//import org.springframework.web.context.support.WebApplicationContextUtils;
+//
+//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+//import at.gv.egovernment.moa.id.config.ConfigurationException;
+//import at.gv.egovernment.moa.id.process.ProcessEngine;
+//import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+//import at.gv.egovernment.moa.id.storage.IExceptionStore;
+//import at.gv.egovernment.moa.id.util.ServletUtils;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.MiscUtil;
+//
+///**
+// * Base class for MOA-ID Auth Servlets, providing standard error handling and
+// * constant names.
+// * 
+// * @author Paul Ivancsics
+// * @version $Id$
+// */
+//public class AuthServlet extends HttpServlet {
+//
+//	/**
+//	 * 
+//	 */
+//	private static final long serialVersionUID = -6929905344382283738L;
+//
+//	protected static final String ERROR_CODE_PARAM = "errorid";
+//	
+//	/**
+//	 * The process engine.
+//	 */
+//	private ProcessEngine processEngine;
+//	
+//	@Override
+//	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+//			throws ServletException, IOException {
+//		Logger.debug("GET " + this.getServletName());
+//
+//		this.setNoCachingHeadersInHttpRespone(req, resp);
 //	}
-	
-	/**
-	 * Set response headers to avoid caching
-	 * 
-	 * @param request
-	 *            HttpServletRequest
-	 * @param response
-	 *            HttpServletResponse
-	 */
-	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
-			HttpServletResponse response) {
-		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-				MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-	}
-
-	/**
-	 * Adds a parameter to a URL.
-	 * 
-	 * @param url
-	 *            the URL
-	 * @param paramname
-	 *            parameter name
-	 * @param paramvalue
-	 *            parameter value
-	 * @return the URL with parameter added
-	 */
-	protected static String addURLParameter(String url, String paramname,
-			String paramvalue) {
-		String param = paramname + "=" + paramvalue;
-		if (url.indexOf("?") < 0)
-			return url + "?" + param;
-		else
-			return url + "&" + param;
-	}
-
-	/**
-	 * Checks if HTTP requests are allowed
-	 * 
-	 * @param authURL
-	 *            requestURL
-	 * @throws AuthenticationException
-	 *             if HTTP requests are not allowed
-	 * @throws ConfigurationException
-	 */
-	protected void checkIfHTTPisAllowed(String authURL)
-			throws AuthenticationException, ConfigurationException {
-		// check if HTTP Connection may be allowed (through
-		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-		
-		//Removed from MOA-ID 2.0 config
-//		String boolStr = AuthConfigurationProvider
-//				.getInstance()
-//				.getGenericConfigurationParameter(
-//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-		if ((!authURL.startsWith("https:"))
-				//&& (false == BoolUtils.valueOf(boolStr))
-				)
-			throw new AuthenticationException("auth.07", new Object[] { authURL
-					+ "*" });
-
-	}
-
-
-	/**
-	 * Returns the underlying process engine instance.
-	 * 
-	 * @return The process engine (never {@code null}).
-	 * @throws NoSuchBeanDefinitionException
-	 *             if no {@link ProcessEngine} bean was found.
-	 * @throws NoUniqueBeanDefinitionException
-	 *             if more than one {@link ProcessEngine} bean was found.
-	 * @throws BeansException
-	 *             if a problem getting the {@link ProcessEngine} bean occurred.
-	 * @throws IllegalStateException
-	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
-	 *             Spring web environment.
-	 */
-	public synchronized ProcessEngine getProcessEngine() {
-		if (processEngine == null) {
-			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
-			if (ctx == null) {
-				throw new IllegalStateException(
-						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
-			}
-			processEngine = ctx.getBean(ProcessEngine.class);
-		}
-		return processEngine;
-	}
-	
-}
+//
+//	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+//			HttpServletRequest req, HttpServletResponse resp) {
+//
+//		if (null != errorMessage) {
+//			Logger.error(errorMessage);
+//			req.setAttribute("ErrorMessage", errorMessage);
+//		}
+//
+//		if (null != exceptionThrown) {
+//			if (null == errorMessage)
+//				errorMessage = exceptionThrown.getMessage();
+//			Logger.error(errorMessage, exceptionThrown);
+//			req.setAttribute("ExceptionThrown", exceptionThrown);
+//		}
+//
+//		if (Logger.isDebugEnabled()) {
+//			req.setAttribute("LogLevel", "debug");
+//		}
+//		
+//		
+//		StatisticLogger logger = StatisticLogger.getInstance();
+//		logger.logErrorOperation(exceptionThrown);
+//		
+//		
+//		// forward this to errorpage-auth.jsp where the HTML error page is
+//		// generated
+//		ServletContext context = getServletContext();
+//		RequestDispatcher dispatcher = context
+//				.getRequestDispatcher("/errorpage-auth.jsp");
+//		try {
+//
+//			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+//					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+//			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+//					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+//			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+//			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+//			dispatcher.forward(req, resp);
+//		} catch (ServletException e) {
+//			Logger.error(e);
+//		} catch (IOException e) {
+//			Logger.error(e);
+//		}
+//	}
+//	
+//	/**
+//	 * Handles an error. <br>>
+//	 * <ul>
+//	 * <li>Logs the error</li>
+//	 * <li>Places error message and exception thrown into the request as request
+//	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+//	 * <li>Sets HTTP status 500 (internal server error)</li>
+//	 * </ul>
+//	 * 
+//	 * @param errorMessage
+//	 *            error message
+//	 * @param exceptionThrown
+//	 *            exception thrown
+//	 * @param req
+//	 *            servlet request
+//	 * @param resp
+//	 *            servlet response
+//	 */
+//	protected void handleError(String errorMessage, Throwable exceptionThrown,
+//			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
+//
+//		Throwable loggedException = null;
+//		
+//		if (exceptionThrown != null 
+//				&& exceptionThrown instanceof ProcessExecutionException) {
+//			ProcessExecutionException procExc = 
+//					(ProcessExecutionException) exceptionThrown;
+//			if (procExc.getCause() != null && 
+//					procExc.getCause() instanceof TaskExecutionException) {
+//				TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
+//				loggedException = taskExc.getOriginalException();	
+//								
+//			}			
+//		}
+//		
+//		if (loggedException == null)
+//			loggedException = exceptionThrown;
+//		
+//
+//		if (!(loggedException instanceof MOAIDException)) {
+//			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
+//			
+//		} else {
+//			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
+//				Logger.error(loggedException.getMessage(), loggedException);
+//			
+//			} else {
+//				Logger.error(loggedException.getMessage());
+//			
+//			}			
+//		}
+//		
+//		IExceptionStore store = DBExceptionStoreImpl.getStore();
+//		String id = store.storeException(loggedException);
+//
+//		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+//		
+//			String redirectURL = null;
+//
+//			redirectURL = ServletUtils.getBaseUrl(req);
+//			
+//			//TODO: DEVELOPMENT
+////			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
+////					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+//		
+//			resp.setContentType("text/html");
+//			resp.setStatus(302);
+//	
+//			resp.addHeader("Location", redirectURL);		
+//			Logger.debug("REDIRECT TO: " + redirectURL);	
+//		
+//			return;
+//			
+//		} else {
+//			
+//			//Exception can not be stored in database
+//			handleErrorNoRedirect(errorMessage, loggedException, req, resp);
+//		}
+//	}
+//
+//	/**
+//	 * Handles a <code>WrongParametersException</code>.
+//	 * 
+//	 * @param req
+//	 *            servlet request
+//	 * @param resp
+//	 *            servlet response
+//	 */
+//	protected void handleWrongParameters(WrongParametersException ex,
+//			HttpServletRequest req, HttpServletResponse resp) {
+//		Logger.error(ex.toString());
+//		req.setAttribute("WrongParameters", ex.getMessage());
+//
+//		// forward this to errorpage-auth.jsp where the HTML error page is
+//		// generated
+//		ServletContext context = getServletContext();
+//		RequestDispatcher dispatcher = context
+//				.getRequestDispatcher("/errorpage-auth.jsp");
+//		try {
+//			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+//					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+//			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+//					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+//			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+//			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+//			dispatcher.forward(req, resp);
+//		} catch (ServletException e) {
+//			Logger.error(e);
+//		} catch (IOException e) {
+//			Logger.error(e);
+//		}
+//	}
+//
+//
+//	/**
+//	 * Calls the web application initializer.
+//	 * 
+//	 * @see javax.servlet.Servlet#init(ServletConfig)
+//	 */
+//	public void init(ServletConfig servletConfig) throws ServletException {
+//		super.init(servletConfig);
+//	}
+//
+//	
+//	/**
+//	 * Set response headers to avoid caching
+//	 * 
+//	 * @param request
+//	 *            HttpServletRequest
+//	 * @param response
+//	 *            HttpServletResponse
+//	 */
+//	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
+//			HttpServletResponse response) {
+//		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+//				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+//		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+//				MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+//		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+//				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+//		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+//				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+//	}
+//
+//	/**
+//	 * Adds a parameter to a URL.
+//	 * 
+//	 * @param url
+//	 *            the URL
+//	 * @param paramname
+//	 *            parameter name
+//	 * @param paramvalue
+//	 *            parameter value
+//	 * @return the URL with parameter added
+//	 */
+//	protected static String addURLParameter(String url, String paramname,
+//			String paramvalue) {
+//		String param = paramname + "=" + paramvalue;
+//		if (url.indexOf("?") < 0)
+//			return url + "?" + param;
+//		else
+//			return url + "&" + param;
+//	}
+//
+//	/**
+//	 * Checks if HTTP requests are allowed
+//	 * 
+//	 * @param authURL
+//	 *            requestURL
+//	 * @throws AuthenticationException
+//	 *             if HTTP requests are not allowed
+//	 * @throws ConfigurationException
+//	 */
+//	protected void checkIfHTTPisAllowed(String authURL)
+//			throws AuthenticationException, ConfigurationException {
+//		// check if HTTP Connection may be allowed (through
+//		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+//		
+//		//Removed from MOA-ID 2.0 config
+////		String boolStr = AuthConfigurationProvider
+////				.getInstance()
+////				.getGenericConfigurationParameter(
+////						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+//		if ((!authURL.startsWith("https:"))
+//				//&& (false == BoolUtils.valueOf(boolStr))
+//				)
+//			throw new AuthenticationException("auth.07", new Object[] { authURL
+//					+ "*" });
+//
+//	}
+//
+//
+//	/**
+//	 * Returns the underlying process engine instance.
+//	 * 
+//	 * @return The process engine (never {@code null}).
+//	 * @throws NoSuchBeanDefinitionException
+//	 *             if no {@link ProcessEngine} bean was found.
+//	 * @throws NoUniqueBeanDefinitionException
+//	 *             if more than one {@link ProcessEngine} bean was found.
+//	 * @throws BeansException
+//	 *             if a problem getting the {@link ProcessEngine} bean occurred.
+//	 * @throws IllegalStateException
+//	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
+//	 *             Spring web environment.
+//	 */
+//	public synchronized ProcessEngine getProcessEngine() {
+//		if (processEngine == null) {
+//			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
+//			if (ctx == null) {
+//				throw new IllegalStateException(
+//						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
+//			}
+//			processEngine = ctx.getBean(ProcessEngine.class);
+//		}
+//		return processEngine;
+//	}
+//	
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
index ce974c531..6bccd5b88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
  * Copyright 2014 Federal Chancellery Austria
  * MOA-ID has been developed in a cooperation between BRZ, the Federal
  * Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,40 +19,33 @@
  * file for details on the various modules and licenses.
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.storage;
+ */
+package at.gv.egovernment.moa.id.auth.servlet;
 
-import java.util.HashMap;
-import java.util.Map;
+import java.io.IOException;
 
-import at.gv.egovernment.moa.id.util.Random;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
-public class ExceptionStoreImpl implements IExceptionStore {
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
-	// Just a quick implementation
-	private static IExceptionStore store;
-	
-	public static IExceptionStore getStore() {
-		if(store == null) {
-			store = new ExceptionStoreImpl();
-		}
-		return store;
-	}
-	
-	private Map<String, Throwable> exceptionStore = new HashMap<String, Throwable>();
-	
-	public String storeException(Throwable e) {
-		String id = Random.nextRandom();
-		exceptionStore.put(id, e);
-		return id;
-	}
-
-	public Throwable fetchException(String id) {
-		return exceptionStore.get(id);
-	}
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class GeneralProcessEngineSignalController extends AbstractProcessEngineSignalController {
 
-	public void removeException(String id) {
-		exceptionStore.remove(id);
+	
+	@RequestMapping(value = {"/GenerateIframeTemplate", 
+							 "/SSOSendAssertionServlet",
+							 "/signalProcess"
+			                }, 
+			        method = {RequestMethod.POST, RequestMethod.GET})
+	public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+		
 	}
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 15d596049..663a14881 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -1,168 +1,168 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.util.Enumeration;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class GenerateIFrameTemplateServlet extends AuthServlet {
-
-	private static final long serialVersionUID = 1L;
-
-	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request");
-
-    	String pendingRequestID = null;
-		
-	    try {
-	    	String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);	    		    
-	    	moasessionid = StringEscapeUtils.escapeHtml(moasessionid);	    	
-	    	AuthenticationSession moasession = null;	    	
-	    	try {	    		
-	    	    pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);			
-	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid);
-	    	    			
-			} catch (MOADatabaseException e) {
-				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
-				throw new MOAIDException("init.04", new Object[] {
-						moasessionid});
-				
-			} catch (Throwable e) {
-				Logger.info("No HTTP Session found!");
-				throw new MOAIDException("auth.18", new Object[] {});
-			}
-	    	
-
-
-			ExecutionContext ec = new ExecutionContextImpl();
-			// set execution context			
-			Enumeration<String> reqParamNames = req.getParameterNames();
-			while(reqParamNames.hasMoreElements()) {
-				String paramName = reqParamNames.nextElement();
-				if (MiscUtil.isNotEmpty(paramName))
-					ec.put(paramName, req.getParameter(paramName));
-				
-			}
-			
-			ec.put("pendingRequestID", pendingRequestID);
-			ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid);
-			
-//	    	String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU);
-//	    	String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
-//	    	String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC);
-//			ec.put("ccc", moasession.getCcc());
-//			ec.put("useMandate", moasession.getUseMandate());
-//			ec.put("bkuURL", moasession.getBkuURL());
-			
-			// select and create process instance
-			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
-			if (processDefinitionId == null) {
-				Logger.warn("No suitable process found for SessionID " + moasession.getSessionID());
-				throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() });
-			}			
-			
-			String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
-
-			// keep process instance id in moa session
-			moasession.setProcessInstanceId(processInstanceId);
-
-			// make sure moa session has been persisted before running the process
-			try {
-				AuthenticationSessionStoreage.storeSession(moasession);
-			} catch (MOADatabaseException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() });
-			}
-
-			Logger.info("BKU is selected -> Start BKU communication ...");
-			
-			// start process
-			getProcessEngine().start(processInstanceId);
-
-		}
-	    catch (WrongParametersException ex) {
-	    	handleWrongParameters(ex, req, resp);
-	    }
-	          
-	    catch (MOAIDException ex) {
-	    	handleError(null, ex, req, resp, pendingRequestID);
-
-	    } catch (ProcessExecutionException e) {
-			Throwable cause = e.getCause();
-			if (cause != null && cause instanceof TaskExecutionException) {
-				Throwable taskCause = cause.getCause();
-				if (taskCause != null && taskCause instanceof WrongParametersException) {
-					WrongParametersException internalEx = (WrongParametersException) taskCause;
-					handleWrongParameters(internalEx, req, resp);
-					return;
-					
-				} else if (taskCause != null && taskCause instanceof MOAIDException) {
-					MOAIDException moaTaskCause = (MOAIDException) taskCause;
-					handleError(null, moaTaskCause, req, resp, pendingRequestID);
-					return;
-					
-				}									
-			} 
-			
-			Logger.error("BKUSelectionServlet has an interal Error.", e);				    	
-	    	
-	    } catch (Exception e) {
-	    	Logger.error("BKUSelectionServlet has an interal Error.", e);
-	    	
-	    }
-	       	    
-	    finally {
-	    	
-	    }
-	}
-
-	
-	
-	
-	
-	
-	
-	
-
-}
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// * 
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// * 
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// * 
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import java.io.IOException;
+//import java.util.Enumeration;
+//
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import org.apache.commons.lang.StringEscapeUtils;
+//
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+//import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+//import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
+//import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+//import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.MiscUtil;
+//
+//public class GenerateIFrameTemplateServlet extends AuthServlet {
+//
+//	private static final long serialVersionUID = 1L;
+//
+//	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+//			throws ServletException, IOException {
+//		Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request");
+//
+//    	String pendingRequestID = null;
+//		
+//	    try {
+//	    	String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);	    		    
+//	    	moasessionid = StringEscapeUtils.escapeHtml(moasessionid);	    	
+//	    	AuthenticationSession moasession = null;	    	
+//	    	try {	    		
+//	    	    pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);			
+//	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+//	    	    			
+//			} catch (MOADatabaseException e) {
+//				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
+//				throw new MOAIDException("init.04", new Object[] {
+//						moasessionid});
+//				
+//			} catch (Throwable e) {
+//				Logger.info("No HTTP Session found!");
+//				throw new MOAIDException("auth.18", new Object[] {});
+//			}
+//	    	
+//
+//
+//			ExecutionContext ec = new ExecutionContextImpl();
+//			// set execution context			
+//			Enumeration<String> reqParamNames = req.getParameterNames();
+//			while(reqParamNames.hasMoreElements()) {
+//				String paramName = reqParamNames.nextElement();
+//				if (MiscUtil.isNotEmpty(paramName))
+//					ec.put(paramName, req.getParameter(paramName));
+//				
+//			}
+//			
+//			ec.put("pendingRequestID", pendingRequestID);
+//			ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid);
+//			
+////	    	String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU);
+////	    	String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
+////	    	String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC);
+////			ec.put("ccc", moasession.getCcc());
+////			ec.put("useMandate", moasession.getUseMandate());
+////			ec.put("bkuURL", moasession.getBkuURL());
+//			
+//			// select and create process instance
+//			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
+//			if (processDefinitionId == null) {
+//				Logger.warn("No suitable process found for SessionID " + moasession.getSessionID());
+//				throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() });
+//			}			
+//			
+//			String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
+//
+//			// keep process instance id in moa session
+//			moasession.setProcessInstanceId(processInstanceId);
+//
+//			// make sure moa session has been persisted before running the process
+//			try {
+//				AuthenticationSessionStoreage.storeSession(moasession);
+//			} catch (MOADatabaseException e) {
+//				Logger.error("Database Error! MOASession is not stored!");
+//				throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() });
+//			}
+//
+//			Logger.info("BKU is selected -> Start BKU communication ...");
+//			
+//			// start process
+//			getProcessEngine().start(processInstanceId);
+//
+//		}
+//	    catch (WrongParametersException ex) {
+//	    	handleWrongParameters(ex, req, resp);
+//	    }
+//	          
+//	    catch (MOAIDException ex) {
+//	    	handleError(null, ex, req, resp, pendingRequestID);
+//
+//	    } catch (ProcessExecutionException e) {
+//			Throwable cause = e.getCause();
+//			if (cause != null && cause instanceof TaskExecutionException) {
+//				Throwable taskCause = cause.getCause();
+//				if (taskCause != null && taskCause instanceof WrongParametersException) {
+//					WrongParametersException internalEx = (WrongParametersException) taskCause;
+//					handleWrongParameters(internalEx, req, resp);
+//					return;
+//					
+//				} else if (taskCause != null && taskCause instanceof MOAIDException) {
+//					MOAIDException moaTaskCause = (MOAIDException) taskCause;
+//					handleError(null, moaTaskCause, req, resp, pendingRequestID);
+//					return;
+//					
+//				}									
+//			} 
+//			
+//			Logger.error("BKUSelectionServlet has an interal Error.", e);				    	
+//	    	
+//	    } catch (Exception e) {
+//	    	Logger.error("BKUSelectionServlet has an interal Error.", e);
+//	    	
+//	    }
+//	       	    
+//	    finally {
+//	    	
+//	    }
+//	}
+//
+//	
+//	
+//	
+//	
+//	
+//	
+//	
+//
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index fe5cd1ac0..48292cee1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.velocity.VelocityContext;
 import org.opensaml.saml2.core.LogoutResponse;
 import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -43,8 +45,7 @@ import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
@@ -56,10 +57,13 @@ import at.gv.egovernment.moa.util.URLEncoder;
  * @author tlenz
  *
  */
-public class IDPSingleLogOutServlet extends AuthServlet {
+@Controller
+public class IDPSingleLogOutServlet extends AbstractController {
 
-	private static final long serialVersionUID = -1301786072691577221L;
-		
+	@Autowired SSOManager ssoManager;
+	@Autowired AuthenticationManager authManager;
+	@Autowired IAuthenticationSessionStoreage authenicationStorage;
+	
 	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 			    throws ServletException, IOException {
 		Logger.debug("receive IDP SingleLogOut Request");
@@ -79,9 +83,8 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 			return;
 			
 		}
-		
-		SSOManager ssomanager = SSOManager.getInstance();		
-		String ssoid = ssomanager.getSSOSessionID(req);
+			
+		String ssoid = ssoManager.getSSOSessionID(req);
 		
 		Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART);
 		
@@ -91,9 +94,9 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 		if (tokkenObj != null && tokkenObj instanceof String) {
 			tokken = (String) tokkenObj;
 			try {	
-				status = AssertionStorage.getInstance().get(tokken, String.class);
+				status = transactionStorage.get(tokken, String.class);
 				if (MiscUtil.isNotEmpty(status)) {
-					AssertionStorage.getInstance().remove(tokken);
+					transactionStorage.remove(tokken);
 					
 				}
 				VelocityContext context = new VelocityContext();
@@ -104,13 +107,13 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 					context.put("errorMsg", 
 							MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
 	                	
-				ssomanager.printSingleLogOutInfo(context, resp);				
+				ssoManager.printSingleLogOutInfo(context, resp);				
 					
 			} catch (MOAIDException e) {
-				handleErrorNoRedirect(e.getMessage(), e, req, resp);
+				handleErrorNoRedirect(e, req, resp);
 				
 			} catch (MOADatabaseException e) {
-				handleErrorNoRedirect(e.getMessage(), e, req, resp);
+				handleErrorNoRedirect(e, req, resp);
 				
 			}
 			
@@ -118,16 +121,14 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 					
 		} else if (MiscUtil.isNotEmpty(ssoid)) {
 			try {
-				if (ssomanager.isValidSSOSession(ssoid, null)) {
+				if (ssoManager.isValidSSOSession(ssoid, null)) {
 				
-					AuthenticationManager authmanager = AuthenticationManager.getInstance();
-					String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
+					String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid);
 
 					if (MiscUtil.isNotEmpty(moaSessionID)) {					
-						AuthenticationSession authSession = AuthenticationSessionStoreage
-								.getSession(moaSessionID);
+						AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID);
 						if(authSession != null) {
-							authmanager.performSingleLogOut(req, resp, authSession, authURL);
+							authManager.performSingleLogOut(req, resp, authSession, authURL);
 							return;
 							
 						}
@@ -147,7 +148,7 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 			if (MiscUtil.isNotEmpty(restartProcess)) {
 				Logger.info("Restart Single LogOut process after timeout ... ");
 					try {						
-						SLOInformationContainer sloContainer = AssertionStorage.getInstance().get(restartProcess, SLOInformationContainer.class);
+						SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
 						if (sloContainer.hasFrontChannelOA())
 							sloContainer.putFailedOA("differntent OAs");
 							
@@ -171,13 +172,13 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 					        else
 					        	statusCode  = MOAIDAuthConstants.SLOSTATUS_ERROR;
 
-							AssertionStorage.getInstance().put(artifact, statusCode);
-					        redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
+							transactionStorage.put(artifact, statusCode);
+					        redirectURL = HTTPUtils.addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
 					        
 						}								
-						//redirect to Redirect Servlet
-						String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
-						url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
+						//redirect to Redirect Servlet						
+						String url = authURL + "/RedirectServlet";
+						url = HTTPUtils.addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
 						url = resp.encodeRedirectURL(url);
 					
 						resp.setContentType("text/html");
@@ -205,10 +206,11 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 							MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
 		                	
 					try {
-						ssomanager.printSingleLogOutInfo(context, resp);
+						ssoManager.printSingleLogOutInfo(context, resp);
 						
 					} catch (MOAIDException e) {
 						e.printStackTrace();
+						
 					}
 					return;
 			}			
@@ -218,10 +220,11 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 		context.put("successMsg",
 				MOAIDMessageProvider.getInstance().getMessage("slo.02", null));
 		try {			
-			ssomanager.printSingleLogOutInfo(context, resp);
+			ssoManager.printSingleLogOutInfo(context, resp);
 						
 		} catch (MOAIDException e) {
 			e.printStackTrace();
+			
 		}
 					
 	} 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index a5504ec4c..4ed276814 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -51,6 +51,7 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -58,9 +59,8 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -70,14 +70,16 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class LogOutServlet {
 	private static final String REDIRECT_URL = "redirect";
 	
+	@Autowired private SSOManager ssomanager;
+	@Autowired private AuthenticationManager authmanager;
+	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	
 	@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
 	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 		Logger.debug("receive LogOut Request");  
 
 		String redirectUrl = (String) req.getParameter(REDIRECT_URL);
-		
-		SSOManager ssomanager = SSOManager.getInstance();
-		
+				
 		try {
 			//get SSO token from request
 			String ssoid = ssomanager.getSSOSessionID(req);
@@ -103,15 +105,13 @@ public class LogOutServlet {
 				//TODO: Single LogOut Implementation
 		
 				//delete SSO session and MOA session
-				AuthenticationManager authmanager = AuthenticationManager.getInstance();
-				String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
-		
-				RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
-				
+				String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid);
 				authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
+				
 				Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
 			} else {
 				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+				
 			}
 			
 			//Remove SSO token
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
deleted file mode 100644
index f3e3ae8a4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ /dev/null
@@ -1,122 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;

-

-import java.io.IOException;

-

-import javax.servlet.ServletException;

-import javax.servlet.http.HttpServletRequest;

-import javax.servlet.http.HttpServletResponse;

-

-import org.apache.commons.lang.StringEscapeUtils;

-

-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;

-import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;

-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;

-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

-import at.gv.egovernment.moa.id.moduls.IRequest;

-import at.gv.egovernment.moa.id.moduls.RequestStorage;

-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

-import at.gv.egovernment.moa.logging.Logger;

-

-/**

- * Servlet that resumes a suspended process (in case of asynchronous tasks).

- * 

- * @author tknall

- * 

- */

-public class ProcessEngineSignalServlet extends AuthServlet {

-

-	private static final long serialVersionUID = 1L;

-	

-	/**

-	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).

-	 * 

-	 * @param resp

-	 *            The HttpServletResponse.

-	 */

-	private void setNoCachingHeaders(HttpServletResponse resp) {

-		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);

-		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);

-		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);

-		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

-	}

-

-	/**

-	 * Processes a GET request, delegating the call to {@link #doPost(HttpServletRequest, HttpServletResponse)}.

-	 */

-	@Override

-	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

-		this.doPost(req, resp);

-	}

-

-	/**

-	 * Resumes the current process instance that has been suspended due to an asynchronous task. The process instance is

-	 * retrieved from the MOA session referred to by the request parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.

-	 */

-	@Override

-	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

-		String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req));

-

-		setNoCachingHeaders(resp);		

-		String pendingRequestID = null;

-		try {

-			

-			if (sessionID == null) {

-				throw new IllegalStateException("Unable to determine MOA session id.");

-			}

-

-			// retrieve moa session

-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);

-			

-			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);

-			if (pendingReq == null) {

-				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");

-				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});

-				

-			}

-			

-			AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);

-			AuthenticationSession session = BaseAuthenticationServer.getSession(sessionID);

-

-			//add transactionID and unique sessionID to Logger

-			if (extendedSessionInformation != null)

-				TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());

-			TransactionIDUtils.setTransactionId(pendingRequestID);

-			

-			// process instance is mandatory

-			if (session.getProcessInstanceId() == null) {

-				throw new IllegalStateException("MOA session does not provide process instance id.");

-			}

-

-			// wake up next task

-			getProcessEngine().signal(session.getProcessInstanceId());

-

-		} catch (Exception ex) {

-			handleError(null, ex, req, resp, pendingRequestID);

-			

-		} finally {

-			//MOASessionDBUtils.closeSession();

-			TransactionIDUtils.removeTransactionId();

-			TransactionIDUtils.removeSessionId();

-			

-		}

-

-	}

-

-	/**

-	 * Retrieves the current MOA session id from the HttpServletRequest parameter

-	 * {@link MOAIDAuthConstants#PARAM_SESSIONID}.

-	 * <p/>

-	 * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the

-	 * respective MOA session id.

-	 * 

-	 * @param request

-	 *            The unterlying HttpServletRequest.

-	 * @return The current MOA session id.

-	 */

-	public String getMoaSessionId(HttpServletRequest request) {

-		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID));

-	}

-

-}

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index a914659b0..ba8ace6c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -25,13 +25,16 @@ package at.gv.egovernment.moa.id.auth.servlet;
 import java.io.IOException;
 import java.io.PrintWriter;
 
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
-
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
@@ -42,18 +45,16 @@ import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
 
 
-
-public class RedirectServlet extends AuthServlet{
-
-	private static final long serialVersionUID = 1L;
+@Controller
+public class RedirectServlet {
 
 	public static final String REDIRCT_PARAM_URL = "redirecturl";
-
 	private static final String DEFAULT_REDIRECTTARGET = "_parent";
 	
+	@Autowired SSOManager ssoManager;
 	
-	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
+	@RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET)
+	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 		Logger.debug("Receive " + RedirectServlet.class + " Request");
 		
 		String url = req.getParameter(REDIRCT_PARAM_URL);
@@ -89,12 +90,12 @@ public class RedirectServlet extends AuthServlet{
 					if (MiscUtil.isNotEmpty(target)) {
 //						redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
 //								URLEncoder.encode(session.getTarget(), "UTF-8"));
-						url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
+						url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
 								URLEncoder.encode(target, "UTF-8"));
 
 
 					}
-					url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT,
+					url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT,
 							URLEncoder.encode(artifact, "UTF-8"));
 					url = resp.encodeRedirectURL(url);
 					
@@ -109,8 +110,7 @@ public class RedirectServlet extends AuthServlet{
 				} else if (MiscUtil.isNotEmpty(interIDP)) {
 					//store IDP identifier and redirect to generate AuthRequst service					
 					Logger.info("Receive an interfederation redirect request for IDP " + interIDP);					
-					SSOManager sso = SSOManager.getInstance();
-					sso.setInterfederationIDPCookie(req, resp, interIDP);
+					ssoManager.setInterfederationIDPCookie(req, resp, interIDP);
 
 					Logger.debug("Redirect to " + url);					
 					url = resp.encodeRedirectURL(url);					
@@ -141,7 +141,7 @@ public class RedirectServlet extends AuthServlet{
 			
 			
 		}
+		
 	}
 	
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java
index 62ee1ed85..1d18ccb2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java
@@ -28,9 +28,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
  */
 
 public class SAML2InterfederationSignalServlet extends
-		ProcessEngineSignalServlet {
-
-	private static final long serialVersionUID = 8208970012249149156L;
+		AbstractProcessEngineSignalController {
 
 	
 	//TODO: getMOASessionID from SAML2 relayState
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index 064431a6b..4c895e387 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -1,176 +1,177 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class SSOSendAssertionServlet extends AuthServlet{
-
-	private static final long serialVersionUID = 1L;
-
-	private static final String PARAM = "value";
-	private static final String MODULE = "mod";
-	private static final String ACTION = "action";
-	private static final String ID = "identifier";
-	
-	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		
-		String id = null;
-		Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request");
-		try {
-			
-			Object idObject = req.getParameter(ID);
-			
-			if (idObject != null && (idObject instanceof String)) {
-				id = (String) idObject;
-			}
-			
-			String value = req.getParameter(PARAM);
-			value = StringEscapeUtils.escapeHtml(value);
-			if (!ParamValidatorUtils.isValidUseMandate(value))
-				throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);		    
-
-			//get module and action
-			Object moduleObject = req.getParameter(MODULE);
-			String module = null;
-			if (moduleObject != null && (moduleObject instanceof String)) {
-				module = (String) moduleObject;
-			}
-			
-
-			Object actionObject = req.getParameter(ACTION);
-			String action = null;
-			if (actionObject != null && (actionObject instanceof String)) {
-				action = (String) actionObject;
-			}
-						
-			if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
-				Logger.warn("No Moduel or Action parameter received!");
-				throw new WrongParametersException("Module or Action is empty", "", "auth.10");
-			}
-			
-			
-			SSOManager ssomanager = SSOManager.getInstance();
-			//get SSO Cookie for Request
-			String ssoId = ssomanager.getSSOSessionID(req);
-		
-			//check SSO session
-			if (ssoId != null) {
-				String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
-			
-				if (correspondingMOASession != null) {
-					Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
-							"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
-				
-
-					AuthenticationSessionStoreage.destroySession(correspondingMOASession);
-					
-					ssomanager.deleteSSOSessionID(req, resp);
-				}
-			}
-		
-			boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null);
-		
-			String moaSessionID = null;
-			
-			if (isValidSSOSession) {
-			
-				
-				//check UseMandate flag
-				String valueString = null;;
-				if ((value != null) && (value.compareTo("") != 0)) {
-					valueString = value;
-				} else {
-					valueString = "false";
-				}
-
-				if (valueString.compareToIgnoreCase("true") == 0) {
-					moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId);
-					AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
-					AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
-
-					//log event
-					//String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-					IRequest pendingReq = RequestStorage.getPendingRequest(id);
-					MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED);
-					
-					String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), 
-							ModulUtils.buildAuthURL(module, action, id), "");
-					
-					resp.setContentType("text/html");
-					resp.setStatus(302);
-				
-					
-					resp.addHeader("Location", redirectURL);		
-					Logger.debug("REDIRECT TO: " + redirectURL);
-					
-				}
-					
-				else {
-					throw new AuthenticationException("auth.21", new Object[] {});
-				}
-			
-			} else {
-				handleError("SSO Session is not valid", null, req, resp, id);
-			}
-			
-			
-		} catch (MOADatabaseException e) {
-			handleError("SSO Session is not found", e, req, resp, id);
-			
-		} catch (WrongParametersException e) {
-			handleError("Parameter is not valid", e, req, resp, id);
-			
-		} catch (AuthenticationException e) {
-			handleError(e.getMessage(), e, req, resp, id);
-			
-	    } catch (Exception e) {
-	    	Logger.error("SSOSendAssertion has an interal Error.", e);
-	    }
-	       
-	}
-
-}
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// * 
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// * 
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// * 
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import java.io.IOException;
+//
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import org.apache.commons.lang.StringEscapeUtils;
+//
+//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+//import at.gv.egovernment.moa.id.moduls.IRequest;
+//import at.gv.egovernment.moa.id.moduls.RequestStorage;
+//import at.gv.egovernment.moa.id.moduls.SSOManager;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.MiscUtil;
+//
+//public class SSOSendAssertionServlet extends AuthServlet{
+//
+//	private static final long serialVersionUID = 1L;
+//
+//	private static final String PARAM = "value";
+//	private static final String MODULE = "mod";
+//	private static final String ACTION = "action";
+//	private static final String ID = "identifier";
+//	
+//	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+//			throws ServletException, IOException {
+//		
+//		String id = null;
+//		Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request");
+//		try {
+//			
+//			Object idObject = req.getParameter(ID);
+//			
+//			if (idObject != null && (idObject instanceof String)) {
+//				id = (String) idObject;
+//			}
+//			
+//			String value = req.getParameter(PARAM);
+//			value = StringEscapeUtils.escapeHtml(value);
+//			if (!ParamValidatorUtils.isValidUseMandate(value))
+//				throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);		    
+//
+//			//get module and action
+//			Object moduleObject = req.getParameter(MODULE);
+//			String module = null;
+//			if (moduleObject != null && (moduleObject instanceof String)) {
+//				module = (String) moduleObject;
+//			}
+//			
+//
+//			Object actionObject = req.getParameter(ACTION);
+//			String action = null;
+//			if (actionObject != null && (actionObject instanceof String)) {
+//				action = (String) actionObject;
+//			}
+//						
+//			if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
+//				Logger.warn("No Moduel or Action parameter received!");
+//				throw new WrongParametersException("Module or Action is empty", "", "auth.10");
+//			}
+//			
+//			
+//			SSOManager ssomanager = SSOManager.getInstance();
+//			//get SSO Cookie for Request
+//			String ssoId = ssomanager.getSSOSessionID(req);
+//		
+//			//check SSO session
+//			if (ssoId != null) {
+//				String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+//			
+//				if (correspondingMOASession != null) {
+//					Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+//							"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+//				
+//
+//					AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+//					
+//					ssomanager.deleteSSOSessionID(req, resp);
+//				}
+//			}
+//		
+//			boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null);
+//		
+//			String moaSessionID = null;
+//			
+//			if (isValidSSOSession) {
+//			
+//				
+//				//check UseMandate flag
+//				String valueString = null;;
+//				if ((value != null) && (value.compareTo("") != 0)) {
+//					valueString = value;
+//				} else {
+//					valueString = "false";
+//				}
+//
+//				if (valueString.compareToIgnoreCase("true") == 0) {
+//					moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId);
+//					AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
+//					AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
+//
+//					//log event
+//					//String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+//					IRequest pendingReq = RequestStorage.getPendingRequest(id);
+//					MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED);
+//					
+//					//TODO: only for development!!!!!!!
+////					String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), 
+////							ModulUtils.buildAuthURL(module, action, id), "");
+//					
+//					String redirectURL = "Remove commants in Class:SSOSendAssertionServlet Line:141"; 
+//					
+//					resp.setContentType("text/html");
+//					resp.setStatus(302);
+//				
+//					
+//					resp.addHeader("Location", redirectURL);		
+//					Logger.debug("REDIRECT TO: " + redirectURL);
+//					
+//				}
+//					
+//				else {
+//					throw new AuthenticationException("auth.21", new Object[] {});
+//				}
+//			
+//			} else {
+//				handleError("SSO Session is not valid", null, req, resp, id);
+//			}
+//			
+//			
+//		} catch (MOADatabaseException e) {
+//			handleError("SSO Session is not found", e, req, resp, id);
+//			
+//		} catch (WrongParametersException e) {
+//			handleError("Parameter is not valid", e, req, resp, id);
+//			
+//		} catch (AuthenticationException e) {
+//			handleError(e.getMessage(), e, req, resp, id);
+//			
+//	    } catch (Exception e) {
+//	    	Logger.error("SSOSendAssertion has an interal Error.", e);
+//	    }
+//	       
+//	}
+//
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index b68f42086..7f0a1c157 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -74,6 +74,8 @@ public interface IOAAuthParameters {
 	
 	public boolean isSTORKPVPGateway();
 	
+	public boolean isRemovePBKFromAuthBlock();
+	
 	/**
 	 * @return the identityLinkDomainIdentifier
 	 */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 386e04f45..171940063 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -486,4 +486,13 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		// TODO Auto-generated method stub
 		return false;
 	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRemovePBKFromAuthBlock()
+	 */
+	@Override
+	public boolean isRemovePBKFromAuthBlock() {
+		// TODO Auto-generated method stub
+		return false;
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index d1c3401a1..c7f86c167 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -1,624 +1,624 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.entrypoints;
-
-import java.io.IOException;
-import java.util.Iterator;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulStorage;
-import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class DispatcherServlet extends AuthServlet{
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-	public static final String PARAM_TARGET_MODULE = "mod";
-	public static final String PARAM_TARGET_ACTION = "action";
-	public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
-
-//	@Override
-//	public void init(ServletConfig config) throws ServletException {
-//		try {
-//			super.init(config);
-//			MOAIDAuthInitializer.initialize();
-//			Logger.info(MOAIDMessageProvider.getInstance().getMessage(
-//					"init.00", null));
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// *******************************************************************************/
+//package at.gv.egovernment.moa.id.entrypoints;
+//
+//import java.io.IOException;
+//import java.util.Iterator;
+//
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+//import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+//import at.gv.egovernment.moa.id.config.ConfigurationException;
+//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+//import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+//import at.gv.egovernment.moa.id.data.IAuthData;
+//import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+//import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+//import at.gv.egovernment.moa.id.moduls.IAction;
+//import at.gv.egovernment.moa.id.moduls.IModulInfo;
+//import at.gv.egovernment.moa.id.moduls.IRequest;
+//import at.gv.egovernment.moa.id.moduls.ModulStorage;
+//import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+//import at.gv.egovernment.moa.id.moduls.RequestStorage;
+//import at.gv.egovernment.moa.id.moduls.SSOManager;
+//import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+//import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+//import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+//import at.gv.egovernment.moa.id.util.Random;
+//import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.MiscUtil;
+//
+//public class DispatcherServlet extends AuthServlet{
+//
+//	/**
+//	 * 
+//	 */
+//	private static final long serialVersionUID = 1L;
+//
+//	public static final String PARAM_TARGET_MODULE = "mod";
+//	public static final String PARAM_TARGET_ACTION = "action";
+//	public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
+//
+////	@Override
+////	public void init(ServletConfig config) throws ServletException {
+////		try {
+////			super.init(config);
+////			MOAIDAuthInitializer.initialize();
+////			Logger.info(MOAIDMessageProvider.getInstance().getMessage(
+////					"init.00", null));
+////		
+////			Logger.info("Dispatcher Servlet initialization finished.");
+////			
+////		} catch (Exception ex) {
+////			Logger.fatal(
+////					MOAIDMessageProvider.getInstance().getMessage("init.02",
+////							null), ex);
+////			
+////			//throw new ServletException(ex);
+////			
+////		}
+////		
+////	}
+//
+//	protected void processRequest(HttpServletRequest req,
+//			HttpServletResponse resp) throws ServletException, IOException {
+//		boolean isValidSSOSession = false;
+//		boolean useSSOOA = false;
+//		String protocolRequestID = null;
 //		
-//			Logger.info("Dispatcher Servlet initialization finished.");
+//		try {
+//			Logger.debug("REQUEST: " + req.getRequestURI());
+//			Logger.debug("QUERY  : " + req.getQueryString());
+//			
+//
+//// *** start of error handling ***
+//			
+//			String errorid = req.getParameter(ERROR_CODE_PARAM);
+//			if (errorid != null) {
+//
+//				Throwable throwable = DBExceptionStoreImpl.getStore()
+//						.fetchException(errorid);
+//				DBExceptionStoreImpl.getStore().removeException(errorid);
+//				
+//				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+//
+//				//Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
+//				
+//				String pendingRequestID = null;
+//				if (idObject != null && (idObject instanceof String)) {
+//					pendingRequestID = (String) idObject; 
+//				}
+//				
+//				if (throwable != null) {
+//													
+//						IRequest errorRequest = null;
+//						if (pendingRequestID != null) {
+//							errorRequest = RequestStorage.getPendingRequest(pendingRequestID);
+//						
+//						}
+//						
+//						if (errorRequest != null) {
+//							RequestStorage.removePendingRequest(pendingRequestID);
+//							MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR);
+//							
+//							try {
+//								IModulInfo handlingModule = ModulStorage
+//										.getModuleByPath(errorRequest
+//												.requestedModule());
+//								if (handlingModule != null) {
+//																	
+//									if (handlingModule.generateErrorMessage(
+//											throwable, req, resp, errorRequest)) {
+//								
+//										//log Error Message
+//										StatisticLogger logger = StatisticLogger.getInstance();
+//										logger.logErrorOperation(throwable, errorRequest);
+//										
+//										//remove MOASession
+//										AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID);
+//										if (moaSession != null)
+//											AuthenticationManager.getInstance().performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+//										
+//										return;
+//										
+//									} else {
+//										handleErrorNoRedirect(throwable.getMessage(), throwable,
+//												req, resp);
+//										
+//									}
+//								}
+//								
+//							} catch (Throwable e) {
+//								Logger.error(e);
+//								handleErrorNoRedirect(throwable.getMessage(),
+//										throwable, req, resp);
+//							}
+//							
+//						} else {
+//							handleErrorNoRedirect(throwable.getMessage(), throwable,
+//									req, resp);
+//						}
+//						
+//					} else
+//						handleErrorNoRedirect(MOAIDMessageProvider.getInstance().getMessage("auth.26", null), 
+//								null, req, resp);
+//					
+//				return;
+//			}
+//
+//// *** end of error handling ***
+//
+//			
+//// *** start of protocol specific stuff ***
+//
+//			Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
+//			String module = null;
+//			if (moduleObject != null && (moduleObject instanceof String)) {
+//				module = (String) moduleObject;
+//			}
+//
+//			if (module == null) {
+//				module = (String) req.getAttribute(PARAM_TARGET_MODULE);
+//			}
+//
+//			Object actionObject = req.getParameter(PARAM_TARGET_ACTION);
+//			String action = null;
+//			if (actionObject != null && (actionObject instanceof String)) {
+//				action = (String) actionObject;
+//			}
+//
+//			if (action == null) {
+//				action = req.getParameter(PARAM_TARGET_ACTION);
+//			}
+//			
+//			Logger.debug("dispatching to " + module + " protocol " + action);
+//
+//			IModulInfo info = ModulStorage.getModuleByPath(module);
+//
+//			IAction moduleAction = null;
+//
+//			if (info == null) {
+//
+//				Iterator<IModulInfo> modules = ModulStorage.getAllModules()
+//						.iterator();
+//				while (modules.hasNext()) {
+//					info = modules.next();
+//					moduleAction = info.canHandleRequest(req, resp);
+//					if (moduleAction != null) {
+//						action = moduleAction.getDefaultActionName();
+//						module = info.getPath();
+//						break;
+//					}
+//					info = null;
+//				}
+//
+//				if (moduleAction == null) {
+//					resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+//					Logger.error("Protocol " + module
+//							+ " has no module registered");
+//					return;
+//				}
+//			}
+//
+//			if (moduleAction == null) {
+//				moduleAction = info.getAction(action);
+//
+//				if (moduleAction == null) {
+//					resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+//					Logger.error("Action " + action + " is not available!");
+//					return;
+//				}
+//			}
+//
+//			//get SSO Cookie for Request
+//			SSOManager ssomanager = SSOManager.getInstance();
+//			String ssoId = ssomanager.getSSOSessionID(req);
 //			
-//		} catch (Exception ex) {
-//			Logger.fatal(
-//					MOAIDMessageProvider.getInstance().getMessage("init.02",
-//							null), ex);
+//			IRequest protocolRequest = null;
+//			String uniqueSessionIdentifier = null;
 //			
-//			//throw new ServletException(ex);
+//			try {
+//				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+//	
+//				if (idObject != null && (idObject instanceof String)) {
+//								
+//					protocolRequestID = (String) idObject;
+//					protocolRequest = RequestStorage.getPendingRequest(protocolRequestID);
+//					
+//					//get IRequest if it exits
+//					if (protocolRequest != null) {
+//						Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
+//						
+//					} else {
+//						Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");		
+//						handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
+//								null, req, resp);							
+//						return;
+//					}
+//				} else {
+//					try {
+//						
+//						//load unique session identifier with SSO-sessionID
+//						uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											
+//						if (MiscUtil.isEmpty(uniqueSessionIdentifier))
+//							uniqueSessionIdentifier = Random.nextRandom();
+//						TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
+//												
+//						//set transactionID to Logger
+//						protocolRequestID = Random.nextRandom();
+//						TransactionIDUtils.setTransactionId(protocolRequestID);
+//
+//						//log information for security and process reversion
+//						MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier);
+//						MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID);						
+//						MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr());						
+//						
+//						protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID);
+//												
+//						//request is a valid interfederation response 
+//						if (protocolRequest != null && 
+//								protocolRequest.getInterfederationResponse() != null ) {							
+//							Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest");
+//
+//							//reload SP protocol implementation 
+//							info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
+//							moduleAction = info.getAction(protocolRequest.requestedAction());
+//
+//							//create interfederated MOASession
+//							String sessionID = 
+//									AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
+//							req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID });
+//														
+//							Logger.info("PreProcessing of SSO interfederation response complete. ");
+//
+//						//request is a not valid interfederation response   
+//						} else if (protocolRequest != null &&
+//								MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
+//							
+//							OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
+//							if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
+//								// -> send end error to service provider
+//								Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() 
+//										+ " FAILED. Sending error message to service provider.");								
+//								MOAIDException e = new MOAIDException("auth.27", new Object[]{});								
+//								IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule());								
+//								if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest))
+//									handleErrorNoRedirect(e.getMessage(), e, req,
+//											resp);
+//								
+//								return;
+//																
+//							} else
+//								//-> Restart local authentication
+//								Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() 
+//										+ " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL());
+//							
+//						//request is a new authentication request	
+//						} else if (protocolRequest != null &&
+//								MiscUtil.isEmpty(protocolRequest.getRequestID())) {															
+//							//Start new Authentication
+//							protocolRequest.setModule(module);
+//							
+//							//if preProcessing has not set a specific action from decoded request 
+//							//   then set the default action
+//							if (MiscUtil.isEmpty(protocolRequest.requestedAction()))
+//									protocolRequest.setAction(action);
+//							else
+//								moduleAction = info.getAction(protocolRequest.requestedAction());
+//							
+//							protocolRequest.setRequestID(protocolRequestID);
+//							protocolRequest.setSessionIdentifier(uniqueSessionIdentifier);
+//							RequestStorage.setPendingRequest(protocolRequest);							
+//							Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
+//
+//																										
+//						} else {
+//							Logger.error("Failed to generate a valid protocol request!");
+//							resp.setContentType("text/html;charset=UTF-8");
+//							resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");
+//							return;
+//							
+//						}
+//																	
+//					} catch (ProtocolNotActiveException e) {
+//						resp.getWriter().write(e.getMessage());
+//						resp.setContentType("text/html;charset=UTF-8");
+//						resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+//						return;
+//						
+//					} catch (AuthnRequestValidatorException e) {
+//						//log Error Message
+//						StatisticLogger logger = StatisticLogger.getInstance();
+//						logger.logErrorOperation(e, e.getErrorRequest());
+//						
+//						//TODO: maybe add some error message handling???
+//						
+//						return;
+//						
+//					}catch (InvalidProtocolRequestException e) {
+//						ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
+//						String code = utils.mapInternalErrorToExternalError(e.getMessageId());
+//						String descr = e.getMessage();
+//						Logger.error("Protocol validation FAILED!");
+//						resp.setContentType("text/html;charset=UTF-8");
+//						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
+//								"(Errorcode=" + code +
+//								" | Description=" + descr + ")");
+//						return;
+//					} catch (ConfigurationException e) {	
+//						resp.setContentType("text/html;charset=UTF-8");
+//						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+//								"(Errorcode=9199"
+//								+" | Description="+ e.getMessage() + ")");
+//						return;
+//						
+//					} catch (MOAIDException e) {						
+//						Logger.error("Failed to generate a valid protocol request!");
+//						resp.setContentType("text/html;charset=UTF-8");
+//						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+//								"(Errorcode=6000"
+//								+" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
+//						return;
+//						
+//					}
+//				}
+//						
+//// *** end of protocol specific stuff ***
+//				
+//				if (protocolRequest != null)
+//					MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
+//							protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule());
+//				
+//// *** start handling authentication ***
+//				
+//				AuthenticationManager authmanager = AuthenticationManager.getInstance();									
+//				
+//				String moasessionID = null;
+//				String newSSOSessionId = null;
+//				AuthenticationSession moasession = null;	
+//				IAuthData authData = null;
+//									
+//				boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);				
+//				
+//				if (needAuthentication) {
+//										
+//					//check if interfederation IDP is requested
+//					ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest);
+//					
+//					//check SSO session
+//					if (ssoId != null) {
+//						String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+//						
+//						if (correspondingMOASession != null) {
+//							Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+//									"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+//							
+//							MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
+//									protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
+//							
+//							AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+//							ssomanager.deleteSSOSessionID(req, resp);
+//						}
+//					}
+//				
+//					//load Parameters from OnlineApplicationConfiguration
+//					OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
+//							.getOnlineApplicationParameter(protocolRequest.getOAURL());
+//					
+//					if (oaParam == null) {
+//						throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
+//					}
+//
+//					
+//					isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
+//					useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
+//					
+//					
+//					//if a legacy request is used SSO should not be allowed, actually
+//					boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req);
+//					
+//					if (protocolRequest.isPassiv()
+//							&& protocolRequest.forceAuth()) {
+//						// conflict!
+//						throw new NoPassivAuthenticationException();
+//					}
+//					
+//					boolean tryperform = authmanager.tryPerformAuthentication(
+//							req, resp);
+//					
+//					if (tryperform)
+//						MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
+//								protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED);
+//					else
+//						MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
+//								protocolRequest, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, protocolRequest.getOAURL());
+//										
+//					if (protocolRequest.forceAuth()) {	
+//						if (!tryperform) {
+//							authmanager.doAuthentication(req, resp,
+//									protocolRequest);
+//							return;
+//						}
+//					} else if (protocolRequest.isPassiv()) {
+//						if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
+//							// Passive authentication ok!
+//						} else {
+//							throw new NoPassivAuthenticationException();
+//						}
+//					} else {
+//						if (tryperform || (isValidSSOSession && useSSOOA  && !isUseMandateRequested) ) {
+//							// Is authenticated .. proceed
+//						} else {
+//							// Start authentication!
+//							authmanager.doAuthentication(req, resp,
+//									protocolRequest);
+//							return;
+//						}
+//					}
+//					
+//					if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension  
+//					{
+//					
+//						if (useSSOOA && isValidSSOSession) {
+//						
+//							MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
+//									protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO);
+//							
+//							moasessionID = ssomanager.getMOASession(ssoId);
+//							moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+//							
+//							//use new OAParameter						
+//							if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {							
+//							  authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
+//							  return; 
+//							}
+//							
+//						} else {							
+//							moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);														
+//							moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+//							
+//						}						
+//						//save SSO session usage in Database
+//						if (useSSOOA) {
+//							newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+//					
+//							if (MiscUtil.isNotEmpty(newSSOSessionId)) {
+//								ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+//						
+//							} else {
+//								ssomanager.deleteSSOSessionID(req, resp);
+//							
+//							}
+//						}
+//						
+//					} else {						
+//						moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);						
+//						moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+//						moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
+//						
+//					}
+//
+//					//build authenticationdata from session information and OA configuration
+//					authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);					
+//				}
+//
+//// *** end handling authentication ***
+//
+//// *** start finalizing authentication (SSO, final redirects, statistic logging etc) ***
+//				
+//				SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
+//
+//				RequestStorage.removePendingRequest(protocolRequestID);
+//				
+//				if (needAuthentication) {
+//					boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId) && useSSOOA;
+//					
+//					if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension 
+//						&& !moasession.getUseMandate()) { 
+//					
+//						try {
+//							//Store OA specific SSO session information 
+//							AuthenticationSessionStoreage.addSSOInformation(moasessionID, 
+//									newSSOSessionId, assertionID, protocolRequest);
+//														
+//						} catch (AuthenticationException e) {
+//							Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");
+//							
+//							authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
+//							isSSOSession = false;
+//						}
+//					
+//					} else {
+//						authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
+//					}
+//				
+//					//Advanced statistic logging
+//					StatisticLogger logger = StatisticLogger.getInstance();
+//					logger.logSuccessOperation(protocolRequest, authData, isSSOSession);
+//					
+//				}
+//
+//// *** end finalizing authentication ***
+//
+//			} catch (Throwable e) {
+//				Logger.warn("An authentication error occured: ", e);;
+//				// Try handle module specific, if not possible rethrow
+//				if (!info.generateErrorMessage(e, req, resp, protocolRequest))
+//					handleErrorNoRedirect(e.getMessage(), e, req,
+//							resp);
+//				
+//			}
 //			
+//			//log transaction_destroy to reversionslog
+//	    	MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID);
+//			
+//		} catch (WrongParametersException ex) {
+//			handleWrongParameters(ex, req, resp);
+//			
+//		} catch (MOAIDException ex) {
+//			handleError(null, ex, req, resp, protocolRequestID);
+//			
+//		} catch (Throwable e) {
+//			handleErrorNoRedirect(e.getMessage(), e, req,
+//					resp);			
 //		}
 //		
+//	    finally {
+//	    	
+//	    	
+//	    	TransactionIDUtils.removeTransactionId();
+//	    	TransactionIDUtils.removeSessionId();
+//	    }
+//
+//        Logger.debug("Clossing Dispatcher processing loop");
+//	}
+//	
+//	@Override
+//	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+//			throws ServletException, IOException {
+//		processRequest(req, resp);
+//	}
+//
+//	@Override
+//	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+//			throws ServletException, IOException {
+//		processRequest(req, resp);
 //	}
-
-	protected void processRequest(HttpServletRequest req,
-			HttpServletResponse resp) throws ServletException, IOException {
-		boolean isValidSSOSession = false;
-		boolean useSSOOA = false;
-		String protocolRequestID = null;
-		
-		try {
-			Logger.debug("REQUEST: " + req.getRequestURI());
-			Logger.debug("QUERY  : " + req.getQueryString());
-			
-
-// *** start of error handling ***
-			
-			String errorid = req.getParameter(ERROR_CODE_PARAM);
-			if (errorid != null) {
-
-				Throwable throwable = DBExceptionStoreImpl.getStore()
-						.fetchException(errorid);
-				DBExceptionStoreImpl.getStore().removeException(errorid);
-				
-				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
-
-				//Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
-				
-				String pendingRequestID = null;
-				if (idObject != null && (idObject instanceof String)) {
-					pendingRequestID = (String) idObject; 
-				}
-				
-				if (throwable != null) {
-													
-						IRequest errorRequest = null;
-						if (pendingRequestID != null) {
-							errorRequest = RequestStorage.getPendingRequest(pendingRequestID);
-						
-						}
-						
-						if (errorRequest != null) {
-							RequestStorage.removePendingRequest(pendingRequestID);
-							MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR);
-							
-							try {
-								IModulInfo handlingModule = ModulStorage
-										.getModuleByPath(errorRequest
-												.requestedModule());
-								if (handlingModule != null) {
-																	
-									if (handlingModule.generateErrorMessage(
-											throwable, req, resp, errorRequest)) {
-								
-										//log Error Message
-										StatisticLogger logger = StatisticLogger.getInstance();
-										logger.logErrorOperation(throwable, errorRequest);
-										
-										//remove MOASession
-										AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID);
-										if (moaSession != null)
-											AuthenticationManager.getInstance().performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
-										
-										return;
-										
-									} else {
-										handleErrorNoRedirect(throwable.getMessage(), throwable,
-												req, resp);
-										
-									}
-								}
-								
-							} catch (Throwable e) {
-								Logger.error(e);
-								handleErrorNoRedirect(throwable.getMessage(),
-										throwable, req, resp);
-							}
-							
-						} else {
-							handleErrorNoRedirect(throwable.getMessage(), throwable,
-									req, resp);
-						}
-						
-					} else
-						handleErrorNoRedirect(MOAIDMessageProvider.getInstance().getMessage("auth.26", null), 
-								null, req, resp);
-					
-				return;
-			}
-
-// *** end of error handling ***
-
-			
-// *** start of protocol specific stuff ***
-
-			Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
-			String module = null;
-			if (moduleObject != null && (moduleObject instanceof String)) {
-				module = (String) moduleObject;
-			}
-
-			if (module == null) {
-				module = (String) req.getAttribute(PARAM_TARGET_MODULE);
-			}
-
-			Object actionObject = req.getParameter(PARAM_TARGET_ACTION);
-			String action = null;
-			if (actionObject != null && (actionObject instanceof String)) {
-				action = (String) actionObject;
-			}
-
-			if (action == null) {
-				action = req.getParameter(PARAM_TARGET_ACTION);
-			}
-			
-			Logger.debug("dispatching to " + module + " protocol " + action);
-
-			IModulInfo info = ModulStorage.getModuleByPath(module);
-
-			IAction moduleAction = null;
-
-			if (info == null) {
-
-				Iterator<IModulInfo> modules = ModulStorage.getAllModules()
-						.iterator();
-				while (modules.hasNext()) {
-					info = modules.next();
-					moduleAction = info.canHandleRequest(req, resp);
-					if (moduleAction != null) {
-						action = moduleAction.getDefaultActionName();
-						module = info.getPath();
-						break;
-					}
-					info = null;
-				}
-
-				if (moduleAction == null) {
-					resp.sendError(HttpServletResponse.SC_NOT_FOUND);
-					Logger.error("Protocol " + module
-							+ " has no module registered");
-					return;
-				}
-			}
-
-			if (moduleAction == null) {
-				moduleAction = info.getAction(action);
-
-				if (moduleAction == null) {
-					resp.sendError(HttpServletResponse.SC_NOT_FOUND);
-					Logger.error("Action " + action + " is not available!");
-					return;
-				}
-			}
-
-			//get SSO Cookie for Request
-			SSOManager ssomanager = SSOManager.getInstance();
-			String ssoId = ssomanager.getSSOSessionID(req);
-			
-			IRequest protocolRequest = null;
-			String uniqueSessionIdentifier = null;
-			
-			try {
-				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
-	
-				if (idObject != null && (idObject instanceof String)) {
-								
-					protocolRequestID = (String) idObject;
-					protocolRequest = RequestStorage.getPendingRequest(protocolRequestID);
-					
-					//get IRequest if it exits
-					if (protocolRequest != null) {
-						Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
-						
-					} else {
-						Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");		
-						handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
-								null, req, resp);							
-						return;
-					}
-				} else {
-					try {
-						
-						//load unique session identifier with SSO-sessionID
-						uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											
-						if (MiscUtil.isEmpty(uniqueSessionIdentifier))
-							uniqueSessionIdentifier = Random.nextRandom();
-						TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
-												
-						//set transactionID to Logger
-						protocolRequestID = Random.nextRandom();
-						TransactionIDUtils.setTransactionId(protocolRequestID);
-
-						//log information for security and process reversion
-						MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier);
-						MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID);						
-						MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr());						
-						
-						protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID);
-												
-						//request is a valid interfederation response 
-						if (protocolRequest != null && 
-								protocolRequest.getInterfederationResponse() != null ) {							
-							Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest");
-
-							//reload SP protocol implementation 
-							info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
-							moduleAction = info.getAction(protocolRequest.requestedAction());
-
-							//create interfederated MOASession
-							String sessionID = 
-									AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
-							req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID });
-														
-							Logger.info("PreProcessing of SSO interfederation response complete. ");
-
-						//request is a not valid interfederation response   
-						} else if (protocolRequest != null &&
-								MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
-							
-							OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
-							if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
-								// -> send end error to service provider
-								Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() 
-										+ " FAILED. Sending error message to service provider.");								
-								MOAIDException e = new MOAIDException("auth.27", new Object[]{});								
-								IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule());								
-								if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest))
-									handleErrorNoRedirect(e.getMessage(), e, req,
-											resp);
-								
-								return;
-																
-							} else
-								//-> Restart local authentication
-								Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() 
-										+ " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL());
-							
-						//request is a new authentication request	
-						} else if (protocolRequest != null &&
-								MiscUtil.isEmpty(protocolRequest.getRequestID())) {															
-							//Start new Authentication
-							protocolRequest.setModule(module);
-							
-							//if preProcessing has not set a specific action from decoded request 
-							//   then set the default action
-							if (MiscUtil.isEmpty(protocolRequest.requestedAction()))
-									protocolRequest.setAction(action);
-							else
-								moduleAction = info.getAction(protocolRequest.requestedAction());
-							
-							protocolRequest.setRequestID(protocolRequestID);
-							protocolRequest.setSessionIdentifier(uniqueSessionIdentifier);
-							RequestStorage.setPendingRequest(protocolRequest);							
-							Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
-
-																										
-						} else {
-							Logger.error("Failed to generate a valid protocol request!");
-							resp.setContentType("text/html;charset=UTF-8");
-							resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");
-							return;
-							
-						}
-																	
-					} catch (ProtocolNotActiveException e) {
-						resp.getWriter().write(e.getMessage());
-						resp.setContentType("text/html;charset=UTF-8");
-						resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
-						return;
-						
-					} catch (AuthnRequestValidatorException e) {
-						//log Error Message
-						StatisticLogger logger = StatisticLogger.getInstance();
-						logger.logErrorOperation(e, e.getErrorRequest());
-						
-						//TODO: maybe add some error message handling???
-						
-						return;
-						
-					}catch (InvalidProtocolRequestException e) {
-						ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
-						String code = utils.mapInternalErrorToExternalError(e.getMessageId());
-						String descr = e.getMessage();
-						Logger.error("Protocol validation FAILED!");
-						resp.setContentType("text/html;charset=UTF-8");
-						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
-								"(Errorcode=" + code +
-								" | Description=" + descr + ")");
-						return;
-					} catch (ConfigurationException e) {	
-						resp.setContentType("text/html;charset=UTF-8");
-						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
-								"(Errorcode=9199"
-								+" | Description="+ e.getMessage() + ")");
-						return;
-						
-					} catch (MOAIDException e) {						
-						Logger.error("Failed to generate a valid protocol request!");
-						resp.setContentType("text/html;charset=UTF-8");
-						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
-								"(Errorcode=6000"
-								+" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
-						return;
-						
-					}
-				}
-						
-// *** end of protocol specific stuff ***
-				
-				if (protocolRequest != null)
-					MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
-							protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule());
-				
-// *** start handling authentication ***
-				
-				AuthenticationManager authmanager = AuthenticationManager.getInstance();									
-				
-				String moasessionID = null;
-				String newSSOSessionId = null;
-				AuthenticationSession moasession = null;	
-				IAuthData authData = null;
-									
-				boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);				
-				
-				if (needAuthentication) {
-										
-					//check if interfederation IDP is requested
-					ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest);
-					
-					//check SSO session
-					if (ssoId != null) {
-						String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
-						
-						if (correspondingMOASession != null) {
-							Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
-									"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
-							
-							MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
-									protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
-							
-							AuthenticationSessionStoreage.destroySession(correspondingMOASession);
-							ssomanager.deleteSSOSessionID(req, resp);
-						}
-					}
-				
-					//load Parameters from OnlineApplicationConfiguration
-					OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
-							.getOnlineApplicationParameter(protocolRequest.getOAURL());
-					
-					if (oaParam == null) {
-						throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
-					}
-
-					
-					isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
-					useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
-					
-					
-					//if a legacy request is used SSO should not be allowed, actually
-					boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req);
-					
-					if (protocolRequest.isPassiv()
-							&& protocolRequest.forceAuth()) {
-						// conflict!
-						throw new NoPassivAuthenticationException();
-					}
-					
-					boolean tryperform = authmanager.tryPerformAuthentication(
-							req, resp);
-					
-					if (tryperform)
-						MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
-								protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED);
-					else
-						MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
-								protocolRequest, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, protocolRequest.getOAURL());
-										
-					if (protocolRequest.forceAuth()) {	
-						if (!tryperform) {
-							authmanager.doAuthentication(req, resp,
-									protocolRequest);
-							return;
-						}
-					} else if (protocolRequest.isPassiv()) {
-						if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
-							// Passive authentication ok!
-						} else {
-							throw new NoPassivAuthenticationException();
-						}
-					} else {
-						if (tryperform || (isValidSSOSession && useSSOOA  && !isUseMandateRequested) ) {
-							// Is authenticated .. proceed
-						} else {
-							// Start authentication!
-							authmanager.doAuthentication(req, resp,
-									protocolRequest);
-							return;
-						}
-					}
-					
-					if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension  
-					{
-					
-						if (useSSOOA && isValidSSOSession) {
-						
-							MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), 
-									protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO);
-							
-							moasessionID = ssomanager.getMOASession(ssoId);
-							moasession = AuthenticationSessionStoreage.getSession(moasessionID);
-							
-							//use new OAParameter						
-							if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {							
-							  authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
-							  return; 
-							}
-							
-						} else {							
-							moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);														
-							moasession = AuthenticationSessionStoreage.getSession(moasessionID);
-							
-						}						
-						//save SSO session usage in Database
-						if (useSSOOA) {
-							newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
-					
-							if (MiscUtil.isNotEmpty(newSSOSessionId)) {
-								ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
-						
-							} else {
-								ssomanager.deleteSSOSessionID(req, resp);
-							
-							}
-						}
-						
-					} else {						
-						moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);						
-						moasession = AuthenticationSessionStoreage.getSession(moasessionID);
-						moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
-						
-					}
-
-					//build authenticationdata from session information and OA configuration
-					authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);					
-				}
-
-// *** end handling authentication ***
-
-// *** start finalizing authentication (SSO, final redirects, statistic logging etc) ***
-				
-				SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
-
-				RequestStorage.removePendingRequest(protocolRequestID);
-				
-				if (needAuthentication) {
-					boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId) && useSSOOA;
-					
-					if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension 
-						&& !moasession.getUseMandate()) { 
-					
-						try {
-							//Store OA specific SSO session information 
-							AuthenticationSessionStoreage.addSSOInformation(moasessionID, 
-									newSSOSessionId, assertionID, protocolRequest);
-														
-						} catch (AuthenticationException e) {
-							Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");
-							
-							authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
-							isSSOSession = false;
-						}
-					
-					} else {
-						authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
-					}
-				
-					//Advanced statistic logging
-					StatisticLogger logger = StatisticLogger.getInstance();
-					logger.logSuccessOperation(protocolRequest, authData, isSSOSession);
-					
-				}
-
-// *** end finalizing authentication ***
-
-			} catch (Throwable e) {
-				Logger.warn("An authentication error occured: ", e);;
-				// Try handle module specific, if not possible rethrow
-				if (!info.generateErrorMessage(e, req, resp, protocolRequest))
-					handleErrorNoRedirect(e.getMessage(), e, req,
-							resp);
-				
-			}
-			
-			//log transaction_destroy to reversionslog
-	    	MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID);
-			
-		} catch (WrongParametersException ex) {
-			handleWrongParameters(ex, req, resp);
-			
-		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, protocolRequestID);
-			
-		} catch (Throwable e) {
-			handleErrorNoRedirect(e.getMessage(), e, req,
-					resp);			
-		}
-		
-	    finally {
-	    	
-	    	
-	    	TransactionIDUtils.removeTransactionId();
-	    	TransactionIDUtils.removeSessionId();
-	    }
-
-        Logger.debug("Clossing Dispatcher processing loop");
-	}
-	
-	@Override
-	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		processRequest(req, resp);
-	}
-
-	@Override
-	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		processRequest(req, resp);
-	}
-}
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index c38bbc68f..b6df5e5c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.moduls;
 
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.lang.reflect.InvocationTargetException;
-import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Enumeration;
@@ -38,39 +36,21 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.velocity.VelocityContext;
-import org.joda.time.DateTime;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
 import org.opensaml.saml2.core.LogoutRequest;
 import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -78,93 +58,93 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("MOAID_AuthenticationManager")
 public class AuthenticationManager extends MOAIDAuthConstants {
 
-	private static final AuthenticationManager INSTANCE = new AuthenticationManager();
 	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
-	@Autowired
-	private ProcessEngine processEngine;
+	@Autowired private ProcessEngine processEngine;	
+	@Autowired private SSOManager ssoManager;
+	@Autowired private IRequestStorage requestStoreage;
+	@Autowired private ITransactionStorage transactionStorage;
+	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
+	@Autowired private MOAReversionLogger revisionsLogger;
+	@Autowired protected AuthConfiguration authConfig;
 	
-	private AuthenticationManager() {
-	}
-	
-	public static AuthenticationManager getInstance() {
-		return INSTANCE;
+	public AuthenticationManager() {
+		
 	}
-	
+		
 	/**
-	 * Checks if this request can authenticate a MOA Session
+	 * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
+	 * 
+	 * @param protocolRequest Authentication request which is actually in process
+	 * @param moaSession MOASession with authentication information or null if no MOASession exists
 	 * 
-	 * @param request
-	 * @param response
-	 * @return
+	 * @return true if session is already authenticated, otherwise false
+	 * @throws MOAIDException 
 	 */
-	public boolean tryPerformAuthentication(HttpServletRequest request,
-			HttpServletResponse response) {
-				
-		String sessionID = (String) request.getParameter(PARAM_SESSIONID);
-		if (sessionID != null) {
-			Logger.debug("Find MOASession: " + sessionID);
-			AuthenticationSession authSession;
-			try {
-				authSession = AuthenticationSessionStoreage.getSession(sessionID);
-							
-				if (authSession != null) {
-					Logger.info("MOASession found! A: "
-							+ authSession.isAuthenticated() + ", AU "
-							+ authSession.isAuthenticatedUsed());
-					if (authSession.isAuthenticated()
-							&& !authSession.isAuthenticatedUsed()) {
-						authSession.setAuthenticatedUsed(true);
-					
-						AuthenticationSessionStoreage.storeSession(authSession);
-												
-						return true; // got authenticated
-					}
-				}
+	private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) {
+
+		//if no MOASession exist -> authentication is required
+		if (moaSession == null) {
+			return false;
 			
-			} catch (MOADatabaseException e) {
-				return false;
-			} catch (BuildException e) {
+		} else {
+			//if MOASession is Found but not authenticated --> authentication is required
+			if (!moaSession.isAuthenticated()) {
 				return false;
 			}
+			
+			//if MOASession is already authenticated and protocol-request is authenticated 
+			//  --> no authentication is required any more
+			else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+				return true;
+
+			// if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest
+			} else if (!protocolRequest.isAuthenticated() 
+					&& moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
+				Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted");
+				protocolRequest.setAuthenticated(true);
+				protocolRequest.setMOASessionIdentifier(moaSession.getSessionID());
+				return true;
+				
+			}
+			
+			// force authentication as backup solution
+			else {
+				Logger.warn("Authentication-required check find an unsuspected state --> force authentication");
+				return false;
+				
+			}					
 		}
-		return false;
 	}
 	
 	public void performSingleLogOut(HttpServletRequest httpReq,
@@ -193,11 +173,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			
 		}
 		
-		SSOManager ssomanager = SSOManager.getInstance();
-		
 		//store active OAs to SLOContaine
-		List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session);
-		List<InterfederationSessionStore> dbIDPs = AuthenticationSessionStoreage.getAllActiveIDPsFromMOASession(session);
+		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
+		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
 		SLOInformationContainer sloContainer = new SLOInformationContainer();
 		sloContainer.setSloRequest(pvpReq);
 		sloContainer.parseActiveIDPs(dbIDPs, pvpSLOIssuer);
@@ -205,8 +183,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 						
 		//terminate MOASession
 		try {
-			AuthenticationSessionStoreage.destroySession(session.getSessionID());
-			ssomanager.deleteSSOSessionID(httpReq, httpResp);
+			authenticatedSessionStore.destroySession(session.getSessionID());
+			ssoManager.deleteSSOSessionID(httpReq, httpResp);
 			
 		} catch (MOADatabaseException e) {
 			Logger.warn("Delete MOASession FAILED.");
@@ -276,7 +254,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 					}														
 				}
 				
-				AssertionStorage.getInstance().put(relayState, sloContainer);
+				//put SLO process-information into transaction storage
+				transactionStorage.put(relayState, sloContainer);
 				
 				if (MiscUtil.isEmpty(authURL))
 					authURL = pvpReq.getAuthURL();
@@ -289,7 +268,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		        context.put("redirectURLs", sloReqList);
 		        context.put("timeoutURL", timeOutURL);
 		        context.put("timeout", SLOTIMEOUT);
-		        ssomanager.printSingleLogOutInfo(context, httpResp);
+		        ssoManager.printSingleLogOutInfo(context, httpResp);
 				
 								
 			} else {
@@ -309,7 +288,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			        else
 			        	context.put("errorMsg", 
 			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-			        ssomanager.printSingleLogOutInfo(context, httpResp);
+			        ssoManager.printSingleLogOutInfo(context, httpResp);
 										
 				}
 									
@@ -327,7 +306,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		        VelocityContext context = new VelocityContext();
 	        	context.put("errorMsg", 
 	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-		        ssomanager.printSingleLogOutInfo(context, httpResp);
+		        ssoManager.printSingleLogOutInfo(context, httpResp);
 									
 			}
 			
@@ -352,8 +331,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		
 		AuthenticationSession authSession;
 		try {
-			authSession = AuthenticationSessionStoreage
-					.getSession(moaSessionID);
+			authSession = authenticatedSessionStore.getSession(moaSessionID);
 
 			if(authSession == null) {
 				Logger.info("NO MOA Authentication data for ID " + moaSessionID);
@@ -364,10 +342,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
 
 			//log Session_Destroy to reversionslog
-			AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
-			MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+			AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
 			
-			AuthenticationSessionStoreage.destroySession(moaSessionID);
+			authenticatedSessionStore.destroySession(moaSessionID);
 			
 			//session.invalidate();
 		
@@ -378,366 +356,209 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 
 	}
 
-	public void doAuthentication(HttpServletRequest request,
-			HttpServletResponse response, IRequest target)
-			throws ServletException, IOException, MOAIDException {
-		
-		Logger.info("Starting authentication ...");		
-		MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
-				target, MOAIDEventConstants.AUTHPROCESS_START);
-		
-		if (MiscUtil.isEmpty(target.getRequestedIDP())) {
-			perfomLocalAuthentication(request, response, target);
-			
-		} else {
-			Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
-			MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
-					target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION);
-			buildPVP21AuthenticationRequest(request, response, target);
-						
-		}		
-	}
-			
-	public void sendTransmitAssertionQuestion(HttpServletRequest request,
-			HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
-			throws ServletException, IOException, MOAIDException { 
-		
-			String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), 
-					target.requestedAction(), target.getRequestID(), oaParam, 
-					target.getAuthURL());
 
-			MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
-					target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
-			
-			response.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(response.getOutputStream()); 
-			out.print(form);
-			out.flush(); 
-	}
+	/**
+	 * Authenticates the authentication request {pendingReq}, which is actually processed
+	 * 
+	 * @param httpReq HttpServletRequest	
+	 * @param httpResp HttpServletResponse
+	 * @param protocolRequest Authentication request which is actually in process
+	 * 
+	 * @return Return already authenticated MOASession if exists, otherwise return null 
+	 * @throws MOADatabaseException 
+	 * @throws MOAIDException 
+	 * @throws IOException 
+	 * @throws ServletException 
+	 * 
+	 */
+	public AuthenticationSession doAuthentication(HttpServletRequest httpReq,
+			HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException {
 	
-	private void buildPVP21AuthenticationRequest(HttpServletRequest request,
-			HttpServletResponse response, IRequest target)
-			throws ServletException, IOException, MOAIDException {
-		
-		boolean requiredLocalAuthentication = true;
+		//generic authentication request validation 
+		if (pendingReq.isPassiv()
+				&& pendingReq.forceAuth()) {
+			// conflict!
+			throw new NoPassivAuthenticationException();
+		}
+				
+		//get SSO cookie from http request
+		String ssoId = ssoManager.getSSOSessionID(httpReq);
 		
-		Logger.debug("Build PVP 2.1 authentication request");
- 		
-		//get IDP metadata
+		//check if interfederation IDP is requested
+		ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq);
 		
-		OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
-		OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
-			
-		if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
-			Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
-			Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())
-					+ " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));
-			Logger.info("Switch to local authentication on this IDP ... ");
-			
-			perfomLocalAuthentication(request, response, target);
-			return;
-				
-		}
+		//check SSO session
+		if (ssoId != null) {
+			String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId);
 			
-		try {	
-			EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
-					getEntityDescriptor(target.getRequestedIDP());
-			
-			if (idpEntity != null ) {
+			if (correspondingMOASession != null) {
+				Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+						"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
 				
-				//fetch endpoint from IDP metadata
-				SingleSignOnService redirectEndpoint = null;  
-				for (SingleSignOnService sss : 
-						idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-					
-					// use POST binding as default if it exists 
-					//TODO: maybe use RedirectBinding as default 
-					if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-						redirectEndpoint = sss;
-						
-					} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) &&
-							redirectEndpoint == null )
-						redirectEndpoint = sss;
-				}
-								
-				if (redirectEndpoint != null) {
-					
-					AuthnRequest authReq = SAML2Utils
-							.createSAMLObject(AuthnRequest.class);
-					SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
-					authReq.setID(gen.generateIdentifier());
-
-					//send passive AuthnRequest
-					authReq.setIsPassive(idp.isPassivRequestUsedForInterfederation());
-
-					authReq.setAssertionConsumerServiceIndex(0);
-					authReq.setIssueInstant(new DateTime());
-					Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);					
-					String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath().get(0);
-					issuer.setValue(serviceURL);
-
-					issuer.setFormat(NameIDType.ENTITY);
-					authReq.setIssuer(issuer);
-					NameIDPolicy policy = SAML2Utils
-							.createSAMLObject(NameIDPolicy.class);
-					policy.setAllowCreate(true);
-					policy.setFormat(NameID.TRANSIENT);
-					authReq.setNameIDPolicy(policy);
-					
-					authReq.setDestination(redirectEndpoint.getLocation());
-					
-					RequestedAuthnContext reqAuthContext = 
-							SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
-					
-					AuthnContextClassRef authnClassRef = 
-							SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-					
-					//check if STORK protocol module is in ClassPath
-					Class<?> storkRequstTemplate = null;
-					Integer storkSecClass = null;
-					try {
-						storkRequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest");
-						if (storkRequstTemplate != null && 
-								storkRequstTemplate.isInstance(target)) {
-							Object storkAuthnRequest = target.getClass().getMethod("getStorkAuthnRequest", null).invoke(target, null);
-							storkSecClass = (Integer) storkAuthnRequest.getClass().getMethod("getQaa", null).invoke(storkAuthnRequest, null);
-							
-						}
-												
-					} catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {
-						
-						
-					}
-										
-					if (sp != null && sp.isSTORKPVPGateway()) {
-						//use PVP SecClass instead of STORK QAA level
-						String secClass = null;
-						if (storkRequstTemplate != null && 
-								storkRequstTemplate.isInstance(target)) {
-							
-							try {									
-								secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
-										PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
-							
-							} catch (Exception e) {
-								Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e);
-
-							}							
-						}
-						
-						if (MiscUtil.isNotEmpty(secClass))
-							authnClassRef.setAuthnContextClassRef(secClass);
-						else
-							authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3");
-											
-					} else {
-						if (storkRequstTemplate != null && 
-								storkRequstTemplate.isInstance(target)) {
-							//use requested QAA level from STORK request
-							try {
-								authnClassRef.setAuthnContextClassRef(
-										PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
-								Logger.debug("Use STORK-QAA level " + authnClassRef.getAuthnContextClassRef() 
-										+ " from STORK request");
-								
-							} catch (Exception e) {
-								Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e);
-								
-							}
-							
-						}
-						
-						if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef()))
-							//TODO: switch to eIDAS QAA-levels
-							authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
-						
-					}
-					
-					reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);					
-					reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);					
-					authReq.setRequestedAuthnContext(reqAuthContext);
-										
-					IEncoder binding = null;
-					if (redirectEndpoint.getBinding().equals(
-							SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-						binding = new RedirectBinding();
-																	
-					} else if (redirectEndpoint.getBinding().equals(
-							SAMLConstants.SAML2_POST_BINDING_URI)) {
-						binding = new PostBinding();
-						
-					}
-					
-					binding.encodeRequest(request, response, authReq, 
-							redirectEndpoint.getLocation(), target.getRequestID());
-					
-					//build and send request without an error
-					requiredLocalAuthentication = false;
-					
-					MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
-							target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID());
-					
-					
-				} else {
-					Logger.warn("Requested IDP " + target.getRequestedIDP() 
-						+ " does not support POST or Redirect Binding.");
-					
-				}
-												
-			} else {
-				Logger.warn("Requested IDP " + target.getRequestedIDP() 
-						+ " is not found in InterFederation configuration");
+				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+						pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
 				
+				authenticatedSessionStore.destroySession(correspondingMOASession);
+				ssoManager.deleteSSOSessionID(httpReq, httpResp);
 			}
+		}
+				
+		// check if Service-Provider allows SSO sessions
+		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
+		
+		revisionsLogger.logEvent(oaParam, 
+				pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL());
+		
+		//if a legacy request is used SSO should not be allowed in case of mandate authentication
+		boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);
+	
+		//check if SSO Session is valid
+		boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
+		
+		//check if SSO is allowed for the actually executed request
+		boolean isSSOAllowed = (useSSOOA  && !isUseMandateRequested);
+		pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed);
 						
-		} catch (MetadataProviderException e) {
-			Logger.error("IDP metadata error." , e);			
-			
-		} catch (NoSuchAlgorithmException e) {
-			Logger.error("Build IDP authentication request FAILED.", e);
-			
-		} catch (MessageEncodingException e) {
-			Logger.error("Build IDP authentication request FAILED.", e);
-			
-		} catch (SecurityException e) {
-			Logger.error("Build IDP authentication request FAILED.", e);
+		//get MOASession from SSO-Cookie if SSO is allowed
+		AuthenticationSession moaSession = null;
+		if (isValidSSOSession && isSSOAllowed) {
+			String moasessionID = ssoManager.getMOASession(ssoId);
+			moaSession = authenticatedSessionStore.getSession(moasessionID);
 			
+			if (moaSession == null)
+				Logger.info("No MOASession FOUND with provided SSO-Cookie.");
+			else {
+				Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
+				revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO);
+				
+			}			
 		}
+						
+		//check if session is already authenticated
+		boolean tryperform = tryPerformAuthentication((RequestImpl) pendingReq, moaSession);
 		
-		if (requiredLocalAuthentication) {
-			Logger.info("Switch to local authentication on this IDP ... ");
-			if (idp.isPerformLocalAuthenticationOnInterfederationError())
-				perfomLocalAuthentication(request, response, target);
+		//perfom SSO-Consents question if it it required
+		if (tryperform && isSSOAllowed && oaParam.useSSOQuestion()) {			
+			sendTransmitAssertionQuestion(httpReq, httpResp, pendingReq, oaParam);
+			return null;
 			
-			else
-				throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()});
 		}
+		
+		//force new authentication authentication process
+		if (pendingReq.forceAuth()) {	
+			startAuthenticationProcess(httpReq, httpResp, pendingReq);
+			return null;
+							
+		} else if (pendingReq.isPassiv()) {
+			if (tryperform) {
+				// Passive authentication ok!
+				revisionsLogger.logEvent(oaParam, 
+						pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
+				return moaSession;
+				
+			} else {				
+				throw new NoPassivAuthenticationException();
+				
+			}
+		} else {
+			if (tryperform) {
+				// Is authenticated .. proceed
+				revisionsLogger.logEvent(oaParam, 
+						pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
+				return moaSession;
+				
+			} else {
+				// Start authentication!
+				startAuthenticationProcess(httpReq, httpResp, pendingReq);
+				return null;
+			}
+		}		
 	}
 	
 	
-	private void perfomLocalAuthentication(HttpServletRequest request,
-			HttpServletResponse response, IRequest target)
+	private void startAuthenticationProcess(HttpServletRequest httpReq,
+			HttpServletResponse httpResp, RequestImpl pendingReq)
 			throws ServletException, IOException, MOAIDException {
-		Logger.debug("Starting authentication on this IDP ...");
-
-		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+				
+		Logger.info("Starting authentication ...");		
+		revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+				pendingReq, MOAIDEventConstants.AUTHPROCESS_START);
 		
-		List<String> legacyallowed_prot = AuthConfigurationProviderFactory.getInstance().getLegacyAllowedProtocols();
-
-		//is legacy allowed
-		boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule());
+		//is legacy allowed		
+		List<String> legacyallowed_prot = authConfig.getLegacyAllowedProtocols();
+		boolean legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule());
 
 		//check legacy request parameter 
-		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
+		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
 		
+		//create MOASession object
 		AuthenticationSession moasession;
 		try {
-			//check if an MOASession exists and if not create an new MOASession
-			//moasession = getORCreateMOASession(request);
-			moasession = AuthenticationSessionStoreage.createSession(target);
+			moasession = authenticatedSessionStore.createSession(pendingReq);
 			
 		} catch (MOADatabaseException e1) {
 			Logger.error("Database Error! MOASession can not be created!");
 			throw new MOAIDException("init.04", new Object[] {});
+			
 		}
 		
+		//create authentication process execution context
 		try {
+			// create execution context				
+			ExecutionContext executionContext = new ExecutionContextImpl();
+			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());			
+			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID, 
+					MiscUtil.isNotEmpty(
+							pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
 			
-			if (legacyallowed && legacyparamavail) {
-
-				// create execution context				
-				ExecutionContext executionContext = new ExecutionContextImpl();
-				executionContext.put(MOAIDAuthConstants.PARAM_SESSIONID, moasession.getSessionID());
-				executionContext.put("pendingRequestID", target.getRequestID());
-				
-				executionContext.put("isLegacyRequest", true);
-				
-				Enumeration<String> reqParamNames = request.getParameterNames();
+			boolean leagacyMode = (legacyallowed && legacyparamavail);			
+			executionContext.put("isLegacyRequest", leagacyMode);
+			executionContext.put("performBKUSelection", leagacyMode 
+					&& MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
+							
+			//add leagcy parameters to context
+			if (leagacyMode) {
+				Enumeration<String> reqParamNames = httpReq.getParameterNames();
 				while(reqParamNames.hasMoreElements()) {
 					String paramName = reqParamNames.nextElement();
-					if (MiscUtil.isNotEmpty(paramName))
-						executionContext.put(paramName, request.getParameter(paramName));
+					if (MiscUtil.isNotEmpty(paramName) && 
+							MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName))
+						executionContext.put(paramName, httpReq.getParameter(paramName));
 					
 				}			
-				
-				// create process instance
-				String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
+			}						
+			// create process instance
+			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
 
-				if (processDefinitionId == null) {
-					Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() );
-					throw new MOAIDException("process.02",new Object[] {
-							moasession.getSessionID()});
-				}
+			if (processDefinitionId == null) {
+				Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() );
+				throw new MOAIDException("process.02",new Object[] {
+						moasession.getSessionID()});
+			}
 
-				String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
+			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
 
-				// keep process instance id in moa session
-				moasession.setProcessInstanceId(processInstanceId);
+			// keep process instance id in protocol pending-request
+			pendingReq.setProcessInstanceId(processInstanceId);
 
-				// make sure moa session has been persisted before running the process
-				try {
-					AuthenticationSessionStoreage.storeSession(moasession);
-				} catch (MOADatabaseException e) {
-					Logger.error("Database Error! MOASession is not stored!");
-					throw new MOAIDException("init.04", new Object[] {
-							moasession.getSessionID()});
-				}
-				
-		    	// start process
-				processEngine.start(processInstanceId);
-			    
-			} else {
-				MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), 
-						target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
-								
-				//load Parameters from OnlineApplicationConfiguration
-				OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
-						.getOnlineApplicationParameter(target.getOAURL());
-				
-				if (oaParam == null) {
-					throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
-				}
-								
-				else {
-					
-					//check if an MOASession exists and if not create an new MOASession
-					//moasession = getORCreateMOASession(request);
-	
-					//set OnlineApplication configuration in Session
-					moasession.setOAURLRequested(target.getOAURL());
-					moasession.setAction(target.requestedAction());
-					moasession.setModul(target.requestedModule());
-				}
-							
-				//Build authentication form
-				
-				
-				String publicURLPreFix = target.getAuthURL();
-				if (publicURLPreFix.endsWith("/"))
-					publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
-				String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
-						target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
-				
-				//store MOASession
-				try {
-					AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
-				} catch (MOADatabaseException e) {
-					Logger.error("Database Error! MOASession is not stored!");
-					throw new MOAIDException("init.04", new Object[] {
-							moasession.getSessionID()});
-				}
-				
-				//set MOAIDSession
-				//request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+			//store pending-request			
+			requestStoreage.storePendingRequest(pendingReq);
+			
+			
+			// make sure moa session has been persisted before running the process
+			try {
+				authenticatedSessionStore.storeSession(moasession);
 				
-				response.setContentType("text/html;charset=UTF-8");
-				PrintWriter out = new PrintWriter(response.getOutputStream()); 
-				out.print(loginForm);
-				out.flush(); 
+			} catch (MOADatabaseException e) {
+				Logger.error("Database Error! MOASession is not stored!");
+				throw new MOAIDException("init.04", new Object[] {
+						moasession.getSessionID()});
 			}
+						
+	    	// start process
+			processEngine.start(processInstanceId);
+			
 		} catch (ProcessExecutionException e) {
 			Throwable cause = e.getCause();
 			if (cause != null && cause instanceof TaskExecutionException) {
@@ -746,11 +567,36 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 					MOAIDException moaTaskCause = (MOAIDException) taskCause;
 					Logger.warn(taskCause);
 					throw moaTaskCause;
-					
+				
 				}									
-			} 
-						
-			throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e);
-		}
+			}
+			
+			throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), moasession }, e);
+		}			
+	}
+			
+	private void sendTransmitAssertionQuestion(HttpServletRequest request,
+			HttpServletResponse response, IRequest target, IOAAuthParameters oaParam)
+			throws ServletException, IOException, MOAIDException { 
+		
+			//TODO: change to process management version!!!!
+		
+			//set authenticated flag to false, because user consents is required
+			target.setAuthenticated(false);
+		
+			
+//			String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), 
+//					target.requestedAction(), target.getRequestID(), oaParam, 
+//					target.getAuthURL());
+
+			String form =null;
+			
+			revisionsLogger.logEvent(target.getOnlineApplicationConfiguration(), 
+					target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
+			
+			response.setContentType("text/html;charset=UTF-8");
+			PrintWriter out = new PrintWriter(response.getOutputStream()); 
+			out.print(form);
+			out.flush(); 
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index fda92d71a..7833e795e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -25,9 +25,7 @@ package at.gv.egovernment.moa.id.moduls;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
index bdbb1b458..79e52f6e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -25,22 +25,12 @@ package at.gv.egovernment.moa.id.moduls;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 
 public interface IModulInfo {
 	//public List<ServletInfo> getServlets();
 	public String getName();
 	public String getPath();
-	
-	public IAction getAction(String action);
-	
-	public IRequest preProcess(HttpServletRequest request, 
-			HttpServletResponse response, String action, String sessionID, String transactionID)
-	throws MOAIDException;
-	
-	public IAction canHandleRequest(HttpServletRequest request, 
-			HttpServletResponse response);
-	
+		
 	public boolean generateErrorMessage(Throwable e,
 			HttpServletRequest request, HttpServletResponse response,
 			IRequest protocolRequest) throws Throwable;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 4ae271bbc..f5d381e42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,32 +22,121 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
-import java.util.Date;
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 
 public interface IRequest {
+		
+	/**
+	 * Indicates the module, which implements this authentication protocol.
+	 * The class, which is referenced, had to implement the 'IModulInfo' interface.
+	 * 
+	 * @return Full-qualified name of the class which implements this protocol
+	 */
+	public String requestedModule();
+	
+	/**
+	 * Indicates the protocol specific action, which should executed if the request is processed. 
+	 * The class, which is referenced, had to implement the 'IAction' interface.
+	 * 
+	 * @return Full-qualified name of the class which implements the action  
+	 */
+	public String requestedAction();
+	
+	/**
+	 * Unique identifier, which indicates the service provider. 
+	 * In case of SAML1 protocol, it is the OA http-GET parameter
+	 * 
+	 * @return Unique identifier for the service provider
+	 */
 	public String getOAURL();
+	
+	/**
+	 * Indicates the passive flag in authentication requests.
+	 * If the passive flag is set, the identification and authentication process 
+	 * failed if no active SSO session is found. 
+	 * 
+	 * @return true, if the is passive flag is set in authentication request, otherwise false
+	 */
 	public boolean isPassiv();
+	
+	/**
+	 * Indicates the force authentication flag in authentication request
+	 * If this flag is set, a new identification and authentication process
+	 * is carried out in any case.
+	 * 
+	 * @return true, if the force authentication flag is set, otherwise false
+	 */
 	public boolean forceAuth();
-	public boolean isSSOSupported();
-	public String requestedModule();
-	public String requestedAction();
-	public void setModule(String module);
-	public void setAction(String action);
-	public String getTarget();
-	public void setRequestID(String id);
-	public String getRequestID();	
-	public String getSessionIdentifier();
-	public void setSessionIdentifier(String sessionIdentifier);
-	public String getRequestedIDP();
-	public MOAResponse getInterfederationResponse();
-	public List<Attribute> getRequestedAttributes();
-	public IOAAuthParameters getOnlineApplicationConfiguration();
+	
+	
+	/**
+	 * Returns a generic request-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the request-data object
+	 * @return The request-data object or null if no data is found with this key
+	 */
+	public Object getGenericData(String key);
+	
+	/**
+	 * Returns a generic request-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the request-data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The request-data object or null if no data is found with this key
+	 */
+	public <T> T getGenericData(String key, final Class<T> clazz);
+	
+	/**
+	 * Store a generic data-object to request with a specific identifier
+	 * 
+	 * @param key Identifier for this data-object
+	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
+	 */
+	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
+		
+	/**
+	 * Hold the identifier of this request object. 
+	 * This identifier can be used to load the request from request storage 
+	 * 
+	 * @return Request identifier
+	 */
+	public String getRequestID();
+	
+
+	/**
+	 * Hold the identifier of the MOASession which is associated with this request
+	 * 
+	 * @return MOASession identifier if a associated session exists, otherwise null
+	 */
+	public String getMOASessionIdentifier();
+
+	
+	/**
+	 * Holds a unique transaction identifier, which could be used for looging
+	 * This transaction identifier is unique for a single identification and authentication process
+	 * 
+	 * @return Unique transaction identifier. 
+	 */
+	public String getUniqueTransactionIdentifier();
+	
+	/**
+	 * Holds a unique session identifier, which could be used for logging 
+	 * This session identifier is unique for the full Single Sign-On session time
+	 * 
+	 * @return Unique session identifier
+	 */
+	public String getUniqueSessionIdentifier();
+	
+	
+	/**
+	 * Hold the identifier if the process instance, which is associated with this request 
+	 * 
+	 * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null
+	 */
+	public String getProcessInstanceId();
+	
 	
 	/**
 	 * get the IDP URL PreFix, which was used for authentication request
@@ -57,5 +146,33 @@ public interface IRequest {
 	public String getAuthURL();
 	public String getAuthURLWithOutSlash();
 	
-	//public void setTarget();
+	/**
+	 * Indicates if this pending request needs authentication
+	 * 
+	 * @return true if this request needs authentication, otherwise false
+	 */
+	public boolean isNeedAuthentication();
+	
+	/**
+	 * Indicates, if this pending request needs Single Sign-On (SSO) functionality 
+	 * 
+	 * @return true if this request needs SSO, otherwise false
+	 */
+	public boolean needSingleSignOnFunctionality();
+	public void setNeedSingleSignOnFunctionality(boolean needSSO);
+	
+	/**
+	 * Indicates, if this pending request is already authenticated
+	 * 
+	 * @return true if this request is already authenticated, otherwise false
+	 */
+	public boolean isAuthenticated();
+	public void setAuthenticated(boolean isAuthenticated);
+	
+	/**
+	 * Get get Service-Provider configuration which is associated with this request.
+	 * 
+	 * @return Service-Provider configuration
+	 */
+	public IOAAuthParameters getOnlineApplicationConfiguration();
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
index 4c76a49a4..6f46edce3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
  * Copyright 2014 Federal Chancellery Austria
  * MOA-ID has been developed in a cooperation between BRZ, the Federal
  * Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,11 +19,23 @@
  * file for details on the various modules and licenses.
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.storage;
+ */
+package at.gv.egovernment.moa.id.moduls;
 
-public interface IExceptionStore {
-	public String storeException(Throwable e);
-	public Throwable fetchException(String id);
-	public void removeException(String id);
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IRequestStorage {
+
+	public IRequest getPendingRequest(String pendingReqID);
+	
+	public void storePendingRequest(IRequest pendingRequest) throws MOAIDException;
+	
+	public void removePendingRequest(String requestID);
+	
+	public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException;
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
index 99b7f4217..13768a343 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
@@ -1,46 +1,46 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.moduls;
-
-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
-
-
-public class ModulUtils {
-
-	public static final String UNAUTHDISPATCHER = "dispatcher";
-	public static final String AUTHDISPATCHER = "dispatcher";
-	
-	public static String buildUnauthURL(String modul, String action, String pendingRequestID) {
-		return UNAUTHDISPATCHER + "?" + 
-				DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
-				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + 
-				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-	}
-	
-	public static String buildAuthURL(String modul, String action, String pendingRequestID) {
-		return AUTHDISPATCHER + 
-				"?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
-				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + 
-				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-	}
-}
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// *******************************************************************************/
+//package at.gv.egovernment.moa.id.moduls;
+//
+//import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+//
+//
+//public class ModulUtils {
+//
+//	public static final String UNAUTHDISPATCHER = "dispatcher";
+//	public static final String AUTHDISPATCHER = "dispatcher";
+//	
+//	public static String buildUnauthURL(String modul, String action, String pendingRequestID) {
+//		return UNAUTHDISPATCHER + "?" + 
+//				DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
+//				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + 
+//				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+//	}
+//	
+//	public static String buildAuthURL(String modul, String action, String pendingRequestID) {
+//		return AUTHDISPATCHER + 
+//				"?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
+//				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + 
+//				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+//	}
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index cdaade1bb..bba9f66ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -25,45 +25,73 @@ package at.gv.egovernment.moa.id.moduls;
 import java.io.Serializable;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
 import org.opensaml.saml2.core.Attribute;
 
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public abstract class RequestImpl implements IRequest, Serializable{
 		
-	private static final long serialVersionUID = 1L;
+	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
+	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
+	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
 	
-	private String oaURL;
-	private boolean passiv = false;
-	private boolean force = false;
-	private boolean ssosupport = false;
+	private static final long serialVersionUID = 1L;
+
 	private String module = null;
 	private String action = null;
-	private String target = null;
+	
 	private String requestID;
-	private String sessionIdentifier;
-	private IOAAuthParameters OAConfiguration = null;
+	private String moaSessionIdentifier;
+	private String processInstanceId;
+	
+	private String uniqueTransactionIdentifer;
+	private String uniqueSessionIdentifer;
+	
+	private String oaURL;
 	private String authURL = null;
+
+	private IOAAuthParameters OAConfiguration = null;
+	
+	private boolean passiv = false;
+	private boolean force = false;
 	
-	//MOA-ID interfederation
-	private String requestedIDP = null;
-	private MOAResponse response = null;
+	private boolean needAuthentication = true;
+	private boolean isAuthenticated = false;
+	private boolean needSSO = false;
+	
+	
+	private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
 	
 	/**
 	 * @throws ConfigurationException 
 	 * 
 	 */
-	public RequestImpl(HttpServletRequest req) throws ConfigurationException {
+	public RequestImpl(HttpServletRequest req) throws ConfigurationException {				
+		//set requestID
+		requestID = Random.nextRandom();
+		
+		//set unique transaction identifier for logging
+		uniqueTransactionIdentifer = Random.nextRandom();		
+		TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
+		
+		
+		//check if End-Point is valid		
 		String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
 		URL authURL;
 		try {
@@ -122,7 +150,16 @@ public abstract class RequestImpl implements IRequest, Serializable{
 				this.authURL = resultURL.toExternalForm();
 				
 			}					
-		}				
+		}
+				
+		//set unique session identifier
+		String uniqueID = (String) req.getAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER);
+		if (MiscUtil.isNotEmpty(uniqueID))
+			uniqueSessionIdentifer = uniqueID;
+		
+		else
+			Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!");
+		
 	}
 	
 	/**
@@ -156,83 +193,44 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		this.force = force;
 	}
 
-	public boolean isSSOSupported() {
-		return ssosupport;
-	}
-
-	public String requestedModule() {
-		return module;
-	}
-
 	public String requestedAction() {
 		return action;
 	}
 
-	public void setSsosupport(boolean ssosupport) {
-		this.ssosupport = ssosupport;
-	}
-
-	public void setModule(String module) {
-		this.module = module;
-	}
-
 	public void setAction(String action) {
 		this.action = action;
 	}
-
-	public String getTarget() {
-		return target;
-	}
 	
-	public void setTarget(String target) {
-		this.target = target;
-	}
-
-	public void setRequestID(String id) {
-		this.requestID = id;
-		
-	}
-
-	public String getRequestID() {
-		return requestID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
+	/**
+	 * @return the module
 	 */
-	@Override
-	public String getRequestedIDP() {
-		return requestedIDP;
+	public String requestedModule() {
+		return module;
 	}
 
 	/**
-	 * @param requestedIDP the requestedIDP to set
+	 * @param module the module to set
 	 */
-	public void setRequestedIDP(String requestedIDP) {
-		this.requestedIDP = requestedIDP;
+	public void setModule(String module) {
+		this.module = module;
 	}
 
-	/**
-	 * @return the response
-	 */
-	public MOAResponse getInterfederationResponse() {
-		return response;
+	public void setRequestID(String id) {
+		this.requestID = id;
+		
 	}
 
-	/**
-	 * @param response the response to set
-	 */
-	public void setInterfederationResponse(MOAResponse response) {
-		this.response = response;
+	public String getRequestID() {
+		return requestID;
 	}
 	
-	public String getSessionIdentifier() {
-		return this.sessionIdentifier;
+	public String getMOASessionIdentifier() {
+		return this.moaSessionIdentifier;
 		
 	}
 	
-	public void setSessionIdentifier(String sessionIdentifier) {
-		this.sessionIdentifier = sessionIdentifier;
+	public void setMOASessionIdentifier(String moaSessionIdentifier) {
+		this.moaSessionIdentifier = moaSessionIdentifier;
 		
 	}
 	
@@ -246,6 +244,36 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		
 	}
 
+	public String getUniqueTransactionIdentifier() {
+		return this.uniqueTransactionIdentifer;
+		
+	}
+	
+	public String getUniqueSessionIdentifier() {
+		return this.uniqueSessionIdentifer;
+		
+	}
+	
+	public String getProcessInstanceId() {
+		return this.processInstanceId;
+		
+	}
+	
+	public void setUniqueTransactionIdentifier(String id) {
+		this.uniqueTransactionIdentifer = id;
+		
+	}
+	
+	public void setUniqueSessionIdentifier(String id) {
+		this.uniqueSessionIdentifer = id;
+		
+	}
+	
+	public void setProcessInstanceId(String id) {
+		this.processInstanceId = id;
+		
+	}
+	
 	/**
 	 * @return the authURL
 	 */
@@ -261,11 +289,99 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		
 	}
 
-//	/**
-//	 * @param authURL the authURL to set
-//	 */
-//	public void setAuthURL(String authURL) {
-//		this.authURL = authURL;
-//	}
+	/**
+	 * @return the needAuthentication
+	 */
+	public boolean isNeedAuthentication() {
+		return needAuthentication;
+	}
+
+	/**
+	 * @param needAuthentication the needAuthentication to set
+	 */
+	public void setNeedAuthentication(boolean needAuthentication) {
+		this.needAuthentication = needAuthentication;
+	}
+
+	/**
+	 * @return the isAuthenticated
+	 */
+	public boolean isAuthenticated() {
+		return isAuthenticated;
+	}
+
+	/**
+	 * @param isAuthenticated the isAuthenticated to set
+	 */
+	public void setAuthenticated(boolean isAuthenticated) {
+		this.isAuthenticated = isAuthenticated;
+	}
+
+	public boolean needSingleSignOnFunctionality() {
+		return needSSO;
+	}
+	public void setNeedSingleSignOnFunctionality(boolean needSSO) {
+		this.needSSO = needSSO;
+		
+	}
+	
+	public Object getGenericData(String key) {
+		if (MiscUtil.isNotEmpty(key)) {
+			return genericDataStorage.get(key);
+			
+		} 
+		
+		Logger.warn("Can not load generic request-data with key='null'");
+		return null;		
+	}
+	
+	public <T> T getGenericData(String key, final Class<T> clazz) {
+		if (MiscUtil.isNotEmpty(key)) {
+			Object data =  genericDataStorage.get(key);
+			
+			if (data == null)
+				return null;
+			
+			try {
+				@SuppressWarnings("unchecked")
+				T test = (T) data;
+				return test;
+				
+			} catch (Exception e) {
+				Logger.warn("Generic request-data object can not be casted to requested type", e);
+				return null;
+				
+			}
+			
+		} 
+		
+		Logger.warn("Can not load generic request-data with key='null'");
+		return null;
+		
+	}
+	
+	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+		if (MiscUtil.isEmpty(key)) {
+			Logger.warn("Generic request-data can not be stored with a 'null' key");
+			throw new SessionDataStorageException("Generic request-data can not be stored with a 'null' key", null);
+			
+		}
+		
+		if (object != null) {
+			if (!Serializable.class.isInstance(object)) {
+				Logger.warn("Generic request-data can only store objects which implements the 'Seralizable' interface");
+				throw new SessionDataStorageException("Generic request-data can only store objects which implements the 'Seralizable' interface", null);
+				
+			}						
+		}
+		
+		if (genericDataStorage.containsKey(key))
+			Logger.debug("Overwrite generic request-data with key:" + key);
+		else
+			Logger.trace("Add generic request-data with key:" + key + " to session.");
+		
+		genericDataStorage.put(key, object);
+		
+	}
 		
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index f0b12431a..66ca42398 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -22,23 +22,32 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 
-public class RequestStorage {
+@Service("RequestStorage")
+public class RequestStorage implements IRequestStorage{
 
-	public static IRequest getPendingRequest(String pendingReqID) {
+	@Autowired ITransactionStorage transactionStorage;
+	@Autowired ProcessInstanceStoreDAO processInstanceStore;
+	
+	@Override
+	public IRequest getPendingRequest(String pendingReqID) {
 		
 		try {
-			AssertionStorage storage = AssertionStorage.getInstance();
-			IRequest pendingRequest = storage.get(pendingReqID, IRequest.class);
+			IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class);
 			
 			//set transactionID and sessionID to Logger
-			TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID());
-			TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier());
+			TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
+			TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier());
 			
 			return pendingRequest;
 		
@@ -49,12 +58,11 @@ public class RequestStorage {
 		}
 	}
 
-	public static void setPendingRequest(Object pendingRequest) throws MOAIDException {
-		try {
-			AssertionStorage storage = AssertionStorage.getInstance();
-			
+	@Override
+	public void storePendingRequest(IRequest pendingRequest) throws MOAIDException {
+		try {			
 			if (pendingRequest instanceof IRequest) {
-				storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
+				transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
 												
 			} else {
 				throw new MOAIDException("auth.20", null);
@@ -69,12 +77,52 @@ public class RequestStorage {
 		
 	}
 	
-	public static void removePendingRequest(String requestID) {
+	@Override
+	public void removePendingRequest(String requestID) {
 		
 		if (requestID != null) {
-			AssertionStorage storage = AssertionStorage.getInstance();
-			storage.remove(requestID);
+			
+			//remove process-management execution instance
+			try {
+				IRequest pendingReq = getPendingRequest(requestID);
+						
+				if (pendingReq != null && 
+						pendingReq.getProcessInstanceId() != null) {
+					processInstanceStore.remove(pendingReq.getProcessInstanceId());
+					
+				}
+
+			} catch (MOADatabaseException e) {
+				Logger.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e);
+				
+			}
+				
+			transactionStorage.remove(requestID);
 			
 		}
 	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest)
+	 */
+	@Override
+	public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException {
+
+		if (pendingRequest instanceof RequestImpl) {
+			String newRequestID = Random.nextRandom();
+			
+			Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID() 
+				+ " to " + newRequestID);
+			
+			((RequestImpl)pendingRequest).setRequestID(newRequestID);			
+			storePendingRequest(pendingRequest);
+			
+			return newRequestID;
+						
+		} else {
+			Logger.error("PendingRequest object is not of type 'RequestImpl.class'");
+			throw new MOAIDException("internal.00", null);
+		}
+		
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 2a618272f..89d50425b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -40,23 +40,27 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.hibernate.Query;
 import org.hibernate.Session;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("MOAID_SSOManager")
 public class SSOManager {
 	
 	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
@@ -65,27 +69,29 @@ public class SSOManager {
 	private static final String SSOCOOKIE = "MOA_ID_SSO";
 	private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
 	
-	private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec
-	
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
+
+	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
+	@Autowired protected AuthConfiguration authConfig;
 	
-	private static SSOManager instance = null;
-	
-	public static SSOManager getInstance() {
-		if (instance == null) {
-			instance = new SSOManager();
-		
-		}
-		
-		return instance;
-	}
-	
+	/**
+	 * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists.
+	 * Set the requested interfederation IDP as attribte of the {protocolRequest}
+	 * 
+	 * @param httpReq HttpServletRequest	
+	 * @param httpResp HttpServletResponse
+	 * @param protocolRequest Authentication request which is actually in process
+	 * @throws SessionDataStorageException 
+	 * 
+	 **/
 	public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IRequest protocolRequest) {
+			IRequest protocolRequest) throws SessionDataStorageException {
 		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 
-		if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
-			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+		String interfederationIDP = 
+				protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+		if (MiscUtil.isNotEmpty(interfederationIDP)) {
+			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
 			return;
 			
 		}
@@ -95,14 +101,14 @@ public class SSOManager {
 			RequestImpl moaReq = (RequestImpl) protocolRequest;
 			if (MiscUtil.isNotEmpty(interIDP)) {
 				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
-				moaReq.setRequestedIDP(interIDP);
+				moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP);
 				
 			} else {
 				//check if IDP cookie is set
 				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
 				if (MiscUtil.isNotEmpty(cookie)) {
 					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
-					moaReq.setRequestedIDP(cookie);
+					moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie);
 				
 					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
 				}				
@@ -120,7 +126,7 @@ public class SSOManager {
 	}
 	
 	
-	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException {
+	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException {
 		
 		// search SSO Session
 		if (ssoSessionID == null) {
@@ -128,7 +134,7 @@ public class SSOManager {
 			return false;
 		}
 		
-		AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+		AuthenticatedSessionStore storedSession = authenticatedSessionStore.isValidSessionWithSSOID(ssoSessionID);
 		
 		if (storedSession == null)
 			return false;
@@ -137,7 +143,7 @@ public class SSOManager {
 			
 			//check if session is out of lifetime
 			Date now = new Date();
-			long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;		
+			long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000;		
 			Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime);
 			if (now.after(ssoSessionValidTo)) {
 				Logger.info("Found outdated SSO session information. Start reauthentication process ... ");
@@ -150,12 +156,16 @@ public class SSOManager {
 					storedSession.isInterfederatedSSOSession() &&
 					!storedSession.isAuthenticated()) {
 
-				if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
-					InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
+				String interfederationIDP = 
+						protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+				
+				if (MiscUtil.isEmpty(interfederationIDP)) {
+					InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
 
 					if (selectedIDP != null) {				
 						//no local SSO session exist -> request interfederated IDP
-						((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix());
+						protocolRequest.setGenericDataToSession(
+								RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
 						
 					} else {
 						Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
@@ -174,16 +184,17 @@ public class SSOManager {
 	}
 	
 	public String getMOASession(String ssoSessionID) {
-		return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+		return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
 		
 	}
 	
+	//TODO: refactor for faster DB access
 	public String getUniqueSessionIdentifier(String ssoSessionID) {
 		try {
 			if (MiscUtil.isNotEmpty(ssoSessionID)) {			
-				String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+				String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
 				if (MiscUtil.isNotEmpty(moaSessionID)) {
-					AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
+					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
 						return extSessionInformation.getUniqueSessionId();
 			
 				}
@@ -253,14 +264,6 @@ public class SSOManager {
 	}
 
 	public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
-		int ssoTimeOut;
-		try {
-			ssoTimeOut = (int) AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut();
-			
-		} catch (ConfigurationException e) {
-			Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT);
-			ssoTimeOut = DEFAULTSSOTIMEOUT;
-		}
 		setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
 		
 	}
@@ -285,12 +288,12 @@ public class SSOManager {
 		
 		if (MiscUtil.isNotEmpty(ssoSessionID)) {
 			
-			AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+			AuthenticatedSessionStore storedSession = authenticatedSessionStore.isValidSessionWithSSOID(ssoSessionID);
 			
 			if (storedSession == null)
 				return false;
 			
-			InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);
+			InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);
 
 			if (selectedIDP != null) {				
 				//no local SSO session exist -> request interfederated IDP
@@ -317,7 +320,7 @@ public class SSOManager {
 			InputStream is = null;
 			String pathLocation = null;
 			try {
-				String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
+				String rootconfigdir = authConfig.getRootConfigFileDir();
 				pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
 				File file = new File(new URI(pathLocation));
 				is = new  FileInputStream(file);
@@ -359,7 +362,7 @@ public class SSOManager {
 		BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
 		
 		//set default elements to velocity context
-		context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
+		context.put("contextpath", authConfig.getPublicURLPrefix());
 		
 		StringWriter writer = new StringWriter();			
 		//velocityEngine.evaluate(context, writer, "SLO_Template", reader);			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
index 5cf84abed..26301d664 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
@@ -61,6 +61,17 @@ public interface ProcessEngine {
 	 */
 	String createProcessInstance(String processDefinitionId) throws ProcessExecutionException;
 
+	
+	/**
+	 * Delete a process instance 
+	 * 
+	 * @param processInstanceId
+	 *            The identifier of the respective process.
+	 * @throws ProcessExecutionException
+	 *             Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist.
+	 */
+	void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException;
+	
 	/**
 	 * Returns the process instance with a given {@code processInstanceId}.
 	 * 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index 096e5ee9e..6da695d75 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -12,8 +12,9 @@ import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
@@ -21,13 +22,13 @@ import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
 import at.gv.egovernment.moa.id.process.api.Task;
 import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
 import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl;
 import at.gv.egovernment.moa.id.process.model.EndEvent;
 import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
 import at.gv.egovernment.moa.id.process.model.ProcessNode;
 import at.gv.egovernment.moa.id.process.model.StartEvent;
 import at.gv.egovernment.moa.id.process.model.TaskInfo;
 import at.gv.egovernment.moa.id.process.model.Transition;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * Process engine implementation allowing starting and continuing processes as well as providing means for cleanup actions.
@@ -36,10 +37,11 @@ public class ProcessEngineImpl implements ProcessEngine {
 
 	private Logger log = LoggerFactory.getLogger(getClass());
 
+	@Autowired ProcessInstanceStoreDAO piStoreDao;
+	@Autowired ApplicationContext context;
+	
 	private ProcessDefinitionParser pdp = new ProcessDefinitionParser();
 
-	ProcessInstanceStoreDAO piStoreDao = ProcessInstanceStoreDAOImpl.getInstance();
-
 	private Map<String, ProcessDefinition> processDefinitions = new ConcurrentHashMap<String, ProcessDefinition>();
 
 	private final static String MDC_CTX_PI_NAME = "processInstanceId";
@@ -176,17 +178,21 @@ public class ProcessEngineImpl implements ProcessEngine {
 		
 		if (clazz != null) {
 			log.debug("Instantiating task implementing class '{}'.", clazz);
-			Class<?> instanceClass = null;
+			Object instanceClass = null;
 			try {
-				instanceClass = Class.forName(clazz, true, Thread.currentThread().getContextClassLoader());
+				instanceClass = context.getBean(clazz);
+				
 			} catch (Exception e) {
 				throw new ProcessExecutionException("Unable to get class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
+				
 			}
-			if (!Task.class.isAssignableFrom(instanceClass)) {
+			if (instanceClass == null || !(instanceClass instanceof Task)) {
 				throw new ProcessExecutionException("Class '" + clazz + "' associated with task '" + ti.getId() + "' is not assignable to " + Task.class.getName() + ".");
+				
 			}
 			try {
-				task = (Task) instanceClass.newInstance();
+				task = (Task) instanceClass;
+				
 			} catch (Exception e) {
 				throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
 			}
@@ -352,5 +358,25 @@ public class ProcessEngineImpl implements ProcessEngine {
 
 		return pi;
 	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.ProcessEngine#deleteProcessInstance(java.lang.String)
+	 */
+	@Override
+	public void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException {
+		if (MiscUtil.isEmpty(processInstanceId)) {
+			throw new ProcessExecutionException("Unable to remove process instance: ProcessInstanceId is empty");
+			
+		}
+			
+		try {
+			piStoreDao.remove(processInstanceId);
+			
+		} catch (MOADatabaseException e) {
+			throw new ProcessExecutionException("Unable to remove process instance.", e);
+			
+		}
+		
+	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
index a75a5de8c..577e971db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
@@ -6,6 +6,7 @@ import org.hibernate.Transaction;
 import org.hibernate.criterion.Restrictions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -14,16 +15,11 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
  * Database backed implementation of the {@link ProcessInstanceStoreDAO}
  * interface.
  */
+@Service("ProcessInstanceStoreage")
 public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
 
 	private Logger log = LoggerFactory.getLogger(getClass());
 
-	private static ProcessInstanceStoreDAO instance = new ProcessInstanceStoreDAOImpl();
-
-	public static ProcessInstanceStoreDAO getInstance() {
-		return instance;
-	}
-
 	@Override
 	public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException {
 		try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java
new file mode 100644
index 000000000..cc1886324
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java
@@ -0,0 +1,268 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+
+public abstract class AbstractProtocolModulController extends AbstractController implements IModulInfo {
+
+	public static final String FINALIZEPROTOCOL_ENDPOINT = "finalizeAuthProtocol";	
+	
+	@Autowired protected ApplicationContext applicationContext;	
+	@Autowired private SSOManager ssomanager; 
+	@Autowired protected AuthenticationManager authmanager;
+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired private AuthenticationDataBuilder authDataBuilder;
+		
+	/**
+	 * Initialize an authentication process for this protocol request
+	 * 
+	 * @param httpReq HttpServletRequest	
+	 * @param httpResp HttpServletResponse
+	 * @param protocolRequest Authentication request which is actually in process
+	 * @throws IOException 
+	 */
+	protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp, 
+			RequestImpl pendingReq) throws IOException {
+		try {
+			if (pendingReq.isNeedAuthentication()) {
+				//request needs authentication --> start authentication process ...
+			
+				//load Parameters from OnlineApplicationConfiguration
+				IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+				
+				if (oaParam == null) {
+					throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
+				}
+		
+				
+				AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq);
+				if (moaSession != null) {					
+					//authenticated MOASession already exists --> protocol-specific postProcessing can start directly 					
+					finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+					
+				}
+							
+			} else {			
+				executeProtocolSpecificAction(req, resp, pendingReq, null);
+			
+			}
+			
+		} catch (Exception e) {
+			buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
+			
+		}		
+	}
+	
+	/**
+	 * Finalize the requested protocol operation
+	 * 
+	 * @param httpReq HttpServletRequest	
+	 * @param httpResp HttpServletResponse
+	 * @param protocolRequest Authentication request which is actually in process
+	 * @param moaSession MOASession object, which is used to generate the protocol specific authentication information
+	 * @throws Exception 
+	 */
+	protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, 
+			IRequest pendingReq, AuthenticationSession moaSession) throws Exception {
+
+		String newSSOSessionId = null;
+		
+		//if Single Sign-On functionality is enabled for this request
+		if (pendingReq.needSingleSignOnFunctionality()) {
+			
+			//Store SSO information into database
+			newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(), 
+					pendingReq.getOAURL());
+	
+			//set SSO cookie to response
+			if (MiscUtil.isNotEmpty(newSSOSessionId)) {
+				ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+		
+			} else {
+				ssomanager.deleteSSOSessionID(req, resp);
+			
+			}
+			
+		}
+		
+		//build authenticationdata from session information and OA configuration
+		IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, moaSession);	
+			
+		//execute the protocol-specific action
+		SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData);
+		
+		//check if SSO 
+		boolean isSSOCookieSetted = MiscUtil.isNotEmpty(newSSOSessionId);
+		
+		//Store OA specific SSO session information if an SSO cookie is set
+		if (isSSOCookieSetted) { 		
+			try {				 
+				authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), 
+						newSSOSessionId, sloInformation, pendingReq);
+											
+			} catch (AuthenticationException e) {
+				Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");				
+				authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+				
+			}
+		
+		} else {
+			//remove MOASession from database
+			authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+			
+		}
+	
+		//Advanced statistic logging
+		statisticLogger.logSuccessOperation(pendingReq, authData, isSSOCookieSetted);
+				
+	}
+	
+	/**
+	 * Executes the requested protocol action
+	 * 
+	 * @param httpReq HttpServletRequest	
+	 * @param httpResp HttpServletResponse
+	 * @param protocolRequest Authentication request which is actually in process
+	 * @param authData Service-provider specific authentication data
+	 * 
+	 * @return Return Single LogOut information or null if protocol supports no SSO
+	 * 
+	 * @throws Exception 
+	 */
+	private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp, 
+			IRequest pendingReq, IAuthData authData) throws Exception {
+		try {
+		//	request needs no authentication --> start request processing
+			Class<?> clazz = Class.forName(pendingReq.requestedAction());
+			if (clazz == null || 
+					!clazz.isInstance(IAction.class)) {
+				Logger.fatal("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
+				throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
+				
+			}
+							
+			IAction protocolAction = (IAction) applicationContext.getBean(clazz);			 
+			return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData);
+			
+		} catch (ClassNotFoundException e) {
+			Logger.fatal("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
+			throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
+		}
+		
+	}
+	
+	protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, 
+			HttpServletResponse resp, IRequest protocolRequest) throws IOException {
+		try {
+			
+			Class<?> clazz = Class.forName(protocolRequest.requestedModule());
+			if (clazz == null || 
+					!clazz.isInstance(IModulInfo.class)) {
+				Logger.fatal("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
+				throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
+				
+			}
+							
+			IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz);
+												
+			if (handlingModule.generateErrorMessage(
+					throwable, req, resp, protocolRequest)) {
+		
+				//log Error Message
+				statisticLogger.logErrorOperation(throwable, protocolRequest);
+				
+				//remove MOASession
+				AuthenticationSession moaSession = authenticatedSessionStorage.getSession(
+						protocolRequest.getMOASessionIdentifier());
+				if (moaSession != null)
+					authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+				
+				return;
+				
+			} else {
+				handleErrorNoRedirect(throwable, req, resp);
+				
+			}
+			
+		} catch (Throwable e) {
+			Logger.error(e);
+			handleErrorNoRedirect(throwable, req, resp);
+		}
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getName()
+	 */
+	@Override
+	public abstract String getName();
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getPath()
+	 */
+	@Override
+	public abstract String getPath();
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+	 */
+	@Override
+	public abstract boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response,
+			IRequest protocolRequest) throws Throwable;
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+	 */
+	@Override
+	public abstract boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
new file mode 100644
index 000000000..ed53d1a20
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class ProtocolFinalizationController extends AbstractProtocolModulController {
+	
+	@RequestMapping(value = "/finalizeAuthProtocol", method = {RequestMethod.GET})
+	public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+		
+		//read pendingRequest from http request
+		Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+		IRequest pendingReq = null;
+		String pendingRequestID = null;
+		if (idObject != null && (idObject instanceof String)) {
+			pendingRequestID = (String) idObject;
+			pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+			
+		}
+ 				
+		//receive an authentication error
+		String errorid = req.getParameter(ERROR_CODE_PARAM);
+		if (errorid != null) {
+			try {				
+				//load stored exception from database
+				Throwable throwable = transactionStorage.get(errorid, Throwable.class);
+				transactionStorage.remove(errorid);
+							
+				if (throwable != null) {					
+					if (pendingReq != null) {
+						revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
+	
+						//build protocol-specific error message if possible
+						buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
+						
+						//log Error Message
+						statisticLogger.logErrorOperation(throwable, pendingReq);
+						
+						//get MOASession for this pendingRequest
+						AuthenticationSession moaSession = 
+								authenticatedSessionStorage.getSession(
+										pendingReq.getMOASessionIdentifier());
+						
+						//remove MOASession if someone is found
+						if (moaSession != null)
+							authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+	
+						return;
+	
+					} else {
+						handleErrorNoRedirect(throwable, req, resp);
+	
+					}
+				} else {
+					handleErrorNoRedirect(new Exception(
+							MOAIDMessageProvider.getInstance().getMessage("auth.26", null)), 
+							req, resp);
+					
+				}
+				
+			} catch (Throwable e) {
+			Logger.error(e);
+			handleErrorNoRedirect(e, req, resp);
+			
+			}
+		
+			// receive a pending request 
+		} else {
+			if (pendingReq == null) {
+				Logger.error("No PendingRequest with ID " + pendingRequestID + " found.!");		
+				handleErrorNoRedirect(new MOAIDException("auth.28", new Object[]{pendingRequestID}), req, resp);							
+				return;
+				
+			}
+			try {
+				Logger.debug("Finalize PendingRequest with ID " + pendingRequestID);
+			
+				//get MOASession from database				
+				String sessionID = pendingReq.getMOASessionIdentifier();
+			
+				// check parameter
+				if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+					throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12");
+				
+				}	
+				
+				//load MOASession from database
+				AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID);
+				if (moaSession == null) {
+					Logger.error("No MOASession with ID " + sessionID + " found.!");		
+					handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp);							
+					return;
+					
+				}
+								
+				//check if MOASession and pending-request are authenticated
+				if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				
+					finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+									
+				} else {
+					Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		
+					handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp);							
+					return;
+									
+				}
+							
+			} catch (Exception e) {
+				Logger.error("Finalize authentication protocol FAILED." , e);
+				buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
+				
+			}		
+		}
+		
+		//remove pending-request
+		requestStorage.removePendingRequest(pendingRequestID);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getName()
+	 */
+	@Override
+	public String getName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getPath()
+	 */
+	@Override
+	public String getPath() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+	 */
+	@Override
+	public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response,
+			IRequest protocolRequest) throws Throwable {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+	 */
+	@Override
+	public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java
new file mode 100644
index 000000000..e8b8022c4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
+
+	@Autowired private SSOManager ssomanager;
+	
+	/* (non-Javadoc)
+	 * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
+	 */
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+			throws Exception {
+		
+		//get SSO Cookie for Request
+		String ssoId = ssomanager.getSSOSessionID(request);
+		
+		//search for unique session identifier
+		String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											
+		if (MiscUtil.isEmpty(uniqueSessionIdentifier))
+			uniqueSessionIdentifier = Random.nextRandom();
+		TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
+		
+		request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
+		
+		return true; 
+	}
+
+	/* (non-Javadoc)
+	 * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView)
+	 */
+	@Override
+	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+			ModelAndView modelAndView) throws Exception {
+		
+		//set security headers
+		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+	}
+
+	/* (non-Javadoc)
+	 * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception)
+	 */
+	@Override
+	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+			throws Exception {
+		// TODO Auto-generated method stub
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 9327cabd7..c9a34496a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
 
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
@@ -36,8 +37,8 @@ import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
-
-import java.util.Arrays;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -51,15 +52,19 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author tlenz
  *
  */
+@Service("AttributQueryAction")
 public class AttributQueryAction implements IAction {
 
+	@Autowired IAuthenticationSessionStoreage authenticationSessionStorage;
+	@Autowired private AuthenticationDataBuilder authDataBuilder;
+	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
 	
@@ -86,7 +91,7 @@ public class AttributQueryAction implements IAction {
 			//load moaSession
 			String nameID = attrQuery.getSubject().getNameID().getValue();
 			
-			AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID);
+			AuthenticationSession session = authenticationSessionStorage.getSessionWithUserNameID(nameID);
 			if (session == null) {
 				Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
 				throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null);
@@ -96,7 +101,7 @@ public class AttributQueryAction implements IAction {
 			DateTime date = new DateTime();
 			
 			//generate authData
-			authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());
+			authData = authDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());
 
 			//add default attributes in case of mandates or STORK is in use
 			List<String> attrList = addDefaultAttributes(attrQuery, authData);			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 04b7854b1..eb4cb8a18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.stereotype.Service;
+
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
 
+@Service("PVPAuthenticationRequestAction")
 public class AuthenticationAction implements IAction {
 
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
@@ -54,7 +57,8 @@ public class AuthenticationAction implements IAction {
 	}
 
 	public String getDefaultActionName() {
-		return (PVP2XProtocol.REDIRECT);
+		return "PVPAuthenticationRequestAction";
+		
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 50f91df44..5c1c60dc8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -62,6 +62,8 @@ import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.Signer;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -79,15 +81,18 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableEx
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
+@Service("pvpMetadataService")
 public class MetadataAction implements IAction {
 
 	private static final int VALIDUNTIL_IN_HOURS = 24;
-		
+
+	@Autowired private MOAReversionLogger revisionsLogger;
+	
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
 		try {
 
-			MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
+			revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
 			
 			EntitiesDescriptor idpEntitiesDescriptor = 
 					SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index c0ec086ed..fc4928366 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -23,10 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Iterator;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
@@ -55,10 +52,11 @@ import org.opensaml.ws.security.SecurityPolicyException;
 import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.signature.SignableXMLObject;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -66,14 +64,9 @@ import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
@@ -103,7 +96,8 @@ import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
+@Controller
+public class PVP2XProtocol extends AbstractProtocolModulController  {
 
 	public static final String NAME = PVP2XProtocol.class.getName();
 	public static final String PATH = "id_pvp2x";
@@ -119,41 +113,15 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 	public static final String ENDPOINT_SP = "sp";
 	
 	public static final String PARAMETER_ENDPOINT = "endpointtype";
-	
-	private static List<IDecoder> decoder = new ArrayList<IDecoder>();
-
-	private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-	
+		
 	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
 			new String[] {
 					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
 			});
 	
-	static {		
-		decoder.add(new PostBinding());
-		decoder.add(new RedirectBinding());
-		decoder.add(new SoapBinding());
-		
-		actions.put(REDIRECT, new AuthenticationAction());
-		actions.put(POST, new AuthenticationAction());
-		actions.put(METADATA, new MetadataAction());
-		actions.put(ATTRIBUTEQUERY, new AttributQueryAction());
-		actions.put(SINGLELOGOUT, new SingleLogOutAction());
-		
-		//TODO: insert getArtifact action
-		
-		instance = new PVP2XProtocol();
-		
+	static {			
 		new VelocityLogAdapter();
-	}
-
-	private static PVP2XProtocol instance = null;
-
-	public static PVP2XProtocol getInstance() {
-		if (instance == null) {
-			instance = new PVP2XProtocol();
-		}
-		return instance;
+		
 	}
 
 	public String getName() {
@@ -163,65 +131,139 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 	public String getPath() {
 		return PATH;
 	}
-
-	private IDecoder findDecoder(String action, HttpServletRequest req) {
-		Iterator<IDecoder> decoderIT = decoder.iterator();
-		while (decoderIT.hasNext()) {
-			IDecoder decoder = decoderIT.next();
-			if (decoder.handleDecode(action,  req)) {
-				return decoder;
-			}
-		}
-
-		return null;
-	}
-
-	private boolean isServiceProviderEndPointUsed(HttpServletRequest req) throws InvalidProtocolRequestException {
-		Object obj = req.getParameter(PARAMETER_ENDPOINT);
-		if (obj instanceof String) {
-			String param = (String) obj;
-			if (MiscUtil.isNotEmpty(param)) {
-				if (ENDPOINT_IDP.equals(param))
-					return false;
-				
-				else if (ENDPOINT_SP.equals(param))
-					return true;
-			}			
-		}
-		
-		Logger.error("No valid PVP 2.1 entpoint descriptor");
-		throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
-	}
 	
 	public PVP2XProtocol() {
 		super();
 	}
-	
-	public IRequest preProcess(HttpServletRequest request,
-			HttpServletResponse response, String action,
-			String sessionId, String transactionId) throws MOAIDException {
-
 		
-		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
+	//PVP2.x metadata end-point
+	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
+	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
 			Logger.info("PVP2.1 is deaktivated!");
 			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
 			
 		}
+		//create pendingRequest object
+		PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req);
+		pendingReq.setModule(NAME);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+				
+		MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class);
+		metadataAction.processRequest(new PVPTargetConfiguration(req), 
+				req, resp, null);
 		
-		
-		if(METADATA.equals(action)) {
-			return new PVPTargetConfiguration(request);
+	}
+	
+	//PVP2.x IDP POST-Binding end-point
+	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+			Logger.info("PVP2.1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
 			
 		}
 		
-		IDecoder decoder = findDecoder(action, request);
-		if (decoder == null) {
-			return null;
+		try {
+			//create pendingRequest object
+			PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req);
+			pendingReq.setModule(NAME);
+			
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+			revisionsLogger.logEvent(
+					pendingReq.getUniqueSessionIdentifier(), 
+					pendingReq.getUniqueTransactionIdentifier(), 
+					MOAIDEventConstants.TRANSACTION_IP, 
+					req.getRemoteAddr());
+			
+			//get POST-Binding decoder implementation
+			PostBinding coder = applicationContext.getBean(PostBinding.class);
+			InboundMessage msg = (InboundMessage) coder.decode(req, resp, false);
+			pendingReq.setRequest(msg);
+			
+			//preProcess Message
+			preProcess(req, resp, pendingReq);
+						
+		} catch (SecurityPolicyException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			
+		} catch (SecurityException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			
+		} catch (Throwable e) {			
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+						
+			throw new MOAIDException(e.getMessage(), new Object[] {});
+		}					
+	}
+	
+	//PVP2.x IDP Redirect-Binding end-point
+	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
+	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
+			Logger.info("PVP2.1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
 		}
+		
 		try {
+			//create pendingRequest object
+			PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req);
+			pendingReq.setModule(NAME);
+			
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+			revisionsLogger.logEvent(
+					pendingReq.getUniqueSessionIdentifier(), 
+					pendingReq.getUniqueTransactionIdentifier(), 
+					MOAIDEventConstants.TRANSACTION_IP, 
+					req.getRemoteAddr());
+			
+			//get POST-Binding decoder implementation
+			RedirectBinding coder = applicationContext.getBean(RedirectBinding.class);
+			InboundMessage msg = (InboundMessage) coder.decode(req, resp, false);
+			pendingReq.setRequest(msg);
+			
+			//preProcess Message
+			preProcess(req, resp, pendingReq);
+						
+		} catch (SecurityPolicyException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			
+		} catch (SecurityException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			
+		} catch (Throwable e) {			
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
 						
-			InboundMessage msg = (InboundMessage) decoder.decode(request, response, isServiceProviderEndPointUsed(request));
+			throw new MOAIDException(e.getMessage(), new Object[] {});
+		}					
+	}
+	
+	
+	
+	
+	public void preProcess(HttpServletRequest request,
+			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
 			
+			InboundMessage msg = pendingReq.getRequest();
+		
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
 				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
 				
@@ -236,91 +278,76 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 							
 			if (msg instanceof MOARequest && 
 					((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
-				return preProcessAuthRequest(request, response, (MOARequest) msg, sessionId, transactionId);
+				preProcessAuthRequest(request, response, pendingReq);
 			
 			else if (msg instanceof MOARequest && 
 					((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
-				return preProcessAttributQueryRequest(request, response, (MOARequest) msg, sessionId, transactionId);
+				preProcessAttributQueryRequest(request, response, pendingReq);
 
 			else if (msg instanceof MOARequest && 
 					((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
-				return preProcessLogOut(request, response, msg, sessionId, transactionId);
+				preProcessLogOut(request, response, pendingReq);
 			
 			else if (msg instanceof MOAResponse && 
 					((MOAResponse)msg).getResponse() instanceof LogoutResponse)
-				return preProcessLogOut(request, response, msg, sessionId, transactionId);
-			
-			else if (msg instanceof MOAResponse &&
-					((MOAResponse)msg).getResponse() instanceof Response) {
-				//load service provider AuthRequest from session
-											
-				IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
-				if (obj instanceof RequestImpl) {
-					RequestImpl iReqSP = (RequestImpl) obj;
-
-					MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
-					
-					MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
-					
-					if ( processedMsg != null ) {
-						iReqSP.setInterfederationResponse(processedMsg);
-
-						MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
-						
-						Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() 
-								+ ". Switch to original transaction with ID " + iReqSP.getRequestID());
-						TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
-						TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
-												
-					} else {
-						Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." 
-								+". Switch back local authentication process ...");			
-						
-						SSOManager ssomanager = SSOManager.getInstance();						
-						ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
-						
-						iReqSP.setRequestedIDP(null);	
-						
-					}
-									
-					return iReqSP;
-					
-				}
-
-				Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type.");
-				return null;
-							
-			} else {
+				preProcessLogOut(request, response, pendingReq);
+			
+			else {
 				Logger.error("Receive unsupported PVP21 message");
 				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
 			}
 			
-		} catch (PVP2Exception e) {
-			String samlRequest = request.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			throw e;
-		
-		} catch (SecurityPolicyException e) {
-			String samlRequest = request.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+					pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
 			
-		} catch (SecurityException e) {
-			String samlRequest = request.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			//switch to session authentication
+			performAuthentication(request, response, pendingReq);
+						
+//			else if (msg instanceof MOAResponse &&
+//					((MOAResponse)msg).getResponse() instanceof Response) {
+//				//load service provider AuthRequest from session
+//											
+//				IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
+//				if (obj instanceof RequestImpl) {
+//					RequestImpl iReqSP = (RequestImpl) obj;
+//
+//					MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
+//					
+//					MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+//					
+//					if ( processedMsg != null ) {
+//						iReqSP.setInterfederationResponse(processedMsg);
+//
+//						MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
+//						
+//						Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() 
+//								+ ". Switch to original transaction with ID " + iReqSP.getRequestID());
+//						TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
+//						TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
+//												
+//					} else {
+//						Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." 
+//								+". Switch back local authentication process ...");			
+//						
+//						SSOManager ssomanager = SSOManager.getInstance();						
+//						ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+//						
+//						iReqSP.setRequestedIDP(null);	
+//						
+//					}
+//									
+//					return iReqSP;
+//					
+//				}
+//
+//				Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type.");
+//				return null;
+							
+//			}
 			
-		} catch (InvalidProtocolRequestException e) {
-			String samlRequest = request.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			throw e;
 			
-		} catch (Throwable e) {			
-			String samlRequest = request.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-						
-			throw new MOAIDException(e.getMessage(), new Object[] {});
-		}
+
+			
 	}
 
 	public boolean generateErrorMessage(Throwable e,
@@ -423,26 +450,6 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		return true;
 	}
 
-	public IAction getAction(String action) {
-		return actions.get(action);
-	}
-
-	public IAction canHandleRequest(HttpServletRequest request,
-			HttpServletResponse response) {
-		if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
-			return getAction(REDIRECT);
-			
-		} else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
-			return getAction(POST);
-			
-		} 
-		
-		if(METADATA.equals(request.getParameter("action"))) {
-			return getAction(METADATA);
-		}
-		return null;
-	}
-
 	public boolean validate(HttpServletRequest request,
 			HttpServletResponse response, IRequest pending) {
 		
@@ -458,12 +465,10 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 	 * @return
 	 * @throws MOAIDException 
 	 */
-	private IRequest preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, InboundMessage inMsg,
-			String sessionId, String transactionId) throws MOAIDException {
+	private void preProcessLogOut(HttpServletRequest request,
+			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException {
 
-		PVPTargetConfiguration config = new PVPTargetConfiguration(request);
-		
+		InboundMessage inMsg = pendingReq.getRequest();		
 		MOARequest msg;
 		if (inMsg instanceof MOARequest && 
 				((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
@@ -482,11 +487,11 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 			
 			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
 						
-			config.setOAURL(oaURL);
-			config.setOnlineApplicationConfiguration(oa);
-			config.setBinding(msg.getRequestBinding());
+			pendingReq.setOAURL(oaURL);
+			pendingReq.setOnlineApplicationConfiguration(oa);
+			pendingReq.setBinding(msg.getRequestBinding());
 			
-			MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
 			
 
 						
@@ -524,23 +529,26 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 			throw new MOAIDException("Unsupported request", new Object[] {});
 		
 		
-		config.setRequest(inMsg);
-		config.setAction(SINGLELOGOUT);
-		return config;
+		pendingReq.setRequest(inMsg);
+		pendingReq.setAction(SINGLELOGOUT);
+		
+		//Single LogOut Request needs no authentication 
+		pendingReq.setNeedAuthentication(false);
+		
+		//set protocol action, which should be executed
+		pendingReq.setAction(SingleLogOutAction.class.getName());
 	}
 	
 	/**
 	 * PreProcess AttributeQuery request 
 	 * @param request
 	 * @param response
-	 * @param moaRequest
-	 * @return
+	 * @param pendingReq
 	 * @throws Throwable
 	 */
-	private IRequest preProcessAttributQueryRequest(HttpServletRequest request,
-			HttpServletResponse response, MOARequest moaRequest,
-			String sessionId, String transactionId) throws Throwable {
-		
+	private void preProcessAttributQueryRequest(HttpServletRequest request,
+			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
+		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
 		AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
 		moaRequest.setEntityID(attrQuery.getIssuer().getValue());
 		
@@ -571,29 +579,34 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 			
 		}
 			
-		PVPTargetConfiguration config = new PVPTargetConfiguration(request);
-		config.setRequest(moaRequest);
-		config.setOAURL(moaRequest.getEntityID());
-		config.setOnlineApplicationConfiguration(oa);
-		config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+		pendingReq.setRequest(moaRequest);
+		pendingReq.setOAURL(moaRequest.getEntityID());
+		pendingReq.setOnlineApplicationConfiguration(oa);
+		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+		
+		//Attribute-Query Request needs authentication 
+		pendingReq.setNeedAuthentication(true);
+		
+		//set protocol action, which should be executed after authentication
+		pendingReq.setAction(AttributQueryAction.class.getName());
+		
+		//write revisionslog entry
+		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
 		
-		MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
 		
-		return config;
 	}
 	
 	/**
 	 * PreProcess Authn request
 	 * @param request
 	 * @param response
-	 * @param moaRequest
-	 * @return
+	 * @param pendingReq
 	 * @throws Throwable
 	 */
-	private IRequest preProcessAuthRequest(HttpServletRequest request,
-			HttpServletResponse response, MOARequest moaRequest,
-			String sessionId, String transactionId) throws Throwable {
-		
+	private void preProcessAuthRequest(HttpServletRequest request,
+			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
+
+		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());		
 		SignableXMLObject samlReq =  moaRequest.getSamlRequest();
 
 		if(!(samlReq instanceof AuthnRequest)) {
@@ -620,7 +633,6 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 			
 		}
 			
-		
 		//parse AssertionConsumerService
 		AssertionConsumerService consumerService = null;
 		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && 
@@ -699,21 +711,25 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		
 		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
 
-		PVPTargetConfiguration config = new PVPTargetConfiguration(request);		
-		config.setOAURL(oaURL);
-		config.setOnlineApplicationConfiguration(oa);
-		config.setBinding(consumerService.getBinding());
-		config.setRequest(moaRequest);
-		config.setConsumerURL(consumerService.getLocation());
+		pendingReq.setOAURL(oaURL);
+		pendingReq.setOnlineApplicationConfiguration(oa);
+		pendingReq.setBinding(consumerService.getBinding());
+		pendingReq.setRequest(moaRequest);
+		pendingReq.setConsumerURL(consumerService.getLocation());
 		
 		//parse AuthRequest
-		config.setPassiv(authReq.isPassive());
-		config.setForce(authReq.isForceAuthn());
+		pendingReq.setPassiv(authReq.isPassive());
+		pendingReq.setForce(authReq.isForceAuthn());
 		
+		//AuthnRequest needs authentication
+		pendingReq.setNeedAuthentication(true);
 
-		MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
+		//set protocol action, which should be executed after authentication
+		pendingReq.setAction(AuthenticationAction.class.getName());
+		
+		//write revisionslog entry
+		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
 		
-		return config;
 	}
 	
 	/**
@@ -753,5 +769,5 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		}
 		
 		return null;
-	}
+	}	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 5062646b6..0dd309154 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -25,27 +25,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.artifact.SAMLArtifactMap;
 import org.opensaml.xml.io.MarshallingException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 
+@Service("PVPAssertionStorage")
 public class PVPAssertionStorage implements SAMLArtifactMap {
-
-	private static PVPAssertionStorage instance = null;
-	
-	public static PVPAssertionStorage getInstance() {
-		if(instance == null) {
-			instance = new PVPAssertionStorage();
-		}
-		return instance;
-	}
-	
-	//private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
-	private AssertionStorage assertions = AssertionStorage.getInstance();
 	
+	@Autowired private ITransactionStorage transactionStorage;
+		
 	public boolean contains(String artifact) {
-		return assertions.containsKey(artifact);
+		return transactionStorage.containsKey(artifact);
 	}
 
 	public void put(String artifact, String relyingPartyId, String issuerId,
@@ -56,7 +49,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 				samlMessage);
 		
 		try {
-			assertions.put(artifact, assertion);
+			transactionStorage.put(artifact, assertion);
 			
 		} catch (MOADatabaseException e) {
 			// TODO Insert Error Handling, if Assertion could not be stored
@@ -66,7 +59,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 
 	public SAMLArtifactMapEntry get(String artifact) {
 		try {
-			return assertions.get(artifact, SAMLArtifactMapEntry.class);
+			return transactionStorage.get(artifact, SAMLArtifactMapEntry.class);
 			
 		} catch (MOADatabaseException e) {
 			// TODO Insert Error Handling, if Assertion could not be read
@@ -76,7 +69,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 	}
 
 	public void remove(String artifact) {
-		assertions.remove(artifact);
+		transactionStorage.remove(artifact);
 	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 0b402a0fd..07367e1d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -43,7 +43,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.logging.Logger;
 
 public class PVPTargetConfiguration extends RequestImpl {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 582f5939d..8928aaeca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -37,6 +37,8 @@ import org.hibernate.Transaction;
 import org.opensaml.saml2.core.LogoutRequest;
 import org.opensaml.saml2.core.LogoutResponse;
 import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -57,8 +59,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -68,8 +70,14 @@ import at.gv.egovernment.moa.util.URLEncoder;
  * @author tlenz
  *
  */
+@Service("pvpSingleLogOutService")
 public class SingleLogOutAction implements IAction {
 
+	@Autowired private SSOManager ssomanager;
+	@Autowired private AuthenticationManager authManager;
+	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
+	@Autowired private ITransactionStorage transactionStorage;
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
 	 */
@@ -87,7 +95,7 @@ public class SingleLogOutAction implements IAction {
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 				
 			AuthenticationSession session = 
-					AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID(
+					authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
 							logOutReq.getIssuer().getValue(), 
 							logOutReq.getNameID().getValue());
 				
@@ -96,7 +104,6 @@ public class SingleLogOutAction implements IAction {
 							+ logOutReq.getNameID().getValue() + " and OA " 
 							+ logOutReq.getIssuer().getValue());
 					Logger.info("Search active SSO session with SSO session cookie");
-					SSOManager ssomanager =  SSOManager.getInstance();
 					String ssoID = ssomanager.getSSOSessionID(httpReq);
 					if (MiscUtil.isEmpty(ssoID)) {
 						Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -110,7 +117,7 @@ public class SingleLogOutAction implements IAction {
 					} else {
 						String moasession = ssomanager.getMOASession(ssoID);						
 						try {
-							session = AuthenticationSessionStoreage.getSession(moasession);
+							session = authenticationSessionStorage.getSession(moasession);
 														
 						} catch (MOADatabaseException e) {
 							Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -124,8 +131,7 @@ public class SingleLogOutAction implements IAction {
 						}						
 					}					
 				}
-
-				AuthenticationManager authManager = AuthenticationManager.getInstance();
+				
 				authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
 							
 			} else if (pvpReq.getRequest() instanceof MOAResponse &&
@@ -235,7 +241,7 @@ public class SingleLogOutAction implements IAction {
 							        else
 							        	statusCode  = MOAIDAuthConstants.SLOSTATUS_ERROR;
 
-									AssertionStorage.getInstance().put(artifact, statusCode);
+									transactionStorage.put(artifact, statusCode);
 							        redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
 							        
 								}								
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
deleted file mode 100644
index 4d353ffcd..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.Signature;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-
-public class ArtifactBinding implements IDecoder, IEncoder {
-
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState)
-			throws MessageEncodingException, SecurityException {
-
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState)
-			throws MessageEncodingException, SecurityException {
-		try {
-			Credential credentials = CredentialProvider
-					.getIDPAssertionSigningCredential();
-
-			Signature signer = CredentialProvider.getIDPSignature(credentials);
-			response.setSignature(signer);
-			
-			VelocityEngine engine = new VelocityEngine();
-			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-			engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-			engine.setProperty("classpath.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
-			engine.init();
-
-			HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine,
-					"resources/templates/pvp_postbinding_template.html",
-					PVPAssertionStorage.getInstance());
-
-			encoder.setPostEncoding(false);
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-
-			encoder.encode(context);
-		} catch (CredentialsNotAvailableException e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-			
-		} catch (Exception e) {
-			throw new SecurityException(e);
-		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException,
-			SecurityException {
-
-		return null;
-	}
-
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-
-		return false;
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_ARTIFACT_BINDING_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index b8f7e6d80..9e176f724 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.velocity.app.VelocityEngine;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
@@ -48,6 +47,7 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.x509.X509Credential;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("PVPPostBindingCoder")
 public class PostBinding implements IDecoder, IEncoder {
 
 	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
deleted file mode 100644
index 7f6054f2d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry;
-import org.opensaml.saml2.core.ArtifactResolve;
-import org.opensaml.saml2.core.ArtifactResponse;
-
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class ArtifactResolution implements IRequestHandler {
-
-	public boolean handleObject(InboundMessage obj) {
-		return (obj instanceof MOARequest && 
-				((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve);
-	}
-
-	public SLOInformationInterface process(PVPTargetConfiguration obj, HttpServletRequest req,
-			HttpServletResponse resp, IAuthData authData) throws MOAIDException {
-		if (!handleObject(obj.getRequest())) {
-			throw new MOAIDException("pvp2.13", null);
-		}
-		
-		ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj.getRequest()).getSamlRequest();
-		String artifactID = artifactResolve.getArtifact().getArtifact();
-
-		PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
-
-		if (!pvpAssertion.contains(artifactID)) {
-			throw new RequestDeniedException();
-		} else {
-			try {
-				SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
-				ArtifactResponse response = SAML2Utils
-						.createSAMLObject(ArtifactResponse.class);
-				response.setMessage(assertion.getSamlMessage());
-				response.setIssueInstant(new DateTime());
-				SoapBinding encoder = new SoapBinding();
-				encoder.encodeRespone(req, resp, response, null, null);
-			} catch (Exception e) {
-				Logger.error("Failed to resolve artifact", e);
-			}
-		}
-		
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 059e68865..974d90e11 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -41,15 +41,14 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -92,12 +91,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
 			binding = new RedirectBinding();
-			
-		} else if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
-			// TODO: not supported YET!!
-			binding = new ArtifactBinding();
-			
+						
 		} else if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_POST_BINDING_URI)) {
 			binding = new PostBinding();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index b58b09f12..f26b2a735 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -30,12 +30,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
 
 public class RequestManager {
@@ -54,7 +51,7 @@ public class RequestManager {
 	private RequestManager() {
 		handler = new ArrayList<IRequestHandler>();
 		handler.add(new AuthnRequestHandler());
-		handler.add(new ArtifactResolution());
+		
 	}
 	
 	public SLOInformationInterface handle(PVPTargetConfiguration pvpRequest, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 9dee39fe8..743caec55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -32,6 +32,7 @@ import org.hibernate.HibernateException;
 import org.hibernate.Query;
 import org.hibernate.Session;
 import org.hibernate.Transaction;
+import org.springframework.stereotype.Service;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 
@@ -52,21 +53,22 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-public class AuthenticationSessionStoreage {
-
-	//private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
+@Service("AuthenticationSessionStoreage")
+public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
 
 	private static JsonMapper mapper = new JsonMapper();
 	
-	public static boolean isAuthenticated(String moaSessionID) {
+	@Override
+	public boolean isAuthenticated(String moaSessionID) {
 		
 		AuthenticatedSessionStore session;
 		
@@ -79,7 +81,8 @@ public class AuthenticationSessionStoreage {
 		}
 	}
 
-	public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
+	@Override
+	public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
 		String id = Random.nextRandom();
 		try {
 			AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
@@ -95,7 +98,7 @@ public class AuthenticationSessionStoreage {
 		
 			//set additional session informations
 			AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions();
-			sessionExt.setUniqueSessionId(target.getSessionIdentifier());
+			sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
 			dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
 		
 			AuthenticationSession session = new AuthenticationSession(id, now);
@@ -119,7 +122,11 @@ public class AuthenticationSessionStoreage {
 				
 	}
 
-	public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+	@Override
+	public AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+		
+		if (MiscUtil.isEmpty(sessionID))
+			return null;
 		
 		try {
 			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
@@ -127,7 +134,7 @@ public class AuthenticationSessionStoreage {
 								
 		} catch (MOADatabaseException e) {
 			Logger.info("No MOA Session with id: " + sessionID);
-			throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+			return null;
 			
 		} catch (Throwable e) {
 			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
@@ -135,7 +142,8 @@ public class AuthenticationSessionStoreage {
 		}
 	}
 
-	public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
+	@Override
+	public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
 		AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
 		
 		if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) {
@@ -151,7 +159,8 @@ public class AuthenticationSessionStoreage {
 		
 	}
 	
-	public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
+	@Override
+	public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
 		try {
 			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
 			
@@ -174,18 +183,11 @@ public class AuthenticationSessionStoreage {
 		
 	}
 	
-	public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
-		storeSession(session, null);
-	}
-	
-	public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
-		
+	@Override
+	public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
 		try {
 			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
-			
-			if (MiscUtil.isNotEmpty(pendingRequestID))
-				dbsession.setPendingRequestID(pendingRequestID);
-						
+									
 			encryptSession(session, dbsession);
 			
 			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
@@ -198,10 +200,11 @@ public class AuthenticationSessionStoreage {
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be stored.");
 			throw new MOADatabaseException(e);
-		} 	
+		} 
 	}
 	
-	public static void destroySession(String moaSessionID) throws MOADatabaseException {
+	@Override
+	public void destroySession(String moaSessionID) throws MOADatabaseException {
 		
 		Session session = MOASessionDBUtils.getCurrentSession();
 		  
@@ -238,52 +241,47 @@ public class AuthenticationSessionStoreage {
 				
 	}
 	
-	public static String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, AuthenticationException {
-		try {			
-			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
-			
-			
-			
-			Logger.debug("Change SessionID from " + session.getSessionID() 
-					+ "to " + newSessionID);
+	@Override
+	public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException  {
 			
-			session.setSessionID(newSessionID);
-			encryptSession(session, dbsession);
-			
-			dbsession.setSessionid(newSessionID);
-			dbsession.setAuthenticated(session.isAuthenticated());
-						
-			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
-			dbsession.setUpdated(new Date());
-			
-			MOASessionDBUtils.saveOrUpdate(dbsession);
-			
-			Logger.trace("Change SessionID complete.");
-			
-			return newSessionID;
-				
-		} catch (MOADatabaseException e) {
-			throw new AuthenticationException("TODO!", null);
-		}
+		AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
+					
+		Logger.debug("Change SessionID from " + session.getSessionID() 
+				+ "to " + newSessionID);
+		
+		session.setSessionID(newSessionID);
+		encryptSession(session, dbsession);
+		
+		dbsession.setSessionid(newSessionID);
+		dbsession.setAuthenticated(session.isAuthenticated());
+					
+		//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+		dbsession.setUpdated(new Date());
 		
+		MOASessionDBUtils.saveOrUpdate(dbsession);
 		
+		Logger.trace("Change SessionID complete.");
 		
+		return newSessionID;
+				
 	}
 	
-	public static String changeSessionID(AuthenticationSession session)
-			throws AuthenticationException, BuildException {				
+	@Override
+	public String changeSessionID(AuthenticationSession session)
+			throws BuildException, MOADatabaseException {				
 		String id = Random.nextRandom();
 		return changeSessionID(session, id);
 			
 	}
-		
-	public static void setAuthenticated(String moaSessionID, boolean value) {
+
+	@Override
+	public void setAuthenticated(String moaSessionID, boolean isAuthenticated) {
 		
 		AuthenticatedSessionStore session;
 		
 		try {
 			session = searchInDatabase(moaSessionID, true);
-			session.setAuthenticated(value);
+			session.setAuthenticated(isAuthenticated);
 			MOASessionDBUtils.saveOrUpdate(session);
 
 			
@@ -292,7 +290,8 @@ public class AuthenticationSessionStoreage {
 		}
 	}
 	
-	public static String getMOASessionSSOID(String SSOSessionID) {
+	@Override
+	public String getMOASessionSSOID(String SSOSessionID) {
 		  MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");	  
 		  Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
 		  Session session = MOASessionDBUtils.getCurrentSession();
@@ -330,7 +329,8 @@ public class AuthenticationSessionStoreage {
 		  }
 	}
 	
-	public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+	@Override
+	public boolean isSSOSession(String sessionID) throws MOADatabaseException {
 		try {
 			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
 			return dbsession.isSSOSession();
@@ -341,7 +341,10 @@ public class AuthenticationSessionStoreage {
 		}				
 	}
 	
-	public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) {		
+	@Override
+	public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) {
+		
+		//TODO: is this method really needed??
 		  MiscUtil.assertNotNull(SSOId, "SSOSessionID");	  
 		  Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
 		  Session session = MOASessionDBUtils.getCurrentSession();
@@ -376,7 +379,8 @@ public class AuthenticationSessionStoreage {
 		  }
 	}
 	
-	public static void addSSOInformation(String moaSessionID, String SSOSessionID, 
+	@Override
+	public void addSSOInformation(String moaSessionID, String SSOSessionID, 
 			SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException {
 		
 		AuthenticatedSessionStore dbsession;
@@ -482,7 +486,8 @@ public class AuthenticationSessionStoreage {
 	  	}
 	}
 
-	public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+	@Override
+	public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
 		MiscUtil.assertNotNull(moaSession, "MOASession");
 		Session session = null;
 		
@@ -513,7 +518,8 @@ public class AuthenticationSessionStoreage {
 		return null;
 	}
 	
-	public static List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
+	@Override
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
 		MiscUtil.assertNotNull(moaSession, "MOASession");
 		Session session = null;
 		try {
@@ -542,7 +548,8 @@ public class AuthenticationSessionStoreage {
 		return null;
 	}
 	
-	public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {	  
+	@Override
+	public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {	  
 		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
 		  MiscUtil.assertNotNull(userNameID, "userNameID");
 		  Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " 
@@ -586,7 +593,8 @@ public class AuthenticationSessionStoreage {
 		
 	}
 	
-	public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+	@Override
+	public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
 		  MiscUtil.assertNotNull(moaSession, "MOASession");	  
 		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
 		  MiscUtil.assertNotNull(protocolType, "usedProtocol");
@@ -627,95 +635,8 @@ public class AuthenticationSessionStoreage {
 			}
 	}
 	
-	public static String getPendingRequestID(String sessionID) {
-		try {
-			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
-			return dbsession.getPendingRequestID();
-			
-		} catch (MOADatabaseException e) {
-			Logger.warn("MOASession with ID " + sessionID + " not found");
-			return "";
-		}
-	}
-	
-	public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
-		Transaction tx = null;
-		try {
-			  MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");	  
-			  Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
-			  Session session = MOASessionDBUtils.getCurrentSession();
-			  
-			  List<AuthenticatedSessionStore> result;
-			  
-			  synchronized (session) {
-				  tx  = session.beginTransaction();
-				  Query query = session.getNamedQuery("getSessionWithPendingRequestID");
-				  query.setParameter("sessionid", pedingRequestID);
-				  result = query.list();
-				  
-				  //send transaction
-				  tx.commit();
-			  }
-			  
-			  Logger.trace("Found entries: " + result.size());
-			  
-			  //Assertion requires an unique artifact
-			  if (result.size() != 1) {
-				 Logger.trace("No entries found.");
-			   	return null;
-			  }
-			
-			  return decryptSession(result.get(0));
-			  								
-		} catch (Throwable e) {
-			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
-			
-			if (tx != null && !tx.wasCommitted())
-				tx.rollback();
-			
-			return null;
-			
-		} 
-	}
-	
-	public static boolean deleteSessionWithPendingRequestID(String id) {
-		  MiscUtil.assertNotNull(id, "PendingRequestID");	  
-		  Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
-		  Session session = MOASessionDBUtils.getCurrentSession();
-		  
-		  List<AuthenticatedSessionStore> result;
-		  Transaction tx = null;
-		  try {
-			  synchronized (session) {
-				  tx = session.beginTransaction();
-				  Query query = session.getNamedQuery("getSessionWithPendingRequestID");
-				  query.setParameter("sessionid", id);
-				  result = query.list();
-				  
-				  //send transaction
-				  tx.commit();
-			  			  
-				  Logger.trace("Found entries: " + result.size());
-				  
-				  //Assertion requires an unique artifact
-				  if (result.size() != 1) {
-					 Logger.trace("No entries found.");
-					 return false;
-							 
-				  } else {
-					  cleanDelete(result.get(0));
-					  return true;
-				  }
-			  }
-			  
-		  } catch (Exception e) {
-				if (tx != null && !tx.wasCommitted())
-					tx.rollback();
-				throw e;
-		  }		
-	}
-			
-	public static AuthenticationSession getSessionWithUserNameID(String nameID) {
+	@Override
+	public AuthenticationSession getSessionWithUserNameID(String nameID) {
 		
 		Transaction tx = null;
 		try {
@@ -753,8 +674,9 @@ public class AuthenticationSessionStoreage {
 		}
 		
 	}
-				
-	public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
+
+	@Override
+	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
 		  MiscUtil.assertNotNull(sessionID, "MOASession");	  
 		  Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
 		  Session session = MOASessionDBUtils.getCurrentSession();
@@ -789,7 +711,8 @@ public class AuthenticationSessionStoreage {
 		}	
 	}
 	
-	public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
+	@Override
+	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
 		  MiscUtil.assertNotNull(sessionID, "MOASession");	  
 		  MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");
 		  Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database.");
@@ -826,7 +749,7 @@ public class AuthenticationSessionStoreage {
 		  }	
 	}
 	
-	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		
+	public String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		
 		AuthenticatedSessionStore dbsession = null;
 		
 		//search for active SSO session
@@ -863,12 +786,15 @@ public class AuthenticationSessionStoreage {
 		dbsession.setInterfederatedSSOSession(true);
 		dbsession.setAuthenticated(isAuthenticated);
 		dbsession.setUpdated(now);		
-		session.setAuthenticated(true);
-		session.setAuthenticatedUsed(false);		
+		session.setAuthenticated(true);		
 		encryptSession(session, dbsession);
 			
 		//add interfederation information
 		List<InterfederationSessionStore> idpList = dbsession.getInderfederation();
+		
+		MOAResponse interfederationResp = req.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class);
+		String interFedEntityID = interfederationResp.getEntityID();
+		
 		InterfederationSessionStore idp = null;
 		if (idpList == null) {
 			idpList = new ArrayList<InterfederationSessionStore>();
@@ -877,7 +803,7 @@ public class AuthenticationSessionStoreage {
 		} else {
 			for (InterfederationSessionStore el : idpList) {
 				//resue old entry if interfederation IDP is reused for authentication
-				if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID()))
+				if (el.getIdpurlprefix().equals(interFedEntityID))
 					idp = el;
 				
 			}			
@@ -887,7 +813,7 @@ public class AuthenticationSessionStoreage {
 		if (idp == null) {
 			idp = new InterfederationSessionStore();
 			idp.setCreated(now);
-			idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
+			idp.setIdpurlprefix(interFedEntityID);
 			idp.setAuthURL(req.getAuthURL());
 			
 			try {
@@ -904,7 +830,7 @@ public class AuthenticationSessionStoreage {
 			idpList.add(idp);
 						
 		}
-		AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());		
+		AssertionAttributeExtractor extract = new AssertionAttributeExtractor(interfederationResp.getResponse());		
 		idp.setSessionIndex(extract.getSessionIndex());
 		idp.setUserNameID(extract.getNameID());
 		idp.setAttributesRequested(false);
@@ -923,7 +849,8 @@ public class AuthenticationSessionStoreage {
 		return id;
 	}
 	
-	public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {
+	@Override
+	public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {
 		  MiscUtil.assertNotNull(moaSession, "MOASession");	  
 		  Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database.");
 		  Session session = MOASessionDBUtils.getCurrentSession();
@@ -958,11 +885,8 @@ public class AuthenticationSessionStoreage {
 		}	
 	}
 	
-	/**
-	 * @param entityID
-	 * @param requestID
-	 */
-	public static boolean removeInterfederetedSession(String entityID,
+	@Override
+	public boolean removeInterfederetedSession(String entityID,
 			String pedingRequestID) {
 		
 		try {
@@ -974,6 +898,8 @@ public class AuthenticationSessionStoreage {
 			  
 			  List<AuthenticatedSessionStore> result;
 			  
+			  //TODO: !!!!!!!!!!! PendingRequestID does not work
+			  
 			  synchronized (session) {
 				  session.beginTransaction();
 				  Query query = session.getNamedQuery("getSessionWithPendingRequestID");
@@ -1012,9 +938,10 @@ public class AuthenticationSessionStoreage {
 		}		
 	}
 	
-	public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
-		Date expioredatecreate = new Date(now - authDataTimeOutCreated);		
-		Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
+	@Override
+	public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
+		Date expioredatecreate = new Date(now.getTime() - authDataTimeOutCreated);		
+		Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated);
 		
 		List<AuthenticatedSessionStore> results;
 		Session session = MOASessionDBUtils.getCurrentSession();
@@ -1070,16 +997,6 @@ public class AuthenticationSessionStoreage {
 	private static void cleanDelete(AuthenticatedSessionStore result) {
 
 		try {
-			AuthenticationSession session = getSession(result.getSessionid());
-			if (session.getProcessInstanceId() != null) {
-				ProcessInstanceStoreDAOImpl.getInstance().remove(session.getProcessInstanceId());
-			}
-
-		} catch (MOADatabaseException e) {
-			Logger.warn("Removing process associated with moa session " + result.getSessionid() + " FAILED.", e);
-		}
-
-		try {
 			result.setSession("blank".getBytes());
 			MOASessionDBUtils.saveOrUpdate(result);
 
@@ -1117,10 +1034,12 @@ public class AuthenticationSessionStoreage {
 			  //Assertion requires an unique artifact
 			  if (result.size() != 1) {
 				 Logger.trace("No entries found.");
-			   	throw new MOADatabaseException("No session found with this sessionID");
+			   	throw new MOADatabaseException("No session found with this sessionID");			   
+				 
 			  }
 			  
 			  return (AuthenticatedSessionStore) result.get(0);
+			  
 		  } catch (Exception e) {
 				if (tx != null && !tx.wasCommitted() && commit)
 					tx.rollback();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
deleted file mode 100644
index 4cddd141b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.storage;
-
-import java.util.Date;
-import java.util.List;
-
-import org.apache.commons.lang.SerializationUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class DBExceptionStoreImpl implements IExceptionStore {
-
-	private static DBExceptionStoreImpl store;
-	
-	public static DBExceptionStoreImpl getStore() {
-		if(store == null) {
-			store = new DBExceptionStoreImpl();
-		}
-		return store;
-	}
-	
-	public String storeException(Throwable e) {		
-		String id = Random.nextRandom();
-
-		Logger.debug("Store Exception with ID " + id);
-		
-		ExceptionStore dbexception = new ExceptionStore();
-		dbexception.setExid(id);
-		
-		byte[] data = SerializationUtils.serialize(e);
-		dbexception.setException(data);
-		
-		dbexception.setTimestamp(new Date());
-		
-		try {			
-			MOASessionDBUtils.saveOrUpdate(dbexception);
-			
-		} catch (MOADatabaseException e1) {
-			Logger.warn("Exception can not be stored in Database.", e);
-			return null;
-		}
-		
-		return id;
-	}
-
-	public Throwable fetchException(String id) {
-		
-		try {
-			Logger.debug("Fetch Exception with ID " + id);
-			
-			ExceptionStore ex = searchInDatabase(id);
-			
-			Object data = SerializationUtils.deserialize(ex.getException());
-			if (data instanceof Throwable)
-				return (Throwable) data;
-			
-			else {
-				Logger.warn("Exeption is not of classtype Throwable");
-				return null;
-			}
-			
-			
-		} catch (MOADatabaseException e) {
-			Logger.info("No Exception found with ID=" + id);
-			return null;
-			
-		} catch (Exception e) {
-			Logger.warn("Exception can not deserialized from Database.",e);
-			return null;
-		}
-		
-	}
-
-	public void removeException(String id) {
-		try {
-			ExceptionStore ex = searchInDatabase(id);
-			MOASessionDBUtils.delete(ex);
-			
-			Logger.debug("Delete Execption with ID " + id);
-			
-		} catch (MOADatabaseException e) {
-			Logger.info("No Exception found with ID=" + id);
-		}
-		
-
-	}
-	
-	public void clean(long now, long exceptionTimeOut) {
-		Date expioredate = new Date(now - exceptionTimeOut);		
-		
-		List<ExceptionStore> results;
-		Session session = MOASessionDBUtils.getCurrentSession();
-		
-		synchronized (session) {			
-			session.beginTransaction();
-			Query query = session.getNamedQuery("getExceptionWithTimeOut");
-			query.setTimestamp("timeout", expioredate);		
-			results = query.list();
-			session.getTransaction().commit();
-				
-			if (results.size() != 0) {
-				for(ExceptionStore result : results) {
-					try { 
-						MOASessionDBUtils.delete(result);
-						Logger.info("Remove Exception with ID=" + result.getExid() 
-								+ " after timeout.");
-					
-					} catch (HibernateException e){
-						Logger.warn("Exception with ID=" + result.getExid() 
-								+ " not removed after timeout! (Error during Database communication)", e);
-					}
-	
-				}	
-			}
-		}
-	}
-	
-	@SuppressWarnings("rawtypes")
-	private ExceptionStore searchInDatabase(String id) throws MOADatabaseException {
-		  MiscUtil.assertNotNull(id, "exceptionID");	  
-		  Logger.trace("Getting Exception with ID " + id + " from database.");
-		  Session session = MOASessionDBUtils.getCurrentSession();
-		  List result;
-		  
-		  synchronized (session) {
-			  session.beginTransaction();
-			  Query query = session.getNamedQuery("getExceptionWithID");
-			  query.setParameter("id", id);
-			  result = query.list();
-		  
-			  //send transaction
-			  session.getTransaction().commit();
-		  }
-		  
-		  Logger.trace("Found entries: " + result.size());
-		  
-		  //Assertion requires an unique artifact
-		  if (result.size() != 1) {
-			 Logger.trace("No entries found.");
-		   	throw new MOADatabaseException("No Exception found with ID " + id);
-		  }
-		  
-		  return (ExceptionStore) result.get(0);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index 3b97f3b08..f33a7549c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -30,29 +30,21 @@ import org.apache.commons.lang.SerializationUtils;
 import org.hibernate.HibernateException;
 import org.hibernate.Query;
 import org.hibernate.Session;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-public class AssertionStorage {
-
-	private static AssertionStorage instance = null;
-	
-	public static AssertionStorage getInstance() {
-		if(instance == null) {
-			instance = new AssertionStorage();
-		}
-		return instance;
-	}
-	 
-	public boolean containsKey(String artifact) {
+@Service("TransactionStorage")
+public class DBTransactionStorage implements ITransactionStorage {
+		
+	public boolean containsKey(String key) {
 		try {
-			searchInDatabase(artifact);
+			searchInDatabase(key);
 			return true;
 			
 		} catch (MOADatabaseException e) {
@@ -61,21 +53,21 @@ public class AssertionStorage {
 		
 	}
 	
-	public void put(String artifact, Object assertion) throws MOADatabaseException {	
+	public void put(String key, Object value) throws MOADatabaseException {	
 		//setup AssertionStore element
 		AssertionStore element = new AssertionStore();
-		element.setArtifact(artifact);
-		element.setType(assertion.getClass().getName());
+		element.setArtifact(key);
+		element.setType(value.getClass().getName());
 		element.setDatatime(new Date());
 
 		//serialize the Assertion for Database storage
-		byte[] data = SerializationUtils.serialize((Serializable) assertion);
+		byte[] data = SerializationUtils.serialize((Serializable) value);
 		element.setAssertion(data);
 		
 		//store AssertionStore element to Database
 		try {
 			MOASessionDBUtils.saveOrUpdate(element);
-			Logger.info(assertion.getClass().getName() + " with ID: " + artifact + " is stored in Database");
+			Logger.info(value.getClass().getName() + " with ID: " + key + " is stored in Database");
 		} catch (MOADatabaseException e) {
 			Logger.warn("Sessioninformation could not be stored.");
 			throw new MOADatabaseException(e);
@@ -83,38 +75,33 @@ public class AssertionStorage {
 		
 	}
 	 
-	
-	/**
-	 * @param samlArtifact
-	 * @param class1
-	 * @param authdatatimeout
-	 * @return
-	 * @throws MOADatabaseException 
-	 * @throws AuthenticationException 
-	 */
-	public <T> T get(String samlArtifact,
+	public <T> T get(String key,
 			final Class<T> clazz) throws MOADatabaseException {
 
 		try {
-			return get(samlArtifact, clazz, -1);
+			return get(key, clazz, -1);
 			
 		} catch (AuthenticationException e) {
 			//this execption only occurs if an additional timeOut is used
 			Logger.error("This exeption should not occur!!!!", e);
 			return null;
+			
 		}
 	}
 	
-	public <T> T get(String artifact, final Class<T> clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException {
+	public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException {
 	 
-	  AssertionStore element = searchInDatabase(artifact);
+	  AssertionStore element = searchInDatabase(key);
 	  
-	  if (authdatatimeout > -1) {
+	  if (dataTimeOut > -1) {
 		  //check timeout
 			long now = new Date().getTime();
 			
-			if (now - element.getDatatime().getTime() > authdatatimeout)
-				throw new AuthenticationException("1207", new Object[] { artifact });		  
+			if (now - element.getDatatime().getTime() > dataTimeOut) {
+				Logger.info("Transaction-Data with key: " + key + " is out of time.");
+				throw new AuthenticationException("1207", new Object[] { key });
+				
+			}
 	  }
 	  
 	  
@@ -128,13 +115,14 @@ public class AssertionStorage {
 		return test;
 		
 	  } catch (Exception e) {
-		Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + artifact);
+		Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
 		throw new MOADatabaseException("Sessioninformation Cast-Exception");
+		
 	  }
 	}
 	
-	public void clean(long now, long authDataTimeOut) {
-		Date expioredate = new Date(now - authDataTimeOut);		
+	public void clean(Date now, long dataTimeOut) {
+		Date expioredate = new Date(now.getTime() - dataTimeOut);		
 		
 		List<AssertionStore> results;
 		Session session = MOASessionDBUtils.getCurrentSession();
@@ -163,16 +151,16 @@ public class AssertionStorage {
 		}
 	}
 	 
-	public void remove(String artifact) {
+	public void remove(String key) {
 		
 		 try {
-			AssertionStore element = searchInDatabase(artifact);
+			AssertionStore element = searchInDatabase(key);
 			cleanDelete(element);
-			Logger.info("Remove stored information with ID: " + artifact);
+			Logger.info("Remove stored information with ID: " + key);
 			
 			
 		} catch (MOADatabaseException e) {
-			Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + artifact 
+			Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + key 
 					+ "not found)");
 
 		} catch (HibernateException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
new file mode 100644
index 000000000..e89713b2e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -0,0 +1,281 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.storage;
+
+import java.util.Date;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IAuthenticationSessionStoreage {
+
+	/**
+	 * Check if the stored MOASession is already authenticated
+	 * 
+	 * @param moaSessionID MOASession identifier
+	 * @return true if the MOASession is authenticated, otherwise false
+	 */
+	public boolean isAuthenticated(String moaSessionID);
+	
+	/**
+	 * Create a new MOASession
+	 * 
+	 * @param target Pending Request which is associated with this MOASession
+	 * @return MOASession object
+	 * @throws MOADatabaseException MOASession storage operation FAILED
+	 * @throws BuildException MOASession encryption FAILED
+	 */
+	public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException;
+	
+	/**
+	 * Get a MOASession with sessionID
+	 * 
+	 * @param sessionID SessionID which corresponds to a MOASession
+	 * @return MOASession, or null if no session exists with this ID
+	 * @throws MOADatabaseException MOASession load operation FAILED
+	 */
+	public AuthenticationSession getSession(String sessionID) throws MOADatabaseException;
+	
+	/**
+	 * Get the session-data extension-object for a MOASession
+	 * 
+	 * @param sessionID SessionID which corresponds to a MOASession
+	 * @return AuthenticationSessionExtensions, or null if no session exists with this ID or extensionobject is null
+	 * @throws MOADatabaseException MOASession load operation FAILED
+	 */
+	public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException;
+	
+	/**
+	 * Store a session-data extension-object to MOASession
+	 * 
+	 * @param sessionID SessionID which corresponds to a MOASession
+	 * @param sessionExtensions AuthenticationSessionExtensions object
+	 * @throws MOADatabaseException MOASession storage operation FAILED
+	 */
+	public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException;
+	
+	
+	/**
+	 * Store a MOASession
+	 * 
+	 * @param session MOASession which should be stored
+	 * @throws MOADatabaseException MOASession storage operation FAILED
+	 * @throws BuildException MOASession encryption FAILED
+	 */
+	public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException;
+	
+	/**
+	 * Delete a MOASession
+	 * 
+	 * @param moaSessionID SessionID which corresponds to a MOASession
+	 * @throws MOADatabaseException MOASession delete operation FAILED
+	 */
+	public void destroySession(String moaSessionID) throws MOADatabaseException;
+	
+	
+	/**
+	 * Change the sessionID of a MOASession
+	 * 
+	 * @param session MOASession for which the sessionID should be changed
+	 * @param newSessionID new MOASessionID which should be used
+	 * @return new MOASessionID
+	 * @throws MOADatabaseException MOASession storage operation FAILED
+	 * @throws BuildException MOASession encryption/decryption FAILED
+	 */
+	public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException;
+	
+	/**
+	 * Change the sessionID of a MOASession
+	 * 
+	 * @param session MOASession for which the sessionID should be changed
+	 * @return new MOASessionID
+	 * @throws MOADatabaseException MOASession storage operation FAILED
+	 * @throws BuildException MOASession encryption/decryption FAILED
+	 */
+	public String changeSessionID(AuthenticationSession session) throws BuildException, MOADatabaseException;
+	
+	/**
+	 * Set the isAuthenticated flag to MOASession
+	 * 
+	 * @param moaSessionID SessionID which corresponds to a MOASession
+	 * @param isAuthenticated Is authenticated flag (true/false)
+	 */
+	public void setAuthenticated(String moaSessionID, boolean isAuthenticated);
+	
+	/**
+	 * Find the MOASessionId of an active Single Sign-On session
+	 * 
+	 * @param SSOSessionID Single Sign-On sessionID
+	 * @return MOASessionID of the associated MOASession
+	 */
+	public String getMOASessionSSOID(String SSOSessionID);
+	
+	/**
+	 * Check if a MOASession is an active Single Sign-On session
+	 * 
+	 * @param sessionID SessionID which corresponds to a MOASession
+	 * @return true, if the MOASession is a SSO session, otherwise false
+	 * @throws MOADatabaseException MOASession load operation FAILED
+	 */
+	public boolean isSSOSession(String sessionID) throws MOADatabaseException;
+	
+
+	/**
+	 * @param SSOId
+	 * @return
+	 */
+	public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId);
+	
+	/**
+	 * Add Single Sign-On processing information to a MOASession.
+	 * This processing information is required to execute a Single Log-Out process
+	 * 
+	 * @param moaSessionID SessionID which corresponds to a MOASession
+	 * @param SSOSessionID Single Sign-On sessionID
+	 * @param SLOInfo Data object with Single LogOut information
+	 * @param protocolRequest Protocol-request object of the authentication request 
+	 * @throws AuthenticationException Single Sign-On information store operation FAILED 
+	 */
+	public void addSSOInformation(String moaSessionID, String SSOSessionID, 
+			SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException;
+	
+	
+	/**
+	 * Get all Single Sign-On authenticated Service-Provider of a MOASession
+	 * 
+	 * @param moaSession MOASession data object
+	 * @return List of Service-Provider information
+	 */
+	public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession);
+	
+	
+	/**
+	 * Get all active interfederation connections for a MOASession
+	 * 
+	 * @param moaSession MOASession data object
+	 * @return List of Interfederation-IDP information
+	 */
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession);
+	
+	/**
+	 * Search a MOASession by using already transfered authentication information 
+	 * 
+	 * @param oaID Service-Provider identifier, which has received the authentication information
+	 * @param userNameID UserId (bPK), which was send to this Service-Provider
+	 * @return MOASession, or null if no corresponding MOASession is found
+	 */
+	public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
+	
+	/**
+	 * Search a active Single Sign-On session for a specific Service-Provider
+	 * 
+	 * @param moaSession MOASession data object
+	 * @param oaID Service-Provider identifier, which has received the authentication information
+	 * @param protocolType Authentication protocol, which was used for SSO from this Service-Provider
+	 * @return Internal Single Sign-On information for this Service-Provider
+	 */
+	public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType);
+	
+	
+	/**
+	 * Search a active MOASession with a userID
+	 * 
+	 * @param nameID UserID (bPK)
+	 * @return MOASession, or null if no corresponding MOASession is found
+	 */
+	public AuthenticationSession getSessionWithUserNameID(String nameID);
+	
+	/**
+	 * Search an active federation IDP which could be used for federated Single Sign-On 
+	 * 
+	 * @param sessionID SessionID which corresponds to a MOASession
+	 * @return Information of the federated IDP, or null if no active federated IDP is found
+	 */
+	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID);
+	
+	/**
+	 * Get information to an active federated IDP of MOASession
+	 * 
+	 * @param sessionID SessionID which corresponds to a MOASession
+	 * @param idpID Unique identifier of the federated IDP
+	 * @return Information of the federated IDP, or null if no active federated IDP is found
+	 */
+	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID);
+	
+	
+	/**
+	 * Create a MOASession from interfederation information
+	 * 
+	 * @param req Pending request
+	 * @param isAuthenticated true if the session should be marked as authenticated, otherwise false
+	 * @param ssoID Single Sign-On session identifer
+	 * @return MOASessionID of new created MOASession
+	 * @throws MOADatabaseException
+	 * @throws AssertionAttributeExtractorExeption
+	 * @throws BuildException
+	 */
+	@Deprecated
+	public String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException;
+	
+	/**
+	 * Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery
+	 * 
+	 * @param moaSession MOASession data object
+	 * @return Information of the federated IDP, or null if no active federated IDP is found
+	 */
+	public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession);
+	
+	/**
+	 * Remove an active federation IDP from MOASession
+	 * 
+	 * @param entityID Unique identifier of the federated IDP
+	 * @param pedingRequestID 
+	 * @return true if the federated IDP could be remove, otherwise false
+	 */
+	@Deprecated
+	public boolean removeInterfederetedSession(String entityID, String pedingRequestID);
+	
+	/**
+	 * Clean all MOASessions which has a timeOut
+	 * 
+	 * @param now Current Time
+	 * @param authDataTimeOutCreated timeOut after MOASession is created [ms]
+	 * @param authDataTimeOutUpdated timeOut after MOASession is updated last time [ms] 
+	 */
+	public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated);
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
new file mode 100644
index 000000000..d05689e68
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.storage;
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface ITransactionStorage {
+
+	/**
+	 * Check if transaction storage contains a data object with a specific key
+	 * 
+	 * @param key Key, which identifies a data object
+	 * @return true if key is found, otherwise false
+	 */
+	public boolean containsKey(String key);
+	
+	/**
+	 * Store a data object with a key to transaction storage
+	 * 
+	 * @param key Id which identifiers the data object
+	 * @param value Data object which should be stored
+	 * @throws MOADatabaseException In case of store operation failed
+	 */
+	public void put(String key, Object value) throws MOADatabaseException;
+	
+	/**
+	 * Get a data object from transaction storage
+	 * 
+	 * @param key Id which identifiers the data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The transaction-data object from type class
+	 * @throws MOADatabaseException In case of load operation failed
+	 */
+	public <T> T get(String key, final Class<T> clazz) throws MOADatabaseException;
+	
+	/**
+	 * Get a data object from transaction storage
+	 * 
+	 * @param key Id which identifiers the data object
+	 * @param clazz The class type which is stored with this key
+	 * @param Data-object timeout in [ms]
+	 * @return The transaction-data object from type class
+	 * @throws MOADatabaseException In case of load operation failed
+	 * @throws AuthenticationException In case of data-object timeout occurs
+	 */
+	public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException;
+	
+	/**
+	 * Remove a data object from transaction storage
+	 * 
+	 * @param key Id which identifiers the data object
+	 */
+	public void remove(String key);
+	
+	/**
+	 * Clean-up the transaction storage
+	 * 
+	 * @param now Current time
+	 * @param dataTimeOut Data-object timeout in [ms]
+	 */
+	public void clean(Date now, long dataTimeOut);
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index 2aceb833c..d2499af9d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -172,5 +172,14 @@ public class HTTPUtils {
 	    return authURL;
 		
 	}
+	
+	public static String addURLParameter(String url, String paramname,
+			String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+		if (url.indexOf("?") < 0)
+			return url + "?" + param;
+		else
+			return url + "&" + param;
+	}
 
 }
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
new file mode 100644
index 000000000..7e2315fd7
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
@@ -0,0 +1,2 @@
+# The default moaid process
+at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml
new file mode 100644
index 000000000..b61ee5f2d
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="BKUSelectionProcess" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+	<pd:Task id="initializeBKUSelection" 				class="GenerateBKUSelectionFrameTask" async="true"/>
+	<pd:Task id="parseBKUSelection"    					class="EvaluateBKUSelectionTask" />
+	<pd:Task id="restartAuthProzessManagement"  class="RestartAuthnProcessManagment"/>
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start"                     to="initializeBKUSelection" />
+	
+	<pd:Transition from="initializeBKUSelection" 		to="parseBKUSelection" />
+
+
+	<!-- 
+			BKU selection process MUST always end with 'restartAuthProzessManagement'! 
+			Last synchron steps before 'restartAuthProzessManagement' MUST NOT write to httpServletResponse object!
+	-->	
+	<pd:Transition from="parseBKUSelection"    			to="restartAuthProzessManagement" />
+	
+	<pd:Transition from="restartAuthProzessManagement"   			to="end" />
+		
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
new file mode 100644
index 000000000..05ceb65f4
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ 
+	<bean id="MOAID_AuthenticationManager" 
+				class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
+
+	<bean id="AuthenticationDataBuilder" 
+				class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/>
+
+	<bean id="MOAID_SSOManager" 
+				class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
+
+	<bean id="TransactionStorage" 
+				class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+
+	<bean id="AuthenticationSessionStoreage" 
+				class="at.gv.egovernment.moa.id.storage.DBAuthenticationSessionStoreage"/>
+				
+	<bean id="RequestStorage" 
+				class="at.gv.egovernment.moa.id.moduls.RequestStorage"/>
+				
+	<bean id="ProcessInstanceStoreage" 
+				class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>
+
+	<bean id="StatisticLogger" 
+				class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/>
+
+	<bean id="MOAReversionLogger" 
+				class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/>
+				
+	<bean id="AuthenticationSessionCleaner" 
+				class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>								
+				
+<!-- Authentication Process Tasks -->
+	<bean id="GenerateBKUSelectionFrameTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateBKUSelectionFrameTask"/>
+				
+	<bean id="EvaluateBKUSelectionTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask"/>
+				
+	<bean id="RestartAuthProzessManagement" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"/>				
+
+	<bean id="FinalizeAuthenticationTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask"/>
+
+	<bean id="CreateInterfedeartionRequestTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateInterfedeartionRequestTask"/>				
+
+	<bean id="ReceiveInterfederationResponseTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.ReceiveInterfederationResponseTask"/>				
+				
+</beans>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
deleted file mode 100644
index 5855fc766..000000000
--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:context="http://www.springframework.org/schema/context"
-	xmlns:tx="http://www.springframework.org/schema/tx"
-	xmlns:aop="http://www.springframework.org/schema/aop"
-	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
-		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
-		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
-
-	<context:property-placeholder location="${moa.id.configuration}"/> 
-
-	<bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider">
-		<constructor-arg value="#{systemProperties['moa.id.configuration']}"/>
-	</bean>
-	
-	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" lazy-init="true" destroy-method="close">
-		<aop:scoped-proxy/>
-		<property name="driverClassName" value="${configuration.hibernate.connection.driver_class}" />
-		<property name="url" value="${configuration.hibernate.connection.url}"/>
-		<property name="username" value="${configuration.hibernate.connection.username}" />
-		<property name="password" value="${configuration.hibernate.connection.password}" />
-				
-		<property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" />
-		<property name="initialSize" value="${configuration.dbcp.initialSize}" />		
-		<property name="maxActive" value="${configuration.dbcp.maxActive}" />
-		<property name="maxIdle" value="${configuration.dbcp.maxIdle}" />
-		<property name="minIdle" value="${configuration.dbcp.minIdle}" />
-		<property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" />
-		<property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
-		<property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
-		<property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
-		<property name="validationQuery" value="${configuration.dbcp.validationQuery}" />
-	</bean>
-	
-	<bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
-		<property name="showSql" value="${configuration.hibernate.show_sql}" />
-		<property name="generateDdl" value="${configuration.jpaVendorAdapter.generateDdl}" />
-		<property name="databasePlatform" value="${configuration.hibernate.dialect}" />
-	</bean>
-	
-	
-</beans>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index cabf1557e..8329db941 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -52,7 +52,8 @@ init.00=MOA ID Authentisierung wurde erfolgreich gestartet
 init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar

 init.02=Fehler beim Starten des Service MOA-ID-Auth

 init.04=Fehler beim Datenbankzugriff mit der SessionID {0}

- 

+

+internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde. 

 

 config.00=MOA ID Konfiguration erfolgreich geladen: {0}

 config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index abd5d15f3..a8583d945 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -32,6 +32,8 @@ init.00=9199
 init.01=9199
 init.02=9199
 init.04=9101
+
+internal.00=9199
  
 config.00=9199
 config.01=9199