26 files changed, 184 insertions, 72 deletions

diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 0850bb676..11917d0c3 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -371,6 +371,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 * containg the authentication block, meant to be returned to the security
 	 * layer implementation</li>
 	 * </ul>
+	 * @param pendingReq 
 	 *
 	 * @param sessionID                     ID of associated authentication session data
 	 * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
@@ -379,7 +380,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 * <code>&lt;CreateXMLSignatureRequest&gt;</code>
 	 */
 	public String verifyCertificate(AuthenticationSession session,
-			X509Certificate certificate) throws AuthenticationException,
+			X509Certificate certificate, IRequest pendingReq) throws AuthenticationException,
 			BuildException, ParseException, ConfigurationException,
 			ValidateException, ServiceException, MOAIDException {
 
@@ -409,7 +410,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 				.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
 
 		String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
-				authConf, oaParam);
+				authConf, oaParam, pendingReq);
 
 		return returnvalue;
 	}
@@ -471,6 +472,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 * @param session
 	 * @param authConf
 	 * @param oaParam
+	 * @param pendingReq 
 	 * @return
 	 * @throws ConfigurationException
 	 * @throws BuildException
@@ -478,7 +480,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 */
 	public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
 			AuthenticationSession session, AuthConfiguration authConf,
-			OAAuthParameter oaParam) throws ConfigurationException,
+			OAAuthParameter oaParam, IRequest pendingReq) throws ConfigurationException,
 			BuildException, ValidateException {
 
 		//        // check for intermediate processing of the infoboxes
@@ -493,7 +495,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 					session.getPublicOAURLPrefix());
 
 		// builds the AUTH-block
-		String authBlock = buildAuthenticationBlock(session, oaParam);
+		String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq);
 
 		// builds the <CreateXMLSignatureRequest>
 		List<String> transformsInfos = authConf.getTransformsInfos();
@@ -665,12 +667,13 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 * given session data.
 	 *
 	 * @param session authentication session
+	 * @param pendingReq 
 	 * @return <code>&lt;saml:Assertion&gt;</code> as a String
 	 * @throws BuildException If an error occurs on serializing an extended SAML attribute
 	 *                        to be appended to the AUTH-Block.
 	 */
 	private String buildAuthenticationBlock(AuthenticationSession session,
-			OAAuthParameter oaParam) throws BuildException {
+			OAAuthParameter oaParam, IRequest pendingReq) throws BuildException {
 
 		IdentityLink identityLink = session.getIdentityLink();
 		String issuer = identityLink.getName();
@@ -726,15 +729,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 
 
 		if (session.isSsoRequested()) {
-			String oaURL = new String();
-			try {
-				oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-
-				if (MiscUtil.isNotEmpty(oaURL))
-					oaURL = oaURL.replaceAll("&", "&amp;");
+			String oaURL = pendingReq.getAuthURL();
+			if (MiscUtil.isNotEmpty(oaURL))
+				oaURL = oaURL.replaceAll("&", "&amp;");
 
-			} catch (ConfigurationException e) {
-			}
 			String authBlock = new AuthenticationBlockAssertionBuilder()
 			.buildAuthBlockSSO(issuer, issueInstant, authURL, target,
 					targetFriendlyName, identificationValue,
@@ -1087,9 +1085,9 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		}
 		// validates <CreateXMLSignatureResponse>
 		if (session.isSsoRequested())
-			new CreateXMLSignatureResponseValidator().validateSSO(csresp, session);
+			new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq);
 		else
-			new CreateXMLSignatureResponseValidator().validate(csresp, session);
+			new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq);
 
 		// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
 		List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index feab1ec66..a86385d06 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -158,7 +158,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 			    											   ccc, 
 			    											   moasession.getModul(),
 			    											   moasession.getAction(),
-			    											   request);
+			    											   request,
+			    											   pendingReq);
 				}
 			}
 			
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index 469ca91a9..49888c136 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -17,6 +17,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
@@ -66,7 +68,9 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 			}
 
 			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
+			IRequest pendingReq = RequestStorage.getPendingRequest(
+					(String) executionContext.get("pendingRequestID"));	
+						
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 
 			// change MOASessionID
@@ -77,7 +81,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 			AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance();
 
 			String createXMLSignatureRequest = AuthenticationServer.getInstance()
-					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, pendingReq);
 
 			AuthenticationSessionStoreage.storeSession(session);
 			
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index d99ba873d..2734d1027 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -110,7 +110,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    	if (useMandate) {
 
 	    		// verify certificate for OrganWalter
-	    		String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+	    		String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert, pendingReq);
 	    		
 		    	try {
 					AuthenticationSessionStoreage.storeSession(session);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index e1ab0025e..8a9c19c80 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -124,9 +125,10 @@ public class CreateXMLSignatureResponseValidator {
    * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
    * @param createXMLSignatureResponse
    * @param session
+ * @param pendingReq 
    * @throws ValidateException
    */
-  public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
+  public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq)
    throws ValidateException {
       
       // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
@@ -411,20 +413,15 @@ public class CreateXMLSignatureResponseValidator {
    * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
    * @param createXMLSignatureResponse
    * @param session
+ * @param pendingReq 
    * @throws ValidateException
    */
-  public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
+  public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq)
    throws ValidateException {
       
-      // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
-    
-	String oaURL;
-    try {
-		oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-	} catch (ConfigurationException e1) {
-		oaURL = new String();
-	} 
-    
+      // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier    
+	String	oaURL = pendingReq.getAuthURL();
+		
     IdentityLink identityLink = session.getIdentityLink();
     
     Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); 
diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml
index 2a953bcab..080d5ae0b 100644
--- a/id/server/modules/moa-id-module-openID/pom.xml
+++ b/id/server/modules/moa-id-module-openID/pom.xml
@@ -20,6 +20,12 @@
   	<dependencies>
 
 		<dependency>
+			<groupId>commons-codec</groupId>
+			<artifactId>commons-codec</artifactId>
+			<version>1.10</version>
+		</dependency>
+
+		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-test</artifactId>
 			<scope>test</scope>
@@ -35,13 +41,13 @@
 		<dependency>
 			<groupId>com.google.http-client</groupId>
 			<artifactId>google-http-client-jackson2</artifactId>
-			<version>1.19.0</version>
+			<version>1.21.0</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>com.google.oauth-client</groupId>
 			<artifactId>google-oauth-client-jetty</artifactId>
-			<version>1.19.0</version>
+			<version>1.21.0</version>
 			<scope>test</scope>
 			<exclusions>
 				<exclusion>
@@ -67,11 +73,11 @@
 			</exclusions>
 		</dependency>
 
-		<dependency>
+<!-- 		<dependency>
 			<groupId>com.google.guava</groupId>
 			<artifactId>guava</artifactId>
-			<version>18.0</version>
-		</dependency>
+			<version>19.0</version>
+		</dependency> -->
 		
 				<!-- TestNG -->
 		<dependency>
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 94a1d14d0..88e26da76 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -105,7 +105,7 @@ class OAuth20AuthAction implements IAction {
 			
 			
 			//TODO: maybe add bPK / wbPK to SLO information
-			SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule());
+			SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), accessToken, null, null, req.requestedModule());
 			
 			return sloInformation;
 		}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index b9556b815..e5d8db873 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -48,6 +48,15 @@ import at.gv.egovernment.moa.logging.Logger;
 
 public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	
+	/**
+	 * @param req
+	 * @throws ConfigurationException
+	 */
+	public OAuth20AuthRequest(HttpServletRequest req)
+			throws ConfigurationException {
+		super(req);
+	}
+
 	private static final long serialVersionUID = 1L;
 	
 	private String responseType;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index bd3fdb3e8..5fcac0b2f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -31,8 +31,6 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -52,8 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	
 	protected Set<String> allowedParameters = new HashSet<String>();
 	
-	protected OAuth20BaseRequest() {
-		
+	public OAuth20BaseRequest(HttpServletRequest req) throws ConfigurationException {
+		super(req);
 	}
 	
 	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
@@ -124,15 +122,21 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	
 	public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception {
 		OAuth20BaseRequest res;
-		
-		if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
-			res = new OAuth20AuthRequest();
+		try {
+			if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
+				res = new OAuth20AuthRequest(request);
 			
-		} else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
-			res = new OAuth20TokenRequest();
+			} else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
+				res = new OAuth20TokenRequest(request);
 			
-		} else {
+			} else {
+				throw new OAuth20InvalidRequestException();
+			}
+			
+		} catch (ConfigurationException e) {
+			Logger.warn(e.getMessage());
 			throw new OAuth20InvalidRequestException();
+			
 		}
 		
 		res.setAction(action);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 56d86df72..70c29359e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -104,7 +104,7 @@ public class OAuth20Protocol implements IModulInfo {
 		// get error code and description
 		String errorCode;
 		String errorDescription;
-		String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() 
+		String errorUri = protocolRequest.getAuthURL() 
 				+"/" + OAuth20Constants.ERRORPAGE;
 		String moaError = null;
 		
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 6bebe5a6a..abfe4ce15 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -41,6 +41,15 @@ import at.gv.egovernment.moa.logging.Logger;
 
 class OAuth20TokenRequest extends OAuth20BaseRequest {
 	
+	/**
+	 * @param req
+	 * @throws ConfigurationException
+	 */
+	public OAuth20TokenRequest(HttpServletRequest req)
+			throws ConfigurationException {
+		super(req);
+	}
+
 	private static final long serialVersionUID = 1L;
 	
 	private String code;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 5bdf51e7d..95d45a865 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -86,7 +86,7 @@ public class GetArtifactAction implements IAction {
 			String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
 			
 			if (authData.isSsoSession()) {
-				String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+				String url = req.getAuthURL() + "/RedirectServlet";
 				url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
 				if (!oaParam.getBusinessService())
 					url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8"));
@@ -115,7 +115,7 @@ public class GetArtifactAction implements IAction {
 			}
 
 			SLOInformationInterface sloInformation = 
-					new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule());
+					new SLOInformationImpl(req.getAuthURL(), authData.getAssertionID(), null, null, req.requestedModule());
 			
 			return sloInformation;
 			
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 7416dfb00..6573270e4 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -101,7 +101,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
 	public IRequest preProcess(HttpServletRequest request,
 			HttpServletResponse response, String action,
 			String sessionId, String transactionId) throws MOAIDException {
-		SAML1RequestImpl config = new SAML1RequestImpl();
+		SAML1RequestImpl config = new SAML1RequestImpl(request);
 		
 		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
 			Logger.info("SAML1 is deaktivated!");
@@ -185,7 +185,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
 			SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();			
 			String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
 		
-			String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+			String url = protocolRequest.getAuthURL() + "/RedirectServlet";
 			url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
 			url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 			url = response.encodeRedirectURL(url);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 5370573a7..3da7cab80 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.saml1;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -42,6 +44,16 @@ import at.gv.egovernment.moa.logging.Logger;
  */
 public class SAML1RequestImpl extends RequestImpl {
 	
+	/**
+	 * @param req
+	 * @throws ConfigurationException
+	 */
+	public SAML1RequestImpl(HttpServletRequest req)
+			throws ConfigurationException {
+		super(req);
+		
+	}
+
 	private static final long serialVersionUID = -4961979968425683115L;
 	
 	private String sourceID = null;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
index 9896f2454..13fb59038 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -93,7 +93,7 @@ public class DatabaseTestModule implements TestModuleInterface{
 	
 	private String testMOAConfigurationDatabase() throws Exception{
 		
-		String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+		List<String> publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
 	
 		if (MiscUtil.isEmpty(publicURLPreFix))
 			return ("MOA-ID 2.x configuration can not be loaded from Database.");
diff --git a/id/server/modules/module-stork/pom.xml b/id/server/modules/module-stork/pom.xml
index 1b2e3f008..2fec7f519 100644
--- a/id/server/modules/module-stork/pom.xml
+++ b/id/server/modules/module-stork/pom.xml
@@ -22,6 +22,33 @@
 	<dependencies>
 
 		<dependency>
+			<groupId>eu.stork</groupId>
+			<artifactId>DocumentService</artifactId>
+			<version>0.0.1-SNAPSHOT</version>
+			<classifier>classes</classifier>
+			<exclusions>
+				<exclusion>
+					<artifactId>axis</artifactId>
+					<groupId>org.apache.axis</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk16</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>jaxws-tools</artifactId>
+					<groupId>com.sun.xml.ws</groupId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+
+        <dependency>
+            <groupId>eu.stork</groupId>
+            <artifactId>SamlEngine</artifactId>
+            <version>1.5.1</version>
+        </dependency>
+
+		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-test</artifactId>
 			<scope>test</scope>
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index 7c178d97e..c0422e06e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -1,6 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.stork.tasks;

 

-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;

 

 import java.io.IOException;

 import java.io.StringWriter;

@@ -17,7 +17,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 

 import org.apache.commons.io.IOUtils;

-import org.apache.commons.lang.StringEscapeUtils;

 import org.apache.commons.lang3.BooleanUtils;

 import org.apache.commons.lang3.StringUtils;

 import org.apache.velocity.Template;

@@ -53,7 +52,6 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;

 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;

 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;

-

 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;

 import at.gv.egovernment.moa.id.config.ConfigurationException;

 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;

@@ -61,9 +59,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;

 import at.gv.egovernment.moa.id.config.stork.STORKConfig;

 import at.gv.egovernment.moa.id.config.stork.StorkAttribute;

-

-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;

-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.moduls.IRequest;

 import at.gv.egovernment.moa.id.moduls.RequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

@@ -71,6 +66,21 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;

 import at.gv.egovernment.moa.id.util.VelocityProvider;

 import at.gv.egovernment.moa.logging.Logger;

+import eu.stork.oasisdss.api.AdditionalProfiles;

+import eu.stork.oasisdss.api.ApiUtils;

+import eu.stork.oasisdss.api.Profiles;

+import eu.stork.oasisdss.api.QualityLevels;

+import eu.stork.oasisdss.api.SignatureTypes;

+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;

+import eu.stork.oasisdss.profile.AnyType;

+import eu.stork.oasisdss.profile.DocumentType;

+import eu.stork.oasisdss.profile.SignRequest;

+import eu.stork.peps.auth.commons.PEPSUtil;

+import eu.stork.peps.auth.commons.PersonalAttribute;

+import eu.stork.peps.auth.commons.PersonalAttributeList;

+import eu.stork.peps.auth.commons.STORKAuthnRequest;

+import eu.stork.peps.auth.engine.STORKSAMLEngine;

+import eu.stork.peps.exceptions.STORKSAMLEngineException;

 

 /**

  * Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>

@@ -120,6 +130,8 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 

 			sessionID = (String) executionContext.get(PARAM_SESSIONID);

 			pendingRequestID = (String) executionContext.get("pendingRequestID");

+			String ccc = (String) executionContext.get("CCC");

+			

 			

 			// check parameter

 			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {

@@ -145,10 +157,13 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 

 			// STORK authentication

 			// cpeps cannot be null

-			CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());

+			CPEPS cpeps = storkConfig.getCPEPS(ccc);

 			Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());

 			executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());

 

+			//add selected Country-Code to MOASession DAO 

+			moasession.setCcc(ccc);

+			

 			Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());

 			startSTORKAuthentication(req, resp, moasession, pendingReq);

 

@@ -207,7 +222,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 		Logger.debug("C-PEPS URL: " + destination);

 

 

-		String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();

+		String issuerValue = pendingReq.getAuthURL();

 		//        String acsURL = new DataURLBuilder().buildDataURL(issuerValue, 

 		//    			PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());

 

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 8240f6d00..0ac26f45f 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -30,7 +30,9 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
 

 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;

 import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;

+import at.gv.egovernment.moa.id.moduls.IRequest;

 import at.gv.egovernment.moa.id.moduls.ModulUtils;

+import at.gv.egovernment.moa.id.moduls.RequestStorage;

 import at.gv.egovernment.moa.id.process.api.ExecutionContext;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

 import at.gv.egovernment.moa.id.util.HTTPUtils;

@@ -183,7 +185,8 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");

 

 			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);

-

+			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);

+			

 			// load MOASession from database

 			AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID);

 			// change MOASessionID

@@ -294,7 +297,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 					// set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID

 					// signRequest

 

-					String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();

+					String issuerValue = pendingReq.getAuthURL();

 					String acsURL = issuerValue

 							+ AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;

 

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 25cb952d7..2e72f216a 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -83,7 +83,7 @@ public class AttributeCollector implements IAction {
         if (httpReq.getParameter("SAMLResponse") != null) {
             Logger.info("Got SAML response from external attribute provider.");
 
-            MOASTORKResponse STORK2Response = new MOASTORKResponse();
+            MOASTORKResponse STORK2Response = new MOASTORKResponse(httpReq);
 
             //extract STORK Response from HTTP Request
             byte[] decSamlToken;
@@ -173,7 +173,7 @@ public class AttributeCollector implements IAction {
         SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam);
         
         if (sloInfo == null) {
-        	sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule());
+        	sloInfo = new SLOInformationImpl(req.getAuthURL(), null, null, null, req.requestedModule());
         }
         
         return sloInfo;
@@ -297,7 +297,7 @@ public class AttributeCollector implements IAction {
 				Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes");
 
                 // add container-key to redirect embedded within the return URL
-                e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam);
+                e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam);
 
             } catch (Exception e1) {
                 // TODO should we return the response as is to the PEPS?
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 4d3c01bee..f16f7c9a8 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -85,7 +85,7 @@ public class AuthenticationRequest implements IAction {
             if (oaParam == null)
                 throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
 
-            MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
+            MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq);
 
             // check if it is attribute query
             if (moaStorkRequest.isAttrRequest()) {
@@ -217,9 +217,9 @@ public class AuthenticationRequest implements IAction {
         String destinationURL = null;
 
         try {
-            issuer = new URL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()).toString();
+            issuer = new URL(moaStorkRequest.getAuthURL()).toString();
             destinationURL = AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString();
-            publicURLPrefix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+            publicURLPrefix = moaStorkRequest.getAuthURL();
             assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest";
         } catch (MalformedURLException ex) {
             Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(), ex);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 947accf8e..2b7d4e045 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -145,7 +145,7 @@ public class ConsentEvaluator implements IAction {
 			Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
 			VelocityContext context = new VelocityContext();
 
-			context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
+			context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
 
 			// assemble table
 			String table = "";
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index 11eb01453..4e666c21c 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -26,6 +26,8 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
@@ -52,6 +54,15 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse;
  */
 public class MOASTORKRequest extends RequestImpl {
 	
+	/**
+	 * @param req
+	 * @throws ConfigurationException
+	 */
+	public MOASTORKRequest(HttpServletRequest req)
+			throws ConfigurationException {
+		super(req);
+	}
+
 	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
 			new String[] {
 					PVPConstants.BPK_NAME,
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
index d2cf2e813..a233835bf 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -22,6 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.stork2;
 
+import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.logging.Logger;
@@ -33,6 +34,8 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse;
 import java.io.Serializable;
 import java.util.List;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.opensaml.saml2.core.Attribute;
 
 /**
@@ -43,6 +46,15 @@ import org.opensaml.saml2.core.Attribute;
 public class MOASTORKResponse extends RequestImpl {
 
     /**
+	 * @param req
+	 * @throws ConfigurationException
+	 */
+	public MOASTORKResponse(HttpServletRequest req)
+			throws ConfigurationException {
+		super(req);
+	}
+
+	/**
      * The Constant serialVersionUID.
      */
     private static final long serialVersionUID = -5798803155055518747L;
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index e58fe804f..2351450e4 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -92,7 +92,7 @@ public class MandateRetrievalRequest implements IAction {
         if (oaParam == null)
             throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
 
-        MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
+        MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq);
         STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
 
         this.authData = authData;
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 071b5ae8a..c4f9658e4 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -91,8 +91,8 @@ public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo {
         Logger.debug("Request content length: " + request.getContentLength());
         Logger.debug("Initiating action: " + action);
 
-        MOASTORKRequest STORK2Request = new MOASTORKRequest();
-        MOASTORKResponse STORK2Response = new MOASTORKResponse();
+        MOASTORKRequest STORK2Request = new MOASTORKRequest(request);
+        MOASTORKResponse STORK2Response = new MOASTORKResponse(request);
 
 
         if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index d44e2a18a..69cd7c217 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -41,6 +41,10 @@
 					<groupId>ch.qos.logback</groupId>
 					<artifactId>logback-classic</artifactId>
 				</exclusion>
+				<exclusion>
+					<artifactId>DocumentService</artifactId>
+					<groupId>eu.stork</groupId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>