From 3c81d3fef06204f2259b6c0377c8a2a00974c614 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 20 Sep 2017 12:15:20 +0200
Subject: make SAML2 http POST-Binding template and mandate-service
 selection-template configurable for every online application

---
 .../configuration/data/FormularCustomization.java  |  53 +++++
 .../configuration/struts/action/BasicOAAction.java |   4 +-
 .../resources/applicationResources_de.properties   |   7 +
 .../resources/applicationResources_en.properties   |   8 +
 .../webapp/jsp/snippets/OA/formCustomization.jsp   |  21 +-
 .../task/impl/ServicesBKUSelectionTask.java        |  37 +++-
 .../htmlTemplates/pvp_postbinding_template.html    |  46 ++++
 id/server/doc/handbook/config/config.html          |  44 ++--
 .../tasks/GenerateBKUSelectionFrameTask.java       |   8 +-
 .../GenerateSSOConsentEvaluatorFrameTask.java      |   8 +-
 .../id/auth/servlet/GUILayoutBuilderServlet.java   |  22 +-
 .../moa/id/moduls/AuthenticationManager.java       |   4 +-
 .../moa/id/opemsaml/MOAIDHTTPPostEncoder.java      | 114 ++++++++++
 .../id/protocols/pvp2x/AttributQueryAction.java    |   6 +-
 .../id/protocols/pvp2x/AuthenticationAction.java   |   8 +-
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      |   8 +-
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |   4 +-
 .../moa/id/protocols/pvp2x/binding/IEncoder.java   |   7 +-
 .../id/protocols/pvp2x/binding/PostBinding.java    |  53 +++--
 .../protocols/pvp2x/binding/RedirectBinding.java   |   7 +-
 .../id/protocols/pvp2x/binding/SoapBinding.java    |   7 +-
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      |   9 +-
 .../pvp2x/builder/SingleLogOutBuilder.java         |  11 +-
 .../resources/templates/ParepMinTemplate.html      | 193 -----------------
 .../resources/templates/ParepTemplate.html         | 235 ---------------------
 .../resources/resources/templates/fetchGender.html |  16 --
 .../templates/oasis_dss_webform_binding.vm         |  36 ----
 .../templates/pvp_postbinding_template.html        |  48 -----
 .../templates/pvp_postbinding_template.html        |  46 ++++
 .../config/ConfigurationMigrationUtils.java        |   7 +-
 .../config/MOAIDConfigurationConstants.java        |   3 +
 .../dao/config/deprecated/OnlineApplication.java   |  34 +++
 ...roviderSpecificGUIFormBuilderConfiguration.java | 187 ++++++++++++++++
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |  45 ++--
 .../id/auth/frontend/builder/IGUIFormBuilder.java  |   1 +
 ...PSpecificGUIBuilderConfigurationWithDBLoad.java |  82 +++++++
 ...cGUIBuilderConfigurationWithFileSystemLoad.java | 110 ++++++++++
 ...roviderSpecificGUIFormBuilderConfiguration.java | 187 ----------------
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  12 +-
 .../tasks/SelectMandateServiceTask.java            |  15 +-
 pom.xml                                            |   2 +-
 41 files changed, 939 insertions(+), 816 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html
 create mode 100644 id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
index 80800543b..5ee2ee6a7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
@@ -97,6 +97,9 @@ public class FormularCustomization implements IOnlineApplicationData {
 	private String aditionalAuthBlockText = null;
 	private boolean isHideBPKAuthBlock = false;
 
+	private String saml2PostBindingTemplate = null;
+	private String mandateServiceSelectionTemplate = null;
+	
 	public FormularCustomization() {
 		new FormularCustomization(null);
 	}
@@ -128,6 +131,9 @@ public class FormularCustomization implements IOnlineApplicationData {
 	public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
 		AuthComponentOA auth = dbOA.getAuthComponentOA();
 
+		mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL();
+		saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL();
+		
 		if (dbOA.getAuthComponentOA() != null)
 			isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock();
 		
@@ -243,6 +249,9 @@ public class FormularCustomization implements IOnlineApplicationData {
         
         dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock());
         
+        dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate);
+        dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate);
+        
         TemplatesType templates = authoa.getTemplates();
         if (templates == null) {
             templates = new TemplatesType();
@@ -382,6 +391,21 @@ public class FormularCustomization implements IOnlineApplicationData {
 
         }
 		
+        check = getSaml2PostBindingTemplate();
+        if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)	) {
+        	log.info("URL to SAML2 POST-Binding template is not valid");
+			errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid", request));
+			
+		}
+        
+        check = getMandateServiceSelectionTemplate();
+        if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)	) {
+        	log.info("URL to mandate-service selection-template is not valid");
+			errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid", request));
+			
+		}
+        
+        
         //validate BKUFormCustomization
 		errors.addAll(new FormularCustomizationValitator().validate(this, request));
        		
@@ -813,7 +837,36 @@ public class FormularCustomization implements IOnlineApplicationData {
 	 */
 	public Map<String, String> getFormMap() {
 		return map;
+	}
+
+	/**
+	 * @return the saml2PostBindingTemplate
+	 */
+	public String getSaml2PostBindingTemplate() {
+		return saml2PostBindingTemplate;
+	}
+
+	/**
+	 * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set
+	 */
+	public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) {
+		this.saml2PostBindingTemplate = saml2PostBindingTemplate;
+	}
+
+	/**
+	 * @return the mandateServiceSelectionTemplate
+	 */
+	public String getMandateServiceSelectionTemplate() {
+		return mandateServiceSelectionTemplate;
+	}
+
+	/**
+	 * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to set
+	 */
+	public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) {
+		this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate;
 	}	
 	
 	
+	
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 5022be915..539deac9e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -44,7 +44,7 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 
 import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
@@ -610,7 +610,7 @@ public class BasicOAAction extends BasicAction {
                 //set parameters
                 Map<String, Object> params =  (Map<String, Object>) mapobj;
                 params.put(
-                		ServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, 
+                		AbstractServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, 
                 		contextpath);
                 
                 request.setCharacterEncoding("UTF-8");
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index d75403575..728ce989a 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -218,6 +218,11 @@ webpages.oaconfig.general.bku.bkuselection.upload=Neues Template hochladen
 webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template
 webpages.oaconfig.general.bku.sendassertion.filename=Dateiname
 webpages.oaconfig.general.bku.sendassertion.upload=Neues Template hochladen
+webpages.oaconfig.general.templates.elgamandates.header=Template zur Vollmachtenserviceauswahl
+webpages.oaconfig.general.templates.elgamandates.url=Template URL
+webpages.oaconfig.general.templates.saml2.postbinding.header=SAML2 POST Binding Formular
+webpages.oaconfig.general.templates.saml2.postbinding.url=Template URL
+
 
 webpages.oaconfig.bPKEncDec.header=Fremd-bPK Konfiguration
 webpages.oaconfig.bPKEncDec.keystore.header=KeyStore Konfiguration
@@ -493,6 +498,8 @@ validation.general.sendassertion.filename.valid=Der Dateiname des Send-Assertion
 validation.general.sendassertion.file.valid=Das Send-Assertion Templates konnte nicht geladen werden.
 validation.general.sendassertion.file.selected=Es kann nur EIN Send-Assertion Template angegeben werden.
 validation.general.testcredentials.oid.valid=Die Testdaten OID {0} ist ung\u00FCltig.
+validation.general.templates.saml2.postbinding.valid=URL zum Template f\u00FCr das SAML2 POST-Binding Formular ist nicht g\u00FCltig.
+validation.general.templates.mandateserviceselection.valid=URL zum Template z\u00FCr Auswahl des Vollmachtenservices ist nicht g\u00FCltig.
 
 validation.bPKDec.keyStorePassword.empty=Das Password f\u00FCr den KeyStore ist leer.
 validation.bPKDec.keyStorePassword.valid=Das Password f\u00FCr den KeyStore enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 708cc605e..a8f4be796 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -224,6 +224,12 @@ webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template
 webpages.oaconfig.general.bku.sendassertion.filename=Filename
 webpages.oaconfig.general.bku.sendassertion.upload=Upload new template
 
+webpages.oaconfig.general.templates.elgamandates.header=Template to select a specific mandate service
+webpages.oaconfig.general.templates.elgamandates.url=Template URL
+webpages.oaconfig.general.templates.saml2.postbinding.header=SAML2 POST-Binding Formular
+webpages.oaconfig.general.templates.saml2.postbinding.url=Template URL
+
+
 webpages.oaconfig.bPKEncDec.header=Foreign-bPK Configuration
 webpages.oaconfig.bPKEncDec.keystore.header=Keystore configuration
 webpages.oaconfig.bPKEncDec.filename=Filename
@@ -491,6 +497,8 @@ validation.general.sendassertion.filename.valid=The file name of Send-Assertion
 validation.general.sendassertion.file.valid=Send-Assertion Templates could not be loaded.
 validation.general.sendassertion.file.selected=Only one Send-Assertion Template can be provided.
 validation.general.testcredentials.oid.valid=The OID {0} for test credentials is not a valid.
+validation.general.templates.saml2.postbinding.valid=URL to SAML2 POST-Binding template is not valid
+validation.general.templates.mandateserviceselection.valid=URL to mandate-service selection-template is not valid
 
 validation.bPKDec.keyStorePassword.empty=KeyStore password is blank.
 validation.bPKDec.keyStorePassword.valid=The keyStore password contains forbidden characters. The following characters are not allowed\: {0}
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp
index 008a8b521..424fdfacc 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp
@@ -160,7 +160,7 @@
 																
 							</div>
 							
-														<div class="oa_protocol_area">
+							<div class="oa_protocol_area">
 								<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %></h4>
 								<s:iterator value="%{formOA.bkuSelectionFileUploadFileName}" var="fileNameBKU">
 									<div class="floatClass">
@@ -202,6 +202,25 @@
 								</s:if>
 							</div>
 							
+							<div class="oa_protocol_area">
+								<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.templates.elgamandates.header", request) %></h4>
+								<s:textfield name="formOA.mandateServiceSelectionTemplate" 
+		 												 value="%{formOA.mandateServiceSelectionTemplate}" 
+								 						 labelposition="left"
+								 						 key="webpages.oaconfig.general.templates.elgamandates.url"
+								 						 cssClass="textfield_long">
+								</s:textfield>
+							</div>
+							<div class="oa_protocol_area">
+								<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.templates.saml2.postbinding.header", request) %></h4>
+								<s:textfield name="formOA.saml2PostBindingTemplate" 
+		 												 value="%{formOA.saml2PostBindingTemplate}" 
+								 						 labelposition="left"
+								 						 key="webpages.oaconfig.general.templates.saml2.postbinding.url"
+								 						 cssClass="textfield_long">
+								</s:textfield>
+							</div>
+							
 						</s:if>
 							
 					</div>
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
index ca1109aa1..f8ce21c99 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
@@ -41,7 +41,6 @@ import at.gv.egovernment.moa.id.config.webgui.helper.GUIDataParser;
 import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
 import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
-import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
@@ -82,18 +81,27 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 		
 		Map<String, String> newConfigValues = new HashMap<String, String>();
 		
+		//delete configuration key if the configuration value is empty or null
+		if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL)))
+			keysToDelete.add(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL);
+
+		//delete configuration key if the configuration value is empty or null
+		if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL)))
+			keysToDelete.add(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL);
+		
+		
 		String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME);
 		if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) {
 			newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, bkuSelectTemplateUploadedFileName);
 			
 		}
-		
+				
 		String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME);
 		if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) {
 			newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, sendAssertionTemplateUploadedFileName);
 			
 		}
-		
+				
 		String bkuSelectionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA);
 		String bkuSelectionFile = GUIDataParser.getBase64ContentFromGUIUpload(bkuSelectionFileUpload);
 		if (bkuSelectionFile != null)
@@ -253,6 +261,29 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
 			
 		}
 		
+		
+		//validate template URLs
+		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL);
+		if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)	) {
+			log.info("URL to SAML2 POST-Binding template is not valid");
+			errors.add(new ValidationObjectIdentifier(
+					MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
+					"Templates - SAML2 Post-Binding",
+					LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid")));
+							
+		}
+		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL);
+        if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)	) {
+        	log.info("URL to mandate-service selection-template is not valid");
+        	errors.add(new ValidationObjectIdentifier(
+					MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, 
+					"Templates - Mandate-Service selection",
+					LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid")));
+			
+		}
+		
+				
+		//check Template customization parameters
 		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR);
 		if (MiscUtil.isNotEmpty(check)) {
 			if (!check.startsWith("#"))
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html
new file mode 100644
index 000000000..4ea9a4873
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html
@@ -0,0 +1,46 @@
+## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity
+##context may contain the following properties ## action - String - the
+##action URL for the form ## RelayState - String - the relay state for the
+##message ## SAMLRequest - String - the Base64 encoded SAML Request ##
+##SAMLResponse - String - the Base64 encoded SAML Response
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+<body onload="document.forms[0].submit()">
+	<noscript>
+		<p>
+			<strong>Note:</strong> Since your browser does not support
+			JavaScript, you must press the Continue button once to proceed.
+		</p>
+	</noscript>
+
+
+	<div id="alert">Your login is being processed. Thank you for
+		waiting.</div>
+
+	<style type="text/css">
+<!--
+#alert {
+	margin: 100px 250px;
+	font-family: Verdana, Arial, Helvetica, sans-serif;
+	font-size: 14px;
+	font-weight: normal;
+}
+-->
+</style>
+
+	<form action="${action}" method="post" target="_parent">
+		<div>
+			#if($RelayState)   <input type="hidden" name="RelayState" value="${RelayState}"/>     #end 
+			#if($SAMLRequest)  <input type="hidden" name="SAMLRequest" value="${SAMLRequest}" />  #end
+			#if($SAMLResponse) <inputtype="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end
+		</div>
+		<noscript>
+			<div>
+				<input type="submit" value="Continue" />
+			</div>
+		</noscript>
+	</form>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 0361442ac..52eb21ab3 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -1724,20 +1724,6 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <td align="center">X</td>
     <td>&Uuml;ber diese Funktion k&ouml;nnen drei zus&auml;tzliche SecurtityLayer-Request Templates f&uuml;r diese Online-Applikation definiert werden. Diese hier definierten Templates dienen als zus&auml;tzliche WhiteList f&uuml;r Templates welche im &bdquo;StartAuthentication&ldquo; Request mit dem Parameter &bdquo;template&ldquo; &uuml;bergeben werden. Sollte im &bdquo;StartAuthentication&ldquo; Request der Parameter &bdquo;template&ldquo; fehlen, es wurde jedoch eine &bdquo;bkuURL&ldquo; &uuml;bergeben, dann wird f&uuml;r den Authentifizierungsvorgang das erste Template in dieser Liste verwendet. Detailinformationen zum <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a> finden Sie im Kapitel Protokolle.</td>
   </tr>
-  <tr>
-    <td>BKU-Selection Template</td>
-    <td>&nbsp;</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates f&uuml;r die B&uuml;rgerkartenauswahl. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus <a href="#import_template_bku">Kapitel 4.1</a> umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle f&uuml;r Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen. </td>
-  </tr>
-  <tr>
-    <td>Send-Assertion Template</td>
-    <td>&nbsp;</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates f&uuml;r die zus&auml;tzliche Anmeldeabfrage im Falle einer Single Sign-On Anmeldung. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus <a href="#import_template_sso">Kapitel 4.2</a> umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle f&uuml;r Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen.</td>
-  </tr>
 </table>
 <h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.3 Test Identit&auml;ten</h4>
 <p>In diesem Abschnitt k&ouml;nnen f&uuml;r diese Online-Applikation Testidentit&auml;ten erlaubt werden. Diese Testidentit&auml;ten k&ouml;nnen auch bei produktiven Instanzen freigeschalten werden, da die Unterschiedung zwischen Produkt- und Testidentit&auml;t anhand einer speziellen OID im Signaturzertifikat der Testidentit&auml;t getroffen wird. Folgende Konfigurationsparameter stehen hierf&uuml;r zur Verf&uuml;gung.</p>
@@ -2074,7 +2060,37 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften  der Sp
     <td align="center">X</td>
     <td>Wird diese Option gew&auml;hlt wird im AuthBlock, welcher im Anmeldevorgang signiert wird, keine bPK oder wbPK dargestellt.</td>
   </tr>
+  <tr>
+    <td>BKU-Selection Template</td>
+    <td>&nbsp;</td>
+    <td align="center">X</td>
+    <td align="center">X</td>
+    <td>Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates f&uuml;r die B&uuml;rgerkartenauswahl. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus <a href="#import_template_bku">Kapitel 4.1</a> umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle f&uuml;r Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen. </td>
+  </tr>
+  <tr>
+    <td>Send-Assertion Template</td>
+    <td>&nbsp;</td>
+    <td align="center">X</td>
+    <td align="center">X</td>
+    <td>Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates f&uuml;r die zus&auml;tzliche Anmeldeabfrage im Falle einer Single Sign-On Anmeldung. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus <a href="#import_template_sso">Kapitel 4.2</a> umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle f&uuml;r Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen.</td>
+  </tr>
+  <tr>
+    <td>SAML2 Post-Binding Template</td>
+    <td>&nbsp;</td>
+    <td align="center">X</td>
+    <td align="center">X</td>
+    <td>Pfad zum online-applikationsspezifischen Template f&uuml;r SAML2 (PVP2 S-Profil) http POST-Binding. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschlie&szlig;lich aus dem Dateisystem geladen werden.</td>
+  </tr>
+  <tr>
+    <td>Vollmachtenservice Auswahlseite Template</td>
+    <td>&nbsp;</td>
+    <td align="center">X</td>
+    <td align="center">X</td>
+    <td>Pfad zum online-applikationsspezifischen Template zur Auswahl des gew&uuml;nschten Vollmachtenservices. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschlie&szlig;lich aus dem Dateisystem geladen werden.</td>
+  </tr>
 </table>
+<h5>&nbsp;</h5>
+<h5>&nbsp;</h5>
 <h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.9.1 Login-Fenster Konfiguration</h5>
 <p>Diese Konfigurationsparameter  bieten zus&auml;tzliche Einstellungen f&uuml;r eine Anpassung der B&uuml;rgerkartenauswahl welche von MOA-ID-Auth generiert wird.
 Zur besseren Handhabung werden die angegebenen Parameter direkt in einer Vorschau dargestellt.  
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index c582050ad..710008714 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
 import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -68,10 +68,10 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
 				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
 				
 			}
-												
-			IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+												 
+			IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
 					pendingReq, 
-					ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION, 
+					SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, 
 					GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
 			
 			guiBuilder.build(response, config, "BKU-Selection form");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index ca99e9ba3..475009cf2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -31,7 +31,7 @@ import org.springframework.stereotype.Component;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
 import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -67,10 +67,10 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
 			//store pending request
 			requestStoreage.storePendingRequest(pendingReq);
 					
-			//build consents evaluator form
-			IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+			//build consents evaluator form 
+			IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
 					pendingReq, 
-					ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION, 
+					SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, 
 					GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION);
 			
 			guiBuilder.build(response, config, "SendAssertion-Evaluation");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 9b658d81b..416e787a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -71,17 +71,17 @@ public class GUILayoutBuilderServlet extends AbstractController {
 			IRequest pendingReq = extractPendingRequest(req);
 		
 			//initialize GUI builder configuration
-			ServiceProviderSpecificGUIFormBuilderConfiguration config = null;
+			SPSpecificGUIBuilderConfigurationWithDBLoad config = null;
 			if (pendingReq != null) 
-				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+				config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
 						pendingReq, 
-						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, 
+						SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, 
 						null);
 			
 			else
-				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+				config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
 						HTTPUtils.extractAuthURLFromRequest(req), 
-						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, 
+						SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, 
 						null);
 		
 			//build GUI component
@@ -100,17 +100,17 @@ public class GUILayoutBuilderServlet extends AbstractController {
 			IRequest pendingReq = extractPendingRequest(req);
 		
 			//initialize GUI builder configuration
-			ServiceProviderSpecificGUIFormBuilderConfiguration config = null;
+			SPSpecificGUIBuilderConfigurationWithDBLoad config = null;
 			if (pendingReq != null) 
-				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+				config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
 						pendingReq, 
-						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, 
+						SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, 
 						GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
 			
 			else
-				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+				config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
 						HTTPUtils.extractAuthURLFromRequest(req), 
-						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, 
+						SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, 
 						GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
 		
 			//build GUI component
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 60b8b31de..7c581d470 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -620,7 +620,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 					//send SLO response to SLO request issuer
 					SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
 					LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
-					sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+					sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
 					
 				} else {
 					//print SLO information directly
@@ -656,7 +656,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			if (pvpReq != null) {
 				SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
 				LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
-				sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+				sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
 
 				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
new file mode 100644
index 000000000..b05e60e94
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.opemsaml;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.binding.SAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HTTPTransportUtils;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDHTTPPostEncoder extends HTTPPostEncoder {
+
+	private VelocityEngine velocityEngine;
+	private IGUIBuilderConfiguration guiConfig;
+	private GUIFormBuilderImpl guiBuilder;
+	
+	/**
+	 * @param engine
+	 * @param templateId
+	 */
+	public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) {
+		super(engine, null);
+		this.velocityEngine = engine;
+		this.guiConfig = guiConfig;
+		this.guiBuilder = guiBuilder;
+		
+	}
+
+    /**
+     * Base64 and POST encodes the outbound message and writes it to the outbound transport.
+     * 
+     * @param messageContext current message context
+     * @param endpointURL endpoint URL to which to encode message
+     * 
+     * @throws MessageEncodingException thrown if there is a problem encoding the message
+     */
+    protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
+        Logger.debug("Invoking Velocity template to create POST body");
+        InputStream is = null;
+        try {        	
+        	//build Velocity Context from GUI input paramters
+			VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
+        	
+			//load template
+			is = guiBuilder.getTemplateInputStream(guiConfig);
+						
+			//populate velocity context with SAML2 parameters
+            populateVelocityContext(context, messageContext, endpointURL);
+
+            //populate transport parameter
+            HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
+            HTTPTransportUtils.addNoCacheHeaders(outTransport);
+            HTTPTransportUtils.setUTF8Encoding(outTransport);
+            HTTPTransportUtils.setContentType(outTransport, "text/html");
+
+            //evaluate template and write content to response
+            Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");                        
+            velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));            
+            out.flush();
+            
+        } catch (Exception e) {
+            Logger.error("Error invoking Velocity template", e);
+            throw new MessageEncodingException("Error creating output document", e);
+            
+        } finally {
+			if (is != null) {
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.error("Can NOT close GUI-Template InputStream.", e);
+				}
+			}
+        	
+		}
+    }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 365a31fe1..643e30ac9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
@@ -79,6 +80,7 @@ public class AttributQueryAction implements IAction {
 	@Autowired private IDPCredentialProvider pvpCredentials;
 	@Autowired private AuthConfiguration authConfig;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+	@Autowired(required=true) ApplicationContext springContext;
 	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
@@ -141,9 +143,9 @@ public class AttributQueryAction implements IAction {
 						metadataProvider, issuerEntityID, attrQuery, date, 
 						assertion, authConfig.isPVP2AssertionEncryptionActive());
 									
-				SoapBinding decoder = new SoapBinding();				
+				SoapBinding decoder = springContext.getBean("PVPSOAPBinding", SoapBinding.class);
 				decoder.encodeRespone(httpReq, httpResp, authResponse, null, null,
-						pvpCredentials.getIDPAssertionSigningCredential());
+						pvpCredentials.getIDPAssertionSigningCredential(), pendingReq);
 				return null;
 				
 			} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index aac49844e..9d60ae4b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -35,6 +35,7 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -62,6 +63,7 @@ public class AuthenticationAction implements IAction {
 	@Autowired IDPCredentialProvider pvpCredentials;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+	@Autowired(required=true) ApplicationContext springContext;
 	
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -102,11 +104,11 @@ public class AuthenticationAction implements IAction {
 
 		if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = new RedirectBinding();
+			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
 						
 		} else if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = new PostBinding();
+			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
 			
 		}
 
@@ -117,7 +119,7 @@ public class AuthenticationAction implements IAction {
 		try {
 			binding.encodeRespone(httpReq, httpResp, authResponse, 
 					consumerService.getLocation(), moaRequest.getRelayState(),
-					pvpCredentials.getIDPAssertionSigningCredential());
+					pvpCredentials.getIDPAssertionSigningCredential(), req);
 
 			//set protocol type
 			sloInformation.setProtocolType(req.requestedModule());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index a7a249eed..216d7a8b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -444,13 +444,13 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 		IEncoder encoder = null;
 		
 		if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {			
-			encoder = new RedirectBinding();
+			encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
 						
 		} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))  {
-			encoder = new PostBinding();
+			encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
 			
 		} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))  {
-			encoder = new SoapBinding();
+			encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
 		}
 
 		if(encoder == null) {
@@ -465,7 +465,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 		X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential();
 		
 		encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), 
-				relayState, signCred);
+				relayState, signCred, protocolRequest);
 		return true;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index ff703d585..f709da213 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -111,7 +111,7 @@ public class SingleLogOutAction implements IAction {
 					//LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
 					LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
 					Logger.info("Sending SLO success message to requester ...");
-					sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());						
+					sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq);						
 					return null;
 
 				} else {						
@@ -127,7 +127,7 @@ public class SingleLogOutAction implements IAction {
 						//LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
 						LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
 						Logger.info("Sending SLO success message to requester ...");
-						sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+						sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq);
 						return null;
 
 					}						
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
index 3b2fb3687..ccbef6e6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -31,6 +31,7 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 
 public interface IEncoder {
@@ -43,12 +44,13 @@ public interface IEncoder {
 	 * @param targetLocation URL, where the request should be transmit
 	 * @param relayState token for session handling
 	 * @param credentials Credential to sign the request object
+	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
 	 * @throws MessageEncodingException
 	 * @throws SecurityException
 	 * @throws PVP2Exception
 	 */
 	public void encodeRequest(HttpServletRequest req, 
-			HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials) 
+			HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
 					throws MessageEncodingException, SecurityException, PVP2Exception;
 	
 	/**
@@ -59,10 +61,11 @@ public interface IEncoder {
 	 * @param targetLocation URL, where the request should be transmit
 	 * @param relayState token for session handling
 	 * @param credentials Credential to sign the response object
+	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
 	 * @throws MessageEncodingException
 	 * @throws SecurityException
 	 */
 	public void encodeRespone(HttpServletRequest req, 
-			HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials) 
+			HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
 					throws MessageEncodingException, SecurityException, PVP2Exception;
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 9977e607b..c7688c14b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -25,13 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.velocity.app.VelocityEngine;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
 import org.opensaml.common.binding.decoding.URIComparator;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
 import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.saml2.core.StatusResponseType;
 import org.opensaml.saml2.metadata.IDPSSODescriptor;
@@ -49,8 +47,17 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
+import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -62,10 +69,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("PVPPOSTBinding")
 public class PostBinding implements IDecoder, IEncoder {
+	
+	@Autowired(required=true) AuthConfiguration authConfig;
+	@Autowired(required=true) GUIFormBuilderImpl guiBuilder;
 		
 	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials)	
+			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)	
 			throws MessageEncodingException, SecurityException {
 	
 		try {
@@ -75,9 +86,18 @@ public class PostBinding implements IDecoder, IEncoder {
 			//load default PVP security configurations
 			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
 			
-			VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
-			HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
-					"resources/templates/pvp_postbinding_template.html");
+			//initialize POST binding encoder with template decoration
+			IGUIBuilderConfiguration guiConfig = 
+					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+							pendingReq, 
+							"pvp_postbinding_template.html", 
+							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
+							null, 
+							authConfig.getRootConfigFileDir());								
+			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
+					VelocityProvider.getClassPathVelocityEngine());	
+			
+			//set OpenSAML2 process parameter into binding context dao
 			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
 					resp, true);
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
@@ -103,22 +123,27 @@ public class PostBinding implements IDecoder, IEncoder {
 	}
 
 	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials)
+			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
 			throws MessageEncodingException, SecurityException {
 
 		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
 			//load default PVP security configurations
 			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
 			
 			Logger.debug("create SAML POSTBinding response");
 			
-			 VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
-
-			HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
-					"resources/templates/pvp_postbinding_template.html");
+			//initialize POST binding encoder with template decoration
+			IGUIBuilderConfiguration guiConfig = 
+					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+							pendingReq, 
+							"pvp_postbinding_template.html", 
+							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
+							null, 
+							authConfig.getRootConfigFileDir());								
+			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
+					VelocityProvider.getClassPathVelocityEngine());	
+			
+			//set OpenSAML2 process parameter into binding context dao			
 			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
 					resp, true);
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 279038967..4f44a6202 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -50,7 +50,9 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
+import org.springframework.stereotype.Service;
 
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -62,10 +64,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("PVPRedirectBinding")
 public class RedirectBinding implements IDecoder, IEncoder {
 	
 	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
 			throws MessageEncodingException, SecurityException {
 		
 //		try {
@@ -100,7 +103,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
 
 	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
 			StatusResponseType response, String targetLocation, String relayState, 
-			Credential credentials) throws MessageEncodingException, SecurityException {
+			Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
 //		try {
 //			X509Credential credentials = credentialProvider
 //					.getIDPAssertionSigningCredential();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 94d91694a..552b64ac6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -48,7 +48,9 @@ import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.signature.SignableXMLObject;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
@@ -60,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("PVPSOAPBinding")
 public class SoapBinding implements IDecoder, IEncoder {
 
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@@ -136,13 +139,13 @@ public class SoapBinding implements IDecoder, IEncoder {
 	}
 
 	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
 			throws MessageEncodingException, SecurityException, PVP2Exception {
 		
 	}
 
 	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials)
+			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
 			throws MessageEncodingException, SecurityException, PVP2Exception {
 //		try {
 //			Credential credentials = credentialProvider
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index 01ef4a43d..f29418853 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -44,6 +44,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
 @Service("PVPAuthnRequestBuilder")
 public class PVPAuthnRequestBuilder {
 	
+	@Autowired(required=true) ApplicationContext springContext;
 	
 	/**
 	 * Build a PVP2.x specific authentication request
@@ -202,17 +205,17 @@ public class PVPAuthnRequestBuilder {
 		IEncoder binding = null;
 		if (endpoint.getBinding().equals(
 				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = new RedirectBinding();
+			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
 														
 		} else if (endpoint.getBinding().equals(
 				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = new PostBinding();
+			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
 			
 		}
 		
 		//encode message
 		binding.encodeRequest(null, httpResp, authReq, 
-				endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential());
+				endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index de59e6055..4fef52aec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -59,6 +59,7 @@ import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
 import org.opensaml.xml.signature.Signer;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
@@ -95,7 +96,9 @@ import at.gv.egovernment.moa.logging.Logger;
 public class SingleLogOutBuilder {
 
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+	@Autowired(required=true) ApplicationContext springContext;
 	@Autowired private IDPCredentialProvider credentialProvider;
+	
 		
 	public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
 		Status status = logOutResp.getStatus();				
@@ -185,15 +188,15 @@ public class SingleLogOutBuilder {
 	
 	public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, 
 			LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, 
-			String relayState) throws MOAIDException {
+			String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
 		IEncoder binding = null;
 		if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = new RedirectBinding();
+			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
 						
 		} else if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = new PostBinding();
+			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
 			
 		}
 
@@ -204,7 +207,7 @@ public class SingleLogOutBuilder {
 		try {
 			binding.encodeRespone(req, resp, sloResp, 
 					consumerService.getLocation(), relayState, 
-					credentialProvider.getIDPAssertionSigningCredential());
+					credentialProvider.getIDPAssertionSigningCredential(), pvpReq);
 			
 		} catch (MessageEncodingException e) {
 			Logger.error("Message Encoding exception", e);
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
deleted file mode 100644
index f5bca7f1f..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
+++ /dev/null
@@ -1,193 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
-<html>
-<head>
-<BASE href="<BASE_href>">
-	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-		<title>Berufsm&auml;&szlig;ige Parteieinvertretung</title>
-</head>
-<body>
-	Berufsm&auml;&szlig;ige Parteienvertretung einer
-	nat&uuml;rlichen/juristischen Person
-	<form name="ProcessInputForm" method="post" accept-charset="UTF-8"
-		enctype="application/x-www-form-urlencoded" action="<BKU>">
-		<table width="80%" border="0">
-			<tr />
-			<tr />
-			<tr>
-				<td colspan="3"><em>Vertreter:</em></td>
-			</tr>
-			<tr>
-				<td align="right" width="20%">Vorname&nbsp;<img
-					title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-					src="img/stern.gif" width="10" height="16" /></td>
-				<td><input name="rpgivenname_" type="text" disabled="true"
-					id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
-				</td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right">Name&nbsp;<img
-					title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-					src="img/stern.gif" width="10" height="16" /></td>
-				<td><input name="rpfamilyname_" type="text" disabled="true"
-					id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
-				</td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right">Geburtsdatum&nbsp;<img
-					title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-					src="img/stern.gif" width="10" height="16" /></td>
-				<td><input name="rpdobyear_" type="text" disabled="true"
-					id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4"
-					readonly="true" /> - <input name="rpdobmonth_" type="text"
-					disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2"
-					maxlength="2" readonly="true" /> - <input name="rpdobday_"
-					type="text" disabled="true" id="rpdobday" value="<rpdobday>"
-					size="2" maxlength="2" readonly="true" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td colspan="2"><br /> <em>Ich bin berufsm&auml;&szlig;ig
-						berechtigt f&uuml;r die nachfolgend genannte Person in deren Namen
-						mit der B&uuml;rgerkarte einzuschreiten.</em></td>
-				<td>&nbsp;</td>
-			</tr>
-			<tr>
-				<td colspan="3"><br /> <em>Vertretene Person:</em></td>
-			</tr>
-			<tr>
-				<td colspan="3"><input name="physical_" type="radio"
-					physdisabled="" value="true" physselected="" />&nbsp;nat&uuml;rliche
-					Person:&nbsp;</td>
-			</tr>
-			<tr>
-				<td align="right">Vorname&nbsp;<img
-					title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-					src="img/stern.gif" width="10" height="16" /></td>
-				<td><input name="givenname_" type="text" id="givenname"
-					value="<givenname>" physdisabled="" size="50" />&nbsp;<img
-					src="img/info.gif" title="Vorname laut ZMR Schreibweise" alt="Info"
-					border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right">Name&nbsp;<img
-					title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-					src="img/stern.gif" width="10" height="16" /></td>
-				<td><input name="familyname_" type="text" id="familyname"
-					value="<familyname>" physdisabled="" size="50" />&nbsp;<img
-					src="img/info.gif" title="Familienname laut ZMR Schreibweise"
-					alt="Info" border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right">Geburtsdatum&nbsp;<img
-					title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-					src="img/stern.gif" width="10" height="16" /></td>
-				<td><input name="dobyear_" type="text" id="dobyear" size="4"
-					maxlength="4" value="<dobyear>" physdisabled="" /> - <input
-					name="dobmonth_" type="text" id="dobmonth" size="2" maxlength="2"
-					value="<dobmonth>" physdisabled="" /> - <input name="dobday_"
-					type="text" id="dobday" size="2" maxlength="2" value="<dobday>"
-					physdisabled="" />&nbsp;<img src="img/info.gif"
-					title="Format: JJJJ-MM-TT" alt="Info" border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="center"><em>optional:</em></td>
-				<td colspan="2" />
-			</tr>
-			<tr>
-				<td align="right">Stra&szlig;e&nbsp;</td>
-				<td><input name="streetname_" type="text" id="streetname"
-					value="<streetname>" physdisabled="" size="50" />&nbsp;<img
-					src="img/info.gif" title="Stra&szlig;e laut ZMR Schreibweise"
-					border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right">Hausnummer&nbsp;</td>
-				<td><input name="buildingnumber_" type="text"
-					id="buildingnumber" value="<buildingnumber>" physdisabled=""
-					size="50" />&nbsp;<img src="img/info.gif"
-					title="Hausnummer laut ZMR Schreibweise" alt="Info" border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right">Einh. Nr.&nbsp;</td>
-				<td><input name="unit_" type="text" id="unit" value="<unit>"
-					size="50" physdisabled="" />&nbsp;<img src="img/info.gif"
-					title="Nutzungseinheitsnummer laut ZMR Schreibweise" alt="Info"
-					border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right">Postleitzahl&nbsp;</td>
-				<td><input name="postalcode_" type="text" id="postalcode"
-					value="<postalcode>" size="50" physdisabled="" />&nbsp;<img
-					src="img/info.gif" title="Postleitzahl laut ZMR Schreibweise"
-					alt="Info" border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right">Gemeinde&nbsp;</td>
-				<td><input name="municipality_" type="text" id="municipality"
-					value="<municipality>" size="50" physdisabled="" />&nbsp;<img
-					src="img/info.gif" title="Gemeinde laut ZMR Schreibweise"
-					alt="Info" border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td colspan="3">&nbsp;</td>
-			</tr>
-			<tr>
-				<td colspan="3"><input name="physical_" type="radio"
-					cbdisabled="" value="false" cbselected=""/ >&nbsp;juristische
-						Person:&nbsp;</td>
-			</tr>
-			<tr>
-				<td align="right">Name&nbsp;<img
-					title=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif"
-					alt="Stern" width="10" height="16" /></td>
-				<td><input name="fullname_" type="text" cbdisabled=""
-					id="fullname" value="<fullname>" size="50" />&nbsp;<img
-					src="img/info.gif"
-					title="Name der Organisation laut ZMR Schreibweise" alt="Info"
-					border="0" /></td>
-				<td></td>
-			</tr>
-			<tr>
-				<td align="right" nowrap="nowrap"><select
-					name="cbidentificationtype_" size="1" cbseldisabled="">
-						<option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
-						<option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
-						<option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im
-							Erg&auml;nzungsreg.</option>
-				</select>&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!"
-					src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
-				<td><input name="cbidentificationvalue_" type="text"
-					cbdisabled="" id="cbidentificationvalue"
-					value="<cbidentificationvalue>" size="50" />&nbsp;<img
-					src="img/info.gif" title="Ordnungsbegriff laut ZMR Schreibweise"
-					alt="Info" border="0" /></td>
-				<td></td>
-			</tr>
-		</table>
-		<br />
-		<errortext>
-		<p>
-			<em>Bitte halten Sie Ihre B&uuml;rgerkartenumgebung bereit.</em>
-		</p>
-		<p>
-			<input name="XMLRequest" type="hidden"
-				value="&lt;?xml version='1.0' encoding='UTF-8'?>&lt;NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>" />
-			<input name="DataURL" type="hidden" value="<DataURL>" /> <input
-				type="submit" name="Submit" value="      Weiter      " /> <input
-				name="Clear" type="reset" id="Clear"
-				value="Formular zur&uuml;cksetzen" />
-		</p>
-		<br />
-	</form>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
deleted file mode 100644
index cffc46981..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
+++ /dev/null
@@ -1,235 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
-
-<html>
-<head>
-<BASE href="<BASE_href>">
-	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-		<title>Berufsm&auml;&szlig;ige Parteieinvertretung</title>
-		<link href="css/styles.css" type="text/css" rel="stylesheet">
-			<link href="css/styles_opera.css" type="text/css" rel="stylesheet">
-				<link href="css/mandates.css" type="text/css" rel="stylesheet">
-
-					<script src="formallg.js" type="text/javascript"></script>
-					<script src="fa.js" type="text/javascript"></script>
-</head>
-<body>
-
-
-	<div class="hleft">
-		<!--Stammzahlenregisterbehörde<br/>-->
-		&nbsp;
-		<!--Ballhausplatz 2<br/>-->
-		<!--1014 Wien-->
-	</div>
-	<div class="hright" align="right">
-		<img src="img/egov_schrift.gif" alt="E-Gov Logo" />
-	</div>
-	<div class="htitle" align="left">
-		<h1>Berufsm&auml;&szlig;ige Parteienvertretung</h1>
-	</div>
-	<div class="leiste1" align="center">Bitte beachten Sie</div>
-	<div class="leiste2" align="center"></div>
-	<div class="leiste3">
-		<img title=" Dieses Feld muss ausgefüllt sein!" alt="Stern"
-			src="img/stern.gif" width="10" height="16" />&nbsp; Feld muss
-		ausgef&uuml;llt sein
-	</div>
-	<div class="leiste3">
-		<img title=" Hilfe zum Ausfüllen " alt="Info" src="img/info.gif"
-			width="10" height="16" />&nbsp; Ausf&uuml;llhilfe
-	</div>
-	<div class="leiste3">
-		<img title=" Angabe bitte ergänzen oder richtig stellen! "
-			alt="Rufezeichen" src="img/rufezeichen.gif" width="10" height="16" />&nbsp;
-		Fehlerhinweis
-	</div>
-	<div style="clear: both">&nbsp;</div>
-
-	<h2>Berufsm&auml;&szlig;ige Parteienvertretung einer
-		nat&uuml;rlichen/juristischen Person</h2>
-	<div class="boundingbox">
-		<form name="ProcessInputForm" method="post" accept-charset="UTF-8"
-			enctype="application/x-www-form-urlencoded" action="<BKU>">
-			<table width="80%" border="0">
-				<tr />
-				<tr />
-				<tr>
-					<td colspan="3"><em>Vertreter:</em></td>
-				</tr>
-				<tr>
-					<td align="right" width="20%">Vorname&nbsp;<img
-						title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-						src="img/stern.gif" width="10" height="16" /></td>
-					<td><input name="rpgivenname_" type="text" disabled="true"
-						id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
-					</td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right">Name&nbsp;<img
-						title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-						src="img/stern.gif" width="10" height="16" /></td>
-					<td><input name="rpfamilyname_" type="text" disabled="true"
-						id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
-					</td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right">Geburtsdatum&nbsp;<img
-						title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-						src="img/stern.gif" width="10" height="16" /></td>
-					<td><input name="rpdobyear_" type="text" disabled="true"
-						id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4"
-						readonly="true" /> - <input name="rpdobmonth_" type="text"
-						disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2"
-						maxlength="2" readonly="true" /> - <input name="rpdobday_"
-						type="text" disabled="true" id="rpdobday" value="<rpdobday>"
-						size="2" maxlength="2" readonly="true" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td colspan="2"><br /> <em>Ich bin berufsm&auml;&szlig;ig
-							berechtigt f&uuml;r die nachfolgend genannte Person in deren
-							Namen mit der B&uuml;rgerkarte einzuschreiten.</em></td>
-					<td>&nbsp;</td>
-				</tr>
-				<tr>
-					<td colspan="3"><br /> <em>Vertretene Person:</em></td>
-				</tr>
-				<tr>
-					<td colspan="3"><input name="physical_" type="radio"
-						physdisabled="" value="true" physselected="" />&nbsp;nat&uuml;rliche
-						Person:&nbsp;</td>
-				</tr>
-				<tr>
-					<td align="right">Vorname&nbsp;<img
-						title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-						src="img/stern.gif" width="10" height="16" /></td>
-					<td><input name="givenname_" type="text" id="givenname"
-						value="<givenname>" physdisabled="" size="50" />&nbsp;<img
-						src="img/info.gif" title="Vorname laut ZMR Schreibweise"
-						alt="Info" border="0" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right">Name&nbsp;<img
-						title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-						src="img/stern.gif" width="10" height="16" /></td>
-					<td><input name="familyname_" type="text" id="familyname"
-						value="<familyname>" physdisabled="" size="50" />&nbsp;<img
-						src="img/info.gif" title="Familienname laut ZMR Schreibweise"
-						alt="Info" border="0" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right">Geburtsdatum&nbsp;<img
-						title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern"
-						src="img/stern.gif" width="10" height="16" /></td>
-					<td><input name="dobyear_" type="text" id="dobyear" size="4"
-						maxlength="4" value="<dobyear>" physdisabled="" /> - <input
-						name="dobmonth_" type="text" id="dobmonth" size="2" maxlength="2"
-						value="<dobmonth>" physdisabled="" /> - <input name="dobday_"
-						type="text" id="dobday" size="2" maxlength="2" value="<dobday>"
-						physdisabled="" />&nbsp;<img src="img/info.gif"
-						title="Format: JJJJ-MM-TT" alt="Info" border="0" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="center"><em>optional:</em></td>
-					<td colspan="2" />
-				</tr>
-				<tr>
-					<td align="right">Stra&szlig;e&nbsp;</td>
-					<td><input name="streetname_" type="text" id="streetname"
-						value="<streetname>" physdisabled="" size="50" />&nbsp;<img
-						src="img/info.gif" title="Stra&szlig;e laut ZMR Schreibweise"
-						border="0" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right">Hausnummer&nbsp;</td>
-					<td><input name="buildingnumber_" type="text"
-						id="buildingnumber" value="<buildingnumber>" physdisabled=""
-						size="50" />&nbsp;<img src="img/info.gif"
-						title="Hausnummer laut ZMR Schreibweise" alt="Info" border="0" />
-					</td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right">Einh. Nr.&nbsp;</td>
-					<td><input name="unit_" type="text" id="unit" value="<unit>"
-						size="50" physdisabled="" />&nbsp;<img src="img/info.gif"
-						title="Nutzungseinheitsnummer laut ZMR Schreibweise" alt="Info"
-						border="0" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right">Postleitzahl&nbsp;</td>
-					<td><input name="postalcode_" type="text" id="postalcode"
-						value="<postalcode>" size="50" physdisabled="" />&nbsp;<img
-						src="img/info.gif" title="Postleitzahl laut ZMR Schreibweise"
-						alt="Info" border="0" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right">Gemeinde&nbsp;</td>
-					<td><input name="municipality_" type="text" id="municipality"
-						value="<municipality>" size="50" physdisabled="" />&nbsp;<img
-						src="img/info.gif" title="Gemeinde laut ZMR Schreibweise"
-						alt="Info" border="0" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td colspan="3">&nbsp;</td>
-				</tr>
-				<tr>
-					<td colspan="3"><input name="physical_" type="radio"
-						cbdisabled="" value="false" cbselected=""/ >&nbsp;juristische
-							Person:&nbsp;</td>
-				</tr>
-				<tr>
-					<td align="right">Name&nbsp;<img
-						title=" Dieses Feld muss ausgef&uuml;llt sein!"
-						src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
-					<td><input name="fullname_" type="text" cbdisabled=""
-						id="fullname" value="<fullname>" size="50" />&nbsp;<img
-						src="img/info.gif"
-						title="Name der Organisation laut ZMR Schreibweise" alt="Info"
-						border="0" /></td>
-					<td></td>
-				</tr>
-				<tr>
-					<td align="right" nowrap="nowrap"><select
-						name="cbidentificationtype_" size="1" cbseldisabled="">
-							<option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
-							<option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
-							<option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im
-								Erg&auml;nzungsreg.</option>
-					</select>&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!"
-						src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
-					<td><input name="cbidentificationvalue_" type="text"
-						cbdisabled="" id="cbidentificationvalue"
-						value="<cbidentificationvalue>" size="50" />&nbsp;<img
-						src="img/info.gif" title="Ordnungsbegriff laut ZMR Schreibweise"
-						alt="Info" border="0" /></td>
-					<td></td>
-				</tr>
-			</table>
-			<br />
-			<errortext>
-			<p>
-				<em>Bitte halten Sie Ihre B&uuml;rgerkartenumgebung bereit.</em>
-			</p>
-			<p>
-				<input name="XMLRequest" type="hidden"
-					value="&lt;?xml version='1.0' encoding='UTF-8'?>&lt;NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>" />
-				<input name="DataURL" type="hidden" value="<DataURL>" /> <input
-					type="submit" name="Submit" value="      Weiter      " /> <input
-					name="Clear" type="reset" id="Clear"
-					value="Formular zur&uuml;cksetzen" />
-			</p>
-			<br />
-		</form>
-	</div>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html b/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html
deleted file mode 100644
index f47ee53ff..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html
+++ /dev/null
@@ -1,16 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-
-    <body>
-        <form action="${action}" method="post" target="_parent">
-            <div>
-                <input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>
-            </div>
-            <p>Please indicate the gender of the represented.</p>
-            <div>
-                <input type="submit" name="gender" value="M"/>
-                <input type="submit" name="gender" value="F"/>
-            </div>
-        </form>
-        
-    </body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm
deleted file mode 100644
index 7fcc1bb36..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm
+++ /dev/null
@@ -1,36 +0,0 @@
-##
-## Velocity Template for OASIS WEBFORM BINDING
-##
-## Velocity context may contain the following properties
-## action - String - the action URL for the form
-## signresponse - String - the Base64 encoded SAML Request
-## verifyresponse - String - the Base64 encoded SAML Response
-## clienturl - String - URL where the USer gets redirected after the signature process
-
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-
-    <body onload="document.forms[0].submit()">
-        <noscript>
-            <p>
-                <strong>Note:</strong> Since your browser does not support JavaScript,
-                you must press the Continue button once to proceed.
-            </p>
-        </noscript>
-        
-        <form action="${action}" method="post">
-            <div>
-                #if($signrequest)<input type="hidden" name="signrequest" value="${signrequest}"/>#end
-                
-                #if($verifyrequest)<input type="hidden" name="verifyrequest" value="${verifyrequest}"/>#end
-                #if($clienturl)<input type="hidden" name="clienturl" value="${clienturl}"/>#end
-                
-            </div>
-            <noscript>
-                <div>
-                    <input type="submit" value="Continue"/>
-                </div>
-            </noscript>
-        </form>
-        
-    </body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html
deleted file mode 100644
index 64e88a688..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html
+++ /dev/null
@@ -1,48 +0,0 @@
-## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity
-##context may contain the following properties ## action - String - the
-##action URL for the form ## RelayState - String - the relay state for the
-##message ## SAMLRequest - String - the Base64 encoded SAML Request ##
-##SAMLResponse - String - the Base64 encoded SAML Response
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-
-<body onload="document.forms[0].submit()">
-	<noscript>
-		<p>
-			<strong>Note:</strong> Since your browser does not support
-			JavaScript, you must press the Continue button once to proceed.
-		</p>
-	</noscript>
-
-
-	<div id="alert">Your login is being processed. Thank you for
-		waiting.</div>
-
-	<style type="text/css">
-<!--
-#alert {
-	margin: 100px 250px;
-	font-family: Verdana, Arial, Helvetica, sans-serif;
-	font-size: 14px;
-	font-weight: normal;
-}
--->
-</style>
-
-	<form action="${action}" method="post" target="_parent">
-		<div>
-			#if($RelayState)<input type="hidden" name="RelayState"
-				value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden"
-				name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input
-				type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end
-
-		</div>
-		<noscript>
-			<div>
-				<input type="submit" value="Continue" />
-			</div>
-		</noscript>
-	</form>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html
new file mode 100644
index 000000000..45c183215
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html
@@ -0,0 +1,46 @@
+## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity
+##context may contain the following properties ## action - String - the
+##action URL for the form ## RelayState - String - the relay state for the
+##message ## SAMLRequest - String - the Base64 encoded SAML Request ##
+##SAMLResponse - String - the Base64 encoded SAML Response
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+<body onload="document.forms[0].submit()">
+	<noscript>
+		<p>
+			<strong>Note:</strong> Since your browser does not support
+			JavaScript, you must press the Continue button once to proceed.
+		</p>
+	</noscript>
+
+
+	<div id="alert">Your login is being processed. Thank you for
+		waiting.</div>
+
+	<style type="text/css">
+<!--
+#alert {
+	margin: 100px 250px;
+	font-family: Verdana, Arial, Helvetica, sans-serif;
+	font-size: 14px;
+	font-weight: normal;
+}
+-->
+</style>
+
+	<form action="${action}" method="post" target="_parent">
+		<div>
+			#if($RelayState)   <input type="hidden" name="RelayState" value="${RelayState}"/>     #end 
+			#if($SAMLRequest)  <input type="hidden" name="SAMLRequest" value="${SAMLRequest}" />  #end
+			#if($SAMLResponse) <input type="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end
+		</div>
+		<noscript>
+			<div>
+				<input type="submit" value="Continue" />
+			</div>
+		</noscript>
+	</form>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index b8284c8f9..5091195d8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -143,7 +143,9 @@ public class ConfigurationMigrationUtils {
 			if (MiscUtil.isNotEmpty(oa.getEventCodes())) {
 				result.put(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES, oa.getEventCodes());
 			}
-			
+						
+			result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, oa.getMandateServiceSelectionTemplateURL());
+			result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, oa.getSaml2PostBindingTemplateURL());
 			
 			//convert target
 			String target_full = oa.getTarget();
@@ -769,6 +771,9 @@ public class ConfigurationMigrationUtils {
 	        }
 
 	        dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL));
+
+	        dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL));
+	        dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL));
 	        
 	        if (Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE))) {
 	            dbOA.setType(MOA_CONFIG_BUSINESSSERVICE);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 9fe90daa4..b72034002 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -105,6 +105,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
 	public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".applet.hight";
 	public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".applet.width";
 	
+	public static final String SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL = SERVICE_AUTH_TEMPLATES + ".saml2.postbinding.url";
+	public static final String SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL = SERVICE_AUTH_TEMPLATES + ".elga.mandateserviceselection.url";
+	
 	private static final String SERVICE_AUTH_TESTCREDENTIALS = AUTH + "." + TESTCREDENTIALS;
 	public static final String SERVICE_AUTH_TESTCREDENTIALS_ENABLED = SERVICE_AUTH_TESTCREDENTIALS + ".enabled"; 
 	public static final String SERVICE_AUTH_TESTCREDENTIALS_OIDs = SERVICE_AUTH_TESTCREDENTIALS + ".oids";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index 4aee10bc1..196923ce6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -109,10 +109,44 @@ public class OnlineApplication
     @XmlTransient
     protected String selectedSZRGWServiceURL = null;
     
+    @XmlTransient
+    protected String saml2PostBindingTemplateURL = null;
+    
+    @XmlTransient
+    protected String mandateServiceSelectionTemplateURL = null;
+    
     
     
     
     /**
+	 * @return the saml2PostBindingTemplateURL
+	 */
+	public String getSaml2PostBindingTemplateURL() {
+		return saml2PostBindingTemplateURL;
+	}
+
+	/**
+	 * @param saml2PostBindingTemplateURL the saml2PostBindingTemplateURL to set
+	 */
+	public void setSaml2PostBindingTemplateURL(String saml2PostBindingTemplateURL) {
+		this.saml2PostBindingTemplateURL = saml2PostBindingTemplateURL;
+	}
+
+	/**
+	 * @return the mandateServiceSelectionTemplateURL
+	 */
+	public String getMandateServiceSelectionTemplateURL() {
+		return mandateServiceSelectionTemplateURL;
+	}
+
+	/**
+	 * @param mandateServiceSelectionTemplateURL the mandateServiceSelectionTemplateURL to set
+	 */
+	public void setMandateServiceSelectionTemplateURL(String mandateServiceSelectionTemplateURL) {
+		this.mandateServiceSelectionTemplateURL = mandateServiceSelectionTemplateURL;
+	}
+
+	/**
 	 * @return the selectedSZRGWServiceURL
 	 */
 	public String getSelectedSZRGWServiceURL() {
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
new file mode 100644
index 000000000..4bb4b0e27
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -0,0 +1,187 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
+
+	public static final String VIEW_BKUSELECTION = "loginFormFull.html";
+	public static final String VIEW_SENDASSERTION = "sendAssertionFormFull.html";	
+	public static final String VIEW_TEMPLATE_CSS = "css_template.css";
+	public static final String VIEW_TEMPLATE_JS = "javascript_tempalte.js";
+	
+	public static final String PARAM_BKU_ONLINE = "bkuOnline";
+	public static final String PARAM_BKU_HANDY = "bkuHandy";
+	public static final String PARAM_BKU_LOCAL = "bkuLocal";
+	
+	public static final String PARAM_OANAME = "OAName";
+	public static final String PARAM_COUNTRYLIST = "countryList";
+	
+	protected IRequest pendingReq = null;
+	
+	/**
+	 * @param authURL PublicURLPrefix of the IDP but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * 			or null if the form must not submitted
+	 */
+	public AbstractServiceProviderSpecificGUIFormBuilderConfiguration(String authURL, String viewName, 
+			String formSubmitEndpoint) {
+		super(authURL, viewName, formSubmitEndpoint);
+		
+	}
+	
+	/**
+	 * @param Current processed pending-request DAO but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * 			or null if the form must not submitted
+	 */
+	public AbstractServiceProviderSpecificGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, 
+			String formSubmitEndpoint) {
+		super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint);
+		this.pendingReq = pendingReq;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
+	 */
+	@Override
+	public Map<String, Object> getSpecificViewParameters() {
+		Map<String, Object> params =  new HashMap<String, Object>();
+		params.put(PARAM_BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
+		params.put(PARAM_BKU_HANDY, IOAAuthParameters.HANDYBKU);
+		params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU);
+		
+		if (pendingReq != null) {							
+			params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID());
+
+			//add service-provider specific GUI parameters
+			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			if (oaParam != null) {
+				params.put(PARAM_OANAME, oaParam.getFriendlyName());
+								
+				if (oaParam.isShowStorkLogin())
+					addCountrySelection(params, oaParam);
+				else
+					params.put(PARAM_COUNTRYLIST, "");
+				
+				FormBuildUtils.customiceLayoutBKUSelection(params, oaParam);
+								
+			} else
+				FormBuildUtils.defaultLayoutBKUSelection(params);
+			
+			
+		} else {
+			//add default GUI parameters
+			FormBuildUtils.defaultLayoutBKUSelection(params);
+			
+		}
+
+		return params;
+	}
+	
+	/**
+	 * @param params
+	 * @param oaParam
+	 */
+	private void addCountrySelection(Map<String, Object> params, IOAAuthParameters oaParam) {
+		String pepslist = "";
+		try {				
+			for (CPEPS current : oaParam.getPepsList()) {
+				String countryName = null;							
+				if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase())))
+					countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase());
+				else
+					countryName = current.getFullCountryCode().toUpperCase();
+				
+				pepslist += "<option value=" + current.getFullCountryCode() + ">" 
+						+  countryName
+						+ "</option>\n";
+											
+			}
+			params.put(PARAM_COUNTRYLIST, pepslist);
+					
+		} catch (NullPointerException e) {
+			Logger.warn("Can not at Countries to GUI. Msg:" + e.getMessage());
+			
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getClasspathTemplateDir()
+	 */
+	@Override
+	public String getClasspathTemplateDir() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
+	 */
+	@Override
+	public InputStream getTemplate(String viewName) {		
+		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+			
+			byte[] oatemplate = null;			
+			if (VIEW_BKUSELECTION.equals(viewName))				
+				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+			
+			else if (VIEW_SENDASSERTION.equals(viewName))
+				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+			
+			// OA specific template requires a size of 8 bits minimum
+			if (oatemplate != null && oatemplate.length > 7)
+				return new ByteArrayInputStream(oatemplate);							
+		}
+		
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getDefaultContentType()
+	 */
+	@Override
+	public String getDefaultContentType() {
+		return null;		
+	}
+
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index e8cd60afb..285c90163 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -78,24 +78,16 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 		build(httpResp, config, getInternalContentType(config), loggerName);
 		
 	}
-	
-	
+		
 	@Override
 	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, 
 			String contentType, String loggerName) throws GUIBuildException {
 		
 		InputStream is = null;
 		try {
-			String viewName = config.getViewName();
+			String viewName = config.getViewName();			
+			is = getTemplateInputStream(config);
 			
-			//load Tempate
-			 is = getInternalTemplate(config);
-			if (is == null) {
-				Logger.warn("No GUI with viewName:" + viewName + " FOUND.");
-				throw new GUIBuildException("No GUI with viewName:" + viewName + " FOUND.");
-			
-			}
-
 			//build Velocity Context from input paramters
 			VelocityContext context = buildContextFromViewParams(config.getViewParameters());
 
@@ -137,6 +129,35 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 		
 	}
 
+	/**
+	 * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters
+	 * 
+	 * @param config
+	 * @return
+	 */
+	public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) {
+		return buildContextFromViewParams(config.getViewParameters());
+		
+	}
+	
+	/**
+	 * Load the template from different resources
+	 * 
+	 * @param config
+	 * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method
+	 * @throws GUIBuildException
+	 */
+	public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException {			
+		InputStream is = getInternalTemplate(config);
+		if (is == null) {
+			Logger.warn("No GUI with viewName:" + config.getViewName() + " FOUND.");
+			throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND.");
+		
+		}		
+		return is;
+		
+	}
+	
 	private String getInternalContentType(IGUIBuilderConfiguration config) {
 		if (MiscUtil.isEmpty(config.getDefaultContentType()))
 			return DEFAULT_CONTENT_TYPE;
@@ -167,7 +188,7 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 										
 				} catch (Exception e) {
 					//load template from classpath as backup
-					Logger.info("GUI template:" + viewName + " is not found in configuration directory. "
+					Logger.debug("GUI template:" + viewName + " is not found in configuration directory. "
 							+ " Load template from project library ... ");					
 					try  {
 						pathLocation = getInternalClasspathTemplateDir(config) + viewName;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
index 198220e97..8e8a63094 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
@@ -64,4 +64,5 @@ public interface IGUIFormBuilder {
 	 */
 	void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType,
 			String loggerName) throws GUIBuildException;
+		
 }
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
new file mode 100644
index 000000000..13d8d3bb7
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractServiceProviderSpecificGUIFormBuilderConfiguration {
+		
+	/**
+	 * @param authURL PublicURLPrefix of the IDP but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * 			or null if the form must not submitted
+	 */
+	public SPSpecificGUIBuilderConfigurationWithDBLoad(String authURL, String viewName, 
+			String formSubmitEndpoint) {
+		super(authURL, viewName, formSubmitEndpoint);
+		
+	}
+	
+	/**
+	 * @param Current processed pending-request DAO but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * 			or null if the form must not submitted
+	 */
+	public SPSpecificGUIBuilderConfigurationWithDBLoad(IRequest pendingReq, String viewName, 
+			String formSubmitEndpoint) {
+		super(pendingReq, viewName, formSubmitEndpoint);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
+	 */
+	@Override
+	public InputStream getTemplate(String viewName) {		
+		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+			
+			byte[] oatemplate = null;			
+			if (VIEW_BKUSELECTION.equals(viewName))				
+				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+			
+			else if (VIEW_SENDASSERTION.equals(viewName))
+				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+			
+			// OA specific template requires a size of 8 bits minimum
+			if (oatemplate != null && oatemplate.length > 7)
+				return new ByteArrayInputStream(oatemplate);							
+		}
+		
+		return null;
+	}
+
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
new file mode 100644
index 000000000..8bb6bc4e3
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SPSpecificGUIBuilderConfigurationWithFileSystemLoad extends AbstractServiceProviderSpecificGUIFormBuilderConfiguration {
+	
+	private String configKeyIdentifier = null;
+	private String configRootContextDir = null;
+	
+	/**
+	 * @param authURL PublicURLPrefix of the IDP but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param configKeyIdentifier Identifier of the configuration key in OA configuration that holds the filesystem URI to template 
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted 
+	 * @param configRootContextDir Path to MOA-ID-Auth configuration root directory 
+	 * 			or null if the form must not submitted
+	 */
+	public SPSpecificGUIBuilderConfigurationWithFileSystemLoad(String authURL, String viewName, 
+			String configKeyIdentifier, String formSubmitEndpoint, String configRootContextDir) {
+		super(authURL, viewName, formSubmitEndpoint);
+		this.configKeyIdentifier = configKeyIdentifier;
+		this.configRootContextDir = configRootContextDir;
+		
+	}
+	
+	/**
+	 * @param Current processed pending-request DAO but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param configKeyIdentifier Identifier of the configuration key in OA configuration that holds the filesystem URI to template 
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted 
+	 * @param configRootContextDir Path to MOA-ID-Auth configuration root directory 
+	 */
+	public SPSpecificGUIBuilderConfigurationWithFileSystemLoad(IRequest pendingReq, String viewName, 
+			String configKeyIdentifier, String formSubmitEndpoint, String configRootContextDir) {
+		super(pendingReq, viewName, formSubmitEndpoint);
+		this.configKeyIdentifier = configKeyIdentifier;
+		this.configRootContextDir = configRootContextDir;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
+	 */
+	@Override
+	public InputStream getTemplate(String viewName) {		
+		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null && 
+				configKeyIdentifier != null) {
+			try {
+				String templateURL = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(configKeyIdentifier);
+				if (MiscUtil.isNotEmpty(templateURL)) {
+					String absURL = FileUtils.makeAbsoluteURL(templateURL, configRootContextDir);				
+					if (!absURL.startsWith("file:")) {
+						Logger.warn("GUI template are only loadable from filesystem! "
+								+ "(templateURL: " + absURL + ")");
+						return null;
+					}
+				
+					Logger.debug("Load template URL for view: " + viewName + " from: " + absURL);
+					URI uri = new URL(absURL).toURI();
+					return new FileInputStream(new File(uri));
+				
+				}									
+			} catch (FileNotFoundException | URISyntaxException | MalformedURLException e) {
+				Logger.warn("Template for view: " + viewName + " is NOT loadable!  -> Switch to default template", e);
+				
+			}
+		}
+		
+		return null;
+	}
+
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
deleted file mode 100644
index 8244d630d..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.builder;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class ServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
-
-	public static final String VIEW_BKUSELECTION = "loginFormFull.html";
-	public static final String VIEW_SENDASSERTION = "sendAssertionFormFull.html";	
-	public static final String VIEW_TEMPLATE_CSS = "css_template.css";
-	public static final String VIEW_TEMPLATE_JS = "javascript_tempalte.js";
-	
-	public static final String PARAM_BKU_ONLINE = "bkuOnline";
-	public static final String PARAM_BKU_HANDY = "bkuHandy";
-	public static final String PARAM_BKU_LOCAL = "bkuLocal";
-	
-	public static final String PARAM_OANAME = "OAName";
-	public static final String PARAM_COUNTRYLIST = "countryList";
-	
-	private IRequest pendingReq = null;
-	
-	/**
-	 * @param authURL PublicURLPrefix of the IDP but never null
-	 * @param viewName Name of the template (with suffix) but never null
-	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
-	 * 			or null if the form must not submitted
-	 */
-	public ServiceProviderSpecificGUIFormBuilderConfiguration(String authURL, String viewName, 
-			String formSubmitEndpoint) {
-		super(authURL, viewName, formSubmitEndpoint);
-		
-	}
-	
-	/**
-	 * @param Current processed pending-request DAO but never null
-	 * @param viewName Name of the template (with suffix) but never null
-	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
-	 * 			or null if the form must not submitted
-	 */
-	public ServiceProviderSpecificGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, 
-			String formSubmitEndpoint) {
-		super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint);
-		this.pendingReq = pendingReq;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
-	 */
-	@Override
-	public Map<String, Object> getSpecificViewParameters() {
-		Map<String, Object> params =  new HashMap<String, Object>();
-		params.put(PARAM_BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
-		params.put(PARAM_BKU_HANDY, IOAAuthParameters.HANDYBKU);
-		params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU);
-		
-		if (pendingReq != null) {							
-			params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID());
-
-			//add service-provider specific GUI parameters
-			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
-			if (oaParam != null) {
-				params.put(PARAM_OANAME, oaParam.getFriendlyName());
-								
-				if (oaParam.isShowStorkLogin())
-					addCountrySelection(params, oaParam);
-				else
-					params.put(PARAM_COUNTRYLIST, "");
-				
-				FormBuildUtils.customiceLayoutBKUSelection(params, oaParam);
-								
-			} else
-				FormBuildUtils.defaultLayoutBKUSelection(params);
-			
-			
-		} else {
-			//add default GUI parameters
-			FormBuildUtils.defaultLayoutBKUSelection(params);
-			
-		}
-
-		return params;
-	}
-	
-	/**
-	 * @param params
-	 * @param oaParam
-	 */
-	private void addCountrySelection(Map<String, Object> params, IOAAuthParameters oaParam) {
-		String pepslist = "";
-		try {				
-			for (CPEPS current : oaParam.getPepsList()) {
-				String countryName = null;							
-				if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase())))
-					countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase());
-				else
-					countryName = current.getFullCountryCode().toUpperCase();
-				
-				pepslist += "<option value=" + current.getFullCountryCode() + ">" 
-						+  countryName
-						+ "</option>\n";
-											
-			}
-			params.put(PARAM_COUNTRYLIST, pepslist);
-					
-		} catch (NullPointerException e) {
-			Logger.warn("Can not at Countries to GUI. Msg:" + e.getMessage());
-			
-		}
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getClasspathTemplateDir()
-	 */
-	@Override
-	public String getClasspathTemplateDir() {
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
-	 */
-	@Override
-	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
-			
-			byte[] oatemplate = null;			
-			if (VIEW_BKUSELECTION.equals(viewName))				
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
-			
-			else if (VIEW_SENDASSERTION.equals(viewName))
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
-			
-			// OA specific template requires a size of 8 bits minimum
-			if (oatemplate != null && oatemplate.length > 7)
-				return new ByteArrayInputStream(oatemplate);							
-		}
-		
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getDefaultContentType()
-	 */
-	@Override
-	public String getDefaultContentType() {
-		return null;		
-	}
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 3e7a4e875..c55b5a749 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,12 +22,10 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
-import java.awt.PageAttributes.MediaType;
 import java.io.StringWriter;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
-import java.util.logging.Logger;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -44,6 +42,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
@@ -53,8 +53,16 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
index 98f8d13c7..52970e240 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
@@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
 import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConsta
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -60,11 +61,13 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask {
 			//check if Service-Provider allows ELGA-mandates
 			if (ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {			
 				Logger.trace("Build GUI for mandate-service selection ...");
-						
-				IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
-						pendingReq, 
-						ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, 
-						GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+						 
+				IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+						pendingReq,  
+						ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION,
+						MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL,
+						GeneralProcessEngineSignalController.ENDPOINT_GENERIC,
+						authConfig.getRootConfigFileDir());
 			
 				guiBuilder.build(response, config, "Mandate-Service selection");
 		
diff --git a/pom.xml b/pom.xml
index c36833df6..019050d99 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
 			<configtool-version>2.3.4-snapshot</configtool-version>
 			<demo-oa-version>2.0.6</demo-oa-version>
 			
-			<moa-id-module-elga_mandate_client>1.2</moa-id-module-elga_mandate_client>
+			<moa-id-module-elga_mandate_client>1.3</moa-id-module-elga_mandate_client>
 							
 			<org.springframework.version>4.3.10.RELEASE</org.springframework.version>
 			<surefire.version>2.19.1</surefire.version>		
-- 
cgit v1.2.3