From 56ed4518d7978c064af5f240494bf587136c93b0 Mon Sep 17 00:00:00 2001
From: rudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Mon, 15 Mar 2004 16:07:52 +0000
Subject: RSCH

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@99 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../moa/id/auth/AuthenticationServer.java          |  19 ++-
 .../AuthenticationDataAssertionBuilder.java        |   7 +-
 .../moa/id/auth/builder/BPKBuilder.java            |  50 ++++++
 .../builder/CreateXMLSignatureRequestBuilder.java  |  11 +-
 .../moa/id/auth/builder/PersonDataBuilder.java     |  13 +-
 .../moa/id/auth/builder/VPKBuilder.java            |  52 ------
 .../egovernment/moa/id/auth/data/IdentityLink.java |  27 ++-
 .../auth/parser/IdentityLinkAssertionParser.java   |  13 +-
 .../moa/id/auth/servlet/AuthServlet.java           |  10 +-
 .../moa/id/auth/servlet/ConfigurationServlet.java  |  37 ++--
 .../VerifyXMLSignatureResponseValidator.java       |   2 +-
 .../moa/id/config/ConfigurationBuilder.java        |   4 +-
 .../moa/id/config/auth/OAAuthParameter.java        |  40 ++++-
 .../config/proxy/ProxyConfigurationProvider.java   |   2 -
 .../moa/id/data/AuthenticationData.java            |  40 +++--
 .../moa/id/iaik/config/PKIConfigurationImpl.java   |   1 +
 .../moa/id/proxy/DefaultConnectionBuilder.java     |   2 +-
 .../id/proxy/DefaultLoginParameterResolver.java    |  31 ++--
 .../moa/id/proxy/LoginParameterResolver.java       |  28 +--
 .../moa/id/proxy/NotAllowedException.java          |  39 +++++
 .../moa/id/proxy/OldXMLLoginParameterResolver.java |  16 +-
 .../moa/id/proxy/XMLLoginParameterResolver.java    |  12 +-
 .../parser/AuthenticationDataAssertionParser.java  |  17 +-
 .../moa/id/proxy/servlet/ConfigurationServlet.java |  35 ++--
 .../moa/id/proxy/servlet/ProxyServlet.java         | 189 +++++++++++++--------
 .../moa/id/util/HTTPRequestJSPForwarder.java       |  76 +++++++++
 .../at/gv/egovernment/moa/id/util/SSLUtils.java    |   2 +-
 27 files changed, 516 insertions(+), 259 deletions(-)
 create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
 delete mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java
 create mode 100644 id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
 create mode 100644 id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java

(limited to 'id.server/src/at/gv/egovernment')

diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index bc3e075be..9cb473d4f 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -28,7 +28,7 @@ import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.VPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -379,8 +379,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     session.setAuthBlock(authBlock);
     // builds the <CreateXMLSignatureRequest>
     String[] transformInfos = authConf.getTransformsInfos();
+
+		OAAuthParameter oaParam =
+			AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+				session.getPublicOAURLPrefix());
+				
     String createXMLSignatureRequest =
-      new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos);
+      new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), transformInfos);
     return createXMLSignatureRequest;
   }
   /**
@@ -502,12 +507,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     authData.setAssertionID(Random.nextRandom());
     authData.setIssuer(session.getAuthURL());
     authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
-    String vpkBase64 =
-      new VPKBuilder().buildVPK(
+    String bpkBase64 =
+      new BPKBuilder().buildBPK(
         identityLink.getIdentificationValue(),
-        identityLink.getDateOfBirth(),
         session.getTarget());
-    authData.setVPK(vpkBase64);
+    authData.setIdentificationType(identityLink.getIdentificationType());
+    authData.setPBK(bpkBase64);
     authData.setGivenName(identityLink.getGivenName());
     authData.setFamilyName(identityLink.getFamilyName());
     authData.setDateOfBirth(identityLink.getDateOfBirth());
@@ -517,7 +522,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     OAAuthParameter oaParam =
       AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
         session.getPublicOAURLPrefix());
-    String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl());
+    String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideStammzahl());
 
     try {
       String ilAssertion =
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index fd7cb1a9d..ed2c863d2 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -19,13 +19,14 @@ public class AuthenticationDataAssertionBuilder implements Constants {
 	/**
 	 * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
 	 */
+	//TODO MOA-ID check if NameQualifier NameQualifier urn:publicid:gv.at:cdid+ "is stable" in specification
 	private static final String AUTH_DATA =
 		"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
 	  "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + 
     " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
 	  "	<saml:AttributeStatement>" + NL +
 	  "		<saml:Subject>" + NL +
-	  "			<saml:NameIdentifier NameQualifier=''http://reference.e-government.gv.at/names/vpk/20020221#''>{3}</saml:NameIdentifier>" + NL +
+	  "			<saml:NameIdentifier NameQualifier=''urn:publicid:gv.at:cdid+''>{3}</saml:NameIdentifier>" + NL +
 	  "     <saml:SubjectConfirmation>" + NL +
 	  "       <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
 	  "       <saml:SubjectConfirmationData>{4}{5}</saml:SubjectConfirmationData>" + NL +
@@ -64,7 +65,7 @@ public class AuthenticationDataAssertionBuilder implements Constants {
    * @param xmlPersonData <code>lt;pr:Person&gt;</code> element as a String
    * @param xmlAuthBlock authentication block to be included in a 
    * 				 <code>lt;saml:SubjectConfirmationData&gt;</code> element; may include
-   * 				 the <code>"ZMR-Zahl"</code> or not; may be empty
+   * 				 the <code>"Stammzahl"</code> or not; may be empty
    * @param xmlIdentityLink the IdentityLink
    * @return the <code>&lt;saml:Assertion&gt;</code>
    * @throws BuildException if an error occurs during the build process
@@ -89,7 +90,7 @@ public class AuthenticationDataAssertionBuilder implements Constants {
   		authData.getAssertionID(),
   		authData.getIssuer(), 
   		authData.getIssueInstant(), 
-  		authData.getVPK(), 
+  		authData.getPBK(), 
   		removeXMLDeclaration(xmlAuthBlock),
   		removeXMLDeclaration(xmlIdentityLink),
   		removeXMLDeclaration(xmlPersonData), 
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
new file mode 100644
index 000000000..706d0a39a
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.security.MessageDigest;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Builder for the BPK, as defined in
+ * <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
+ * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
+ *  
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class BPKBuilder {
+
+  /**
+   * Builds the BPK from given parameters. 
+   * @param identificationValue Base64 encoded "Stammzahl" 
+   * @param target "Verfahrensname"; will be transformed to lower case
+   * @return PBK in a BASE64 encoding
+   * @throws BuildException while building the BPK
+   */
+  public String buildBPK(String identificationValue, String target) 
+    throws BuildException {
+    
+    if (identificationValue == null || identificationValue.length() == 0 
+      || target == null || target.length() == 0)
+      throw new BuildException(
+        "builder.00", 
+        new Object[] {"BPK", 
+          "Unvollständige Parameterangaben: identificationValue=" + identificationValue + 
+          ",target=" + target});
+    String basisbegriff = identificationValue + "+" + target;
+    try {
+      MessageDigest md = MessageDigest.getInstance("SHA-1");
+      byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
+      String hashBase64 = Base64Utils.encode(hash);
+      return hashBase64;
+    }
+    catch (Exception ex) {
+      throw new BuildException(
+        "builder.00", 
+        new Object[] {"BPK", ex.toString()}, 
+        ex);
+    }
+  }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index f8c287cb6..961a40303 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -21,12 +21,10 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 	private static final String CREATE_XML_SIGNATURE_REQUEST = 
 		"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl +
 		"<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl +
-		" <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl +
-		//TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair
-		//" <sl11:KeyboxIdentifier>CertifiedKeypair</sl11:KeyboxIdentifier>" + nl +
+		" <sl11:KeyboxIdentifier>{1}</sl11:KeyboxIdentifier>" + nl +
 		" <sl11:DataObjectInfo Structure=''detached''>" + nl +
 		"  <sl10:DataObject Reference=''''/>" + nl +
-		"{1}" +
+		"{2}" +
 		" </sl11:DataObjectInfo>" + nl +
 		" <sl11:SignatureInfo>" + nl +
 		"  <sl11:SignatureEnvironment>" + nl +
@@ -47,14 +45,15 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 	 * Builds the <code>&lt;CreateXMLSignatureRequest&gt;</code>.
 	 * 
 	 * @param authBlock String representation of XML authentication block
+	 * @param keyBoxIdentfier the key box identifier which will be used (e.g. CertifiedKeyPair)
 	 * @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
 	 */
-	public String build(String authBlock, String[] dsigTransformInfos) {
+	public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos) {
 		String dsigTransformInfosString = "";
 		for (int i = 0; i < dsigTransformInfos.length; i++)
       dsigTransformInfosString += dsigTransformInfos[i];
 		String request = MessageFormat.format(
-			CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, dsigTransformInfosString });
+			CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, keyBoxIdentifier, dsigTransformInfosString });
 		return request;
 	}
 }
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
index 85ec1cb7f..819ed79bb 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -26,24 +26,25 @@ public class PersonDataBuilder {
 	/**
 	 * Builds the <code>&lt;pr:Person&gt;</code> element.<br/>
 	 * Utilizes the parsed <code>&lt;prPerson&gt;</code> from the identity link
-	 * and the information regarding inclusion of <code>"ZMR-Zahl"</code> in the 
+	 * and the information regarding inclusion of <code>"Stammzahl"</code> in the 
 	 * <code>&lt;pr:Person&gt;</code> data.
 	 * 
 	 * @param identityLink <code>IdentityLink</code> containing the
 	 * 				 attribute <code>prPerson</code>
-	 * @param provideZMRZahl true if <code>"ZMR-Zahl"</code> is to be included;
+	 * @param provideStammzahl true if <code>"Stammzahl"</code> is to be included;
 	 * 				 false otherwise
 	 * @return the <code>&lt;pr:Person&gt;</code> element as a String
    * @throws BuildException on any error
 	 */
-	public String build(IdentityLink identityLink, boolean provideZMRZahl) 
+	public String build(IdentityLink identityLink, boolean provideStammzahl) 
 		throws BuildException {
 			
     try {
       Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true);
-      if (! provideZMRZahl) {
-        Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification");       
-        prPerson.removeChild(prIdentification);
+      if (! provideStammzahl) {
+        Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value");       
+        //remove IdentificationValue
+        prIdentification.getFirstChild().setNodeValue("");
       }
       String xmlString = DOMUtils.serializeNode(prPerson);
       return xmlString;
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java
deleted file mode 100644
index c18156a01..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/VPKBuilder.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.security.MessageDigest;
-
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.util.Base64Utils;
-
-/**
- * Builder for the VPK, as defined in
- * <code>&quot;Ableitung f&uml;r die verfahrensspezifische Personenkennzeichnung&quot;</code>
- * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
- *  
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class VPKBuilder {
-
-  /**
-   * Builds the VPK from given parameters. 
-   * @param identificationValue "ZMR-Zahl"
-   * @param dateOfBirth "Geburtsdatum"
-   * @param target "Verfahrensname"; will be transformed to lower case
-   * @return VPK in a BASE64 encoding
-   * @throws BuildException while building the VPK
-   */
-  public String buildVPK(String identificationValue, String dateOfBirth, String target) 
-    throws BuildException {
-    
-    if (identificationValue == null || identificationValue.length() == 0 
-      || dateOfBirth == null || dateOfBirth.length() == 0
-      || target == null || target.length() == 0)
-      throw new BuildException(
-        "builder.00", 
-        new Object[] {"VPK", 
-          "Unvollständige Parameterangaben: identificationValue=" + identificationValue + 
-          ",dateOfBirth=" + dateOfBirth + ",target=" + target});
-    String basisbegriff = identificationValue + "+" + dateOfBirth + "+" + target.toLowerCase();
-    try {
-      MessageDigest md = MessageDigest.getInstance("SHA-1");
-      byte[] hash = md.digest(basisbegriff.getBytes());
-      String hashBase64 = Base64Utils.encode(hash);
-      return hashBase64;
-    }
-    catch (Exception ex) {
-      throw new BuildException(
-        "builder.00", 
-        new Object[] {"VPK", ex.toString()}, 
-        ex);
-    }
-  }
-
-}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index e2ad2625a..cc58db916 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -14,9 +14,13 @@ import org.w3c.dom.Element;
  */
 public class IdentityLink {
 	/**
-	 * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
 	 */
 	private String identificationValue;
+	/**
+	* <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+	*/
+	private String identificationType;
 	/**
 	 * first name
 	 */
@@ -82,13 +86,22 @@ public class IdentityLink {
 
   /**
    * Returns the identificationValue.
-	 * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
    * @return String
    */
   public String getIdentificationValue() {
     return identificationValue;
   }
 
+	/**
+	 * Returns the identificationType.
+	 * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+	 * @return String
+	 */
+	public String getIdentificationType() {
+		return identificationType;
+	}
+
   /**
    * Sets the dateOfBirth.
    * @param dateOfBirth The dateOfBirth to set
@@ -115,12 +128,20 @@ public class IdentityLink {
 
   /**
    * Sets the identificationValue.
-	 * <code>"identificationValue"</code> is the translation of <code>"ZMR-Zahl"</code>.
+	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
    * @param identificationValue The identificationValue to set
    */
   public void setIdentificationValue(String identificationValue) {
     this.identificationValue = identificationValue;
   }
+  
+	/**
+	 * Sets the Type of the identificationValue.
+	 * @param identificationType The type of identificationValue to set
+	 */
+	public void setIdentificationType(String identificationType) {
+		this.identificationType = identificationType;
+	}
 
   /**
    * Returns the samlAssertion.
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index f9ef54884..49baf1bf5 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -97,6 +97,16 @@ public class IdentityLinkAssertionParser {
       + "Identification/"
       + PDATA
       + "Value";
+
+	/** Xpath expression to the Identification Value element */	
+	private static final String PERSON_IDENT_TYPE_XPATH =
+		PERSON_XPATH
+			+ "/"
+			+ PDATA
+			+ "Identification/"
+			+ PDATA
+			+ "Type";
+
   /** Xpath expression to the RSAKeyValue element */
   private static final String RSA_KEY_VALUE_XPATH =
     ROOT
@@ -179,12 +189,13 @@ public class IdentityLinkAssertionParser {
     IdentityLink identityLink;
     try {
       identityLink = new IdentityLink();
-      //ÄNDERN: NUR der Identification-Teil
       identityLink.setSamlAssertion(assertionElem);
       identityLink.setPrPerson((Element)
       	XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH));
       identityLink.setIdentificationValue(
         XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, ""));
+			identityLink.setIdentificationType(
+				XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, ""));
       identityLink.setGivenName(
         XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""));
       identityLink.setFamilyName(
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 6ff52bc4a..95878007e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -35,7 +35,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
    * <ul>
    * <li>Logs the error</li>
    * <li>Places error message and exception thrown into the request 
-   * 		 as request attributes (to be used by <code>"/errorpage.jsp"</code>)</li>
+   * 		 as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
    * <li>Sets HTTP status 500 (internal server error)</li>
    * </ul>
    * 
@@ -59,9 +59,9 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 			req.setAttribute("ExceptionThrown", exceptionThrown);
 		}
 				
-		//forward this to errorpage.jsp wher the HTML error page is generated
+		//forward this to errorpage-auth.jsp where the HTML error page is generated
 		ServletContext context = getServletContext();
-		RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp");
+		RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
 		try {
       dispatcher.forward(req, resp);
     } catch (ServletException e) {
@@ -80,9 +80,9 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
     Logger.error(ex.toString());
     req.setAttribute("WrongParameters", ex.getMessage());
 
-    //	forward this to errorpage.jsp where the HTML error page is generated 
+    //	forward this to errorpage-auth.jsp where the HTML error page is generated 
     ServletContext context = getServletContext();
-    RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp");
+    RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
     try {
       dispatcher.forward(req, resp);
     } catch (ServletException e) {
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
index 1dc1897b2..f33377547 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -1,17 +1,18 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 import java.text.DateFormat;
 import java.util.Date;
 import java.util.Locale;
 
+import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger;
  * @version $Id$
  */
 public class ConfigurationServlet extends HttpServlet {
-  /** Constant for the DTD-Doc type */
-  private static final String DOC_TYPE =
-    "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
 
   /**
    * Handle a HTTP GET request, used to indicated that the MOA
@@ -36,13 +34,7 @@ public class ConfigurationServlet extends HttpServlet {
     throws ServletException, IOException {
 
     MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
-    PrintWriter out;
 
-    response.setContentType("text/html");
-    out = response.getWriter();
-    out.println(DOC_TYPE);
-    out.println("<head><title>MOA configuration update</title></head>");
-    out.println("<body bgcolor=\"#FFFFFF\">");
     try {
       MOAIDAuthInitializer.initialized=false;
       MOAIDAuthInitializer.initialize();
@@ -50,21 +42,13 @@ public class ConfigurationServlet extends HttpServlet {
       	{ DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
             
       Logger.info(message);
-      //TODO low-priority: change to ErrorPage
-      out.println("<p><b>");
-      out.println(message);
-      out.println("</b></p>");
+			HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response);
+			
     } catch (Throwable t) {
       String errorMessage = msg.getMessage("config.04", null);
       Logger.error(errorMessage, t);
-      out.println("<p><b>");
-      out.println(errorMessage);
-      out.println("</b></p>");
+			HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response);
     }
-    out.println("</body>");
-
-    out.flush();
-    out.close();
   }
 
   /**
@@ -77,4 +61,15 @@ public class ConfigurationServlet extends HttpServlet {
     doGet(request, response);
   }
 	
+	/**
+	 * Calls the web application initializer.
+	 * 
+	 * @see javax.servlet.Servlet#init(ServletConfig)
+	 */
+	public void init(ServletConfig servletConfig) throws ServletException {
+		super.init(servletConfig);
+	}
+
 }
+
+
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 8de475f95..ec8cb7b1a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -53,7 +53,7 @@ public class VerifyXMLSignatureResponseValidator {
 
     if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
       throw new ValidateException("validator.06", null);
-      //TODO enhance error messages (reason why check failed)
+      //TODO MOA-ID enhance error messages (reason why check failed)
     if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0)
       if (whatToCheck.equals(CHECK_IDENTITY_LINK))
         throw new ValidateException("validator.07", null);
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 6d3e05c29..53f763630 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -355,10 +355,12 @@ public class ConfigurationBuilder {
 
       OAAuthParameter oap = new OAAuthParameter();
       oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
+      oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
+      
       //Check if there is an Auth-Block to read from configuration
       if (authComponent!=null)
       {
-        oap.setProvideZMRZahl(BoolUtils.valueOf(authComponent.getAttribute("provideZMRZahl")));
+        oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl")));
         oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
         oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
       }
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 9ee1ec606..512d571ab 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -13,10 +13,15 @@ public class OAAuthParameter {
 	 * public URL prefix of the online application
 	 */
   private String publicURLPrefix;
+  
 	/**
-	 * determines whether "ZMR-Zahl" is to be included in the authentication data
+	 * key box Identifier (e.g. CertifiedKeyPair, SecureSignatureKeyPair)
+	 */  
+  private String keyBoxIdentifier;
+	/**
+	 * determines whether "Stammzahl" is to be included in the authentication data
 	 */
-  private boolean provideZMRZahl;
+  private boolean provideStammzahl;
 	/**
 	 * determines whether AUTH block is to be included in the authentication data
 	 */
@@ -43,11 +48,11 @@ public class OAAuthParameter {
   }
 
   /**
-   * Returns the provideZMRZahl.
+   * Returns the provideStammzahl.
    * @return String
    */
-  public boolean getProvideZMRZahl() {
-    return provideZMRZahl;
+  public boolean getProvideStammzahl() {
+    return provideStammzahl;
   }
 
   /**
@@ -58,6 +63,14 @@ public class OAAuthParameter {
     return publicURLPrefix;
   }
 
+	/**
+		* Returns the key box identifier.
+		* @return String
+		*/
+	 public String getKeyBoxIdentifier() {
+		 return keyBoxIdentifier;
+	 }
+
   /**
    * Sets the provideAuthBlock.
    * @param provideAuthBlock The provideAuthBlock to set
@@ -75,11 +88,11 @@ public class OAAuthParameter {
   }
 
   /**
-   * Sets the provideZMRZahl.
-   * @param provideZMRZahl The provideZMRZahl to set
+   * Sets the provideStammzahl.
+   * @param provideStammzahl The provideStammzahl to set
    */
-  public void setProvideZMRZahl(boolean provideZMRZahl) {
-    this.provideZMRZahl = provideZMRZahl;
+  public void setProvideStammzahl(boolean provideStammzahl) {
+    this.provideStammzahl = provideStammzahl;
   }
 
   /**
@@ -90,4 +103,13 @@ public class OAAuthParameter {
     this.publicURLPrefix = publicURLPrefix;
   }
 
+	/**
+	 * Sets the key box identifier.
+	 * @param keyBoxIdentifier to set
+	 */
+	public void setKeyBoxIdentier(String keyBoxIdentifier) {
+		this.keyBoxIdentifier = keyBoxIdentifier;
+	}
+
+
 }
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 5859d2ae9..fdb7e6f55 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -129,8 +129,6 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
 				throw new ConfigurationException("config.03", null, t);
 			}
       
-      //TODO enhance: use the getter method in makeAbsoluteURL
-      
       // build the internal datastructures
       builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
       authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
index aac1dc422..65fe9047d 100644
--- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -31,14 +31,18 @@ public class AuthenticationData {
    */
   private String issueInstant;
   /**
-   * user identification (ZMR-Zahl); <code>null</code>, 
+   * user identification value (Stammzahl); <code>null</code>, 
    * if the authentication module is configured not to return this data
    */
   private String identificationValue;
+	/**
+	 * user identification type
+	 */
+	private String identificationType;
   /**
-   * application specific user identifier (VPK)
+   * application specific user identifier (bPK)
    */
-  private String vpk;
+  private String bPK;
   /**
    * given name of the user
    */
@@ -112,11 +116,11 @@ public class AuthenticationData {
   }
 
   /**
-   * Returns the vpk.
+   * Returns the bPK.
    * @return String
    */
-  public String getVPK() {
-    return vpk;
+  public String getPBK() {
+    return bPK;
   }
 
   /**
@@ -152,11 +156,11 @@ public class AuthenticationData {
   }
 
   /**
-   * Sets the vpk.
-   * @param vpk The vpk to set
+   * Sets the bPK.
+   * @param bPK The bPK to set
    */
-  public void setVPK(String vpk) {
-    this.vpk = vpk;
+  public void setPBK(String bPK) {
+    this.bPK = bPK;
   }
 
   /**
@@ -199,6 +203,14 @@ public class AuthenticationData {
     return identificationValue;
   }
 
+	/**
+	 * Returns the identificationType
+	 * @return String
+	 */
+	public String getIdentificationType() {
+		return identificationType;
+	}
+
   /**
    * Returns the issueInstant.
    * @return String
@@ -263,6 +275,14 @@ public class AuthenticationData {
     this.identificationValue = identificationValue;
   }
 
+	/**
+	 * Sets the identificationType.
+	 * @param identificationType The identificationType to set
+	 */
+	public void setIdentificationType(String identificationType) {
+		this.identificationType = identificationType;
+	}
+
   /**
    * Sets the issueInstant.
    * @param issueInstant The issueInstant to set
diff --git a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
index 8d09e2bc9..b41de3c44 100644
--- a/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ b/id.server/src/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
@@ -29,6 +29,7 @@ public class PKIConfigurationImpl implements PKIConfiguration {
    * @throws ConfigurationException for any config error
    */
   public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+    
     certStoreConfiguration = new CertStoreConfigurationImpl(conf);
     revocationConfiguration = new RevocationConfigurationImpl();
     validationConfiguration = new ValidationConfigurationImpl(conf);
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index 2ac8fe28e..bdadcbb81 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -36,7 +36,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
     disableHostnameVerification = BoolUtils.valueOf(
       ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
         "ProxyComponent.DisableHostnameVerification"));
-      //TODO undocumented feature
+      //TODO MOA-ID BRZ undocumented feature
     if (disableHostnameVerification)
       Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification);
   }
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 033a74934..77f6652f3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -1,6 +1,7 @@
 package at.gv.egovernment.moa.id.proxy;
 
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
@@ -8,6 +9,7 @@ import java.util.Map;
 import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.URLEncoder;
 
 /**
  * Implementation of interface <code>LoginParameterResolver</code>
@@ -79,7 +81,14 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
       for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) {
         String key = (String) iter.next();
         String predicate = (String) oaConf.getParamAuthMapping().get(key);
-        String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+        String resolvedValue;
+        try {
+          resolvedValue =
+            URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1");
+        } catch (UnsupportedEncodingException e) {
+           //ISO-8859-1 is supported
+           resolvedValue = null;
+        }
         result.put(key, resolvedValue);
       }
     }
@@ -97,27 +106,29 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
   private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
     if (predicate.equals(MOAGivenName))
       return authData.getGivenName();
-    else if (predicate.equals(MOAFamilyName))
+    if (predicate.equals(MOAFamilyName))
       return authData.getFamilyName();
-    else if (predicate.equals(MOADateOfBirth))
+    if (predicate.equals(MOADateOfBirth))
       return authData.getDateOfBirth();
-    else if (predicate.equals(MOAVPK))
-      return authData.getVPK();
-    else if (predicate.equals(MOAPublicAuthority))
+    if (predicate.equals(MOABPK))
+      return authData.getPBK();
+    if (predicate.equals(MOAPublicAuthority))
       if (authData.isPublicAuthority())
         return "true";
       else
         return "false";
-    else if (predicate.equals(MOABKZ))
+    if (predicate.equals(MOABKZ))
       return authData.getPublicAuthorityCode();
-    else if (predicate.equals(MOAQualifiedCertificate))
+    if (predicate.equals(MOAQualifiedCertificate))
       if (authData.isQualifiedCertificate())
         return "true";
       else
         return "false";
-    else if (predicate.equals(MOAZMRZahl))
+    if (predicate.equals(MOAStammzahl))
       return authData.getIdentificationValue();
-    else if (predicate.equals(MOAIPAddress))
+		if (predicate.equals(MOAIdentificationValueType))
+			return authData.getIdentificationType();    
+    if (predicate.equals(MOAIPAddress))
       return clientIPAddress;
     else return null;
   }
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index 434a4f674..c391fc16f 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -15,25 +15,27 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
  */
 public interface LoginParameterResolver {
 
-	/** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+	/** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
 	 *  naming predicates used by the <code>LoginParameterResolver</code>. */
 	public static final String MOAGivenName = "MOAGivenName";
-	/** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
 	public static final String MOAFamilyName = "MOAFamilyName";
-	/** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
 	public static final String MOADateOfBirth = "MOADateOfBirth";
-	/** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
-	public static final String MOAVPK = "MOAVPK";
-	/** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+	public static final String MOABPK = "MOABPK";
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
 	public static final String MOAPublicAuthority = "MOAPublicAuthority";
-	/** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
 	public static final String MOABKZ = "MOABKZ";
-	/** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
 	public static final String MOAQualifiedCertificate =
 		"MOAQualifiedCertificate";
-	/** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
-	public static final String MOAZMRZahl = "MOAZMRZahl";
-	/** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+	public static final String MOAStammzahl = "MOAStammzahl";
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+	public static final String MOAIdentificationValueType = "MOAIdentificationValueType";
+	/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
 	public static final String MOAIPAddress = "MOAIPAddress";
 
 	/**
@@ -52,7 +54,7 @@ public interface LoginParameterResolver {
 	public Map getAuthenticationHeaders(
 		OAConfiguration oaConf,
 		AuthenticationData authData,
-		String clientIPAddress)	throws LoginParameterResolverException;
+		String clientIPAddress)	throws LoginParameterResolverException, NotAllowedException;
   
 	/**
 	 * Returns request parameters to be added to a URLConnection.
@@ -70,6 +72,6 @@ public interface LoginParameterResolver {
 		AuthenticationData authData,
 		String clientIPAddress)	throws LoginParameterResolverException;
 
-	public void configure(String configuration) throws LoginParameterResolverException;
+	public void configure(String configuration) throws LoginParameterResolverException, NotAllowedException;
 
 }
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
new file mode 100644
index 000000000..849160a7b
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while proxying a request to the online application
+ * Reason for this exception: the dedicated LoginParameterResolver does 
+ * not allow access to the desired ressource.
+ * 
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class NotAllowedException extends MOAIDException {
+
+	/**
+	 * Constructor for NotAllowedException.
+	 * @param messageId
+	 * @param parameters
+	 */
+	public NotAllowedException(
+		String messageId,
+		Object[] parameters) {
+		super(messageId, parameters);
+	}
+
+	/**
+	 * Constructor for NotAllowedException.
+	 * @param messageId
+	 * @param parameters
+	 * @param wrapped
+	 */
+	public NotAllowedException(
+		String messageId,
+		Object[] parameters,
+		Throwable wrapped) {
+		super(messageId, parameters, wrapped);
+	}
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
index c53ed30a6..9766ef57b 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
@@ -11,9 +11,9 @@ import org.w3c.dom.*;
 
 // Referenced classes of package at.gv.egovernment.moa.id.proxy:
 //						LoginParameterResolver
-// Old Implementation of XMLLoginParameterResolver (used to migrate old labs applications rapidely to 
-// version 1.1.1 of MOA-ID
-// TODO RS migrate this to XMLLoginParameterResolver
+// Old Implementation of XMLLoginParameterResolver  
+// 
+// TODO MOA-ID CIO internal: migrate this to XMLLoginParameterResolver
 
 
 public class OldXMLLoginParameterResolver
@@ -98,7 +98,7 @@ public class OldXMLLoginParameterResolver
 				{
 						String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
 						String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
-						String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+						String bPK = resolveValue("MOABPK", authData, clientIPAddress);
 						String userid = "";
 						String password = "";
 						LPRParams params = null;
@@ -193,8 +193,8 @@ public class OldXMLLoginParameterResolver
 						return authData.getFamilyName();
 				if(predicate.equals("MOADateOfBirth"))
 						return authData.getDateOfBirth();
-				if(predicate.equals("MOAVPK"))
-						return authData.getVPK();
+				if(predicate.equals("MOABPK"))
+						return authData.getPBK();
 				if(predicate.equals("MOAPublicAuthority"))
 						if(authData.isPublicAuthority())
 								return "true";
@@ -207,8 +207,10 @@ public class OldXMLLoginParameterResolver
 								return "true";
 						else
 								return "false";
-				if(predicate.equals("MOAZMRZahl"))
+				if(predicate.equals("MOAStammzahl"))
 						return authData.getIdentificationValue();
+			  if (predicate.equals(MOAIdentificationValueType))
+					return authData.getIdentificationType();   
 				if(predicate.equals("MOAIPAddress"))
 						return clientIPAddress;
 				else
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
index 3f7a6872c..3958bb206 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
@@ -184,7 +184,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
     String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
     String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
     String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
-    String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+    String bPK = resolveValue("MOABPK", authData, clientIPAddress);
     String userid = "";
     String password = "";
     LPRParams params = null;
@@ -247,7 +247,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
       String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
       String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
       String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
-      String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+      String bPK = resolveValue("MOABPK", authData, clientIPAddress);
       String userid = "";
       String password = "";
       LPRParams params = null;
@@ -293,8 +293,8 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
       return authData.getFamilyName();
     if (predicate.equals("MOADateOfBirth"))
       return authData.getDateOfBirth();
-    if (predicate.equals("MOAVPK"))
-      return authData.getVPK();
+    if (predicate.equals("MOABPK"))
+      return authData.getPBK();
     if (predicate.equals("MOAPublicAuthority"))
       if (authData.isPublicAuthority())
         return "true";
@@ -307,8 +307,10 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
         return "true";
       else
         return "false";
-    if (predicate.equals("MOAZMRZahl"))
+    if (predicate.equals("MOAStammzahl"))
       return authData.getIdentificationValue();
+		if (predicate.equals(MOAIdentificationValueType))
+			return authData.getIdentificationType();   
     if (predicate.equals("MOAIPAddress"))
       return clientIPAddress;
     else
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index ce0743b3d..a78a8d587 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -40,7 +40,7 @@ public class AuthenticationDataAssertionParser implements Constants {
   private static String ATTRIBUTESTATEMENT_XPATH =
     SAML + "AttributeStatement/";
   /** Prefix for Element NameIdentifier in an Xpath-expression */    
-  private static String VPK_XPATH =
+  private static String BPK_XPATH =
     ATTRIBUTESTATEMENT_XPATH +
     SAML + "Subject/" +
     SAML + "NameIdentifier";
@@ -51,10 +51,15 @@ public class AuthenticationDataAssertionParser implements Constants {
     SAML + "AttributeValue/" +
     PR + "Person/";
   /** Prefix for Element Value in an Xpath-expression */    
-  private static String ZMRZAHL_XPATH =
+  private static String IDENTIFICATION_VALUE_XPATH =
     PERSONDATA_XPATH +
     PR + "Identification/" +
     PR + "Value";
+	private static String IDENTIFICATION_TYPE_XPATH =
+		PERSONDATA_XPATH +
+		PR + "Identification/" +
+		PR + "Type";
+
   /** Prefix for Element GivenName in an Xpath-expression */     
   private static String GIVEN_NAME_XPATH =
     PERSONDATA_XPATH +
@@ -112,10 +117,12 @@ public class AuthenticationDataAssertionParser implements Constants {
         XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, ""));
       authData.setIssueInstant(
         XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
-      authData.setVPK(
-        XPathUtils.getElementValue(samlAssertion, VPK_XPATH, ""));
+      authData.setPBK(
+        XPathUtils.getElementValue(samlAssertion, BPK_XPATH, ""));
       authData.setIdentificationValue(
-        XPathUtils.getElementValue(samlAssertion, ZMRZAHL_XPATH, ""));
+        XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
+      authData.setIdentificationType(
+				XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
       authData.setGivenName(
         XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, ""));
       authData.setFamilyName(
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
index d6ec4951b..4ab2e2cf7 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
@@ -1,17 +1,18 @@
 package at.gv.egovernment.moa.id.proxy.servlet;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 import java.text.DateFormat;
 import java.util.Date;
 import java.util.Locale;
 
+import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger;
  * @version $Id$
  */
 public class ConfigurationServlet extends HttpServlet {
-  /** The standard String for DTD Doc-type */
-  private static final String DOC_TYPE =
-    "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
 
   /**
    * Handle a HTTP GET request, used to indicated that the MOA
@@ -36,13 +34,6 @@ public class ConfigurationServlet extends HttpServlet {
     throws ServletException, IOException {
 
     MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
-    PrintWriter out;
-
-    response.setContentType("text/html");
-    out = response.getWriter();
-    out.println(DOC_TYPE);
-    out.println("<head><title>MOA configuration update</title></head>");
-    out.println("<body bgcolor=\"#FFFFFF\">");
     try {
       MOAIDProxyInitializer.initialize();
 
@@ -50,21 +41,12 @@ public class ConfigurationServlet extends HttpServlet {
 				{ DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
       Logger.info(message);
 			
-			//TODO low-priority: change to ErrorPage
-      out.println("<p><b>");
-      out.println(message);
-      out.println("</b></p>");
+			HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response);
     } catch (Throwable t) {
       String errorMessage = msg.getMessage("config.04", null);
       Logger.error(errorMessage, t);
-      out.println("<p><b>");
-      out.println(errorMessage);
-      out.println("</b></p>");
+			HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response);
     }
-    out.println("</body>");
-
-    out.flush();
-    out.close();
   }
 
   /**
@@ -77,4 +59,13 @@ public class ConfigurationServlet extends HttpServlet {
     doGet(request, response);
   }
 	
+/**
+ * Calls the web application initializer.
+ * 
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+public void init(ServletConfig servletConfig) throws ServletException {
+	super.init(servletConfig);
 }
+
+}
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index 362849fb1..7980778d9 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.proxy.servlet;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.IOException;
-import java.io.OutputStream;
 import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.net.HttpURLConnection;
@@ -14,7 +13,9 @@ import java.util.Iterator;
 import java.util.Map;
 
 import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -39,6 +40,7 @@ import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
 import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException;
 import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
 import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.proxy.NotAllowedException;
 import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -67,6 +69,8 @@ public class ProxyServlet extends HttpServlet {
   private static final String ATT_LOGIN_HEADERS = "LoginHeaders";
   /** Name of the Attribute for the LoginParameters */  
   private static final String ATT_LOGIN_PARAMETERS = "LoginParameters";
+	/** Name of the Attribute for the SAMLARTIFACT */  
+	private static final String ATT_SAML_ARTIFACT = "SamlArtifact";
 
   /**
    * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
@@ -75,17 +79,25 @@ public class ProxyServlet extends HttpServlet {
 
     Logger.debug("getRequestURL:" + req.getRequestURL().toString());
     try {
-      if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null)
-        login(req, resp);
+      if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) {
+
+				// check if SAML Artifact was already used in this session (in case of page reload)
+				HttpSession session = req.getSession();
+				if(null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
+					tunnelRequest(req, resp); 
+				} else
+				// it is the first time that the SAML Artifact was used
+					login(req, resp);
+      }
       else
         tunnelRequest(req, resp);
     }
     catch (MOAIDException ex) {
-      handleError(resp, ex.toString(), ex);
+			handleError(ex.getMessage(), ex, req, resp);
     }
     catch (Throwable ex) {
-      handleError(resp, ex.toString(), ex);
-    }
+			handleError(ex.getMessage(), ex, req, resp);
+    } 
   }
 
   /**
@@ -113,8 +125,15 @@ public class ProxyServlet extends HttpServlet {
     // String target = req.getParameter(PARAM_TARGET); parameter given but not processed
 
     // get authentication data from the MOA-ID Auth component
-    AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
-
+		AuthenticationData authData;
+    try {
+    	authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
+    } catch (ServiceException ex) {
+      throw new ProxyException("proxy.14", new Object[] {ex});
+    } catch (ProxyException ex) {
+			throw new ProxyException("proxy.14", new Object[] {ex});
+    }
+    
     String urlRequested = req.getRequestURL().toString();
 
     // read configuration data
@@ -129,29 +148,34 @@ public class ProxyServlet extends HttpServlet {
     ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
     String realURLPrefix = oaConnParam.getUrl();
 
-    // resolve login parameters to be forwarded to online application
-    LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+    // resolve login parameters to be forwarded to online application 
+    LoginParameterResolver lpr =
+      LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
     String clientIPAddress = req.getRemoteAddr();
     Map loginHeaders = null;
     Map loginParameters = null;
     try {
-	if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
-	  loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);	
-	else
-	  loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
-		
-	} catch (LoginParameterResolverException ex) {
-		throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });		
-	}
+      if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+        loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
+      else
+        loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
+
+    } catch (LoginParameterResolverException ex) {
+      throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+    } catch (NotAllowedException e) {
+      throw new ProxyException("proxy.15", new Object[] { });
+    }
 
     // setup SSLSocketFactory for communication with the online application
     SSLSocketFactory ssf = null;
     if (oaConnParam.isHTTPSURL()) {
       try {
         ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
-      }
-      catch (Throwable ex) {
-        throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex);
+      } catch (Throwable ex) {
+        throw new ProxyException(
+          "proxy.05",
+          new Object[] { oaConnParam.getUrl(), ex.toString()},
+          ex);
       }
     }
 
@@ -160,6 +184,7 @@ public class ProxyServlet extends HttpServlet {
       String loginType = oaConf.getLoginType();
       Logger.debug("Login type: " + loginType);
       if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) {
+        
         HttpSession session = req.getSession();
         int sessionTimeOut = oaParam.getSessionTimeOut();
         if (sessionTimeOut == 0)
@@ -170,24 +195,40 @@ public class ProxyServlet extends HttpServlet {
         session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf);
         session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders);
         session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters);
+        session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact);
         Logger.debug("moa-id-proxy: HTTPSession angelegt");
       }
-
-      // tunnel request to the online application
-    int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
-    if (respcode == 401) 
-      {
-      Logger.debug("Got 401, trying again");
       
-      respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
-      if (respcode == 401)
-        throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
-        }
-    }
-    catch (ProxyException ex) {
-      throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
-    }
-    catch (Throwable ex) {
+     
+      // tunnel request to the online application
+      int respcode =
+        tunnelRequest(
+          req,
+          resp,
+          loginHeaders,
+          loginParameters,
+          publicURLPrefix,
+          realURLPrefix,
+          ssf);
+      if (respcode == 401) {
+        Logger.debug("Got 401, trying again");
+
+        respcode =
+          tunnelRequest(
+            req,
+            resp,
+            loginHeaders,
+            loginParameters,
+            publicURLPrefix,
+            realURLPrefix,
+            ssf);
+        if (respcode == 401)
+          throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
+      }
+    } catch (ProxyException ex) {
+      throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
+    
+    } catch (Throwable ex) {
       throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex);
     }
   }
@@ -202,9 +243,15 @@ public class ProxyServlet extends HttpServlet {
 
     Logger.debug("Tunnel request (stateless)");
     HttpSession session = req.getSession(false);
+       
     if (session == null)
       throw new ProxyException("proxy.07", null);
     String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
+		//A sesssion is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method)
+		//additional check if publicURLPrefix is OK, if not throw an Exception
+		if (publicURLPrefix == null)
+			throw new ProxyException("proxy.07", null);
+		 
     String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
     SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
     Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
@@ -487,6 +534,7 @@ private boolean isTransferEncodingChunkedHeader(String headerKey, String headerV
  * @see javax.servlet.Servlet#init(ServletConfig)
  */
 public void init(ServletConfig servletConfig) throws ServletException {
+	super.init(servletConfig);
   try {
     MOAIDProxyInitializer.initialize();
     Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null));
@@ -496,42 +544,47 @@ public void init(ServletConfig servletConfig) throws ServletException {
     throw new ServletException(ex);
   }
 }
+
 /**
- * Handles an error in proxying the request.
+ * Handles an error. <br>
  * <ul>
- * <li>Logs the error.</li>
- * <li>Outputs an HTML error page.</li>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request 
+ * 		 as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
  * </ul>
- * @param resp the HttpServletResponse
- * @param errorMessage error message to be used 
- * @param ex the exception to be logged
+ * 
+ * @param errorMessage error message
+ * @param exceptionThrown exception thrown
+ * @param req servlet request
+ * @param resp servlet response
  */
-private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) {
-  Logger.error(errorMessage, ex);  
-  String htmlCode =
-    "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">"
-      + "<html><head><title>"
-      + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null)
-      + "</title></head><body>"
-      + "<h1>"
-      + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null)
-      + "</h1>"
-      + "<p>"
-      + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null)
-      + "</p>"
-      + "<p>"
-      + errorMessage
-      + "</p>"
-      + "</body></html>";
-  resp.setContentType("text/html");
-  try {
-    OutputStream respOut = resp.getOutputStream();
-    respOut.write(htmlCode.getBytes());
-    respOut.flush();
-  }
-  catch (IOException ioex) {
-    Logger.error("", ioex);
-  }
+protected void handleError(
+	String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+
+		
+	if(null != errorMessage) {
+		Logger.error(errorMessage);
+		req.setAttribute("ErrorMessage", errorMessage	);	
+	}
+	
+	if (null != exceptionThrown) {
+		if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+		Logger.error(errorMessage, exceptionThrown);
+		//req.setAttribute("ExceptionThrown", exceptionThrown);
+	}
+				
+	//forward this to errorpage-proxy.jsp wher the HTML error page is generated
+	ServletContext context = getServletContext();
+	RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp");
+	try {
+		dispatcher.forward(req, resp);
+	} catch (ServletException e) {
+		Logger.error(e);
+	} catch (IOException e) {
+		Logger.error(e);
+	}
+		
 }
 
 }
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
new file mode 100644
index 000000000..7c4731555
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
@@ -0,0 +1,76 @@
+/*
+ * Created on 17.02.2004
+ *
+ * To change the template for this generated file go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author rschamberger
+ *
+ * To change the template for this generated type comment go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+public class HTTPRequestJSPForwarder {
+
+	/**
+	 * Forwards the HttpServletRequest to a customizable JSP Page and serves the Response. <br>
+	 * <ul>
+	 * <li>Logs the message</li>
+	 * </ul>
+	 * 
+	 * @param message message text
+	 * @param jspPageURI URI of the JSP page
+	 * @param context the servlet context of the servlet belonging to the req, resp
+	 * @param req servlet request
+	 * @param resp servlet response
+	 */
+	public static void forwardNamed(
+		String message,
+		String jspPageURI,
+		ServletContext context, 
+		HttpServletRequest req,
+		HttpServletResponse resp) {
+
+		if (null != message) {
+			Logger.info(message);
+			req.setAttribute("Message", message);
+		}
+		
+		//forward this to the given jsp page where the HTML response is generated
+		try {
+			context.getRequestDispatcher(jspPageURI).forward(req, resp);
+		} catch (IOException e) {
+			Logger.error(e);
+		} catch (ServletException e) {
+			Logger.error(e);
+    }
+	}
+
+	/**
+	 * Forwards the HttpServletRequest to the customizable JSP Page 'message.jsp' and serves the Response. <br>
+	 * <ul>
+	 * <li>Logs the message</li>
+	 * </ul>
+	 * 
+	 * @param message message text
+	 * @param context the servlet context of the servlet belonging to the req, resp
+	 * @param req servlet request
+	 * @param resp servlet response
+	 */
+	public static void forwardDefault(
+		String message,
+		ServletContext context, 
+		HttpServletRequest req,
+		HttpServletResponse resp) {
+			forwardNamed(message, "/message.jsp", context, req, resp);
+		}
+}
\ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
index e0739d941..276f126c6 100644
--- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -119,7 +119,7 @@ public class SSLUtils {
     String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
     //not using BoolUtils because default value hast to be true!
     boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
-    //TODO RS verify SSL Revocation handling
+    //TODO MOA-ID verify SSL Revocation handling
     PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
     // This call fixes a bug occuring when PKIConfiguration is
     // initialized by the MOA-SP initialization code, in case
-- 
cgit v1.2.3